Mercurial > hg-stable
changeset 42296:c8d55ff80da1
sslutil: add support for SSLKEYLOGFILE to wrapsocket
I recently learned of a Firefox/Chrome feature that allows
wiresharking otherwise-TLS'd network connections. Gloriously, there's
a pypi module that enables this same feature on Python, so let's add
support for it to Mercurial in case we need to wireshark some HTTPs
connections.
Differential Revision: https://phab.mercurial-scm.org/D6343
author | Augie Fackler <augie@google.com> |
---|---|
date | Sat, 04 May 2019 23:31:42 -0400 |
parents | af13e2088f77 |
children | 19b95afb0c01 |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 12 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Sun May 05 17:04:48 2019 +0100 +++ b/mercurial/sslutil.py Sat May 04 23:31:42 2019 -0400 @@ -16,6 +16,7 @@ from .i18n import _ from . import ( + encoding, error, node, pycompat, @@ -348,6 +349,17 @@ if not serverhostname: raise error.Abort(_('serverhostname argument is required')) + if b'SSLKEYLOGFILE' in encoding.environ: + try: + import sslkeylog + sslkeylog.set_keylog(pycompat.fsdecode( + encoding.environ[b'SSLKEYLOGFILE'])) + ui.warn( + b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n') + except ImportError: + ui.warn(b'sslkeylog module missing, ' + b'but SSLKEYLOGFILE set in environment\n') + for f in (keyfile, certfile): if f and not os.path.exists(f): raise error.Abort(