Copyright | Will Thompson Iñaki García Etxebarria and Jonas Platte |
---|---|
License | LGPL-2.1 |
Maintainer | Iñaki García Etxebarria (garetxe@gmail.com) |
Safe Haskell | None |
Language | Haskell2010 |
TlsClientConnection
is the client-side subclass of
TlsConnection
, representing a client-side TLS connection.
Since: 2.28
- newtype TlsClientConnection = TlsClientConnection (ManagedPtr TlsClientConnection)
- noTlsClientConnection :: Maybe TlsClientConnection
- class GObject o => IsTlsClientConnection o
- toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection
- tlsClientConnectionCopySessionState :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsTlsClientConnection b) => a -> b -> m ()
- tlsClientConnectionGetAcceptedCas :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m [ByteString]
- tlsClientConnectionGetServerIdentity :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m SocketConnectable
- tlsClientConnectionGetUseSsl3 :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m Bool
- tlsClientConnectionGetValidationFlags :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m [TlsCertificateFlags]
- tlsClientConnectionNew :: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) => a -> Maybe b -> m TlsClientConnection
- tlsClientConnectionSetServerIdentity :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) => a -> b -> m ()
- tlsClientConnectionSetUseSsl3 :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> Bool -> m ()
- tlsClientConnectionSetValidationFlags :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> [TlsCertificateFlags] -> m ()
- getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()]
- constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o)
- getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable
- setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m ()
- constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o)
- getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool
- setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m ()
- constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o)
- getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags]
- setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m ()
Exported types
newtype TlsClientConnection Source #
Memory-managed wrapper type.
noTlsClientConnection :: Maybe TlsClientConnection Source #
A convenience alias for Nothing
:: Maybe
TlsClientConnection
.
class GObject o => IsTlsClientConnection o Source #
Type class for types which can be safely cast to TlsClientConnection
, for instance with toTlsClientConnection
.
toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection Source #
Cast to TlsClientConnection
, for types for which this is known to be safe. For general casts, use castTo
.
Methods
copySessionState
tlsClientConnectionCopySessionState Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsTlsClientConnection b) | |
=> a |
|
-> b |
|
-> m () |
Copies session state from one connection to another. This is
not normally needed, but may be used when the same session
needs to be used between different endpoints as is required
by some protocols such as FTP over TLS. source
should have
already completed a handshake, and conn
should not have
completed a handshake.
Since: 2.46
getAcceptedCas
tlsClientConnectionGetAcceptedCas Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m [ByteString] | Returns: the list of
CA DNs. You should unref each element with |
Gets the list of distinguished names of the Certificate Authorities
that the server will accept certificates from. This will be set
during the TLS handshake if the server requests a certificate.
Otherwise, it will be Nothing
.
Each item in the list is a ByteArray
which contains the complete
subject DN of the certificate authority.
Since: 2.28
getServerIdentity
tlsClientConnectionGetServerIdentity Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m SocketConnectable | Returns: a |
Gets conn
's expected server identity
Since: 2.28
getUseSsl3
tlsClientConnectionGetUseSsl3 Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m Bool | Returns: whether |
Gets whether conn
will use SSL 3.0 rather than the
highest-supported version of TLS; see
tlsClientConnectionSetUseSsl3
.
Since: 2.28
getValidationFlags
tlsClientConnectionGetValidationFlags Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m [TlsCertificateFlags] | Returns: the validation flags |
Gets conn
's validation flags
Since: 2.28
new
tlsClientConnectionNew Source #
:: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) | |
=> a |
|
-> Maybe b |
|
-> m TlsClientConnection | Returns: the new
|
Creates a new TlsClientConnection
wrapping baseIoStream
(which
must have pollable input and output streams) which is assumed to
communicate with the server identified by serverIdentity
.
See the documentation for TlsConnection
:base-io-stream
for restrictions
on when application code can run operations on the baseIoStream
after
this function has returned.
Since: 2.28
setServerIdentity
tlsClientConnectionSetServerIdentity Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) | |
=> a |
|
-> b |
|
-> m () |
Sets conn
's expected server identity, which is used both to tell
servers on virtual hosts which certificate to present, and also
to let conn
know what name to look for in the certificate when
performing TlsCertificateFlagsBadIdentity
validation, if enabled.
Since: 2.28
setUseSsl3
tlsClientConnectionSetUseSsl3 Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> Bool |
|
-> m () |
If useSsl3
is True
, this forces conn
to use SSL 3.0 rather than
trying to properly negotiate the right version of TLS or SSL to use.
This can be used when talking to servers that do not implement the
fallbacks correctly and which will therefore fail to handshake with
a "modern" TLS handshake attempt.
Since: 2.28
setValidationFlags
tlsClientConnectionSetValidationFlags Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> [TlsCertificateFlags] |
|
-> m () |
Sets conn
's validation flags, to override the default set of
checks performed when validating a server certificate. By default,
TlsCertificateFlagsValidateAll
is used.
Since: 2.28
Properties
acceptedCas
A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.
Each item in the list is a ByteArray
which contains the complete
subject DN of the certificate authority.
Since: 2.28
getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()] Source #
Get the value of the “accepted-cas
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #acceptedCas
serverIdentity
A SocketConnectable
describing the identity of the server that
is expected on the other end of the connection.
If the TlsCertificateFlagsBadIdentity
flag is set in
TlsClientConnection
:validation-flags
, this object will be used
to determine the expected identify of the remote end of the
connection; if TlsClientConnection
:server-identity
is not set,
or does not match the identity presented by the server, then the
TlsCertificateFlagsBadIdentity
validation will fail.
In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.
Since: 2.28
constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “server-identity
” property. This is rarely needed directly, but it is used by new
.
getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable Source #
Get the value of the “server-identity
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #serverIdentity
setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m () Source #
Set the value of the “server-identity
” property.
When overloading is enabled, this is equivalent to
set
tlsClientConnection [ #serverIdentity:=
value ]
useSsl3
If True
, tells the connection to use a fallback version of TLS
or SSL, rather than trying to negotiate the best version of TLS
to use. This can be used when talking to servers that don't
implement version negotiation correctly and therefore refuse to
handshake at all with a "modern" TLS handshake.
Despite the property name, the fallback version is not
necessarily SSL 3.0; if SSL 3.0 has been disabled, the
TlsClientConnection
will use the next highest available version
(normally TLS 1.0) as the fallback version.
Since: 2.28
constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “use-ssl3
” property. This is rarely needed directly, but it is used by new
.
getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool Source #
Get the value of the “use-ssl3
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #useSsl3
setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m () Source #
Set the value of the “use-ssl3
” property.
When overloading is enabled, this is equivalent to
set
tlsClientConnection [ #useSsl3:=
value ]
validationFlags
What steps to perform when validating a certificate received from
a server. Server certificates that fail to validate in all of the
ways indicated here will be rejected unless the application
overrides the default via TlsConnection
::accept-certificate
.
Since: 2.28
constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “validation-flags
” property. This is rarely needed directly, but it is used by new
.
getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags] Source #
Get the value of the “validation-flags
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #validationFlags
setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m () Source #
Set the value of the “validation-flags
” property.
When overloading is enabled, this is equivalent to
set
tlsClientConnection [ #validationFlags:=
value ]