packages feed

http-io-streams 0.1.6.0 → 0.1.6.1

raw patch · 4 files changed

+55/−68 lines, 4 filesdep ~basedep ~base64-bytestringdep ~bytestringnew-uploaderPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

Dependency ranges changed: base, base64-bytestring, bytestring, text, transformers

API changes (from Hackage documentation)

- Network.Http.Client: contextSetCASystemStore :: SSLContext -> IO Bool
- Network.Http.Client: voidContextSSL :: IO SSLContext

Files

CHANGELOG.md view
@@ -1,9 +1,11 @@ See also http://pvp.haskell.org/faq +### 0.1.6.1++* Build with GHC 9.2 and `ghc-prim-0.8` (via `base-4.16`).+ ### 0.1.6.0 -* New function `voidContextSSL` for creating a _void_ SSL Context which rejects any TLS handshake attempts-* New function `contextSetCASystemStore` exposing functionality embedded in `baselineContextSSL` * New function `openConnectionAddress''` supporting supplying local `SSLContext`s as well as modifying the `SSL` connection before initiating the client SSL handshake. * New function `openConnectionSSL'` which allows to customize the 'SSL' connection /before/ a client SSL handshake is attempted. * New convenience function `getContextSSL` function allowing to retrieve global `SSLContext`.@@ -15,7 +17,7 @@ ### 0.1.4.0  * New module `Network.Http.Client.WebSocket` providing basic RFC6455 support.-* New function 'inputStreamBodyChunked' supporting breaking up over-sized chunks.+* New function `inputStreamBodyChunked` supporting breaking up over-sized chunks.  ### 0.1.3.0 
http-io-streams.cabal view
@@ -1,6 +1,6 @@ cabal-version:       2.2 name:                http-io-streams-version:             0.1.6.0+version:             0.1.6.1  synopsis:            HTTP and WebSocket client based on io-streams description:@@ -21,6 +21,20 @@ bug-reports:         https://github.com/hvr/http-io-streams/issues extra-source-files:  CHANGELOG.md +tested-with:+  GHC == 9.2.2+  GHC == 9.0.2+  GHC == 8.10.7+  GHC == 8.8.4+  GHC == 8.6.5+  GHC == 8.4.4+  GHC == 8.2.2+  GHC == 8.0.2+  GHC == 7.10.3+  GHC == 7.8.4+  GHC == 7.6.3+  GHC == 7.4.2+ source-repository    head   type:              git   location:          https://github.com/hvr/http-io-streams.git@@ -37,13 +51,24 @@  common settings   build-depends:-    , base                 >= 4.5 && < 4.15+    , base                 >= 4.5 && < 4.17     , blaze-builder       ^>= 0.4.1.0-    , bytestring          ^>= 0.10.0.0+    , bytestring           >= 0.10.0.0 && < 0.12     , case-insensitive    ^>= 1.2.0.11     , containers          ^>= 0.5.0.0 || ^>= 0.6.0.1    default-language:  Haskell2010+  other-extensions:+    BangPatterns+    CPP+    DeriveDataTypeable+    DoAndIfThenElse+    MagicHash+    NamedFieldPuns+    OverloadedStrings+    Rank2Types+    RecordWildCards+    UnboxedTuples    ghc-options:     -Wall@@ -69,7 +94,7 @@    build-depends:     , HsOpenSSL           ^>= 0.11.2-    , attoparsec          ^>= 0.13.2.2+    , attoparsec          ^>= 0.13.2.2 || ^>= 0.14.4     , binary              ^>= 0.7.1   || ^>= 0.8.3     , cryptohash-sha1     ^>= 0.11.100     , directory           ^>= 1.2.0.1 || ^>= 1.3.0.0@@ -92,7 +117,7 @@    -- http-common   build-depends:-    , base64-bytestring   ^>= 1.1.0.0+    , base64-bytestring   ^>= 1.2.1.0     , mtl                 ^>= 2.2.2    hs-source-dirs: http-common/lib
http-streams/lib/Network/Http/Client.hs view
@@ -177,8 +177,6 @@     openConnectionSSL,     openConnectionSSL',     baselineContextSSL,-    voidContextSSL,-    contextSetCASystemStore,     modifyContextSSL,     getContextSSL,     establishConnection,
http-streams/lib/Network/Http/Inconvenience.hs view
