Portability | non-portable (uses GHC extensions) |
---|---|
Maintainer | lemmih@gmail.com, jeremy@n-heptane.com |
Safe Haskell | None |
This module provides the same functionality as Data.Acid.Remote but over a secured TLS socket.
- acidServerTLS :: SafeCopy st => FilePath -> FilePath -> (CommChannel -> IO Bool) -> PortID -> AcidState st -> IO ()
- openRemoteStateTLS :: IsAcidic st => (CommChannel -> IO ()) -> HostName -> PortID -> IO (AcidState st)
- skipAuthenticationCheck :: CommChannel -> IO Bool
- skipAuthenticationPerform :: CommChannel -> IO ()
- sharedSecretCheck :: Set ByteString -> CommChannel -> IO Bool
- sharedSecretPerform :: ByteString -> CommChannel -> IO ()
Server/Client
:: SafeCopy st | |
=> FilePath | path to ssl certificate |
-> FilePath | path to ssl private key |
-> (CommChannel -> IO Bool) | authorization function |
-> PortID | port to list on |
-> AcidState st |
|
-> IO () |
Accept connections on port
and handle requests using the given AcidState
.
This call doesn't return.
The connection is secured using TLS/SSL.
On Unix®-like systems you can useUnixSocket
to communicate
using a socket file. To control access, you can set the permissions of
the parent directory which contains the socket file.
see also: openRemoteStateTLS
and sharedSecretCheck
.
:: IsAcidic st | |
=> (CommChannel -> IO ()) | authentication function, see |
-> HostName | remote host to connect to (ignored when |
-> PortID | remote port to connect to |
-> IO (AcidState st) |
Connect to an acid-state server which is sharing an AcidState
.
The connection is secured using SSL/TLS.
Authentication
skipAuthenticationCheck :: CommChannel -> IO Bool
skip server-side authentication checking entirely.
skipAuthenticationPerform :: CommChannel -> IO ()
skip client-side authentication entirely.
:: Set ByteString | set of shared secrets |
-> CommChannel | |
-> IO Bool |
check that the client knows a shared secret.
The function takes a Set
of shared secrets. If a client knows any
of them, it is considered to be trusted.
The shared secret is any ByteString
of your choice.
If you give each client a different shared secret then you can revoke access individually.
see also: sharedSecretPerform
:: ByteString | shared secret |
-> CommChannel | |
-> IO () |
attempt to authenticate with the server using a shared secret.