Support for openssl 3.5 is wanted for centos9 #783
Description
Run ecapture on centos 9 with OpenSSL 3.5.0 , can not found matched OpenSSL/BoringSSL version bytecode. Is there any plan to support openssl 3.5? thks
2025-05-27T10:06:37+08:00 WRN OpenSSL/BoringSSL version not found. error="OpenSSL/BoringSSL version not found" soPath=/lib64/libssl.so.3
2025-05-27T10:06:37+08:00 WRN Try to detect libcrypto.so.3. If you have doubts, See https://github.com/gojue/ecapture/discussions/675 for more information.
2025-05-27T10:06:37+08:00 INF Try to detect imported libcrypto.so imported=libcrypto.so.3 soPath=/lib64/libcrypto.so.3
2025-05-27T10:06:37+08:00 INF origin versionKey="openssl 3.5.0" versionKeyLower="openssl 3.5.0"
2025-05-27T10:06:37+08:00 WRN Please send an issue to https://github.com/gojue/ecapture/issues error="OpenSSL/BoringSSL version bytecode not found" version="openssl 3.5.0"
2025-05-27T10:06:37+08:00 ERR OpenSSL/BoringSSL version not found, used default version.If you want to use the specific version, please set the sslVersion parameter with "--ssl_version='openssl x.x.x'", support openssl 1.0.x, 1.1.x, 3.x or newer, or use "ecapture tls --help" for more help.
2025-05-27T10:06:37+08:00 ERR bpfFile=openssl_1_1_1j_kern.o sslVersion=linux_default_1_1_1
full log
[root@localhost ecapture]# cat /etc/os-release
NAME="CentOS Stream"
VERSION="9"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="9"
PLATFORM_ID="platform:el9"
PRETTY_NAME="CentOS Stream 9"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:centos:centos:9"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://issues.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
[root@localhost ecapture]#
[root@localhost ecapture]# uname -a
Linux centos9 5.14.0-585.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed May 14 18:37:27 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ecapture]#
[root@localhost ecapture]# openssl version
OpenSSL 3.5.0 8 Apr 2025 (Library: OpenSSL 3.5.0 8 Apr 2025)
[root@localhost ecapture]#
[root@localhost ecapture]# ./ecapture-v1.0.2-linux-amd64/ecapture tls
2025-05-27T10:06:37+08:00 INF AppName="eCapture(旁观者)"
2025-05-27T10:06:37+08:00 INF HomePage=https://ecapture.cc
2025-05-27T10:06:37+08:00 INF Repository=https://github.com/gojue/ecapture
2025-05-27T10:06:37+08:00 INF Author="CFC4N <cfc4ncs@gmail.com>"
2025-05-27T10:06:37+08:00 INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2025-05-27T10:06:37+08:00 INF Version=linux_amd64:v1.0.2:6.8.0-1027-azure
2025-05-27T10:06:37+08:00 INF Listen=localhost:28256
2025-05-27T10:06:37+08:00 INF eCapture running logs logger=
2025-05-27T10:06:37+08:00 INF the file handler that receives the captured event eventCollector=
2025-05-27T10:06:37+08:00 INF Kernel Info=5.14.0 Pid=8980
2025-05-27T10:06:37+08:00 INF TruncateSize=0 Unit=bytes
2025-05-27T10:06:37+08:00 INF BTF bytecode mode: CORE. btfMode=0
2025-05-27T10:06:37+08:00 INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2025-05-27T10:06:37+08:00 INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2025-05-27T10:06:37+08:00 INF Module.Run()
2025-05-27T10:06:37+08:00 INF listen=localhost:28256
2025-05-27T10:06:37+08:00 INF https server starting...You can upgrade the configuration file via the HTTP interface.
2025-05-27T10:06:37+08:00 WRN OpenSSL/BoringSSL version not found. error="OpenSSL/BoringSSL version not found" soPath=/lib64/libssl.so.3
2025-05-27T10:06:37+08:00 WRN Try to detect libcrypto.so.3. If you have doubts, See https://github.com/gojue/ecapture/discussions/675 for more information.
2025-05-27T10:06:37+08:00 INF Try to detect imported libcrypto.so imported=libcrypto.so.3 soPath=/lib64/libcrypto.so.3
2025-05-27T10:06:37+08:00 INF origin versionKey="openssl 3.5.0" versionKeyLower="openssl 3.5.0"
2025-05-27T10:06:37+08:00 WRN Please send an issue to https://github.com/gojue/ecapture/issues error="OpenSSL/BoringSSL version bytecode not found" version="openssl 3.5.0"
2025-05-27T10:06:37+08:00 ERR OpenSSL/BoringSSL version not found, used default version.If you want to use the specific version, please set the sslVersion parameter with "--ssl_version='openssl x.x.x'", support openssl 1.0.x, 1.1.x, 3.x or newer, or use "ecapture tls --help" for more help.
2025-05-27T10:06:37+08:00 ERR bpfFile=openssl_1_1_1j_kern.o sslVersion=linux_default_1_1_1
2025-05-27T10:06:37+08:00 INF Hook masterKey function ElfType=2 Functions=["SSL_get_wbio","SSL_in_before","SSL_do_handshake"] binrayPath=/lib64/libssl.so.3
2025-05-27T10:06:37+08:00 INF target all process.
2025-05-27T10:06:37+08:00 INF target all users.
2025-05-27T10:06:37+08:00 INF setupManagers eBPFProgramType=Text
2025-05-27T10:06:37+08:00 INF BPF bytecode file is matched. bpfFileName=user/bytecode/openssl_1_1_1j_kern_core.o
2025-05-27T10:06:37+08:00 INF perfEventReader created mapSize(MB)=4
2025-05-27T10:06:37+08:00 INF perfEventReader created mapSize(MB)=4
2025-05-27T10:06:37+08:00 INF module started successfully. isReload=false moduleName=EBPFProbeOPENSSL
2025-05-27T10:06:46+08:00 ??? UUID:8991_8991_curl_2825762944_1_0.0.0.0:0-0.0.0.0:0, Name:HTTPRequest, Type:1, Length:73
GET / HTTP/1.1
Host: baidu.com
Accept: */*
User-Agent: curl/7.76.1
2025-05-27T10:06:46+08:00 ??? UUID:8991_8991_curl_2825762944_0_0.0.0.0:0-0.0.0.0:0, Name:HTTPResponse, Type:3, Length:357
HTTP/1.1 302 Moved Temporarily
Content-Length: 161
Connection: keep-alive
Content-Type: text/html
Date: Tue, 27 May 2025 02:06:45 GMT
Location: http://www.baidu.com/
Server: bfe/1.0.8.18
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>bfe/1.0.8.18</center>
</body>
</html>