From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 18 May 2016 14:38:13 +0000 (+0200)
Subject: doc: documented the GNUTLS_KEYLOGFILE environment variable
X-Git-Tag: gnutls_3_5_1~136
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=99e356876b70df7d4e6cc63e0261f6e4f9bcfcd1;p=thirdparty%2Fgnutls.git

doc: documented the GNUTLS_KEYLOGFILE environment variable
---

diff --git a/NEWS b/NEWS
index 75293ab678..2fc25b1d18 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,11 @@ See the end for copying conditions.
 ** libgnutls: The SSL 3.0 protocol support can completely be removed
    using a compile time option. The configure option is --disable-ssl3.
 
+** libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
+   log session keys in client side. These session keys are compatible with
+   the NSS Key Log Format and can be used to decrypt the session for
+   debugging using wireshark.
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index fd3342b70c..7d25a5b536 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -165,6 +165,10 @@ error. Other available environment variables are shown in @ref{tab:environment}.
 @item @code{GNUTLS_DEBUG_LEVEL}
 @tab When set to a numeric value, it sets the default debugging level for GnuTLS applications.
 
+@item @code{GNUTLS_KEYLOGFILE}
+@tab When set to a filename, GnuTLS will store to it the client session keys in the NSS Key Log
+format. That format can be read by wireshark and will allow decryption of the session for debugging.
+
 @item @code{GNUTLS_CPUID_OVERRIDE}
 @tab That environment variable can be used to
 explicitly enable/disable the use of certain CPU capabilities. Note that CPU