From aad6162af0f8d7c895b844e63619776a205bf6a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Wed, 20 Dec 2023 22:54:39 +0100 Subject: [PATCH] Use http-client-openssl instead of http-client-tls Using http-client-openssl that also handle the SSL_CERT_FILE environment variable refs #99 --- app/Main.hs | 35 ++++++++++++++++++++++------------- nix/haskell-dependencies.nix | 1 + package.yaml | 4 +++- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/app/Main.hs b/app/Main.hs index 35e90d3..bfc5ced 100755 --- a/app/Main.hs +++ b/app/Main.hs @@ -14,15 +14,18 @@ import Data.Bifunctor (first) import Data.HashMap.Strict (HashMap) import Data.List (nubBy) import Data.Text (Text, unpack) -import Network.Connection (TLSSettings(..)) -import Network.HTTP.Client (defaultManagerSettings, ManagerSettings (managerConnCount)) -import Network.HTTP.Conduit (Manager, newManager, mkManagerSettings) +import Network.HTTP.Client (ManagerSettings (managerConnCount)) +import Network.HTTP.Conduit (Manager, newManager) import Network.HTTP.Simple (HttpException(..), Request, Response, defaultRequest, setRequestBodyJSON, setRequestHeader, setRequestMethod, setRequestPort, setRequestPath, setRequestHost, setRequestManager, setRequestSecure, httpLBS, getResponseBody, getResponseStatusCode) +import Network.HTTP.Client.OpenSSL (defaultMakeContext, defaultOpenSSLSettings, + opensslManagerSettings, osslSettingsVerifyMode) +import OpenSSL.Session (contextSetDefaultVerifyPaths, + VerificationMode (VerifyNone, VerifyPeer)) import System.Environment (getEnvironment) import System.IO (BufferMode (LineBuffering), hSetBuffering, stderr, stdout) import System.Posix.Process (executeFile) @@ -298,16 +301,22 @@ getHttpManager opts = newManager $ applyConfig basicManagerSettings -- Unless we use the unlimited flag, in that case, use the default value. { managerConnCount = if maxConnections > 0 then maxConnections else managerConnCount settings } - - basicManagerSettings = if getOptionsValue oConnectTls opts - then mkManagerSettings tlsSettings Nothing - else defaultManagerSettings - tlsSettings = TLSSettingsSimple - { settingDisableCertificateValidation = - not $ getOptionsValue oValidateCerts opts - , settingDisableSession = False - , settingUseServerName = True - } + basicManagerSettings = + (opensslManagerSettings makeContext) + { managerConnCount = maxConnections } + makeContext = do + context <- defaultMakeContext opensslSettings + contextSetDefaultVerifyPaths context + pure context + opensslSettings = defaultOpenSSLSettings + { osslSettingsVerifyMode = + if not $ getOptionsValue oValidateCerts opts + then VerifyNone + else VerifyPeer + True -- verify the certificate chain + True -- verify the hostname + Nothing + } -- | Main logic of our application. -- diff --git a/nix/haskell-dependencies.nix b/nix/haskell-dependencies.nix index e702e7f..bb77128 100644 --- a/nix/haskell-dependencies.nix +++ b/nix/haskell-dependencies.nix @@ -15,6 +15,7 @@ haskellPackages: hspec-discover hspec-expectations http-client + http-client-openssl http-conduit megaparsec optparse-applicative diff --git a/package.yaml b/package.yaml index e055657..e504c71 100644 --- a/package.yaml +++ b/package.yaml @@ -15,8 +15,10 @@ dependencies: - containers - dotenv - directory + - HsOpenSSL - http-conduit - http-client + - http-client-openssl - megaparsec - network-uri - optparse-applicative @@ -28,7 +30,7 @@ dependencies: - utf8-string - optparse-applicative -ghc-options: -Wall -Werror +ghc-options: -threaded -rtsopts -Wall -Werror library: source-dirs: src