DUMP SSL keys using the environment variable $SSLKEYLOGFILE

[luiso1979]

DO NOT REMOVE OR SKIP THE ISSUE TEMPLATE

• I understand that I will be blocked if I intentionally remove or skip any mandatory* field

Checklist

• I'm requesting a feature unrelated to a specific site
• I've looked through the README
• I've verified that I have updated yt-dlp to nightly or master (update instructions)
• I've searched known issues and the bugtracker for similar issues including closed ones. DO NOT post duplicates
• I've read the guidelines for opening an issue

Provide a description that is worded well enough to be understood

I'm not able to log the SSL keys using the command:

            SSLKEYLOGFILE=file.log yt-dlp https://URL -v

Since python 3.8 and openssl 1.1.1 this is supported. It was supported in youtube-dl (see).

It is possible to add this feature to yt-dlp?

Kind Regards
Luis

Provide verbose output that clearly demonstrates the problem

• Run your yt-dlp command with -vU flag added (yt-dlp -vU <your command line>)
• If using API, add 'verbose': True to YoutubeDL params instead
• Copy the WHOLE output (starting with [debug] Command-line config) and insert it below

Complete Verbose Output

[debug] Command-line config: ['https://youtube.com/watch?v=987KFCmOHaA', '-vU']
[debug] Encodings: locale UTF-8, fs utf-8, pref UTF-8, out utf-8 (No ANSI), error utf-8, screen utf-8 (No ANSI)
[debug] yt-dlp version stable@2024.03.10 from yt-dlp/yt-dlp [615a84447] (pip)
[debug] Python 3.12.2 (CPython x86_64 64bit) - Linux-6.5.0-1015-aws-x86_64-with-glibc2.35 (OpenSSL 1.1.1c  28 May 2019, glibc 2.35)
[debug] exe versions: ffmpeg 4.4.2 (setts), ffprobe 4.4.2, rtmpdump 2.4
[debug] Optional libraries: Cryptodome-3.20.0, brotli-1.1.0, certifi-2024.02.02, mutagen-1.47.0, requests-2.31.0, sqlite3-3.37.2, urllib3-2.2.1, websockets-12.0
[debug] Proxy map: {}
[debug] Request Handlers: urllib, requests, websockets
[debug] Loaded 1803 extractors
[debug] Fetching release info: https://api.github.com/repos/yt-dlp/yt-dlp/releases/latest
[debug] Sort order given by extractor: quality, res, fps, hdr:12, source, vcodec:vp9.2, channels, acodec, lang, proto
[debug] Formats sorted by: hasvid, ie_pref, quality, res, fps, hdr:12(7), source, vcodec:vp9.2(10), channels, acodec, lang, proto, size, br, asr, vext, aext, hasaud, id
[debug] Default format spec: bestvideo*+bestaudio/best
[debug] Invoking hlsnative downloader on "https://manifest.googlevideo.com/api/manifest/hls_playlist/expire/1711399005/ei/_YsBZuWYMsOOp-oP6LeIwAk/ip/15.160.49.251/id/f7ceca14298e1da0/itag/616/source/youtube/requiressl/yes/ratebypass/yes/pfa/1/wft/1/sgovp/clen%3D57052662%3Bdur%3D91.520%3Bgir%3Dyes%3Bitag%3D356%3Blmt%3D1711329007984028/rqh/1/hls_chunk_host/rr5---sn-hpa7knle.googlevideo.com/xpc/EgVo2aDSNQ%3D%3D/mh/02/mm/31,29/mn/sn-hpa7knle,sn-hpa7znzr/ms/au,rdu/mv/m/mvi/5/pl/16/gcr/it/initcwndbps/1343750/vprv/1/playlist_type/DVR/dover/13/txp/5532434/mt/1711376943/fvip/3/short_key/1/keepalive/yes/sparams/expire,ei,ip,id,itag,source,requiressl,ratebypass,pfa,wft,sgovp,rqh,xpc,gcr,vprv,playlist_type/sig/AJfQdSswRQIhAMNDfqQf7RtuOs7Oemy8cgyWj_LXbC3oNQt-NzmOxgmDAiBOGelZ9gqNnFwhi3Nf5LrOMhnrdWfr1h__Y1UFrHCQBw%3D%3D/lsparams/hls_chunk_host,mh,mm,mn,ms,mv,mvi,pl,initcwndbps/lsig/ALClDIEwRAIgDntXu19nvW3iR2-DxmvKc1vauioWuVKJekoHptYgbUICIDk374CY9bMbl5uTe-i1xDjwYzOJaXLOgNZ10SUL5VJv/playlist/index.m3u8"
[debug] Invoking http downloader on "https://rr3---sn-hpa7znzr.googlevideo.com/videoplayback?expire=1711399005&ei=_YsBZonaN4W_mLAPy5S7kAE&ip=15.160.49.251&id=o-AB8PEBHv1zrD06EtNePuactWgHk7tYFk61D1DYRKuGb6&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=02&mm=31%2C26&mn=sn-hpa7znzr%2Csn-25glenes&ms=au%2Conr&mv=m&mvi=3&pl=16&gcr=it&initcwndbps=1350000&vprv=1&svpuc=1&mime=audio%2Fwebm&gir=yes&clen=1191715&dur=91.541&lmt=1711328568705124&mt=1711376943&fvip=5&keepalive=yes&c=ANDROID&txp=5532434&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cgcr%2Cvprv%2Csvpuc%2Cmime%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRgIhAIc7eDatiptlaNunNnTh5Z6ojmY40-q2ZgUk3BzxNdIkAiEApQnx-i-TJ6wlIpdSARGq7jwETH7c6bJVaNb9AvADahI%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRQIgMoFVCndOpjQ2A3ItppZ_aRxNX9vr9Dey-G8898RDw0wCIQCbxFI5TFmnUvO5sQ3UReph9BUDu37pnKuFqNbL62wWeA%3D%3D"
[debug] ffmpeg command line: ffmpeg -y -loglevel repeat+info -i 'file:Italia-Ecuador 2-0： gol e highlights dell'"'"'amichevole [987KFCmOHaA].f616.mp4' -i 'file:Italia-Ecuador 2-0： gol e highlights dell'"'"'amichevole [987KFCmOHaA].f251.webm' -c copy -map 0:v:0 -map 1:a:0 -movflags +faststart 'file:Italia-Ecuador 2-0： gol e highlights dell'"'"'amichevole [987KFCmOHaA].temp.webm'

[luiso1979]

Taking a look at the code, it may be enough to add this code

  context.keylog_filename = os.environ.get('SSLKEYLOGFILE')

after the line where the ssl context is initialised

I'm not python fluent so excuse if I wrote something terrible ;)

Regards
Luis

[coletdjnz]

I can enable this for the SSLContext we create which is used by urllib, requests and websockets. curl-cffi should already work with it out of the box as it uses libcurl.

However I cannot guarantee it will always be available for future request handlers that don't use our SSLContext and am not going to enforce it (it will be dependent on the libraries to implement/enable it in that case).

[luiso1979]

@coletdjnz of course, in fact it would be enough for urllib and requests, super plus having it for websockets.
It makes no sense enforcing something like this for future handlers. I could keep I eye on them and open a PR if it can be done.

Talking about PR, is there any policy for opening a PR, it would be appreciated? or you prefer doing it yourself?

Thanks a lot for the response,
Regards,
Luis