Re: Adding support for SSLKEYLOGFILE in the frontend

> On 20 Mar 2025, at 10:39, Álvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> wrote:

> In initialize_SSL(), the test for conn->sslkeylogfile is inside the
> #ifdef for the existance of the SSL function. I think it's better to
> log a message (probably just a warning) that says "this feature is not
> supported with this TLS library" rather than doing nothing. Silently
> failing to act is just painful for the user who then has to go to our
> source file to figure out why the setting isn't taking effect.

The only cases when the function isn't defined are the two oldest LibreSSL
versions we support, but even with a LibreSSL version that does have the
function the code is dead since LibreSSL only implements stubs for OpenSSL
compatibility. This is documented in our docs, but we might as well help the
user further by logging a warning as you suggest. The attached v10 adds a
version for the two cases when key logging won't happen (in reality it will be
just one case for LibreSSL but with this we can handle a purpose built OpenSSL
without the callback).

--
Daniel Gustafsson