android_webview
apps
ash
base
blink
build
build_overrides
cc
chrome
chrome_elf
chromecast
chromeos
cloud_print
components
content
courgette
crypto
dbus
device
docs
accessibility
autofill
design
gpu
images
infra
ios
media
memory
memory-infra
privacy
process
security
speed
sync
testing
ui
OWNERS
README.md
accessibility.md
adding_to_third_party.md
android_accessing_cpp_enums_in_java.md
android_build_instructions.md
android_cast_build_instructions.md
android_debugging_instructions.md
android_emulator.md
android_logging.md
android_native_libraries.md
android_studio.md
android_test_instructions.md
angle_in_chromium.md
atom.md
bitmap_pipeline.md
browser_view_resizer.md
building_old_revisions.md
callback.md
ccache_mac.md
chrome_os_logging.md
chrome_settings.md
chromedriver_status.md
chromeos_build_instructions.md
chromium_browser_vs_google_chrome.md
chromoting_android_hacking.md
cipd.md
cl_respect.md
clang.md
clang_format.md
clang_static_analyzer.md
clang_tidy.md
clang_tool_refactoring.md
clion_dev.md
closure_compilation.md
cocoa_tips_and_tricks.md
code_coverage.md
code_reviews.md
component_build.md
cr_respect.md
cr_user_manual.md
cygwin_dll_remapping_failure.md
debugging_with_crash_keys.md
documentation_best_practices.md
documentation_guidelines.md
eclipse.md
emacs.md
erc_irc.md
es6_chromium.md
fuchsia_build_instructions.md
fuchsia_sdk_updates.md
get_the_code.md
git_cookbook.md
git_tips.md
google_play_services.md
graphical_debugging_aid_chromium_views.md
gtk_vs_views_gtk.md
how_to_add_your_feature_flag.md
how_to_extend_layout_test_framework.md
installation_at_vmware.md
ios_build_instructions.md
ios_infra.md
ios_voiceover.md
ipc_fuzzer.md
jumbo.md
kiosk_mode.md
layout_tests_linux.md
linux_build_instructions.md
linux_build_instructions_prerequisites.md
linux_building_debug_gtk.md
linux_cast_build_instructions.md
linux_cert_management.md
linux_chromium_arm.md
linux_chromium_packages.md
linux_crash_dumping.md
linux_debugging.md
linux_debugging_gtk.md
linux_debugging_ssl.md
linux_dev_build_as_default_browser.md
linux_development.md
linux_eclipse_dev.md
linux_graphics_pipeline.md
linux_gtk_theme_integration.md
linux_hw_video_decode.md
linux_minidump_to_core.md
linux_password_storage.md
linux_pid_namespace_support.md
linux_plugins.md
linux_profiling.md
linux_proxy_config.md
linux_running_asan_tests.md
linux_sandbox_ipc.md
linux_sandboxing.md
linux_suid_sandbox.md
linux_suid_sandbox_development.md
linux_sysroot.md
linux_zygote.md
luci_migration_faq.md
mac_build_instructions.md
mojo_guide.md
network_traffic_annotations.md
new_port_policy.md
old_chromoting_build_instructions.md
optimizing_web_uis.md
optional.md
origin_trials_integration.md
ozone_drm_for_linux.md
ozone_overview.md
piranha_plant.md
profiling.md
profiling_content_shell_on_android.md
proxy_auto_config.md
qtcreator.md
release_branch_guidance.md
retrieving_code_analysis_warnings.md
seccomp_sandbox_crash_dumping.md
servicification.md
static_initializers.md
sublime_ide.md
system_hardening_features.md
tab_helpers.md
task_scheduler_migration.md
test_descriptions.md
threading_and_tasks.md
tour_of_luci_ui.md
tpm_quick_ref.md
translation_screenshots.md
updating_clang.md
updating_clang_format_binaries.md
useful_urls.md
user_data_dir.md
user_handle_mapping.md
using_a_linux_chroot.md
using_build_runner.md
vanilla_msysgit_workflow.md
vscode.md
webui_explainer.md
webui_in_components.md
webview_policies.md
win_cross.md
win_order_files.md
windows_build_instructions.md
windows_split_dll.md
working_remotely_with_android.md
writing_clang_plugins.md
extensions
gin
google_apis
google_update
gpu
headless
infra
ios
ipc
jingle
mash
media
mojo
native_client_sdk
net
pdf
ppapi
printing
remoting
rlz
sandbox
services
skia
sql
storage
styleguide
testing
third_party
tools
ui
url
webrunner
.clang-format
.eslintrc.js
.git-blame-ignore-revs
.gitattributes
.gitignore
.gn
.vpython
AUTHORS
BUILD.gn
CODE_OF_CONDUCT.md
DEPS
ENG_REVIEW_OWNERS
LICENSE
LICENSE.chromium_os
OWNERS
PRESUBMIT.py
PRESUBMIT_test.py
PRESUBMIT_test_mocks.py
README.md
WATCHLISTS
codereview.settings

Since we no longer use NSS for SSL/Crypto, the debugging information for it is outdated and we no longer need to include the Valgrind Suppressions. BUG=604728 Review URL: https://codereview.chromium.org/1921743002 Cr-Commit-Position: refs/heads/master@{#389808}
39 lines
1.5 KiB
Markdown
39 lines
1.5 KiB
Markdown
# Debugging SSL on Linux
|
|
|
|
To help anyone looking at the SSL code, here are a few tips I've found handy.
|
|
|
|
[TOC]
|
|
|
|
## Logging
|
|
|
|
There are several flavors of logging you can turn on.
|
|
|
|
* `SSLClientSocketImpl` can log its state transitions and function calls
|
|
using `base/logging.cc`. To enable this, edit
|
|
`net/socket/ssl_client_socket_impl.cc` and change `#if 1` to `#if 0`. See
|
|
`base/logging.cc` for where the output goes (on Linux, usually stderr).
|
|
|
|
* `HttpNetworkTransaction` and friends can log its state transitions using
|
|
`base/trace_event.cc`. To enable this, arrange for your app to call
|
|
`base::TraceLog::StartTracing()`. The output goes to a file named
|
|
`trace...pid.log` in the same directory as the executable (e.g.
|
|
`Hammer/trace_15323.log`).
|
|
|
|
## Network Traces
|
|
|
|
http://wiki.wireshark.org/SSL describes how to decode SSL traffic. Chromium SSL
|
|
unit tests that use `net/base/ssl_test_util.cc` to set up their servers always
|
|
use port 9443 with `net/data/ssl/certificates/ok_cert.pem`, and port 9666 with
|
|
`net/data/ssl/certificates/expired_cert.pem` This makes it easy to configure
|
|
Wireshark to decode the traffic: do
|
|
|
|
Edit / Preferences / Protocols / SSL, and in the "RSA Keys List" box, enter
|
|
|
|
127.0.0.1,9443,http,<path to ok_cert.pem>;127.0.0.1,9666,http,<path to expired_cert.pem>
|
|
|
|
e.g.
|
|
|
|
127.0.0.1,9443,http,/home/dank/chromium/src/net/data/ssl/certificates/ok_cert.pem;127.0.0.1,9666,http,/home/dank/chromium/src/net/data/ssl/certificates/expired_cert.pem
|
|
|
|
Then capture all tcp traffic on interface lo, and run your test.
|