8000 Merge pull request #267 from siketyan/feat/tls-key-log-file · symfony-cli/symfony-cli@0604752 · GitHub
[go: up one dir, main page]
Skip to content

Commit 0604752

Browse files
fabpotfabpot
authored
Merge pull request #267 from siketyan/feat/tls-key-log-file
feat: Support dumping TLS key log in NSS format for debugging
2 parents e1ba1a9 + 91696a4 commit 0604752

File tree

4 files changed

+38
-5
lines changed

4 files changed

+38
-5
lines changed

commands/local_server_start.go

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ import (
5050
)
5151

5252
var localWebServerProdWarningMsg = "The local web server is optimized for local development and MUST never be used in a production setup."
53+
var localWebServerTlsKeyLogWarningMsg = "Logging TLS master key is enabled. It means TLS connections between the client and this server will be INSECURE. This is NOT recommended unless you are debugging the connections."
5354

5455
var localServerStartCmd = &console.Command{
5556
Category: "local",
@@ -68,6 +69,10 @@ var localServerStartCmd = &console.Command{
6869
&console.StringFlag{Name: "p12", Usage: "Name of the file containing the TLS certificate to use in p12 format"},
6970
&console.BoolFlag{Name: "no-tls", Usage: "Use HTTP instead of HTTPS"},
7071
&console.BoolFlag{Name: "use-gzip", Usage: "Use GZIP"},
72+
&console.StringFlag{
73+
Name: "tls-key-log-file",
74+
Usage: "Destination for TLS master secrets in NSS key log format",
75+
},
7176
},
7277
Action: func(c *console.Context) error {
7378
ui := terminal.SymfonyStyle(terminal.Stdout, terminal.Stdin)
@@ -169,6 +174,17 @@ var localServerStartCmd = &console.Command{
169174
}
170175
}
171176

177+
// If 'SSLKEYLOGFILE' environment variable is set, uses this as a destination of TLS key log.
178+
// In this context, the name 'SSLKEYLOGFILE' is common, so using 'SSL' instead of 'TLS' name.
179+
// This environment variable is preferred than the key log file from the console argument.
180+
if path := os.Getenv("SSLKEYLOGFILE"); path != "" {
181+
config.TlsKeyLogFile = path
182+
}
183+
184+
if config.TlsKeyLogFile != "" {
185+
ui.Warning(localWebServerTlsKeyLogWarningMsg)
186+
}
187+
172188
lw, err := pidFile.LogWriter()
173189
if err != nil {
174190
return err

local/http/http.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ package http
2222
import (
2323
"crypto/tls"
2424
"fmt"
25+
"io"
2526
"net"
2627
"net/http"
2728
"os"
@@ -53,6 +54,7 @@ type Server struct {
5354
Logger zerolog.Logger
5455
Appversion string
5556
UseGzip bool
57+
TlsKeyLogFile string
5658

5759
httpserver *http.Server
5860
httpsserver *http.Server
@@ -111,13 +113,24 @@ func (s *Server) Start(errChan chan error) (int, error) {
111113
return port, errors.WithStack(err)
112114
}
113115

116+
var keyLogWriter io.Writer
117+
if s.TlsKeyLogFile != "" {
118+
w, err := os.OpenFile(s.TlsKeyLogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
119+
if err != nil {
120+
return port, errors.WithStack(err)
121+
}
122+
123+
keyLogWriter = w
124+
}
125+
114126
s.httpsserver = &http.Server{
115127
Handler: proxyHandler,
116128
TLSConfig: &tls.Config{
117129
PreferServerCipherSuites: true,
118130
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
119131
Certificates: []tls.Certificate{cert},
120132
NextProtos: []string{"h2", "http/1.1"},
133+
KeyLogWriter: keyLogWriter,
121134
},
122135
}
123136

local/project/config.go

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,11 @@ type Config struct {
4141
PKCS12 string `yaml:"p12"`
4242
Logger zerolog.Logger
4343
AppVersion string
44-
AllowHTTP bool `yaml:"allow_http"`
45-
NoTLS bool `yaml:"no_tls"`
46-
Daemon bool `yaml:"daemon"`
47-
UseGzip bool `yaml:"use_gzip"`
44+
AllowHTTP bool `yaml:"allow_http"`
45+
NoTLS bool `yaml:"no_tls"`
46+
Daemon bool `yaml:"daemon"`
47+
UseGzip bool `yaml:"use_gzip"`
48+
TlsKeyLogFile string `yaml:"tls_key_log_file"`
4849
}
4950

5051
type FileConfig struct {
@@ -104,10 +105,12 @@ func NewConfigFromContext(c *console.Context, projectDir string) (*Config, *File
104105
if c.IsSet("daemon") {
105106
config.Daemon = c.Bool("daemon")
106107
}
107-
108108
if c.IsSet("use-gzip") {
109109
config.UseGzip = c.Bool("use-gzip")
110110
}
111+
if c.IsSet("tls-key-log-file") {
112+
config.TlsKeyLogFile = c.String("tls-key-log-file")
113+
}
111114

112115
return config, fileConfig, nil
113116
}

local/project/project.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@ func New(c *Config) (*Project, error) {
6262
AllowHTTP: c.AllowHTTP,
6363
UseGzip: c.UseGzip,
6464
Appversion: c.AppVersion,
65+
TlsKeyLogFile: c.TlsKeyLogFile,
6566
},
6667
}
6768
if err != nil {

0 commit comments

Comments
 (0)
0