No way to set ENABLE_SSLKEYLOGFILE #2210

Closed
grosch opened this Issue Jan 2, 2018 · 7 comments

Comments

Projects
None yet
3 participants
@grosch

grosch commented Jan 2, 2018

Would you please add a configure option to enable the ENABLE_SSLKEYLOGFILE setting? It's not there right now, which means when I install on my mac via homebrew I have no way to tell it that I really really want that compiled in :(

@grosch

This comment has been minimized.

Show comment Hide comment
@grosch

grosch Jan 2, 2018

I tried setting the CPPFLAGS environment variable to -DENABLE_SSLKEYLOGFILE=1 before compiling curl but that doesn't seem to have done it. I reinstalled curl and php via homebrew and then ran my command, but nothing got written to the $SSLKEYLOGFILE path

grosch commented Jan 2, 2018

I tried setting the CPPFLAGS environment variable to -DENABLE_SSLKEYLOGFILE=1 before compiling curl but that doesn't seem to have done it. I reinstalled curl and php via homebrew and then ran my command, but nothing got written to the $SSLKEYLOGFILE path

@jay jay added the build label Jan 2, 2018

@jay

This comment has been minimized.

Show comment Hide comment
@jay

jay Jan 2, 2018

Member

ENABLE_SSLKEYLOGFILE should work for OpenSSL and derivatives BoringSSL and LibreSSL. We only tested it with OpenSSL though. It should be enough to add -DENABLE_SSLKEYLOGFILE. What is your curl -V?

Member

jay commented Jan 2, 2018

ENABLE_SSLKEYLOGFILE should work for OpenSSL and derivatives BoringSSL and LibreSSL. We only tested it with OpenSSL though. It should be enough to add -DENABLE_SSLKEYLOGFILE. What is your curl -V?

@grosch

This comment has been minimized.

Show comment Hide comment
@grosch

grosch Jan 2, 2018

I'm using TLS

curl 7.57.0 (x86_64-apple-darwin17.3.0) libcurl/7.57.0 OpenSSL/1.0.2n zlib/1.2.11 nghttp2/1.29.0
Release-Date: 2017-11-29
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

grosch commented Jan 2, 2018

I'm using TLS

curl 7.57.0 (x86_64-apple-darwin17.3.0) libcurl/7.57.0 OpenSSL/1.0.2n zlib/1.2.11 nghttp2/1.29.0
Release-Date: 2017-11-29
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

@jay

This comment has been minimized.

Show comment Hide comment
@jay

jay Jan 3, 2018

Member

I can't reproduce this. I did CPPFLAGS=-DENABLE_SSLKEYLOGFILE ../configure ...
Either make V=1 and check for ENABLE_SSLKEYLOGFILE or in openssl.c put #error in #ifdef SSLKEYLOGFILE section to see if it's actually added, or add some printfs to debug

Member

jay commented Jan 3, 2018

I can't reproduce this. I did CPPFLAGS=-DENABLE_SSLKEYLOGFILE ../configure ...
Either make V=1 and check for ENABLE_SSLKEYLOGFILE or in openssl.c put #error in #ifdef SSLKEYLOGFILE section to see if it's actually added, or add some printfs to debug

@grosch

This comment has been minimized.

Show comment Hide comment
@grosch

grosch Jan 5, 2018

Looks like homebrew isn't actually building it, and when I build via homebrew it still doesn't take. Is there an ETA to just have it enabled by default in a version coming out soon? I don't need it that bad that it's worth fighting it if it'll be the default soon.

grosch commented Jan 5, 2018

Looks like homebrew isn't actually building it, and when I build via homebrew it still doesn't take. Is there an ETA to just have it enabled by default in a version coming out soon? I don't need it that bad that it's worth fighting it if it'll be the default soon.

@jay

This comment has been minimized.

Show comment Hide comment
@jay

jay Jan 6, 2018

Member

Looks like homebrew isn't actually building it, and when I build via homebrew it still doesn't take. Is there an ETA to just have it enabled by default in a version coming out soon?

No I think I backed away from making it the default because I was concerned about security, or something like that. I would try to find out why it doesn't take when you build curl in homebrew, but that's something you'll have to ask them about.

Member

jay commented Jan 6, 2018

Looks like homebrew isn't actually building it, and when I build via homebrew it still doesn't take. Is there an ETA to just have it enabled by default in a version coming out soon?

No I think I backed away from making it the default because I was concerned about security, or something like that. I would try to find out why it doesn't take when you build curl in homebrew, but that's something you'll have to ask them about.

@bagder

This comment has been minimized.

Show comment Hide comment
@bagder

bagder Jan 8, 2018

Member

Enabling SSLKEYLOGFILE support by default should not be a security problem. Browsers already do this.

Member

bagder commented Jan 8, 2018

Enabling SSLKEYLOGFILE support by default should not be a security problem. Browsers already do this.

@bagder bagder closed this in 84fcaa2 Jan 15, 2018

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.