secure-sockets 1.2.3 → 1.2.4
raw patch · 4 files changed
+36/−43 lines, 4 filesdep +HSHdep −processdep ~HsOpenSSLdep ~directory
Dependencies added: HSH
Dependencies removed: process
Dependency ranges changed: HsOpenSSL, directory
Files
- Network/Secure.hs +2/−0
- Network/Secure/Connection.hs +28/−24
- Network/Secure/Identity.hs +2/−15
- secure-sockets.cabal +4/−4
Network/Secure.hs view
@@ -41,7 +41,9 @@ , Connection , peer , read+ , readPtr , write+ , writePtr , close -- ** Misc reexports from 'Network.Socket'
Network/Secure/Connection.hs view
@@ -8,6 +8,8 @@ , Network.Secure.Connection.connect , Network.Secure.Connection.read , Network.Secure.Connection.write+ , Network.Secure.Connection.readPtr+ , Network.Secure.Connection.writePtr , close , Network.Secure.Connection.Socket@@ -28,12 +30,13 @@ contextSetCertificate, contextSetCiphers, contextSetVerificationMode, contextGetCAStore, getPeerCertificate, getVerifyResult, read, shutdown,- write)+ write, readPtr, writePtr) import OpenSSL.X509 (compareX509) import OpenSSL.X509.Store (addCertToStore) import Network.Socket hiding (shutdown) import Network.Secure.Identity+import Foreign.Ptr(Ptr) -- |An established authenticated connection to a peer. It is -- guaranteed that all Connection objects are with a known peer, and@@ -67,11 +70,12 @@ -- 'PeerIdentity'. connect :: LocalIdentity -> [PeerIdentity] -> (HostName, ServiceName) -> IO Connection-connect myId peerIds (host, port) =- do info <- getSockAddr (Just host) port- bracketOnError (newSock info) sClose $ \sock -> do+connect myId peerIds (host, port) = bracketOnError newSock sClose tryConnect+ where+ tryConnect sock = do setSocketOption sock ReuseAddr 1- Network.Socket.connect sock (addrAddress info)+ addr <- getSockAddr (Just host) port+ Network.Socket.connect sock addr connectSSL myId peerIds False sock -- |Read at most 'n' bytes from the given connection.@@ -82,6 +86,14 @@ write :: Connection -> ByteString -> IO () write = OpenSSL.Session.write . ssl +-- |Read at most 'n' bytes from the given connection, into the given raw buffer.+readPtr :: Connection -> Ptr a -> Int -> IO Int+readPtr c p n = OpenSSL.Session.readPtr (ssl c) p n++-- |Send data from the given raw pointer to the connected peer.+writePtr :: Connection -> Ptr a -> Int -> IO ()+writePtr c p n = OpenSSL.Session.writePtr (ssl c) p n+ -- |Close the connection. No other operations on 'Connection's should -- be used after closing it. close :: Connection -> IO ()@@ -93,10 +105,10 @@ newServer :: (Maybe HostName, ServiceName) -> IO Network.Secure.Connection.Socket newServer (host, port) = do- info <- getSockAddr host port- sock <- newSock info+ addr <- getSockAddr host port+ sock <- newSock setSocketOption sock ReuseAddr 1- bindSocket sock (addrAddress info)+ bindSocket sock addr listen sock 10 return $ S sock @@ -106,22 +118,14 @@ accept :: LocalIdentity -> [PeerIdentity] -> Network.Secure.Connection.Socket -> IO Connection accept myId peerIds listenSock = do- result <- try setup :: IO (Either IOException Connection)- case result of- Left _ -> Network.Secure.Connection.accept myId peerIds listenSock- Right conn -> return conn- where- setup = do- sock <- fst <$> Network.Socket.accept (unSocket listenSock)- connectSSL myId peerIds True sock+ sock <- fst <$> Network.Socket.accept (unSocket listenSock)+ connectSSL myId peerIds True sock -getSockAddr :: Maybe HostName -> ServiceName -> IO Network.Socket.AddrInfo+getSockAddr :: Maybe HostName -> ServiceName -> IO SockAddr getSockAddr hn sn = do- let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG]- , addrSocketType = Stream- }+ let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG] } info <- getAddrInfo (Just hints) hn (Just sn)- return (head info)+ return . addrAddress . head $ info connectSSL :: LocalIdentity -> [PeerIdentity] -> Bool -> Network.Socket.Socket -> IO Connection@@ -146,8 +150,8 @@ then OpenSSL.Session.accept else OpenSSL.Session.connect -newSock :: Network.Socket.AddrInfo -> IO Network.Socket.Socket-newSock i = socket (addrFamily i) (addrSocketType i) (addrProtocol i)+newSock :: IO Network.Socket.Socket+newSock = socket AF_INET Stream defaultProtocol newSSLContext :: LocalIdentity -> [PeerIdentity] -> IO SSLContext newSSLContext localId validCerts = do@@ -155,7 +159,7 @@ contextSetPrivateKey ctx (liKey localId) contextSetCertificate ctx (liX509 localId) contextSetCiphers ctx "AES256-SHA"- contextSetVerificationMode ctx $ VerifyPeer True False+ contextSetVerificationMode ctx $ VerifyPeer True False Nothing store <- contextGetCAStore ctx mapM_ (addCertToStore store . piX509) validCerts return ctx
Network/Secure/Identity.hs view
@@ -18,9 +18,9 @@ import Control.Monad (when) import Control.Monad.IO.Class (MonadIO, liftIO) import Data.ByteString (ByteString, append, hPut)-import qualified Data.ByteString as BS import Data.ByteString.Char8 (pack, unpack) import Data.Maybe (fromJust, isNothing)+import HSH import OpenSSL.EVP.PKey (toKeyPair) import OpenSSL.PEM (PemPasswordSupply(PwNone), readPrivateKey, writePKCS8PrivateKey, readX509, writeX509)@@ -31,8 +31,6 @@ import System.Directory (getTemporaryDirectory, removeFile) import System.IO (openBinaryTempFile, hFlush) import System.IO.Unsafe (unsafePerformIO)-import System.Process(runInteractiveProcess,waitForProcess)-import System.Exit(ExitCode(..)) -- |An identity, public or private. class Identity a where@@ -132,22 +130,11 @@ where mkKeyFile = getTemporaryDirectory >>= flip openBinaryTempFile "key.pem" rmKeyFile = removeFile . fst- genKey = ("openssl", ["genrsa", "4096"])+ genKey = "openssl genrsa 4096 2>/dev/null" genCert p = ("openssl", ["req", "-batch", "-new", "-x509", "-key", p, "-nodes", "-subj", "/CN=" ++ commonName, "-days", show days])--run :: (String,[String]) -> IO ByteString-run (x,xs) =- do (_,o,_,h) <- runInteractiveProcess x xs Nothing Nothing- s <- BS.hGetContents o- res <- waitForProcess h- case res of- ExitSuccess -> return s- ExitFailure n -> fail ("External program failed with " ++ show n)-- certMatchesKey :: X509 -> RSAKeyPair -> IO Bool certMatchesKey cert key = do
secure-sockets.cabal view
@@ -1,5 +1,5 @@ Name: secure-sockets-Version: 1.2.3+Version: 1.2.4 Synopsis: Secure point-to-point connectivity library Description: This library simplifies the task of securely connecting two@@ -22,9 +22,9 @@ Network.Secure.Connection Build-depends: base ==4.*, bytestring ==0.9.*,- directory >= 1,- process >= 1 && < 2,- HsOpenSSL >0.8 && <0.10,+ directory ==1.0.*,+ HSH ==2.0.*,+ HsOpenSSL >=0.10.2, network ==2.*, transformers ==0.2.* ghc-prof-options: -auto-all