tlsconf and transport/tls: support NSS-formatted keylog file for debugging

... via env variable
This commit is contained in:
Christian Schwarz 2019-01-17 01:43:39 +01:00
parent 25c974f0b5
commit 76a6c623f3

View File

@ -4,8 +4,11 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"errors" "errors"
"fmt"
"io"
"io/ioutil" "io/ioutil"
"net" "net"
"os"
"time" "time"
) )
@ -42,6 +45,7 @@ func NewClientAuthListener(
ClientCAs: ca, ClientCAs: ca,
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
PreferServerCipherSuites: true, PreferServerCipherSuites: true,
KeyLogWriter: keylogFromEnv(),
} }
l = tls.NewListener(l, &tlsConf) l = tls.NewListener(l, &tlsConf)
return &ClientAuthListener{ return &ClientAuthListener{
@ -106,7 +110,21 @@ func ClientAuthClient(serverName string, rootCA *x509.CertPool, clientCert tls.C
Certificates: []tls.Certificate{clientCert}, Certificates: []tls.Certificate{clientCert},
RootCAs: rootCA, RootCAs: rootCA,
ServerName: serverName, ServerName: serverName,
KeyLogWriter: keylogFromEnv(),
} }
tlsConfig.BuildNameToCertificate() tlsConfig.BuildNameToCertificate()
return tlsConfig, nil return tlsConfig, nil
} }
func keylogFromEnv() io.Writer {
var keyLog io.Writer = nil
if outfile := os.Getenv("ZREPL_KEYLOG_FILE"); outfile != "" {
fmt.Fprintf(os.Stderr, "writing to key log %s\n", outfile)
var err error
keyLog, err = os.OpenFile(outfile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
if err != nil {
panic(err)
}
}
return keyLog
}