Add support for "SSLKEYLOGFILE" environment variable.

[lukebakken]

In order to decrypt TLS sessions in tools like Wireshark, the per-session secrets can be logged to a file. This document specifies the file format.

Recent versions of Erlang/OTP have support for getting the keylog data for a TLS connection. If a mint user wishes to log these secrets to a file, they will export the SSLKEYLOGFILE environment variable prior to starting their application. Then, any time a TLS connection is established in this library and that variable is present, the secrets for that connection will be appended to the file.

See "Exporting the Secrets" here: https://erlang.org/doc/apps/ssl/using_ssl.html

[ericmj]

This is adding private API that is not used in Mint so we need to rethink how best to expose this.

I am not sure what the best way is. It doesn't seem to be a good idea to expose the whole ssl and gen_tcp modules through Mint and cherry picking functions to expose seems arbitrary. In the past we have discussed adding a function for users to get the socket from a connection, if users have direct access to the socket they can do whatever they want with it.

/cc @whatyouhide @josevalim

[lukebakken]

In the past we have discussed adding a function for users to get the socket from a connection, if users have direct access to the socket they can do whatever they want with it

Yep, that would be great! I looked for something like that prior to embarking on this.

[lukebakken]

At some point during this work I won't have to make connection_information/N public. Right now that's for testing and for confirming that this whole idea even works. Eventually this will move to operate based on the presence of SSLKEYLOGFILE or not.

Anyway, I'm enjoying this so I'll keep at it.

[ericmj]

Eventually this will move to operate based on the presence of SSLKEYLOGFILE or not.

Okay, I thought the OTP functions read from that variable. In that case it would be better to implement this at a higher level. Mint is more like a toolkit to build HTTP clients, it's not supposed to give you all features but instead the tools to build those features. In that regard Mint shouldn't read from environment variables and so the full feature shouldn't be implemented in Mint.

In this case I think Mint is missing the tools for you to implement this functionality so we can off course discuss how to solve that.

[lukebakken]

In this case I think Mint is missing the tools for you to implement this functionality so we can off course discuss how to solve that.

Yep! Exposing the socket would solve this issue. I'll close this PR.