-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ngtcp2: add thread safety to SSLKEYLOGFILE implementation #4311
Conversation
- Implement a thread-safe SSLKEYLOGFILE just like in openssl.c. Follow-up to aae22fd which added SSLKEYLOGFILE support for ngtcp2. Closes #xxxx
bee00d4
to
2c8934d
Compare
@@ -42,6 +42,8 @@ | |||
#include "curl_memory.h" | |||
#include "memdebug.h" | |||
|
|||
#define ENABLE_SSLKEYLOGFILE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MIrrored from openssl. I think I did that in openssl so it could be disabled for possible compliance issues? I really don't remember. I think it would be better to wrap in #ifndef DISABLE_SSLKEYLOGFILE , but if you prefer I'll remove it entirely.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would rather imagine that it'd be within CURL_DISABLE_SSLKEYLOGFILE
as then we could offer a disable option for configure in "normal" style.
I don't think it is needed for compliance since QUIC will only work with OpenSSL versions that also have the keylog support.
Maybe this should instead be made to use the same function instead of duplicating it, since they both work for OpenSSL? |
If they are both using openssl wouldn't they both call the function or how does that work with ngtcp2? I assume not otherwise you wouldn't have added it. How about I move everything to sslkeylogfile.c |
vtls/openssl.c is only used for TLS, vquic/ngtcp2.c is used for QUIC/h3 but both depend on OpenSSL.
Seems reasonable. The question is then probably where it belongs, since both vquic/ and vtls/ files would use it... |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Follow-up to aae22fd which added SSLKEYLOGFILE support for ngtcp2.
Closes #xxxx
This is essentially a copy and paste from openssl.c. Untested since I have no http3 builds yet.