http2-tls 0.4.6 → 0.4.7
raw patch · 3 files changed
+44/−33 lines, 3 filesdep +crypton-x509-systemPVP ok
version bump matches the API change (PVP)
Dependencies added: crypton-x509-system
API changes (from Hackage documentation)
+ Network.HTTP2.TLS.Client: settingsOnServerCertificate :: Settings -> OnServerCertificate
+ Network.HTTP2.TLS.Client: settingsUseServerNameIndication :: Settings -> Bool
Files
- Network/HTTP2/TLS/Client.hs +29/−31
- Network/HTTP2/TLS/Client/Settings.hs +13/−1
- http2-tls.cabal +2/−1
Network/HTTP2/TLS/Client.hs view
@@ -26,6 +26,7 @@ defaultSettings, settingsKeyLogger, settingsValidateCert,+ settingsOnServerCertificate, settingsCAStore, settingsAddrInfoFlags, settingsCacheLimit,@@ -33,6 +34,7 @@ settingsConnectionWindowSize, settingsStreamWindowSize, settingsServerNameOverride,+ settingsUseServerNameIndication, settingsSessionManager, settingsWantSessionResume, settingsWantSessionResumeList,@@ -51,13 +53,13 @@ import Data.ByteString (ByteString) import qualified Data.ByteString.Char8 as BS.C8 import Data.Maybe (fromMaybe)-import Data.X509.Validation (validateDefault) import Network.HTTP2.Client (Authority, Client, ClientConfig) import qualified Network.HTTP2.Client as H2Client import Network.Run.TCP (runTCPClientWithSettings) import qualified Network.Run.TCP as TCP import Network.Socket import Network.TLS hiding (HostName)+import System.X509 (getSystemCertificateStore) import Network.HTTP2.TLS.Client.Settings import Network.HTTP2.TLS.Config@@ -120,20 +122,14 @@ runTCPClientWithSettings tcpSettings serverName (show port) $ \sock -> do mysa <- getSocketName sock peersa <- getPeerName sock+ params <- getClientParams settings sni port alpn ctx <- contextNew sock params handshake ctx r <- action ctx mysa peersa bye ctx return r where- -- TLS client parameters- params :: ClientParams- params =- getClientParams- settings- (fromMaybe (H2Client.authority cliconf) $ settingsServerNameOverride)- port- alpn+ sni = fromMaybe (H2Client.authority cliconf) $ settingsServerNameOverride tcpSettings = TCP.defaultSettings { TCP.settingsOpenClientSocket = settingsOpenClientSocket@@ -229,33 +225,38 @@ -- [ServiceID](https://hackage.haskell.org/package/x509-validation-1.6.12/docs/Data-X509-Validation.html#t:ServiceID). -> ByteString -- ^ ALPN- -> ClientParams-getClientParams Settings{..} serverName port alpn =+ -> IO ClientParams+getClientParams Settings{..} sni port alpn = do+ caStore <-+ if settingsValidateCert+ then getSystemCertificateStore+ else return mempty+ let shared =+ defaultShared+ { sharedValidationCache = validateCache+ , sharedCAStore = caStore+ , sharedSessionManager = settingsSessionManager+ } -- RFC 4366 mandates UTF-8 for SNI -- <https://datatracker.ietf.org/doc/html/rfc4366#section-3.1>- (defaultParamsClient serverName (BS.C8.pack $ show port))- { clientSupported = supported- , clientWantSessionResume = settingsWantSessionResume- , clientWantSessionResumeList = settingsWantSessionResumeList- , clientUseServerNameIndication = True- , clientShared = shared- , clientHooks = hooks- , clientDebug = debug- , clientUseEarlyData = settingsUseEarlyData- }- where- shared =- defaultShared- { sharedValidationCache = validateCache- , sharedCAStore = settingsCAStore- , sharedSessionManager = settingsSessionManager+ return+ (defaultParamsClient sni (BS.C8.pack $ show port))+ { clientSupported = supported+ , clientWantSessionResume = settingsWantSessionResume+ , clientWantSessionResumeList = settingsWantSessionResumeList+ , clientUseServerNameIndication = settingsUseServerNameIndication+ , clientShared = shared+ , clientHooks = hooks+ , clientDebug = debug+ , clientUseEarlyData = settingsUseEarlyData }+ where supported = strongSupported hooks = defaultClientHooks { onSuggestALPN = return $ Just [alpn]- , onServerCertificate = validateCert , onServerFinished = settingsOnServerFinished+ , onServerCertificate = settingsOnServerCertificate } validateCache | settingsValidateCert = defaultValidationCache@@ -263,9 +264,6 @@ ValidationCache (\_ _ _ -> return ValidationCachePass) (\_ _ _ -> return ())- validateCert- | settingsValidateCert = validateDefault- | otherwise = \_ _ _ _ -> return [] debug = defaultDebugParams { debugKeyLogger = settingsKeyLogger
Network/HTTP2/TLS/Client/Settings.hs view
@@ -1,6 +1,7 @@ module Network.HTTP2.TLS.Client.Settings where import Data.X509.CertificateStore (CertificateStore)+import Data.X509.Validation (validateDefault) import Network.Socket import Network.Control@@ -11,6 +12,7 @@ import Network.Run.TCP (openClientSocket) import Network.TLS ( Information,+ OnServerCertificate, SessionData, SessionID, SessionManager,@@ -31,8 +33,12 @@ -- -- >>> settingsValidateCert defaultSettings -- True+ , settingsOnServerCertificate :: OnServerCertificate+ -- ^ How to validate server certificates.+ --+ -- Default: 'validateDefault' , settingsCAStore :: CertificateStore- -- ^ Certificate store used for validation. (TLS and H2)+ -- ^ Obsoleted. -- -- Default: 'mempty'. , settingsServerNameOverride :: Maybe HostName@@ -44,6 +50,10 @@ -- be different (for example in the case of domain fronting); -- 'settingsServerNameOverride' can be used to give SNI a different value -- than @:authority@.+ , settingsUseServerNameIndication :: Bool+ -- ^ If 'True', SNI is used. Otherwise, the SNI extension is not sent.+ --+ -- Default: 'True' , settingsAddrInfoFlags :: [AddrInfoFlag] -- ^ Obsoleted. , settingsCacheLimit :: Int@@ -121,8 +131,10 @@ Settings { settingsKeyLogger = defaultKeyLogger , settingsValidateCert = True+ , settingsOnServerCertificate = validateDefault , settingsCAStore = mempty , settingsServerNameOverride = Nothing+ , settingsUseServerNameIndication = True , settingsAddrInfoFlags = [] , settingsCacheLimit = cacheLimit defaultClientConfig , settingsConcurrentStreams = defaultMaxStreams
http2-tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: http2-tls-version: 0.4.6+version: 0.4.7 license: BSD3 license-file: LICENSE maintainer: Kazu Yamamoto <kazu@iij.ad.jp>@@ -39,6 +39,7 @@ base >=4.9 && <5, bytestring >=0.10, crypton-x509-store >=1.6 && <1.7,+ crypton-x509-system >=1.6 && <1.7, crypton-x509-validation >=1.6 && <1.7, http2 >=5.3.9 && <5.4, network >=3.1.4,