[sr-dev] [kamailio/kamailio] tls: allow export session keys (#2785)

sergey-safarov notifications at github.com
Mon Jun 21 14:49:39 CEST 2021

#### Pre-Submission Checklist
- [x] Commit message has the format required by CONTRIBUTING guide
- [ ] Commits are split per component (core, individual modules, libs, utils, ...)
- [ ] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)

#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

#### Checklist:
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)

#### Description
Wireshark project allows embedding session encryption keys into PCAP files. So it allows parsing encrypted packets as it was unencrypted.
[More info](https://blog.didierstevens.com/2021/01/11/decrypting-tls-streams-with-wireshark-part-3/)
I prepared a change that allows export session encryption keys.
Please review PR. If ok, then I add commits with DocBook info.

Kyys may be emeberd using command
editcap --inject-secrets tls,/var/lib/kamailio/session_keylog encrypted.pcap with_keys.pcapng

As prototype used
You can view, comment on, or merge this pull request online at:


-- Commit Summary --

  * tls: added new session_keylog_enable and session_keylog_filename configuration params
  * tls: first interation of session key logger
  * tls: added logs output

-- File Changes --

    M src/modules/tls/tls_cfg.c (6)
    M src/modules/tls/tls_cfg.h (2)
    M src/modules/tls/tls_init.c (79)
    M src/modules/tls/tls_init.h (2)
    M src/modules/tls/tls_mod.c (2)
    M src/modules/tls/tls_rpc.c (2)
    M src/modules/tls/tls_server.c (1)

-- Patch Links --


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210621/73a85c39/attachment.htm>

More information about the sr-dev mailing list