(02-16-2019, 09:50 PM)Codehunter Wrote: it would be very nice to have a easy-to-use way to write standard NSS files.
That is outside of Indy's scope. I'm sure you can find a 3rd party that has already done this. Doesn't Mozilla's own NSS library have something you can use for this?
Doing some research, it seems like it would not be very difficult for you to write a custom function in your own code:
How do I extract the pre-master secret using an OpenSSL-based client?
Extract pre-master keys from an OpenSSL application
(02-16-2019, 09:50 PM)Codehunter Wrote: My TIdSSLIOHandlerSocketOpenSSL.OnStatusInfoEx handler (linked in the first post in this thread) is working but a little bit freaky. OnStatusInfoEx isn't the right place to do this because it is fired too often (performance issues)
OnStatusInfo/Ex is fired at different stages of the connection, including the start and end of a handshake. You are not trying to write your file on every stage, are you?
(02-16-2019, 09:50 PM)Codehunter Wrote: For example, a TIdSSLIOHandlerSocketOpenSSL.NSSFilePath string property and a TIdSSLIOHandlerSocketOpenSSL.NSSWriteEnabled boolean property.
I'll consider it, but don't rely on it being added any time soon.
(02-16-2019, 09:50 PM)Codehunter Wrote: Alternatively, an event handler which is fired once after TLS/SSL connection is finally established, with all neccessary infos (secrets... ) to write a NSS file.
What is stopping you from doing that today? OnStatusInfoEx gives you notification when the handshake is finished (the AWhere parameter is SSL_CB_HANDSHAKE_DONE), whether it was successful or not (the ARet parameter), and direct access to OpenSSL's SSL/TLS session object (the ASslSocket parameter).
(02-16-2019, 09:50 PM)Codehunter Wrote: For clarification: I want this only for debugging purposes in the lab. Firefox and Chrome have such a thing, enabled via some developer options.
Firefox and Chrome use there own built-in SSL/TLS engines, so of course they would be able to provide debugging options to output their own secret data.