tcp-streams 0.5.0.0 → 0.6.0.0
raw patch · 9 files changed
+59/−350 lines, 9 filesdep −HsOpenSSLdep −HsOpenSSL-x509-systemPVP ok
version bump matches the API change (PVP)
Dependencies removed: HsOpenSSL, HsOpenSSL-x509-system
API changes (from Hackage documentation)
- Data.OpenSSLSetting: CustomCAStore :: FilePath -> TrustedCAStore
- Data.OpenSSLSetting: MozillaCAStore :: TrustedCAStore
- Data.OpenSSLSetting: SystemCAStore :: TrustedCAStore
- Data.OpenSSLSetting: data TrustedCAStore
- Data.OpenSSLSetting: makeClientSSLContext :: TrustedCAStore -> IO SSLContext
- Data.OpenSSLSetting: makeClientSSLContext' :: FilePath -> [FilePath] -> FilePath -> TrustedCAStore -> IO SSLContext
- Data.OpenSSLSetting: makeServerSSLContext :: FilePath -> [FilePath] -> FilePath -> IO SSLContext
- Data.OpenSSLSetting: makeServerSSLContext' :: FilePath -> [FilePath] -> FilePath -> TrustedCAStore -> IO SSLContext
- System.IO.Streams.OpenSSL: accept :: SSLContext -> Socket -> IO (InputStream ByteString, OutputStream ByteString, SSL, SockAddr)
- System.IO.Streams.OpenSSL: close :: SSL -> IO ()
- System.IO.Streams.OpenSSL: connect :: SSLContext -> Maybe String -> HostName -> PortNumber -> IO (InputStream ByteString, OutputStream ByteString, SSL)
- System.IO.Streams.OpenSSL: sslToStreams :: SSL -> IO (InputStream ByteString, OutputStream ByteString)
- System.IO.Streams.OpenSSL: withConnection :: SSLContext -> Maybe String -> HostName -> PortNumber -> (InputStream ByteString -> OutputStream ByteString -> SSL -> IO a) -> IO a
+ Data.TLSSetting: mozillaCAStorePath :: IO FilePath
Files
- ChangeLog.md +6/−1
- Data/OpenSSLSetting.hs +0/−91
- Data/TLSSetting.hs +9/−3
- README.md +3/−9
- System/IO/Streams/OpenSSL.hs +0/−158
- System/IO/Streams/TLS.hs +0/−1
- mozillaCAStore.pem +38/−8
- tcp-streams.cabal +3/−22
- test/Main.hs +0/−57
ChangeLog.md view
@@ -1,4 +1,9 @@-# Revision history for tcp-simple+# Revision history for tcp-streams++## 0.6.0.0++* Update built-in mozilla CA list(2016/11/02).+* Split openssl part into [tcp-streams-openssl](hackage.haskell.org/package/tcp-streams-openssl) ## 0.5.0.0
− Data/OpenSSLSetting.hs
@@ -1,91 +0,0 @@--- | Helpers for setting up a tls connection with @HsOpenSSL@ package,--- for further customization, please refer to @HsOpenSSL@ package.------ Note, functions in this module will throw error if can't load certificates or CA store.----module Data.OpenSSLSetting- ( -- * choose a CAStore- TrustedCAStore(..)- -- * make TLS settings- , makeClientSSLContext- , makeClientSSLContext'- , makeServerSSLContext- , makeServerSSLContext'- ) where--import qualified OpenSSL.X509.SystemStore as X509-import qualified OpenSSL.Session as SSL-import OpenSSL (withOpenSSL)-import Paths_tcp_streams (getDataFileName)-import Data.TLSSetting (TrustedCAStore(..))---makeCAStore :: TrustedCAStore -> SSL.SSLContext -> IO ()-makeCAStore SystemCAStore ctx = X509.contextLoadSystemCerts ctx-makeCAStore MozillaCAStore ctx = do- fp <- getDataFileName "mozillaCAStore.pem"- SSL.contextSetCAFile ctx fp-makeCAStore (CustomCAStore fp) ctx = SSL.contextSetCAFile ctx fp---- | make a simple 'SSL.SSLContext' that will validate server and use tls connection--- without providing client's own certificate. suitable for connecting server which don't--- validate clients.----makeClientSSLContext :: TrustedCAStore -- ^ trusted certificates.- -> IO SSL.SSLContext-makeClientSSLContext tca = withOpenSSL $ do- let caStore = makeCAStore tca- ctx <- SSL.context- caStore ctx- SSL.contextSetDefaultCiphers ctx- SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)- return ctx---- | make a simple 'SSL.SSLContext' that will validate server and use tls connection--- while providing client's own certificate. suitable for connecting server which--- validate clients.------ The chain certificate must be in PEM format and must be sorted starting with the subject's certificate--- (actual client or server certificate), followed by intermediate CA certificates if applicable,--- and ending at the highest level (root) CA.