[Bug]: haproxy: support for SSL_CTX_set_keylog_callback() in --enable-haproxy ? #6852
Description
Contact Details
No response
Version
Description
We have a feature in haproxy which allows users to debug by dumping keys with SSL_CTX_set_keylog_callback().
It seems like the support for SSL_CTX_set_keylog_callback() is not recommended in WolfSSL where it is enable by default in other SSL libraries (NSS, Openssl, awslc etc.) Is there any reason for that?
--enable-keylog-export Enable (DANGEROUS INSECURE) exporting TLS secrets to
an NSS keylog file (default: disabled)
I tried to build this feature for haproxy anyway but I was not able to.
Reproduction steps
$ ./configure --prefix=/opt/wolfssl/ --enable-haproxy --enable-keylog-export
Relevant log output
$ make -j8
make -j9 all-recursive
make[1]: warning: -j9 forced in submake: resetting jobserver mode.
make[1]: Entering directory '/home/wla/projects/haproxy_tech/wolfssl'
make[2]: Entering directory '/home/wla/projects/haproxy_tech/wolfssl'
make[2]: warning: -j9 forced in submake: resetting jobserver mode.
CC wolfcrypt/benchmark/benchmark.o
CC wolfcrypt/src/src_libwolfssl_la-hmac.lo
CC wolfcrypt/src/src_libwolfssl_la-hash.lo
CC wolfcrypt/src/src_libwolfssl_la-cpuid.lo
CC wolfcrypt/src/src_libwolfssl_la-kdf.lo
CC wolfcrypt/src/src_libwolfssl_la-random.lo
CC wolfcrypt/src/src_libwolfssl_la-sp_int.lo
CC wolfcrypt/src/src_libwolfssl_la-sha256.lo
CC wolfcrypt/src/src_libwolfssl_la-rsa.lo
CC wolfcrypt/src/src_libwolfssl_la-aes.lo
CC wolfcrypt/src/src_libwolfssl_la-sha.lo
CC wolfcrypt/src/src_libwolfssl_la-sha512.lo
CC wolfcrypt/src/src_libwolfssl_la-sha3.lo
CC wolfcrypt/src/src_libwolfssl_la-logging.lo
CC wolfcrypt/src/src_libwolfssl_la-wc_port.lo
CC wolfcrypt/src/src_libwolfssl_la-error.lo
CC wolfcrypt/src/src_libwolfssl_la-wc_encrypt.lo
CC wolfcrypt/src/src_libwolfssl_la-signature.lo
CC wolfcrypt/src/src_libwolfssl_la-wolfmath.lo
CC wolfcrypt/src/src_libwolfssl_la-memory.lo
CC wolfcrypt/src/src_libwolfssl_la-dh.lo
CC wolfcrypt/src/src_libwolfssl_la-asn.lo
CC wolfcrypt/src/src_libwolfssl_la-coding.lo
CC wolfcrypt/src/src_libwolfssl_la-poly1305.lo
CC wolfcrypt/src/src_libwolfssl_la-md5.lo
CC wolfcrypt/src/src_libwolfssl_la-pwdbased.lo
CC wolfcrypt/src/src_libwolfssl_la-pkcs12.lo
CC wolfcrypt/src/src_libwolfssl_la-chacha.lo
CC wolfcrypt/src/src_libwolfssl_la-chacha20_poly1305.lo
CC wolfcrypt/src/src_libwolfssl_la-ecc.lo
CC src/libwolfssl_la-internal.lo
CC src/libwolfssl_la-wolfio.lo
CC src/libwolfssl_la-keys.lo
CC src/libwolfssl_la-ssl.lo
CC src/libwolfssl_la-tls.lo
CC src/libwolfssl_la-tls13.lo
CC src/libwolfssl_la-ocsp.lo
CC src/libwolfssl_la-crl.lo
src/tls.c:111:10: error: #warning The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment [-Werror=cpp]
111 | #warning The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment
| ^~~~~~~
CC wolfcrypt/test/test.o
CC examples/benchmark/tls_bench.o
CC examples/client/client-client.o
CC examples/echoclient/echoclient.o
CC examples/echoserver/echoserver.o
CC examples/server/server-server.o
CC examples/asn1/asn1.o
CC examples/pem/pem.o
CC wolfcrypt/test/testsuite_testsuite_test-test.o
CC examples/client/testsuite_testsuite_test-client.o
CC examples/echoclient/testsuite_testsuite_test-echoclient.o
cc1: all warnings being treated as errors
make[2]: *** [Makefile:7046: src/libwolfssl_la-tls.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/home/wla/projects/haproxy_tech/wolfssl'
make[1]: *** [Makefile:7823: all-recursive] Error 1
make[1]: Leaving directory '/home/wla/projects/haproxy_tech/wolfssl'
make: *** [Makefile:4661: all] Error 2