astelm
/
grpcurl
mirror of https://github.com/fullstorydev/grpcurl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support SSLKEYLOGFILE environment variable for key logging (#245)

This commit is contained in:
Igor 2021-09-20 17:53:44 +02:00 committed by GitHub
parent cd242fe1ed
commit 127194b205
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cmd/grpcurl/grpcurl.go
View File

@ -408,12 +408,22 @@ func main() {
} }
var creds credentials.TransportCredentials var creds credentials.TransportCredentials
if !*plaintext { if !*plaintext {
var err error tlsConf, err := grpcurl.ClientTLSConfig(*insecure, *cacert, *cert, *key)
creds, err = grpcurl.ClientTransportCredentials(*insecure, *cacert, *cert, *key)
if err != nil { if err != nil {
fail(err, "Failed to configure transport credentials") fail(err, "Failed to create TLS config")
} }
sslKeylogFile := os.Getenv("SSLKEYLOGFILE")
if sslKeylogFile != "" {
w, err := os.OpenFile(sslKeylogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
if err != nil {
fail(err, "Could not open SSLKEYLOGFILE %s", sslKeylogFile)
}
tlsConf.KeyLogWriter = w
}
creds := credentials.NewTLS(tlsConf)
// can use either -servername or -authority; but not both // can use either -servername or -authority; but not both
if *serverName != "" && *authority != "" { if *serverName != "" && *authority != "" {
if *serverName == *authority { if *serverName == *authority {

20
grpcurl.go
View File

@ -508,11 +508,25 @@ func makeTemplate(md *desc.MessageDescriptor, path []*desc.MessageDescriptor) pr
return dm return dm
} }
// ClientTransportCredentials builds transport credentials for a gRPC client using the // ClientTransportCredentials is a helper function that constructs a TLS config with
// the given properties (see ClientTLSConfig) and then constructs and returns gRPC
// transport credentials using that config.
//
// Deprecated: Use grpcurl.ClientTLSConfig and credentials.NewTLS instead.
func ClientTransportCredentials(insecureSkipVerify bool, cacertFile, clientCertFile, clientKeyFile string) (credentials.TransportCredentials, error) {
tlsConf, err := ClientTLSConfig(insecureSkipVerify, cacertFile, clientCertFile, clientKeyFile)
if err != nil {
return nil, err
}
return credentials.NewTLS(tlsConf), nil
}
// ClientTLSConfig builds transport-layer config for a gRPC client using the
// given properties. If cacertFile is blank, only standard trusted certs are used to // given properties. If cacertFile is blank, only standard trusted certs are used to
// verify the server certs. If clientCertFile is blank, the client will not use a client // verify the server certs. If clientCertFile is blank, the client will not use a client
// certificate. If clientCertFile is not blank then clientKeyFile must not be blank. // certificate. If clientCertFile is not blank then clientKeyFile must not be blank.
func ClientTransportCredentials(insecureSkipVerify bool, cacertFile, clientCertFile, clientKeyFile string) (credentials.TransportCredentials, error) { func ClientTLSConfig(insecureSkipVerify bool, cacertFile, clientCertFile, clientKeyFile string) (*tls.Config, error) {
var tlsConf tls.Config var tlsConf tls.Config
if clientCertFile != "" { if clientCertFile != "" {
@ -542,7 +556,7 @@ func ClientTransportCredentials(insecureSkipVerify bool, cacertFile, clientCertF
tlsConf.RootCAs = certPool tlsConf.RootCAs = certPool
} }
return credentials.NewTLS(&tlsConf), nil return &tlsConf, nil
} }
// ServerTransportCredentials builds transport credentials for a gRPC server using the // ServerTransportCredentials builds transport credentials for a gRPC server using the