warmcat · VaibhavTekale1 · Nov 6, 2024 · Nov 6, 2024 · Nov 12, 2024 · Nov 27, 2024
diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h
@@ -1390,5 +1390,9 @@ struct lws_http_mount {
 LWS_VISIBLE LWS_EXTERN void
 lws_vhost_set_mounts(struct lws_vhost *v, const struct lws_http_mount *mounts);
 
+/* Using this API, the user can enable or disable SSL key logging for a specific wsi based on the flag value */
+LWS_VISIBLE LWS_EXTERN void
+lws_set_sniffing_flag(bool boolVal, struct lws *wsi);
+
 ///@}
 ///@}
diff --git a/lib/core-net/close.c b/lib/core-net/close.c
@@ -25,6 +25,9 @@
 #include "private-lib-core.h"
 #include "private-lib-async-dns.h"
 
+// to store key log file path
+char *klfl_env = NULL;
+
 #if defined(LWS_WITH_CLIENT)
 static int
 lws_close_trans_q_leader(struct lws_dll2 *d, void *user)
@@ -1036,14 +1039,47 @@ __lws_close_free_wsi_final(struct lws *wsi)
 	sanity_assert_no_wsi_traces(wsi->a.context, wsi);
 	__lws_free_wsi(wsi);
 }
+/* User will set boolean flag value true to start logging ssl keys for specific wsi and false
+to stop sniffing */
+void lws_set_sniffing_flag(bool boolVal, struct lws *wsi)
+{
+	// to logg ssl keys for respective wsi set user input flag value to the same wsi
+	wsi->fSniffingFlag = boolVal;
+}
+
+/* on disconnection of client as per user input flag value keylog_file will be set or reset which will start or
+stop logging ssl keys */
+void lws_set_keylog_file(struct lws *wsi)
+{
+		/* to start logging SSL keys, the user must set this flag to true. If the flag is set 
+		and klfl_env is empty, getenv will be called once to retrieve the log file path*/
+		if(wsi->fSniffingFlag){
+			/* call getenv only once if klfl_env is empty */
+			if (klfl_env == NULL || *klfl_env == '\0'){
+				klfl_env = getenv("SSLKEYLOGFILE");
+			}
+			/* to begin logging SSL keys, the key log file will be set in lws_context */
+			if (klfl_env)
+				lws_strncpy(wsi->a.context->keylog_file, klfl_env,
+						sizeof(wsi->a.context->keylog_file));
+		}
+		/* to stop sniffing, reset both keylog_file and klfl_en */
+		else{
+			klfl_env = NULL;
+			wsi->a.context->keylog_file[0] = '\0';
+		}
 
+}
 
 void
 lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, const char *caller)
 {
 	struct lws_context *cx = wsi->a.context;
 	struct lws_context_per_thread *pt = &wsi->a.context->pt[(int)wsi->tsi];
 
+	/* if the user sets the sniffing flag, populate the key log file */
+	lws_set_keylog_file(wsi);
+
 	lws_context_lock(cx, __func__);
 
 	lws_pt_lock(pt, __func__);

diff --git a/lib/core/private-lib-core.h b/lib/core/private-lib-core.h
@@ -27,7 +27,8 @@
 
 #include "lws_config.h"
 #include "lws_config_private.h"
-
+#include <stdbool.h>
+#include <stdio.h>
 
 #if defined(LWS_WITH_CGI) && defined(LWS_HAVE_VFORK) && \
     !defined(NO_GNU_SOURCE_THIS_TIME) && !defined(_GNU_SOURCE)