From 287522730df991785c64456c029c1e66fd04e725 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Tue, 18 Aug 2020 19:23:29 -0700
Subject: [PATCH] derp/derphttp: support standard-ish SSLKEYLOGFILE environment
 variable

For debugging.
---
 derp/derphttp/derphttp_client.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/derp/derphttp/derphttp_client.go b/derp/derphttp/derphttp_client.go
index b26760893..f9c52f1ce 100644
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@@ -18,9 +18,11 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"log"
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"sync"
 	"time"
 
@@ -365,6 +367,14 @@ func (c *Client) tlsClient(nc net.Conn, node *tailcfg.DERPNode) *tls.Conn {
 			tlsdial.SetConfigExpectedCert(tlsConf, node.CertName)
 		}
 	}
+	if n := os.Getenv("SSLKEYLOGFILE"); n != "" {
+		f, err := os.OpenFile(n, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+		if err != nil {
+			log.Fatal(err)
+		}
+		log.Printf("WARNING: writing to SSLKEYLOGFILE %v", n)
+		tlsConf.KeyLogWriter = f
+	}
 	return tls.Client(nc, tlsConf)
 }