From d69a4d4df23a9969417ff511bb38ff0246fb180b Mon Sep 17 00:00:00 2001 From: David Lönnhager Date: Wed, 21 May 2025 10:06:12 +0200 Subject: Disable SSHKEYLOGFILE by default in masque client --- mullvad-masque-proxy/examples/masque-client.rs | 4 +++- mullvad-masque-proxy/src/client/mod.rs | 2 -- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mullvad-masque-proxy/examples/masque-client.rs b/mullvad-masque-proxy/examples/masque-client.rs index 205c198c62..304a0c0ed5 100644 --- a/mullvad-masque-proxy/examples/masque-client.rs +++ b/mullvad-masque-proxy/examples/masque-client.rs @@ -6,6 +6,7 @@ use tokio::net::UdpSocket; use std::{ net::{Ipv4Addr, SocketAddr}, path::PathBuf, + sync::Arc, time::Duration, }; @@ -76,11 +77,12 @@ async fn main() { auth, } = ClientArgs::parse(); - let tls_config = match root_cert_path { + let mut tls_config = match root_cert_path { Some(path) => mullvad_masque_proxy::client::client_tls_config_from_cert_path(path.as_ref()) .expect("Failed to get TLS config"), None => mullvad_masque_proxy::client::default_tls_config(), }; + Arc::get_mut(&mut tls_config).unwrap().key_log = Arc::new(rustls::KeyLogFile::new()); let _keylog = rustls::KeyLogFile::new(); diff --git a/mullvad-masque-proxy/src/client/mod.rs b/mullvad-masque-proxy/src/client/mod.rs index d2b56d12cc..b5aaf81cec 100644 --- a/mullvad-masque-proxy/src/client/mod.rs +++ b/mullvad-masque-proxy/src/client/mod.rs @@ -597,7 +597,6 @@ fn new_connect_request( Ok(request) } -// TODO: resuse the same TLS code from `mullvad-api` maybe pub fn default_tls_config() -> Arc { static TLS_CONFIG: LazyLock> = LazyLock::new(|| client_tls_config_with_certs(read_cert_store())); @@ -616,7 +615,6 @@ fn client_tls_config_with_certs(certs: rustls::RootCertStore) -> Arc