warp-tls 1.3.5.1 → 1.4.0
raw patch · 2 files changed
+61/−11 lines, 2 filesdep ~wai
Dependency ranges changed: wai
Files
- Network/Wai/Handler/WarpTLS.hs +59/−9
- warp-tls.cabal +2/−2
Network/Wai/Handler/WarpTLS.hs view
@@ -1,9 +1,17 @@ {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RankNTypes #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE DeriveDataTypeable #-} module Network.Wai.Handler.WarpTLS- ( TLSSettings (..)+ ( TLSSettings+ , certFile+ , keyFile+ , onInsecure+ , OnInsecure (..)+ , tlsSettings , runTLS , runTLSSocket+ , WarpTLSException (..) ) where import qualified Network.TLS as TLS@@ -28,16 +36,44 @@ import qualified Data.IORef as I import Control.Monad (unless) import Crypto.Random.API (getSystemRandomGen)+import Control.Exception (Exception, throwIO)+import Data.Typeable (Typeable) data TLSSettings = TLSSettings { certFile :: FilePath+ -- ^ File containing the certificate. , keyFile :: FilePath+ -- ^ File containing the key+ , onInsecure :: OnInsecure+ -- ^ Do we allow insecure connections with this server as well? Default+ -- is a simple text response stating that a secure connection is required.+ --+ -- Since 1.4.0+ , tlsLogging :: TLS.Logging+ -- ^ The level of logging to turn on.+ --+ -- Default: 'TLS.defaultLogging'.+ --+ -- Since 1.4.0 } +data OnInsecure = DenyInsecure L.ByteString+ | AllowInsecure++tlsSettings :: FilePath -- ^ Certificate file+ -> FilePath -- ^ key file+ -> TLSSettings+tlsSettings cert key = TLSSettings+ { certFile = cert+ , keyFile = key+ , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections."+ , tlsLogging = TLS.defaultLogging+ }+ runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()-runTLSSocket tset set sock app = do- certs <- readCertificates $ certFile tset- pk <- readPrivateKey $ keyFile tset+runTLSSocket TLSSettings {..} set sock app = do+ certs <- readCertificates certFile+ pk <- readPrivateKey keyFile let params = TLS.updateServerParams (\sp -> sp { TLS.serverWantClientCert = False }) $@@ -45,6 +81,7 @@ { TLS.pAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12] , TLS.pCiphers = ciphers , TLS.pCertificates = zip certs $ (Just pk):repeat Nothing+ , TLS.pLogging = tlsLogging } runSettingsConnectionMaker set (getter params) app where@@ -84,12 +121,25 @@ , connRecv = TLS.recvData ctx } return conn- else do- let conn = (socketConnection s)- { connRecv = getNext $ fmap (fromMaybe B.empty) C.await- }- return conn+ else+ case onInsecure of+ AllowInsecure ->+ let conn = (socketConnection s)+ { connRecv = getNext $ fmap (fromMaybe B.empty) C.await+ }+ in return conn+ DenyInsecure lbs -> do+ let src = do+ C.yield "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n"+ mapM_ C.yield $ L.toChunks lbs+ src C.$$ sinkSocket s+ sClose s+ throwIO InsecureConnectionDenied return (mkConn, sa)++data WarpTLSException = InsecureConnectionDenied+ deriving (Show, Typeable)+instance Exception WarpTLSException runTLS :: TLSSettings -> Settings -> Application -> IO () runTLS tset set app =
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name: warp-tls-Version: 1.3.5.1+Version: 1.4.0 Synopsis: SSL support for Warp via the TLS package License: MIT License-file: LICENSE@@ -15,7 +15,7 @@ Library Build-Depends: base >= 4 && < 5 , bytestring >= 0.9- , wai >= 1.3 && < 1.4+ , wai >= 1.3 && < 1.5 , warp >= 1.3.5 && < 1.4 , transformers >= 0.2 , conduit >= 0.5 && < 1.1