tls 1.2.14 → 1.2.15
raw patch · 4 files changed
+39/−12 lines, 4 files
Files
- CHANGELOG.md +5/−1
- Network/TLS.hs +2/−0
- Network/TLS/Credentials.hs +31/−10
- tls.cabal +1/−1
CHANGELOG.md view
@@ -1,4 +1,8 @@-## Version HEAD+## Version 1.2.15++- support chain certificate in credentials++## Version 1.2.14 - adding ALPN extension - adding support for AEAD, and particularly AES128-GCM
Network/TLS.hs view
@@ -65,6 +65,8 @@ , Credential , credentialLoadX509 , credentialLoadX509FromMemory+ , credentialLoadX509Chain+ , credentialLoadX509ChainFromMemory -- * Initialisation and Termination of context , bye
Network/TLS/Credentials.hs view
@@ -10,6 +10,8 @@ , Credentials(..) , credentialLoadX509 , credentialLoadX509FromMemory+ , credentialLoadX509Chain+ , credentialLoadX509ChainFromMemory , credentialsFindForSigning , credentialsFindForDecrypting , credentialsListSigningAlgorithms@@ -38,25 +40,44 @@ credentialLoadX509 :: FilePath -- ^ public certificate (X.509 format) -> FilePath -- ^ private key associated -> IO (Either String Credential)-credentialLoadX509 certFile privateFile = do+credentialLoadX509 certFile = credentialLoadX509Chain certFile []++-- | similar to 'credentialLoadX509' but take the certificate+-- and private key from memory instead of from the filesystem.+credentialLoadX509FromMemory :: Bytes+ -> Bytes+ -> Either String Credential+credentialLoadX509FromMemory certData =+ credentialLoadX509ChainFromMemory certData []++-- | similar to 'credentialLoadX509' but also allow specifying chain+-- certificates.+credentialLoadX509Chain ::+ FilePath -- ^ public certificate (X.509 format)+ -> [FilePath] -- ^ chain certificates (X.509 format)+ -> FilePath -- ^ private key associated+ -> IO (Either String Credential)+credentialLoadX509Chain certFile chainFiles privateFile = do x509 <- readSignedObject certFile+ chains <- mapM readSignedObject chainFiles keys <- readKeyFile privateFile case keys of [] -> return $ Left "no keys found"- (k:_) -> return $ Right (CertificateChain x509, k)+ (k:_) -> return $ Right (CertificateChain . concat $ x509 : chains, k) --- | similar to 'credentialLoadX509' but take the certificate--- and private key from memory instead of from the filesystem.-credentialLoadX509FromMemory :: Bytes+-- | similar to 'credentialLoadX509FromMemory' but also allow+-- specifying chain certificates.+credentialLoadX509ChainFromMemory :: Bytes+ -> [Bytes] -> Bytes -> Either String Credential-credentialLoadX509FromMemory certData privateData = do- let x509 = readSignedObjectFromMemory certData- keys = readKeyFileFromMemory privateData+credentialLoadX509ChainFromMemory certData chainData privateData = do+ let x509 = readSignedObjectFromMemory certData+ chains = map readSignedObjectFromMemory chainData+ keys = readKeyFileFromMemory privateData in case keys of [] -> Left "no keys found"- (k:_) -> Right (CertificateChain x509, k)- where+ (k:_) -> Right (CertificateChain . concat $ x509 : chains, k) credentialsListSigningAlgorithms :: Credentials -> [SignatureAlgorithm] credentialsListSigningAlgorithms (Credentials l) = catMaybes $ map credentialCanSign l
tls.cabal view
@@ -1,5 +1,5 @@ Name: tls-Version: 1.2.14+Version: 1.2.15 Description: Native Haskell TLS and SSL protocol implementation for server and client. .