acid-state-tls-0.9.2: Add TLS support for Data.Acid.Remote

Portabilitynon-portable (uses GHC extensions)
Maintainerlemmih@gmail.com, jeremy@n-heptane.com
Safe HaskellNone

Data.Acid.Remote.TLS

Contents

Description

This module provides the same functionality as Data.Acid.Remote but over a secured TLS socket.

Synopsis

Server/Client

acidServerTLSSource

Arguments

:: SafeCopy st 
=> FilePath

path to ssl certificate

-> FilePath

path to ssl private key

-> (CommChannel -> IO Bool)

authorization function

-> PortID

port to list on

-> AcidState st

AcidState to serve

-> IO () 

Accept connections on port and handle requests using the given AcidState. This call doesn't return.

The connection is secured using TLS/SSL.

On Unix®-like systems you can useUnixSocket to communicate using a socket file. To control access, you can set the permissions of the parent directory which contains the socket file.

see also: openRemoteStateTLS and sharedSecretCheck.

openRemoteStateTLSSource

Arguments

:: IsAcidic st 
=> (CommChannel -> IO ())

authentication function, see sharedSecretPerform

-> HostName

remote host to connect to (ignored when PortID is UnixSocket)

-> PortID

remote port to connect to

-> IO (AcidState st) 

Connect to an acid-state server which is sharing an AcidState.

The connection is secured using SSL/TLS.

Authentication

skipAuthenticationCheck :: CommChannel -> IO Bool

skip server-side authentication checking entirely.

skipAuthenticationPerform :: CommChannel -> IO ()

skip client-side authentication entirely.

sharedSecretCheck

Arguments

:: Set ByteString

set of shared secrets

-> CommChannel 
-> IO Bool 

check that the client knows a shared secret.

The function takes a Set of shared secrets. If a client knows any of them, it is considered to be trusted.

The shared secret is any ByteString of your choice.

If you give each client a different shared secret then you can revoke access individually.

see also: sharedSecretPerform

sharedSecretPerform

Arguments

:: ByteString

shared secret

-> CommChannel 
-> IO () 

attempt to authenticate with the server using a shared secret.