http-io-streams 0.1.6.0 → 0.1.6.1
raw patch · 4 files changed
+55/−68 lines, 4 filesdep ~basedep ~base64-bytestringdep ~bytestringnew-uploaderPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependency ranges changed: base, base64-bytestring, bytestring, text, transformers
API changes (from Hackage documentation)
- Network.Http.Client: contextSetCASystemStore :: SSLContext -> IO Bool
- Network.Http.Client: voidContextSSL :: IO SSLContext
Files
- CHANGELOG.md +5/−3
- http-io-streams.cabal +30/−5
- http-streams/lib/Network/Http/Client.hs +0/−2
- http-streams/lib/Network/Http/Inconvenience.hs +20/−58
CHANGELOG.md view
@@ -1,9 +1,11 @@ See also http://pvp.haskell.org/faq +### 0.1.6.1++* Build with GHC 9.2 and `ghc-prim-0.8` (via `base-4.16`).+ ### 0.1.6.0 -* New function `voidContextSSL` for creating a _void_ SSL Context which rejects any TLS handshake attempts-* New function `contextSetCASystemStore` exposing functionality embedded in `baselineContextSSL` * New function `openConnectionAddress''` supporting supplying local `SSLContext`s as well as modifying the `SSL` connection before initiating the client SSL handshake. * New function `openConnectionSSL'` which allows to customize the 'SSL' connection /before/ a client SSL handshake is attempted. * New convenience function `getContextSSL` function allowing to retrieve global `SSLContext`.@@ -15,7 +17,7 @@ ### 0.1.4.0 * New module `Network.Http.Client.WebSocket` providing basic RFC6455 support.-* New function 'inputStreamBodyChunked' supporting breaking up over-sized chunks.+* New function `inputStreamBodyChunked` supporting breaking up over-sized chunks. ### 0.1.3.0
http-io-streams.cabal view
@@ -1,6 +1,6 @@ cabal-version: 2.2 name: http-io-streams-version: 0.1.6.0+version: 0.1.6.1 synopsis: HTTP and WebSocket client based on io-streams description:@@ -21,6 +21,20 @@ bug-reports: https://github.com/hvr/http-io-streams/issues extra-source-files: CHANGELOG.md +tested-with:+ GHC == 9.2.2+ GHC == 9.0.2+ GHC == 8.10.7+ GHC == 8.8.4+ GHC == 8.6.5+ GHC == 8.4.4+ GHC == 8.2.2+ GHC == 8.0.2+ GHC == 7.10.3+ GHC == 7.8.4+ GHC == 7.6.3+ GHC == 7.4.2+ source-repository head type: git location: https://github.com/hvr/http-io-streams.git@@ -37,13 +51,24 @@ common settings build-depends:- , base >= 4.5 && < 4.15+ , base >= 4.5 && < 4.17 , blaze-builder ^>= 0.4.1.0- , bytestring ^>= 0.10.0.0+ , bytestring >= 0.10.0.0 && < 0.12 , case-insensitive ^>= 1.2.0.11 , containers ^>= 0.5.0.0 || ^>= 0.6.0.1 default-language: Haskell2010+ other-extensions:+ BangPatterns+ CPP+ DeriveDataTypeable+ DoAndIfThenElse+ MagicHash+ NamedFieldPuns+ OverloadedStrings+ Rank2Types+ RecordWildCards+ UnboxedTuples ghc-options: -Wall@@ -69,7 +94,7 @@ build-depends: , HsOpenSSL ^>= 0.11.2- , attoparsec ^>= 0.13.2.2+ , attoparsec ^>= 0.13.2.2 || ^>= 0.14.4 , binary ^>= 0.7.1 || ^>= 0.8.3 , cryptohash-sha1 ^>= 0.11.100 , directory ^>= 1.2.0.1 || ^>= 1.3.0.0@@ -92,7 +117,7 @@ -- http-common build-depends:- , base64-bytestring ^>= 1.1.0.0+ , base64-bytestring ^>= 1.2.1.0 , mtl ^>= 2.2.2 hs-source-dirs: http-common/lib
http-streams/lib/Network/Http/Client.hs view
@@ -177,8 +177,6 @@ openConnectionSSL, openConnectionSSL', baselineContextSSL,- voidContextSSL,- contextSetCASystemStore, modifyContextSSL, getContextSSL, establishConnection,
http-streams/lib/Network/Http/Inconvenience.hs view
