码迷,mamicode.com
首页 > 系统相关 > 详细

Debugging SSL on Linux

时间:2020-04-02 19:44:51      阅读:84      评论:0      收藏:0      [点我收藏+]

标签:ref   div   ssl   port   expired   cer   state   std   network   

Debugging SSL on Linux

To help anyone looking at the SSL code, here are a few tips I‘ve found handy.

Logging

There are several flavors of logging you can turn on.

  • SSLClientSocketImpl can log its state transitions and function calls using base/logging.cc. To enable this, edit net/socket/ssl_client_socket_impl.cc and change #if 1 to #if 0. See base/logging.cc for where the output goes (on Linux, usually stderr).

  • HttpNetworkTransaction and friends can log its state transitions using base/trace_event.cc. To enable this, arrange for your app to call base::TraceLog::StartTracing(). The output goes to a file named trace...pid.log in the same directory as the executable (e.g. Hammer/trace_15323.log).

Network Traces

http://wiki.wireshark.org/SSL describes how to decode SSL traffic. Chromium SSL unit tests that use net/base/ssl_test_util.cc to set up their servers always use port 9443 with net/data/ssl/certificates/ok_cert.pem, and port 9666 with net/data/ssl/certificates/expired_cert.pem This makes it easy to configure Wireshark to decode the traffic: do

Edit / Preferences / Protocols / SSL, and in the “RSA Keys List” box, enter

127.0.0.1,9443,http,<path to ok_cert.pem>;127.0.0.1,9666,http,<path to expired_cert.pem>

e.g.

127.0.0.1,9443,http,/home/dank/chromium/src/net/data/ssl/certificates/ok_cert.pem;127.0.0.1,9666,http,/home/dank/chromium/src/net/data/ssl/certificates/expired_cert.pem

Then capture all tcp traffic on interface lo, and run your test.

Debugging SSL on Linux

标签:ref   div   ssl   port   expired   cer   state   std   network   

原文地址:https://www.cnblogs.com/bigben0123/p/12622369.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!