SSL code: store SSL parameters for debugging, guarded by define

... so SSL traffic can be decrypted with e.g. tcpdump / Wireshark. For this to work, the define needs to be uncommented and QtNetwork recompiled. This will create a file in /tmp/qt-ssl-keys which can be fed into Wireshark. A recent version of Wireshark is needed for this to work. Change-Id: I4e41fd2e6122260cd96d443b1360edc71b08b5fd Reviewed-by: Richard J. Moore <rich@kde.org>
2013-03-22 13:55:13 +01:00 · 2013-03-22 13:55:13 +01:00 · 1f180e9690
commit 1f180e9690
parent ab18bb84e4
1 changed files with 35 additions and 0 deletions
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@ -55,6 +55,7 @@
 ****************************************************************************/

 //#define QSSLSOCKET_DEBUG
+//#define QT_DECRYPT_SSL_TRAFFIC

 #include "qsslsocket_openssl_p.h"
 #include "qsslsocket_openssl_symbols_p.h"
@ -1403,6 +1404,40 @@ void QSslSocketBackendPrivate::continueHandshake()
    if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL))
        configuration.peerSessionShared = true;

+#ifdef QT_DECRYPT_SSL_TRAFFIC
+    if (ssl->session && ssl->s3) {
+        const char *mk = reinterpret_cast<const char *>(ssl->session->master_key);
+        QByteArray masterKey(mk, ssl->session->master_key_length);
+        const char *random = reinterpret_cast<const char *>(ssl->s3->client_random);
+        QByteArray clientRandom(random, SSL3_RANDOM_SIZE);
+
+        // different format, needed for e.g. older Wireshark versions:
+//        const char *sid = reinterpret_cast<const char *>(ssl->session->session_id);
+//        QByteArray sessionID(sid, ssl->session->session_id_length);
+//        QByteArray debugLineRSA("RSA Session-ID:");
+//        debugLineRSA.append(sessionID.toHex().toUpper());
+//        debugLineRSA.append(" Master-Key:");
+//        debugLineRSA.append(masterKey.toHex().toUpper());
+//        debugLineRSA.append("\n");
+
+        QByteArray debugLineClientRandom("CLIENT_RANDOM ");
+        debugLineClientRandom.append(clientRandom.toHex().toUpper());
+        debugLineClientRandom.append(" ");
+        debugLineClientRandom.append(masterKey.toHex().toUpper());
+        debugLineClientRandom.append("\n");
+
+        QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys");
+        QFile file(sslKeyFile);
+        if (!file.open(QIODevice::Append))
+            qWarning() << "could not open file" << sslKeyFile << "for appending";
+        if (!file.write(debugLineClientRandom))
+            qWarning() << "could not write to file" << sslKeyFile;
+        file.close();
+    } else {
+        qWarning("could not decrypt SSL traffic");
+    }
+#endif
+
    // Cache this SSL session inside the QSslContext
    if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) {
        if (!sslContextPointer->cacheSession(ssl))