From a2b0e9ef6a54c51ca8dd376b8528c845524ddd21 Mon Sep 17 00:00:00 2001 From: Alba Mendez Date: Sat, 11 May 2019 23:07:06 +0200 Subject: [PATCH] tls: expose keylog event on TLSSocket Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event that is emitted on clients and servers. This enables easy debugging of TLS connections with i.e. Wireshark, which is a long-requested feature. PR-URL: https://github.com/nodejs/node/pull/27654 Backport-PR-URL: https://github.com/nodejs/node/pull/31582 Refs: https://github.com/nodejs/node/issues/2363 Reviewed-By: Anna Henningsen Reviewed-By: James M Snell Reviewed-By: Ben Noordhuis Reviewed-By: Sam Roberts Reviewed-By: Rich Trott --- doc/api/tls.md | 49 +++++++++++++++++++++++++ lib/_tls_wrap.js | 30 +++++++++++++++ src/env.h | 1 + src/node_crypto.cc | 17 +++++++++ src/node_crypto.h | 1 + src/tls_wrap.cc | 11 ++++++ src/tls_wrap.h | 2 + test/parallel/test-tls-keylog-tlsv12.js | 34 +++++++++++++++++ 8 files changed, 145 insertions(+) create mode 100644 test/parallel/test-tls-keylog-tlsv12.js diff --git a/doc/api/tls.md b/doc/api/tls.md index 1d81d4c3a62184..2f564dbe25da14 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -299,6 +299,34 @@ added: v0.3.2 The `tls.Server` class is a subclass of `net.Server` that accepts encrypted connections using TLS or SSL. +### Event: 'keylog' + + +* `line` {Buffer} Line of ASCII text, in NSS `SSLKEYLOGFILE` format. +* `tlsSocket` {tls.TLSSocket} The `tls.TLSSocket` instance on which it was + generated. + +The `keylog` event is emitted when key material is generated or received by +a connection to this server (typically before handshake has completed, but not +necessarily). This keying material can be stored for debugging, as it allows +captured TLS traffic to be decrypted. It may be emitted multiple times for +each socket. + +A typical use case is to append received lines to a common text file, which +is later used by software (such as Wireshark) to decrypt the traffic: + +```js +const logFile = fs.createWriteStream('/tmp/ssl-keys.log', { flags: 'a' }); +// ... +server.on('keylog', (line, tlsSocket) => { + if (tlsSocket.remoteAddress !== '...') + return; // Only log keys for a particular IP + logFile.write(line); +}); +``` + ### Event: 'newSession' + +* `line` {Buffer} Line of ASCII text, in NSS `SSLKEYLOGFILE` format. + +The `keylog` event is emitted on a client `tls.TLSSocket` when key material +is generated or received by the socket. This keying material can be stored +for debugging, as it allows captured TLS traffic to be decrypted. It may +be emitted multiple times, before or after the handshake completes. + +A typical use case is to append received lines to a common text file, which +is later used by software (such as Wireshark) to decrypt the traffic: + +```js +const logFile = fs.createWriteStream('/tmp/ssl-keys.log', { flags: 'a' }); +// ... +tlsSocket.on('keylog', (line) => logFile.write(line)); +``` + ### Event: 'OCSPResponse'