[gnutls-devel] GnuTLS | How to write/extract session keys with gnutls-cli ? (#802)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Jul 16 15:15:39 CEST 2019

Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/802#note_192353463

> Moving the code to _gnutls_global_init() means that SSLKEYLOGFILE has to be set before library initialization.

Sorry for contradicting myself, but this might be actually a limitation as it removes a way for an application to enable SSLKEYLOGFILE after startup. I've checked how other libraries do: OpenSSL doesn't do writing but leaves application to do the job through [a callback](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html), and NSS delays the initialization until the default settings are applied. Either approach seems sensible to me, as well as introducing a lock as you did in the original patch.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/802#note_192353463
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190716/e8bf5a7c/attachment.html>

More information about the Gnutls-devel mailing list