sslutil: add support for SSLKEYLOGFILE to wrapsocket
authorAugie Fackler <augie@google.com>
Sat, 04 May 2019 23:31:42 -0400
changeset 42269 c8d55ff80da1
parent 42268 af13e2088f77
child 42270 19b95afb0c01
sslutil: add support for SSLKEYLOGFILE to wrapsocket I recently learned of a Firefox/Chrome feature that allows wiresharking otherwise-TLS'd network connections. Gloriously, there's a pypi module that enables this same feature on Python, so let's add support for it to Mercurial in case we need to wireshark some HTTPs connections. Differential Revision: https://phab.mercurial-scm.org/D6343
mercurial/sslutil.py
--- a/mercurial/sslutil.py	Sun May 05 17:04:48 2019 +0100
+++ b/mercurial/sslutil.py	Sat May 04 23:31:42 2019 -0400
@@ -16,6 +16,7 @@
 
 from .i18n import _
 from . import (
+    encoding,
     error,
     node,
     pycompat,
@@ -348,6 +349,17 @@
     if not serverhostname:
         raise error.Abort(_('serverhostname argument is required'))
 
+    if b'SSLKEYLOGFILE' in encoding.environ:
+        try:
+            import sslkeylog
+            sslkeylog.set_keylog(pycompat.fsdecode(
+                encoding.environ[b'SSLKEYLOGFILE']))
+            ui.warn(
+                b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n')
+        except ImportError:
+            ui.warn(b'sslkeylog module missing, '
+                    b'but SSLKEYLOGFILE set in environment\n')
+
     for f in (keyfile, certfile):
         if f and not os.path.exists(f):
             raise error.Abort(