Copyright	Copyright © 2015 PivotCloud Inc.
License	MIT
Maintainer	Lars Kuhtz <lkuhtz@pivotmail.com>
Stability	experimental
Safe Haskell	None
Language	Haskell2010

Configuration.Utils.Internal.HttpsCertPolicy

Contents

HTTPS Certificate Validation Policy
HTTP Requests With Certificate Validation Policy

Description

This module provides means for defining and using HTTPS certificate validation polices for HTTPS requests.

HTTPS Certificate Validation Policy

data HttpsCertPolicy Source #

Constructors

HttpsCertPolicy
Fields _certPolicyInsecure :: !Bool disable certificate validation _certPolicyHostFingerprints :: !(HashMap ServiceID Fingerprint) a whitelist for services with trusted certificates

Instances

Eq HttpsCertPolicy Source #
Methods (==) :: HttpsCertPolicy -> HttpsCertPolicy -> Bool # (/=) :: HttpsCertPolicy -> HttpsCertPolicy -> Bool #
Show HttpsCertPolicy Source #
Methods showsPrec :: Int -> HttpsCertPolicy -> ShowS # show :: HttpsCertPolicy -> String # showList :: [HttpsCertPolicy] -> ShowS #

certPolicyInsecure :: Lens' HttpsCertPolicy Bool Source #

certPolicyHostFingerprints :: Lens' HttpsCertPolicy (HashMap ServiceID Fingerprint) Source #

defaultHttpsCertPolicy :: HttpsCertPolicy Source #

pHttpsCertPolicy Source #

Arguments

:: Text	prefix for the command line options
-> MParser HttpsCertPolicy

HTTP Requests With Certificate Validation Policy

simpleHttpWithValidationPolicy Source #

Arguments

:: Text	HTTP or HTTPS URL
-> HttpsCertPolicy
-> IO (Response ByteString)

Make an HTTP request with a given certificate validation policy.

NOTE that the HTTP request is strictly loaded into memory.

NOTE that this implementation opens a new TCP connection for each single request. HTTPS certificates validation results are not cached between different requests.

httpWithValidationPolicy :: Request -> HttpsCertPolicy -> IO (Response ByteString) Source #

newtype VerboseTlsException Source #

The Haskell tls library provides only limited means for providing user friendly error messages. In particular we'd like to provide the user with fingerprints of the reject certificate for self-signed certificates. Also we want to provide the user with some guidance what a particular failure may indicate with respect to security of the connection.

Here we employ a hack for better error handling: Based on the assumption that we initialize a new connection Manager and also a new certificate cache for each request, we write the certificate that is received from the server in the TLS handshake to an IORef. If the handshakes fails later on because the certificate is rejected we can recover the rejected certificate from the IORef.

What we really want are exceptions that can be consumed programatically. In particular exceptions should include rejected certificates.

Constructors

VerboseTlsException Text

Instances

Eq VerboseTlsException Source #
Methods (==) :: VerboseTlsException -> VerboseTlsException -> Bool # (/=) :: VerboseTlsException -> VerboseTlsException -> Bool #
Ord VerboseTlsException Source #
Methods compare :: VerboseTlsException -> VerboseTlsException -> Ordering # (<) :: VerboseTlsException -> VerboseTlsException -> Bool # (<=) :: VerboseTlsException -> VerboseTlsException -> Bool # (>) :: VerboseTlsException -> VerboseTlsException -> Bool # (>=) :: VerboseTlsException -> VerboseTlsException -> Bool # max :: VerboseTlsException -> VerboseTlsException -> VerboseTlsException # min :: VerboseTlsException -> VerboseTlsException -> VerboseTlsException #
Show VerboseTlsException Source #
Methods showsPrec :: Int -> VerboseTlsException -> ShowS # show :: VerboseTlsException -> String # showList :: [VerboseTlsException] -> ShowS #
Exception VerboseTlsException Source #
Methods toException :: VerboseTlsException -> SomeException # fromException :: SomeException -> Maybe VerboseTlsException # displayException :: VerboseTlsException -> String #