doc: documented the GNUTLS_KEYLOGFILE environment variable

2 files changed, 9 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 75293ab678..2fc25b1d18 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,11 @@ See the end for copying conditions.
 ** libgnutls: The SSL 3.0 protocol support can completely be removed
    using a compile time option. The configure option is --disable-ssl3.
 
+** libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
+   log session keys in client side. These session keys are compatible with
+   the NSS Key Log Format and can be used to decrypt the session for
+   debugging using wireshark.
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index fd3342b70c..7d25a5b536 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -165,6 +165,10 @@ error. Other available environment variables are shown in @ref{tab:environment}.
 @item @code{GNUTLS_DEBUG_LEVEL}
 @tab When set to a numeric value, it sets the default debugging level for GnuTLS applications.
 
+@item @code{GNUTLS_KEYLOGFILE}
+@tab When set to a filename, GnuTLS will store to it the client session keys in the NSS Key Log
+format. That format can be read by wireshark and will allow decryption of the session for debugging.
+
 @item @code{GNUTLS_CPUID_OVERRIDE}
 @tab That environment variable can be used to
 explicitly enable/disable the use of certain CPU capabilities. Note that CPU