Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 410 lines (319 sloc) 13.845 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409
-*- coding: utf-8 -*-

Changes from 0.10.3 to 0.10.3.1
-------------------------------
* Merged #14 "Fixed X509_STORE_CTX bindings vs OpenSSL 0.9.x" by
  Mikhail Vorozhtsov


Changes from 0.10.2.1 to 0.10.3
-------------------------------
* Merged #12 "Bindings to some of the X509_STORE_CTX functions" by
  Mikhail Vorozhtsov:

  - New functions in OpenSSL.X509.Store:
    - getStoreCtxCert
    - getStoreCtxIssuer
    - getStoreCtxCRL
    - getStoreCtxChain

* Merged #13 "Fixed early verification callback deallocation crash" by
  Mikhail Vorozhtsov.


Changes from 0.10.2 to 0.10.2.1
-------------------------------
* Merged #10 "Fix X509 PEM reading/writing" by Mikhail Vorozhtsov:

  - OpenSSL.PEM.readX509 now uses PEM_read_bio_X509() instead of
    PEM_read_bio_X509_AUX().

  - OpenSSL.PEM.writeX509 now uses PEM_write_bio_X509() instead of
    PEM_write_bio_X509_AUX().


Changes from 0.10.1.4 to 0.10.2
-------------------------------
* Merged #9 "Add raw pointer read/write operations" by Iavor
  S. Diatchki:

  - OpenSSL.Session.readPtr
  - OpenSSL.Session.tryReadPtr
  - OpenSSL.Session.writePtr
  - OpenSSL.Session.tryWritePtr

* Fixed #8 "HsOpenSSL 0.10.1.4 won't build" reported by vcxp:

  - Workaround for broken versions of Cabal, including one that comes
    with ghc-7.0.4.


Changes from 0.10.1.3 to 0.10.1.4
---------------------------------
* Fixed #7 "Haskell Platform 2011.4 Support", reported by stepcut:
  - Foreign.ForeignPtr.Unsafe does not exist prior to base-4.4


Changes from 0.10.1.2 to 0.10.1.3
---------------------------------
* OpenSSL.Session:
  - SSL, SSLContext, SSLResult, ShutdownType and VerificationMode are
    now instances of Typeable.

* Applied a series of patches "Various fixes for GHC 7.5" by Ben Gamari:
  - Use unsafeForeignPtrToPtr from Foreign.ForeignPtr.Unsafe
  - Use unsafePerformIO from System.IO.Unsafe
  - Add Num to constraints with Bits


Changes from 0.10.1.1 to 0.10.1.2
---------------------------------
* Applied a patch by Mikhail Vorozhtsov:
  - Moved all EVP-related private functions to OpenSSL.EVP.Internal.

* Improve the error handling in OpenSSL.Session:
  - SSL_get_error() must be called within the OS thread which caused
    the failed operation as it inspects the thread-local storage.
  - write/tryWrite should throw EPIPE for cleanly-closed connections
    rather than EOF.
  - shutdown/tryShutdown shouldn't throw an exception when a remote
    peer sends us a "close notify" alert and closes the connection
    without waiting for our reply.
  - ProtocolError should contain an error message string.


Changes from 0.10.1 to 0.10.1.1
-------------------------------
* Applied a patch by Peter Gammie:
  - GHC 6.12.3 friendliness: don't use Control.Monad.void

* Applied a patch by Peter Gammie and David Terei:
  - Placate LLVM in GHC 7.3.x HEAD: give memcpy the right
    type. Courtesy of David Terei.

* Applied a patch by Mikhail Vorozhtsov:
  - Use throwIO instead of throw to raise SSL exceptions.

* Fixed breakage on OpenSSL 0.9.8:
  - DHparams_dup() is a function in OpenSSL 1.0.0 but is a macro in 0.9.8.
  - OpenSSL 0.9.8 doesn't provide X509_CRL_get0_by_serial().


Changes from 0.10 to 0.10.1
---------------------------
* Applied patches by Mikhail Vorozhtsov:
  - Added optional verification callback to VerifyPeer.
  - Added revocation lookup function.
  - Added bindings to Diffie-Hellman functions.
  - Expose low-level asynchronous versions of accept, connect, read,
    write and shutdown.

* Moved the repository to GitHub:
  git://github.com/phonohawk/HsOpenSSL.git


Changes from 0.9.0.1 to 0.10
----------------------------
* Applied a patch by Mikhail Vorozhtsov to support wrapping plain file
  descriptors in SSL connections.

  - New function:
      fdConnection :: SSLContext -> Socket -> IO SSL
      sslFd :: SSL -> Fd

  - Function signature change:
      sslSocket :: SSL -> Maybe Socket
      (It was "SSL -> Socket" before.)


Changes from 0.9 to 0.9.0.1
---------------------------
* Applied a patch by Mikhail Vorozhtsov

  - Added missing BangPatterns pragma to OpenSSL/BN.hsc. It was
    failing to build on GHC 7.1 without this.


