Your message dated Sat, 1 Nov 2025 11:51:12 +0100
with message-id <[email protected]>
and subject line Re: [Pkg-openssl-devel] Bug#1118632: Please build with
sslkeylog
has caused the Debian Bug report #1118632,
regarding Please build with sslkeylog
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1118632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118632
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
X-Debbugs-Cc: [email protected]
Version: 3.5.4-1
Severity: normal
According to
https://docs.openssl.org/master/man7/openssl-env/#description,
debugging of communication via SSLKEYLOGFILE requires the
enable-sslkeylog feature.
Please include that in debian/rules, thanks a lot!
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.16.10+deb14-rt-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8),
LANGUAGE=de_AT:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssl depends on:
ii libc6 2.41-12
ii libssl3t64 3.5.4-1
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20250419
-- no debconf information
--- End Message ---
--- Begin Message ---
On 2025-10-23 10:49:34 [+0200], Philipp Marek wrote:
> According to https://docs.openssl.org/master/man7/openssl-env/#description,
> debugging of communication via SSLKEYLOGFILE requires the
> enable-sslkeylog feature.
I am not going to do that.
Kurt raised security concerns.
The man page mentiones security concerns and that it should be limited
to test and debug environments. Clearly providing this enabled by
default would ignore it.
I am not aware of another TLS stack exposing such a functionality.
The problem is not someone enables this in a debug environment but if
this gets enabled on a productive machine and someone starts collecting
keys and exposing sessions.
> Please include that in debian/rules, thanks a lot!
I don't even think I'm going to provide an alternative package for this.
You will have to rebuild it on your own.
Therefore closing.
Sebastian
--- End Message ---
