warp-tls 3.3.2 → 3.3.3
raw patch · 4 files changed
+52/−31 lines, 4 filesdep ~warp
Dependency ranges changed: warp
Files
- ChangeLog.md +9/−0
- Network/Wai/Handler/WarpTLS.hs +33/−25
- Network/Wai/Handler/WarpTLS/Internal.hs +8/−4
- warp-tls.cabal +2/−2
ChangeLog.md view
@@ -1,3 +1,12 @@+# ChangeLog++## 3.3.3++* Creating a bigger buffer when the current one is too small to fit the Builder+ [#895](https://github.com/yesodweb/wai/pull/895)+* Expose TLS.supportedHashSignatures via TLSSettings+ [#872](https://github.com/yesodweb/wai/pull/872)+ ## 3.3.2 * Providing the Internal module.
Network/Wai/Handler/WarpTLS.hs view
@@ -63,10 +63,16 @@ import Data.Streaming.Network (bindPortTCP, safeRecv) import Data.Typeable (Typeable) import GHC.IO.Exception (IOErrorType(..))-import Network.Socket (Socket, close, withSocketsDo, SockAddr, accept)+import Network.Socket (+ SockAddr,+ Socket,+ accept,+ close, #if MIN_VERSION_network(3,1,1)-import Network.Socket (gracefulClose)+ gracefulClose, #endif+ withSocketsDo,+ ) import Network.Socket.ByteString (sendAll) import qualified Network.TLS as TLS import qualified Crypto.PubKey.DH as DH@@ -102,6 +108,7 @@ , tlsSessionManagerConfig = Nothing , tlsCredentials = Nothing , tlsSessionManager = Nothing+ , tlsSupportedHashSignatures = TLS.supportedHashSignatures def } -- taken from stunnel example in tls-extra@@ -139,7 +146,7 @@ :: S.ByteString -- ^ Certificate bytes -> S.ByteString -- ^ Key bytes -> TLSSettings-tlsSettingsMemory cert key = defaultTlsSettings { +tlsSettingsMemory cert key = defaultTlsSettings { certSettings = CertFromMemory cert [] key } @@ -152,7 +159,7 @@ -> [S.ByteString] -- ^ Chain certificate bytes -> S.ByteString -- ^ Key bytes -> TLSSettings-tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings { +tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings { certSettings = CertFromMemory cert chainCerts key } @@ -160,11 +167,11 @@ -- representations of the certificate and key based on 'defaultTlsSettings'. -- -- @since 3.3.0-tlsSettingsRef +tlsSettingsRef :: I.IORef S.ByteString -- ^ Reference to certificate bytes- -> I.IORef (S.ByteString) -- ^ Reference to key bytes - -> TLSSettings -tlsSettingsRef cert key = defaultTlsSettings { + -> I.IORef S.ByteString -- ^ Reference to key bytes+ -> TLSSettings+tlsSettingsRef cert key = defaultTlsSettings { certSettings = CertFromRef cert [] key } @@ -172,12 +179,12 @@ -- representations of the certificate and key based on 'defaultTlsSettings'. -- -- @since 3.3.0-tlsSettingsChainRef +tlsSettingsChainRef :: I.IORef S.ByteString -- ^ Reference to certificate bytes -> [I.IORef S.ByteString] -- ^ Reference to chain certificate bytes- -> I.IORef (S.ByteString) -- ^ Reference to key bytes - -> TLSSettings -tlsSettingsChainRef cert chainCerts key = defaultTlsSettings { + -> I.IORef S.ByteString -- ^ Reference to key bytes+ -> TLSSettings+tlsSettingsChainRef cert chainCerts key = defaultTlsSettings { certSettings = CertFromRef cert chainCerts key } @@ -195,11 +202,11 @@ loadCredentials :: TLSSettings -> IO TLS.Credentials loadCredentials TLSSettings{ tlsCredentials = Just creds } = return creds-loadCredentials TLSSettings{..} = case certSettings of +loadCredentials TLSSettings{..} = case certSettings of CertFromFile cert chainFiles key -> do cred <- either error id <$> TLS.credentialLoadX509Chain cert chainFiles key return $ TLS.Credentials [cred]- CertFromRef certRef chainCertsRef keyRef -> do + CertFromRef certRef chainCertsRef keyRef -> do cert <- I.readIORef certRef chainCerts <- mapM I.readIORef chainCertsRef key <- I.readIORef keyRef@@ -224,8 +231,8 @@ runTLSSocket' tlsset set credentials mgr sock app runTLSSocket' :: TLSSettings -> Settings -> TLS.Credentials -> TLS.SessionManager -> Socket -> Application -> IO ()-runTLSSocket' tlsset@TLSSettings{..