From 0edc21d2d20c5eaf3cb0d22ded2e4d8588769734 Mon Sep 17 00:00:00 2001 From: Will Hawkins Date: Tue, 15 Mar 2022 21:08:03 -0400 Subject: Major update: SSL Key Logging, HTTP2 support This is a "How was this ever working?" update. 1. As it turns out, when you customize a Transport for an http.Client, the transport is 'naturally' an HTTP1 transport. To make it connect via HTTP2, you must use an http2.Transport from the golang.org/x/net/http2 package. 2. Add support for logging TLS per-session keys in order to aid debugging. --- lbc/lbc.go | 54 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 23 deletions(-) (limited to 'lbc/lbc.go') diff --git a/lbc/lbc.go b/lbc/lbc.go index 65f2589..a17d1ee 100644 --- a/lbc/lbc.go +++ b/lbc/lbc.go @@ -16,11 +16,15 @@ package lbc import ( "context" + "crypto/tls" "fmt" "io" "io/ioutil" "net/http" "sync/atomic" + + "github.com/hawkinsw/goresponsiveness/utilities" + "golang.org/x/net/http2" ) var chunkSize int = 5000 @@ -38,6 +42,7 @@ type LoadBearingConnectionDownload struct { client *http.Client debug bool valid bool + KeyLogger io.Writer } func (lbd *LoadBearingConnectionDownload) Transferred() uint64 { @@ -69,27 +74,19 @@ func (cr *countingReader) Read(p []byte) (n int, err error) { func (lbd *LoadBearingConnectionDownload) Start(ctx context.Context, debug bool) bool { lbd.downloaded = 0 - transport := http.Transport{} + transport := http2.Transport{} + + if !utilities.IsInterfaceNil(lbd.KeyLogger) { + if debug { + fmt.Printf("Using an SSL Key Logger for this load-bearing download.\n") + } + transport.TLSClientConfig = &tls.Config{KeyLogWriter: lbd.KeyLogger, InsecureSkipVerify: true} + } + lbd.client = &http.Client{Transport: &transport} lbd.debug = debug lbd.valid = true - // At some point this might be useful: It is a snippet of code that will enable - // logging of per-session TLS key material in order to make debugging easier in - // Wireshark. - /* - lbd.client = &http.Client{ - Transport: &http2.Transport{ - TLSClientConfig: &tls.Config{ - KeyLogWriter: w, - - Rand: utilities.RandZeroSource{}, // for reproducible output; don't do this. - InsecureSkipVerify: true, // test server certificate is not trusted. - }, - }, - } - */ - if debug { fmt.Printf("Started a load-bearing download.\n") } @@ -116,11 +113,12 @@ func (lbd *LoadBearingConnectionDownload) doDownload(ctx context.Context) { } type LoadBearingConnectionUpload struct { - Path string - uploaded uint64 - client *http.Client - debug bool - valid bool + Path string + uploaded uint64 + client *http.Client + debug bool + valid bool + KeyLogger io.Writer } func (lbu *LoadBearingConnectionUpload) Transferred() uint64 { @@ -170,7 +168,17 @@ func (lbu *LoadBearingConnectionUpload) doUpload(ctx context.Context) bool { func (lbu *LoadBearingConnectionUpload) Start(ctx context.Context, debug bool) bool { lbu.uploaded = 0 - transport := http.Transport{} + transport := http2.Transport{} + + if !utilities.IsInterfaceNil(lbu.KeyLogger) { + if debug { + fmt.Printf("Using an SSL Key Logger for this load-bearing upload.\n") + } + transport.TLSClientConfig = &tls.Config{KeyLogWriter: lbu.KeyLogger, InsecureSkipVerify: true} + } + + lbu.client = &http.Client{Transport: &transport} + lbu.client = &http.Client{Transport: &transport} lbu.debug = debug lbu.valid = true -- cgit v1.2.3