tls 2.1.9 → 2.1.10
raw patch · 13 files changed
+35/−17 lines, 13 files
Files
- CHANGELOG.md +5/−0
- Network/TLS.hs +1/−0
- Network/TLS/Context/Internal.hs +0/−1
- Network/TLS/Core.hs +1/−1
- Network/TLS/Handshake/Client/ClientHello.hs +3/−3
- Network/TLS/Handshake/Common.hs +1/−1
- Network/TLS/Handshake/Server/ClientHello.hs +1/−1
- Network/TLS/Handshake/Server/ServerHello13.hs +1/−1
- Network/TLS/Parameters.hs +19/−1
- Network/TLS/Struct.hs +0/−1
- tls.cabal +1/−1
- util/Common.hs +1/−3
- util/tls-client.hs +1/−3
CHANGELOG.md view
@@ -1,5 +1,10 @@ # Change log for "tls" +## Version 2.1.10++* Supporting the SSLKEYLOGFILE environment variable.+ [#499](https://github.com/haskell-tls/hs-tls/pull/499)+ ## Version 2.1.9 * Providing ECH(Encrypted Client Hello). See `sharedECHConfigList`,
Network/TLS.hs view
@@ -127,6 +127,7 @@ debugPrintSeed, debugVersionForced, debugKeyLogger,+ defaultKeyLogger, debugError, debugTraceKey,
Network/TLS/Context/Internal.hs view
@@ -1,6 +1,5 @@ {-# LANGUAGE ExistentialQuantification #-} {-# LANGUAGE LambdaCase #-}-{-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} module Network.TLS.Context.Internal (
Network/TLS/Core.hs view
@@ -499,7 +499,7 @@ sessionInvalidate (sharedSessionManager $ ctxShared ctx) sid catchException (send [(level, desc)]) (\_ -> return ()) setEOF ctx- debugError (ctxDebug ctx) $ reason+ debugError (ctxDebug ctx) reason E.throwIO (Terminated False reason err) {-# DEPRECATED recvData' "use recvData that returns strict bytestring" #-}
Network/TLS/Handshake/Client/ClientHello.hs view
@@ -316,7 +316,7 @@ Just (identities, _, choice, _) -> do let zero = cZero choice zeroR <- getStdRandom $ uniformByteString $ B.length zero- obfAgeR <- getStdRandom $ genWord32+ obfAgeR <- getStdRandom genWord32 let genPskId x = do xR <- getStdRandom $ uniformByteString $ B.length x return $ PskIdentity xR obfAgeR@@ -535,10 +535,10 @@ | otherwise -> lookupECHConfigList xs cnfs cnfKemId :: ECHConfig -> KEM_ID-cnfKemId ECHConfig{..} = KEM_ID $ kem_id $ key_config $ contents+cnfKemId ECHConfig{..} = KEM_ID $ kem_id $ key_config contents cnfCipherSuite :: ECHConfig -> [(KDF_ID, AEAD_ID)]-cnfCipherSuite ECHConfig{..} = map conv $ cipher_suites $ key_config $ contents+cnfCipherSuite ECHConfig{..} = map conv $ cipher_suites $ key_config contents where conv HpkeSymmetricCipherSuite{..} = (KDF_ID kdf_id, AEAD_ID aead_id)
Network/TLS/Handshake/Common.hs view
@@ -131,7 +131,7 @@ contextFlush ctx enablePeerRecordLimit ctx ver <- usingState_ ctx getVersion- verifyData <- VerifyData <$> (generateFinished ctx ver role)+ verifyData <- VerifyData <$> generateFinished ctx ver role sendPacket12 ctx (Handshake [Finished verifyData]) usingState_ ctx $ setVerifyDataForSend verifyData contextFlush ctx
Network/TLS/Handshake/Server/ClientHello.hs view
@@ -116,7 +116,7 @@ -- Processing encrypted client hello (mClientHello', receivedECH) <-- if chosenVersion == TLS13 && (not (null (serverECHKey sparams)))+ if chosenVersion == TLS13 && not (null (serverECHKey sparams)) then do lookupAndDecodeAndDo EID_EncryptedClientHello
Network/TLS/Handshake/Server/ServerHello13.hs view
@@ -179,7 +179,7 @@ let keyShareExt = toExtensionRaw $ KeyShareServerHello keyShare versionExt = toExtensionRaw $ SupportedVersionsServerHello TLS13 shExts = keyShareExt : versionExt : preSharedKeyExt- if isJust $ mOuterClientRandom+ if isJust mOuterClientRandom then do srand <- liftIO $ serverRandomECH ctx let cipherId = CipherId (cipherID usedCipher)
Network/TLS/Parameters.hs view
@@ -8,6 +8,7 @@ CommonParams, DebugParams (..), defaultDebugParams,+ defaultKeyLogger, ClientHooks (..), defaultClientHooks, OnCertificateRequest,@@ -30,8 +31,11 @@ Information (..), ) where +import Control.Concurrent (MVar, newMVar, withMVar) import Crypto.HPKE import Data.Default (Default (def))+import System.Environment (lookupEnv)+import System.IO.Unsafe (unsafePerformIO) import Network.TLS.Cipher import Network.TLS.Compression@@ -77,6 +81,20 @@ , debugTraceKey :: String -> IO () } +{-# NOINLINE keyLogLock #-}+keyLogLock :: MVar ()+keyLogLock = unsafePerformIO $ newMVar ()++{-# NOINLINE keyLogFile #-}+keyLogFile :: Maybe FilePath+keyLogFile = unsafePerformIO $ lookupEnv "SSLKEYLOGFILE"++-- | Key logger with the SSLKEYLOGFILE environment variable.+defaultKeyLogger :: String -> IO ()+defaultKeyLogger ~msg = case keyLogFile of+ Nothing -> return ()+ Just file -> withMVar keyLogLock $ \_ -> appendFile file (msg ++ "\n")+ -- | Default value for 'DebugParams' defaultDebugParams :: DebugParams defaultDebugParams =@@ -84,7 +102,7 @@ { debugSeed = Nothing , debugPrintSeed = const (return ()) , debugVersionForced = Nothing- , debugKeyLogger = \ ~_ -> return ()+ , debugKeyLogger = defaultKeyLogger , debugError = \ ~_ -> return () , debugTraceKey = \ ~_ -> return () }
Network/TLS/Struct.hs view
@@ -1,6 +1,5 @@ {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE PatternSynonyms #-}-{-# LANGUAGE RecordWildCards #-} {-# OPTIONS_HADDOCK hide #-} -- | The Struct module contains all definitions and values of the TLS
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: tls-version: 2.1.9+version: 2.1.10 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>
util/Common.hs view
@@ -62,9 +62,7 @@ mparams -> return mparams readGroups :: String -> [Group]-readGroups s = case traverse (`lookup` namedGroups) (split ',' s) of- Nothing -> []- Just gs -> gs+readGroups s = fromMaybe [] $ traverse (`lookup` namedGroups) (split ',' s) printDHParams :: IO () printDHParams = do
util/tls-client.hs view
@@ -398,9 +398,7 @@ shared = defaultShared { sharedSessionManager = sm- , sharedCAStore = case mstore of- Just store -> store- Nothing -> mempty+ , sharedCAStore = fromMaybe mempty mstore , sharedValidationCache = validateCache , sharedLimit = defaultLimit