HsOpenSSL 0.11.4.19 → 0.11.4.20
raw patch · 10 files changed
+66/−17 lines, 10 filesPVP: minor bump suggested
API additions: PVP suggests at least a minor version bump
API changes (from Hackage documentation)
+ OpenSSL.Session: enableHostnameValidation :: SSL -> String -> IO ()
Files
- ChangeLog +12/−3
- HsOpenSSL.cabal +13/−9
- OpenSSL/Session.hsc +24/−0
- Test/OpenSSL/DER.hs +1/−1
- Test/OpenSSL/DSA.hs +1/−1
- Test/OpenSSL/EVP/Base64.hs +1/−1
- Test/OpenSSL/EVP/Digest.hs +1/−1
- Test/OpenSSL/TestUtils.hs +1/−1
- cbits/HsOpenSSL.c +10/−0
- cbits/HsOpenSSL.h +2/−0
ChangeLog view
@@ -1,8 +1,17 @@+2020-10-08 Vladimir Shabanov <dev@vshabanov.com>++ * HsOpenSSL.cabal (Version): Bump version to 0.11.4.20++ * Hostname validation+ by @amesgen (#52)++ * Do not compile OpenSSL modules twice for tests+ 2020-09-01 Vladimir Shabanov <dev@vshabanov.com> * HsOpenSSL.cabal (Version): Bump version to 0.11.4.19 - * HsOpenSSL.cabal (Version): Discover OpenSSL via pkg-config+ * HsOpenSSL.cabal: Discover OpenSSL via pkg-config by Alexander Biehl @alexbiehl (#51) 2020-03-31 Vladimir Shabanov <dev@vshabanov.com>@@ -21,7 +30,7 @@ 2019-01-21 Vladimir Shabanov <dev@vshabanov.com> - * HsOpenSSL.cabal (Version):+ * HsOpenSSL.cabal: Added upper version bounds to all dependencies (#41) 2019-01-21 Vladimir Shabanov <dev@vshabanov.com>@@ -29,7 +38,7 @@ * HsOpenSSL.cabal (Version): Bump version to 0.11.4.16 * Compatibility for network-3.0.0- by Roman Borschel romanb (#40)+ by Roman Borschel @romanb (#40) * .travis.yml: Fixed build. Updated to last 3 GHC versions.
HsOpenSSL.cabal view
@@ -10,7 +10,7 @@ systems and stable. You may also be interested in the @tls@ package, <http://hackage.haskell.org/package/tls>, which is a pure Haskell implementation of SSL.-Version: 0.11.4.19+Version: 0.11.4.20 License: PublicDomain License-File: COPYING Author: Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen@@ -175,8 +175,9 @@ Test-Suite test-dsa Type: exitcode-stdio-1.0- Main-Is: Test/OpenSSL/DSA.hs- Other-Modules: Test.OpenSSL.TestUtils+ Main-Is: DSA.hs+ HS-Source-Dirs: Test/OpenSSL+ Other-Modules: TestUtils Build-Depends: HsOpenSSL, base >= 4.4 && < 5,@@ -188,8 +189,9 @@ Test-Suite test-der Type: exitcode-stdio-1.0- Main-Is: Test/OpenSSL/DER.hs- Other-Modules: Test.OpenSSL.TestUtils+ Main-Is: DER.hs+ HS-Source-Dirs: Test/OpenSSL+ Other-Modules: TestUtils Build-Depends: HsOpenSSL, base >= 4.4 && < 5@@ -200,8 +202,9 @@ Test-Suite test-evp-base64 Type: exitcode-stdio-1.0- Main-Is: Test/OpenSSL/EVP/Base64.hs- Other-Modules: Test.OpenSSL.TestUtils+ Main-Is: EVP/Base64.hs+ HS-Source-Dirs: Test/OpenSSL+ Other-Modules: TestUtils Build-Depends: HsOpenSSL, base >= 4.4 && < 5,@@ -213,8 +216,9 @@ Test-Suite test-evp-digest Type: exitcode-stdio-1.0- Main-Is: Test/OpenSSL/EVP/Digest.hs- Other-Modules: Test.OpenSSL.TestUtils+ Main-Is: EVP/Digest.hs+ HS-Source-Dirs: Test/OpenSSL+ Other-Modules: TestUtils Build-Depends: HsOpenSSL, base >= 4.4 && < 5,
OpenSSL/Session.hsc view
