diff options
| author | Sam Roberts <vieuxtech@gmail.com> | 2019-10-21 20:44:20 -0700 |
|---|---|---|
| committer | Sam Roberts <vieuxtech@gmail.com> | 2019-11-20 08:00:02 -0800 |
| commit | 80efb80f3f9dffb412aa1a41ab36c843c90c60e5 (patch) | |
| tree | 79e7db50520582e1c5c9a33b49265333b4a10287 /test/parallel | |
| parent | f4ea9189501743797d1ab8f5ed07027dd71f59bd (diff) | |
| download | android-node-v8-80efb80f3f9dffb412aa1a41ab36c843c90c60e5.tar.gz android-node-v8-80efb80f3f9dffb412aa1a41ab36c843c90c60e5.tar.bz2 android-node-v8-80efb80f3f9dffb412aa1a41ab36c843c90c60e5.zip | |
tls: cli option to enable TLS key logging to file
Debugging HTTPS or TLS connections from a Node.js app with (for example)
Wireshark is unreasonably difficult without the ability to get the TLS
key log. In theory, the application can be modified to use the
`'keylog'` event directly, but for complex apps, or apps that define
there own HTTPS Agent (like npm), this is unreasonably difficult.
Use of the option triggers a warning to be emitted so the user is
clearly notified of what is happening and its effect.
PR-URL: https://github.com/nodejs/node/pull/30055
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test/parallel')
| -rw-r--r-- | test/parallel/test-tls-enable-keylog-cli.js | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/test/parallel/test-tls-enable-keylog-cli.js b/test/parallel/test-tls-enable-keylog-cli.js new file mode 100644 index 0000000000..5d05069b15 --- /dev/null +++ b/test/parallel/test-tls-enable-keylog-cli.js @@ -0,0 +1,57 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) common.skip('missing crypto'); +const fixtures = require('../common/fixtures'); + +// Test --tls-keylog CLI flag. + +const assert = require('assert'); +const path = require('path'); +const fs = require('fs'); +const { fork } = require('child_process'); + +if (process.argv[2] === 'test') + return test(); + +const tmpdir = require('../common/tmpdir'); +tmpdir.refresh(); +const file = path.resolve(tmpdir.path, 'keylog.log'); + +const child = fork(__filename, ['test'], { + execArgv: ['--tls-keylog=' + file] +}); + +child.on('close', common.mustCall((code, signal) => { + assert.strictEqual(code, 0); + assert.strictEqual(signal, null); + const log = fs.readFileSync(file, 'utf8'); + assert(/SECRET/.test(log)); +})); + +function test() { + const { + connect, keys + } = require(fixtures.path('tls-connect')); + + connect({ + client: { + checkServerIdentity: (servername, cert) => { }, + ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, + }, + server: { + cert: keys.agent6.cert, + key: keys.agent6.key + }, + }, common.mustCall((err, pair, cleanup) => { + if (pair.server.err) { + console.trace('server', pair.server.err); + } + if (pair.client.err) { + console.trace('client', pair.client.err); + } + assert.ifError(pair.server.err); + assert.ifError(pair.client.err); + + return cleanup(); + })); +} |