openssl: support SSLKEYLOGFILE server secret logging

3 files changed, 13 insertions, 1 deletions

diff --git a/lib/core/private-lib-core.h b/lib/core/private-lib-core.h
index f894f2de..a138e443 100644
--- a/lib/core/private-lib-core.h
+++ b/lib/core/private-lib-core.h
@@ -1185,6 +1185,13 @@ lws_transport_mux_next_free(lws_transport_mux_t *tm, lws_mux_ch_idx_t *result);
 void
 sul_ping_cb(lws_sorted_usec_list_t *sul);
 
+/* Added Declaration of this function to make common for openssl-server */
+#if defined(LWS_HAVE_SSL_CTX_set_keylog_callback) && \
+	defined(LWS_WITH_TLS)
+void
+lws_klog_dump(const SSL *ssl, const char *line);
+#endif
+
 #if !defined(PRIu64)
 #define PRIu64 "llu"
 #endif
diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c
index da72ecba..003a870e 100644
--- a/lib/tls/openssl/openssl-client.c
+++ b/lib/tls/openssl/openssl-client.c
@@ -711,7 +711,7 @@ lws_tls_client_vhost_extra_cert_mem(struct lws_vhost *vh,
 
 #if defined(LWS_HAVE_SSL_CTX_set_keylog_callback) && \
 	defined(LWS_WITH_TLS) && defined(LWS_WITH_CLIENT)
-static void
+void
 lws_klog_dump(const SSL *ssl, const char *line)
 {
 	struct lws *wsi = SSL_get_ex_data(ssl,
diff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c
index 1fc81929..083e0d8d 100644
--- a/lib/tls/openssl/openssl-server.c
+++ b/lib/tls/openssl/openssl-server.c
@@ -529,6 +529,11 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
 				error, s);
 		return 1;
 	}
+	/* Added for sniffing packets on hub side */
+#if defined(LWS_HAVE_SSL_CTX_set_keylog_callback) && \
+		defined(LWS_WITH_TLS)
+	SSL_CTX_set_keylog_callback(vhost->tls.ssl_ctx, lws_klog_dump);
+#endif
 
 	SSL_CTX_set_ex_data(vhost->tls.ssl_ctx,
 			    openssl_SSL_CTX_private_data_index,