
Since we no longer use NSS for SSL/Crypto, the debugging information for it is outdated and we no longer need to include the Valgrind Suppressions. BUG=604728 Review URL: https://codereview.chromium.org/1921743002 Cr-Commit-Position: refs/heads/master@{#389808}
39 lines
1.5 KiB
Markdown
39 lines
1.5 KiB
Markdown
# Debugging SSL on Linux
|
|
|
|
To help anyone looking at the SSL code, here are a few tips I've found handy.
|
|
|
|
[TOC]
|
|
|
|
## Logging
|
|
|
|
There are several flavors of logging you can turn on.
|
|
|
|
* `SSLClientSocketImpl` can log its state transitions and function calls
|
|
using `base/logging.cc`. To enable this, edit
|
|
`net/socket/ssl_client_socket_impl.cc` and change `#if 1` to `#if 0`. See
|
|
`base/logging.cc` for where the output goes (on Linux, usually stderr).
|
|
|
|
* `HttpNetworkTransaction` and friends can log its state transitions using
|
|
`base/trace_event.cc`. To enable this, arrange for your app to call
|
|
`base::TraceLog::StartTracing()`. The output goes to a file named
|
|
`trace...pid.log` in the same directory as the executable (e.g.
|
|
`Hammer/trace_15323.log`).
|
|
|
|
## Network Traces
|
|
|
|
http://wiki.wireshark.org/SSL describes how to decode SSL traffic. Chromium SSL
|
|
unit tests that use `net/base/ssl_test_util.cc` to set up their servers always
|
|
use port 9443 with `net/data/ssl/certificates/ok_cert.pem`, and port 9666 with
|
|
`net/data/ssl/certificates/expired_cert.pem` This makes it easy to configure
|
|
Wireshark to decode the traffic: do
|
|
|
|
Edit / Preferences / Protocols / SSL, and in the "RSA Keys List" box, enter
|
|
|
|
127.0.0.1,9443,http,<path to ok_cert.pem>;127.0.0.1,9666,http,<path to expired_cert.pem>
|
|
|
|
e.g.
|
|
|
|
127.0.0.1,9443,http,/home/dank/chromium/src/net/data/ssl/certificates/ok_cert.pem;127.0.0.1,9666,http,/home/dank/chromium/src/net/data/ssl/certificates/expired_cert.pem
|
|
|
|
Then capture all tcp traffic on interface lo, and run your test.
|