packages feed

tls 1.2.14 → 1.2.15

raw patch · 4 files changed

+39/−12 lines, 4 files

Files

CHANGELOG.md view
@@ -1,4 +1,8 @@-## Version HEAD+## Version 1.2.15++- support chain certificate in credentials++## Version 1.2.14  - adding ALPN extension - adding support for AEAD, and particularly AES128-GCM
Network/TLS.hs view
@@ -65,6 +65,8 @@     , Credential     , credentialLoadX509     , credentialLoadX509FromMemory+    , credentialLoadX509Chain+    , credentialLoadX509ChainFromMemory      -- * Initialisation and Termination of context     , bye
Network/TLS/Credentials.hs view
@@ -10,6 +10,8 @@     , Credentials(..)     , credentialLoadX509     , credentialLoadX509FromMemory+    , credentialLoadX509Chain+    , credentialLoadX509ChainFromMemory     , credentialsFindForSigning     , credentialsFindForDecrypting     , credentialsListSigningAlgorithms@@ -38,25 +40,44 @@ credentialLoadX509 :: FilePath -- ^ public certificate (X.509 format)                    -> FilePath -- ^ private key associated                    -> IO (Either String Credential)-credentialLoadX509 certFile privateFile = do+credentialLoadX509 certFile = credentialLoadX509Chain certFile []++-- | similar to 'credentialLoadX509' but take the certificate+-- and private key from memory instead of from the filesystem.+credentialLoadX509FromMemory :: Bytes+                  -> Bytes+                  -> Either String Credential+credentialLoadX509FromMemory certData =+  credentialLoadX509ChainFromMemory certData []++-- | similar to 'credentialLoadX509' but also allow specifying chain+-- certificates.+credentialLoadX509Chain ::+                      FilePath   -- ^ public certificate (X.509 format)+                   -> [FilePath] -- ^ chain certificates (X.509 format)+                   -> FilePath   -- ^ private key associated+                   -> IO (Either String Credential)+credentialLoadX509Chain certFile chainFiles privateFile = do     x509 <- readSignedObject certFile+    chains <- mapM readSignedObject chainFiles     keys <- readKeyFile privateFile     case keys of         []    -> return $ Left "no keys found"-        (k:_) -> return $ Right (CertificateChain x509, k)+        (k:_) -> return $ Right (CertificateChain . concat $ x509 : chains, k) --- | similar to 'credentialLoadX509' but take the certificate--- and private key from memory instead of from the filesystem.-credentialLoadX509FromMemory :: Bytes+-- | similar to 'credentialLoadX509FromMemory' but also allow+-- specifying chain certificates.+credentialLoadX509ChainFromMemory :: Bytes+                  -> [Bytes]                   -> Bytes                   -> Either String Credential-credentialLoadX509FromMemory certData privateData = do-    let x509 = readSignedObjectFromMemory certData-        keys = readKeyFileFromMemory privateData+credentialLoadX509ChainFromMemory certData chainData privateData = do+    let x509   = readSignedObjectFromMemory certData+        chains = map readSignedObjectFromMemory chainData+        keys   = readKeyFileFromMemory privateData      in case keys of             []    -> Left "no keys found"-            (k:_) -> Right (CertificateChain x509, k)-  where+            (k:_) -> Right (CertificateChain . concat $ x509 : chains, k)  credentialsListSigningAlgorithms :: Credentials -> [SignatureAlgorithm] credentialsListSigningAlgorithms (Credentials l) = catMaybes $ map credentialCanSign l
tls.cabal view
@@ -1,5 +1,5 @@ Name:                tls-Version:             1.2.14+Version:             1.2.15 Description:    Native Haskell TLS and SSL protocol implementation for server and client.    .