configuration-tools-0.3.1: Tools for specifying and parsing configurations

CopyrightCopyright © 2015 PivotCloud Inc.
LicenseMIT
MaintainerLars Kuhtz <lkuhtz@pivotmail.com>
Stabilityexperimental
Safe HaskellNone
LanguageHaskell2010

Configuration.Utils.Internal.HttpsCertPolicy

Contents

Description

This module provides means for defining and using HTTPS certificate validation polices for HTTPS requests.

Synopsis

HTTPS Certificate Validation Policy

pHttpsCertPolicy Source #

Arguments

:: Text

prefix for the command line options

-> MParser HttpsCertPolicy 

HTTP Requests With Certificate Validation Policy

simpleHttpWithValidationPolicy Source #

Arguments

:: Text

HTTP or HTTPS URL

-> HttpsCertPolicy 
-> IO (Response ByteString) 

Make an HTTP request with a given certificate validation policy.

NOTE that the HTTP request is strictly loaded into memory.

NOTE that this implementation opens a new TCP connection for each single request. HTTPS certificates validation results are not cached between different requests.

newtype VerboseTlsException Source #

The Haskell tls library provides only limited means for providing user friendly error messages. In particular we'd like to provide the user with fingerprints of the reject certificate for self-signed certificates. Also we want to provide the user with some guidance what a particular failure may indicate with respect to security of the connection.

Here we employ a hack for better error handling: Based on the assumption that we initialize a new connection Manager and also a new certificate cache for each request, we write the certificate that is received from the server in the TLS handshake to an IORef. If the handshakes fails later on because the certificate is rejected we can recover the rejected certificate from the IORef.

What we really want are exceptions that can be consumed programatically. In particular exceptions should include rejected certificates.