Support SSLKEYLOGFILE environment variable for key logging (#245)
This commit is contained in:
Igor
GitHub
parent
cd242fe1ed
commit
127194b205
|
|
@ -408,12 +408,22 @@ func main() {
|
|||
}
|
||||
var creds credentials.TransportCredentials
|
||||
if !*plaintext {
|
||||
var err error
|
||||
creds, err = grpcurl.ClientTransportCredentials(*insecure, *cacert, *cert, *key)
|
||||
tlsConf, err := grpcurl.ClientTLSConfig(*insecure, *cacert, *cert, *key)
|
||||
if err != nil {
|
||||
fail(err, "Failed to configure transport credentials")
|
||||
fail(err, "Failed to create TLS config")
|
||||
}
|
||||
|
||||
sslKeylogFile := os.Getenv("SSLKEYLOGFILE")
|
||||
if sslKeylogFile != "" {
|
||||
w, err := os.OpenFile(sslKeylogFile, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
|
||||
if err != nil {
|
||||
fail(err, "Could not open SSLKEYLOGFILE %s", sslKeylogFile)
|
||||
}
|
||||
tlsConf.KeyLogWriter = w
|
||||
}
|
||||
|
||||
creds := credentials.NewTLS(tlsConf)
|
||||
|
||||
// can use either -servername or -authority; but not both
|
||||
if *serverName != "" && *authority != "" {
|
||||
if *serverName == *authority {
|
||||
|
|
|
|||
20
grpcurl.go
20
grpcurl.go
|
|
@ -508,11 +508,25 @@ func makeTemplate(md *desc.MessageDescriptor, path []*desc.MessageDescriptor) pr
|
|||
return dm
|
||||
}
|
||||
|
||||
// ClientTransportCredentials builds transport credentials for a gRPC client using the
|
||||
// ClientTransportCredentials is a helper function that constructs a TLS config with
|
||||
// the given properties (see ClientTLSConfig) and then constructs and returns gRPC
|
||||
// transport credentials using that config.
|
||||
//
|
||||
// Deprecated: Use grpcurl.ClientTLSConfig and credentials.NewTLS instead.
|
||||
func ClientTransportCredentials(insecureSkipVerify bool, cacertFile, clientCertFile, clientKeyFile string) (credentials.TransportCredentials, error) {
|
||||
tlsConf, err := ClientTLSConfig(insecureSkipVerify, cacertFile, clientCertFile, clientKeyFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return credentials.NewTLS(tlsConf), nil
|
||||
}
|
||||
|
||||
// ClientTLSConfig builds transport-layer config for a gRPC client using the
|
||||
// given properties. If cacertFile is blank, only standard trusted certs are used to
|
||||
// verify the server certs. If clientCertFile is blank, the client will not use a client
|
||||
// certificate. If clientCertFile is not blank then clientKeyFile must not be blank.
|
||||
func ClientTransportCredentials(insecureSkipVerify bool, cacertFile, clientCertFile, clientKeyFile string) (credentials.TransportCredentials, error) {
|
||||
func ClientTLSConfig(insecureSkipVerify bool, cacertFile, clientCertFile, clientKeyFile string) (*tls.Config, error) {
|
||||
var tlsConf tls.Config
|
||||
|
||||
if clientCertFile != "" {
|
||||
|
|
@ -542,7 +556,7 @@ func ClientTransportCredentials(insecureSkipVerify bool, cacertFile, clientCertF
|
|||
tlsConf.RootCAs = certPool
|
||||
}
|
||||
|
||||
return credentials.NewTLS(&tlsConf), nil
|
||||
return &tlsConf, nil
|
||||
}
|
||||
|
||||
// ServerTransportCredentials builds transport credentials for a gRPC server using the
|
||||
|
|
|
|||
Loading…
Reference in New Issue