habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support SSLKEYLOGFILE

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-21 01:30:24 +02:00
parent 1575b96262
commit 1155ccb3e8
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/outpost/radius/eap/protocol/tls/payload.go
View File

@ -5,6 +5,7 @@ import (
"crypto/tls" "crypto/tls"
"encoding/binary" "encoding/binary"
"errors" "errors"
"os"
"slices" "slices"
"time" "time"
@ -156,6 +157,15 @@ func (p *Payload) tlsInit(ctx protocol.Context) {
p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second) p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second)
p.st.Conn = NewBuffConn(p.Data, p.st.Context) p.st.Conn = NewBuffConn(p.Data, p.st.Context)
cfg := ctx.ProtocolSettings().(Settings).Config.Clone() cfg := ctx.ProtocolSettings().(Settings).Config.Clone()
if klp, ok := os.LookupEnv("SSLKEYLOGFILE"); ok {
kl, err := os.OpenFile(klp, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
if err != nil {
panic(err)
}
cfg.KeyLogWriter = kl
}
cfg.GetConfigForClient = func(chi *tls.ClientHelloInfo) (*tls.Config, error) { cfg.GetConfigForClient = func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
ctx.Log().Debugf("TLS: ClientHello: %+v\n", chi) ctx.Log().Debugf("TLS: ClientHello: %+v\n", chi)
p.st.ClientHello = chi p.st.ClientHello = chi