From afb789f14785d041c301a03b7229994e53c1600c Mon Sep 17 00:00:00 2001
From: Igor Wiedler <iwiedler@gitlab.com>
Date: Mon, 20 Sep 2021 14:34:07 +0200
Subject: [PATCH] Move SSLKEYLOGFILE logic to caller (main)

---
 cmd/grpcurl/grpcurl.go | 15 ++++++++++++---
 grpcurl.go             |  8 --------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/cmd/grpcurl/grpcurl.go b/cmd/grpcurl/grpcurl.go
index b0e69a9..71d8cc9 100644
--- a/cmd/grpcurl/grpcurl.go
+++ b/cmd/grpcurl/grpcurl.go
@@ -408,12 +408,21 @@ func main() {
 		}
 		var creds credentials.TransportCredentials
 		if !*plaintext {
-			var err error
-			creds, err = grpcurl.ClientTransportCredentials(*insecure, *cacert, *cert, *key)
+			tlsConf, err := grpcurl.ClientTLSConfig(*insecure, *cacert, *cert, *key)
 			if err != nil {
-				fail(err, "Failed to configure transport credentials")
+				fail(err, "Failed to configure TLS config")
 			}
 
+			if os.Getenv("SSLKEYLOGFILE") != "" {
+				w, err := os.OpenFile(os.Getenv("SSLKEYLOGFILE"), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
+				if err != nil {
+					fail(err, "Could not open SSLKEYLOGFILE: %v")
+				}
+				tlsConf.KeyLogWriter = w
+			}
+
+			creds := credentials.NewTLS(tlsConf)
+
 			// can use either -servername or -authority; but not both
 			if *serverName != "" && *authority != "" {
 				if *serverName == *authority {
diff --git a/grpcurl.go b/grpcurl.go
index 1320ffb..bcfe725 100644
--- a/grpcurl.go
+++ b/grpcurl.go
@@ -554,14 +554,6 @@ func ClientTLSConfig(insecureSkipVerify bool, cacertFile, clientCertFile, client
 		tlsConf.RootCAs = certPool
 	}
 
-	if os.Getenv("SSLKEYLOGFILE") != "" {
-		w, err := os.OpenFile(os.Getenv("SSLKEYLOGFILE"), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)
-		if err != nil {
-			return nil, fmt.Errorf("could not open SSLKEYLOGFILE: %v", err)
-		}
-		tlsConf.KeyLogWriter = w
-	}
-
 	return &tlsConf, nil
 }