warp-tls 2.0.1 → 2.0.2
raw patch · 2 files changed
+17/−53 lines, 2 filesdep +data-default-classdep −certificatedep −crypto-random-apidep −cryptocipherdep ~cprng-aesdep ~tls
Dependencies added: data-default-class
Dependencies removed: certificate, crypto-random-api, cryptocipher, pem, tls-extra
Dependency ranges changed: cprng-aes, tls
Files
- Network/Wai/Handler/WarpTLS.hs +13/−36
- warp-tls.cabal +4/−17
Network/Wai/Handler/WarpTLS.hs view
@@ -33,18 +33,15 @@ import qualified Data.Conduit.List as CL import Control.Exception (bracket, finally, handle) import qualified Network.TLS.Extra as TLSExtra-import qualified Data.Certificate.X509 as X509 import qualified Data.ByteString as B-import qualified Data.Certificate.KeyRSA as KeyRSA import Data.Conduit.Network (bindPort)-import Data.Either (rights) import Control.Applicative ((<$>))-import qualified Data.PEM as PEM import Data.Conduit.Network (sourceSocket, sinkSocket, acceptSafe) import Data.Maybe (fromMaybe) import qualified Data.IORef as I import Control.Exception (Exception, throwIO) import Data.Typeable (Typeable)+import Data.Default.Class import qualified Data.Conduit.Binary as CB #if MIN_VERSION_tls(1, 1, 3) import qualified Crypto.Random.AESCtr@@ -100,7 +97,7 @@ { certFile = "certificate.pem" , keyFile = "key.pem" , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections."- , tlsLogging = TLS.defaultLogging+ , tlsLogging = def , tlsAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12] , tlsCiphers = ciphers }@@ -109,16 +106,16 @@ -- specified 'Socket'. runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO () runTLSSocket TLSSettings {..} set sock app = do- certs <- readCertificates certFile- pk <- readPrivateKey keyFile- let params =- TLS.updateServerParams- (\sp -> sp { TLS.serverWantClientCert = False }) $- TLS.defaultParamsServer- { TLS.pAllowedVersions = tlsAllowedVersions- , TLS.pCiphers = tlsCiphers- , TLS.pCertificates = zip certs $ (Just pk):repeat Nothing- , TLS.pLogging = tlsLogging+ credential <- either error id <$> TLS.credentialLoadX509 certFile keyFile+ let params = def+ { TLS.serverWantClientCert = False+ , TLS.serverSupported = def+ { TLS.supportedVersions = tlsAllowedVersions+ , TLS.supportedCiphers = tlsCiphers+ }+ , TLS.serverShared = def+ { TLS.sharedCredentials = TLS.Credentials [credential]+ } } runSettingsConnectionMaker set (getter params) app where@@ -149,6 +146,7 @@ } params gen+ TLS.contextHookSetLogging ctx tlsLogging TLS.handshake ctx buf <- allocateBuffer bufferSize let conn = Connection@@ -210,24 +208,3 @@ , TLSExtra.cipher_RC4_128_MD5 , TLSExtra.cipher_RC4_128_SHA1 ]--readCertificates :: FilePath -> IO [X509.X509]-readCertificates filepath = do- certs <- rights . parseCerts . PEM.pemParseBS <$> B.readFile filepath- case certs of- []-> error "no valid certificate found"- x -> return x- where parseCerts (Right pems) = map (X509.decodeCertificate . L.fromChunks . (:[]) . PEM.pemContent)- $ filter (flip elem ["CERTIFICATE", "TRUSTED CERTIFICATE"] . PEM.pemName) pems- parseCerts (Left err) = error $ "cannot parse PEM file: " ++ err--readPrivateKey :: FilePath -> IO TLS.PrivateKey-readPrivateKey filepath = do- pk <- rights . parseKey . PEM.pemParseBS <$> B.readFile filepath- case pk of- [] -> error "no valid RSA key found"- (x:_) -> return x-- where parseKey (Right pems) = map (fmap (TLS.PrivRSA . snd) . KeyRSA.decodePrivate . L.fromChunks . (:[]) . PEM.pemContent)- $ filter ((== "RSA PRIVATE KEY") . PEM.pemName) pems- parseKey (Left err) = error $ "Cannot parse PEM file: " ++ err
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name: warp-tls-Version: 2.0.1+Version: 2.0.2 Synopsis: HTTP over SSL/TLS support for Warp via the TLS package License: MIT License-file: LICENSE@@ -12,9 +12,6 @@ Stability: Stable Description: HTTP over SSL/TLS support for Warp via the TLS package. -flag tls_1_1_3- default: True- Library Build-Depends: base >= 4 && < 5 , bytestring >= 0.9@@ -23,20 +20,10 @@ , transformers >= 0.2 , conduit >= 0.5 && < 1.1 , network-conduit >= 0.6 && < 1.1- , certificate >= 1.2- , pem >= 0.1- , cryptocipher >= 0.3- , tls-extra >= 0.6- , tls >= 1.1- , crypto-random-api >= 0.2+ , data-default-class >= 0.0.1+ , tls >= 1.2.1 , network >= 2.2.1- , cprng-aes >= 0.3.4- if flag(tls_1_1_3)- build-depends: tls >= 1.1.3- , cprng-aes >= 0.5.0- else- build-depends: tls < 1.1.3- , cprng-aes < 0.5.0+ , cprng-aes >= 0.5.0 Exposed-modules: Network.Wai.Handler.WarpTLS ghc-options: -Wall