- module Network.GnuTLS.Attributes
- data CipherAlgorithm
- = CipherUnknown
- | CipherNull
- | CipherArcfour128
- | Cipher3desCbc
- | CipherAes128Cbc
- | CipherAes256Cbc
- | CipherArcfour40
- | CipherCamellia128Cbc
- | CipherCamellia256Cbc
- | CipherRc240Cbc
- | CipherDesCbc
- | CipherIdeaPgpCfb
- | Cipher3desPgpCfb
- | CipherCast5PgpCfb
- | CipherBlowfishPgpCfb
- | CipherSaferSk128PgpCfb
- | CipherAes128PgpCfb
- | CipherAes192PgpCfb
- | CipherAes256PgpCfb
- | CipherTwofishPgpCfb
- data KxAlgorithm
- data ParamsType
- data CredentialsType
- = CrdCertificate
- | CrdAnon
- | CrdSrp
- | CrdPsk
- | CrdIa
- data MacAlgorithm
- data DigestAlgorithm
- data CompressionMethod
- = CompUnknown
- | CompNull
- | CompDeflate
- | CompLzo
- data ConnectionEnd
- data AlertLevel
- data AlertDescription
- = ACloseNotify
- | AUnexpectedMessage
- | ABadRecordMac
- | ADecryptionFailed
- | ARecordOverflow
- | ADecompressionFailure
- | AHandshakeFailure
- | ASsl3NoCertificate
- | ABadCertificate
- | AUnsupportedCertificate
- | ACertificateRevoked
- | ACertificateExpired
- | ACertificateUnknown
- | AIllegalParameter
- | AUnknownCa
- | AAccessDenied
- | ADecodeError
- | ADecryptError
- | AExportRestriction
- | AProtocolVersion
- | AInsufficientSecurity
- | AInternalError
- | AUserCanceled
- | ANoRenegotiation
- | AUnsupportedExtension
- | ACertificateUnobtainable
- | AUnrecognizedName
- | AUnknownPskIdentity
- | AInnerApplicationFailure
- | AInnerApplicationVerification
- data HandshakeDescription
- data CertificateStatus
- data CertificateRequest
- = CertIgnore
- | CertRequest
- | CertRequire
- data CloseRequest
- data Protocol
- = Ssl3
- | Tls10
- | Tls11
- | Tls12
- | VersionUnknown
- data CertificateType
- = CrtUnknown
- | CrtX509
- | CrtOpenpgp
- data X509CertificateFormat
- = X509FmtDer
- | X509FmtPem
- data PkAlgorithm
- data SignAlgorithm
- data Session a
- data DH
- data RSA
- data AnonymousServerCredentials
- data AnonymousClientCredentials
- data Server
- data Client
- type Transport = Ptr () -> Int -> Ptr CInt -> IO Int
- data CertificateCredentials
- class Datum a where
- class SetPriority a where
- setPriority :: Session t -> [a] -> IO ()
- setDefaultPriority :: Session t -> IO ()
- setDefaultExportPriority :: Session t -> IO ()
- class SetCredentials st a where
- setCredentials :: Session st -> a -> IO ()
- data Clear = Clear
- tlsClient :: [AttrOp (Session Client)] -> IO (Session Client)
- tlsServer :: [AttrOp (Session Server)] -> IO (Session Server)
- priorities :: SetPriority a => WriteAttr (Session t) [a]
- credentials :: SetCredentials t a => WriteAttr (Session t) a
- dhPrimeBits :: ReadWriteAttr (Session t) Int Int
- transport :: ReadWriteAttr (Session t) (Transport, Transport) (Transport, Transport)
- handle :: WriteAttr (Session t) Handle
- clientCert :: WriteAttr (Session Server) CertificateRequest
- handshake :: Session t -> IO ()
- rehandshake :: Session Server -> IO ()
- bye :: Session t -> CloseRequest -> IO ()
- setMaxHandshakePacketLength :: Session t -> Int -> IO ()
- serverWantedAuth :: Session Client -> IO Bool
- verifyPeer :: Session t -> IO [CertificateStatus]
- isResumed :: Session t -> IO Bool
- getAlert :: Session t -> IO AlertDescription
- getCipher :: Session t -> IO CipherAlgorithm
- getKx :: Session t -> IO KxAlgorithm
- getMac :: Session t -> IO MacAlgorithm
- getCompression :: Session t -> IO CompressionMethod
- getCertificateType :: Session t -> IO CertificateType
- getProtocol :: Session t -> IO Protocol
- getCredentialsType :: Session t -> IO CredentialsType
- getServerCredentialsType :: Session t -> IO CredentialsType
- getClientCredentialsType :: Session t -> IO CredentialsType
- getPeersCertificatesRaw :: Session t -> IO [(Ptr CChar, Int)]
- tlsSend :: Session t -> Ptr a -> Int -> IO Int
- tlsSendString :: Session t -> String -> IO ()
- tlsRecv :: Session t -> Ptr a -> Int -> IO Int
- tlsRecvString :: Session t -> IO String
- tlsCheckPending :: Session t -> IO Int
- certificateCredentials :: IO CertificateCredentials
- freeKeys :: CertificateCredentials -> IO ()
- freeCas :: CertificateCredentials -> IO ()
- freeCaNames :: CertificateCredentials -> IO ()
- freeCrls :: CertificateCredentials -> IO ()
- certificateTrustFile :: CertificateCredentials -> FilePath -> X509CertificateFormat -> IO Int
- certificateCrlFile :: CertificateCredentials -> FilePath -> X509CertificateFormat -> IO Int
- certificateKeyFile :: CertificateCredentials -> FilePath -> FilePath -> X509CertificateFormat -> IO Int
- anonymousServerCredentials :: IO AnonymousServerCredentials
- anonymousClientCredentials :: IO AnonymousClientCredentials
- class SetDHParams a where
- setDHParams :: a -> DH -> IO ()
- class CredParameter a where
- newDH :: IO DH
- newRSA :: IO RSA
- cipherKeySize :: CipherAlgorithm -> Int
- cipherSuiteName :: KxAlgorithm -> CipherAlgorithm -> MacAlgorithm -> String
- version :: String
- gnutlsGlobalInit :: IO ()
- module Network.GnuTLS.GnuTLSMonad
- module Network.GnuTLS.OID
- module Network.GnuTLS.X509
Documentation
module Network.GnuTLS.Attributes
Enumerations
data CipherAlgorithm Source
data KxAlgorithm Source
data CredentialsType Source
data MacAlgorithm Source
data DigestAlgorithm Source
data CompressionMethod Source
data AlertDescription Source
data CertificateStatus Source
data CertificateType Source
data SignAlgorithm Source
Types
Priority
class SetPriority a whereSource
Set the priority of the specified category. On servers this means the set of acceptable values, on clients it sets the priorities.
