packages feed

warp-tls 3.3.2 → 3.3.3

raw patch · 4 files changed

+52/−31 lines, 4 filesdep ~warp

Dependency ranges changed: warp

Files

ChangeLog.md view
@@ -1,3 +1,12 @@+# ChangeLog++## 3.3.3++* Creating a bigger buffer when the current one is too small to fit the Builder+  [#895](https://github.com/yesodweb/wai/pull/895)+* Expose TLS.supportedHashSignatures via TLSSettings+  [#872](https://github.com/yesodweb/wai/pull/872)+ ## 3.3.2  * Providing the Internal module.
Network/Wai/Handler/WarpTLS.hs view
@@ -63,10 +63,16 @@ import Data.Streaming.Network (bindPortTCP, safeRecv) import Data.Typeable (Typeable) import GHC.IO.Exception (IOErrorType(..))-import Network.Socket (Socket, close, withSocketsDo, SockAddr, accept)+import Network.Socket (+    SockAddr,+    Socket,+    accept,+    close, #if MIN_VERSION_network(3,1,1)-import Network.Socket (gracefulClose)+    gracefulClose, #endif+    withSocketsDo,+ ) import Network.Socket.ByteString (sendAll) import qualified Network.TLS as TLS import qualified Crypto.PubKey.DH as DH@@ -102,6 +108,7 @@   , tlsSessionManagerConfig = Nothing   , tlsCredentials = Nothing   , tlsSessionManager = Nothing+  , tlsSupportedHashSignatures = TLS.supportedHashSignatures def   }  -- taken from stunnel example in tls-extra@@ -139,7 +146,7 @@     :: S.ByteString -- ^ Certificate bytes     -> S.ByteString -- ^ Key bytes     -> TLSSettings-tlsSettingsMemory cert key = defaultTlsSettings { +tlsSettingsMemory cert key = defaultTlsSettings {     certSettings = CertFromMemory cert [] key   } @@ -152,7 +159,7 @@     -> [S.ByteString] -- ^ Chain certificate bytes     -> S.ByteString -- ^ Key bytes     -> TLSSettings-tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings { +tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings {     certSettings = CertFromMemory cert chainCerts key   } @@ -160,11 +167,11 @@ -- representations of the certificate and key based on 'defaultTlsSettings'. -- -- @since 3.3.0-tlsSettingsRef +tlsSettingsRef     :: I.IORef S.ByteString -- ^ Reference to certificate bytes-    -> I.IORef (S.ByteString) -- ^ Reference to key bytes -    -> TLSSettings -tlsSettingsRef cert key = defaultTlsSettings { +    -> I.IORef S.ByteString -- ^ Reference to key bytes+    -> TLSSettings+tlsSettingsRef cert key = defaultTlsSettings {     certSettings = CertFromRef cert [] key   } @@ -172,12 +179,12 @@ -- representations of the certificate and key based on 'defaultTlsSettings'. -- -- @since 3.3.0-tlsSettingsChainRef +tlsSettingsChainRef     :: I.IORef S.ByteString -- ^ Reference to certificate bytes     -> [I.IORef S.ByteString] -- ^ Reference to chain certificate bytes-    -> I.IORef (S.ByteString) -- ^ Reference to key bytes -    -> TLSSettings -tlsSettingsChainRef cert chainCerts key = defaultTlsSettings { +    -> I.IORef S.ByteString -- ^ Reference to key bytes+    -> TLSSettings+tlsSettingsChainRef cert chainCerts key = defaultTlsSettings {     certSettings = CertFromRef cert chainCerts key   } @@ -195,11 +202,11 @@  loadCredentials :: TLSSettings -> IO TLS.Credentials loadCredentials TLSSettings{ tlsCredentials = Just creds } = return creds-loadCredentials TLSSettings{..} = case certSettings of +loadCredentials TLSSettings{..} = case certSettings of   CertFromFile cert chainFiles key -> do     cred <- either error id <$> TLS.credentialLoadX509Chain cert chainFiles key     return $ TLS.Credentials [cred]-  CertFromRef certRef chainCertsRef keyRef -> do +  CertFromRef certRef chainCertsRef keyRef -> do     cert <- I.readIORef certRef     chainCerts <- mapM I.readIORef chainCertsRef     key <- I.readIORef keyRef@@ -224,8 +231,8 @@     runTLSSocket' tlsset set credentials mgr sock app  runTLSSocket' :: TLSSettings -> Settings -> TLS.Credentials -> TLS.SessionManager -> Socket -> Application -> IO ()-runTLSSocket' tlsset@TLSSettings{..} set credentials mgr sock app =-    runSettingsConnectionMakerSecure set get app+runTLSSocket' tlsset@TLSSettings{..