From d481424c83358cfb7991f1d9a995f5da1f1c8b34 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Wed, 13 Feb 2019 14:54:07 -0800 Subject: [PATCH] tls: allow enabling the TLS debug trace Enable the same trace output that the OpenSSL s_client and s_server support with their `-trace` option. This is invaluable when debugging reports of TLS bugs as well as when debugging the internal TLS implementation. See: - https://github.com/nodejs/node/issues/25383 - https://github.com/nodejs/node/issues/17936 - https://github.com/postmanlabs/postman-app-support/issues/5918#issuecomment-465311423 --- doc/api/tls.md | 18 ++++++++ lib/_tls_wrap.js | 13 ++++++ src/tls_wrap.cc | 26 ++++++++++++ src/tls_wrap.h | 1 + test/parallel/test-tls-enable-trace.js | 58 ++++++++++++++++++++++++++ 5 files changed, 116 insertions(+) create mode 100644 test/parallel/test-tls-enable-trace.js diff --git a/doc/api/tls.md b/doc/api/tls.md index 6a834c65ff3012..228de3979474e3 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -725,6 +725,19 @@ added: v8.4.0 Disables TLS renegotiation for this `TLSSocket` instance. Once called, attempts to renegotiate will trigger an `'error'` event on the `TLSSocket`. +### tlsSocket.enableTrace() + + +When enabled, TLS packet trace information is written to `stderr`. This can be +used to debug TLS connection problems. + +Note: The format of the output is identical to the output of `openssl s_client +-trace` or `openssl s_server -trace`. While it is produced by OpenSSL's +`SSL_trace()` function, the format is undocumented, can change without notice, +and should not be relied on. + ### tlsSocket.encrypted