Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SSLKEYLOGFILE in Release builds #100665

Merged
merged 8 commits into from
Apr 10, 2024
Merged

Conversation

rzikm
Copy link
Member

@rzikm rzikm commented Apr 5, 2024

Closes #37915.

This PR unifies existing SSLKEYLOGFILE exporting between SslStream and QuicConnection to use same shared code, and enables the feature in Release builds of libraries. This makes the feature available to consumers without needing to compile Debug builds of .NET Runtime.

Note that the SSLKEYLOGFILE feature is currently supported for:

OS SslStream QuicConnection
Windows Not possible Yes
Linux Yes Yes
OSX Not possible? Yes*

*MsQuic is not yet officially supported on OSX, but once it is, no changes should be necessary from .NET side.

For security concerns, in addition to setting SSLKEYLOGFILE environment variable, setting System.Net.EnableSslKeyLogging AppContext switch to true is required. This can be done either via code

AppContext.SetSwitch("System.Net.EnableSslKeyLogging", true);

or via {project}.runtimeconfig.json

{
  "runtimeOptions": {
    "configProperties": {
      "System.Net.EnableSslKeyLogging": true
    }
  }
}

Debug runtime libraires (= local development builds of .NET Runtime) don't require the AppContext switch for the feature.

Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo few small comments. Thank you!

Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general.

@rzikm
Copy link
Member Author

rzikm commented Apr 10, 2024

CI Failures are unrelated

@rzikm rzikm merged commit 39b4878 into dotnet:main Apr 10, 2024
83 of 87 checks passed
matouskozak pushed a commit to matouskozak/runtime that referenced this pull request Apr 30, 2024
* Allow SSLKEYLOGFILE functionality in Release builds

* Unify SSLKEYLOGFILE logging, gate behind AppContextSwitch

* Add more points where QUIC secrets are logged

* Enable in Debug builds without appctx switch

* Update src/libraries/System.Net.Quic/src/System.Net.Quic.csproj

Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>

* Code review feedback

* More code review changes

* i����Adjust appctx switch name

---------

Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>
@github-actions github-actions bot locked and limited conversation to collaborators May 12, 2024
@karelz karelz added this to the 9.0.0 milestone May 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support SSLKEYLOGFILE in SslStream
4 participants