sslkeylog: Allows toggling of SSL key logging on or off without restarting the application #3267
Conversation
|
Not sure I understand why env vars are "locked" by some other process.... env vars are local to each process, right? Do you mean that the file at the path given is what is locked? So you can (even on windows, presumably) set This idea of mandating what is in user pointers in the core code is not a good way to turn things on and off. Isn't it better to be able to set an option bit when you create the client wsi to indicate you want that particular connection to be logged? You can have a new vhost option bit as well to indicate that it should not default to logging everything because SSLKEYLOGFILE is set, and then a bit in the client info struct indicating that one should be logged. |
|
Just some gentle advice if you want to get your patch in, it's better to engage with what the project is saying about it. For your situation it might be preferable to ignore anything other than what you have done, but it leads to the patch only making sense for yourself. It is free software and you can add whatever you want on top yourself only without needing anyone's permission. But if you want the changes already included in lws, it has to make sense for the maintainer to explain how others should use it, and to look after the code if it later is involved in changes. |
|
@lws-team Thank you for the suggestions . Our use case involves handling all client logging on the server side, which is why we can’t make any modifications in the client wsi—it simply isn’t relevant for this setup. On the server, we have access to all connected client information, and if we need to log SSL keys for a specific client, we must disconnect it to achieve this. Many customer environments don’t allow restarting the application just to start a diagnostic session. By disconnecting the client and setting a flag based on user input, we’re able to implement the feature of selectively logging SSL keys for specific nodes. with respect to : Commit ID |
…r stop logging ssl keys
…user input bool flag for respective wsi
…user input bool flag for respective wsi
|
@lws-team Since all control resides on the server side, the wsi corresponding to a specific client is passed along with the flag value. This implementation avoids any pointer operations. Please let me know if further changes are required. If the updates are satisfactory, kindly merge the pull request. Thanks! |
@lws-team
Added Support for LWS_KEYLOGFILE with Dynamic SSL Key Logging :
Problem: In the existing SSL key log feature, the environment variable is set or unset only during
vhostinitialization, which requires the application to restart to start or stop diagnostic sessions. Many customer environments do not allow restarting the application solely to initiate a diagnostic session.Solution: To allow toggling of session key logging without restarting the application:
usr_ctx, If the flag is true, the environment variable file path is extracted and assigned tolws-keylog_file, starting the diagnostic session. If the flag is false, the existing flow continues. This enables dynamic toggling of SSL key logging.Note: The changes have been validated across multiple scenarios, confirming that the new functionality works without disrupting existing behavior.