1 #! /usr/bin/env perl 2 # Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. 3 # 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 # this file except in compliance with the License. You can obtain a copy 6 # in the file LICENSE in the source distribution or at 7 # https://www.openssl.org/source/license.html 8 9 use strict; 10 use warnings; 11 12 use IPC::Open3; 13 use OpenSSL::Test qw/:DEFAULT result_dir srctop_file bldtop_file/; 14 use OpenSSL::Test::Utils; 15 16 my $test_name = "test_sslkeylogfile"; 17 setup($test_name); 18 19 plan skip_all => "$test_name requires SSLKEYLOGFILE support" 20 if disabled("sslkeylog"); 21 22 my $tests = 1; 23 if ($^O =~ /^(linux)$/) { 24 $tests = 2; 25 } 26 27 plan tests => $tests; 28 29 30 my $shlib_wrap = srctop_file("util", "wrap.pl"); 31 my $apps_openssl = srctop_file("apps", "openssl"); 32 my $server_pem = srctop_file("test", "certs", "servercert.pem"); 33 my $server_key = srctop_file("test", "certs", "serverkey.pem"); 34 35 my $resultdir = result_dir(); 36 my $sslkeylogfile = "$resultdir/sslkeylog.keys"; 37 my $trace_file = "$resultdir/keylog.keys"; 38 39 # Start s_server 40 my @s_server_cmd = ("s_server", "-accept", "0", "-naccept", "1", 41 "-cert", $server_pem, "-key", $server_key); 42 my $s_server_pid = open3(my $s_server_i, my $s_server_o, my $s_server_e, $shlib_wrap, $apps_openssl, @s_server_cmd); 43 44 # expected outputs from the server 45 # ACCEPT 0.0.0.0:<port> 46 # ACCEPT [::]:<port> 47 my $port = "0"; 48 # Figure out what port its listening on 49 while (<$s_server_o>) { 50 print($_); 51 chomp; 52 if (/^ACCEPT 0.0.0.0:(\d+)/) { 53 $port = $1; 54 last; 55 } elsif (/^ACCEPT \[::\]:(\d+)/) { 56 $port = $1; 57 last; 58 } elsif (/^Using default/) { 59 ; 60 } else { 61 last; 62 } 63 } 64 my $server_port = $port; 65 66 print("s_server ready, listening on port $server_port\n"); 67 68 # Use SSLKEYLOGFILE to record keylogging 69 $ENV{SSLKEYLOGFILE} = $sslkeylogfile; 70 71 # Start a client and use the -keylogfile option to independently trace keylog messages 72 my @s_client_cmd = ("s_client", "-connect", "localhost:$server_port", "-keylogfile", $trace_file); 73 my $s_client_pid = open3(my $s_client_i, my $s_client_o, my $s_client_e, $shlib_wrap, $apps_openssl, @s_client_cmd); 74 75 # Issue a quit command to terminate the client after connect 76 print $s_client_i "Q\n"; 77 waitpid($s_client_pid, 0); 78 kill 'HUP', $s_server_pid; 79 80 # Test 1: Compare the output of -keylogfile and SSLKEYLOGFILE, and make sure they match 81 # Note, the former adds a comment, that the latter does not, so ignore comments with -I in diff 82 ok(run(cmd(["diff", "-I" ,"^#.*\$", $sslkeylogfile, $trace_file]))); 83 84 # Test 2, linux-specific: the keylog file should have permission 0600 85 if ($^O =~ /^(linux)$/) { 86 my $mode = sprintf("%04o", (stat($sslkeylogfile))[2] & 07777); 87 ok($mode eq "0600"); 88 } 89
Indexes created Sat Feb 28 05:31:39 UTC 2026