} set credentials mgr sock app =- runSettingsConnectionMakerSecure set get app+runTLSSocket' tlsset@TLSSettings{..} set credentials mgr sock =+ runSettingsConnectionMakerSecure set get where get = getter tlsset set sock params params = def { -- TLS.ServerParams@@ -256,6 +263,7 @@ , TLS.supportedClientInitiatedRenegotiation = False , TLS.supportedSession = True , TLS.supportedFallbackScsv = True+ , TLS.supportedHashSignatures = tlsSupportedHashSignatures #if MIN_VERSION_tls(1,5,0) , TLS.supportedGroups = [TLS.X25519,TLS.P256,TLS.P384] #endif@@ -296,11 +304,12 @@ TLS.handshake ctx h2 <- (== Just "h2") <$> TLS.getNegotiatedProtocol ctx isH2 <- I.newIORef h2- writeBuf <- allocateBuffer bufferSize+ writeBuffer <- createWriteBuffer bufferSize+ writeBufferRef <- I.newIORef writeBuffer -- Creating a cache for leftover input data. ref <- I.newIORef "" tls <- getTLSinfo ctx- return (conn ctx writeBuf ref isH2, tls)+ return (conn ctx writeBufferRef ref isH2, tls) where backend recvN = TLS.Backend { TLS.backendFlush = return ()@@ -318,22 +327,21 @@ else Nothing) throwIO $ sendAll sock bs- conn ctx writeBuf ref isH2 = Connection {+ conn ctx writeBufferRef ref isH2 = Connection { connSendMany = TLS.sendData ctx . L.fromChunks , connSendAll = sendall , connSendFile = sendfile , connClose = close'- , connFree = freeBuffer writeBuf , connRecv = recv ref , connRecvBuf = recvBuf ref- , connWriteBuffer = writeBuf- , connBufferSize = bufferSize+ , connWriteBuffer = writeBufferRef , connHTTP2 = isH2 } where sendall = TLS.sendData ctx . L.fromChunks . return- sendfile fid offset len hook headers =- readSendFile writeBuf bufferSize sendall fid offset len hook headers+ sendfile fid offset len hook headers = do+ writeBuffer <- I.readIORef writeBufferRef+ readSendFile (bufBuffer writeBuffer) (bufSize writeBuffer) sendall fid offset len hook headers close' = void (tryIO sendBye) `finally` TLS.contextClose ctx@@ -392,7 +400,7 @@ bs <- recv let len = S.length bs if len == 0 then return (False, "")- else if (len <= siz) then do+ else if len <= siz then do buf' <- copy buf bs loop buf' (siz - len) else do
Network/Wai/Handler/WarpTLS/Internal.hs view
@@ -17,9 +17,9 @@ ---------------------------------------------------------------- --- | Determines where to load the certificate, chain +-- | Determines where to load the certificate, chain -- certificates, and key from.-data CertSettings +data CertSettings = CertFromFile !FilePath ![FilePath] !FilePath | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef S.ByteString)@@ -41,7 +41,7 @@ -- -- >>> certSettings defaultTlsSettings -- tlsSettings "certificate.pem" "key.pem"- -- + -- -- @since 3.3.0 , onInsecure :: OnInsecure -- ^ Do we allow insecure connections with this server as well?@@ -131,6 +131,11 @@ -- specified, 'tlsSessionManagerConfig' is ignored. -- -- Since 3.2.12+ , tlsSupportedHashSignatures :: [TLS.HashAndSignatureAlgorithm]+ -- ^ Specifying supported hash/signature algorithms, ordered by decreasing+ -- priority. See the "Network.TLS" module for details+ --+ -- Since 3.3.3 } @@ -138,4 +143,3 @@ -- | Some programs need access to cert settings getCertSettings :: TLSSettings -> CertSettings getCertSettings tlsSetgs = certSettings tlsSetgs-
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name: warp-tls-Version: 3.3.2+Version: 3.3.3 Synopsis: HTTP over TLS support for Warp via the TLS package License: MIT License-file: LICENSE@@ -21,7 +21,7 @@ Build-Depends: base >= 4.12 && < 5 , bytestring >= 0.9 , wai >= 3.2 && < 3.3- , warp >= 3.3.6 && < 3.4+ , warp >= 3.3.22 && < 3.4 , data-default-class >= 0.0.1 , tls >= 1.5.3 , cryptonite >= 0.12