feat(tls): enable rustls key logging via SSLKEYLOGFILE

jxs · web-flow · commit 7cbf7c1b21c8 · 2026-03-26T12:12:45.000Z
Pull-Request: #6357.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -106,7 +106,7 @@ libp2p-swarm = { version = "0.47.1", path = "swarm" }
 libp2p-swarm-derive = { version = "=0.35.1", path = "swarm-derive" } # `libp2p-swarm-derive` may not be compatible with different `libp2p-swarm` non-breaking releases. E.g. `libp2p-swarm` might introduce a new enum variant `FromSwarm` (which is `#[non-exhaustive]`) in a non-breaking release. Older versions of `libp2p-swarm-derive` would not forward this enum variant within the `NetworkBehaviour` hierarchy. Thus the version pinning is required.
 libp2p-swarm-test = { version = "0.6.0", path = "swarm-test" }
 libp2p-tcp = { version = "0.44.1", path = "transports/tcp" }
-libp2p-tls = { version = "0.6.2", path = "transports/tls" }
+libp2p-tls = { version = "0.6.3", path = "transports/tls" }
 libp2p-uds = { version = "0.43.1", path = "transports/uds" }
 libp2p-upnp = { version = "0.6.0", path = "protocols/upnp" }
 libp2p-webrtc = { version = "0.9.0-alpha.2", path = "transports/webrtc" }
@@ -121,7 +121,7 @@ libp2p-yamux = { version = "0.47.0", path = "muxers/yamux" }
 asynchronous-codec = { version = "0.7.0" }
 env_logger = "0.11"
 futures = "0.3.30"
-futures-bounded = { version = "0.3", features = ["tokio"]}
+futures-bounded = { version = "0.3", features = ["tokio"] }
 futures-rustls = { version = "0.26.0", default-features = false }
 getrandom = "0.2"
 if-watch = "3.2.1"
diff --git a/transports/tls/CHANGELOG.md b/transports/tls/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 0.6.3
+
+- Enable rustls TLS key logging via `SSLKEYLOGFILE`.
+  See [XXXX](https://github.com/libp2p/rust-libp2p/pull/XXXX).
+
 ## 0.6.2
 
 - Upgrade `rustls-webpki` to `v0.103`
diff --git a/transports/tls/Cargo.toml b/transports/tls/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "libp2p-tls"
-version = "0.6.2"
+version = "0.6.3"
 edition.workspace = true
 rust-version = { workspace = true }
 description = "TLS configuration based on libp2p TLS specs."
diff --git a/transports/tls/src/lib.rs b/transports/tls/src/lib.rs
@@ -62,6 +62,7 @@ pub fn make_client_config(
         ))
         .with_client_cert_resolver(cert_resolver);
     crypto.alpn_protocols = vec![P2P_ALPN.to_vec()];
+    crypto.key_log = Arc::new(rustls::KeyLogFile::new());
 
     Ok(crypto)
 }
@@ -86,6 +87,7 @@ pub fn make_server_config(
         .with_client_cert_verifier(Arc::new(verifier::Libp2pCertificateVerifier::new()))
         .with_cert_resolver(cert_resolver);
     crypto.alpn_protocols = vec![P2P_ALPN.to_vec()];
+    crypto.key_log = Arc::new(rustls::KeyLogFile::new());
 
     Ok(crypto)
 }

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ pub fn make_client_config(`
`62`	`62`	`))`
`63`	`63`	`.with_client_cert_resolver(cert_resolver);`
`64`	`64`	`crypto.alpn_protocols = vec![P2P_ALPN.to_vec()];`
	`65`	`+ crypto.key_log = Arc::new(rustls::KeyLogFile::new());`
`65`	`66`
`66`	`67`	`Ok(crypto)`
`67`	`68`	`}`
`@@ -86,6 +87,7 @@ pub fn make_server_config(`
`86`	`87`	`.with_client_cert_verifier(Arc::new(verifier::Libp2pCertificateVerifier::new()))`
`87`	`88`	`.with_cert_resolver(cert_resolver);`
`88`	`89`	`crypto.alpn_protocols = vec![P2P_ALPN.to_vec()];`
	`90`	`+ crypto.key_log = Arc::new(rustls::KeyLogFile::new());`
`89`	`91`
`90`	`92`	`Ok(crypto)`
`91`	`93`	`}`