Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
...
Checking mergeability… Don't worry, you can still create the pull request.
  • 5 commits
  • 3 files changed
  • 0 commit comments
  • 2 contributors
Commits on Apr 20, 2012
@vincenthz bump certificate version to > 1.1 0871e47
@vincenthz add some debug info bf2f276
@vincenthz put a high bound for cryptocipher 9dddf36
@meteficha meteficha Define MonadState TLSSt's state function.
For some reason that I still don't know, when using state's
default definition with libraries

         base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702
         bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376
         cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874
         certificate-1.2.1-c61f160cdafc328081aeb08858403878
         crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2
         cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2
         cryptohash-0.7.4-f6e253339d77757de756f81f77755b35
         mtl-2.1-e90c46af21f3870cee46f6218510d29d

I get <<loop>> for anything that uses the 'modify' function
(which in turn is defined in terms of 'state').  In particular, I
get it for 'startHandshakeClient' which is used in the beginning
by all tls clients.  For example,

  $ tls-simpleclient graph.facebook.com 443
  tls-simpleclient: <<loop>>

This commit fixes this bug.

(This is a harmless commit in the sense that even if I don't know
why this bug was happenning, it doesn't hurt to have an explicit
definition of 'state' -- it may actually save a few nanoseconds
here and there.)

Conflicts:

	Network/TLS/State.hs
3f280e2
@meteficha meteficha Define 'state' only for mtl >= 2.1.
Conflicts:

	Network/TLS/State.hs
cb0cb14
Showing with 26 additions and 3 deletions.
  1. +4 −1 Network/TLS/State.hs
  2. +20 −0 README.md
  3. +2 −2 tls.cabal
View
5 Network/TLS/State.hs
@@ -1,4 +1,4 @@
-{-# LANGUAGE GeneralizedNewtypeDeriving, FlexibleContexts, MultiParamTypeClasses, ExistentialQuantification, RankNTypes #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving, FlexibleContexts, MultiParamTypeClasses, ExistentialQuantification, RankNTypes, CPP #-}
-- |
-- Module : Network.TLS.State
-- License : BSD-style
@@ -134,6 +134,9 @@ instance Functor TLSSt where
instance MonadState TLSState TLSSt where
put x = TLSSt (lift $ put x)
get = TLSSt (lift get)
+#if MIN_VERSION_mtl(2,1,0)
+ state f = TLSSt (lift $ state f)
+#endif
runTLSState :: TLSSt a -> TLSState -> (Either TLSError a, TLSState)
runTLSState f st = runState (runErrorT (runTLSSt f)) st
View
20 README.md
@@ -23,3 +23,23 @@ Features
* bulk algorithm supported: any stream or block ciphers.
* supported extensions: secure renegociation, next protocol negotiation (draft 2)
+Common Issues
+-------------
+
+The tools mentioned below are all available from the tls-debug package.
+
+* Certificate issues
+
+It's useful to run the following command, which will connect to the destination and
+retrieve the certificate chained used.
+
+ tls-retrievecertificate -d <destination> -p <port> -v -c
+
+As an output it will print every certificates in the chain and will gives the issuer and subjects of each.
+It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:
+
+ (subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)
+
+A "CA is unknown" error indicates that your system doesn't have a certificate in
+the trusted store belonging to any of the node of the chain.
+
View
4 tls.cabal
@@ -41,8 +41,8 @@ Library
, cereal >= 0.3
, bytestring
, crypto-api >= 0.5
- , cryptocipher >= 0.3.0
- , certificate >= 1.1.0 && < 1.2.0
+ , cryptocipher >= 0.3.0 && < 0.4.0
+ , certificate >= 1.2.0 && < 1.3.0
Exposed-modules: Network.TLS
Network.TLS.Cipher
Network.TLS.Compression

No commit comments for this range

Something went wrong with that request. Please try again.