----makeClientSSLContext' :: FilePath -- ^ public certificate (X.509 format).- -> [FilePath] -- ^ chain certificate (X.509 format).- -> FilePath -- ^ private key associated.- -> TrustedCAStore -- ^ server will use these certificates to validate clients.- -> IO SSL.SSLContext-makeClientSSLContext' pub certs priv tca = withOpenSSL $ do- let caStore = makeCAStore tca- ctx <- SSL.context- caStore ctx- SSL.contextSetDefaultCiphers ctx- SSL.contextSetCertificateFile ctx pub- SSL.contextSetPrivateKeyFile ctx priv- mapM_ (SSL.contextSetCertificateChainFile ctx) certs- SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)- return ctx---- | make a simple 'SSL.SSLContext' for server without validating client's certificate.----makeServerSSLContext :: FilePath -- ^ public certificate (X.509 format).- -> [FilePath] -- ^ chain certificate (X.509 format).- -> FilePath -- ^ private key associated.- -> IO SSL.SSLContext-makeServerSSLContext pub certs priv = withOpenSSL $ do- ctx <- SSL.context- SSL.contextSetDefaultCiphers ctx- SSL.contextSetCertificateFile ctx pub- SSL.contextSetPrivateKeyFile ctx priv- mapM_ (SSL.contextSetCertificateChainFile ctx) certs- return ctx---- | make a 'SSL.SSLConext' that also validating client's certificate.------ This's an alias to 'makeClientSSLContext''.----makeServerSSLContext' :: FilePath -- ^ public certificate (X.509 format).- -> [FilePath] -- ^ chain certificates (X.509 format).- -> FilePath -- ^ private key associated.- -> TrustedCAStore -- ^ server will use these certificates to validate clients.- -> IO SSL.SSLContext-makeServerSSLContext' = makeClientSSLContext'
Data/TLSSetting.hs view
@@ -4,13 +4,15 @@ -- Note, functions in this module will throw error if can't load certificates or CA store. -- module Data.TLSSetting- ( -- * choose a CAStore+ ( -- * Choose a CAStore TrustedCAStore(..)- -- * make TLS settings+ -- * Make TLS settings , makeClientParams , makeClientParams' , makeServerParams , makeServerParams'+ -- * Internal+ , mozillaCAStorePath ) where import qualified Data.ByteString as B@@ -34,9 +36,13 @@ | CustomCAStore FilePath -- ^ provided by your self, the CA file can contain multiple certificates. deriving (Show, Eq) +-- | Get the built-in mozilla CA's path.+mozillaCAStorePath :: IO FilePath+mozillaCAStorePath = getDataFileName "mozillaCAStore.pem"+ makeCAStore :: TrustedCAStore -> IO X509.CertificateStore makeCAStore SystemCAStore = X509.getSystemCertificateStore-makeCAStore MozillaCAStore = makeCAStore . CustomCAStore =<< getDataFileName "mozillaCAStore.pem"+makeCAStore MozillaCAStore = makeCAStore . CustomCAStore =<< mozillaCAStorePath makeCAStore (CustomCAStore fp) = do bs <- B.readFile fp let Right pems = X509.pemParseBS bs
README.md view
@@ -8,17 +8,11 @@ + use [io-streams](https://hackage.haskell.org/package/io-streams) for auto read buffering and easy streamming process. -+ use [tls](http://hackage.haskell.org/package/tls) or [HsOpenSSL](http://hackage.haskell.org/package/HsOpenSSL) for tls connection.--Built-in [mozilla CA list](https://curl.haxx.se/docs/caextract.html) date: 2016/09/14. --Mac user may need manually passing openssl library path if linker can't find them:++ use [tls](http://hackage.haskell.org/package/tls) for tls connection. -```-cabal install --extra-include-dirs=/usr/local/opt/openssl/include --extra-lib-dirs=/usr/local/opt/openssl/lib tcp-streams-```+Built-in [mozilla CA list](https://curl.haxx.se/docs/caextract.html) date: 2016/11/02. -You can disable openssl support with `cabal install -f -openssl`.+From v0.6 TLS using [HsOpenSSL](http://hackage.haskell.org/package/HsOpenSSL) is split into [tcp-streams-openssl](http://hackage.haskell.org/package/tcp-streams-openssl) due to the difficulties of setting up openssl on many platform. Also take a look at [wire-stream](http://hackage.haskell.org/package/wire-streams-0.0.2.0), for serialize/deserialize data. Happy hacking!
