D6343: sslutil: add support for SSLKEYLOGFILE to wrapsocket

durin42 (Augie Fackler) phabricator at mercurial-scm.org
Sat May 4 23:42:28 EDT 2019


durin42 created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REVISION SUMMARY
  I recently learned of a Firefox/Chrome feature that allows
  wiresharking otherwise-TLS'd network connections. Gloriously, there's
  a pypi module that enables this same feature on Python, so let's add
  support for it to Mercurial in case we need to wireshark some HTTPs
  connections.

REPOSITORY
  rHG Mercurial

REVISION DETAIL
  https://phab.mercurial-scm.org/D6343

AFFECTED FILES
  mercurial/sslutil.py

CHANGE DETAILS

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -16,6 +16,7 @@
 
 from .i18n import _
 from . import (
+    encoding,
     error,
     node,
     pycompat,
@@ -348,6 +349,17 @@
     if not serverhostname:
         raise error.Abort(_('serverhostname argument is required'))
 
+    if b'SSLKEYLOGFILE' in encoding.environ:
+        try:
+            import sslkeylog
+            sslkeylog.set_keylog(pycompat.fsdecode(
+                encoding.environ[b'SSLKEYLOGFILE']))
+            ui.warn(
+                b'sslkeylog enabled by SSLKEYLOGFILE environment variable\n')
+        except ImportError:
+            ui.warn(b'sslkeylog module missing, '
+                    b'but SSLKEYLOGFILE set in environment\n')
+
     for f in (keyfile, certfile):
         if f and not os.path.exists(f):
             raise error.Abort(



To: durin42, #hg-reviewers
Cc: mercurial-devel


More information about the Mercurial-devel mailing list