I made a first test setting the env variableSSLKEYLOGFILE from python and creating the file from there as well. Currently the~ resolution does not seem to work, but besides that using the simple client socket example from the ssl docs I was able to grab the keys and log them into the file the env variable was pointing to. I was on a Mac and installedopenssl@1.1 via homebrew.

TheSSLKEYLOGFILE only works, if you

• have OpenSSL 1.1.1 installed. OpenSSL 1.1.0 or 1.0.2 don't have a keylog callback API. Linux distributions like Debian and Fedora just started to include 1.1.1 in their latest test versions.
• usessl.create_default_context(). A customssl.SSLContext doesn't useSSLKEYLOGFILE.

I decided against expanding~ to user's home directory, because neither curl nor NSS expand them.

I wrote some basic examples showing this works very well. Thanks tohttps://github.com/jmfrank63/ssl-examples/commits?author=nikosgraser for providing the requests example.

@zooba Could you please do me a favor and try the patch on Windows? One of the test cases is failing on Windows and I don't understand why.

======================================================================FAIL: test_keylog_env (test.test_ssl.TestSSLDebug)----------------------------------------------------------------------Traceback (most recent call last):  File "C:\projects\cpython\lib\test\test_ssl.py", line 4488, in test_keylog_env    self.assertEqual(ctx.keylog_filename, support.TESTFN)AssertionError: None != '@test_4872_tmp'----------------------------------------------------------------------

@zooba One Windows test case was failing becauseignore_environment flag was set. I'm now skipping the test case if the flag is set.