packages feed

HsOpenSSL-x509-system 0.1.0.3 → 0.1.0.4

raw patch · 5 files changed

+29/−12 lines, 5 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

Files

− ChangeLog
@@ -1,3 +0,0 @@-v0.1.0.1--	* Documentation updates.
+ ChangeLog.md view
@@ -0,0 +1,19 @@+#### 0.1.0.4 *2020-08-23*++	* Improve detection of the certificate store location in recent versions of FreeBSD.++#### 0.1.0.3 *2016-08-23*++	* Documentation updates.++#### 0.1.0.2 *2015-04-02*++	* Documentation updates.++#### 0.1.0.1 *2015-02-20*++	* Documentation updates.++#### 0.1.0.0 *2015-02-16*++	* Initial public release.
HsOpenSSL-x509-system.cabal view
@@ -1,5 +1,5 @@ name:                HsOpenSSL-x509-system-version:             0.1.0.3+version:             0.1.0.4 synopsis:            Use the system's native CA certificate store with HsOpenSSL description:   A cross-platform library that tries to find a (reasonable) CA certificate@@ -19,7 +19,7 @@ cabal-version:       >=1.10  extra-source-files:-  ChangeLog+  ChangeLog.md  source-repository head   type: git
OpenSSL/X509/SystemStore.hs view
@@ -14,10 +14,11 @@ #endif  -- | Add the certificates from the system-wide certificate store to the--- given @openssl@ context. Note that--- __this does not automatically enable peer certificate verification__.--- You also need to call 'OpenSSL.Session.contextSetVerificationMode' and--- __check manually if the hostname matches__ the one specified in the+-- given @openssl@ context. Note that in __older versions of OpenSSL__+-- (namely <1.1.0), this does not automatically enable peer certificate+-- verification. In that case,+-- you also need to call 'OpenSSL.Session.contextSetVerificationMode' and+-- check manually if the hostname matches the one specified in the -- certificate. You can find information about how to do the latter -- <https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openssl.pdf here>. contextLoadSystemCerts :: SSLContext -> IO () 
OpenSSL/X509/SystemStore/Unix.hs view
@@ -33,11 +33,11 @@ -- [2] https://bugzilla.redhat.com/show_bug.cgi?id=1053882 defaultSystemPaths :: [(Bool, FilePath)] defaultSystemPaths =-    [ (False, "/etc/pki/tls/certs/ca-bundle.crt"      ) -- red hat, fedora. centos+    [ (False, "/etc/pki/tls/certs/ca-bundle.crt"      ) -- red hat, fedora, centos     , (True , "/etc/ssl/certs"                        ) -- other linux, netbsd     , (True , "/system/etc/security/cacerts"          ) -- android-    , (True , "/usr/local/share/certs"                ) -- freebsd-    , (False, "/etc/ssl/cert.pem"                     ) -- openbsd+    , (False, "/etc/ssl/cert.pem"                     ) -- openbsd/freebsd     , (False, "/usr/share/ssl/certs/ca-bundle.crt"    ) -- older red hat     , (False, "/usr/local/share/certs/ca-root-nss.crt") -- freebsd (security/ca-root-nss)+    , (True , "/usr/local/share/certs"                ) -- freebsd     ]