packages feed

http-conduit 1.7.0 → 1.8.0

raw patch · 3 files changed

+21/−18 lines, 3 filesdep ~certificatedep ~networkdep ~tls

Dependency ranges changed: certificate, network, tls, tls-extra

Files

Network/HTTP/Conduit/ConnInfo.hs view
@@ -9,8 +9,8 @@     , connSource     , sslClientConn     , socketConn-    , TLSCertificateRejectReason(..)-    , TLSCertificateUsage(..)+    , CertificateRejectReason(..)+    , CertificateUsage(..)     , getSocket #if DEBUG     , printOpenSockets@@ -119,19 +119,19 @@             sClose sock         } -sslClientConn :: String -> ([X509] -> IO TLSCertificateUsage) -> Handle -> IO ConnInfo+sslClientConn :: String -> ([X509] -> IO CertificateUsage) -> Handle -> IO ConnInfo sslClientConn _desc onCerts h = do #if DEBUG     i <- addSocket _desc #endif-    let tcp = defaultParams+    let tcp = defaultParamsClient             { pConnectVersion = TLS10             , pAllowedVersions = [ TLS10, TLS11, TLS12 ]             , pCiphers = ciphersuite_all             , onCertificatesRecv = onCerts             }     gen <- makeSystem-    istate <- client tcp gen h+    istate <- contextNewOnHandle h tcp gen     handshake istate     return ConnInfo         { connRead = recvD istate
Network/HTTP/Conduit/Manager.hs view
@@ -48,6 +48,8 @@ import Network (connectTo, PortID (PortNumber), HostName) import Network.Socket (socketToHandle) import Data.Certificate.X509 (X509, encodeCertificate)+import Data.CertificateStore (CertificateStore)+import System.Certificate.X509 (getSystemCertificateStore)  import Network.TLS.Extra (certificateVerifyChain, certificateVerifyDomain) @@ -65,7 +67,7 @@ data ManagerSettings = ManagerSettings     { managerConnCount :: Int       -- ^ Number of connections to a single host to keep alive. Default: 10.-    , managerCheckCerts :: S8.ByteString -> [X509] -> IO TLSCertificateUsage+    , managerCheckCerts :: CertificateStore -> S8.ByteString -> [X509] -> IO CertificateUsage       -- ^ Check if the server certificate is valid. Only relevant for HTTPS.     } @@ -78,10 +80,10 @@         }  -- | Check certificates using the operating system's certificate checker.-defaultCheckCerts :: S8.ByteString -> [X509] -> IO TLSCertificateUsage-defaultCheckCerts host' certs =+defaultCheckCerts :: CertificateStore -> S8.ByteString -> [X509] -> IO CertificateUsage+defaultCheckCerts certStore host' certs =     case certificateVerifyDomain (S8.unpack host') certs of-        CertificateUsageAccept -> certificateVerifyChain certs+        CertificateUsageAccept -> certificateVerifyChain certStore certs         rejected               -> return rejected  -- | Keeps track of open connections for keep-alive.  May be used@@ -91,7 +93,7 @@     -- ^ @Nothing@ indicates that the manager is closed.     , mMaxConns :: !Int     -- ^ This is a per-@ConnKey@ value.-    , mCheckCerts :: S8.ByteString -> [X509] -> IO TLSCertificateUsage+    , mCheckCerts :: S8.ByteString -> [X509] -> IO CertificateUsage     -- ^ Check if a certificate is valid.     , mCertCache :: !(I.IORef (Map.Map S8.ByteString (Map.Map X509Encoded UTCTime)))     -- ^ Cache of validated certificates. The @UTCTime@ gives the expiration@@ -144,10 +146,11 @@ -- | Create a 'Manager'. You must manually call 'closeManager' to shut it down. newManager :: ManagerSettings -> IO Manager newManager ms = do+    certStore <- getSystemCertificateStore     mapRef <- I.newIORef (Just Map.empty)     certCache <- I.newIORef Map.empty     _ <- forkIO $ reap mapRef certCache-    return $ Manager mapRef (managerConnCount ms) (managerCheckCerts ms) certCache+    return $ Manager mapRef (managerConnCount ms) (managerCheckCerts ms $ certStore) certCache  -- | Collect and destroy any stale connections. reap :: I.IORef (Maybe (Map.Map ConnKey (NonEmptyList ConnInfo)))@@ -280,7 +283,7 @@ socketDesc h p t = unwords [h, show p, t]  getSslConn :: MonadResource m-            => ([X509] -> IO TLSCertificateUsage)+            => ([X509] -> IO CertificateUsage)             -> Manager             -> String -- ^ host             -> Int -- ^ port@@ -294,7 +297,7 @@  getSslProxyConn             :: MonadResource m-            => ([X509] -> IO TLSCertificateUsage)+            => ([X509] -> IO CertificateUsage)             -> S8.ByteString -- ^ Target host             -> Int -- ^ Target port             -> Manager@@ -396,7 +399,7 @@             (True, False) -> getSslConn $ checkCerts m h             (True, True) -> getSslProxyConn (checkCerts m h) h (port req) -checkCerts :: Manager -> S8.ByteString -> [X509] -> IO TLSCertificateUsage+checkCerts :: Manager -> S8.ByteString -> [X509] -> IO CertificateUsage checkCerts man host' certs = do #if DEBUG     putStrLn $ "checkCerts for host: " ++ show host'
http-conduit.cabal view
@@ -1,5 +1,5 @@ name:            http-conduit-version:         1.7.0+version:         1.8.0 license:         BSD3 license-file:    LICENSE author:          Michael Snoyman <michael@snoyman.com>@@ -32,11 +32,11 @@                  , blaze-builder         >= 0.2.1   && < 0.4                  , http-types            >= 0.6     && < 0.8                  , cprng-aes             >= 0.2     && < 0.3-                 , tls                   >= 0.9.3   && < 0.10-                 , tls-extra             >= 0.4.5   && < 0.5+                 , tls                   >= 1.0.0   && < 1.1+                 , tls-extra             >= 0.5.0   && < 0.6                  , monad-control         >= 0.3     && < 0.4                  , containers            >= 0.2-                 , certificate           >= 1.2     && < 1.3+                 , certificate           >= 1.3     && < 1.4                  , case-insensitive      >= 0.2                  , base64-bytestring     >= 0.1     && < 1.1                  , asn1-data             >= 0.5.1   && < 0.8