HsOpenSSL-x509-system 0.1.0.3 → 0.1.0.4
raw patch · 5 files changed
+29/−12 lines, 5 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
Files
- ChangeLog +0/−3
- ChangeLog.md +19/−0
- HsOpenSSL-x509-system.cabal +2/−2
- OpenSSL/X509/SystemStore.hs +5/−4
- OpenSSL/X509/SystemStore/Unix.hs +3/−3
− ChangeLog
@@ -1,3 +0,0 @@-v0.1.0.1-- * Documentation updates.
+ ChangeLog.md view
@@ -0,0 +1,19 @@+#### 0.1.0.4 *2020-08-23*++ * Improve detection of the certificate store location in recent versions of FreeBSD.++#### 0.1.0.3 *2016-08-23*++ * Documentation updates.++#### 0.1.0.2 *2015-04-02*++ * Documentation updates.++#### 0.1.0.1 *2015-02-20*++ * Documentation updates.++#### 0.1.0.0 *2015-02-16*++ * Initial public release.
HsOpenSSL-x509-system.cabal view
@@ -1,5 +1,5 @@ name: HsOpenSSL-x509-system-version: 0.1.0.3+version: 0.1.0.4 synopsis: Use the system's native CA certificate store with HsOpenSSL description: A cross-platform library that tries to find a (reasonable) CA certificate@@ -19,7 +19,7 @@ cabal-version: >=1.10 extra-source-files:- ChangeLog+ ChangeLog.md source-repository head type: git
OpenSSL/X509/SystemStore.hs view
@@ -14,10 +14,11 @@ #endif -- | Add the certificates from the system-wide certificate store to the--- given @openssl@ context. Note that--- __this does not automatically enable peer certificate verification__.--- You also need to call 'OpenSSL.Session.contextSetVerificationMode' and--- __check manually if the hostname matches__ the one specified in the+-- given @openssl@ context. Note that in __older versions of OpenSSL__+-- (namely <1.1.0), this does not automatically enable peer certificate+-- verification. In that case,+-- you also need to call 'OpenSSL.Session.contextSetVerificationMode' and+-- check manually if the hostname matches the one specified in the -- certificate. You can find information about how to do the latter -- <https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openssl.pdf here>. contextLoadSystemCerts :: SSLContext -> IO ()
OpenSSL/X509/SystemStore/Unix.hs view
@@ -33,11 +33,11 @@ -- [2] https://bugzilla.redhat.com/show_bug.cgi?id=1053882 defaultSystemPaths :: [(Bool, FilePath)] defaultSystemPaths =- [ (False, "/etc/pki/tls/certs/ca-bundle.crt" ) -- red hat, fedora. centos+ [ (False, "/etc/pki/tls/certs/ca-bundle.crt" ) -- red hat, fedora, centos , (True , "/etc/ssl/certs" ) -- other linux, netbsd , (True , "/system/etc/security/cacerts" ) -- android- , (True , "/usr/local/share/certs" ) -- freebsd- , (False, "/etc/ssl/cert.pem" ) -- openbsd+ , (False, "/etc/ssl/cert.pem" ) -- openbsd/freebsd , (False, "/usr/share/ssl/certs/ca-bundle.crt" ) -- older red hat , (False, "/usr/local/share/certs/ca-root-nss.crt") -- freebsd (security/ca-root-nss)+ , (True , "/usr/local/share/certs" ) -- freebsd ]