Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-04-08 21:15:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

plugin/tls: Add the keylog option to configure TLSConfig.KeyLogWriter (#7537)

Browse Source 
* tls: Add the keylog option to configure TLSConfig.KeyLogWriter

Signed-off-by: Ilya Kulakov <kulakov.ilya@gmail.com>

* tls: Close keylog file on instance shutdown.

Signed-off-by: Ilya Kulakov <kulakov.ilya@gmail.com>

---------

Signed-off-by: Ilya Kulakov <kulakov.ilya@gmail.com>
This commit is contained in:
Ilya Kulakov
2026-03-27 12:10:13 -07:00
committed by GitHub
parent 471d62926d
commit a8caf4c375
3 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
plugin/tls/tls_test.go
View File

@@ -2,6 +2,8 @@ package tls
import (
"crypto/tls"
"os"
"path/filepath"
"strings"
"testing"
@@ -23,6 +25,7 @@ func TestTLS(t *testing.T) {
{"tls test_cert.pem test_key.pem test_ca.pem {\nclient_auth require\n}", false, "", ""},
{"tls test_cert.pem test_key.pem test_ca.pem {\nclient_auth verify_if_given\n}", false, "", ""},
{"tls test_cert.pem test_key.pem test_ca.pem {\nclient_auth require_and_verify\n}", false, "", ""},
{"tls test_cert.pem test_key.pem test_ca.pem {\nkeylog tls.log\n}", false, "", ""},
// negative
{"tls test_cert.pem test_key.pem test_ca.pem {\nunknown\n}", true, "", "unknown option"},
// client_auth takes exactly one parameter, which must be one of known keywords.
@@ -85,3 +88,39 @@ func TestTLSClientAuthentication(t *testing.T) {
}
}
}
func TestTLSKeyLog(t *testing.T) {
t.Run("No Path", func(t *testing.T) {
input := "tls test_cert.pem test_key.pem test_ca.pem {\nkeylog\n}"
c := caddy.NewTestController("dns", input)
err := setup(c)
if err == nil {
t.Error("Expected error but found none")
}
})
t.Run("Bad Path", func(t *testing.T) {
tmpDir := t.TempDir()
os.Chmod(tmpDir, 0000)
input := "tls test_cert.pem test_key.pem test_ca.pem {\nkeylog " + filepath.Join(tmpDir, "tls.log") + "\n}"
c := caddy.NewTestController("dns", input)
err := setup(c)
if err == nil {
t.Error("Expected error but found none")
}
})
t.Run("Good Path", func(t *testing.T) {
tmpDir := t.TempDir()
input := "tls test_cert.pem test_key.pem test_ca.pem {\nkeylog " + filepath.Join(tmpDir, "tls.log") + "\n}"
c := caddy.NewTestController("dns", input)
err := setup(c)
if err != nil {
t.Errorf("Expected no error but found %v", err)
}
cfg := dnsserver.GetConfig(c)
if cfg.TLSConfig.KeyLogWriter == nil {
t.Fatal("KeyLogWriter is not set")
}
})
}