tls: expose keylog event on TLSSocket by mildsunrise · Pull Request #27654 · nodejs/node

mildsunrise · 2019-05-11T22:01:56Z

This exposes SSL_CTX_set_keylog_callback as a keylog event that is emitted on tls.TLSSocket and tls.Server. It enables easy debugging of TLS connections with software like Wireshark, see #2363.

SSL_CTX_set_keylog_callback is only invoked when the keylog event is actually subscribed, so this shouldn't affect performance otherwise. The implementation is pretty similar to the session event. This is my first PR, I think I'm not forgetting anything :)

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

addaleax

This is a really nice first contribution :)

nodejs-github-bot · 2019-05-11T22:08:35Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23052/

mildsunrise · 2019-05-11T22:14:20Z

Thanks! :)

test/parallel/test-tls-keylog-tlsv13.js

doc/api/tls.md

sam-github

A lot of people have been asking for this feature, including me! Its great, thank you. A couple suggestions made.

lib/_tls_wrap.js

test/parallel/test-tls-keylog-tlsv13.js

bnoordhuis

This change conflicts with #18896 because it leaves key data in the JS heap.

I guess the C++ code could be changed to create a String::ExternalOneByteStringResource that points to mlocked/madvised memory outside the heap but that's unreliable. For example, String#slice() might copy the memory back to the JS heap.

It would be better to emit a Buffer. That way Node has complete control over where and how the memory is allocated.

src/node_crypto.cc

nodejs-github-bot · 2019-05-12T12:22:33Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23059/

doc/api/tls.md

lib/_tls_wrap.js

bnoordhuis

Thanks, LGTM with a suggestion.

CI: https://ci.nodejs.org/job/node-test-pull-request/23105/

doc/api/tls.md

nodejs-github-bot · 2019-05-14T09:15:00Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23105/

nodejs-github-bot · 2019-05-14T15:57:15Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23109/

sam-github · 2019-05-14T17:55:15Z

We can squash the commits as they land, or you can do it now, and force push. As you wish. What is your preference?

Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event that is emitted on clients and servers. This enables easy debugging of TLS connections with i.e. Wireshark, which is a long-requested feature. Refs: nodejs#2363

mildsunrise · 2019-05-14T18:44:09Z

I have no specific preference ^^ I've squashed if it's more convenient to you

nodejs-github-bot · 2019-05-14T18:47:27Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23110/

nodejs-github-bot · 2019-05-14T22:15:17Z

CI: https://ci.nodejs.org/job/node-test-pull-request/23120/

danbev · 2019-05-15T03:41:22Z

Landed in 53bef42 🎉

Notable changes: * process: * Log errors using `util.inspect` in case of fatal exceptions (Ruben Bridgewater) #27243 * repl: * Add `process.on('uncaughtException')` support (Ruben Bridgewater) #27151 * stream: * Implemented `Readable.from` async iterator utility (Guy Bedford) #27660 * tls: * Expose built-in root certificates (Ben Noordhuis) #26415 * Support `net.Server` options (Luigi Pinca) #27665 * Expose `keylog` event on TLSSocket (Alba Mendez) #27654 * worker: * Added the ability to unshift messages from the `MessagePort` (Anna Henningsen) #27294

Notable changes: * esm: * Added the `--experimental-wasm-modules` flag to support WebAssembly modules (Myles Borins & Guy Bedford) #27659 * process: * Log errors using `util.inspect` in case of fatal exceptions (Ruben Bridgewater) #27243 * repl: * Add `process.on('uncaughtException')` support (Ruben Bridgewater) #27151 * stream: * Implemented `Readable.from` async iterator utility (Guy Bedford) #27660 * tls: * Expose built-in root certificates (Ben Noordhuis) #26415 * Support `net.Server` options (Luigi Pinca) #27665 * Expose `keylog` event on TLSSocket (Alba Mendez) #27654 * worker: * Added the ability to unshift messages from the `MessagePort` (Anna Henningsen) #27294 PR-URL: #27799

Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event that is emitted on clients and servers. This enables easy debugging of TLS connections with i.e. Wireshark, which is a long-requested feature. PR-URL: nodejs#27654 Refs: nodejs#2363 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event that is emitted on clients and servers. This enables easy debugging of TLS connections with i.e. Wireshark, which is a long-requested feature. PR-URL: #27654 Backport-PR-URL: #31582 Refs: #2363 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>

Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - deps: - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - upgrade npm to 6.13.7 (Michael Perrotte) [#31558](#31558) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) PR-URL: #31984

Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - deps: - update npm to 6.14.3 (Myles Borins) [#32368](#32368) - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) PR-URL: #31984

Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - deps: - update npm to 6.14.3 (Myles Borins) [#32368](#32368) - upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](#32328) - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) - url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig) [#26226](#26226) PR-URL: #31984

Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - build: macOS package notarization (Rod Vagg) [#31459](#31459) - deps: - update npm to 6.14.3 (Myles Borins) [#32368](#32368) - upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](#32328) - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) - url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig) [#26226](#26226) PR-URL: #31984

Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - build: macOS package notarization (Rod Vagg) [#31459](#31459) - deps: - update npm to 6.14.3 (Myles Borins) [#32368](#32368) - upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](#32328) - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - define release 6 [#32058](#32058) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) - url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig) [#26226](#26226) PR-URL: #31984

macOS package notarization and a change in builder configuration The macOS binaries for this release, and future 10.x releases, are now being compiled on macOS 10.15 (Catalina) with Xcode 11 to support package notarization, a requirement for installing .pkg files on macOS 10.15 and later. Previous builds of Node.js 10.x were compiled on macOS 10.7 (Lion). As binaries are still being compiled to support a minimum of macOS 10.7 (Lion) we do not anticipate this having a negative impact on Node.js 10.x users with older versions of macOS. Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - build: macOS package notarization (Rod Vagg) [#31459](#31459) - deps: - update npm to 6.14.3 (Myles Borins) [#32368](#32368) - upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](#32328) - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - define release 6 [#32058](#32058) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) - url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig) [#26226](#26226) PR-URL: #31984

macOS package notarization and a change in builder configuration The macOS binaries for this release, and future 10.x releases, are now being compiled on macOS 10.15 (Catalina) with Xcode 11 to support package notarization, a requirement for installing .pkg files on macOS 10.15 and later. Previous builds of Node.js 10.x were compiled on macOS 10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion). As binaries are still being compiled to support a minimum of macOS 10.7 (Lion) we do not anticipate this having a negative impact on Node.js 10.x users with older versions of macOS. Notable changes: - buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc) [#19691](#19691) - build: macOS package notarization (Rod Vagg) [#31459](#31459) - deps: - update npm to 6.14.3 (Myles Borins) [#32368](#32368) - upgrade openssl sources to 1.1.1e (Hassaan Pasha) [#32328](#32328) - upgrade to libuv 1.34.2 (cjihrig) [#31477](#31477) - n-api: - add napi\_get\_all\_property\_names (himself65) [#30006](#30006) - add APIs for per-instance state management (Gabriel Schulhof) [#28682](#28682) - define release 6 [#32058](#32058) - turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen) [#26128](#26128) - tls: - expose keylog event on TLSSocket (Alba Mendez) [#27654](#27654) - support TLS min/max protocol defaults in CLI (Sam Roberts) [#27946](#27946) - url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig) [#26226](#26226) PR-URL: #31984

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. labels May 11, 2019

mildsunrise mentioned this pull request May 11, 2019

Support for TLS 1.3 kolontsov/node-sslkeylog#4

Closed

addaleax added semver-minor PRs that contain new features and should be released in the next minor version. tls Issues and PRs related to the tls subsystem. and removed lib / src Issues and PRs related to general changes in the lib or src directory. labels May 11, 2019

addaleax approved these changes May 11, 2019

View reviewed changes

addaleax reviewed May 11, 2019

View reviewed changes

test/parallel/test-tls-keylog-tlsv13.js Outdated Show resolved Hide resolved

test/parallel/test-tls-keylog-tlsv13.js Outdated Show resolved Hide resolved

mscdex reviewed May 12, 2019

View reviewed changes

doc/api/tls.md Outdated Show resolved Hide resolved

mscdex reviewed May 12, 2019

View reviewed changes

doc/api/tls.md Outdated Show resolved Hide resolved

sam-github reviewed May 12, 2019

View reviewed changes

bnoordhuis reviewed May 12, 2019

View reviewed changes

src/node_crypto.cc Outdated Show resolved Hide resolved

src/node_crypto.cc Outdated Show resolved Hide resolved

jasnell approved these changes May 12, 2019

View reviewed changes

bnoordhuis reviewed May 13, 2019

View reviewed changes

doc/api/tls.md Outdated Show resolved Hide resolved

doc/api/tls.md Outdated Show resolved Hide resolved

lib/_tls_wrap.js Outdated Show resolved Hide resolved

bnoordhuis approved these changes May 14, 2019

View reviewed changes

doc/api/tls.md Outdated Show resolved Hide resolved

sam-github approved these changes May 14, 2019

View reviewed changes

tls: expose keylog event on TLSSocket

06f1af5

Exposes SSL_CTX_set_keylog_callback in the form of a `keylog` event that is emitted on clients and servers. This enables easy debugging of TLS connections with i.e. Wireshark, which is a long-requested feature. Refs: nodejs#2363

mildsunrise force-pushed the feature/tls-keylog branch from 41d81e1 to 06f1af5 Compare May 14, 2019 18:43

addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 14, 2019

Trott approved these changes May 14, 2019

View reviewed changes

BridgeAR mentioned this pull request May 21, 2019

v12.3.0 proposal #27799

Merged

4 tasks

BethGriggs added the lts-watch-v10.x label Aug 20, 2019

BethGriggs added the backport-requested-v10.x label Oct 17, 2019

mildsunrise mentioned this pull request Jan 30, 2020

[v10.x] tls: expose keylog event on TLSSocket #31582

Closed

BethGriggs mentioned this pull request Mar 12, 2020

v10.20.0 proposal #31984

Merged

Uh oh!

Conversation

mildsunrise commented May 11, 2019

Checklist

Uh oh!

addaleax left a comment

Choose a reason for hiding this comment

Uh oh!

nodejs-github-bot commented May 11, 2019

Uh oh!

mildsunrise commented May 11, 2019

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sam-github left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bnoordhuis left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

nodejs-github-bot commented May 12, 2019

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bnoordhuis left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

nodejs-github-bot commented May 14, 2019

Uh oh!

nodejs-github-bot commented May 14, 2019

Uh oh!

sam-github commented May 14, 2019

Uh oh!

mildsunrise commented May 14, 2019

Uh oh!

nodejs-github-bot commented May 14, 2019

Uh oh!

nodejs-github-bot commented May 14, 2019

Uh oh!

danbev commented May 15, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants