git.kaiwu.me - haproxy.git/commit

]> git.kaiwu.me - haproxy.git/commit

projects / haproxy.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: e264523) | patch

author	William Lallemand <wlallemand@haproxy.com>
	Wed, 1 Apr 2026 08:56:24 +0000 (10:56 +0200)
committer	William Lallemand <wlallemand@haproxy.com>
	Wed, 1 Apr 2026 14:28:49 +0000 (16:28 +0200)
commit	c8bfd06b575ee106b52a31c7075aae200796329f
tree	cf46eccce14556bfdc8d2298baebebb59ac71f2e	tree \| snapshot
parent	e264523112b94ceacf34428d1bdd4e8eea4a813d	commit \| diff

MINOR: ssl/log: add keylog format variables and env vars

Add keylog_format_fc and keylog_format_bc global variables containing
the SSLKEYLOGFILE log-format strings for the frontend (client-facing)
and backend (server-facing) TLS connections respectively. These produce
output compatible with the SSLKEYLOGFILE format described at:
https://tlswg.org/sslkeylogfile/draft-ietf-tls-keylogfile.html

Both formats are also exported as environment variables at startup:
HAPROXY_KEYLOG_FC_LOG_FMT
HAPROXY_KEYLOG_BC_LOG_FMT

These variables contains \n so they might not be compatible with syslog
servers, using them with stderr or a sink might be required.

These can be referenced directly in "log-format" directives to produce
SSLKEYLOGFILE-compatible output, usable by network analyzers such as
Wireshark to decrypt captured TLS traffic.

doc/configuration.txt		diff \| blob \| history
examples/keylog-test.cfg	[new file with mode: 0644]	blob
include/haproxy/log.h		diff \| blob \| history
src/haproxy.c		diff \| blob \| history
src/log.c		diff \| blob \| history

haproxy upstream