From 06f1af5c563416b6513edd071b7a1c68cc951804 Mon Sep 17 00:00:00 2001 From: Alba Mendez Date: Sat, 11 May 2019 23:07:06 +0200 Subject: [PATCH] tls: expose keylog event on TLSSocket Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event that is emitted on clients and servers. This enables easy debugging of TLS connections with i.e. Wireshark, which is a long-requested feature. Refs: https://github.com/nodejs/node/issues/2363 --- doc/api/tls.md | 49 +++++++++++++++++++++++++ lib/_tls_wrap.js | 32 +++++++++++++++- src/env.h | 1 + src/node_crypto.cc | 17 +++++++++ src/node_crypto.h | 1 + src/tls_wrap.cc | 10 +++++ src/tls_wrap.h | 2 + test/parallel/test-tls-keylog-tlsv13.js | 32 ++++++++++++++++ 8 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-keylog-tlsv13.js diff --git a/doc/api/tls.md b/doc/api/tls.md index 2c433fd50d3fec..867681d1d2a626 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -334,6 +334,34 @@ added: v0.3.2 The `tls.Server` class is a subclass of `net.Server` that accepts encrypted connections using TLS or SSL. +### Event: 'keylog' + + +* `line` {Buffer} Line of ASCII text, in NSS `SSLKEYLOGFILE` format. +* `tlsSocket` {tls.TLSSocket} The `tls.TLSSocket` instance on which it was + generated. + +The `keylog` event is emitted when key material is generated or received by +a connection to this server (typically before handshake has completed, but not +necessarily). This keying material can be stored for debugging, as it allows +captured TLS traffic to be decrypted. It may be emitted multiple times for +each socket. + +A typical use case is to append received lines to a common text file, which +is later used by software (such as Wireshark) to decrypt the traffic: + +```js +const logFile = fs.createWriteStream('/tmp/ssl-keys.log', { flags: 'a' }); +// ... +server.on('keylog', (line, tlsSocket) => { + if (tlsSocket.remoteAddress !== '...') + return; // Only log keys for a particular IP + logFile.write(line); +}); +``` + ### Event: 'newSession' + +* `line` {Buffer} Line of ASCII text, in NSS `SSLKEYLOGFILE` format. + +The `keylog` event is emitted on a client `tls.TLSSocket` when key material +is generated or received by the socket. This keying material can be stored +for debugging, as it allows captured TLS traffic to be decrypted. It may +be emitted multiple times, before or after the handshake completes. + +A typical use case is to append received lines to a common text file, which +is later used by software (such as Wireshark) to decrypt the traffic: + +```js +const logFile = fs.createWriteStream('/tmp/ssl-keys.log', { flags: 'a' }); +// ... +tlsSocket.on('keylog', (line) => logFile.write(line)); +``` + ### Event: 'OCSPResponse'