Permalink
Browse files

tls 1.0

  • Loading branch information...
1 parent 998d8cc commit 392d5a71ec91118ae45e8dda629a99853db5b434 @snoyberg snoyberg committed Oct 24, 2012
Showing with 28 additions and 4 deletions.
  1. +24 −0 warp-tls/Network/Wai/Handler/WarpTLS.hs
  2. +4 −4 warp-tls/warp-tls.cabal
@@ -1,5 +1,6 @@
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RankNTypes #-}
+{-# LANGUAGE CPP #-}
module Network.Wai.Handler.WarpTLS
( TLSSettings (..)
, runTLS
@@ -38,12 +39,23 @@ runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()
runTLSSocket tset set sock app = do
certs <- readCertificates $ certFile tset
pk <- readPrivateKey $ keyFile tset
+#if MIN_VERSION_tls(1, 0, 0)
+ let params =
+ TLS.updateServerParams
+ (\sp -> sp { TLS.serverWantClientCert = False }) $
+ TLS.defaultParamsServer
+ { TLS.pAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]
+ , TLS.pCiphers = ciphers
+ , TLS.pCertificates = zip certs $ (Just pk):repeat Nothing
+ }
+#else
let params = TLS.defaultParams
{ TLS.pWantClientCert = False
, TLS.pAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]
, TLS.pCiphers = ciphers
, TLS.pCertificates = zip certs $ (Just pk):repeat Nothing
}
+#endif
runSettingsConnection set (getter params sock) app
where
retry :: Socket -> TLS.TLSParams -> Socket -> SomeException -> IO (Connection, SockAddr)
@@ -63,13 +75,25 @@ runTLSSocket tset set sock app = do
if maybe False ((== 0x16) . fst) (firstBS >>= B.uncons)
then do
gen <- newGenIO
+#if MIN_VERSION_tls(1, 0, 0)
+ ctx <- TLS.contextNew
+ TLS.Backend
+ { TLS.backendFlush = return ()
+ , TLS.backendClose = return ()
+ , TLS.backendSend = \bs -> C.yield bs C.$$ toClient
+ , TLS.backendRecv = getNext . takeMost
+ }
+ params
+ (gen :: SystemRandom)
+#else
ctx <- TLS.serverWith
params
(gen :: SystemRandom)
s
(return ()) -- flush
(\bs -> C.yield bs C.$$ toClient)
(getNext . takeMost)
+#endif
TLS.handshake ctx
let conn = Connection
{ connSendMany = TLS.sendData ctx . L.fromChunks
@@ -1,5 +1,5 @@
Name: warp-tls
-Version: 1.3.2
+Version: 1.3.3
Synopsis: SSL support for Warp via the TLS package
License: MIT
License-file: LICENSE
@@ -20,11 +20,11 @@ Library
, transformers >= 0.2 && < 0.4
, conduit >= 0.5 && < 0.6
, network-conduit >= 0.5 && < 0.7
- , certificate >= 1.2 && < 1.3
+ , certificate >= 1.2 && < 1.4
, pem >= 0.1 && < 0.2
, cryptocipher >= 0.3 && < 0.4
- , tls-extra >= 0.4.5 && < 0.5
- , tls >= 0.9.6 && < 0.10
+ , tls-extra >= 0.4.5 && < 0.6
+ , tls >= 0.9.6 && < 1.1
, crypto-api >= 0.8 && < 0.11
, network >= 2.2.1
Exposed-modules: Network.Wai.Handler.WarpTLS

0 comments on commit 392d5a7

Please sign in to comment.