@@ -28,8 +28,6 @@     encodedFormBody,     put,     baselineContextSSL,-    voidContextSSL,-    contextSetCASystemStore,     concatHandler',     TooManyRedirects(..),     HttpClientError(..),@@ -64,7 +62,10 @@ import qualified Data.Text.Encoding as T import Data.Typeable (Typeable) import Data.Word (Word16)-import GHC.Exts (Int(..),word2Int#, uncheckedShiftRL#)+import GHC.Exts (Int(..), word2Int#, uncheckedShiftRL#)+#if MIN_VERSION_base(4,16,0)+import GHC.Exts (word8ToWord#)+#endif import GHC.Word (Word8 (..)) import Network.URI (URI (..), URIAuth (..), isAbsoluteURI,                     parseRelativeReference, parseURI, uriToString)@@ -137,9 +138,11 @@     toDigit   = c2w . intToDigit     !low      = toDigit $ fromEnum $ c .&. 0xf     !hi       = toDigit $ (c .&. 0xf0) `shiftr` 4-+#if MIN_VERSION_base(4,16,0)+    shiftr (W8# a#) (I# b#) = I# (word2Int# (uncheckedShiftRL# (word8ToWord# a#) b#))+#else     shiftr (W8# a#) (I# b#) = I# (word2Int# (uncheckedShiftRL# a# b#))-+#endif  urlEncodeTable :: Set Char urlEncodeTable = Set.fromList $! filter f $! map w2c [0..255]@@ -399,7 +402,6 @@ -- you are encouraged to install the system -- certificates somewhere and create your own 'SSLContext'. ----- See also 'contextSetCASystemStore' {-     We would like to turn certificate verification on for everyone, but     this has proved contingent on leveraging platform specific mechanisms@@ -410,66 +412,26 @@ baselineContextSSL = withOpenSSL $ do     ctx <- SSL.context     SSL.contextSetDefaultCiphers ctx--    caSet <- contextSetCASystemStore ctx-    if caSet-      then SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)-      else SSL.contextSetVerificationMode ctx SSL.VerifyNone--    return ctx---- | Construct a /void/ 'SSL.Context' in a configuration which uses--- the @HIGH@ cipher-suite and rejects /any/ presented server--- certificate.------ This is mostly useful for testing purposes or intentionally--- thwarting any attempt to connect to @https://@ uris.------ @since 0.1.6.0-voidContextSSL :: IO SSLContext-voidContextSSL = do-    ctx <- SSL.context-    SSL.contextSetCiphers ctx "HIGH"-    SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True (Just (\_ _ -> return False)))-    return ctx-    --- | Configure system-wide certificate store based on OS-specific heuristics.------ This function returns 'True' if the 'SSLContext' was configured; or--- 'False' if the location couldn't be termined for the current OS.------ This function is used by 'baselineContextSSL' but in contrast does--- *not* invoke 'SSL.contextSetDefaultCiphers' nor--- 'SSL.contextSetVerificationMode'. See source-code for details on--- the heuristic used to determine the location of the system--- certificate store.------ @since 0.1.6.0-contextSetCASystemStore :: SSLContext -> IO Bool-contextSetCASystemStore ctx = do #if defined(darwin_HOST_OS)-    return False+    SSL.contextSetVerificationMode ctx SSL.VerifyNone #elif defined(mingw32_HOST_OS)-    return False+    SSL.contextSetVerificationMode ctx SSL.VerifyNone #elif defined(freebsd_HOST_OS)     SSL.contextSetCAFile ctx "/usr/local/etc/ssl/cert.pem"-    return True+    SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing #elif defined(openbsd_HOST_OS)     SSL.contextSetCAFile ctx "/etc/ssl/cert.pem"-    return True+    SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing #else-    hasFedoraEtcPkiTls <- doesDirectoryExist "/etc/pki/tls"-    if hasFedoraEtcPkiTls-      then do-        SSL.contextSetCAFile ctx "/etc/pki/tls/certs/ca-bundle.crt"-        return True-      else do-        -- Setting this as fallback effectively will cause systems to-        -- either fail to verify any certificates (if peer-        -- verification is enabled) if the folder doesn't exist.-        SSL.contextSetCADirectory ctx "/etc/ssl/certs"-        return True+    fedora <- doesDirectoryExist "/etc/pki/tls"+    if fedora+        then do+            SSL.contextSetCAFile ctx "/etc/pki/tls/certs/ca-bundle.crt"+        else do+            SSL.contextSetCADirectory ctx "/etc/ssl/certs"+    SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing #endif+    return ctx   parseURL :: URL -> URI