Skip to content

tls,cli: add --trace-tls command-line flag #27497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 2, 2019
Merged

tls,cli: add --trace-tls command-line flag #27497

merged 3 commits into from
May 2, 2019

Conversation

@cjihrig
Copy link
Contributor

@cjihrig cjihrig commented Apr 30, 2019
edited
Loading

This PR adds a --trace-tls CLI flag. The purpose is to enable tracing of TLS connections without the need to modify existing application code.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Apr 30, 2019

Lite-CI: https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/3399
@nodejs-github-bot nodejs-github-bot added the tls Issues and PRs related to the tls subsystem. label Apr 30, 2019
@mscdex
Copy link
Contributor

mscdex commented Apr 30, 2019

I think all that's needed is the environment variable support since adedbb1 already landed?
@cjihrig
Copy link
Contributor Author

cjihrig commented Apr 30, 2019

I think adedbb1 would only support tracing secure sockets created in a server context. tls.connect() would still require changing application code.
@mscdex
Copy link
Contributor

mscdex commented Apr 30, 2019

I see. Maybe the description should mention this is for client sockets only?
@sam-github
Copy link
Contributor

sam-github commented Apr 30, 2019

re:

I think adedbb1 would only support tracing secure sockets created in a server context. tls.connect() would still require changing application code.

Both client and server required changing app code, but client needed tls.connect().enableTrace(), it didn't use an option property because I often found it useful to turn trace on only after handshake.

The option property makes sense, though, it makes the API a bit more consistent.

2 suggestions:

  • consider instead of using an env var, have a CLI option --enable-tls-trace (or --tls-enable-trace?), then it can be done with an env var (with NODE_OPTIONS) or by CLI, we don't have to be so opinionated as to how users will want to set it.
  • consider having the ENV var (CLI option?) set the intial value of tls.DEFAULT_ENABLE_TRACE to true, so that the property can be set globally in code with tls.DEFAULT_ENABLE_TRACE = true (this is the pattern for a number of the existing CLI/env controllable defaults)
@richardlau
Copy link
Member

richardlau commented Apr 30, 2019

Does this need a brand new environment variable? It looks like it could be a category for the existing NODE_DEBUG. Or as @sam-github suggests it could be a command line option that could be enabled via NODE_OPTIONS.
richardlau
richardlau reviewed Apr 30, 2019
View reviewed changes
@cjihrig
Copy link
Contributor Author

cjihrig commented Apr 30, 2019
edited
Loading

Both client and server required changing app code

Sorry, I meant that adding a new environment variable alone was not adequate for the client.

It looks like it could be a category for the existing NODE_DEBUG

That's actually my preference, and was my first idea. However, the format of the output is different enough that I didn't think it made sense.

I'll move this to a CLI flag.
@cjihrig cjihrig added the semver-minor PRs that contain new features and should be released in the next minor version. label Apr 30, 2019
@cjihrig cjihrig changed the title tls,cli: add NODE_TLS_TRACE environment variable tls,cli: add --trace-tls command-line flag Apr 30, 2019
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented May 1, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/22864/
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented May 2, 2019
edited by cjihrig
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/22888/

