derp/derphttp: support standard-ish SSLKEYLOGFILE environment variable

For debugging.
reviewable/pr687/r2
Brad Fitzpatrick 4 years ago
parent 862d223c39
commit 287522730d

@ -18,9 +18,11 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"log"
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
"os"
"sync" "sync"
"time" "time"
@ -365,6 +367,14 @@ func (c *Client) tlsClient(nc net.Conn, node *tailcfg.DERPNode) *tls.Conn {
tlsdial.SetConfigExpectedCert(tlsConf, node.CertName) tlsdial.SetConfigExpectedCert(tlsConf, node.CertName)
} }
} }
if n := os.Getenv("SSLKEYLOGFILE"); n != "" {
f, err := os.OpenFile(n, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
if err != nil {
log.Fatal(err)
}
log.Printf("WARNING: writing to SSLKEYLOGFILE %v", n)
tlsConf.KeyLogWriter = f
}
return tls.Client(nc, tlsConf) return tls.Client(nc, tlsConf)
} }

Loading…
Cancel
Save