Add "enableMasterKeyLog" in TLS config

Turn on the debug option for Wireshark to decrypt traffic
XTLS · Nov 26, 2023 · a3e31c3 · xqzr · Nov 26, 2023 · xqzr
1 parent 2570855
commit a3e31c3
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 12 deletions.
diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go
@@ -357,6 +357,7 @@ type TLSConfig struct {
 	RejectUnknownSNI                     bool             `json:"rejectUnknownSni"`
 	PinnedPeerCertificateChainSha256     *[]string        `json:"pinnedPeerCertificateChainSha256"`
 	PinnedPeerCertificatePublicKeySha256 *[]string        `json:"pinnedPeerCertificatePublicKeySha256"`
+	EnableMasterKeyLog                   bool             `json:"enableMasterKeyLog"`
 }
 
 // Build implements Buildable.
@@ -412,6 +413,8 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 		}
 	}
 
+	config.EnableMasterKeyLog = c.EnableMasterKeyLog
+
 	return config, nil
 }
 

diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go
diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go
@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
+	"os"
 	"strings"
 	"sync"
 	"time"
@@ -364,6 +365,11 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 
 	config.PreferServerCipherSuites = c.PreferServerCipherSuites
 
+	if (c.EnableMasterKeyLog) {
+		writer, _ := os.OpenFile("master.log", os.O_CREATE|os.O_RDWR|os.O_APPEND, 0644)
+		config.KeyLogWriter = writer
+	}
+
 	return config
 }
 

diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go
diff --git a/transport/internet/tls/config.proto b/transport/internet/tls/config.proto
@@ -83,4 +83,6 @@ message Config {
      @Critical
   */
   repeated bytes pinned_peer_certificate_public_key_sha256 = 14;
+
+  bool enable_master_key_log = 15;
 }