module Happstack.Server.Internal.TLS where
#ifdef DISABLE_HTTPS
import Network.Socket (Socket)
#else
import Control.Monad (when)
import Happstack.Server.Internal.Socket (acceptLite)
import Network.Socket (HostName, PortNumber, Socket)
import OpenSSL.Session (SSL, SSLContext)
import qualified OpenSSL.Session as SSL
#endif
data TLSConf = TLSConf {
tlsPort :: Int
, tlsCert :: FilePath
, tlsKey :: FilePath
}
#ifdef DISABLE_HTTPS
data HTTPS = HTTPS
httpsOnSocket :: FilePath
-> FilePath
-> Socket
-> IO HTTPS
httpsOnSocket = error "happstack-server was compiled with disable_https."
#else
data HTTPS = HTTPS
{ httpsSocket :: Socket
, sslContext :: SSLContext
}
httpsOnSocket :: FilePath
-> FilePath
-> Socket
-> IO HTTPS
httpsOnSocket cert key socket =
do ctx <- SSL.context
SSL.contextSetPrivateKeyFile ctx key
SSL.contextSetCertificateFile ctx cert
SSL.contextSetDefaultCiphers ctx
b <- SSL.contextCheckPrivateKey ctx
when (not b) $ error $ "OpenTLS certificate and key do not match."
return (HTTPS socket ctx)
acceptTLS :: HTTPS -> IO (SSL, HostName, PortNumber)
acceptTLS (HTTPS sck' ctx) =
do
(sck, peer, port) <- acceptLite sck'
ssl <- SSL.connection ctx sck
SSL.accept ssl
return (ssl, peer, port)
#endif