warp-tls 3.0.2 → 3.0.3
raw patch · 3 files changed
+49/−5 lines, 3 filesdep ~warp
Dependency ranges changed: warp
Files
- ChangeLog.md +4/−0
- Network/Wai/Handler/WarpTLS.hs +43/−3
- warp-tls.cabal +2/−2
ChangeLog.md view
@@ -1,3 +1,7 @@+## 3.0.3++* Support chain certs [#349](https://github.com/yesodweb/wai/pull/349)+ ## 3.0.2 * Allow warp-tls to request client certificates. [#337](https://github.com/yesodweb/wai/pull/337)
Network/Wai/Handler/WarpTLS.hs view
@@ -20,6 +20,8 @@ , defaultTlsSettings , tlsSettings , tlsSettingsMemory+ , tlsSettingsChain+ , tlsSettingsChainMemory , OnInsecure (..) -- * Runner , runTLS@@ -56,10 +58,13 @@ data TLSSettings = TLSSettings { certFile :: FilePath -- ^ File containing the certificate.+ , chainCertFiles :: [FilePath]+ -- ^ Files containing chain certificates. , keyFile :: FilePath+ -- ^ File containing the key , certMemory :: Maybe S.ByteString+ , chainCertsMemory :: [S.ByteString] , keyMemory :: Maybe S.ByteString- -- ^ File containing the key , onInsecure :: OnInsecure -- ^ Do we allow insecure connections with this server as well? Default -- is a simple text response stating that a secure connection is required.@@ -105,8 +110,10 @@ defaultTlsSettings :: TLSSettings defaultTlsSettings = TLSSettings { certFile = "certificate.pem"+ , chainCertFiles = [] , keyFile = "key.pem" , certMemory = Nothing+ , chainCertsMemory = [] , keyMemory = Nothing , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections." , tlsLogging = def@@ -151,6 +158,21 @@ , keyFile = key } +-- | A smart constructor for 'TLSSettings' that allows specifying+-- chain certificates.+--+-- Since 3.0.3+tlsSettingsChain+ :: FilePath -- ^ Certificate file+ -> [FilePath] -- ^ Chain certificate files+ -> FilePath -- ^ Key file+ -> TLSSettings+tlsSettingsChain cert chainCerts key = defaultTlsSettings {+ certFile = cert+ , chainCertFiles = chainCerts+ , keyFile = key+ }+ -- | A smart constructor for 'TLSSettings', but uses in-memory representations -- of the certificate and key --@@ -164,6 +186,21 @@ , keyMemory = Just key } +-- | A smart constructor for 'TLSSettings', but uses in-memory representations+-- of the certificate and key+--+-- Since 3.0.3+tlsSettingsChainMemory+ :: S.ByteString -- ^ Certificate bytes+ -> [S.ByteString] -- ^ Chain certificate bytes+ -> S.ByteString -- ^ Key bytes+ -> TLSSettings+tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings+ { certMemory = Just cert+ , chainCertsMemory = chainCerts+ , keyMemory = Just key+ }+ ---------------------------------------------------------------- @@ -182,11 +219,14 @@ runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO () runTLSSocket tlsset@TLSSettings{..} set sock app = do credential <- case (certMemory, keyMemory) of- (Nothing, Nothing) -> either error id <$> TLS.credentialLoadX509 certFile keyFile+ (Nothing, Nothing) ->+ either error id <$>+ TLS.credentialLoadX509Chain certFile chainCertFiles keyFile (mcert, mkey) -> do cert <- maybe (S.readFile certFile) return mcert key <- maybe (S.readFile keyFile) return mkey- either error return $ TLS.credentialLoadX509FromMemory cert key+ either error return $+ TLS.credentialLoadX509ChainFromMemory cert chainCertsMemory key runTLSSocket' tlsset set credential sock app runTLSSocket' :: TLSSettings -> Settings -> TLS.Credential -> Socket -> Application -> IO ()
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name: warp-tls-Version: 3.0.2+Version: 3.0.3 Synopsis: HTTP over SSL/TLS support for Warp via the TLS package License: MIT License-file: LICENSE@@ -17,7 +17,7 @@ Build-Depends: base >= 4 && < 5 , bytestring >= 0.9 , wai >= 3.0 && < 3.1- , warp >= 3.0 && < 3.1+ , warp >= 3.0.8 && < 3.1 , data-default-class >= 0.0.1 , tls >= 1.2.16 , network >= 2.2.1