Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: broken link in Config.KeyLogWriter docs #63331

Open
rhysh opened this issue Oct 2, 2023 · 2 comments
Open

crypto/tls: broken link in Config.KeyLogWriter docs #63331

rhysh opened this issue Oct 2, 2023 · 2 comments
Labels
Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@rhysh
Copy link
Contributor

rhysh commented Oct 2, 2023

It looks like the docs for the NSS key_log_format have moved permanently, in early 2022: mdn/content#12731

The link from crypto/tls.Config.KeyLogWriter points to a page that doesn't redirect to a new permanent home, and instead shows a "404 Not Found" message.

https://firefox-source-docs.mozilla.org/security/nss/index.html mentions mozilla_projects_nss_key_log_format in a section with the warning "References below this point are part of the deprecated documentation and will be ported in the future.", but does not include a link to the new home.

I'm not sure where the current home for that documentation is. It looks like the link in Go's documentation has been broken for a while, and that the owner of those external docs may not intend to repair it. Go's docs should point to a reputable source for the format specification.

What version of Go are you using (go version)?

$ go1.21 version
go version go1.21.1 darwin/arm64

Does this issue reproduce with the latest release?

Yes, and also in the development branch.

What operating system and processor architecture are you using (go env)?

N/A

What did you do?

Read docs for crypto/tls.Config.KeyLogWriter, tried to visit the reference at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format .

$ go1.21 doc crypto/tls.Config.KeyLogWriter
package tls // import "crypto/tls"

type Config struct {
    // KeyLogWriter optionally specifies a destination for TLS master
    // secrets in NSS key log format that can be used to allow external
    // programs such as Wireshark to decrypt TLS connections. See
    // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
    // Use of KeyLogWriter compromises security and should only be used for debugging.
    KeyLogWriter io.Writer

    // ... other fields elided ...
}

See also https://pkg.go.dev/crypto/tls@master#Config

And for what it's worth, https://docs.rs/rustls/latest/rustls/trait.KeyLog.html#required-methods which includes an identical link.

What did you expect to see?

Documentation for the resulting key log entry format.

What did you see instead?

A redirect to https://firefox-source-docs.mozilla.org/security/nss/legacy/key_log_format/index.html, resulting in:

404 Not Found
Code: NoSuchKey
Message: The specified key does not exist.
Key: security/nss/legacy/key_log_format/index.html
RequestId: 9E8NJMXRE2NNZGDF
HostId: Tb4D2Wi5Yh7dkbQonEOgbBePK/D5cmZ/UN1oOFQrBdtisJ3ybZQJVTOFSPMcyBWfFIgqYzXOdtI=
@prattmic prattmic added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 3, 2023
@prattmic
Copy link
Member

prattmic commented Oct 3, 2023

cc @golang/security

@seankhliao
Copy link
Member

maybe this will end up being an appropriate replacement https://datatracker.ietf.org/doc/draft-thomson-tls-keylogfile/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rhysh @prattmic @gopherbot @seankhliao