Commit fb2f9c49 authored by Alexandre's avatar Alexandre
Browse files

[DoT] Debug option to dump TLS key

parent 05023f32
...@@ -49,6 +49,7 @@ forceIPv4 = False ...@@ -49,6 +49,7 @@ forceIPv4 = False
forceIPv6 = False forceIPv6 = False
connectTo = None connectTo = None
check = False check = False
debug = False
# Monitoring plugin only: # Monitoring plugin only:
host = None host = None
path = None path = None
...@@ -358,11 +359,26 @@ class ConnectionDoT(Connection): ...@@ -358,11 +359,26 @@ class ConnectionDoT(Connection):
valid = validate_hostname(self.check, self.cert) valid = validate_hostname(self.check, self.cert)
if not valid: if not valid:
error("Certificate error: \"%s\" is not in the certificate" % (self.check)) error("Certificate error: \"%s\" is not in the certificate" % (self.check))
if debug:
self.store_session_key()
def end(self): def end(self):
self.session.shutdown() self.session.shutdown()
self.session.close() self.session.close()
def store_session_key(self):
sslkeylogfile = './.debug/keylogfile.pm'
client_random = self.session.client_random().hex()
master_key = self.session.master_key().hex()
key = f'CLIENT_RANDOM {client_random} {master_key}\n'
try :
f = open(sslkeylogfile, 'a')
except Exception:
print(f'Could not open "{sslkeylogfile}" to store master key')
else:
f.write(key)
f.close()
def send_data(self, data): def send_data(self, data):
length = len(data) length = len(data)
self.session.send(length.to_bytes(2, byteorder='big') + data) self.session.send(length.to_bytes(2, byteorder='big') + data)
...@@ -512,7 +528,7 @@ if not monitoring: ...@@ -512,7 +528,7 @@ if not monitoring:
optlist, args = getopt.getopt (sys.argv[1:], "hvPkeV:r:f:d:t46", optlist, args = getopt.getopt (sys.argv[1:], "hvPkeV:r:f:d:t46",
["help", "verbose", "dot", "head", ["help", "verbose", "dot", "head",
"insecure", "POST", "vhost=", "insecure", "POST", "vhost=",
"dnssec", "noedns","repeat=", "file=", "delay=", "v4only", "v6only", "check"]) "dnssec", "noedns","repeat=", "file=", "delay=", "v4only", "v6only", "check", "debug"])
for option, value in optlist: for option, value in optlist:
if option == "--help" or option == "-h": if option == "--help" or option == "-h":
usage() usage()
...@@ -549,6 +565,8 @@ if not monitoring: ...@@ -549,6 +565,8 @@ if not monitoring:
forceIPv6 = True forceIPv6 = True
elif option == "--check": elif option == "--check":
check = True check = True
elif option == "--debug":
debug = True
else: else:
error("Unknown option %s" % option) error("Unknown option %s" % option)
except getopt.error as reason: except getopt.error as reason:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment