packages feed

secure-sockets 1.2.3 → 1.2.4

raw patch · 4 files changed

+36/−43 lines, 4 filesdep +HSHdep −processdep ~HsOpenSSLdep ~directory

Dependencies added: HSH

Dependencies removed: process

Dependency ranges changed: HsOpenSSL, directory

Files

Network/Secure.hs view
@@ -41,7 +41,9 @@     , Connection     , peer       , read+    , readPtr     , write+    , writePtr     , close        -- ** Misc reexports from 'Network.Socket'
Network/Secure/Connection.hs view
@@ -8,6 +8,8 @@     , Network.Secure.Connection.connect     , Network.Secure.Connection.read     , Network.Secure.Connection.write+    , Network.Secure.Connection.readPtr+    , Network.Secure.Connection.writePtr     , close          , Network.Secure.Connection.Socket@@ -28,12 +30,13 @@                         contextSetCertificate, contextSetCiphers,                         contextSetVerificationMode, contextGetCAStore,                         getPeerCertificate, getVerifyResult, read, shutdown,-                        write)+                        write, readPtr, writePtr) import OpenSSL.X509 (compareX509) import OpenSSL.X509.Store (addCertToStore) import Network.Socket hiding (shutdown)  import Network.Secure.Identity+import Foreign.Ptr(Ptr)  -- |An established authenticated connection to a peer. It is -- guaranteed that all Connection objects are with a known peer, and@@ -67,11 +70,12 @@ -- 'PeerIdentity'. connect :: LocalIdentity -> [PeerIdentity] -> (HostName, ServiceName)         -> IO Connection-connect myId peerIds (host, port) =-  do info <- getSockAddr (Just host) port-     bracketOnError (newSock info) sClose $ \sock -> do+connect myId peerIds (host, port) = bracketOnError newSock sClose tryConnect+  where+    tryConnect sock = do         setSocketOption sock ReuseAddr 1-        Network.Socket.connect sock (addrAddress info)+        addr <- getSockAddr (Just host) port+        Network.Socket.connect sock addr         connectSSL myId peerIds False sock  -- |Read at most 'n' bytes from the given connection.@@ -82,6 +86,14 @@ write :: Connection -> ByteString -> IO () write = OpenSSL.Session.write . ssl +-- |Read at most 'n' bytes from the given connection, into the given raw buffer.+readPtr :: Connection -> Ptr a -> Int -> IO Int+readPtr c p n = OpenSSL.Session.readPtr (ssl c) p n++-- |Send data from the given raw pointer to the connected peer.+writePtr :: Connection -> Ptr a -> Int -> IO ()+writePtr c p n = OpenSSL.Session.writePtr (ssl c) p n+ -- |Close the connection. No other operations on 'Connection's should -- be used after closing it. close :: Connection -> IO ()@@ -93,10 +105,10 @@ newServer :: (Maybe HostName, ServiceName)           -> IO Network.Secure.Connection.Socket newServer (host, port) = do-    info <- getSockAddr host port-    sock <- newSock info+    addr <- getSockAddr host port+    sock <- newSock     setSocketOption sock ReuseAddr 1-    bindSocket sock (addrAddress info)+    bindSocket sock addr     listen sock 10     return $ S sock @@ -106,22 +118,14 @@ accept :: LocalIdentity -> [PeerIdentity] -> Network.Secure.Connection.Socket         -> IO Connection accept myId peerIds listenSock = do-    result <- try setup :: IO (Either IOException Connection)-    case result of-        Left _     -> Network.Secure.Connection.accept myId peerIds listenSock-        Right conn -> return conn-  where-    setup = do-        sock <- fst <$> Network.Socket.accept (unSocket listenSock)-        connectSSL myId peerIds True sock+  sock <- fst <$> Network.Socket.accept (unSocket listenSock)+  connectSSL myId peerIds True sock -getSockAddr :: Maybe HostName -> ServiceName -> IO Network.Socket.AddrInfo+getSockAddr :: Maybe HostName -> ServiceName -> IO SockAddr getSockAddr hn sn = do-    let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG]-                             , addrSocketType = Stream-                             }+    let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG] }     info <- getAddrInfo (Just hints) hn (Just sn)-    return (head info)+    return . addrAddress . head $ info  connectSSL :: LocalIdentity -> [PeerIdentity] -> Bool -> Network.Socket.Socket            -> IO Connection@@ -146,8 +150,8 @@                then OpenSSL.Session.accept                else OpenSSL.Session.connect -newSock :: Network.Socket.AddrInfo -> IO Network.Socket.Socket-newSock i = socket (addrFamily i) (addrSocketType i) (addrProtocol i)+newSock :: IO Network.Socket.Socket+newSock = socket AF_INET Stream defaultProtocol  newSSLContext :: LocalIdentity -> [PeerIdentity] -> IO SSLContext newSSLContext localId validCerts = do@@ -155,7 +159,7 @@     contextSetPrivateKey ctx (liKey localId)     contextSetCertificate ctx (liX509 localId)     contextSetCiphers ctx "AES256-SHA"-    contextSetVerificationMode ctx $ VerifyPeer True False+    contextSetVerificationMode ctx $ VerifyPeer True False Nothing     store <- contextGetCAStore ctx     mapM_ (addCertToStore store . piX509) validCerts     return ctx
Network/Secure/Identity.hs view
@@ -18,9 +18,9 @@ import Control.Monad (when) import Control.Monad.IO.Class (MonadIO, liftIO) import Data.ByteString (ByteString, append, hPut)-import qualified Data.ByteString as BS import Data.ByteString.Char8 (pack, unpack) import Data.Maybe (fromJust, isNothing)+import HSH import OpenSSL.EVP.PKey (toKeyPair) import OpenSSL.PEM (PemPasswordSupply(PwNone), readPrivateKey,                     writePKCS8PrivateKey, readX509, writeX509)@@ -31,8 +31,6 @@ import System.Directory (getTemporaryDirectory, removeFile) import System.IO (openBinaryTempFile, hFlush) import System.IO.Unsafe (unsafePerformIO)-import System.Process(runInteractiveProcess,waitForProcess)-import System.Exit(ExitCode(..))  -- |An identity, public or private. class Identity a where@@ -132,22 +130,11 @@   where     mkKeyFile = getTemporaryDirectory >>= flip openBinaryTempFile "key.pem"     rmKeyFile = removeFile . fst-    genKey    = ("openssl", ["genrsa", "4096"])+    genKey = "openssl genrsa 4096 2>/dev/null"     genCert p = ("openssl", ["req", "-batch", "-new", "-x509",                              "-key", p, "-nodes",                              "-subj", "/CN=" ++ commonName,                              "-days", show days])--run :: (String,[String]) -> IO ByteString-run (x,xs) =-  do (_,o,_,h) <- runInteractiveProcess x xs Nothing Nothing-     s   <- BS.hGetContents o-     res <- waitForProcess h-     case res of-       ExitSuccess   -> return s-       ExitFailure n -> fail ("External program failed with " ++ show n)--  certMatchesKey :: X509 -> RSAKeyPair -> IO Bool certMatchesKey cert key = do
secure-sockets.cabal view
@@ -1,5 +1,5 @@ Name:                secure-sockets-Version:             1.2.3+Version:             1.2.4 Synopsis:            Secure point-to-point connectivity library Description:     This library simplifies the task of securely connecting two@@ -22,9 +22,9 @@                        Network.Secure.Connection   Build-depends:       base ==4.*,                        bytestring ==0.9.*,-                       directory >= 1,-                       process >= 1 && < 2,-                       HsOpenSSL >0.8 && <0.10,+                       directory ==1.0.*,+                       HSH ==2.0.*,+                       HsOpenSSL >=0.10.2,                        network ==2.*,                        transformers ==0.2.*   ghc-prof-options:    -auto-all