Bug 1515236 - Centralize a SSLKEYLOGFILE enable/disable flag at build.sh r=mt NSS_3_42_BRANCH NSS_3_42_BETA2
authorJ.C. Jones <jjones@mozilla.com>
Thu, 24 Jan 2019 14:04:54 -0700
branchNSS_3_42_BRANCH
changeset 14985 a00bce9553dbcadb9afd2c7b3ca4bd0367dd6cb7
parent 14984 80aed136d48c8db4d975959990db6b1cd8760342
child 14986 cbfb173f43b3402a31575c0a1033050f0c941ec0
push id3249
push userjjones@mozilla.com
push dateFri, 25 Jan 2019 01:24:57 +0000
reviewersmt
bugs1515236
Bug 1515236 - Centralize a SSLKEYLOGFILE enable/disable flag at build.sh r=mt
build.sh
gtests/ssl_gtest/ssl_gtest.gyp
gtests/ssl_gtest/ssl_keylog_unittest.cc
help.txt
lib/ssl/ssl.gyp
--- a/build.sh
+++ b/build.sh
@@ -45,16 +45,17 @@ clean=0
 rebuild_gyp=0
 rebuild_nspr=0
 target=Debug
 verbose=0
 fuzz=0
 fuzz_tls=0
 fuzz_oss=0
 no_local_nspr=0
+sslkeylogfile=1
 
 gyp_params=(--depth="$cwd" --generator-output=".")
 ninja_params=()
 
 # Assume that the target architecture is the same as the host by default.
 host_arch=$(python "$cwd"/coreconf/detect_host_arch.py)
 target_arch=$host_arch
 
@@ -98,29 +99,32 @@ while [ $# -gt 0 ]; do
         --ct-verif) gyp_params+=(-Dct_verif=1) ;;
         --nspr) nspr_clean; rebuild_nspr=1 ;;
         --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
         --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
         --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
         --enable-fips) gyp_params+=(-Ddisable_fips=0) ;;
         --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
         --mozpkix-only) gyp_params+=(-Dmozpkix_only=1 -Ddisable_tests=1 -Dsign_libs=0) ;;
+        --disable-keylog) sslkeylogfile=0 ;;
         *) show_help; exit 2 ;;
     esac
     shift
 done
 
 # Set the target architecture and build type.
 gyp_params+=(-Dtarget_arch="$target_arch")
 if [ "$opt_build" = 1 ]; then
     target=Release
 else
     target=Debug
 fi
 
+gyp_params+=(-Denable_sslkeylogfile="$sslkeylogfile")
+
 # Do special setup.
 if [ "$fuzz" = 1 ]; then
     source "$cwd"/coreconf/fuzz.sh
 fi
 nspr_set_flags $sanitizer_flags
 if [ ! -z "$sanitizer_flags" ]; then
     gyp_params+=(-Dsanitizer_flags="$sanitizer_flags")
 fi
--- a/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/gtests/ssl_gtest/ssl_gtest.gyp
@@ -28,17 +28,16 @@
         'ssl_ems_unittest.cc',
         'ssl_exporter_unittest.cc',
         'ssl_extension_unittest.cc',
         'ssl_fuzz_unittest.cc',
         'ssl_fragment_unittest.cc',
         'ssl_gather_unittest.cc',
         'ssl_gtest.cc',
         'ssl_hrr_unittest.cc',
-        'ssl_keylog_unittest.cc',
         'ssl_keyupdate_unittest.cc',
         'ssl_loopback_unittest.cc',
         'ssl_misc_unittest.cc',
         'ssl_record_unittest.cc',
         'ssl_recordsize_unittest.cc',
         'ssl_resumption_unittest.cc',
         'ssl_renegotiation_unittest.cc',
         'ssl_skip_unittest.cc',
@@ -87,24 +86,31 @@
             '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
           ],
         }],
         [ 'disable_dbm==0', {
           'dependencies': [
             '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
           ],
         }],
+        [ 'enable_sslkeylogfile==1', {
+          'sources': [
+            'ssl_keylog_unittest.cc',
+          ],
+          'defines': [
+            'NSS_ALLOW_SSLKEYLOGFILE',
+          ],
+        }],
       ],
     }
   ],
   'target_defaults': {
     'include_dirs': [
       '../../lib/ssl'
     ],
     'defines': [
       'NSS_USE_STATIC_LIBS',
-      'NSS_ALLOW_SSLKEYLOGFILE=1',
     ],
   },
   'variables': {
     'module': 'nss',
   }
 }
--- a/gtests/ssl_gtest/ssl_keylog_unittest.cc
+++ b/gtests/ssl_gtest/ssl_keylog_unittest.cc
@@ -1,16 +1,14 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifdef NSS_ALLOW_SSLKEYLOGFILE
-
 #include <cstdlib>
 #include <fstream>
 #include <sstream>
 
 #include "gtest_utils.h"
 #include "tls_connect.h"
 
 namespace nss_test {
@@ -159,10 +157,8 @@ INSTANTIATE_TEST_CASE_P(
 #ifndef NSS_DISABLE_TLS_1_3
 INSTANTIATE_TEST_CASE_P(
     KeyLogFileTLS13, KeyLogFileUnsetTest,
     ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
                        TlsConnectTestBase::kTlsV13));
 #endif
 
 }  // namespace nss_test
-
-#endif  // NSS_ALLOW_SSLKEYLOGFILE
--- a/help.txt
+++ b/help.txt
@@ -46,8 +46,10 @@ NSS build tool options:
                      --with-nspr=<include>:<lib> sets include and lib paths
     --system-nspr    attempt to use system nspr
                      shorthand for --with-nspr=/usr/include/nspr:
     --system-sqlite  use system sqlite
     --enable-fips    enable FIPS checks
     --enable-libpkix make libpkix part of the build
     --mozpkix-only   build only static mozpkix and mozpkix-test libraries
                      support for this build option is limited
+    --disable-keylog enable support for logging key data to a file specified
+                     by the SSLKEYLOGFILE environment variable
--- a/lib/ssl/ssl.gyp
+++ b/lib/ssl/ssl.gyp
@@ -68,16 +68,21 @@
             'UNSAFE_FUZZER_MODE',
           ],
         }],
         [ 'OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd" or OS=="linux"', {
           'cflags': [
             '-std=gnu99',
           ],
         }],
+        [ 'enable_sslkeylogfile==1', {
+          'defines': [
+            'NSS_ALLOW_SSLKEYLOGFILE',
+          ],
+        }],
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
       ],
     },
     {
       'target_name': 'ssl3',
       'type': 'shared_library',
@@ -87,17 +92,12 @@
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
         '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
       ],
       'variables': {
         'mapfile': 'ssl.def'
       }
     }
   ],
-  'target_defaults': {
-    'defines': [
-      'NSS_ALLOW_SSLKEYLOGFILE=1'
-    ]
-  },
   'variables': {
     'module': 'nss'
   }
 }