diff options
| author | Peter Hartmann <phartmann@blackberry.com> | 2013-03-25 09:21:46 (GMT) |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-03-25 13:40:14 (GMT) |
| commit | d15eb9894e3faa21ee9d16faaad36e7f8896357e (patch) | |
| tree | d1541d2d2f7e12ab10ea1cfac3a791ce34853051 | |
| parent | 0f834a07bb3feb2ff8ac74d4107a592e30b17863 (diff) | |
| download | Qt-d15eb9894e3faa21ee9d16faaad36e7f8896357e.zip Qt-d15eb9894e3faa21ee9d16faaad36e7f8896357e.tar.gz Qt-d15eb9894e3faa21ee9d16faaad36e7f8896357e.tar.bz2 | |
SSL code: store SSL parameters for debugging, guarded by define
... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark.
For this to work, the define needs to be uncommented and QtNetwork
recompiled. This will create a file in /tmp/qt-ssl-keys which can
be fed into Wireshark.
A recent version of Wireshark is needed for this to work.
(cherry-picked from commit 1f180e9690a0a5f6cc849c1988ccda13de1b1e20)
Change-Id: I413ffd2494c780f92ccad7e4fdc11b790966e7ce
Reviewed-by: Richard J. Moore <rich@kde.org>
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 53057d7..37dea2b 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -40,6 +40,7 @@ ****************************************************************************/ //#define QSSLSOCKET_DEBUG +//#define QT_DECRYPT_SSL_TRAFFIC #include "qsslsocket_openssl_p.h" #include "qsslsocket_openssl_symbols_p.h" @@ -1400,6 +1401,40 @@ bool QSslSocketBackendPrivate::startHandshake() if (readBufferMaxSize) plainSocket->setReadBufferSize(32768); +#ifdef QT_DECRYPT_SSL_TRAFFIC + if (ssl->session && ssl->s3) { + const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); + QByteArray masterKey(mk, ssl->session->master_key_length); + const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); + QByteArray clientRandom(random, SSL3_RANDOM_SIZE); + + // different format, needed for e.g. older Wireshark versions: +// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); +// QByteArray sessionID(sid, ssl->session->session_id_length); +// QByteArray debugLineRSA("RSA Session-ID:"); +// debugLineRSA.append(sessionID.toHex().toUpper()); +// debugLineRSA.append(" Master-Key:"); +// debugLineRSA.append(masterKey.toHex().toUpper()); +// debugLineRSA.append("\n"); + + QByteArray debugLineClientRandom("CLIENT_RANDOM "); + debugLineClientRandom.append(clientRandom.toHex().toUpper()); + debugLineClientRandom.append(" "); + debugLineClientRandom.append(masterKey.toHex().toUpper()); + debugLineClientRandom.append("\n"); + + QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); + QFile file(sslKeyFile); + if (!file.open(QIODevice::Append)) + qWarning() << "could not open file" << sslKeyFile << "for appending"; + if (!file.write(debugLineClientRandom)) + qWarning() << "could not write to file" << sslKeyFile; + file.close(); + } else { + qWarning("could not decrypt SSL traffic"); + } +#endif + connectionEncrypted = true; emit q->encrypted(); if (autoStartHandshake && pendingClose) { |