blob: 3eded8c7cf532864db76a88ac05463512f59a4a2 [file] [log] [blame] [view]
# Debugging SSL on Linux
To help anyone looking at the SSL code, here are a few tips I've found handy.
## Logging
There are several flavors of logging you can turn on.
* `SSLClientSocketImpl` can log its state transitions and function calls
using `base/`. To enable this, edit
`net/socket/` and change `#if 1` to `#if 0`. See
`base/` for where the output goes (on Linux, usually stderr).
* `HttpNetworkTransaction` and friends can log its state transitions using
`base/`. To enable this, arrange for your app to call
`base::TraceLog::StartTracing()`. The output goes to a file named
`` in the same directory as the executable (e.g.
## Network Traces describes how to decode SSL traffic. Chromium SSL
unit tests that use `net/base/` to set up their servers always
use port 9443 with `net/data/ssl/certificates/ok_cert.pem`, and port 9666 with
`net/data/ssl/certificates/expired_cert.pem` This makes it easy to configure
Wireshark to decode the traffic: do
Edit / Preferences / Protocols / SSL, and in the "RSA Keys List" box, enter,9443,http,<path to ok_cert.pem>;,9666,http,<path to expired_cert.pem>
Then capture all tcp traffic on interface lo, and run your test.