PHP-FPM 和 SSLKEYLOGFILE 问题
PHP-FPM and SSLKEYLOGFILE issue
我配置了 Ubuntu、Apache 和 php-fpm(php 的版本是 7.4)。我的目标是能够存储 TLS 密钥,以便在 Wireshark 中解密 TLS 流量。我通常使用环境变量 SSLKEYLOGFILE 来实现这一点,但它似乎不适用于 php-fpm。环境变量添加到 fpm 池的配置文件中。出于测试目的,请使用以下 PHP 脚本:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, true);
$output = curl_exec($ch);
echo $output;
curl_close($ch);
我想指出,它在使用 cli 执行脚本时成功地将密钥写入文件,但在使用 php fpm 时不写入任何内容。这是 php fpm 池的配置:
[example]
user = user
group = user
clear_env = no
env[SSLKEYLOGFILE] = /my/path
listen = /run/php/php7.4-fpm_example.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
有什么办法可以解决吗?
解决方案是使用调试器提取预主密钥。 Here i found a link to a script written by Peter Wu that automate the process using GDB and Python. The only problem was that the default version of libssl on Ubuntu has no debugging symbols. However exists an Ubuntu repository in which there are debug versions of all binaries from the official repository. I enabled it using the instructions from section "Getting -dbgsym.ddeb packages" in this Ubuntu 维基页面。然后用调试符号安装libssl:
apt install libssl1.1-dbgsym
最后我 运行 python 脚本使用以下命令:
PYTHONPATH=. gdb -q -ex 'py import sslkeylog as skl; skl.start("premaster.txt")' -p 65774
其中65774是对应php-fpm进程的进程id。
我配置了 Ubuntu、Apache 和 php-fpm(php 的版本是 7.4)。我的目标是能够存储 TLS 密钥,以便在 Wireshark 中解密 TLS 流量。我通常使用环境变量 SSLKEYLOGFILE 来实现这一点,但它似乎不适用于 php-fpm。环境变量添加到 fpm 池的配置文件中。出于测试目的,请使用以下 PHP 脚本:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, true);
$output = curl_exec($ch);
echo $output;
curl_close($ch);
我想指出,它在使用 cli 执行脚本时成功地将密钥写入文件,但在使用 php fpm 时不写入任何内容。这是 php fpm 池的配置:
[example]
user = user
group = user
clear_env = no
env[SSLKEYLOGFILE] = /my/path
listen = /run/php/php7.4-fpm_example.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
有什么办法可以解决吗?
解决方案是使用调试器提取预主密钥。 Here i found a link to a script written by Peter Wu that automate the process using GDB and Python. The only problem was that the default version of libssl on Ubuntu has no debugging symbols. However exists an Ubuntu repository in which there are debug versions of all binaries from the official repository. I enabled it using the instructions from section "Getting -dbgsym.ddeb packages" in this Ubuntu 维基页面。然后用调试符号安装libssl:
apt install libssl1.1-dbgsym
最后我 运行 python 脚本使用以下命令:
PYTHONPATH=. gdb -q -ex 'py import sslkeylog as skl; skl.start("premaster.txt")' -p 65774
其中65774是对应php-fpm进程的进程id。