− System/IO/Streams/OpenSSL.hs
@@ -1,158 +0,0 @@-{-# LANGUAGE ScopedTypeVariables #-}---- | This module provides convenience functions for interfacing @io-streams@--- with @HsOpenSSL@. @ssl/SSL@ here stand for @HsOpenSSL@ library, not the--- deprecated SSL 2.0/3.0 protocol. the receive buffer size is 32752.--- sending is unbuffered, anything write into 'OutputStream' will be immediately--- send to underlying socket.------ The same exceptions rule which applied to TCP apply here, with addtional--- 'SSL.SomeSSLException` to be watched out.------ This module is intended to be imported @qualified@, e.g.:------ @--- import qualified "Data.SSLSetting" as SSL--- import qualified "System.IO.Streams.OpenSSL" as SSL--- @----module System.IO.Streams.OpenSSL- ( -- * client- connect- , withConnection- -- * server- , accept- -- * helpers- , sslToStreams- , close- -- * re-export helpers- , module Data.OpenSSLSetting- ) where--import qualified Control.Exception as E-import Control.Monad (unless, void)-import Data.ByteString.Char8 (ByteString)-import qualified Data.ByteString.Char8 as S-import Data.OpenSSLSetting-import Network.Socket (HostName, PortNumber, Socket)-import qualified Network.Socket as N-import OpenSSL (withOpenSSL)-import OpenSSL.Session (SSL, SSLContext)-import qualified OpenSSL.Session as SSL-import qualified OpenSSL.X509 as X509-import System.IO.Streams (InputStream, OutputStream)-import qualified System.IO.Streams as Streams-import qualified System.IO.Streams.TCP as TCP--bUFSIZ :: Int-bUFSIZ = 32752---- | Given an existing HsOpenSSL 'SSL' connection, produces an 'InputStream' \/--- 'OutputStream' pair.----sslToStreams :: SSL -- ^ SSL connection object- -> IO (InputStream ByteString, OutputStream ByteString)-sslToStreams ssl = do- is <- Streams.makeInputStream input- os <- Streams.makeOutputStream output- return (is, os)-- where- input = ( do- s <- SSL.read ssl bUFSIZ- return $! if S.null s then Nothing else Just s- ) `E.catch` (\(_::E.SomeException) -> return Nothing)-- output Nothing = return ()- output (Just s) = SSL.write ssl s-{-# INLINABLE sslToStreams #-}--close :: SSL.SSL -> IO ()-close ssl = withOpenSSL $ do- SSL.shutdown ssl SSL.Unidirectional- maybe (return ()) N.close (SSL.sslSocket ssl)---- | Convenience function for initiating an SSL connection to the given--- @('HostName', 'PortNumber')@ combination.------ this function will try to verify server's identity,--- a 'SSL.ProtocolError' will be thrown if fail.----connect :: SSLContext -- ^ SSL context. See the @HsOpenSSL@- -- documentation for information on creating- -- this.- -> Maybe String -- ^ Optional certificate subject name, if set to 'Nothing'- -- then we will try to verify 'HostName' as subject name.- -> HostName -- ^ hostname to connect to- -> PortNumber -- ^ port number to connect to- -> IO (InputStream ByteString, OutputStream ByteString, SSL)-connect ctx subname host port = withOpenSSL $ do- sock <- TCP.connectSocket host port- E.bracketOnError (SSL.connection ctx sock) close $ \ ssl -> do- SSL.connect ssl- trusted <- SSL.getVerifyResult ssl- cert <- SSL.getPeerCertificate ssl- subnames <- maybe (return []) (`X509.getSubjectName` False) cert- let cnname = lookup "CN" subnames- verified = case subname of- Just subname' -> maybe False (== subname') cnname- Nothing -> maybe False (matchDomain host) cnname- unless (trusted && verified) (E.throwIO $ SSL.ProtocolError "fail to verify certificate")- (is, os) <- sslToStreams ssl- return (is, os, ssl)-- where- matchDomain :: String -> String -> Bool- matchDomain n1 n2 =- let n1' = reverse (splitDot n1)- n2' = reverse (splitDot n2)- cmp src target = src == "*" || src == target- in and (zipWith cmp n1' n2')- splitDot :: String -> [String]- splitDot "" = [""]- splitDot x =- let (y, z) = break (== '.') x in- y : (if z == "" then [] else splitDot $ drop 1 z)---- | Convenience function for initiating an SSL connection to the given--- @('HostName', 'PortNumber')@ combination. The socket and SSL connection are--- closed and deleted after the user handler runs.----withConnection :: SSLContext--- -> Maybe String- -> HostName- -> PortNumber- -> (InputStream ByteString -> OutputStream ByteString -> SSL -> IO a)- -- ^ Action to run with the new connection- -> IO a-withConnection ctx subname host port action =- E.bracket (connect ctx subname host port) cleanup go-- where- go (is, os, ssl) = action is os ssl-- cleanup (_, os, ssl) = E.mask_ $- eatException $! Streams.write Nothing os >> close ssl-- eatException m = void m `E.catch` (\(_::E.SomeException) -> return ())----- | Accept a new connection from remote client, return a 'InputStream' / 'OutputStream'--- pair and remote 'N.SockAddr', you should call 'TCP.bindAndListen' first.