From fd429bb65638d43515db37dbc9e294eb76dafd37 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 22 Jan 2019 13:29:25 -0800
Subject: [PATCH] Show warning if secrets debugging options (`SHOW_SECRETS` or
 `WOLFSSL_SSLKEYLOGFILE`) are enabled. The `#warning` can be ignored as error
 using `./configure CFLAGS="-W#warnings"`.

---
 src/tls.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index b518d15f4..fdc21099e 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -99,6 +99,15 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
     #endif
 #endif
 
+/* Warn if secrets logging is enabled */
+#if defined(SHOW_SECRETS) || defined(WOLFSSL_SSLKEYLOGFILE)
+    #ifndef _MSC_VER
+        #warning The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment
+    #else
+        #pragma message("Warning: The SHOW_SECRETS and WOLFSSL_SSLKEYLOGFILE options should only be used for debugging and never in a production environment")
+    #endif
+#endif
+
 /* Optional Pre-Master-Secret logging for Wireshark */
 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE)
 #ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT