packages feed

peyotls 0.1.1.0 → 0.1.2.0

raw patch · 6 files changed

+52/−28 lines, 6 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

+ Network.PeyoTLS.Client: checkName :: HandleLike h => TlsHandle h g -> String -> TlsM h g Bool
+ Network.PeyoTLS.Client: open' :: (ValidateHandle h, CPRG g) => h -> String -> [CipherSuite] -> [(CertSecretKey, CertificateChain)] -> CertificateStore -> TlsM h g (TlsHandle h g)

Files

examples/clcertClient.hs view
@@ -21,10 +21,7 @@ 	h <- connectTo "localhost" $ PortNumber 443 	g <- cprgCreate <$> createEntropyPool :: IO SystemRNG 	(`run` g) $ do-		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca-		nms <- getNames p-		unless ("localhost" `elem` nms) $-			error "certificate name mismatch"+		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca 		hlPut p "GET / HTTP/1.1 \r\n" 		hlPut p "Host: localhost\r\n\r\n" 		doUntil BSC.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn
examples/clcertEcdsaClient.hs view
@@ -23,10 +23,8 @@ 	h <- connectTo "localhost" $ PortNumber 443 	g <- cprgCreate <$> createEntropyPool :: IO SystemRNG 	(`run` g) $ do-		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(ek, ec), (rk, rc)] ca-		nms <- getNames p-		unless ("localhost" `elem` nms) $-			error "certificate name mismatch"+		p <- open' h "localhost"+			["TLS_RSA_WITH_AES_128_CBC_SHA"] [(ek, ec), (rk, rc)] ca 		hlPut p "GET / HTTP/1.1 \r\n" 		hlPut p "Host: localhost\r\n\r\n" 		doUntil BSC.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn
examples/eccClient.hs view
@@ -30,10 +30,7 @@ 	h <- connectTo "localhost" $ PortNumber 443 	g <- cprgCreate <$> createEntropyPool :: IO SystemRNG 	(`run` g) $ do-		p <- open h cipherSuites [] ca-		nms <- getNames p-		unless ("localhost" `elem` nms p) $-			error "certificate name mismatch"+		p <- open' h "localhost" cipherSuites [] ca 		hlPut p "GET / HTTP/1.1 \r\n" 		hlPut p "Host: localhost\r\n\r\n" 		doUntil BSC.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn
examples/simpleClient.hs view
@@ -19,10 +19,7 @@ 	h <- connectTo "localhost" $ PortNumber 443 	g <- cprgCreate <$> createEntropyPool :: IO SystemRNG 	(`run` g) $ do-		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca-		nms <- getNames p-		unless ("localhost" `elem` nms) $-			error "certificate name mismatch"+		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca 		hlPut p "GET / HTTP/1.1 \r\n" 		hlPut p "Host: localhost\r\n\r\n" 		doUntil BSC.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn
peyotls.cabal view
@@ -2,7 +2,7 @@ cabal-version:	>= 1.8  name:		peyotls-version:	0.1.1.0+version:	0.1.2.0 stability:	Experimental author:		Yoshikuni Jujo <PAF01143@nifty.ne.jp> maintainer:	Yoshikuni Jujo <PAF01143@nifty.ne.jp>@@ -147,10 +147,8 @@     > 	h <- connectTo "localhost" $ PortNumber 443     > 	g <- cprgCreate <$> createEntropyPool :: IO SystemRNG     > 	(`run` g) $ do-    > 		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca+    > 		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca     >		nms <- getNames p-    > 		unless ("localhost" `elem` nms) $-    > 			error "certificate name mismatch"     > 		hlPut p "GET / HTTP/1.1 \r\n"     > 		hlPut p "Host: localhost\r\n\r\n"     > 		doUntil BSC.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn@@ -181,9 +179,9 @@     > >	rk <- readKey "client_rsa.key"     > >	rc <- readCertificateChain ["client_rsa.crt"]     > 20c22-    > <		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca+    > <		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca     > ----    > >		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca+    > >		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca     .     