packages feed

warp-tls 2.0.1 → 2.0.2

raw patch · 2 files changed

+17/−53 lines, 2 filesdep +data-default-classdep −certificatedep −crypto-random-apidep −cryptocipherdep ~cprng-aesdep ~tls

Dependencies added: data-default-class

Dependencies removed: certificate, crypto-random-api, cryptocipher, pem, tls-extra

Dependency ranges changed: cprng-aes, tls

Files

Network/Wai/Handler/WarpTLS.hs view
@@ -33,18 +33,15 @@ import qualified Data.Conduit.List as CL import Control.Exception (bracket, finally, handle) import qualified Network.TLS.Extra as TLSExtra-import qualified Data.Certificate.X509 as X509 import qualified Data.ByteString as B-import qualified Data.Certificate.KeyRSA as KeyRSA import Data.Conduit.Network (bindPort)-import Data.Either (rights) import Control.Applicative ((<$>))-import qualified Data.PEM as PEM import Data.Conduit.Network (sourceSocket, sinkSocket, acceptSafe) import Data.Maybe (fromMaybe) import qualified Data.IORef as I import Control.Exception (Exception, throwIO) import Data.Typeable (Typeable)+import Data.Default.Class import qualified Data.Conduit.Binary as CB #if MIN_VERSION_tls(1, 1, 3) import qualified Crypto.Random.AESCtr@@ -100,7 +97,7 @@     { certFile = "certificate.pem"     , keyFile = "key.pem"     , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections."-    , tlsLogging = TLS.defaultLogging+    , tlsLogging = def     , tlsAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]     , tlsCiphers = ciphers     }@@ -109,16 +106,16 @@ --   specified 'Socket'. runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO () runTLSSocket TLSSettings {..} set sock app = do-    certs   <- readCertificates certFile-    pk      <- readPrivateKey keyFile-    let params =-            TLS.updateServerParams-                (\sp -> sp { TLS.serverWantClientCert = False }) $-            TLS.defaultParamsServer-            { TLS.pAllowedVersions = tlsAllowedVersions-            , TLS.pCiphers         = tlsCiphers-            , TLS.pCertificates    = zip certs $ (Just pk):repeat Nothing-            , TLS.pLogging         = tlsLogging+    credential <- either error id <$> TLS.credentialLoadX509 certFile keyFile+    let params = def+            { TLS.serverWantClientCert = False+            , TLS.serverSupported = def+                { TLS.supportedVersions = tlsAllowedVersions+                , TLS.supportedCiphers  = tlsCiphers+                }+            , TLS.serverShared = def+                { TLS.sharedCredentials = TLS.Credentials [credential]+                }             }     runSettingsConnectionMaker set (getter params) app   where@@ -149,6 +146,7 @@                             }                         params                         gen+                    TLS.contextHookSetLogging ctx tlsLogging                     TLS.handshake ctx                     buf <- allocateBuffer bufferSize                     let conn = Connection@@ -210,24 +208,3 @@     , TLSExtra.cipher_RC4_128_MD5     , TLSExtra.cipher_RC4_128_SHA1     ]--readCertificates :: FilePath -> IO [X509.X509]-readCertificates filepath = do-    certs <- rights . parseCerts . PEM.pemParseBS <$> B.readFile filepath-    case certs of-        []-> error "no valid certificate found"-        x -> return x-    where parseCerts (Right pems) = map (X509.decodeCertificate . L.fromChunks . (:[]) . PEM.pemContent)-                                  $ filter (flip elem ["CERTIFICATE", "TRUSTED CERTIFICATE"] . PEM.pemName) pems-          parseCerts (Left err) = error $ "cannot parse PEM file: " ++ err--readPrivateKey :: FilePath -> IO TLS.PrivateKey-readPrivateKey filepath = do-    pk <- rights . parseKey . PEM.pemParseBS <$> B.readFile filepath-    case pk of-        []    -> error "no valid RSA key found"-        (x:_) -> return x--    where parseKey (Right pems) = map (fmap (TLS.PrivRSA . snd) . KeyRSA.decodePrivate . L.fromChunks . (:[]) . PEM.pemContent)-                                $ filter ((== "RSA PRIVATE KEY") . PEM.pemName) pems-          parseKey (Left err) = error $ "Cannot parse PEM file: " ++ err
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name:                warp-tls-Version:             2.0.1+Version:             2.0.2 Synopsis:            HTTP over SSL/TLS support for Warp via the TLS package License:             MIT License-file:        LICENSE@@ -12,9 +12,6 @@ Stability:           Stable Description:         HTTP over SSL/TLS support for Warp via the TLS package. -flag tls_1_1_3-    default: True- Library   Build-Depends:     base                          >= 4        && < 5                    , bytestring                    >= 0.9@@ -23,20 +20,10 @@                    , transformers                  >= 0.2                    , conduit                       >= 0.5      && < 1.1                    , network-conduit               >= 0.6      && < 1.1-                   , certificate                   >= 1.2-                   , pem                           >= 0.1-                   , cryptocipher                  >= 0.3-                   , tls-extra                     >= 0.6-                   , tls                           >= 1.1-                   , crypto-random-api             >= 0.2+                   , data-default-class            >= 0.0.1+                   , tls                           >= 1.2.1                    , network                       >= 2.2.1-                   , cprng-aes                     >= 0.3.4-  if flag(tls_1_1_3)-      build-depends: tls >= 1.1.3-                   , cprng-aes >= 0.5.0-  else-      build-depends: tls < 1.1.3-                   , cprng-aes < 0.5.0+                   , cprng-aes                     >= 0.5.0   Exposed-modules:   Network.Wai.Handler.WarpTLS   ghc-options:       -Wall