------ this operation will throw 'SSL.SomeSSLException' on failure.----accept :: SSL.SSLContext -- ^ check "Data.OpenSSLSetting".- -> Socket -- ^ the listening 'Socket'.- -> IO (InputStream ByteString, OutputStream ByteString, SSL.SSL, N.SockAddr)-accept ctx sock = withOpenSSL $ do- (sock', sockAddr) <- N.accept sock- E.bracketOnError (SSL.connection ctx sock') close $ \ ssl -> do- SSL.accept ssl- trusted <- SSL.getVerifyResult ssl- unless trusted (E.throwIO $ SSL.ProtocolError "fail to verify certificate")- (is, os) <- sslToStreams ssl- return (is, os, ssl, sockAddr)-
System/IO/Streams/TLS.hs view
@@ -11,7 +11,6 @@ -- This module is intended to be imported @qualified@, e.g.: -- -- @--- import qualified "Data.TLSSetting" as TLS -- import qualified "System.IO.Streams.TLS" as TLS -- @ --
mozillaCAStore.pem view
@@ -1,20 +1,20 @@ ## ## Bundle of CA Root Certificates ##-## Certificate data from Mozilla as of: Wed Sep 14 03:12:05 2016+## Certificate data from Mozilla as of: Wed Nov 2 04:12:05 2016 GMT ## ## This is a bundle of X.509 certificates of public Certificate Authorities ## (CA). These were automatically extracted from Mozilla's root certificates ## file (certdata.txt). This file can be found in the mozilla source tree:-## http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt+## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt ## ## It contains the certificates in PEM format and therefore ## can be directly used with curl / libcurl / php_curl, or with ## an Apache+mod_ssl webserver for SSL client authentication. ## Just configure this file as the SSLCACertificateFile. ##-## Conversion done with mk-ca-bundle.pl version 1.26.-## SHA256: 01bbf1ecdd693f554ff4dcbe15880b3e6c33188a956c15ff845d313ca69cfeb8+## Conversion done with mk-ca-bundle.pl version 1.27.+## SHA256: 17e2a90c8a5cfd6a675b3475d3d467e1ab1fe0d5397e907b08206182389caa08 ## @@ -1764,7 +1764,7 @@ -----END CERTIFICATE----- NetLock Arany (Class Gold) Főtanúsítvány-============================================+======================================== -----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610@@ -2280,7 +2280,7 @@ -----END CERTIFICATE----- Certinomis - Autorité Racine-=============================+============================ -----BEGIN CERTIFICATE----- MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg@@ -3675,7 +3675,7 @@ -----END CERTIFICATE----- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5-=========================================================+==================================================== -----BEGIN CERTIFICATE----- MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCVFIxDzAN BgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp@@ -3699,7 +3699,7 @@ -----END CERTIFICATE----- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6-=========================================================+==================================================== -----BEGIN CERTIFICATE----- MIIEJjCCAw6gAwIBAgIGfaHyZeyKMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYDVQQGEwJUUjEPMA0G A1UEBwwGQW5rYXJhMU0wSwYDVQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmls@@ -4033,4 +4033,34 @@ BgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAKBggqhkjOPQQDAwNpADBmAjEAj6jcnboM BBf6Fek9LykBl7+BFjNAk2z8+e2AcG+qj9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta 3U1fJAuwACEl74+nBCZx4nxp5V2a+EEfOzmTk51V6s2N8fvB+-----END CERTIFICATE-----++ISRG Root X1+============+-----BEGIN CERTIFICATE-----+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE+BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD+EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG+EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT+DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r+Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1+3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K+b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN+Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ+4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf+1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu+hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH+usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r+OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY+9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV+0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt+hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw+TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx+e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA+JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD+YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n+JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ+m+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE-----
