packages feed

hookup 0.3.0.1 → 0.3.1.0

raw patch · 3 files changed

+31/−17 lines, 3 filesdep ~basedep ~networkPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: base, network

API changes (from Hackage documentation)

+ Hookup: getClientCertificate :: Connection -> Maybe X509

Files

ChangeLog.md view
@@ -1,5 +1,9 @@ # Revision history for hookup +## 0.3.1.0 -- 2020-02++* Added `getClientCertificate`+ ## 0.3.0.1 -- 2020-01  * Remove extra-libraries section from cabal file to allow package to work on GHC 8.8.2
hookup.cabal view
@@ -1,5 +1,5 @@ name:                hookup-version:             0.3.0.1+version:             0.3.1.0 synopsis:            Abstraction over creating network connections with SOCKS5 and TLS description:         This package provides an abstraction for communicating with line-oriented                      network services while abstracting over the use of SOCKS5 and TLS (via OpenSSL)@@ -26,7 +26,7 @@   other-modules:       Hookup.OpenSSL,                        Hookup.Socks5   build-depends:       base                  >=4.11 && <4.14,-                       network               >=2.6  && <3.1,+                       network               >=2.6  && <3.2,                        bytestring            >=0.10 && <0.11,                        attoparsec            >=0.13 && <0.14,                        HsOpenSSL             >=0.11.2.3 && <0.12,
src/Hookup.hs view
@@ -50,6 +50,7 @@   CommandReply(..)    -- * SSL Information+  , getClientCertificate   , getPeerCertificate   , getPeerCertFingerprintSha1   , getPeerCertFingerprintSha256@@ -305,7 +306,7 @@ -- Generalization of Socket ------------------------------------------------------------------------ -data NetworkHandle = SSL SSL | Socket Socket+data NetworkHandle = SSL (Maybe X509) SSL | Socket Socket   openNetworkHandle ::@@ -315,22 +316,24 @@ openNetworkHandle params mkSocket =   case cpTls params of     Nothing  -> Socket <$> mkSocket-    Just tls -> SSL <$> startTls tls (cpHost params) mkSocket+    Just tls ->+        do (clientCert, ssl) <- startTls tls (cpHost params) mkSocket+           pure (SSL clientCert ssl)   closeNetworkHandle :: NetworkHandle -> IO () closeNetworkHandle (Socket s) = Socket.close s-closeNetworkHandle (SSL s) =+closeNetworkHandle (SSL _ s) =   do SSL.shutdown s SSL.Unidirectional      traverse_ Socket.close (SSL.sslSocket s)  networkSend :: NetworkHandle -> ByteString -> IO () networkSend (Socket s) = SocketB.sendAll s-networkSend (SSL    s) = SSL.write       s+networkSend (SSL  _ s) = SSL.write       s  networkRecv :: NetworkHandle -> Int -> IO ByteString networkRecv (Socket s) = SocketB.recv s-networkRecv (SSL    s) = SSL.read     s+networkRecv (SSL  _ s) = SSL.read     s   ------------------------------------------------------------------------@@ -472,7 +475,7 @@   TlsParams {- ^ connection params      -} ->   String    {- ^ hostname               -} ->   IO Socket {- ^ socket creation action -} ->-  IO SSL    {- ^ connected TLS          -}+  IO (Maybe X509, SSL) {- ^ (client certificate, connected TLS) -} startTls tp hostname mkSocket = SSL.withOpenSSL $   do ctx <- SSL.context @@ -484,8 +487,8 @@      SSL.contextRemoveOption        ctx SSL.SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS       -- configure certificates-     setupCaCertificates ctx          (tpServerCertificate tp)-     traverse_ (setupCertificate ctx) (tpClientCertificate tp)+     setupCaCertificates ctx (tpServerCertificate tp)+     clientCert <- traverse (setupCertificate ctx) (tpClientCertificate tp)      traverse_ (setupPrivateKey  ctx) (tpClientPrivateKey  tp)       -- add socket to context@@ -498,7 +501,7 @@       SSL.connect ssl -     return ssl+     return (clientCert, ssl)   setupCaCertificates :: SSLContext -> Maybe FilePath -> IO ()@@ -508,11 +511,11 @@     Just path -> SSL.contextSetCAFile ctx path  -setupCertificate :: SSLContext -> FilePath -> IO ()-setupCertificate ctx path-  =   SSL.contextSetCertificate ctx-  =<< PEM.readX509 -- EX-  =<< readFile path+setupCertificate :: SSLContext -> FilePath -> IO X509+setupCertificate ctx path =+  do x509 <- PEM.readX509 =<< readFile path -- EX+     SSL.contextSetCertificate ctx x509+     pure x509   setupPrivateKey :: SSLContext -> FilePath -> IO ()@@ -536,7 +539,14 @@ getPeerCertificate (Connection _ h) =   case h of     Socket{} -> return Nothing-    SSL ssl  -> SSL.getPeerCertificate ssl+    SSL _ ssl -> SSL.getPeerCertificate ssl++-- | Get peer certificate if one exists.+getClientCertificate :: Connection -> Maybe X509.X509+getClientCertificate (Connection _ h) =+  case h of+    Socket{} -> Nothing+    SSL c _  -> c  getPeerCertFingerprintSha1 :: Connection -> IO (Maybe ByteString) getPeerCertFingerprintSha1 = getPeerCertFingerprint "sha1"