Changes from 0.8.0.2 to 0.9
---------------------------
* (Suggested by Arthur Chan) Operations in OpenSSL.Session now throw
  exceptions of individual exception types instead of plain
  strings. The following exception types are defined:

    - ConnectionCleanlyClosed
    - ConnectionAbruptlyTerminated
    - WantConnect
    - WantAccept
    - WantX509Lookup
    - SSLIOError
    - ProtocolError
    - UnknownError(..)


Changes from 0.8 to 0.8.0.2
---------------------------
* 0.8.0.1 was broken so it's invalidated.

* Fix Windows support as suggested in this page:
  http://hackage.haskell.org/trac/ghc/wiki/Builder
  (Thanks Edward Z. Yang for notifying me.)


Changes from 0.7 to 0.8
-----------------------
* Applied 7 patches by Taru Karttunen:

  - Add cipherStrictLBS - Encrypt a lazy bytestring in a strict
    manner. Does not leak the keys

  - Add rsaCopyPublic and rsaKeyPairFinalize to OpenSSL.RSA

  - Document pkcs5_pbkdf2_hmac_sha1 in OpenSSL.EVP.Digest

  - Make OpenSSL.EVP.Sign.signFinal use ByteStrings internally

  - Export OpenSSL.EVP.Sign.signFinal

  - Add PEM-functionality with a new PwBS that works like PwStr except
    there are no superfluous extra copies retained in the memory.

  - Make PEM callbacks use bracket which makes cleanup work even if
    there are exceptions.


Changes from 0.6.5 to 0.7
-------------------------
* Applied patches by Taru Karttunen to make HsOpenSSL compatible with
  GHC 6.12.1.

* Many cosmetic changes to suppress warnings which GHC 6.12.1
  emits. It shouldn't change any semantics.


Changes from 0.6.4 to 0.6.5
---------------------------
* Suggestion by Carl Mackey:

  - OpenSSL.Cipher now exports a type AESCtx.


Changes from 0.6.3 to 0.6.4
---------------------------
* Applied a patch by Taru Karttunen:

  > Unbreak BIO ForeignPtrs for GHC 6.10
  >
  > In GHC 6.10 it is no longer possible to mix C and Haskell
  > finalizers on the same ForeignPtr. This patch fixes that
  > and unbreaks things for GHC 6.10.


Changes from 0.6.2 to 0.6.3
---------------------------
* Suggestion by Grant Monroe:

  - Changed the signature of OpenSSL.EVP.Sign.signBS from
      signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO String
    to
      signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO Strict.ByteString

  - Changed the signature of OpenSSL.EVP.Sign.signLBS from
      signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO String
    to
      signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO Lazy.ByteString


Chanegs from 0.6.1 to 0.6.2
---------------------------
* Applied a patch by John Van Enk and his friend:

  1) Moved away from the Configure build type to the Simple build
     type.

  2) Removed the direct dependency on pthreads. This involved an
     indirection layer using the preprocessor. In linux/bsd, we use
     pthreads. In windows, we call out to the OS mutexing
     functions. This allows us to "cabal install" the HsOpenSSL
     library from the cmd.exe terminal in windows *without* having to
     use cygwin.


Changes from 0.6 to 0.6.1
-------------------------
* OpenSSL.Session:
    - New functions:
      # lazyRead
      # lazyWrite
      # contextGetCAStore
      # contextSetPrivateKey
      # contextSetCertificate