Client certificate client (ECDSA or RSA certificate)     .@@ -194,9 +192,9 @@     > >	ek <- readKey "client_ecdsa.key"     > >	ec <- readCertificateChain ["client_ecdsa.crt"]     > 22c24-    > <		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca+    > <		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca     > ----    > >		p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(ek, ec), (rk, rc)] ca+    > >		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(ek, ec), (rk, rc)] ca     .     ECC server (use ECC or RSA depending on client)     .@@ -246,9 +244,9 @@     > >       "TLS_RSA_WITH_AES_128_CBC_SHA" ]     > >     > 20c31-    > <               p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca+    > <               p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca     > ----    > >               p <- open h cipherSuites [] ca+    > >               p <- open' h "localhost" cipherSuites [] ca     .  extra-source-files:@@ -283,7 +281,7 @@ source-repository	this     type:	git     location:	git://github.com/YoshikuniJujo/peyotls.git-    tag:	peyotls-0.1.1.0+    tag:	peyotls-0.1.2.0  library     hs-source-dirs:	src
src/Network/PeyoTLS/Client.hs view
@@ -12,7 +12,8 @@  module Network.PeyoTLS.Client ( 	-- * Basic-	PeyotlsM, PeyotlsHandle, TlsM, TlsHandle, run, open, getNames,+	PeyotlsM, PeyotlsHandle, TlsM, TlsHandle,+	run, open, open', getNames, checkName, 	-- * Renegotiation 	renegotiate, setCipherSuites, setKeyCerts, setCertificateStore, 	-- * Cipher Suite@@ -25,6 +26,7 @@ import "monads-tf" Control.Monad.Error.Class (strMsg) import Data.Maybe (fromMaybe) import Data.List (find, intersect)+import Data.Function (on) import Data.HandleLike (HandleLike(..)) import System.IO (Handle) import "crypto-random" Crypto.Random (CPRG, SystemRNG, cprgGenerate)@@ -84,12 +86,47 @@ getNames :: HandleLike h => TlsHandle h g -> TlsM h g [String] getNames = BASE.getNames . tlsHandleC +checkName :: HandleLike h => TlsHandle h g -> String -> TlsM h g Bool+checkName t n = flip toCheckName n `liftM` getNames t++toCheckName :: [String] -> String -> Bool+toCheckName s0s s = any (`toCheckName1` s) s0s++toCheckName1 :: String -> String -> Bool+toCheckName1 = on checkSepNames $ sepBy '.'++sepBy :: Eq a => a ->[a] -> [[a]]+sepBy x0 xs+	| (t, _ : d) <- span (/= x0) xs = t : sepBy x0 d+	| otherwise = [xs]++checkSepNames :: [String] -> [String] -> Bool+checkSepNames [] [] = True+checkSepNames _ [] = False+checkSepNames [] _ = False+checkSepNames ("*" : ns0) (_ : ns) = checkSepNames ns0 ns+checkSepNames (n0 : ns0) (n : ns) = n0 == n && checkSepNames ns0 ns++-- | Don't forget check server name by checkName.+ open :: (ValidateHandle h, CPRG g) => h -> [CipherSuite] -> 	[(CertSecretKey, X509.CertificateChain)] -> X509.CertificateStore -> 	TlsM h g (TlsHandle h g) open h cscl crts ca = (TlsHandleC `liftM`) . execHandshakeM h $ do 	setSettingsC (cscl, crts, ca) 	handshake crts ca =<< clientHello cscl++-- | This function open and check server name.+--   Use this so as not to forget to check server name.++open' :: (ValidateHandle h, CPRG g) => h -> String -> [CipherSuite] ->+	[(CertSecretKey, X509.CertificateChain)] -> X509.CertificateStore ->+	TlsM h g (TlsHandle h g)+open' h n cscl crts ca = do+	t <- open h cscl crts ca+	c <- checkName t n+	unless c . E.throwError $ strMsg "certificate name mismatch"+	return t  renegotiate :: (ValidateHandle h, CPRG g) => TlsHandle h g -> TlsM h g () renegotiate (TlsHandleC t) = rerunHandshakeM t $ do