Test 2090 fails with openssl built with "enable-sslkeylog"

[pghmcfc]

I did this

Test 2090 tests support for the SSLKEYLOGFILE functionality, in which curl uses the OpenSSL key logging callback to write key data in a format useful to programs like wireshark.
OpenSSL can be built with an option enable-sslkeylog (disabled by default), which does much the same thing, in addition to any logging via the callback. When test 2090 is run using such an OpenSSL build, it fails because the key data is logged twice, once by OpenSSL and again by curl:

test 2090...[HTTPS request with SSLKEYLOGFILE set]
../src/curl -q --output log/curl2090.out  --include --trace-ascii log/trace2090 --trace-time --cacert ./certs/test-ca.crt --tls-max 1.2 https://localhost:40565/2090 > log/stdout2090 2> log/stderr2090
CMD (0): ../src/curl -q --output log/curl2090.out  --include --trace-ascii log/trace2090 --trace-time --cacert ./certs/test-ca.crt --tls-max 1.2 https://localhost:40565/2090 > log/stdout2090 2> log/stderr2090

 2090: output (log/2090.log.ssl) FAILED:
--- log/check-expected	2026-02-17 09:45:37.188229866 +0000
+++ log/check-generated	2026-02-17 09:45:37.188210796 +0000
@@ -1 +1,2 @@
 CLIENT_RANDOM 9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A BCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBC[CR][LF]
+CLIENT_RANDOM 9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A BCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBC[CR][LF]
== Contents of files in the log/ directory after test 2090
=== Start of file 2090.log.ssl
 CLIENT_RANDOM df7da465388c9cedbcbfe128d28b2916db118cfdb10a7dbf8eb2220a0f90b102 37ceaae2d2025c4319da560e1daea1b6fe22cb543341dc8150628798027d8c80265e28ca784a268061e692f31c5ac922
 CLIENT_RANDOM df7da465388c9cedbcbfe128d28b2916db118cfdb10a7dbf8eb2220a0f90b102 37ceaae2d2025c4319da560e1daea1b6fe22cb543341dc8150628798027d8c80265e28ca784a268061e692f31c5ac922
=== End of file 2090.log.ssl
=== Start of file check-expected
 CLIENT_RANDOM 9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A BCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBC[CR][LF]
=== End of file check-expected
=== Start of file check-generated
 CLIENT_RANDOM 9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A BCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBC[CR][LF]
 CLIENT_RANDOM 9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A9A BCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBCBC[CR][LF]
=== End of file check-generated

I thought about various ways to fix it, but came up empty. The test file format doesn't seem to provide a way to remove duplicate lines (stripfile maintains no state between lines, input line number isn't available) and I can't see any way to determine at runtime that a given OpenSSL library was built with enable-sslkeylog, which could be used to avoid creating the duplicate output in the first place.

I expected the following

No response

curl/libcurl version

This happens with curl 8.18.0 and curl 8.19.0-rc1.

operating system

Red Hat Enterprise Linux 9 and 10.

[pghmcfc]

I guess something could be done with the define of (or absence of) OPENSSL_NO_SSLKEYLOG in openssl/configuration.h when the OpenSSL version is 3.5.0 or later, which is where this feature was introduced.

[vszakats]

@pghmcfc Does #20614 fix it for you?

[pghmcfc]

@pghmcfc Does #20614 fix it for you?

Yes, it does. Tested with various Fedora Linux releases with OpenSSL 3.2.6 to OpenSSL 3.5.5 and upstream key logging disabled, and on RHEL-9/RHEL-10 with OpenSSL 3.5.1 and upstream key logging enabled.

[vszakats]

Thanks for testing, @pghmcfc. I merged the patch.