doc: documented the GNUTLS_KEYLOGFILE environment variable

diff --git a/NEWS b/NEWS
index 75293ab6789c8c13396a9126e4f75c3a71140f94..2fc25b1d18f73c1324a646efc4b73752feb1bed4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,11 @@ See the end for copying conditions.
 ** libgnutls: The SSL 3.0 protocol support can completely be removed
    using a compile time option. The configure option is --disable-ssl3.
 
+** libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
+   log session keys in client side. These session keys are compatible with
+   the NSS Key Log Format and can be used to decrypt the session for
+   debugging using wireshark.
+
 ** API and ABI modifications:
 No changes since last version.
 

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index fd3342b70c0ab89b438aa91709dda061be41e629..7d25a5b5360bd352588b2a9a0d4654bce31b7b92 100644 (file)
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -165,6 +165,10 @@ error. Other available environment variables are shown in @ref{tab:environment}.
 @item @code{GNUTLS_DEBUG_LEVEL}
 @tab When set to a numeric value, it sets the default debugging level for GnuTLS applications.
 
+@item @code{GNUTLS_KEYLOGFILE}
+@tab When set to a filename, GnuTLS will store to it the client session keys in the NSS Key Log
+format. That format can be read by wireshark and will allow decryption of the session for debugging.
+
 @item @code{GNUTLS_CPUID_OVERRIDE}
 @tab That environment variable can be used to
 explicitly enable/disable the use of certain CPU capabilities. Note that CPU