@@ -38,6 +38,7 @@ , addOption , removeOption , setTlsextHostName+ , enableHostnameValidation , accept , tryAccept , connect@@ -101,7 +102,11 @@ import qualified Data.ByteString.Lazy.Internal as L import System.IO.Unsafe import System.Posix.Types (Fd(..))+#if MIN_VERSION_network(3,1,0)+import Network.Socket (Socket, withFdSocket)+#else import Network.Socket (Socket, fdSocket)+#endif #if !MIN_VERSION_base(4,8,0) import Control.Applicative ((<$>), (<$))@@ -381,12 +386,16 @@ -- collector closing the file descriptor out from under you. connection :: SSLContext -> Socket -> IO SSL connection context sock = do+#if MIN_VERSION_network(3,1,0)+ withFdSocket sock $ \ fd -> connection' context (Fd fd) (Just sock)+#else #if MIN_VERSION_network(3,0,0) fd <- fdSocket sock #else let fd = fdSocket sock #endif connection' context (Fd fd) (Just sock)+#endif -- | Wrap a socket Fd in an SSL connection. fdConnection :: SSLContext -> Fd -> IO SSL@@ -423,6 +432,21 @@ withSSL ssl $ \sslPtr -> withCString h $ \ hPtr -> _SSL_set_tlsext_host_name sslPtr hPtr >> return ()++-- Hostname validation, inspired by https://wiki.openssl.org/index.php/Hostname_validation++foreign import ccall unsafe "HsOpenSSL_enable_hostname_validation"+ _enable_hostname_validation :: Ptr SSL_ -> CString -> CSize -> IO CInt++-- | Enable hostname validation. Also see 'setTlsextHostName'.+--+-- This uses the built-in mechanism introduced in 1.0.2/1.1.0, and will+-- fail otherwise.+enableHostnameValidation :: SSL -> String -> IO ()+enableHostnameValidation ssl host =+ withSSL ssl $ \ssl ->+ withCStringLen host $ \(host, hostLen) ->+ _enable_hostname_validation ssl host (fromIntegral hostLen) >>= failIf_ (/= 1) foreign import ccall "SSL_accept" _ssl_accept :: Ptr SSL_ -> IO CInt foreign import ccall "SSL_connect" _ssl_connect :: Ptr SSL_ -> IO CInt
Test/OpenSSL/DER.hs view
@@ -2,7 +2,7 @@ import OpenSSL.RSA import OpenSSL.DER-import Test.OpenSSL.TestUtils+import TestUtils main :: IO () main = do
Test/OpenSSL/DSA.hs view
@@ -2,7 +2,7 @@ import qualified Data.ByteString as BS import OpenSSL.DSA-import Test.OpenSSL.TestUtils+import TestUtils -- | This function just runs the example DSA generation, as given in FIP 186-2, -- app 5.
Test/OpenSSL/EVP/Base64.hs view
@@ -9,7 +9,7 @@ import qualified Data.ByteString as BS import qualified Data.ByteString.Lazy as BSL import OpenSSL.EVP.Base64-import Test.OpenSSL.TestUtils+import TestUtils -- NOTE: bytestring-0.9.0.4 has these instances too, while -- bytestring-0.9.0.3 does not. If our bytestring is 0.9.0.4 we'll
Test/OpenSSL/EVP/Digest.hs view
@@ -6,7 +6,7 @@ import OpenSSL import Text.Printf import OpenSSL.EVP.Digest-import Test.OpenSSL.TestUtils+import TestUtils main :: IO () main = withOpenSSL $ do
Test/OpenSSL/TestUtils.hs view
@@ -1,4 +1,4 @@-module Test.OpenSSL.TestUtils where+module TestUtils where import qualified Control.Exception as E import Control.Monad
cbits/HsOpenSSL.c view
@@ -390,3 +390,13 @@ return SSL_set_options(ssl, tmp & ~options); #endif }++int HsOpenSSL_enable_hostname_validation(SSL* ssl, char* host_name, size_t host_len) {+#if defined(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)+ X509_VERIFY_PARAM* param = SSL_get0_param(ssl);+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);+ return X509_VERIFY_PARAM_set1_host(param, host_name, host_len);+#else+ return 0;+#endif+}
cbits/HsOpenSSL.h view
@@ -105,4 +105,6 @@ long HsOpenSSL_SSL_clear_options(SSL* ssl, long options); long HsOpenSSL_SSL_set_tlsext_host_name(SSL* ssl, char* host_name); +int HsOpenSSL_enable_hostname_validation(SSL* ssl, char* host_name, size_t host_len);+ #endif