tcp-streams.cabal view
@@ -1,12 +1,13 @@ name: tcp-streams-version: 0.5.0.0+version: 0.6.0.0 synopsis: One stop solution for tcp client and server with tls support. description: One stop solution for tcp client and server with tls support. license: BSD3 license-file: LICENSE author: winterland1989 maintainer: winterland1989@gmail.com--- copyright: +homepage: https://github.com/winterland1989/tcp-streams+copyright: (c) Winterland 2016 category: Network build-type: Simple extra-source-files: ChangeLog.md@@ -18,10 +19,6 @@ data-files: mozillaCAStore.pem cabal-version: >=1.10 -flag openssl- description: Enable openssl support via @HsOpenSSL@- default: True- source-repository head type: git location: git://github.com/winterland1989/tcp-streams.git@@ -30,9 +27,6 @@ exposed-modules: Data.TLSSetting , System.IO.Streams.TCP , System.IO.Streams.TLS- if flag(openssl)- exposed-modules: Data.OpenSSLSetting- , System.IO.Streams.OpenSSL other-modules: Paths_tcp_streams -- other-extensions: @@ -46,19 +40,6 @@ , x509-system >= 1.5 && < 2.0 , x509-store >= 1.5 && < 2.0 , pem -- if flag(openssl)- build-depends: HsOpenSSL >=0.10.3 && <0.12- , HsOpenSSL-x509-system == 0.1.*- if os(mingw32) || os(windows)- extra-libraries: eay32, ssl32- else- if os(osx)- extra-libraries: crypto- extra-lib-dirs: /usr/local/lib- include-dirs: /usr/local/include- else- extra-libraries: crypto ghc-options: -Wall -- hs-source-dirs:
test/Main.hs view
@@ -16,11 +16,9 @@ import System.Directory (removeFile) ------------------------------------------------------------------------------ import qualified Data.TLSSetting as TLS-import qualified Data.OpenSSLSetting as SSL import qualified System.IO.Streams as Stream import qualified System.IO.Streams.TCP as Raw import qualified System.IO.Streams.TLS as TLS-import qualified System.IO.Streams.OpenSSL as SSL ------------------------------------------------------------------------------ main :: IO ()@@ -28,7 +26,6 @@ where tests = [ testGroup "TCP" rawTests , testGroup "TLS" tlsTests- , testGroup "OpenSSL" sslTests ] ------------------------------------------------------------------------------@@ -117,57 +114,3 @@ bs <- Stream.readExactly 1024 is TLS.close ctx return (B.length bs)----------------------------------------------------------------------------------sslTests :: [Test]-sslTests = [ testSSLSocket, testHTTPS' ]--testSSLSocket :: Test-testSSLSocket = testCase "network/socket" $- N.withSocketsDo $ do- x <- timeout (10 * 10^(6::Int)) go- assertEqual "ok" (Just ()) x-- where- go = do- portMVar <- newEmptyMVar- resultMVar <- newEmptyMVar- forkIO $ client portMVar resultMVar- server portMVar- l <- takeMVar resultMVar- assertEqual "testSocket" l (Just "ok")-- client mvar resultMVar = do- _ <- takeMVar mvar- cp <- SSL.makeClientSSLContext (SSL.CustomCAStore "./test/cert/ca.pem")- (is, os, ctx) <- SSL.connect cp (Just "Winter") "127.0.0.1" 8890- Stream.fromList ["", "ok"] >>= Stream.connectTo os- Stream.read is >>= putMVar resultMVar -- There's no shutdown in tls, so we won't get a 'Nothing'- SSL.close ctx-- server mvar = do- sp <- SSL.makeServerSSLContext "./test/cert/server.crt" [] "./test/cert/server.key"- sock <- Raw.bindAndListen 8890 1024- putMVar mvar ()- (is, os, ssl, _) <- SSL.accept sp sock- os' <- Stream.atEndOfOutput (SSL.close ssl) os- os' `Stream.connectTo` is--testHTTPS' :: Test-testHTTPS' = testCase "network/https" $- N.withSocketsDo $ do- x <- timeout (10 * 10^(6::Int)) go- assertEqual "ok" (Just 1024) x- where- go = do- cp <- SSL.makeClientSSLContext SSL.SystemCAStore- (is, os, ctx) <- SSL.connect cp Nothing "www.google.com" 443- Stream.write (Just "GET / HTTP/1.1\r\n") os- Stream.write (Just "Host: www.google.com\r\n") os- Stream.write (Just "\r\n") os- bs <- Stream.readExactly 1024 is- SSL.close ctx- return (B.length bs)--