From 2f5f49d146a0baef81c7562be29a6a71f894f336 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Fri, 20 Jan 2017 16:22:49 +0000
Subject: [PATCH] Add documentation for the key logging callbacks

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
---
 doc/man3/SSL_CTX_set_keylog_callback.pod | 48 ++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 doc/man3/SSL_CTX_set_keylog_callback.pod

diff --git a/doc/man3/SSL_CTX_set_keylog_callback.pod b/doc/man3/SSL_CTX_set_keylog_callback.pod
new file mode 100644
index 0000000000..abe45aea06
--- /dev/null
+++ b/doc/man3/SSL_CTX_set_keylog_callback.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback,
+SSL_CTX_keylog_cb_func - logging TLS key material
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+ void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+ SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_keylog_callback() sets the TLS key logging callback. This callback
+is called whenever TLS key material is generated or received, in order to allow
+applications to store this keying material for debugging purposes.
+
+SSL_CTX_get_keylog_callback() retrieves the previously set TLS key logging
+callback. If no callback has been set, this will return NULL. When there is no
+key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as
+the value of cb, no logging of key material will be done.
+
+The key logging callback is called with two items: the B<ssl> object associated
+with the connection, and B<line>, a string containing the key material in the
+format used by NSS for its B<SSLKEYLOGFILE> debugging output. To recreate that
+file, the key logging callback should log B<line>, followed by a newline.
+B<line> will always be a NULL-terminated string.
+
+
+=head1 SEE ALSO
+
+L<ssl(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-- 
2.25.1