9f5be07962
There were 32 linux documents in docs. It's getting out of hand, so lets move them to a subdirectory. R=sky,jorgelo CC=thestig BUG=None Change-Id: Ib7de415c72fe6ec3c51dc2b28f06b34487b5b6d1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1974901 Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Cr-Commit-Position: refs/heads/master@{#726499}
1.5 KiB
Debugging SSL on Linux
To help anyone looking at the SSL code, here are a few tips I've found handy.
[TOC]
Logging
There are several flavors of logging you can turn on.
-
SSLClientSocketImplcan log its state transitions and function calls usingbase/logging.cc. To enable this, editnet/socket/ssl_client_socket_impl.ccand change#if 1to#if 0. Seebase/logging.ccfor where the output goes (on Linux, usually stderr). -
HttpNetworkTransactionand friends can log its state transitions usingbase/trace_event.cc. To enable this, arrange for your app to callbase::TraceLog::StartTracing(). The output goes to a file namedtrace...pid.login the same directory as the executable (e.g.Hammer/trace_15323.log).
Network Traces
http://wiki.wireshark.org/SSL describes how to decode SSL traffic. Chromium SSL
unit tests that use net/base/ssl_test_util.cc to set up their servers always
use port 9443 with net/data/ssl/certificates/ok_cert.pem, and port 9666 with
net/data/ssl/certificates/expired_cert.pem This makes it easy to configure
Wireshark to decode the traffic: do
Edit / Preferences / Protocols / SSL, and in the "RSA Keys List" box, enter
127.0.0.1,9443,http,<path to ok_cert.pem>;127.0.0.1,9666,http,<path to expired_cert.pem>
e.g.
127.0.0.1,9443,http,/home/dank/chromium/src/net/data/ssl/certificates/ok_cert.pem;127.0.0.1,9666,http,/home/dank/chromium/src/net/data/ssl/certificates/expired_cert.pem
Then capture all tcp traffic on interface lo, and run your test.