EDIT(cjihrig): CI was green.
cjihrig added 3 commits May 2, 2019 12:37
@cjihrig
tls: simplify enableTrace logic
b233d02 
PR-URL: nodejs#27497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
@cjihrig
tls: support enableTrace in TLSSocket()
c6a2fdf 
This commit adds the enableTrace option to the TLSSocket constructor. It also plumbs the option through other relevant APIs. PR-URL: nodejs#27497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
@cjihrig
tls,cli: add --trace-tls command-line flag
495822f 
This commit adds a --trace-tls command-line flag. The purpose is to enable tracing of TLS connections without the need to modify existing application code. PR-URL: nodejs#27497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
@cjihrig cjihrig merged commit 495822f into nodejs:master May 2, 2019
targos pushed a commit that referenced this pull request May 4, 2019
@cjihrig @targos
tls: simplify enableTrace logic
576fe33 
PR-URL: #27497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
targos pushed a commit that referenced this pull request May 4, 2019
@cjihrig @targos
tls: support enableTrace in TLSSocket()
84a2768 
This commit adds the enableTrace option to the TLSSocket constructor. It also plumbs the option through other relevant APIs. PR-URL: #27497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
targos pushed a commit that referenced this pull request May 4, 2019
@cjihrig @targos
tls,cli: add --trace-tls command-line flag
f1efe6d 
This commit adds a --trace-tls command-line flag. The purpose is to enable tracing of TLS connections without the need to modify existing application code. PR-URL: #27497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
@targos targos mentioned this pull request May 6, 2019
Merged
targos added a commit that referenced this pull request May 6, 2019
@targos
2019-05-07, Version 12.2.0 (Current)
492762e 
Notable changes: * tls: * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace` option to `tls.createServer()`. When enabled, TSL packet trace information is written to `stderr`. This can be used to debug TLS connection problems. #27497 * cli: * Added a `--trace-tls` command-line flag that enables tracing of TLS connections without the need to modify existing application code. #27497 * Added a `--cpu-prof-interval` command-line flag. It can be used to specify the sampling interval for the CPU profiles generated by `--cpu-prof`. #27535 * module: * Added the `createRequire()` method. It allows to create a require function a file URL object, a file URL string or an absolute path string. The existing `createRequireFromPath()` method is now deprecated #27405. * Throw on `require('./path.mjs')`. This is technically a breaking change that should have landed with Node.js 12.0.0. It is necessary to have this to keep the possibility for a future minor version to load ES Modules with the require function. #27417 * meta: * Added Christian Clauss (https://github.com/cclauss) to collaborators. #27554 PR-URL: #27578
targos added a commit that referenced this pull request May 7, 2019
@targos
2019-05-07, Version 12.2.0 (Current)
e8dda76 
Notable changes: * deps: * Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP parser refuse any request URL that contained the "|" (vertical bar) character. #27595 * tls: * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace` option to `tls.createServer()`. When enabled, TSL packet trace information is written to `stderr`. This can be used to debug TLS connection problems. #27497 #27376 * cli: * Added a `--trace-tls` command-line flag that enables tracing of TLS connections without the need to modify existing application code. #27497 * Added a `--cpu-prof-interval` command-line flag. It can be used to specify the sampling interval for the CPU profiles generated by `--cpu-prof`. #27535 * module: * Added the `createRequire()` method. It allows to create a require function from a file URL object, a file URL string or an absolute path string. The existing `createRequireFromPath()` method is now deprecated #27405. * Throw on `require('./path.mjs')`. This is technically a breaking change that should have landed with Node.js 12.0.0. It is necessary to have this to keep the possibility for a future minor version to load ES Modules with the require function. #27417 * repl: * The REPL now supports multi-line statements using `BigInt` literals as well as public and private class fields and methods. #27400 * The REPL now supports tab autocompletion of file paths with `fs` methods. #26648 * meta: * Added Christian Clauss (https://github.com/cclauss) to collaborators. #27554 PR-URL: #27578
targos added a commit that referenced this pull request May 7, 2019
@targos
2019-05-07, Version 12.2.0 (Current)
e006a85 
Notable changes: * deps: * Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP parser refuse any request URL that contained the "|" (vertical bar) character. #27595 * tls: * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace` option to `tls.createServer()`. When enabled, TSL packet trace information is written to `stderr`. This can be used to debug TLS connection problems. #27497 #27376 * cli: * Added a `--trace-tls` command-line flag that enables tracing of TLS connections without the need to modify existing application code. #27497 * Added a `--cpu-prof-interval` command-line flag. It can be used to specify the sampling interval for the CPU profiles generated by `--cpu-prof`. #27535 * module: * Added the `createRequire()` method. It allows to create a require function from a file URL object, a file URL string or an absolute path string. The existing `createRequireFromPath()` method is now deprecated #27405. * Throw on `require('./path.mjs')`. This is technically a breaking change that should have landed with Node.js 12.0.0. It is necessary to have this to keep the possibility for a future minor version to load ES Modules with the require function. #27417 * repl: * The REPL now supports multi-line statements using `BigInt` literals as well as public and private class fields and methods. #27400 * The REPL now supports tab autocompletion of file paths with `fs` methods. #26648 * meta: * Added Christian Clauss (https://github.com/cclauss) to collaborators. #27554 PR-URL: #27578
This was referenced May 7, 2019
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@sam-github sam-github mentioned this pull request May 16, 2019
Closed
@cjihrig cjihrig deleted the tls-trace branch May 16, 2019 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

semver-minor PRs that contain new features and should be released in the next minor version. tls Issues and PRs related to the tls subsystem.

8 participants

@cjihrig @nodejs-github-bot @mscdex @sam-github @richardlau @Trott @addaleax @BethGriggs