Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Fix key logging for DNS over TLS #8787

Merged
merged 2 commits into from
Feb 7, 2020

Conversation

rgacogne
Copy link
Member

@rgacogne rgacogne commented Feb 6, 2020

Short description

It turns out that the keyLogFile directive was ignored for DNS over TLS, while correctly working with DNS over HTTPS. I know I tested both when writing the code for #8442 but I guess the DoT part was lost in a refactoring at some point before opening the PR :-/
This PR also makes the feature more usable by flushing the key material to the file right away, so we don't have to wait for the buffer to get flushed.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

This feature is used to debug TLS flows, we don't really care about
the performance in that case and we want to have access to the keys
as soon as possible, without waiting for a buffer to be flushed.
@rgacogne rgacogne added this to the dnsdist-1.4.x milestone Feb 6, 2020
@rgacogne rgacogne merged commit 546b120 into PowerDNS:master Feb 7, 2020
@rgacogne rgacogne deleted the ddist-tls-key-log-file branch February 7, 2020 09:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant