Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DTLS KeyLog configuration option in WebRTC API #2522

Merged
merged 1 commit into from
Jul 31, 2023
Merged

Add DTLS KeyLog configuration option in WebRTC API #2522

merged 1 commit into from
Jul 31, 2023

Conversation

npmenard
Copy link
Contributor

Description

Add an option in the setting engine to log TLS key material when a DTLS connection is established with a peer. The option exists in pion/dtls but is not easily accessible. A user would use it very similarly to the crypto/tls package :

...
if keyLog := os.Getenv("SSLKEYLOGFILE"); len(keyLog) != 0 {
		w, _ := os.OpenFile(keyLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
		settingEngine.SetDTLSKeyLogWriter(w)
}
...

This is somewhat related to pion/interceptor#251 as it lets a user use Wireshark or a similar tools to capture and decrypt a particular session.

edaniels
edaniels approved these changes Jul 31, 2023
View reviewed changes
Copy link
Member

@edaniels edaniels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Just one change to make.

settingengine.go Outdated
@@ -422,6 +423,12 @@ func (e *SettingEngine) SetDTLSRootCAs(rootCAs *x509.CertPool) {
e.dtls.rootCAs = rootCAs
}

// SetDTLSKeyLogWriter sets the destination of the TLS key material for debugging.
// Logging key material compromise security and should only be use for debugging.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Logging key material compromise security and should only be use for debugging.
// Logging key material compromises security and should only be use for debugging.

@codecov
Copy link

codecov bot commented Jul 31, 2023
edited
Loading

Codecov Report

Patch coverage: 33.33% and project coverage change: -0.24% ⚠️

Comparison is base (457ff6c) 77.83% compared to head (b969610) 77.59%.

❗ Current head b969610 differs from pull request most recent head dfce290. Consider uploading reports for the commit dfce290 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    pion/webrtc#2522      +/-   ##
==========================================
- Coverage   77.83%   77.59%   -0.24%     
==========================================
  Files          87       87              
  Lines        9357     9360       +3     
==========================================
- Hits         7283     7263      -20     
- Misses       1646     1665      +19     
- Partials      428      432       +4
Flag Coverage Δ
go 79.35% <33.33%> (-0.27%) ⬇️
wasm 70.15% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
settingengine.go 50.00% <0.00%> (-0.95%) ⬇️
dtlstransport.go 63.69% <100.00%> (+0.10%) ⬆️

... and 3 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@npmenard
Add DTLS KeyLog configuration option in WebRTC API
dfce290 
Add an option in the setting engine to log TLS key material when a
DTLS connection is established with a peer.
The option exists in pion/dtls but is not easily accessible
@edaniels edaniels merged commit 448f4ba into pion:master Jul 31, 2023
17 of 18 checks passed
@Sean-Der
Copy link
Member

This is really cool @npmenard

If you are interested I would like to make a post on using this! Debugging WebRTC is hard, this is a lot easier then the alternative.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edaniels edaniels edaniels approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@npmenard @Sean-Der @edaniels