MAJOR: ssl: use the msg callback mecanism for backend connections

Backend SSL connections never used the ssl_sock_msg_callbacks() which prevent the use of keylog on the server side. The impact should be minimum, though it add a major callback system for protocol analysis, which is the same used on frontend connections. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_msg_callback.html The patch add a call to SSL_CTX_set_msg_callback() in ssl_sock_prepare_srv_ssl_ctx() the same way it's done for bind lines in ssl_sock_prepare_ctx().
2024-12-26 06:32:13 +00:00 · 2024-04-19 14:18:32 +02:00 · 2024-04-19 14:18:32 +02:00 · 1494cd7137
commit 1494cd7137
parent a7caa14a64
1 changed files with 3 additions and 0 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -5144,6 +5144,9 @@ static int ssl_sock_prepare_srv_ssl_ctx(const struct server *srv, SSL_CTX *ctx)
 		cfgerr++;
 	}

+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
+#endif
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 	if (srv->ssl_ctx.ciphersuites &&
 		!SSL_CTX_set_ciphersuites(ctx, srv->ssl_ctx.ciphersuites)) {