sslkeylog 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5d2371c16ef153fca7e769b86512b6c115ff202b
+  data.tar.gz: 3d01e3e2c858beee98fc55caf029b2ca4cb45fa7
+SHA512:
+  metadata.gz: aa39a32b4d64b14b99ae0f417a891ca7ced5706586c1bd20ac276ea291e75b09c7d8b1036c5f3ac7d87763a071185e82b616b4334595cd12da6e35625c647094
+  data.tar.gz: 996fa56a14a4076894eafd64e5d03dd0a4ca4d8861c32866ae15b4cec00911e5362de11ba693513724d2c2724c94ea8d4cae2ffea51dd92db572f3577f0c8ad2

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc/
+/Gemfile.lock
+/Gemfile.local
+/*.gem
+/doc/
+/lib/**/*.bundle
+/lib/**/*.dll
+/lib/**/*.so
+/pkg/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,9 @@
+language: ruby
+notifications:
+  email: false
+bundler_args: --without docs
+script: bundle exec rake spec
+rvm:
+  - 2.0.0
+  - 2.1.5
+  - 2.2.1

data/.yardopts

@@ -0,0 +1,2 @@
+--markup markdown
+--markup-provider=redcarpet

data/CHANGELOG.md

@@ -0,0 +1,33 @@
+SSLkeylog
+=========
+
+0.2.0
+-----
+
+2015-04-14
+
+Backwards incompatible feature release.
+
+  - +Break
+    Library renamed from `OpenSSL::Keylog` to `SSLkeylog`.
+
+  - +Break
+    The library no longer extends (monkeypatches) the `OpenSSL::SSL::SSLSocket`
+    class. This functionality is now provided by module functions on
+    `SSLkeylog::OpenSSL`.
+
+  - +New
+    A simple tracing and logging system built on top of the standard `Logging`
+    library and the Ruby 2.0 `TracePoint` API that allows SSL client
+    connections to be logged.
+
+
+0.1.0
+-----
+
+2015-04-12
+
+(unreleased) First tagged prototype.
+
+  - +New
+    Added the `to_keylog` method for `OpenSSL:SSL::SSLSocket` objects which extracts and formats NSS Key Log data.

data/Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+
+gemspec
+
+group :docs do
+  gem 'yard'
+  gem 'redcarpet'
+end
+
+eval_gemfile "#{__FILE__}.local" if File.exists? "#{__FILE__}.local"

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Charlie Sharpsteen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,71 @@
+SSLkeylog
+=========
+
+An Ruby library that logs SSL session keys from client connections in [NSS Key Log Format][nss-format]. This log can be used by tools such as [Wireshark][wireshark] to decrypt data when analyzing network traffic.
+
+**NOTE:** This version of the library is a functional prototype. The implementation may change in the future.
+
+[![Build Status](https://travis-ci.org/Sharpie/sslkeylog.svg?branch=master)](https://travis-ci.org/Sharpie/sslkeylog)
+
+  [nss-format]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
+
+  [wireshark]:https://wiki.wireshark.org/SSL#Using_the_.28Pre.29-Master-Secret
+
+
+## Installation
+
+This gem uses a C extension to extract data from Ruby `OpenSSL::SSL::SSLSocket` objects. This means that the Gem will have to be built using the same OpenSSL headers that Ruby used during compilation.
+
+The logic for locating the `include` directory is not particularly sophisticated, so the proper location may need to be specified during installation:
+
+    gem install openssl-keylog -- --with-openssl-include=...
+
+Use of the wrong header file can result in segmentation faults and other unpleasantness.
+
+
+## Usage
+
+The simplest way to use this library is to set an output file using the `SSLKEYLOG` environment variable and then require the `sslkeylog/autotrace` module:
+
+```ruby
+# In bash: export SSLKEYLOG=$HOME/sslkeylog.log
+require 'sslkeylog/autotrace'
+```
+
+If the `SSLKEYLOG` variable is unset, output will be sent to `$stderr`.
+
+
+Tracing can be enabled for specific portions of a Ruby program and output can be routed to any object which behaves like a standard Ruby `Logger`:
+
+```ruby
+require 'sslkeylog'
+require 'stringio'
+
+output = StringIO.new
+SSLkeylog::Logging.logger = Logger.new(output)
+
+socket = TCPSocket.new('github.com', '443')
+ssl_socket = OpenSSL::SSL::SSLSocket.new(socket)
+
+SSLkeylog::Trace.enable
+ssl_socket.connect
+SSLkeylog::Trace.disable
+
+ssl_socket.close
+puts output.string
+# => I, [2015-04-14T12:51:33.016410 #90145]  INFO -- : CLIENT_RANDOM 20A97D56EAE0850DE6CECB63D4D587D863E62750AF3AF032453608DA5F8787C0 58260274A5BD57E1158AD2CAFEE1D8F671F900419F37B6A2DDB20FA0AC8B96AC0940398B33D42F366E2937151C751CED
+```
+
+Data can be extracted directly from `OpenSSL::SSL:SSLSocket` objects using the `to_keylog` method of the `SSLkeylog::OpenSSL` module:
+
+```ruby
+require 'sslkeylog/openssl'
+
+socket = TCPSocket.new('github.com', '443')
+ssl_socket = OpenSSL::SSL::SSLSocket.new(socket)
+ssl_socket.connect
+
+puts SSLkeylog::OpenSSL.to_keylog(ssl_socket)
+ssl_socket.close
+# => "CLIENT_RANDOM 7374BF6508668783736B211242A4BC2CF075FC508E49B9797B038D6357370A10 C5BB2BDFEF788E7BB6ED0A37962BEEB140AC7F33DEF0E344F576D18305AF5A6C0121E069F1FF4CE4424530A83D443EFD\n"
+```

