| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Data.OpenSSLSetting
Description
Helpers for setting up a tls connection with HsOpenSSL package,
for further customization, please refer to HsOpenSSL package.
Note, functions in this module will throw error if can't load certificates or CA store.
- data TrustedCAStore :: *
- makeClientSSLContext :: TrustedCAStore -> IO SSLContext
- makeClientSSLContext' :: FilePath -> [FilePath] -> FilePath -> TrustedCAStore -> IO SSLContext
- makeServerSSLContext :: FilePath -> [FilePath] -> FilePath -> IO SSLContext
- makeServerSSLContext' :: FilePath -> [FilePath] -> FilePath -> TrustedCAStore -> IO SSLContext
choose a CAStore
data TrustedCAStore :: * #
The whole point of TLS is that: a peer should have already trusted
some certificates, which can be used for validating other peer's certificates.
if the certificates sent by other side form a chain. and one of them is issued
by one of TrustedCAStore, Then the peer will be trusted.
Constructors
| SystemCAStore | provided by your operating system. |
| MozillaCAStore | provided by Mozilla. |
| CustomCAStore FilePath | provided by your self, the CA file can contain multiple certificates. |
Instances
make TLS settings
Arguments
| :: TrustedCAStore | trusted certificates. |
| -> IO SSLContext |
make a simple SSLContext that will validate server and use tls connection
without providing client's own certificate. suitable for connecting server which don't
validate clients.
makeClientSSLContext' Source #
Arguments
| :: FilePath | public certificate (X.509 format). |
| -> [FilePath] | chain certificate (X.509 format). |
| -> FilePath | private key associated. |
| -> TrustedCAStore | server will use these certificates to validate clients. |
| -> IO SSLContext |
make a simple SSLContext that will validate server and use tls connection
while providing client's own certificate. suitable for connecting server which
validate clients.
The chain certificate must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.
Arguments
| :: FilePath | public certificate (X.509 format). |
| -> [FilePath] | chain certificate (X.509 format). |
| -> FilePath | private key associated. |
| -> IO SSLContext |
make a simple SSLContext for server without validating client's certificate.
makeServerSSLContext' Source #
Arguments
| :: FilePath | public certificate (X.509 format). |
| -> [FilePath] | chain certificates (X.509 format). |
| -> FilePath | private key associated. |
| -> TrustedCAStore | server will use these certificates to validate clients. |
| -> IO SSLContext |
make a SSLConext that also validating client's certificate.
This's an alias to makeClientSSLContext'.