Portability	non-portable (uses GHC extensions)
Maintainer	lemmih@gmail.com, jeremy@n-heptane.com
Safe Haskell	None

Data.Acid.Remote.TLS

Contents

Server/Client
Authentication

Description

This module provides the same functionality as Data.Acid.Remote but over a secured TLS socket.

Synopsis

Server/Client

acidServerTLS Source

Arguments

:: SafeCopy st
=> FilePath	path to ssl certificate
-> FilePath	path to ssl private key
-> (CommChannel -> IO Bool)	authorization function
-> PortID	port to list on
-> AcidState st	`AcidState` to serve
-> IO ()

Accept connections on port and handle requests using the given AcidState. This call doesn't return.

The connection is secured using TLS/SSL.

On Unix®-like systems you can useUnixSocket to communicate using a socket file. To control access, you can set the permissions of the parent directory which contains the socket file.

see also: openRemoteStateTLS and sharedSecretCheck.

openRemoteStateTLS Source

Arguments

:: IsAcidic st
=> (CommChannel -> IO ())	authentication function, see `sharedSecretPerform`
-> HostName	remote host to connect to (ignored when `PortID` is `UnixSocket`)
-> PortID	remote port to connect to
-> IO (AcidState st)

Connect to an acid-state server which is sharing an AcidState.

The connection is secured using SSL/TLS.

Authentication

skipAuthenticationCheck :: CommChannel -> IO Bool

skip server-side authentication checking entirely.

skipAuthenticationPerform :: CommChannel -> IO ()

skip client-side authentication entirely.

sharedSecretCheck

Arguments

:: Set ByteString	set of shared secrets
-> CommChannel
-> IO Bool

check that the client knows a shared secret.

The function takes a Set of shared secrets. If a client knows any of them, it is considered to be trusted.

The shared secret is any ByteString of your choice.

If you give each client a different shared secret then you can revoke access individually.