mirror of
https://github.com/zrepl/zrepl.git
synced 2024-12-22 15:11:16 +01:00
tlsconf and transport/tls: support NSS-formatted keylog file for debugging
... via env variable
This commit is contained in:
parent
25c974f0b5
commit
76a6c623f3
@ -4,8 +4,11 @@ import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
@ -42,6 +45,7 @@ func NewClientAuthListener(
|
||||
ClientCAs: ca,
|
||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
PreferServerCipherSuites: true,
|
||||
KeyLogWriter: keylogFromEnv(),
|
||||
}
|
||||
l = tls.NewListener(l, &tlsConf)
|
||||
return &ClientAuthListener{
|
||||
@ -106,7 +110,21 @@ func ClientAuthClient(serverName string, rootCA *x509.CertPool, clientCert tls.C
|
||||
Certificates: []tls.Certificate{clientCert},
|
||||
RootCAs: rootCA,
|
||||
ServerName: serverName,
|
||||
KeyLogWriter: keylogFromEnv(),
|
||||
}
|
||||
tlsConfig.BuildNameToCertificate()
|
||||
return tlsConfig, nil
|
||||
}
|
||||
|
||||
func keylogFromEnv() io.Writer {
|
||||
var keyLog io.Writer = nil
|
||||
if outfile := os.Getenv("ZREPL_KEYLOG_FILE"); outfile != "" {
|
||||
fmt.Fprintf(os.Stderr, "writing to key log %s\n", outfile)
|
||||
var err error
|
||||
keyLog, err = os.OpenFile(outfile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
return keyLog
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user