data/Rakefile

@@ -0,0 +1,5 @@
+task_dir = File.expand_path('../tasks', __FILE__)
+
+Dir["#{task_dir}/**/*.rake"].each do |task_file|
+  load task_file
+end

data/ext/openssl/extconf.rb

@@ -0,0 +1,17 @@
+require 'mkmf'
+require 'shellwords'
+
+openssl_include = []
+openssl_lib     = []
+
+# Check to see if Ruby was compiled with a custom OpenSSL
+openssl_config = CONFIG['configure_args'].shellsplit.find {|e| e.start_with? '--with-openssl-dir='}
+unless openssl_config.nil?
+  _, _, openssl_dir = openssl_config.partition('=')
+
+  openssl_include << File.join(openssl_dir, 'include')
+  openssl_lib     << File.join(openssl_dir, 'lib')
+end
+
+dir_config('openssl', openssl_include, openssl_lib)
+create_makefile('sslkeylog/openssl')

data/ext/openssl/openssl.c

@@ -0,0 +1,133 @@
+#include <ruby.h>
+#include <openssl/ssl.h>
+
+// Global variables pointing to Ruby namespaces of interest.
+VALUE mOpenSSL, mSSL, cSSLSocket;
+
+// Copies and hex encodes a char array, using two bytes in buffer for each byte
+// in str.
+static void
+hex_encode(char *buffer, size_t size, const unsigned char *str)
+{
+  static const char hex[] = "0123456789ABCDEF";
+  unsigned int i;
+
+  for (i = 0; i < size; i++) {
+    *(buffer++) = hex[str[i] >> 4];
+    *(buffer++) = hex[str[i] & 15];
+  }
+}
+
+/* Capture SSL session keys in NSS Key Log Format
+ *
+ * @param socket [OpenSSL::SSL::SSLSocket] A SSL socket instance to capture
+ *   data from.
+ * @return [String] A string containing SSL session data.
+ * @return [nil] If `socket` has negotiated a SSLv2 connection.
+ * @return [nil] If `socket` has not been connected.
+ *
+ * @raise [TypeError] If `socket` is not an instance of
+ *   `OpenSSL::SSL::SSLSocket`.
+ */
+static VALUE
+to_keylog(VALUE mod, VALUE socket)
+{
+  SSL *ssl;
+  // 14 byte header string
+  // + 64 byte hex encoded client random
+  // + 1 space
+  // + 96 byte hex encoded master secret
+  // + newline.
+  size_t buf_len = 14 + 64 + 1 + 96 + 1;
+  char buf[buf_len];
+  unsigned int i;
+
+  // PRIsVALUE is a special format string that causes functions like rb_raise
+  // to format data of type VALUE by calling `.to_s` on the Ruby object.
+  if (!rb_obj_is_instance_of(socket, cSSLSocket)) {
+    rb_raise(rb_eTypeError, "wrong argument (%"PRIsVALUE")! (Expected instance of %"PRIsVALUE")",
+      rb_obj_class(socket), cSSLSocket);
+  }
+
+  // NOTE: Should be able to use Data_Get_Struct here, but for some reason the
+  // SSLSocket instance passed to this function as `socket` fails the
+  // type check.
+  //
+  // So, we live dangerously and go directly for the data pointer.
+  ssl = (SSL*)DATA_PTR(socket);
+
+  // Check to see if the SSL data structure has been populated.
+  //
+  // NOTE: If the `s3` component is missing then SSLv2 is in use and we bail
+  // out. Such a thing is a bit crazy these days, but we could handle it in a
+  // more meaningful way by falling back to the old NSS Key Log format:
+  //
+  //     RSA Session-ID:<16 byte session id> Master-Key:<48 byte master key>
+  if ( !(ssl) || !(ssl->session) || !(ssl->s3) ){
+    return Qnil;
+  }
+
+  memcpy(buf, "CLIENT_RANDOM ", 14);
+  i = 14;
+  hex_encode(buf + i, 32, ssl->s3->client_random);
+  i += 64;
+  buf[i++] = ' ';
+  hex_encode(buf + i, 48, ssl->session->master_key);
+  i += 96;
+  buf[i++] = '\n';
+
+  return rb_str_new(buf, buf_len);
+}
+
+/* Document-module: SSLkeylog::OpenSSL
+ *
+ * Generate NSS Key Log entries from Ruby OpenSSL objects
+ *
+ * The NSS Key Log format contains two pieces of information that can be used
+ * to decrypt SSL session data:
+ *
+ * 1. A string of 32 random bytes sent by the client during the
+ *    "Client Hello" phase of the SSL handshake.
+ *
+ * 2. A string of 48 bytes generated during the handshake that is the
+ *    "pre-master key" required to decrypt the data.
+ *
+ * The Ruby OpenSSL library exposes the pre-master key through the `to_text`
+ * method of  `OpenSSL::SSL::Session` objects. Unfortunately, there is no way
+ * to access the client random data at the Ruby level.  However, many Ruby
+ * objects are simple wrappers for C data structures and the OpenSSL `SSL`
+ * struct does contains all the data we need --- including the client random
+ * data. The Ruby object which wraps `struct SSL` is
+ * `OpenSSL::SSL::SSLSocket`. This `to_keylog` method provided is a simple C
+ * extension which un-wraps `SSLSocket` objects at the C level and reads the
+ * data required form a NSS Key Log entry.
+ */
+void
+Init_openssl()
+{
+  rb_require("openssl");
+
+  // Retrieve OpenSSL namespaces.
+  mOpenSSL   = rb_const_get(rb_cObject, rb_intern("OpenSSL"));
+  mSSL       = rb_const_get(mOpenSSL,   rb_intern("SSL"));
+  cSSLSocket = rb_const_get(mSSL,       rb_intern("SSLSocket"));
+
+  VALUE mSSLkeylog = rb_const_get(rb_cObject, rb_intern("SSLkeylog"));
+
+  VALUE mSSLkeylogOpenSSL  = rb_define_module_under(mSSLkeylog, "OpenSSL");
+  rb_define_singleton_method(mSSLkeylogOpenSSL, "to_keylog", to_keylog, 1);
+
+  /* The version string of the OpenSSL headers used to build this library.
+   *
+   * @return [String] The OPENSSL_VERSION_TEXT definition from the OpenSSL
+   *   header this library was built against.
+   */
+  rb_define_const(mSSLkeylogOpenSSL, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
+
+  /* The numeric version of the OpenSSL headers used to build this library.
+   *
+   * @return [Integer] The OPENSSL_VERSION_NUMBER definition from the OpenSSL
+   *   header this library was built against.
+   */
+  rb_define_const(mSSLkeylogOpenSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(OPENSSL_VERSION_NUMBER));
+}

data/lib/sslkeylog.rb

@@ -0,0 +1,6 @@
+module SSLkeylog
+  require 'sslkeylog/version'
+  require 'sslkeylog/openssl'
+  require 'sslkeylog/trace'
+  require 'sslkeylog/logging'
+end

