packages feed

tls 2.1.9 → 2.1.10

raw patch · 13 files changed

+35/−17 lines, 13 files

Files

CHANGELOG.md view
@@ -1,5 +1,10 @@ # Change log for "tls" +## Version 2.1.10++* Supporting the SSLKEYLOGFILE environment variable.+  [#499](https://github.com/haskell-tls/hs-tls/pull/499)+ ## Version 2.1.9  * Providing ECH(Encrypted Client Hello). See `sharedECHConfigList`,
Network/TLS.hs view
@@ -127,6 +127,7 @@     debugPrintSeed,     debugVersionForced,     debugKeyLogger,+    defaultKeyLogger,     debugError,     debugTraceKey, 
Network/TLS/Context/Internal.hs view
@@ -1,6 +1,5 @@ {-# LANGUAGE ExistentialQuantification #-} {-# LANGUAGE LambdaCase #-}-{-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-}  module Network.TLS.Context.Internal (
Network/TLS/Core.hs view
@@ -499,7 +499,7 @@                 sessionInvalidate (sharedSessionManager $ ctxShared ctx) sid     catchException (send [(level, desc)]) (\_ -> return ())     setEOF ctx-    debugError (ctxDebug ctx) $ reason+    debugError (ctxDebug ctx) reason     E.throwIO (Terminated False reason err)  {-# DEPRECATED recvData' "use recvData that returns strict bytestring" #-}
Network/TLS/Handshake/Client/ClientHello.hs view
@@ -316,7 +316,7 @@             Just (identities, _, choice, _) -> do                 let zero = cZero choice                 zeroR <- getStdRandom $ uniformByteString $ B.length zero-                obfAgeR <- getStdRandom $ genWord32+                obfAgeR <- getStdRandom genWord32                 let genPskId x = do                         xR <- getStdRandom $ uniformByteString $ B.length x                         return $ PskIdentity xR obfAgeR@@ -535,10 +535,10 @@             | otherwise -> lookupECHConfigList xs cnfs  cnfKemId :: ECHConfig -> KEM_ID-cnfKemId ECHConfig{..} = KEM_ID $ kem_id $ key_config $ contents+cnfKemId ECHConfig{..} = KEM_ID $ kem_id $ key_config contents  cnfCipherSuite :: ECHConfig -> [(KDF_ID, AEAD_ID)]-cnfCipherSuite ECHConfig{..} = map conv $ cipher_suites $ key_config $ contents+cnfCipherSuite ECHConfig{..} = map conv $ cipher_suites $ key_config contents   where     conv HpkeSymmetricCipherSuite{..} = (KDF_ID kdf_id, AEAD_ID aead_id) 
Network/TLS/Handshake/Common.hs view
@@ -131,7 +131,7 @@     contextFlush ctx     enablePeerRecordLimit ctx     ver <- usingState_ ctx getVersion-    verifyData <- VerifyData <$> (generateFinished ctx ver role)+    verifyData <- VerifyData <$> generateFinished ctx ver role     sendPacket12 ctx (Handshake [Finished verifyData])     usingState_ ctx $ setVerifyDataForSend verifyData     contextFlush ctx
Network/TLS/Handshake/Server/ClientHello.hs view
@@ -116,7 +116,7 @@      -- Processing encrypted client hello     (mClientHello', receivedECH) <--        if chosenVersion == TLS13 && (not (null (serverECHKey sparams)))+        if chosenVersion == TLS13 && not (null (serverECHKey sparams))             then do                 lookupAndDecodeAndDo                     EID_EncryptedClientHello
Network/TLS/Handshake/Server/ServerHello13.hs view
@@ -179,7 +179,7 @@         let keyShareExt = toExtensionRaw $ KeyShareServerHello keyShare             versionExt = toExtensionRaw $ SupportedVersionsServerHello TLS13             shExts = keyShareExt : versionExt : preSharedKeyExt-        if isJust $ mOuterClientRandom+        if isJust mOuterClientRandom             then do                 srand <- liftIO $ serverRandomECH ctx                 let cipherId = CipherId (cipherID usedCipher)
Network/TLS/Parameters.hs view
@@ -8,6 +8,7 @@     CommonParams,     DebugParams (..),     defaultDebugParams,+    defaultKeyLogger,     ClientHooks (..),     defaultClientHooks,     OnCertificateRequest,@@ -30,8 +31,11 @@     Information (..), ) where +import Control.Concurrent (MVar, newMVar, withMVar) import Crypto.HPKE import Data.Default (Default (def))+import System.Environment (lookupEnv)+import System.IO.Unsafe (unsafePerformIO)  import Network.TLS.Cipher import Network.TLS.Compression@@ -77,6 +81,20 @@     , debugTraceKey :: String -> IO ()     } +{-# NOINLINE keyLogLock #-}+keyLogLock :: MVar ()+keyLogLock = unsafePerformIO $ newMVar ()++{-# NOINLINE keyLogFile #-}+keyLogFile :: Maybe FilePath+keyLogFile = unsafePerformIO $ lookupEnv "SSLKEYLOGFILE"++-- | Key logger with the SSLKEYLOGFILE environment variable.+defaultKeyLogger :: String -> IO ()+defaultKeyLogger ~msg = case keyLogFile of+    Nothing -> return ()+    Just file -> withMVar keyLogLock $ \_ -> appendFile file (msg ++ "\n")+ -- | Default value for 'DebugParams' defaultDebugParams :: DebugParams defaultDebugParams =@@ -84,7 +102,7 @@         { debugSeed = Nothing         , debugPrintSeed = const (return ())         , debugVersionForced = Nothing-        , debugKeyLogger = \ ~_ -> return ()+        , debugKeyLogger = defaultKeyLogger         , debugError = \ ~_ -> return ()         , debugTraceKey = \ ~_ -> return ()         }
Network/TLS/Struct.hs view
@@ -1,6 +1,5 @@ {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE PatternSynonyms #-}-{-# LANGUAGE RecordWildCards #-} {-# OPTIONS_HADDOCK hide #-}  -- | The Struct module contains all definitions and values of the TLS
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version:      >=1.10 name:               tls-version:            2.1.9+version:            2.1.10 license:            BSD3 license-file:       LICENSE copyright:          Vincent Hanquez <vincent@snarc.org>
util/Common.hs view
@@ -62,9 +62,7 @@         mparams -> return mparams  readGroups :: String -> [Group]-readGroups s = case traverse (`lookup` namedGroups) (split ',' s) of-    Nothing -> []-    Just gs -> gs+readGroups s = fromMaybe [] $ traverse (`lookup` namedGroups) (split ',' s)  printDHParams :: IO () printDHParams = do
util/tls-client.hs view
@@ -398,9 +398,7 @@     shared =         defaultShared             { sharedSessionManager = sm-            , sharedCAStore = case mstore of-                Just store -> store-                Nothing -> mempty+            , sharedCAStore = fromMaybe mempty mstore             , sharedValidationCache = validateCache             , sharedLimit =                 defaultLimit