Bug 1704317

Summary: Add support for SSLKEYLOGFILE
Product: Red Hat Enterprise Linux 8 Reporter: Alicja Kario <hkario>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Maryna Nalbandian <mnalband>
Severity: low Docs Contact:
Priority: low    
Version: 8.0CC: bnater, jorton, luhliari, pasik
Target Milestone: rcKeywords: FutureFeature, RFE, Triaged
Target Release: 8.0Flags: jorton: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1828833 (view as bug list) Environment:
Last Closed: 2020-04-28 15:32:08 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alicja Kario 2019-04-29 14:20:37 UTC 
All applications that use NSS and GnuTLS support SSLKEYLOGFILE environment variable to enable logging the key material necessary to decrypt TLS session using wireshark.

Unfortunately OpenSSL-using applications have to handle this themselves, as it does expose only an API for this: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_keylog_callback.html
Comment 1 Alicja Kario 2019-04-29 14:21:35 UTC 
More info is in the upstream bugzilla.
Comment 2 Joe Orton 2019-06-11 15:10:08 UTC 
Take
Comment 4 Joe Orton 2019-11-15 11:19:24 UTC 
Now done upstream -> https://svn.apache.org/viewvc?view=revision&revision=1869842
Comment 21 errata-xmlrpc 2020-04-28 15:32:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1585