packages feed

warp-tls 3.0.1.3 → 3.0.1.4

raw patch · 3 files changed

+44/−10 lines, 3 filesdep ~tls

Dependency ranges changed: tls

Files

ChangeLog.md view
@@ -1,3 +1,7 @@+## 3.0.1.4++Add additional Diffie-Hellman RSA and DSA ciphers to warp-tls.+ ## 3.0.1.3  [Unable to allow insecure connections with warp-tls #324](https://github.com/yesodweb/wai/issues/324)
Network/Wai/Handler/WarpTLS.hs view
@@ -99,7 +99,16 @@ -- taken from stunnel example in tls-extra ciphers :: [TLS.Cipher] ciphers =-    [ TLSExtra.cipher_AES128_SHA1+    [ TLSExtra.cipher_ECDHE_RSA_AES128GCM_SHA256+    , TLSExtra.cipher_DHE_RSA_AES128GCM_SHA256+    , TLSExtra.cipher_DHE_RSA_AES256_SHA256+    , TLSExtra.cipher_DHE_RSA_AES128_SHA256+    , TLSExtra.cipher_DHE_RSA_AES256_SHA1+    , TLSExtra.cipher_DHE_RSA_AES128_SHA1+    , TLSExtra.cipher_DHE_DSS_AES128_SHA1+    , TLSExtra.cipher_DHE_DSS_AES256_SHA1+    , TLSExtra.cipher_DHE_DSS_RC4_SHA1+    , TLSExtra.cipher_AES128_SHA1     , TLSExtra.cipher_AES256_SHA1     , TLSExtra.cipher_RC4_128_MD5     , TLSExtra.cipher_RC4_128_SHA1@@ -173,17 +182,17 @@         }       , TLS.serverShared = def {           TLS.sharedCredentials = TLS.Credentials [credential]-          }+        }       }  ---------------------------------------------------------------- -getter :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (IO (Connection, Bool), SockAddr)+getter :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (IO (Connection, Transport), SockAddr) getter tlsset@TLSSettings{..} sock params = do     (s, sa) <- acceptSafe sock     return (mkConn tlsset s params, sa) -mkConn :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (Connection, Bool)+mkConn :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (Connection, Transport) mkConn tlsset s params = do     firstBS <- safeRecv s 4096     cachedRef <- I.newIORef firstBS@@ -194,7 +203,7 @@  ---------------------------------------------------------------- -httpOverTls :: TLS.TLSParams params => TLSSettings -> Socket -> I.IORef B.ByteString -> params -> IO (Connection, Bool)+httpOverTls :: TLS.TLSParams params => TLSSettings -> Socket -> I.IORef B.ByteString -> params -> IO (Connection, Transport) httpOverTls TLSSettings{..} s cachedRef params = do     gen <- Crypto.Random.AESCtr.makeSystem     ctx <- TLS.contextNew backend params gen@@ -202,7 +211,8 @@     TLS.handshake ctx     readBuf <- allocateBuffer bufferSize     writeBuf <- allocateBuffer bufferSize-    return (conn ctx readBuf writeBuf, True)+    tls <- getTLSinfo ctx+    return (conn ctx readBuf writeBuf, tls)   where     backend = TLS.Backend {         TLS.backendFlush = return ()@@ -254,19 +264,39 @@                   else                     return x +getTLSinfo :: TLS.Context -> IO Transport+getTLSinfo ctx = do+    proto <- TLS.getNegotiatedProtocol ctx+    minfo <- TLS.contextGetInformation ctx+    case minfo of+        Nothing   -> return TCP+        Just TLS.Information{..} -> do+            let (major, minor) = case infoVersion of+                    TLS.SSL2  -> (2,0)+                    TLS.SSL3  -> (3,0)+                    TLS.TLS10 -> (3,1)+                    TLS.TLS11 -> (3,2)+                    TLS.TLS12 -> (3,3)+            return TLS {+                tlsMajorVersion = major+              , tlsMinorVersion = minor+              , tlsNegotiatedProtocol = proto+              , tlsChiperID = TLS.cipherID infoCipher+              }+ tryIO :: IO a -> IO (Either IOException a) tryIO = try  ---------------------------------------------------------------- -plainHTTP :: TLSSettings -> Socket -> I.IORef B.ByteString -> IO (Connection, Bool)+plainHTTP :: TLSSettings -> Socket -> I.IORef B.ByteString -> IO (Connection, Transport) plainHTTP TLSSettings{..} s cachedRef = case onInsecure of     AllowInsecure -> do         conn' <- socketConnection s         let conn'' = conn'                 { connRecv = recvPlain cachedRef (connRecv conn')                 }-        return (conn'', False)+        return (conn'', TCP)     DenyInsecure lbs -> do         sendAll s "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n"         mapM_ (sendAll s) $ L.toChunks lbs
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name:                warp-tls-Version:             3.0.1.3+Version:             3.0.1.4 Synopsis:            HTTP over SSL/TLS support for Warp via the TLS package License:             MIT License-file:        LICENSE@@ -19,7 +19,7 @@                    , wai                           >= 3.0      && < 3.1                    , warp                          >= 3.0      && < 3.1                    , data-default-class            >= 0.0.1-                   , tls                           >= 1.2.1+                   , tls                           >= 1.2.16                    , network                       >= 2.2.1                    , cprng-aes                     >= 0.5.0                    , streaming-commons