Changes from 0.5.2 to 0.6
-------------------------
* INCOMPATIBLE CHANGES:
    + OpenSSL.DSA:
        - The data type "DSA" is now broken into two separate types
          "DSAPubKey" and "DSAKeyPair" to distinguish between public
          keys and keypairs at type-level. These two data types are
          instances of class "DSAKey".
        - These functions are renamed to avoid name collision with
          OpenSSL.RSA:
            # generateParameters --> generateDSAParameters
            # generateKey --> generateDSAKey
            # generateParametersAndKey --> generateDSAParametersAndKey
            # signDigestedData --> signDigestedDataWithDSA
            # verifyDigestedData --> verifyDigestedDataWithDSA
        - These functions are broken into two separate functions:
            # dsaToTuple --> dsaPubKeyToTuple, dsaKeyPairToTuple
            # tupleToDSA --> tupleToDSAPubKey, tupleToDSAKeyPair
    + OpenSSL.RSA:
        - The data type "RSA" is now broken into two separate types
          "RSAPubKey" and "RSAKeyPair" to distinguish between public
          keys and keypairs at type-level. These two data types are
          instances of class "RSAKey".
    + OpenSSL.EVP.PKey:
        - The data type "PKey" is now broken into two separate
          classes, not data types, "PublicKey" and "KeyPair" to
          distinguish between public keys and keypairs at
          type-level. You can pass "RSAPubKey" and such like directly
          to cryptographic functions instead of the prior polymorphic
          type "PKey", for the sake of type classes.
    + OpenSSL.EVP.Open:
        - These functions now take "KeyPair k" instead of "PKey":
            # open
            # openBS
            # openLBS
    + OpenSSL.EVP.Seal:
        - These functions now take "SomePublicKey" instead of "PKey":
            # seal
            # sealBS
            # sealLBS
    + OpenSSL.EVP.Sign:
        - These functions now take "KeyPair k" instead of "PKey":
            # sign
            # signBS
            # signLBS
    + OpenSSL.EVP.Verify:
        - These functions now take "PublicKey k" instead of "PKey":
            # verify
            # verifyBS
            # verifyLBS
    + OpenSSL.PEM:
        - writePKCS8PrivateKey now takes "KeyPair k" instead of "PKey".
        - readPrivateKey now returns "SomeKeyPair" instead of "PKey".
        - writePublicKey now takes "PublicKey k" instead of "PKey".
        - readPublicKey now returns "SomePublicKey" instead of "PKey".
    + OpenSSL.PKCS7:
        - pkcs7Sign now takes "KeyPair k" instead of "PKey".
        - pkcs7Decrypt now takes "KeyPair k" instead of "PKey".
    + OpenSSL.X509:
        - signX509 now takes "KeyPair k" instead of "PKey".
        - verifyX509 now takes "PublicKey k" instead of "PKey".
        - getPublicKey now returns "SomePublicKey" instead of "PKey".
        - setPublicKey now takes "PublicKey k" instead of "PKey".
    + OpenSSL.X509.Request:
        - signX509Req now takes "KeyPair k" instead of "PKey".
        - verifyX509Req now takes "PublicKey k" instead of "PKey".
        - getPublicKey now returns "SomePublicKey" instead of "PKey".
        - setPublicKey now takes "PublicKey k" instead of "PKey".
    + OpenSSL.X509.Revocation:
        - signCRL now takes "KeyPair k" instead of "PKey".
        - verifyCRL now takes "PublicKey k" instead of "PKey".
* OpenSSL.RSA:
    - RSAPubKey and RSAKeyPair are now instances of Eq, Ord and Show.
    - New function: generateRSAKey'
* OpenSSL.DSA:
    - DSAPubKey and DSAKeyPair are now instances of Eq, Ord and Show.

Changes from 0.5.1 to 0.5.2
---------------------------
* Fixed incorrect dependency declaration in HsOpenSSL.cabal. No
  semantical changes to the code.

Changes from 0.5 to 0.5.1
-------------------------
* Fixed breakage on 64-bit architectures.
  Reported by: Neumark Péter

Changes from 0.4.2 to 0.5
-------------------------
* Fixed breakage on GHC 6.10.1. And now requires 6.10.1...
* Applied a patch by Taru Karttunen:
  - Add pkcs5_pbkdf2_hmac_sha1 to OpenSSL.EVP.Digest


Changes from 0.4.1 to 0.4.2
---------------------------
* No .hs files which are generated from .hsc files should be in the
  tarball. If any .hs files are outdated, Cabal seems to compile the
  outdated files instead of newer .hsc files.


Changes from 0.4 to 0.4.1
-------------------------
* Applied patches by Adam Langley:
  - Fix BN<->Integer conversions on 64-bit systems
  - Another 64-bit fix (OpenSSL.ASN1.peekASN1String)
  - Add ByteString version of digestBS
  - Fix the foreign types of the cipher functions to use CInt, not Int
  - 64-bit fix for HMAC
  - Turn the Session IO inside out
  - Silly cosmetic change


Changes from 0.3.1 to 0.4
-------------------------
* Applied patches by Adam Langley:
  - Add the beginnings of session support
  - Add an example SSL server


Changes from 0.3 to 0.3.1
-------------------------
* OpenSSL.EVP.Base64: Fix a bug in an internal function `decodeBlock':
  decodeBase64* didn't drop the padding NUL.
* Applied patches by Adam Langley:
  - Updates for 6.8.1 (also *requires* 6.8.1 now)
  - tests/Base64.hs: Test for Base64


Changes from 0.2 to 0.3
-----------------------
* Applied patches by Adam Langley:
  - tests/DSA.hs: Add a DSA test: this just adds a binary which tests
    a few simple DSA cases (and runs a timing test) and prints "PASS"
    as the last line of stdout in the case that everything looks good.
    It doesn't include any hooks nor framework for running these.
  - Bug fix for fast Integer<->BN functions
  - OpenSSL.Cipher: Add non-EVP cipher support
  - OpenSSL.EVP.Digest: Add HMAC support in EVP
  - OpenSSL.Random: Add OpenSSL.Random
  - OpenSSL.BN: Additional utility functions in BN and exposing BN


Changes from 0.1.1. to 0.2
--------------------------
* Applied patches by Adam Langley:
  - OpenSSL.DSA: Add DSA support
  - OpenSSL.BN: Add support for fast Integer<->BN conversions
  - OpenSSL.BN: New BN utility function, newBN
  - OpenSSL.BN: FIX: set the BN ptr to NULL before calling BN_dec2bn,
    otherwise that function thinks that there's a valid BN there
  - OpenSSL.Utils: Add utility functions to print and read hex numbers


Changes from 0.1 to 0.1.1
-------------------------
* Moved hidden modules from Exposed-Modules to Other-Modules.
* Added "time >= 1.1.1" to the Build-Depends.
Something went wrong with that request. Please try again.