LibTLS+RequestServer: Add an option to dump TLS keys to a log file

This file allows us to decrypt TLS messages in wireshark, which can help
immensely in debugging network stuff :^)

1 files changed, 12 insertions, 2 deletions

diff --git a/Userland/Services/RequestServer/main.cpp b/Userland/Services/RequestServer/main.cpp
index c9b1884b63..cc1f0dabff 100644
--- a/Userland/Services/RequestServer/main.cpp
+++ b/Userland/Services/RequestServer/main.cpp
@@ -19,9 +19,17 @@
 
 ErrorOr<int> serenity_main(Main::Arguments)
 {
-    TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd sigaction"));
+    if constexpr (TLS_SSL_KEYLOG_DEBUG)
+        TRY(Core::System::pledge("stdio inet accept unix cpath wpath rpath sendfd recvfd sigaction"));
+    else
+        TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd sigaction"));
+
     signal(SIGINFO, [](int) { RequestServer::ConnectionCache::dump_jobs(); });
-    TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd"));
+
+    if constexpr (TLS_SSL_KEYLOG_DEBUG)
+        TRY(Core::System::pledge("stdio inet accept unix cpath wpath rpath sendfd recvfd"));
+    else
+        TRY(Core::System::pledge("stdio inet accept unix rpath sendfd recvfd"));
 
     // Ensure the certificates are read out here.
     [[maybe_unused]] auto& certs = DefaultRootCACertificates::the();
@@ -30,6 +38,8 @@ ErrorOr<int> serenity_main(Main::Arguments)
     // FIXME: Establish a connection to LookupServer and then drop "unix"?
     TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
     TRY(Core::System::unveil("/etc/timezone", "r"));
+    if constexpr (TLS_SSL_KEYLOG_DEBUG)
+        TRY(Core::System::unveil("/home/anon", "rwc"));
     TRY(Core::System::unveil(nullptr, nullptr));
 
     [[maybe_unused]] auto gemini = make<RequestServer::GeminiProtocol>();