From 1f180e9690a0a5f6cc849c1988ccda13de1b1e20 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Fri, 22 Mar 2013 13:55:13 +0100 Subject: SSL code: store SSL parameters for debugging, guarded by define ... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark. For this to work, the define needs to be uncommented and QtNetwork recompiled. This will create a file in /tmp/qt-ssl-keys which can be fed into Wireshark. A recent version of Wireshark is needed for this to work. Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd Reviewed-by: Richard J. Moore --- src/network/ssl/qsslsocket_openssl.cpp | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index e8f8b294c9..2b9c4b5bd2 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -55,6 +55,7 @@ ****************************************************************************/ //#define QSSLSOCKET_DEBUG +//#define QT_DECRYPT_SSL_TRAFFIC #include "qsslsocket_openssl_p.h" #include "qsslsocket_openssl_symbols_p.h" @@ -1403,6 +1404,40 @@ void QSslSocketBackendPrivate::continueHandshake() if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) configuration.peerSessionShared = true; +#ifdef QT_DECRYPT_SSL_TRAFFIC + if (ssl->session && ssl->s3) { + const char *mk = reinterpret_cast(ssl->session->master_key); + QByteArray masterKey(mk, ssl->session->master_key_length); + const char *random = reinterpret_cast(ssl->s3->client_random); + QByteArray clientRandom(random, SSL3_RANDOM_SIZE); + + // different format, needed for e.g. older Wireshark versions: +// const char *sid = reinterpret_cast(ssl->session->session_id); +// QByteArray sessionID(sid, ssl->session->session_id_length); +// QByteArray debugLineRSA("RSA Session-ID:"); +// debugLineRSA.append(sessionID.toHex().toUpper()); +// debugLineRSA.append(" Master-Key:"); +// debugLineRSA.append(masterKey.toHex().toUpper()); +// debugLineRSA.append("\n"); + + QByteArray debugLineClientRandom("CLIENT_RANDOM "); + debugLineClientRandom.append(clientRandom.toHex().toUpper()); + debugLineClientRandom.append(" "); + debugLineClientRandom.append(masterKey.toHex().toUpper()); + debugLineClientRandom.append("\n"); + + QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); + QFile file(sslKeyFile); + if (!file.open(QIODevice::Append)) + qWarning() << "could not open file" << sslKeyFile << "for appending"; + if (!file.write(debugLineClientRandom)) + qWarning() << "could not write to file" << sslKeyFile; + file.close(); + } else { + qWarning("could not decrypt SSL traffic"); + } +#endif + // Cache this SSL session inside the QSslContext if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) { if (!sslContextPointer->cacheSession(ssl)) -- cgit v1.2.3