srtpenc,dtlsenc: Add NSS key log format logging

https://firefox-source-docs.mozilla.org/security/nss/legacy/key_log_format/index.html Tested on Windows with a WebRTC Data channel captured in Wireshark
2024-06-08 09:09:26 +00:00 · 2022-05-16 16:45:36 +10:00 · 2022-05-16 16:45:36 +10:00 · 9188435ae6
parent 64cac1ed99
commit 9188435ae6
2 changed files with 39 additions and 1 deletions
--- a/subprojects/gst-plugins-bad/ext/dtls/gstdtlsconnection.c
+++ b/subprojects/gst-plugins-bad/ext/dtls/gstdtlsconnection.c
@ -28,6 +28,7 @@
 #endif

 #include <gst/gst.h>
+#include <gio/gio.h>

 #include "gstdtlsconnection.h"

@ -265,6 +266,42 @@ X509_STORE_CTX_get0_cert (X509_STORE_CTX * ctx)
 }
 #endif

+static void
+log_ssl_key (const SSL * ssl, const char *line)
+{
+  const gchar *file;
+  GFileOutputStream *os;
+  GError *error;
+
+  if ((file = g_getenv ("SSLKEYLOGFILE")) != NULL) {
+    GFile *fd = g_file_parse_name (file);
+    error = NULL;
+    if ((os =
+            g_file_append_to (fd, G_FILE_CREATE_PRIVATE, NULL,
+                &error)) != NULL) {
+      static GMutex mutex;
+      error = NULL;
+
+      g_mutex_lock (&mutex);
+      g_output_stream_printf (G_OUTPUT_STREAM (os), NULL, NULL, &error, "%s\n",
+          line);
+      g_object_unref (os);
+      g_mutex_unlock (&mutex);
+
+      if (error != NULL) {
+        g_warning ("Could append SSL key to '%s': %s", file, error->message);
+        g_error_free (error);
+      }
+    } else if (error != NULL) {
+      g_warning ("Could not open '%s' for SSL key appending: %s", file,
+          error->message);
+      g_error_free (error);
+    }
+
+    g_object_unref (fd);
+  }
+}
+
 static void
 gst_dtls_connection_set_property (GObject * object, guint prop_id,
    const GValue * value, GParamSpec * pspec)
@ -281,6 +318,7 @@ gst_dtls_connection_set_property (GObject * object, guint prop_id,
      g_return_if_fail (GST_IS_DTLS_AGENT (agent));

      ssl_context = _gst_dtls_agent_peek_context (agent);
+      SSL_CTX_set_keylog_callback (ssl_context, log_ssl_key);

      priv->ssl = SSL_new (ssl_context);
      g_return_if_fail (priv->ssl);
--- a/subprojects/gst-plugins-bad/ext/dtls/meson.build
+++ b/subprojects/gst-plugins-bad/ext/dtls/meson.build
@ -21,7 +21,7 @@ if openssl_dep.found() and libcrypto_dep.found()
    dtls_sources,
    c_args : gst_plugins_bad_args,
    include_directories : [configinc],
-    dependencies : [gst_dep, libcrypto_dep, openssl_dep] + winsock2,
+    dependencies : [gst_dep, gio_dep, libcrypto_dep, openssl_dep] + winsock2,
    install : true,
    install_dir : plugins_install_dir,
  )