Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Firefox not logging into $SSLKEYLOGFILE

From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Date: Sun, 3 Nov 2019 15:52:08 +0000
On 191101-12:06+0000, Miroslav Rovis wrote:
> On 191031-11:36-0400, Lee wrote:
> > On 10/31/19, Miroslav Rovis wrote:
> > > On 191031-09:27-0400, Lee wrote:
> > >> On 10/31/19, Miroslav Rovis wrote:
> [...]
[...]
>  
> > I don't know if the official builds
> >   https://ftp.mozilla.org/pub/firefox/releases/
> > will log the keys or not, but maybe worth trying?
> > 
> > Regards
> > Lee
Lee, not sure, but your suggestion may be the only option.

Not sure.
Peter Wu wrote in:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842292#10
"Note that the official Mozilla Firefox builds do this
as well, see https://bugzilla.mozilla.org/show_bug.cgi?id=1188657";

Does that mean: "the official Mozilla Firefox builds do it the same as Debian
does, i.e. make Firefox non-decryptable"
Or, as I hope, it means: "the official Mozilla Firefox builds do re-enable the
$SSLKEYLOGFILE logging?"

Anybody has already figured this? (Else I will also read the Zilla bug
#1188657, to try and find out on the above meaning.)

Regarding the patch. The code has changed, and, the patch is simple and we are users, so here it is:
$ cat nss-debian-rules-enable-sslkeylogfile.diff
--- debian/rules.orig   2018-03-25 16:24:04.864000000 +0000
+++ debian/rules        2018-03-25 16:24:08.356000000 +0000
@@ -109,6 +109,7 @@
                NSPR_INCLUDE_DIR=/usr/include/nspr \
                NSPR_LIB_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
                BUILD_OPT=1 \
+               NSS_ALLOW_SSLKEYLOGFILE=1 \
                NS_USE_GCC=1 \
                OPTIMIZER="$(CFLAGS) $(CPPFLAGS)" \
                LDFLAGS='$(LDFLAGS) $$(ARCHFLAG) $$(ZDEFS_FLAG)' \

I got the Debian salsa code like this:
$ git clone https://salsa.debian.org/mozilla-team/firefox.git
Then:
$ cd firefox
$ ls -l debian/rules
-rwxr-xr-x 1 mr mr 13807 2019-11-03 07:28 debian/rules

And it goes like this:
$ patch -p0 < ../nss-debian-rules-enable-sslkeylogfile.diff 
patching file debian/rules
Hunk #1 FAILED at 109.
1 out of 1 hunk FAILED -- saving rejects to file debian/rules.rej

Of course, there are no such lines as in the patch, giving just the first:
                NSPR_INCLUDE_DIR=/usr/include/nspr \

In fact:
$ grep NSPR_INCLUDE_DIR debian/rules
$
returns empty string.

The patch needs to be rewritten...

Any more of the readers wish to have Firefox decryptable?

Regards?
-- 
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr

Attachment: signature.asc
Description: PGP signature