Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SSLKEYLOGFILE in Release builds #100665

Merged
merged 8 commits into from
Apr 10, 2024
Merged

Support SSLKEYLOGFILE in Release builds #100665

merged 8 commits into from
Apr 10, 2024

Conversation

rzikm
Copy link
Member

@rzikm rzikm commented Apr 5, 2024
edited
Loading

Closes #37915.

This PR unifies existing SSLKEYLOGFILE exporting between SslStream and QuicConnection to use same shared code, and enables the feature in Release builds of libraries. This makes the feature available to consumers without needing to compile Debug builds of .NET Runtime.

Note that the SSLKEYLOGFILE feature is currently supported for:

OS SslStream QuicConnection
Windows Not possible Yes
Linux Yes Yes
OSX Not possible? Yes*

*MsQuic is not yet officially supported on OSX, but once it is, no changes should be necessary from .NET side.

For security concerns, in addition to setting SSLKEYLOGFILE environment variable, setting System.Net.EnableSslKeyLogging AppContext switch to true is required. This can be done either via code

AppContext.SetSwitch("System.Net.EnableSslKeyLogging", true);

or via {project}.runtimeconfig.json

{
  "runtimeOptions": {
    "configProperties": {
      "System.Net.EnableSslKeyLogging": true
    }
  }
}

Debug runtime libraires (= local development builds of .NET Runtime) don't require the AppContext switch for the feature.

@rzikm rzikm requested a review from a team April 5, 2024 10:43
ManickaP
ManickaP approved these changes Apr 5, 2024
View reviewed changes
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo few small comments. Thank you!

@rzikm @ManickaP
Update src/libraries/System.Net.Quic/src/System.Net.Quic.csproj
ad97210 
Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>
@build-analysis build-analysis bot mentioned this pull request Apr 5, 2024
Closed
wfurt
wfurt approved these changes Apr 5, 2024
View reviewed changes
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general.

@build-analysis build-analysis bot mentioned this pull request Apr 8, 2024
Open
3 tasks
This was referenced Apr 8, 2024
Closed
Closed
Open
This was referenced Apr 9, 2024
Open
Closed
@rzikm
Copy link
Member Author

rzikm commented Apr 10, 2024

CI Failures are unrelated

@rzikm rzikm merged commit 39b4878 into dotnet:main Apr 10, 2024
83 of 87 checks passed
matouskozak pushed a commit to matouskozak/runtime that referenced this pull request Apr 30, 2024
@rzikm @ManickaP @matouskozak
Support SSLKEYLOGFILE in Release builds (dotnet#100665)
3a64bf8 
* Allow SSLKEYLOGFILE functionality in Release builds

* Unify SSLKEYLOGFILE logging, gate behind AppContextSwitch

* Add more points where QUIC secrets are logged

* Enable in Debug builds without appctx switch

* Update src/libraries/System.Net.Quic/src/System.Net.Quic.csproj

Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>

* Code review feedback

* More code review changes

* i����Adjust appctx switch name

---------

Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>
@github-actions github-actions bot locked and limited conversation to collaborators May 12, 2024
@karelz karelz added this to the 9.0.0 milestone May 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ManickaP ManickaP ManickaP approved these changes

@wfurt wfurt wfurt approved these changes

Assignees

@rzikm rzikm

Labels
area-System.Net
Projects
None yet
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.

Support SSLKEYLOGFILE in SslStream
4 participants
@rzikm @ManickaP @wfurt @karelz