Skip to content

import/path: An error occurred in tls.Config.KeyLogWriter, causing the tls handshake to fail abnormally. #74358

Closed as not planned
@nelojass

Description

@nelojass

Go version

go version go1.21.10 darwin/amd64

Output of go env in your module/workspace:

GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/Users/zz-b111/Library/Caches/go-build'
GOENV='/Users/zz-b111/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/zz-b111/go/src/xxx/pkg/mod'
GONOPROXY='
GONOSUMDB=
GOOS='darwin'
GOPATH='/Users/zz-b111/go/src/xxx'
GOPRIVATE=
GOPROXY=
GOROOT='/Users/zz-b111/go/go1.21.10'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/zz-b111/go/go1.21.10/pkg/tool/darwin_amd64'
GOVCS=''
GOVERSION='go1.21.10'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD=''
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/2s/pv55rsjj0ns98vfnk4y2k6x40000gn/T/go-build2675658421=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

Hello,

I use a tls connection and fill my configuration with tls.Config. Because of my business needs, I need to use KeyLogWriter to view my encrypted content in wireshark. Of course, I tested it on the Android platform. At first, I tested it on macos. I opened a file by:
keyLogFile, _ = os.OpenFile("./bin", os.O_WRONLY|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644)
And then I used the same code to test it on Android. Of course, my problem here is that the file path is wrong in Android, and I lack a judgment.

My tls.Config:

tls.Config{
	ServerName:       req.Domain,
	InsecureSkipVerify: true,
	KeyLogWriter: 	 io.MultiWriter(keyLogFile, os.Stdout),
}

Because of this file path error, my TLS handshake always fails.

Finally, I found that I needed to call c.config.writeKeyLog to write Secret in the establishHandshakeKeys method in the crypto/tls/handshake_client_tls13.go file, and writeKeyLog reported an error.

But this error will affect the handshake effect of tls. Here I think this error should not cause the failure of tls. What is the necessity of such a design? (Indeed, ensuring the correctness of KeyLogWriter at the application layer can ensure that there will be no errors here).

What did you see happen?

The writeKeyLog method of the crypt/tls/common.go file reports an error:

invaid argument

Of course this error message is not important here.

What did you expect to see?

Can we ignore this error and not affect the normal handshake of TLS?

It may be a bug, this is just my suggestion.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugReportIssues describing a possible bug in the Go implementation.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions