# HG changeset patch
# User Augie Fackler <augie@google.com>
# Date 1557027102 14400
# Node ID c8d55ff80da1675edf7f2046f67d658f9169aa00
# Parent  af13e2088f77203ee6494becfd730743dc97bebc
sslutil: add support for SSLKEYLOGFILE to wrapsocket

I recently learned of a Firefox/Chrome feature that allows
wiresharking otherwise-TLS'd network connections. Gloriously, there's
a pypi module that enables this same feature on Python, so let's add
support for it to Mercurial in case we need to wireshark some HTTPs
connections.

Differential Revision: https://phab.mercurial-scm.org/D6343

diff -r af13e2088f77 -r c8d55ff80da1 mercurial/sslutil.py
--- a/mercurial/sslutil.py	Sun May 05 17:04:48 2019 +0100
+++ b/mercurial/sslutil.py	Sat May 04 23:31:42 2019 -0400
@@ -16,6 +16,7 @@
 
 from .i18n import _
 from . import (
+    encoding,
     error,
     node,
     pycompat,
@@ -348,6 +349,17 @@
     if not serverhostname:
         raise error.Abort(_('serverhostname argument is required'))
 
+    if b'SSLKEYLOGFILE' in encoding.environ:
+        try:
+            import sslkeylog
+            sslkeylog.set_keylog(pycompat.fsdecode(
+                encoding.environ[b'SSLKEYLOGFILE']))
+            ui.warn(
+                b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n')
+        except ImportError:
+            ui.warn(b'sslkeylog module missing, '
+                    b'but SSLKEYLOGFILE set in environment\n')
+
     for f in (keyfile, certfile):
         if f and not os.path.exists(f):
             raise error.Abort(