packages feed

http2-tls 0.4.6 → 0.4.7

raw patch · 3 files changed

+44/−33 lines, 3 filesdep +crypton-x509-systemPVP ok

version bump matches the API change (PVP)

Dependencies added: crypton-x509-system

API changes (from Hackage documentation)

+ Network.HTTP2.TLS.Client: settingsOnServerCertificate :: Settings -> OnServerCertificate
+ Network.HTTP2.TLS.Client: settingsUseServerNameIndication :: Settings -> Bool

Files

Network/HTTP2/TLS/Client.hs view
@@ -26,6 +26,7 @@     defaultSettings,     settingsKeyLogger,     settingsValidateCert,+    settingsOnServerCertificate,     settingsCAStore,     settingsAddrInfoFlags,     settingsCacheLimit,@@ -33,6 +34,7 @@     settingsConnectionWindowSize,     settingsStreamWindowSize,     settingsServerNameOverride,+    settingsUseServerNameIndication,     settingsSessionManager,     settingsWantSessionResume,     settingsWantSessionResumeList,@@ -51,13 +53,13 @@ import Data.ByteString (ByteString) import qualified Data.ByteString.Char8 as BS.C8 import Data.Maybe (fromMaybe)-import Data.X509.Validation (validateDefault) import Network.HTTP2.Client (Authority, Client, ClientConfig) import qualified Network.HTTP2.Client as H2Client import Network.Run.TCP (runTCPClientWithSettings) import qualified Network.Run.TCP as TCP import Network.Socket import Network.TLS hiding (HostName)+import System.X509 (getSystemCertificateStore)  import Network.HTTP2.TLS.Client.Settings import Network.HTTP2.TLS.Config@@ -120,20 +122,14 @@     runTCPClientWithSettings tcpSettings serverName (show port) $ \sock -> do         mysa <- getSocketName sock         peersa <- getPeerName sock+        params <- getClientParams settings sni port alpn         ctx <- contextNew sock params         handshake ctx         r <- action ctx mysa peersa         bye ctx         return r   where-    -- TLS client parameters-    params :: ClientParams-    params =-        getClientParams-            settings-            (fromMaybe (H2Client.authority cliconf) $ settingsServerNameOverride)-            port-            alpn+    sni = fromMaybe (H2Client.authority cliconf) $ settingsServerNameOverride     tcpSettings =         TCP.defaultSettings             { TCP.settingsOpenClientSocket = settingsOpenClientSocket@@ -229,33 +225,38 @@     -- [ServiceID](https://hackage.haskell.org/package/x509-validation-1.6.12/docs/Data-X509-Validation.html#t:ServiceID).     -> ByteString     -- ^ ALPN-    -> ClientParams-getClientParams Settings{..} serverName port alpn =+    -> IO ClientParams+getClientParams Settings{..} sni port alpn = do+    caStore <-+        if settingsValidateCert+            then getSystemCertificateStore+            else return mempty+    let shared =+            defaultShared+                { sharedValidationCache = validateCache+                , sharedCAStore = caStore+                , sharedSessionManager = settingsSessionManager+                }     -- RFC 4366 mandates UTF-8 for SNI     -- <https://datatracker.ietf.org/doc/html/rfc4366#section-3.1>-    (defaultParamsClient serverName (BS.C8.pack $ show port))-        { clientSupported = supported-        , clientWantSessionResume = settingsWantSessionResume-        , clientWantSessionResumeList = settingsWantSessionResumeList-        , clientUseServerNameIndication = True-        , clientShared = shared-        , clientHooks = hooks-        , clientDebug = debug-        , clientUseEarlyData = settingsUseEarlyData-        }-  where-    shared =-        defaultShared-            { sharedValidationCache = validateCache-            , sharedCAStore = settingsCAStore-            , sharedSessionManager = settingsSessionManager+    return+        (defaultParamsClient sni (BS.C8.pack $ show port))+            { clientSupported = supported+            , clientWantSessionResume = settingsWantSessionResume+            , clientWantSessionResumeList = settingsWantSessionResumeList+            , clientUseServerNameIndication = settingsUseServerNameIndication+            , clientShared = shared+            , clientHooks = hooks+            , clientDebug = debug+            , clientUseEarlyData = settingsUseEarlyData             }+  where     supported = strongSupported     hooks =         defaultClientHooks             { onSuggestALPN = return $ Just [alpn]-            , onServerCertificate = validateCert             , onServerFinished = settingsOnServerFinished+            , onServerCertificate = settingsOnServerCertificate             }     validateCache         | settingsValidateCert = defaultValidationCache@@ -263,9 +264,6 @@             ValidationCache                 (\_ _ _ -> return ValidationCachePass)                 (\_ _ _ -> return ())-    validateCert-        | settingsValidateCert = validateDefault-        | otherwise = \_ _ _ _ -> return []     debug =         defaultDebugParams             { debugKeyLogger = settingsKeyLogger
Network/HTTP2/TLS/Client/Settings.hs view
@@ -1,6 +1,7 @@ module Network.HTTP2.TLS.Client.Settings where  import Data.X509.CertificateStore (CertificateStore)+import Data.X509.Validation (validateDefault) import Network.Socket  import Network.Control@@ -11,6 +12,7 @@ import Network.Run.TCP (openClientSocket) import Network.TLS (     Information,+    OnServerCertificate,     SessionData,     SessionID,     SessionManager,@@ -31,8 +33,12 @@     --     -- >>> settingsValidateCert defaultSettings     -- True+    , settingsOnServerCertificate :: OnServerCertificate+    -- ^ How to validate server certificates.+    --+    -- Default: 'validateDefault'     , settingsCAStore :: CertificateStore-    -- ^ Certificate store used for validation. (TLS and H2)+    -- ^ Obsoleted.     --     -- Default: 'mempty'.     , settingsServerNameOverride :: Maybe HostName@@ -44,6 +50,10 @@     -- be different (for example in the case of domain fronting);     -- 'settingsServerNameOverride' can be used to give SNI a different value     -- than @:authority@.+    , settingsUseServerNameIndication :: Bool+    -- ^ If 'True', SNI is used. Otherwise, the SNI extension is not sent.+    --+    -- Default: 'True'     , settingsAddrInfoFlags :: [AddrInfoFlag]     -- ^ Obsoleted.     , settingsCacheLimit :: Int@@ -121,8 +131,10 @@     Settings         { settingsKeyLogger = defaultKeyLogger         , settingsValidateCert = True+        , settingsOnServerCertificate = validateDefault         , settingsCAStore = mempty         , settingsServerNameOverride = Nothing+        , settingsUseServerNameIndication = True         , settingsAddrInfoFlags = []         , settingsCacheLimit = cacheLimit defaultClientConfig         , settingsConcurrentStreams = defaultMaxStreams
http2-tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name:          http2-tls-version:       0.4.6+version:       0.4.7 license:       BSD3 license-file:  LICENSE maintainer:    Kazu Yamamoto <kazu@iij.ad.jp>@@ -39,6 +39,7 @@         base >=4.9 && <5,         bytestring >=0.10,         crypton-x509-store >=1.6 && <1.7,+        crypton-x509-system >=1.6 && <1.7,         crypton-x509-validation >=1.6 && <1.7,         http2 >=5.3.9 && <5.4,         network >=3.1.4,