Add Keylog file with env variable SSLKEYLOGFILE (for openssl)

[gcolin]

Hello, this PR adds the generation of keylog file for debugging TLS with wireshark. This is working fine with openssl.

The env variable SSLKEYLOGFILE is used in others apps such as Curl, Firefox and Google Chrome.

[michalvasko]

Thanks for the PR, but to follow our code organization, a few changes will be required.

Starting with some minor issues, we generally use the nc_ prefix for all libnetconf2 functions (possible exception only for static ones) to set a "namespace" differentiating between all the used libraries. But, since this is OpenSSL-only, I think it can all be put into the session_openssl.c file without introducing additional ones. Ideally, there should be a TLS-specific init function (for example), which will not do anything for the mbedTLS but initializes this keylogger for OpenSSL to follow our TLS library wrappers.

[gcolin]

Hello Michal, I updated the PR. the code is only in session_openssl.c

I added 2 global variable in file session_openssl.c: active_sessions and keylog_file_fp. maybe there is a better place to store these global variables.

[Roytak]

Hi, thank you for the contribution. Can you change the target branch to devel? Also would be great if you could run make format once you fix the small details I commented on. I think it will be good to merge then, if all tests pass.

[gcolin]

There is a mutex to fix a concurrency issue in test_tls: the file was open twice.

I cannot change the "from" nokia:master. Should I recreate a new PR?

[michalvasko]

No, the target branch is fine now.

[Roytak]

Is there a specific reason as to why the filename is passed as an env variable or that's just how curl handles it? I am thinking that setting it via an API may be better (and possibly doing this in netopeer2). Anyways, it will most likely be merged soon. I'll try to find out if this can be done with mbedtls as well, and possibly edit it accordingly.

[gcolin]

Is there a specific reason as to why the filename is passed as an env variable or that's just how curl handles it? I am thinking that setting it via an API may be better (and possibly doing this in netopeer2). Anyways, it will most likely be merged soon. I'll try to find out if this can be done with mbedtls as well, and possibly edit it accordingly.

Hi, yes it is simpler:
. there is only one binary to update
. curl uses it. In our software, we use both curl and netopeer2
. other popular tools use this way

A colleague also suggested to have a paramater from netopeer2. For that, netopeer2 needs also an update.

That is cool to have the same in mbedtls.

[Roytak]

Hello, I decided to implement it since it required a bit more changes and I liked this enhancement. Sorry for not merging yours. Nonetheless, feel free to try it out and give us some feedback if need be. Thank you.