setPriority :: Session t -> [a] -> IO ()Source
setDefaultPriority :: Session t -> IO ()Source
Set default priorities. This is called whenever a new Session
is created to
ensure sensible defaults.
setDefaultExportPriority :: Session t -> IO ()Source
Set default priorities conforming with various export regulations. Includes weak algorithms.
Credentials
class SetCredentials st a whereSource
Set the credentials associated with a session.
setCredentials :: Session st -> a -> IO ()Source
Used to clear all credentials associated with a session.
Creating connections
Session Accessors
priorities :: SetPriority a => WriteAttr (Session t) [a]Source
credentials :: SetCredentials t a => WriteAttr (Session t) aSource
dhPrimeBits :: ReadWriteAttr (Session t) Int IntSource
clientCert :: WriteAttr (Session Server) CertificateRequestSource
Set whether we want to do client authentication.
Managing connection
handshake :: Session t -> IO ()Source
Perform a handshake with the peer and initialize a TLS/SSL connection. Note that after the handshake completes applications must check whether a high enough level of confidentiality was established.
rehandshake :: Session Server -> IO ()Source
Tells the client that we want to renogotiate the handshake. If the function
succeeds then handshake
can be called again on the connection.
bye :: Session t -> CloseRequest -> IO ()Source
Terminates the current TLS connection, which has been succesfully established
with handshake
. Notifies the peer with an alert that the connection is closing.
setMaxHandshakePacketLength :: Session t -> Int -> IO ()Source
Set the maximum size of a handshake request. Larger requests are ignored. Defaults to 16kb which should be large enough.
Querying connection attributes
verifyPeer :: Session t -> IO [CertificateStatus]Source
getAlert :: Session t -> IO AlertDescriptionSource
Return the value of the last alert received - undefined if no alert has been received.
getCipher :: Session t -> IO CipherAlgorithmSource
Return the currently used cipher.
getKx :: Session t -> IO KxAlgorithmSource
Return the key exchange algorithm used in the last handshake.
getMac :: Session t -> IO MacAlgorithmSource
Return the mac algorithm currently used.
getCompression :: Session t -> IO CompressionMethodSource
Return the compression method currently used.
getCertificateType :: Session t -> IO CertificateTypeSource
Return the currently used certificate type.
getProtocol :: Session t -> IO ProtocolSource
Return the currently used protocol version.
getCredentialsType :: Session t -> IO CredentialsTypeSource
Return type of credentials for the current authentication schema.
getServerCredentialsType :: Session t -> IO CredentialsTypeSource
Return the type of credentials used for authenticating the server. Available with GnuTLS 1.2.
getClientCredentialsType :: Session t -> IO CredentialsTypeSource
Return the type of credentials used for authenticating the client. Available with GnuTLS 1.2.
getPeersCertificatesRaw :: Session t -> IO [(Ptr CChar, Int)]Source
Get the certificate chain of the peer. In the case of X509 will return DER encoded certificate list beginning with the peers key and continuing in the issuer chain. With OpenPGP a single key will be returned in the raw format.
Sending and receiving data
tlsRecvString :: Session t -> IO StringSource
tlsCheckPending :: Session t -> IO IntSource
Certificate functions
certificateKeyFile :: CertificateCredentials -> FilePath -> FilePath -> X509CertificateFormat -> IO IntSource
Miscellaneous
class SetDHParams a whereSource
setDHParams :: a -> DH -> IO ()Source
class CredParameter a whereSource
cipherKeySize :: CipherAlgorithm -> IntSource
Return the cipher's key size in bytes.
cipherSuiteName :: KxAlgorithm -> CipherAlgorithm -> MacAlgorithm -> StringSource
Return the name of the ciphersuite.
gnutlsGlobalInit :: IO ()Source
module Network.GnuTLS.GnuTLSMonad
module Network.GnuTLS.OID
module Network.GnuTLS.X509