Consider using ssl_log_secret to export the keylog?

[blaisewang]

From its definition,

int ssl_log_secret(SSL *ssl, const char *label, const uint8_t *secret, size_t secret_len)

Client random can be obtained from SSL * struct.
Label and secret are already provided.

This will save eCapture the efforts to calculate all secrets, including the copy of a lot of data from kernel space.

ssl_log_secret will be called every time a secret is calculated, see

https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/ssl/tls13_enc.c#L702

and

https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/ssl/statem/statem_lib.c#L583