module Data.OpenSSLSetting
(
TrustedCAStore(..)
, makeClientSSLContext
, makeClientSSLContext'
, makeServerSSLContext
, makeServerSSLContext'
) where
import qualified OpenSSL.X509.SystemStore as X509
import qualified OpenSSL.Session as SSL
import OpenSSL (withOpenSSL)
import Data.TLSSetting (TrustedCAStore(..), mozillaCAStorePath)
makeCAStore :: TrustedCAStore -> SSL.SSLContext -> IO ()
makeCAStore SystemCAStore ctx = X509.contextLoadSystemCerts ctx
makeCAStore MozillaCAStore ctx = SSL.contextSetCAFile ctx =<< mozillaCAStorePath
makeCAStore (CustomCAStore fp) ctx = SSL.contextSetCAFile ctx fp
makeClientSSLContext :: TrustedCAStore
-> IO SSL.SSLContext
makeClientSSLContext tca = withOpenSSL $ do
let caStore = makeCAStore tca
ctx <- SSL.context
caStore ctx
SSL.contextSetDefaultCiphers ctx
SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)
return ctx
makeClientSSLContext' :: FilePath
-> [FilePath]
-> FilePath
-> TrustedCAStore
-> IO SSL.SSLContext
makeClientSSLContext' pub certs priv tca = withOpenSSL $ do
let caStore = makeCAStore tca
ctx <- SSL.context
caStore ctx
SSL.contextSetDefaultCiphers ctx
SSL.contextSetCertificateFile ctx pub
SSL.contextSetPrivateKeyFile ctx priv
mapM_ (SSL.contextSetCertificateChainFile ctx) certs
SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)
return ctx
makeServerSSLContext :: FilePath
-> [FilePath]
-> FilePath
-> IO SSL.SSLContext
makeServerSSLContext pub certs priv = withOpenSSL $ do
ctx <- SSL.context
SSL.contextSetDefaultCiphers ctx
SSL.contextSetCertificateFile ctx pub
SSL.contextSetPrivateKeyFile ctx priv
mapM_ (SSL.contextSetCertificateChainFile ctx) certs
return ctx
makeServerSSLContext' :: FilePath
-> [FilePath]
-> FilePath
-> TrustedCAStore
-> IO SSL.SSLContext
makeServerSSLContext' = makeClientSSLContext'