SSLKEYLOGFILE env variable is used to dump SSL master key for debug

purpose
natesales · May 11, 2023 · e6452a2 · e6452a2
1 parent cdf34dd
commit e6452a2
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/main.go b/main.go
@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/url"
 	"os"
 	"reflect"
@@ -521,6 +522,18 @@ All long form (--) flags can be toggled with the dig-standard +[no]flag notation
 		opts.Class = dns.ClassCHAOS
 	}
 
+	var keyLog io.Writer
+
+	if klf := os.Getenv("SSLKEYLOGFILE"); klf != "" {
+
+		log.Warnf("SSLKEYLOGFILE is set! TLS master secrets will be logged.");
+
+		keyLog, err = os.OpenFile(klf, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666)
+		if err != nil {
+			return fmt.Errorf("unable to open SSLKEYLOGFILE: %s %s", klf, err)
+		}
+	}
+
 	// Create TLS config
 	tlsConfig := &tls.Config{
 		InsecureSkipVerify: opts.TLSNoVerify,
@@ -529,6 +542,7 @@ All long form (--) flags can be toggled with the dig-standard +[no]flag notation
 		MaxVersion:         tlsVersion(opts.TLSMaxVersion, tls.VersionTLS13),
 		NextProtos:         opts.TLSNextProtos,
 		CipherSuites:       parseTLSCipherSuites(opts.TLSCipherSuites),
+		KeyLogWriter:       keyLog,
 	}
 
 	var rrTypesSlice []uint16