symfony-cli
diff --git a/‎commands/local_server_start.go
Lines changed: 4 additions & 0 deletions b/‎commands/local_server_start.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎local/http/http.go
Lines changed: 13 additions & 0 deletions b/‎local/http/http.go
Lines changed: 13 additions & 0 deletions
diff --git a/‎local/project/config.go
Lines changed: 8 additions & 5 deletions b/‎local/project/config.go
Lines changed: 8 additions & 5 deletions
diff --git a/‎local/project/project.go
Lines changed: 1 addition & 0 deletions b/‎local/project/project.go
Lines changed: 1 addition & 0 deletions
@@ -68,6 +68,10 @@ var localServerStartCmd = &console.Command{
 		&console.StringFlag{Name: "p12", Usage: "Name of the file containing the TLS certificate to use in p12 format"},
 		&console.BoolFlag{Name: "no-tls", Usage: "Use HTTP instead of HTTPS"},
 		&console.BoolFlag{Name: "use-gzip", Usage: "Use GZIP"},
+		&console.StringFlag{
+			Name:  "tls-key-log-file",
+			Usage: "Destination for TLS master secrets in NSS key log format",
+		},
 	},
 	Action: func(c *console.Context) error {
 		ui := terminal.SymfonyStyle(terminal.Stdout, terminal.Stdin)
 
@@ -22,6 +22,7 @@ package http
 import (
 	"crypto/tls"
 	"fmt"
+	"io"
 	"net"
 	"net/http"
 	"os"
@@ -53,6 +54,7 @@ type Server struct {
 	Logger        zerolog.Logger
 	Appversion    string
 	UseGzip       bool
+	TlsKeyLogFile string
 
 	httpserver  *http.Server
 	httpsserver *http.Server
@@ -111,13 +113,24 @@ func (s *Server) Start(errChan chan error) (int, error) {
 		return port, errors.WithStack(err)
 	}
 
+	var keyLogWriter io.Writer
+	if s.TlsKeyLogFile != "" {
+		w, err := os.OpenFile(s.TlsKeyLogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
+		if err != nil {
+			return port, errors.WithStack(err)
+		}
+
+		keyLogWriter = w
+	}
+
 	s.httpsserver = &http.Server{
 		Handler: proxyHandler,
 		TLSConfig: &tls.Config{
 			PreferServerCipherSuites: true,
 			CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 			Certificates:             []tls.Certificate{cert},
 			NextProtos:               []string{"h2", "http/1.1"},
+			KeyLogWriter:             keyLogWriter,
 		},
 	}
 
 
@@ -41,10 +41,11 @@ type Config struct {
 	PKCS12        string `yaml:"p12"`
 	Logger        zerolog.Logger
 	AppVersion    string
-	AllowHTTP     bool `yaml:"allow_http"`
-	NoTLS         bool `yaml:"no_tls"`
-	Daemon        bool `yaml:"daemon"`
-	UseGzip       bool `yaml:"use_gzip"`
+	AllowHTTP     bool   `yaml:"allow_http"`
+	NoTLS         bool   `yaml:"no_tls"`
+	Daemon        bool   `yaml:"daemon"`
+	UseGzip       bool   `yaml:"use_gzip"`
+	TlsKeyLogFile string `yaml:"tls_key_log_file"`
 }
 
 type FileConfig struct {
@@ -104,10 +105,12 @@ func NewConfigFromContext(c *console.Context, projectDir string) (*Config, *File
 	if c.IsSet("daemon") {
 		config.Daemon = c.Bool("daemon")
 	}
-
 	if c.IsSet("use-gzip") {
 		config.UseGzip = c.Bool("use-gzip")
 	}
+	if c.IsSet("tls-key-log-file") {
+		config.TlsKeyLogFile = c.String("tls-key-log-file")
+	}
 
 	return config, fileConfig, nil
 }
 
@@ -62,6 +62,7 @@ func New(c *Config) (*Project, error) {
 			AllowHTTP:     c.AllowHTTP,
 			UseGzip:       c.UseGzip,
 			Appversion:    c.AppVersion,
+			TlsKeyLogFile: c.TlsKeyLogFile,
 		},
 	}
 	if err != nil {
Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ func New(c Config) (Project, error) {`
`62`	`62`	`AllowHTTP: c.AllowHTTP,`
`63`	`63`	`UseGzip: c.UseGzip,`
`64`	`64`	`Appversion: c.AppVersion,`
	`65`	`+ TlsKeyLogFile: c.TlsKeyLogFile,`
`65`	`66`	`},`
`66`	`67`	`}`
`67`	`68`	`if err != nil {`