aherman
/
proxysql
mirror of https://github.com/sysown/proxysql
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f815b77812'
${ noResults }
proxysql/deps/postgresql/sslkeylogfile.patch

64 lines
2.2 KiB
Raw Blame History

diff -ruN ../tmp/src/interfaces/libpq/fe-secure-openssl.c ./src/interfaces/libpq/fe-secure-openssl.c
--- ../tmp/src/interfaces/libpq/fe-secure-openssl.c 2025-08-11 21:06:43.000000000 +0000
+++ ./src/interfaces/libpq/fe-secure-openssl.c 2026-04-03 00:00:00.000000000 +0000
@@ -97,6 +97,8 @@
static PQsslKeyPassHook_OpenSSL_type PQsslKeyPassHook = NULL;
static int ssl_protocol_version_to_openssl(const char *protocol);
+
+static PQsslKeyLogCallback_type PQsslKeyLogCB = NULL;
/* ------------------------------------------------------------ */
/* Procedures common to all secure sessions */
@@ -972,6 +974,10 @@
/* Disable old protocol versions */
SSL_CTX_set_options(SSL_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ /* Set SSL keylog callback if configured (for TLS traffic decryption) */
+ if (PQsslKeyLogCB)
+ SSL_CTX_set_keylog_callback(SSL_context, (void(*)(const SSL*, const char*))PQsslKeyLogCB);
+
/* Set the minimum and maximum protocol versions if necessary */
if (conn->ssl_min_protocol_version &&
strlen(conn->ssl_min_protocol_version) != 0)
@@ -1758,6 +1764,24 @@
return NULL;
}
+/*
+ * SSL Key Log callback support
+ *
+ * Global callback for writing TLS secrets to a keylog file.
+ * Follows the same pattern as PQsslKeyPassHook.
+ */
+PQsslKeyLogCallback_type
+PQgetSSLKeyLogCallback(void)
+{
+ return PQsslKeyLogCB;
+}
+
+void
+PQsetSSLKeyLogCallback(PQsslKeyLogCallback_type cb)
+{
+ PQsslKeyLogCB = cb;
+}
+
const char *const *
PQsslAttributeNames(PGconn *conn)
{
diff -ruN ../tmp/src/interfaces/libpq/libpq-fe.h ./src/interfaces/libpq/libpq-fe.h
--- ../tmp/src/interfaces/libpq/libpq-fe.h 2025-08-11 21:06:43.000000000 +0000
+++ ./src/interfaces/libpq/libpq-fe.h 2026-04-03 00:00:00.000000000 +0000
@@ -669,6 +669,11 @@
extern void PQsetSSLKeyPassHook_OpenSSL(PQsslKeyPassHook_OpenSSL_type hook);
extern int PQdefaultSSLKeyPassHook_OpenSSL(char *buf, int size, PGconn *conn);
+/* Support for SSL key log callback (TLS traffic decryption) */
+typedef void (*PQsslKeyLogCallback_type)(const void *ssl, const char *line);
+extern PQsslKeyLogCallback_type PQgetSSLKeyLogCallback(void);
+extern void PQsetSSLKeyLogCallback(PQsslKeyLogCallback_type cb);
+
#ifdef __cplusplus
}
#endif
Reference in new issue View Git Blame Copy Permalink