Bug 1183318, Allow applications to disable logging of TLS/SSL key mat…

…erial, r=martin.thomson

lib/ssl/ssl3con.c

@@ -6350,6 +6350,7 @@ sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
         goto loser;
     }
 
+#ifndef DISABLE_SSLKEYLOGFILE
     if (ssl_keylog_iob) {
         SECStatus extractRV = PK11_ExtractKeyValue(pms);
         if (extractRV == SECSuccess) {
@@ -6381,6 +6382,7 @@ sendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
             }
         }
     }
+#endif
 
     rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
                                     isTLS ? enc_pms.len + 2
@@ -11674,6 +11676,7 @@ ssl3_SendNextProto(sslSocket *ss)
 static void
 ssl3_RecordKeyLog(sslSocket *ss)
 {
+#ifndef DISABLE_SSLKEYLOGFILE
     SECStatus rv;
     SECItem *keyData;
     char buf[14 /* "CLIENT_RANDOM " */ +
@@ -11724,6 +11727,7 @@ ssl3_RecordKeyLog(sslSocket *ss)
         return;
     fflush(ssl_keylog_iob);
     return;
+#endif
 }
 
 /* called from ssl3_SendClientSecondRound

lib/ssl/sslsock.c

@@ -127,7 +127,11 @@ int ssl_lock_readers = 1; /* default true. */
 char ssl_debug;
 char ssl_trace;
 FILE *ssl_trace_iob;
+
+#ifndef DISABLE_SSLKEYLOGFILE
 FILE *ssl_keylog_iob;
+#endif
+
 char lockStatus[] = "Locks are ENABLED.  ";
 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
 
@@ -3361,6 +3365,7 @@ ssl_SetDefaultsFromEnvironment(void)
             SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
         }
 #endif /* DEBUG */
+#ifndef DISABLE_SSLKEYLOGFILE
         ev = PR_GetEnvSecure("SSLKEYLOGFILE");
         if (ev && ev[0]) {
             ssl_keylog_iob = fopen(ev, "a");
@@ -3374,6 +3379,7 @@ ssl_SetDefaultsFromEnvironment(void)
                 SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
             }
         }
+#endif
 #ifndef NO_PKCS11_BYPASS
         ev = PR_GetEnvSecure("SSLBYPASS");
         if (ev && ev[0]) {