diff options
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index e8f8b294c9..2b9c4b5bd2 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -55,6 +55,7 @@ ****************************************************************************/ //#define QSSLSOCKET_DEBUG +//#define QT_DECRYPT_SSL_TRAFFIC #include "qsslsocket_openssl_p.h" #include "qsslsocket_openssl_symbols_p.h" @@ -1403,6 +1404,40 @@ void QSslSocketBackendPrivate::continueHandshake() if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) configuration.peerSessionShared = true; +#ifdef QT_DECRYPT_SSL_TRAFFIC + if (ssl->session && ssl->s3) { + const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); + QByteArray masterKey(mk, ssl->session->master_key_length); + const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); + QByteArray clientRandom(random, SSL3_RANDOM_SIZE); + + // different format, needed for e.g. older Wireshark versions: +// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); +// QByteArray sessionID(sid, ssl->session->session_id_length); +// QByteArray debugLineRSA("RSA Session-ID:"); +// debugLineRSA.append(sessionID.toHex().toUpper()); +// debugLineRSA.append(" Master-Key:"); +// debugLineRSA.append(masterKey.toHex().toUpper()); +// debugLineRSA.append("\n"); + + QByteArray debugLineClientRandom("CLIENT_RANDOM "); + debugLineClientRandom.append(clientRandom.toHex().toUpper()); + debugLineClientRandom.append(" "); + debugLineClientRandom.append(masterKey.toHex().toUpper()); + debugLineClientRandom.append("\n"); + + QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); + QFile file(sslKeyFile); + if (!file.open(QIODevice::Append)) + qWarning() << "could not open file" << sslKeyFile << "for appending"; + if (!file.write(debugLineClientRandom)) + qWarning() << "could not write to file" << sslKeyFile; + file.close(); + } else { + qWarning("could not decrypt SSL traffic"); + } +#endif + // Cache this SSL session inside the QSslContext if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) { if (!sslContextPointer->cacheSession(ssl)) |