secure-sockets 1.2.4 → 1.2.5
raw patch · 3 files changed
+36/−21 lines, 3 filesdep +processdep −HSHdep ~directorynew-uploader
Dependencies added: process
Dependencies removed: HSH
Dependency ranges changed: directory
Files
- Network/Secure/Connection.hs +17/−15
- Network/Secure/Identity.hs +15/−2
- secure-sockets.cabal +4/−4
Network/Secure/Connection.hs view
@@ -20,7 +20,7 @@ import Prelude hiding (read) import Control.Applicative ((<$>))-import Control.Exception (IOException, bracketOnError, onException, try)+import Control.Exception (IOException, bracketOnError, onException) import Control.Monad (liftM, unless) import Data.ByteString (ByteString) import Data.Maybe (fromJust)@@ -70,13 +70,13 @@ -- 'PeerIdentity'. connect :: LocalIdentity -> [PeerIdentity] -> (HostName, ServiceName) -> IO Connection-connect myId peerIds (host, port) = bracketOnError newSock sClose tryConnect- where- tryConnect sock = do+connect myId peerIds (host, port) =+ do info <- getSockAddr (Just host) port+ bracketOnError (newSock info) sClose $ \sock -> do setSocketOption sock ReuseAddr 1- addr <- getSockAddr (Just host) port- Network.Socket.connect sock addr- connectSSL myId peerIds False sock+ Network.Socket.connect sock (addrAddress info)+ r <- connectSSL myId peerIds False sock+ return r -- |Read at most 'n' bytes from the given connection. read :: Connection -> Int -> IO ByteString@@ -105,10 +105,10 @@ newServer :: (Maybe HostName, ServiceName) -> IO Network.Secure.Connection.Socket newServer (host, port) = do- addr <- getSockAddr host port- sock <- newSock+ info <- getSockAddr host port+ sock <- newSock info setSocketOption sock ReuseAddr 1- bindSocket sock addr+ bindSocket sock (addrAddress info) listen sock 10 return $ S sock @@ -121,11 +121,13 @@ sock <- fst <$> Network.Socket.accept (unSocket listenSock) connectSSL myId peerIds True sock -getSockAddr :: Maybe HostName -> ServiceName -> IO SockAddr+getSockAddr :: Maybe HostName -> ServiceName -> IO Network.Socket.AddrInfo getSockAddr hn sn = do- let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG] }+ let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG]+ , addrSocketType = Stream+ } info <- getAddrInfo (Just hints) hn (Just sn)- return . addrAddress . head $ info+ return (head info) connectSSL :: LocalIdentity -> [PeerIdentity] -> Bool -> Network.Socket.Socket -> IO Connection@@ -150,8 +152,8 @@ then OpenSSL.Session.accept else OpenSSL.Session.connect -newSock :: IO Network.Socket.Socket-newSock = socket AF_INET Stream defaultProtocol+newSock :: Network.Socket.AddrInfo -> IO Network.Socket.Socket+newSock i = socket (addrFamily i) (addrSocketType i) (addrProtocol i) newSSLContext :: LocalIdentity -> [PeerIdentity] -> IO SSLContext newSSLContext localId validCerts = do
Network/Secure/Identity.hs view
@@ -18,9 +18,9 @@ import Control.Monad (when) import Control.Monad.IO.Class (MonadIO, liftIO) import Data.ByteString (ByteString, append, hPut)+import qualified Data.ByteString as BS import Data.ByteString.Char8 (pack, unpack) import Data.Maybe (fromJust, isNothing)-import HSH import OpenSSL.EVP.PKey (toKeyPair) import OpenSSL.PEM (PemPasswordSupply(PwNone), readPrivateKey, writePKCS8PrivateKey, readX509, writeX509)@@ -31,6 +31,8 @@ import System.Directory (getTemporaryDirectory, removeFile) import System.IO (openBinaryTempFile, hFlush) import System.IO.Unsafe (unsafePerformIO)+import System.Process(runInteractiveProcess,waitForProcess)+import System.Exit(ExitCode(..)) -- |An identity, public or private. class Identity a where@@ -130,11 +132,22 @@ where mkKeyFile = getTemporaryDirectory >>= flip openBinaryTempFile "key.pem" rmKeyFile = removeFile . fst- genKey = "openssl genrsa 4096 2>/dev/null"+ genKey = ("openssl", ["genrsa", "4096"]) genCert p = ("openssl", ["req", "-batch", "-new", "-x509", "-key", p, "-nodes", "-subj", "/CN=" ++ commonName, "-days", show days])++run :: (String,[String]) -> IO ByteString+run (x,xs) =+ do (_,o,_,h) <- runInteractiveProcess x xs Nothing Nothing+ s <- BS.hGetContents o+ res <- waitForProcess h+ case res of+ ExitSuccess -> return s+ ExitFailure n -> fail ("External program failed with " ++ show n)++ certMatchesKey :: X509 -> RSAKeyPair -> IO Bool certMatchesKey cert key = do
secure-sockets.cabal view
@@ -1,5 +1,5 @@ Name: secure-sockets-Version: 1.2.4+Version: 1.2.5 Synopsis: Secure point-to-point connectivity library Description: This library simplifies the task of securely connecting two@@ -22,11 +22,11 @@ Network.Secure.Connection Build-depends: base ==4.*, bytestring ==0.9.*,- directory ==1.0.*,- HSH ==2.0.*,+ directory, HsOpenSSL >=0.10.2, network ==2.*,- transformers ==0.2.*+ transformers ==0.2.*,+ process ghc-prof-options: -auto-all ghc-options: -Wall -funbox-strict-fields -fwarn-tabs