Add DTLS KeyLog configuration option in WebRTC API

Add an option in the setting engine to log TLS key material when a DTLS connection is established with a peer. The option exists in pion/dtls but is not easily accessible
pion · Jul 31, 2023 · 448f4ba · 448f4ba
1 parent 457ff6c
commit 448f4ba
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/dtlstransport.go b/dtlstransport.go
@@ -342,6 +342,7 @@ func (t *DTLSTransport) Start(remoteParameters DTLSParameters) error {
 	dtlsConfig.ExtendedMasterSecret = t.api.settingEngine.dtls.extendedMasterSecret
 	dtlsConfig.ClientCAs = t.api.settingEngine.dtls.clientCAs
 	dtlsConfig.RootCAs = t.api.settingEngine.dtls.rootCAs
+	dtlsConfig.KeyLogWriter = t.api.settingEngine.dtls.keyLogWriter
 
 	// Connect as DTLS Client/Server, function is blocking and we
 	// must not hold the DTLSTransport lock

diff --git a/settingengine.go b/settingengine.go
@@ -71,6 +71,7 @@ type SettingEngine struct {
 		clientAuth                *dtls.ClientAuthType
 		clientCAs                 *x509.CertPool
 		rootCAs                   *x509.CertPool
+		keyLogWriter              io.Writer
 	}
 	sctp struct {
 		maxReceiveBufferSize uint32
@@ -422,6 +423,12 @@ func (e *SettingEngine) SetDTLSRootCAs(rootCAs *x509.CertPool) {
 	e.dtls.rootCAs = rootCAs
 }
 
+// SetDTLSKeyLogWriter sets the destination of the TLS key material for debugging.
+// Logging key material compromises security and should only be use for debugging.
+func (e *SettingEngine) SetDTLSKeyLogWriter(writer io.Writer) {
+	e.dtls.keyLogWriter = writer
+}
+
 // SetSCTPMaxReceiveBufferSize sets the maximum receive buffer size.
 // Leave this 0 for the default maxReceiveBufferSize.
 func (e *SettingEngine) SetSCTPMaxReceiveBufferSize(maxReceiveBufferSize uint32) {