sslutil: add support for SSLKEYLOGFILE to wrapsocket
I recently learned of a Firefox/Chrome feature that allows
wiresharking otherwise-TLS'd network connections. Gloriously, there's
a pypi module that enables this same feature on Python, so let's add
support for it to Mercurial in case we need to wireshark some HTTPs
connections.
Differential Revision: https://phab.mercurial-scm.org/D6343
--- a/mercurial/sslutil.py Sun May 05 17:04:48 2019 +0100
+++ b/mercurial/sslutil.py Sat May 04 23:31:42 2019 -0400
@@ -16,6 +16,7 @@
from .i18n import _
from . import (
+ encoding,
error,
node,
pycompat,
@@ -348,6 +349,17 @@
if not serverhostname:
raise error.Abort(_('serverhostname argument is required'))
+ if b'SSLKEYLOGFILE' in encoding.environ:
+ try:
+ import sslkeylog
+ sslkeylog.set_keylog(pycompat.fsdecode(
+ encoding.environ[b'SSLKEYLOGFILE']))
+ ui.warn(
+ b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n')
+ except ImportError:
+ ui.warn(b'sslkeylog module missing, '
+ b'but SSLKEYLOGFILE set in environment\n')
+
for f in (keyfile, certfile):
if f and not os.path.exists(f):
raise error.Abort(