Mercurial: mercurial/sslutil.py comparison

comparison mercurial/sslutil.py @ 42269:c8d55ff80da1

sslutil: add support for SSLKEYLOGFILE to wrapsocket I recently learned of a Firefox/Chrome feature that allows wiresharking otherwise-TLS'd network connections. Gloriously, there's a pypi module that enables this same feature on Python, so let's add support for it to Mercurial in case we need to wireshark some HTTPs connections. Differential Revision: https://phab.mercurial-scm.org/D6343

author	Augie Fackler <augie@google.com>
date	Sat, 04 May 2019 23:31:42 -0400
parents	ce5f1232631f
children	2372284d9457

comparison

equal deleted inserted replaced

-:af13e2088f77
+:c8d55ff80da1
 import re
 import ssl
 from .i18n import _
 from . import (
+encoding,
 error,
 node,
 pycompat,
 util,
 )
 server (and client) support SNI, this tells the server which certificate
 to use.
 """
 if not serverhostname:
 raise error.Abort(_('serverhostname argument is required'))
+if b'SSLKEYLOGFILE' in encoding.environ:
+try:
+import sslkeylog
+sslkeylog.set_keylog(pycompat.fsdecode(
+encoding.environ[b'SSLKEYLOGFILE']))
+ui.warn(
+b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n')
+except ImportError:
+ui.warn(b'sslkeylog module missing, '
+b'but SSLKEYLOGFILE set in environment\n')
 for f in (keyfile, certfile):
 if f and not os.path.exists(f):
 raise error.Abort(
 _('certificate file (%s) does not exist; cannot connect to %s')

Mercurial > hg

comparison mercurial/sslutil.py @ 42269:c8d55ff80da1