HsOpenSSL 0.11.7.6 → 0.11.7.7
raw patch · 7 files changed
+59/−13 lines, 7 filesdep ~networkdep ~time
Dependency ranges changed: network, time
Files
- ChangeLog +13/−0
- HsOpenSSL.cabal +7/−7
- OpenSSL/Session.hsc +1/−1
- OpenSSL/Utils.hs +8/−0
- OpenSSL/X509.hsc +4/−2
- OpenSSL/X509/Request.hs +23/−0
- examples/HelloWorld.hs +3/−3
ChangeLog view
@@ -1,3 +1,16 @@+2024-06-11 Vladimir Shabanov <dev@vshabanov.com>++ * HsOpenSSL.cabal (Version): Bump version to 0.11.7.7++ * Added generic functionality for adding extensions to X509 (#87)+ by Ishan Sharma @ishan-rep++ * Clear error stack after x509_verify validation failure (#91)+ by Paolo Capriotti @pcapriotti++ * Add withContextSetKeylogCallback: Allow any type inside action (#85)+ by Akshay Mankar @akshaymankar+ 2022-06-19 Vladimir Shabanov <dev@vshabanov.com> * HsOpenSSL.cabal (Version): Bump version to 0.11.7.6
HsOpenSSL.cabal view
@@ -10,7 +10,7 @@ systems and stable. You may also be interested in the @tls@ package, <http://hackage.haskell.org/package/tls>, which is a pure Haskell implementation of SSL.-Version: 0.11.7.6+Version: 0.11.7.7 License: PublicDomain License-File: COPYING Author: Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen@@ -74,9 +74,9 @@ Library Build-Depends: base >= 4.8 && < 5,- bytestring >= 0.9 && < 0.12,- network >= 2.1 && < 3.2,- time >= 1.5 && < 1.13+ bytestring >= 0.9 && < 0.13,+ network >= 2.1 && < 3.3,+ time >= 1.5 && < 1.15 Build-Tools: hsc2hs >= 0.67 @@ -163,7 +163,7 @@ Build-Depends: HsOpenSSL, base >= 4.8 && < 5,- bytestring >= 0.9 && < 0.12+ bytestring >= 0.9 && < 0.13 Default-Language: Haskell2010 GHC-Options:@@ -190,7 +190,7 @@ Build-Depends: HsOpenSSL, base >= 4.8 && < 5,- bytestring >= 0.9 && < 0.12+ bytestring >= 0.9 && < 0.13 Default-Language: Haskell2010 GHC-Options:@@ -204,7 +204,7 @@ Build-Depends: HsOpenSSL, base >= 4.8 && < 5,- bytestring >= 0.9 && < 0.12+ bytestring >= 0.9 && < 0.13 Default-Language: Haskell2010 GHC-Options:
OpenSSL/Session.hsc view
@@ -406,7 +406,7 @@ -- -- FIXME: Not re-entrant (ignores previous callback and resets it to -- nullFunPtr on exit)-withContextSetKeylogCallback :: SSLContext -> (String -> IO ()) -> IO () -> IO ()+withContextSetKeylogCallback :: SSLContext -> (String -> IO ()) -> IO a -> IO a withContextSetKeylogCallback context cb action = do -- There doesn't seem to be a way to go from 'Ptr SSL_' to 'SSL', so let's -- just ignore it in the haskell callback.
OpenSSL/Utils.hs view
@@ -4,11 +4,13 @@ , failIf , failIf_ , raiseOpenSSLError+ , clearErrorStack , toHex , fromHex , peekCStringCLen ) where+import Control.Monad import Foreign.C.String import Foreign.C.Types import Foreign.Ptr@@ -40,6 +42,12 @@ raiseOpenSSLError :: IO a raiseOpenSSLError = getError >>= errorString >>= fail+++clearErrorStack :: IO ()+clearErrorStack = do+ e <- getError+ when (e /= 0) clearErrorStack -- | Convert an integer to a hex string toHex :: (Num i, Bits i) => i -> String
OpenSSL/X509.hsc view
@@ -5,7 +5,7 @@ -- |An interface to X.509 certificate. module OpenSSL.X509 ( -- * Type- X509+ X509(..) , X509_ -- * Functions to manipulate certificate@@ -274,7 +274,9 @@ where interpret :: CInt -> IO VerifyStatus interpret 1 = return VerifySuccess- interpret 0 = return VerifyFailure+ interpret 0 = do+ clearErrorStack+ return VerifyFailure interpret _ = raiseOpenSSLError -- |@'printX509' cert@ translates a certificate into human-readable
OpenSSL/X509/Request.hs view
@@ -32,6 +32,7 @@ , setPublicKey , addExtensions+ , addExtensionToX509 ) where @@ -100,6 +101,8 @@ foreign import capi unsafe "openssl/x509.h X509_REQ_add_extensions" _req_add_extensions :: Ptr X509_REQ -> Ptr STACK -> IO CInt +foreign import capi unsafe "openssl/x509.h X509_add_ext"+ _X509_add_ext :: Ptr Cert.X509_ -> Ptr X509_EXT -> CInt -> IO CInt -- |@'newX509Req'@ creates an empty certificate request. You must set -- the following properties to and sign it (see 'signX509Req') to@@ -296,3 +299,23 @@ Cert.setPublicKey cert =<< getPublicKey req return cert++-- | Add Extensions to a certificate (when the Server accepting certs requires it)+-- E.g.:+--+-- > addExtensionToX509 cert1 87 "CA:FALSE"+-- > addExtensionToX509 cert1 85 "critical,serverAuth, clientAuth" -- when this extension field is critical+--+addExtensionToX509 :: X509 -> Int -> String -> IO Bool+addExtensionToX509 (Cert.X509 certFPtr) nid value = do+ -- Context and config pointers are set to nullPtr for simplicity.+ -- Depending on your use case, you might need to provide actual values.+ result <- withForeignPtr certFPtr $ \certPtr ->+ withCString value $ \cValue -> do+ extPtr <- _ext_create nullPtr nullPtr (fromIntegral nid) cValue+ if extPtr /= nullPtr+ then do+ res <- _X509_add_ext certPtr extPtr (-1) -- Add to the end+ return (res == 0)+ else return False+ return result
examples/HelloWorld.hs view
@@ -15,9 +15,9 @@ main = withOpenSSL $- do putStrLn "cipher: DES-CBC"- des <- liftM fromJust $ getCipherByName "DES-CBC"-+ do putStrLn "cipher: DES3"+ des <- liftM fromJust $ getCipherByName "DES3"+ putStrLn "generating RSA keypair..." rsa <- generateRSAKey 512 65537 Nothing