Module: kamailio Branch: master Commit: 79f6439f16f6b715858414689c7c04cf22164ace URL: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2025-07-24T12:28:13+02:00
tls: added support for tls keys log
- they can be printed to syslog (NOTICE level) or file
---
Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_util.c Modified: src/modules/tls/tls_util.h
---
Diff: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf... Patch: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf...
I think exist is more elegant way to export encyptions keys to the file
Need to start Kamailio with defined SSLKEYLOGFIL=/path/here/to/file environment variable
This I have tested for TLS 1.2 and TLS 1.3. All works perfectly
More details you can find at https://www.youtube.com/watch?v=Cq6yj9se9M4&t=1850s
Probable this change do not required because allow secret keys to logs.
On Thu, 2025-07-24 at 12:42 +0200, Daniel-Constantin Mierla via sr-dev wrote:
Module: kamailio Branch: master Commit: 79f6439f16f6b715858414689c7c04cf22164ace URL: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2025-07-24T12:28:13+02:00
tls: added support for tls keys log
- they can be printed to syslog (NOTICE level) or file
Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_util.c Modified: src/modules/tls/tls_util.h
Diff: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf... Patch: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf...
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
First: being a discussion about the development version, it should not be cross posted across mailing lists. Unless there is an announcement concerning both users and developers, cross-posting should be avoided, it is hard to follow as the discussion can diverge, not everyone is on both lists.
Back to the commit, the implementation goes beyond the write to file option, that was an intermediate stage, see the latest version on git repo. Anyhow, it is your choice to use which option you like more.
Furthermore, there are a few other enhancements still planned, like the ability to enable/disable the key logging via rpc at runtime, which I am not sure if it would be possible with the env variable.
On 24.07.25 16:54, Sergei Safarov wrote:
I think exist is more elegant way to export encyptions keys to the file
Need to start Kamailio with defined SSLKEYLOGFIL=/path/here/to/file environment variable
This I have tested for TLS 1.2 and TLS 1.3. All works perfectly
More details you can find at https://www.youtube.com/watch?v=Cq6yj9se9M4&t=1850s
Probable this change do not required because allow secret keys to logs.
On Thu, 2025-07-24 at 12:42 +0200, Daniel-Constantin Mierla via sr-dev wrote:
Module: kamailio Branch: master Commit: 79f6439f16f6b715858414689c7c04cf22164ace URL: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2025-07-24T12:28:13+02:00
tls: added support for tls keys log
- they can be printed to syslog (NOTICE level) or file
Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_util.c Modified: src/modules/tls/tls_util.h
Diff: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf... Patch: https://github.com/kamailio/kamailio/commit/79f6439f16f6b715858414689c7c04cf...
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
-
Daniel-Constantin Mierla -
Sergei Safarov