@@ -28,8 +28,6 @@ encodedFormBody, put, baselineContextSSL,- voidContextSSL,- contextSetCASystemStore, concatHandler', TooManyRedirects(..), HttpClientError(..),@@ -64,7 +62,10 @@ import qualified Data.Text.Encoding as T import Data.Typeable (Typeable) import Data.Word (Word16)-import GHC.Exts (Int(..),word2Int#, uncheckedShiftRL#)+import GHC.Exts (Int(..), word2Int#, uncheckedShiftRL#)+#if MIN_VERSION_base(4,16,0)+import GHC.Exts (word8ToWord#)+#endif import GHC.Word (Word8 (..)) import Network.URI (URI (..), URIAuth (..), isAbsoluteURI, parseRelativeReference, parseURI, uriToString)@@ -137,9 +138,11 @@ toDigit = c2w . intToDigit !low = toDigit $ fromEnum $ c .&. 0xf !hi = toDigit $ (c .&. 0xf0) `shiftr` 4-+#if MIN_VERSION_base(4,16,0)+ shiftr (W8# a#) (I# b#) = I# (word2Int# (uncheckedShiftRL# (word8ToWord# a#) b#))+#else shiftr (W8# a#) (I# b#) = I# (word2Int# (uncheckedShiftRL# a# b#))-+#endif urlEncodeTable :: Set Char urlEncodeTable = Set.fromList $! filter f $! map w2c [0..255]@@ -399,7 +402,6 @@ -- you are encouraged to install the system -- certificates somewhere and create your own 'SSLContext'. ----- See also 'contextSetCASystemStore' {- We would like to turn certificate verification on for everyone, but this has proved contingent on leveraging platform specific mechanisms@@ -410,66 +412,26 @@ baselineContextSSL = withOpenSSL $ do ctx <- SSL.context SSL.contextSetDefaultCiphers ctx-- caSet <- contextSetCASystemStore ctx- if caSet- then SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)- else SSL.contextSetVerificationMode ctx SSL.VerifyNone-- return ctx---- | Construct a /void/ 'SSL.Context' in a configuration which uses--- the @HIGH@ cipher-suite and rejects /any/ presented server--- certificate.------ This is mostly useful for testing purposes or intentionally--- thwarting any attempt to connect to @https://@ uris.------ @since 0.1.6.0-voidContextSSL :: IO SSLContext-voidContextSSL = do- ctx <- SSL.context- SSL.contextSetCiphers ctx "HIGH"- SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True (Just (\_ _ -> return False)))- return ctx- --- | Configure system-wide certificate store based on OS-specific heuristics.------ This function returns 'True' if the 'SSLContext' was configured; or--- 'False' if the location couldn't be termined for the current OS.------ This function is used by 'baselineContextSSL' but in contrast does--- *not* invoke 'SSL.contextSetDefaultCiphers' nor--- 'SSL.contextSetVerificationMode'. See source-code for details on--- the heuristic used to determine the location of the system--- certificate store.------ @since 0.1.6.0-contextSetCASystemStore :: SSLContext -> IO Bool-contextSetCASystemStore ctx = do #if defined(darwin_HOST_OS)- return False+ SSL.contextSetVerificationMode ctx SSL.VerifyNone #elif defined(mingw32_HOST_OS)- return False+ SSL.contextSetVerificationMode ctx SSL.VerifyNone #elif defined(freebsd_HOST_OS) SSL.contextSetCAFile ctx "/usr/local/etc/ssl/cert.pem"- return True+ SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing #elif defined(openbsd_HOST_OS) SSL.contextSetCAFile ctx "/etc/ssl/cert.pem"- return True+ SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing #else- hasFedoraEtcPkiTls <- doesDirectoryExist "/etc/pki/tls"- if hasFedoraEtcPkiTls- then do- SSL.contextSetCAFile ctx "/etc/pki/tls/certs/ca-bundle.crt"- return True- else do- -- Setting this as fallback effectively will cause systems to- -- either fail to verify any certificates (if peer- -- verification is enabled) if the folder doesn't exist.- SSL.contextSetCADirectory ctx "/etc/ssl/certs"- return True+ fedora <- doesDirectoryExist "/etc/pki/tls"+ if fedora+ then do+ SSL.contextSetCAFile ctx "/etc/pki/tls/certs/ca-bundle.crt"+ else do+ SSL.contextSetCADirectory ctx "/etc/ssl/certs"+ SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing #endif+ return ctx parseURL :: URL -> URI