improve debugging with Wireshark

[wkloucek]

Pre-submission Checks

• [X] I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
• [X] I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Feature description

Have the ability to store pre master keys during SSL handshake to a file for debug / testpilotcloud builds.

These keys can be taken by Wireshark to decrypt the SSL traffic and inspect it.

Proposed solution

Use SSLKEYLOGFILE described by https://firefox-source-docs.mozilla.org/security/nss/legacy/key_log_format/index.html, which is supported by many software stacks, like Firefox or Chromium (in debug builds).

An example implementation can be found here: https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c

Alternative solutions you considered

Switch transport to http. This needs to be done on the server side and cannot be done without changing the server configuration.

I did it for oCIS and it is quite a pain:

1. Remove the https middleware

   diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go
   index b52c99e74..469767e47 100644
   --- a/services/proxy/pkg/command/server.go
   +++ b/services/proxy/pkg/command/server.go
   @@ -214,7 +214,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config)
                 chimiddleware.RealIP,
                 chimiddleware.RequestID,
                 middleware.AccessLog(logger),
   -               middleware.HTTPSRedirect,
   +               //middleware.HTTPSRedirect,
                 middleware.OIDCWellKnownRewrite(
                         logger, cfg.OIDC.Issuer,
                         cfg.OIDC.RewriteWellKnown,

2. make "web" a native OIDC client

   clients:
   - id: web
   name: ownCloud Web app
   trusted: true
   secret: ""
   redirect_uris:
   - 'http://localhost:9200/'
   - 'http://localhost:9200/oidc-callback.html'
   - 'http://localhost:9200/oidc-silent-redirect.html'
   origins:
   - 'http://localhost:9200'
   application_type: "native"

3. start ocis server with following options:
   • PROXY_TLS=false
   • OCIS_URL=http://localhost:9200
   • MICRO_REGISTRY=mdns
   • OCIS_OIDC_ISSUER=https://localhost:9201
4. start ocis proxy server with following options:
   • OCIS_URL=http://localhost:9200
   • PROXY_HTTP_ADDR=127.0.0.1:9201
   • PROXY_DEBUG_ADDR=127.0.0.1:9204
   • MICRO_REGISTRY=mdns
   • OCIS_OIDC_ISSUER=https://localhost:9201
5. connect the Desktop client to "https://localhost:9201"
6. stop the Desktop client and edit ~/.config/testpilotcloud/testpilotcloud.cfg or the respective file for your OS / Desktop client flavor. Change https://localhost:9201 to http://localhost:9200
7. start debugging

Additional context

No response

[github-actions[bot]]

This issue was marked stale because it has been open for 30 days with no activity. Remove the stale label or comment or this will be closed in 7 days.

[github-actions[bot]]

This issue was marked stale because it has been open for 30 days with no activity. Remove the stale label or comment or this will be closed in 7 days.