tcp-streams-1.0.1.0: One stop solution for tcp client and server with tls support.

Safe HaskellNone
LanguageHaskell2010

Data.TLSSetting

Contents

Description

Helpers for setting up a tls connection with tls package, for further customization, please refer to tls package.

Note, functions in this module will throw error if can't load certificates or CA store.

Synopsis

Choose a CAStore

data TrustedCAStore Source #

The whole point of TLS is that: a peer should have already trusted some certificates, which can be used for validating other peer's certificates. if the certificates sent by other side form a chain. and one of them is issued by one of TrustedCAStore, Then the peer will be trusted.

Constructors

SystemCAStore

provided by your operating system.

MozillaCAStore

provided by Mozilla.

CustomCAStore FilePath

provided by your self, the CA file can contain multiple certificates.

Make TLS settings

makeClientParams Source #

Arguments

:: TrustedCAStore

trusted certificates.

-> IO ClientParams 

make a simple tls ClientParams that will validate server and use tls connection without providing client's own certificate. suitable for connecting server which don't validate clients.

we defer setting of clientServerIdentification to connecting phase.

Note, tls's default validating method require server has v3 certificate. you can use openssl's V3 extension to issue such a certificate. or change ClientParams before connecting.

makeClientParams' Source #

Arguments

:: FilePath

public certificate (X.509 format).

-> [FilePath]

chain certificates (X.509 format). the root of your certificate chain should be already trusted by server, or tls will fail.

-> FilePath

private key associated.

-> TrustedCAStore

trusted certificates.

-> IO ClientParams 

make a simple tls ClientParams that will validate server and use tls connection while providing client's own certificate as well. suitable for connecting server which validate clients.

Also only accept v3 certificate.

makeServerParams Source #

Arguments

:: FilePath

public certificate (X.509 format).

-> [FilePath]

chain certificates (X.509 format). the root of your certificate chain should be already trusted by client, or tls will fail.

-> FilePath

private key associated.

-> IO ServerParams 

make a simple tls ServerParams without validating client's certificate.

makeServerParams' Source #

Arguments

:: FilePath

public certificate (X.509 format).

-> [FilePath]

chain certificates (X.509 format).

-> FilePath

private key associated.

-> TrustedCAStore

server will use these certificates to validate clients.

-> IO ServerParams 

make a tls ServerParams that also validating client's certificate.

Internal

mozillaCAStorePath :: IO FilePath Source #

Get the built-in mozilla CA's path.