http-conduit 1.7.0 → 1.8.0
raw patch · 3 files changed
+21/−18 lines, 3 filesdep ~certificatedep ~networkdep ~tls
Dependency ranges changed: certificate, network, tls, tls-extra
Files
- Network/HTTP/Conduit/ConnInfo.hs +5/−5
- Network/HTTP/Conduit/Manager.hs +12/−9
- http-conduit.cabal +4/−4
Network/HTTP/Conduit/ConnInfo.hs view
@@ -9,8 +9,8 @@ , connSource , sslClientConn , socketConn- , TLSCertificateRejectReason(..)- , TLSCertificateUsage(..)+ , CertificateRejectReason(..)+ , CertificateUsage(..) , getSocket #if DEBUG , printOpenSockets@@ -119,19 +119,19 @@ sClose sock } -sslClientConn :: String -> ([X509] -> IO TLSCertificateUsage) -> Handle -> IO ConnInfo+sslClientConn :: String -> ([X509] -> IO CertificateUsage) -> Handle -> IO ConnInfo sslClientConn _desc onCerts h = do #if DEBUG i <- addSocket _desc #endif- let tcp = defaultParams+ let tcp = defaultParamsClient { pConnectVersion = TLS10 , pAllowedVersions = [ TLS10, TLS11, TLS12 ] , pCiphers = ciphersuite_all , onCertificatesRecv = onCerts } gen <- makeSystem- istate <- client tcp gen h+ istate <- contextNewOnHandle h tcp gen handshake istate return ConnInfo { connRead = recvD istate
Network/HTTP/Conduit/Manager.hs view
@@ -48,6 +48,8 @@ import Network (connectTo, PortID (PortNumber), HostName) import Network.Socket (socketToHandle) import Data.Certificate.X509 (X509, encodeCertificate)+import Data.CertificateStore (CertificateStore)+import System.Certificate.X509 (getSystemCertificateStore) import Network.TLS.Extra (certificateVerifyChain, certificateVerifyDomain) @@ -65,7 +67,7 @@ data ManagerSettings = ManagerSettings { managerConnCount :: Int -- ^ Number of connections to a single host to keep alive. Default: 10.- , managerCheckCerts :: S8.ByteString -> [X509] -> IO TLSCertificateUsage+ , managerCheckCerts :: CertificateStore -> S8.ByteString -> [X509] -> IO CertificateUsage -- ^ Check if the server certificate is valid. Only relevant for HTTPS. } @@ -78,10 +80,10 @@ } -- | Check certificates using the operating system's certificate checker.-defaultCheckCerts :: S8.ByteString -> [X509] -> IO TLSCertificateUsage-defaultCheckCerts host' certs =+defaultCheckCerts :: CertificateStore -> S8.ByteString -> [X509] -> IO CertificateUsage+defaultCheckCerts certStore host' certs = case certificateVerifyDomain (S8.unpack host') certs of- CertificateUsageAccept -> certificateVerifyChain certs+ CertificateUsageAccept -> certificateVerifyChain certStore certs rejected -> return rejected -- | Keeps track of open connections for keep-alive. May be used@@ -91,7 +93,7 @@ -- ^ @Nothing@ indicates that the manager is closed. , mMaxConns :: !Int -- ^ This is a per-@ConnKey@ value.- , mCheckCerts :: S8.ByteString -> [X509] -> IO TLSCertificateUsage+ , mCheckCerts :: S8.ByteString -> [X509] -> IO CertificateUsage -- ^ Check if a certificate is valid. , mCertCache :: !(I.IORef (Map.Map S8.ByteString (Map.Map X509Encoded UTCTime))) -- ^ Cache of validated certificates. The @UTCTime@ gives the expiration@@ -144,10 +146,11 @@ -- | Create a 'Manager'. You must manually call 'closeManager' to shut it down. newManager :: ManagerSettings -> IO Manager newManager ms = do+ certStore <- getSystemCertificateStore mapRef <- I.newIORef (Just Map.empty) certCache <- I.newIORef Map.empty _ <- forkIO $ reap mapRef certCache- return $ Manager mapRef (managerConnCount ms) (managerCheckCerts ms) certCache+ return $ Manager mapRef (managerConnCount ms) (managerCheckCerts ms $ certStore) certCache -- | Collect and destroy any stale connections. reap :: I.IORef (Maybe (Map.Map ConnKey (NonEmptyList ConnInfo)))@@ -280,7 +283,7 @@ socketDesc h p t = unwords [h, show p, t] getSslConn :: MonadResource m- => ([X509] -> IO TLSCertificateUsage)+ => ([X509] -> IO CertificateUsage) -> Manager -> String -- ^ host -> Int -- ^ port@@ -294,7 +297,7 @@ getSslProxyConn :: MonadResource m- => ([X509] -> IO TLSCertificateUsage)+ => ([X509] -> IO CertificateUsage) -> S8.ByteString -- ^ Target host -> Int -- ^ Target port -> Manager@@ -396,7 +399,7 @@ (True, False) -> getSslConn $ checkCerts m h (True, True) -> getSslProxyConn (checkCerts m h) h (port req) -checkCerts :: Manager -> S8.ByteString -> [X509] -> IO TLSCertificateUsage+checkCerts :: Manager -> S8.ByteString -> [X509] -> IO CertificateUsage checkCerts man host' certs = do #if DEBUG putStrLn $ "checkCerts for host: " ++ show host'
http-conduit.cabal view
@@ -1,5 +1,5 @@ name: http-conduit-version: 1.7.0+version: 1.8.0 license: BSD3 license-file: LICENSE author: Michael Snoyman <michael@snoyman.com>@@ -32,11 +32,11 @@ , blaze-builder >= 0.2.1 && < 0.4 , http-types >= 0.6 && < 0.8 , cprng-aes >= 0.2 && < 0.3- , tls >= 0.9.3 && < 0.10- , tls-extra >= 0.4.5 && < 0.5+ , tls >= 1.0.0 && < 1.1+ , tls-extra >= 0.5.0 && < 0.6 , monad-control >= 0.3 && < 0.4 , containers >= 0.2- , certificate >= 1.2 && < 1.3+ , certificate >= 1.3 && < 1.4 , case-insensitive >= 0.2 , base64-bytestring >= 0.1 && < 1.1 , asn1-data >= 0.5.1 && < 0.8