From 9188435ae682d0437fc331400f3616bddceeabd2 Mon Sep 17 00:00:00 2001
From: Gerard Ryan <gerard.ryan@immersaview.com>
Date: Mon, 16 May 2022 16:45:36 +1000
Subject: [PATCH] srtpenc,dtlsenc: Add NSS key log format logging

https://firefox-source-docs.mozilla.org/security/nss/legacy/key_log_format/index.html

Tested on Windows with a WebRTC Data channel captured in Wireshark
---
 .../ext/dtls/gstdtlsconnection.c              | 38 +++++++++++++++++++
 .../gst-plugins-bad/ext/dtls/meson.build      |  2 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/subprojects/gst-plugins-bad/ext/dtls/gstdtlsconnection.c b/subprojects/gst-plugins-bad/ext/dtls/gstdtlsconnection.c
index e94c6e7e9e..4cd3cdbb57 100644
--- a/subprojects/gst-plugins-bad/ext/dtls/gstdtlsconnection.c
+++ b/subprojects/gst-plugins-bad/ext/dtls/gstdtlsconnection.c
@@ -28,6 +28,7 @@
 #endif
 
 #include <gst/gst.h>
+#include <gio/gio.h>
 
 #include "gstdtlsconnection.h"
 
@@ -265,6 +266,42 @@ X509_STORE_CTX_get0_cert (X509_STORE_CTX * ctx)
 }
 #endif
 
+static void
+log_ssl_key (const SSL * ssl, const char *line)
+{
+  const gchar *file;
+  GFileOutputStream *os;
+  GError *error;
+
+  if ((file = g_getenv ("SSLKEYLOGFILE")) != NULL) {
+    GFile *fd = g_file_parse_name (file);
+    error = NULL;
+    if ((os =
+            g_file_append_to (fd, G_FILE_CREATE_PRIVATE, NULL,
+                &error)) != NULL) {
+      static GMutex mutex;
+      error = NULL;
+
+      g_mutex_lock (&mutex);
+      g_output_stream_printf (G_OUTPUT_STREAM (os), NULL, NULL, &error, "%s\n",
+          line);
+      g_object_unref (os);
+      g_mutex_unlock (&mutex);
+
+      if (error != NULL) {
+        g_warning ("Could append SSL key to '%s': %s", file, error->message);
+        g_error_free (error);
+      }
+    } else if (error != NULL) {
+      g_warning ("Could not open '%s' for SSL key appending: %s", file,
+          error->message);
+      g_error_free (error);
+    }
+
+    g_object_unref (fd);
+  }
+}
+
 static void
 gst_dtls_connection_set_property (GObject * object, guint prop_id,
     const GValue * value, GParamSpec * pspec)
@@ -281,6 +318,7 @@ gst_dtls_connection_set_property (GObject * object, guint prop_id,
       g_return_if_fail (GST_IS_DTLS_AGENT (agent));
 
       ssl_context = _gst_dtls_agent_peek_context (agent);
+      SSL_CTX_set_keylog_callback (ssl_context, log_ssl_key);
 
       priv->ssl = SSL_new (ssl_context);
       g_return_if_fail (priv->ssl);
diff --git a/subprojects/gst-plugins-bad/ext/dtls/meson.build b/subprojects/gst-plugins-bad/ext/dtls/meson.build
index ca07da01e4..749ffa56e0 100644
--- a/subprojects/gst-plugins-bad/ext/dtls/meson.build
+++ b/subprojects/gst-plugins-bad/ext/dtls/meson.build
@@ -21,7 +21,7 @@ if openssl_dep.found() and libcrypto_dep.found()
     dtls_sources,
     c_args : gst_plugins_bad_args,
     include_directories : [configinc],
-    dependencies : [gst_dep, libcrypto_dep, openssl_dep] + winsock2,
+    dependencies : [gst_dep, gio_dep, libcrypto_dep, openssl_dep] + winsock2,
     install : true,
     install_dir : plugins_install_dir,
   )