} set credentials mgr sock =+    runSettingsConnectionMakerSecure set get   where     get = getter tlsset set sock params     params = def { -- TLS.ServerParams@@ -256,6 +263,7 @@       , TLS.supportedClientInitiatedRenegotiation = False       , TLS.supportedSession             = True       , TLS.supportedFallbackScsv        = True+      , TLS.supportedHashSignatures      = tlsSupportedHashSignatures #if MIN_VERSION_tls(1,5,0)       , TLS.supportedGroups              = [TLS.X25519,TLS.P256,TLS.P384] #endif@@ -296,11 +304,12 @@     TLS.handshake ctx     h2 <- (== Just "h2") <$> TLS.getNegotiatedProtocol ctx     isH2 <- I.newIORef h2-    writeBuf <- allocateBuffer bufferSize+    writeBuffer <- createWriteBuffer bufferSize+    writeBufferRef <- I.newIORef writeBuffer     -- Creating a cache for leftover input data.     ref <- I.newIORef ""     tls <- getTLSinfo ctx-    return (conn ctx writeBuf ref isH2, tls)+    return (conn ctx writeBufferRef ref isH2, tls)   where     backend recvN = TLS.Backend {         TLS.backendFlush = return ()@@ -318,22 +327,21 @@         else Nothing)       throwIO       $ sendAll sock bs-    conn ctx writeBuf ref isH2 = Connection {+    conn ctx writeBufferRef ref isH2 = Connection {         connSendMany         = TLS.sendData ctx . L.fromChunks       , connSendAll          = sendall       , connSendFile         = sendfile       , connClose            = close'-      , connFree             = freeBuffer writeBuf       , connRecv             = recv ref       , connRecvBuf          = recvBuf ref-      , connWriteBuffer      = writeBuf-      , connBufferSize       = bufferSize+      , connWriteBuffer      = writeBufferRef       , connHTTP2            = isH2       }       where         sendall = TLS.sendData ctx . L.fromChunks . return-        sendfile fid offset len hook headers =-            readSendFile writeBuf bufferSize sendall fid offset len hook headers+        sendfile fid offset len hook headers = do+            writeBuffer <- I.readIORef writeBufferRef+            readSendFile (bufBuffer writeBuffer) (bufSize writeBuffer) sendall fid offset len hook headers          close' = void (tryIO sendBye) `finally`                  TLS.contextClose ctx@@ -392,7 +400,7 @@       bs <- recv       let len = S.length bs       if len == 0 then return (False, "")-        else if (len <= siz) then do+        else if len <= siz then do           buf' <- copy buf bs           loop buf' (siz - len)         else do
Network/Wai/Handler/WarpTLS/Internal.hs view
@@ -17,9 +17,9 @@  ---------------------------------------------------------------- --- | Determines where to load the certificate, chain +-- | Determines where to load the certificate, chain -- certificates, and key from.-data CertSettings +data CertSettings   = CertFromFile !FilePath ![FilePath] !FilePath   | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString   | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef S.ByteString)@@ -41,7 +41,7 @@     --     -- >>> certSettings defaultTlsSettings     -- tlsSettings "certificate.pem" "key.pem"-    -- +    --     -- @since 3.3.0   , onInsecure :: OnInsecure     -- ^ Do we allow insecure connections with this server as well?@@ -131,6 +131,11 @@     --   specified, 'tlsSessionManagerConfig' is ignored.     --     --   Since 3.2.12+  , tlsSupportedHashSignatures :: [TLS.HashAndSignatureAlgorithm]+    -- ^ Specifying supported hash/signature algorithms, ordered by decreasing+    -- priority. See the "Network.TLS" module for details+    --+    --   Since 3.3.3   }  @@ -138,4 +143,3 @@ -- | Some programs need access to cert settings getCertSettings :: TLSSettings -> CertSettings getCertSettings tlsSetgs = certSettings tlsSetgs-
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name:                warp-tls-Version:             3.3.2+Version:             3.3.3 Synopsis:            HTTP over TLS support for Warp via the TLS package License:             MIT License-file:        LICENSE@@ -21,7 +21,7 @@   Build-Depends:     base                          >= 4.12     && < 5                    , bytestring                    >= 0.9                    , wai                           >= 3.2      && < 3.3-                   , warp                          >= 3.3.6    && < 3.4+                   , warp                          >= 3.3.22   && < 3.4                    , data-default-class            >= 0.0.1                    , tls                           >= 1.5.3                    , cryptonite                    >= 0.12