import/path: An error occurred in tls.Config.KeyLogWriter, causing the tls handshake to fail abnormally.

[nelojass]

Go version

go version go1.21.10 darwin/amd64

Output of go env in your module/workspace:

GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/Users/zz-b111/Library/Caches/go-build'
GOENV='/Users/zz-b111/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/zz-b111/go/src/xxx/pkg/mod'
GONOPROXY='
GONOSUMDB=
GOOS='darwin'
GOPATH='/Users/zz-b111/go/src/xxx'
GOPRIVATE=
GOPROXY=
GOROOT='/Users/zz-b111/go/go1.21.10'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/zz-b111/go/go1.21.10/pkg/tool/darwin_amd64'
GOVCS=''
GOVERSION='go1.21.10'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD=''
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/2s/pv55rsjj0ns98vfnk4y2k6x40000gn/T/go-build2675658421=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

Hello,

I use a tls connection and fill my configuration with tls.Config. Because of my business needs, I need to use KeyLogWriter to view my encrypted content in wireshark. Of course, I tested it on the Android platform. At first, I tested it on macos. I opened a file by:
keyLogFile, _ = os.OpenFile("./bin", os.O_WRONLY|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644)
And then I used the same code to test it on Android. Of course, my problem here is that the file path is wrong in Android, and I lack a judgment.

My tls.Config:

tls.Config{
	ServerName:       req.Domain,
	InsecureSkipVerify: true,
	KeyLogWriter: 	 io.MultiWriter(keyLogFile, os.Stdout),
}

Because of this file path error, my TLS handshake always fails.

Finally, I found that I needed to call c.config.writeKeyLog to write Secret in the establishHandshakeKeys method in the crypto/tls/handshake_client_tls13.go file, and writeKeyLog reported an error.

But this error will affect the handshake effect of tls. Here I think this error should not cause the failure of tls. What is the necessity of such a design? (Indeed, ensuring the correctness of KeyLogWriter at the application layer can ensure that there will be no errors here).

What did you see happen?

The writeKeyLog method of the crypt/tls/common.go file reports an error:

invaid argument

Of course this error message is not important here.

What did you expect to see?

Can we ignore this error and not affect the normal handshake of TLS?

It may be a bug, this is just my suggestion.

[gabyhelp]

Related Issues

• crypto: Many APIs return errors caused by other errors, without allowing unwrapping #58365

Related Code Changes

• crypto/tls: add KeyLogWriter for debugging
• crypto/tls: add example for Config KeyLogWriter

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[seankhliao]

I'd say working as intended, you may choose to wrap your own writer to handle it ignore any errors as you deem fit.