data/lib/sslkeylog/autotrace.rb

@@ -0,0 +1,2 @@
+require 'sslkeylog'
+SSLkeylog::Trace.enable

data/lib/sslkeylog/logging.rb

@@ -0,0 +1,52 @@
+require 'logger'
+
+module SSLkeylog
+  # This module configures logging used by SSL tracing
+  module Logging
+    class << self
+      # The global logger used by SSL tracers
+      #
+      # Must be set to an object that implements the interface provided by the
+      # standard Ruby `Logger` library.
+      #
+      # @return [Logger]
+      attr_accessor :logger
+    end
+
+    # Returns a default Logger formatter for NSS Key Log messages
+    #
+    # This formatter simply echoes any message without adding additional data
+    # such as timestamp, severity, etc.
+    #
+    # @return [Proc]
+    def self.default_formatter
+      Proc.new do |severity, datetime, progname, msg|
+        msg
+      end
+    end
+
+    # Returns a default Logger for NSS Key Log messages
+    #
+    # @return [Logger] A logger that appends to a file specified by the
+    #   `SSLKEYLOG` environment variable.
+    # @return [Logger] A logger that writes to `$stderr` if the `SSLKEYLOG`
+    #   environment variable is not set.
+    def self.default_logger
+      if ENV['SSLKEYLOG']
+        output = File.open(ENV['SSLKEYLOG'], 'a')
+        # Flush output after every write as an external process, such as
+        # Wireshark, may be watching this file.
+        output.sync = true
+      else
+        output = $stderr
+      end
+
+      logger = Logger.new(output)
+      logger.formatter = default_formatter
+
+      logger
+    end
+
+    self.logger = self.default_logger
+  end
+end

data/lib/sslkeylog/trace.rb

@@ -0,0 +1,39 @@
+require 'sslkeylog/logging'
+
+module SSLkeylog
+
+  # This module provides methods for tracing SSL connections
+  #
+  # Currently, tracing is only implemented for client connections. Tracing of
+  # connections accepted by servers is not implemented. Tracing is implemented
+  # using the Ruby 2.x `TracePoint` API.
+  module Trace
+    # A TracePoint that watches SSL client connections
+    #
+    # This tracepoint watches for returns from `OpenSSL::SSL::SSLSocket#connect`
+    # and logs the pre master secret to the logger returned by
+    # {SSLkeylog::Logging.logger}. Messages are logged at `info` level.
+    #
+    # @return [TracePoint]
+    CLIENT_TRACER = TracePoint.new(:c_return) do |tp|
+      if tp.method_id == :connect && tp.defined_class == ::OpenSSL::SSL::SSLSocket
+        ssl_info = ::SSLkeylog::OpenSSL.to_keylog(tp.self)
+        ::SSLkeylog::Logging.logger.info(ssl_info) unless ssl_info.nil?
+      end
+    end
+
+    # Enable tracing of SSL connections
+    #
+    # @return [void]
+    def self.enable
+      CLIENT_TRACER.enable
+    end
+
+    # Disable tracing of SSL connections
+    #
+    # @return [void]
+    def self.disable
+      CLIENT_TRACER.disable
+    end
+  end
+end

data/lib/sslkeylog/version.rb

@@ -0,0 +1,3 @@
+module SSLkeylog
+  VERSION = '0.2.0'
+end

data/spec/integration/client_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'stringio'
+
+describe 'OpenSSL client connections' do
+  let(:ssl_server_address) { '127.0.0.1' }
+  let(:ssl_server_port)    { 9045 }
+  include_context 'ssl_server'
+
+  before(:each) do
+    @tcp_socket = TCPSocket.new(ssl_server_address, ssl_server_port)
+    @ssl_socket = OpenSSL::SSL::SSLSocket.new(@tcp_socket)
+  end
+
+  context 'before a connection is established' do
+    after(:each) { @tcp_socket.close }
+
+    it 'returns nil' do
+      expect(SSLkeylog::OpenSSL.to_keylog(@ssl_socket)).to be_nil
+    end
+  end
+
+  context 'after a connection is established' do
+    before(:each) { @ssl_socket.connect }
+    after(:each)  { @ssl_socket.close }
+
+    it 'returns a string starting with CLIENT_RANDOM' do
+      expect(SSLkeylog::OpenSSL.to_keylog(@ssl_socket)).to start_with('CLIENT_RANDOM')
+    end
+
+    it 'contains the session master key' do
+      logged_key = SSLkeylog::OpenSSL.to_keylog(@ssl_socket).split.last.strip
+      master_key = @ssl_socket.session.to_text.lines.find {|l| l.match /^\s*Master-Key:/}.partition(': ').last.strip
+
+      expect(logged_key).to match(master_key)
+    end
+  end
+
+  context 'when tracing is enabled' do
+    subject { StringIO.new }
+
+    before(:each) do
+      logger           = Logger.new(subject)
+      logger.formatter = SSLkeylog::Logging.default_formatter
+      SSLkeylog::Logging.logger = logger # TODO: Replace with a mock.
+
+      SSLkeylog::Trace.enable
+      @ssl_socket.connect
+    end
+    after(:each)  do
+      @ssl_socket.close
+      SSLkeylog::Trace.disable
+    end
+
+    it 'logs the session master key' do
+      logged_key = subject.string.split.last.strip
+      master_key = @ssl_socket.session.to_text.lines.find {|l| l.match /^\s*Master-Key:/}.partition(': ').last.strip
+
+      expect(logged_key).to match(master_key)
+    end
+  end
+end

data/spec/shared/ssl_server_context.rb

@@ -0,0 +1,26 @@
+require 'webrick/https'
+
+# This context runs an OpenSSL::SSL:SSLServer that is accessible to tests.  The
+# `ssl_server_port` and `ssl_server_address` will need to be specified before
+# this context is included:
+#
+#     let(:ssl_server_address) { ... }
+#     let(:ssl_server_port)    { ... }
+#     include 'ssl_server'
+shared_context 'ssl_server' do
+  before(:each) do
+    @server = WEBrick::HTTPServer.new(
+      :BindAddress  => ssl_server_address,
+      :Port         => ssl_server_port,
+      :SSLEnable    => true,
+      :SSLCertName  => [%w[CN localhost]],
+      :Logger       => WEBrick::Log.new(nil, WEBrick::BasicLog::WARN),
+      )
+    @thread = Thread.new { @server.start }
+  end
+
+  after(:each) do
+    @server.shutdown rescue nil
+    @thread.join rescue nil
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'sslkeylog'
+require_relative 'shared/ssl_server_context.rb'

data/spec/unit/sslkeylog_openssl_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe SSLkeylog::OpenSSL do
+  it 'reports the OPENSSL_VERSION it was built against' do
+    expect(SSLkeylog::OpenSSL::OPENSSL_VERSION).to match(/^OpenSSL/)
+  end
+
+  it 'reports the OPENSSL_VERSION_NUMBER it was built against' do
+    expect(SSLkeylog::OpenSSL::OPENSSL_VERSION_NUMBER).to be_a(Integer)
+  end
+
+  describe '.to_keylog' do
+    it 'rejects arguments that are not SSLSocket objects' do
+      expect { described_class.to_keylog('foo') }.to raise_error(TypeError,
+        /Expected instance of OpenSSL::SSL::SSLSocket\)$/)
+    end
+  end
+end

data/sslkeylog.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sslkeylog/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sslkeylog'
+  spec.version       = SSLkeylog::VERSION
+  spec.authors       = ['Charlie Sharpsteen']
+  spec.email         = ['source@sharpsteen.net']
+  spec.license       = 'MIT'
+
+  spec.summary       = 'A Ruby library that logs SSL session keys in NSS Key Log Format.'
+  spec.homepage      = 'https://github.com/Sharpie/sslkeylog'
+
+  spec.files         = %x[git ls-files].split($/)
+  spec.require_paths = ['lib']
+  spec.extensions    = Dir['ext/**/extconf.rb']
+
+  spec.required_ruby_version =  '>= 2.0.0'
+
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rake-compiler'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+end

data/tasks/compile.rake

@@ -0,0 +1,5 @@
+require 'rake/extensiontask'
+
+Rake::ExtensionTask.new 'openssl' do |ext|
+  ext.lib_dir = 'lib/sslkeylog'
+end

data/tasks/spec.rake

@@ -0,0 +1,4 @@
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+task :spec => [:compile]

data/tasks/yard.rake

@@ -0,0 +1,9 @@
+begin
+  require 'yard'
+  require 'yard/rake/yardoc_task'
+rescue LoadError
+  # YARD is not installed during CI runs.
+  nil
+else
+  YARD::Rake::YardocTask.new(:doc)
+end

metadata

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: sslkeylog
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Charlie Sharpsteen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-04-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: 
+email:
+- source@sharpsteen.net
+executables: []
+extensions:
+- ext/openssl/extconf.rb
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- ".yardopts"
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- ext/openssl/extconf.rb
+- ext/openssl/openssl.c
+- lib/sslkeylog.rb
+- lib/sslkeylog/autotrace.rb
+- lib/sslkeylog/logging.rb
+- lib/sslkeylog/trace.rb
+- lib/sslkeylog/version.rb
+- spec/integration/client_spec.rb
+- spec/shared/ssl_server_context.rb
+- spec/spec_helper.rb
+- spec/unit/sslkeylog_openssl_spec.rb
+- sslkeylog.gemspec
+- tasks/compile.rake
+- tasks/spec.rake
+- tasks/yard.rake
+homepage: https://github.com/Sharpie/sslkeylog
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A Ruby library that logs SSL session keys in NSS Key Log Format.
+test_files: []
+has_rdoc: