Copyright | Will Thompson Iñaki García Etxebarria and Jonas Platte |
---|---|
License | LGPL-2.1 |
Maintainer | Iñaki García Etxebarria (inaki@blueleaf.cc) |
Safe Haskell | None |
Language | Haskell2010 |
TlsClientConnection
is the client-side subclass of
TlsConnection
, representing a client-side TLS connection.
Since: 2.28
Synopsis
- newtype TlsClientConnection = TlsClientConnection (ManagedPtr TlsClientConnection)
- noTlsClientConnection :: Maybe TlsClientConnection
- class (GObject o, IsDescendantOf TlsClientConnection o) => IsTlsClientConnection o
- toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection
- tlsClientConnectionCopySessionState :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsTlsClientConnection b) => a -> b -> m ()
- tlsClientConnectionGetAcceptedCas :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m [ByteString]
- tlsClientConnectionGetServerIdentity :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m SocketConnectable
- tlsClientConnectionGetUseSsl3 :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m Bool
- tlsClientConnectionGetValidationFlags :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m [TlsCertificateFlags]
- tlsClientConnectionNew :: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) => a -> Maybe b -> m TlsClientConnection
- tlsClientConnectionSetServerIdentity :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) => a -> b -> m ()
- tlsClientConnectionSetUseSsl3 :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> Bool -> m ()
- tlsClientConnectionSetValidationFlags :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> [TlsCertificateFlags] -> m ()
- getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()]
- constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o)
- getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable
- setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m ()
- constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o)
- getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool
- setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m ()
- constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o)
- getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags]
- setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m ()
Exported types
newtype TlsClientConnection Source #
Memory-managed wrapper type.
Instances
noTlsClientConnection :: Maybe TlsClientConnection Source #
A convenience alias for Nothing
:: Maybe
TlsClientConnection
.
class (GObject o, IsDescendantOf TlsClientConnection o) => IsTlsClientConnection o Source #
Type class for types which can be safely cast to TlsClientConnection
, for instance with toTlsClientConnection
.
Instances
(GObject o, IsDescendantOf TlsClientConnection o) => IsTlsClientConnection o Source # | |
Defined in GI.Gio.Interfaces.TlsClientConnection |
toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection Source #
Cast to TlsClientConnection
, for types for which this is known to be safe. For general casts, use castTo
.
Methods
copySessionState
tlsClientConnectionCopySessionState Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsTlsClientConnection b) | |
=> a |
|
-> b |
|
-> m () |
Copies session state from one connection to another. This is
not normally needed, but may be used when the same session
needs to be used between different endpoints as is required
by some protocols such as FTP over TLS. source
should have
already completed a handshake, and conn
should not have
completed a handshake.
Since: 2.46
getAcceptedCas
tlsClientConnectionGetAcceptedCas Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m [ByteString] | Returns: the list of
CA DNs. You should unref each element with |
Gets the list of distinguished names of the Certificate Authorities
that the server will accept certificates from. This will be set
during the TLS handshake if the server requests a certificate.
Otherwise, it will be Nothing
.
Each item in the list is a ByteArray
which contains the complete
subject DN of the certificate authority.
Since: 2.28
getServerIdentity
tlsClientConnectionGetServerIdentity Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m SocketConnectable | Returns: a |
Gets conn
's expected server identity
Since: 2.28
getUseSsl3
tlsClientConnectionGetUseSsl3 Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m Bool | Returns: whether |
Deprecated: (Since version 2.56)SSL 3.0 is insecure, and this function does notactually indicate whether it is enabled.
Gets whether conn
will force the lowest-supported TLS protocol
version rather than attempt to negotiate the highest mutually-
supported version of TLS; see tlsClientConnectionSetUseSsl3
.
Since: 2.28
getValidationFlags
tlsClientConnectionGetValidationFlags Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> m [TlsCertificateFlags] | Returns: the validation flags |
Gets conn
's validation flags
Since: 2.28
new
tlsClientConnectionNew Source #
:: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) | |
=> a |
|
-> Maybe b |
|
-> m TlsClientConnection | Returns: the new
|
Creates a new TlsClientConnection
wrapping baseIoStream
(which
must have pollable input and output streams) which is assumed to
communicate with the server identified by serverIdentity
.
See the documentation for TlsConnection
:base-io-stream
for restrictions
on when application code can run operations on the baseIoStream
after
this function has returned.
Since: 2.28
setServerIdentity
tlsClientConnectionSetServerIdentity Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) | |
=> a |
|
-> b |
|
-> m () |
Sets conn
's expected server identity, which is used both to tell
servers on virtual hosts which certificate to present, and also
to let conn
know what name to look for in the certificate when
performing TlsCertificateFlagsBadIdentity
validation, if enabled.
Since: 2.28
setUseSsl3
tlsClientConnectionSetUseSsl3 Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> Bool |
|
-> m () |
Deprecated: (Since version 2.56)SSL 3.0 is insecure, and this function does notgenerally enable or disable it, despite its name.
Since 2.42.1, if useSsl3
is True
, this forces conn
to use the
lowest-supported TLS protocol version rather than trying to properly
negotiate the highest mutually-supported protocol version with the
peer. Be aware that SSL 3.0 is generally disabled by the
TlsBackend
, so the lowest-supported protocol version is probably
not SSL 3.0.
Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to be sent to the server, causing modern TLS servers to immediately terminate the connection. You should generally only use this function if you need to connect to broken servers that exhibit TLS protocol version intolerance, and when an initial attempt to connect to a server normally has already failed.
Since: 2.28
setValidationFlags
tlsClientConnectionSetValidationFlags Source #
:: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
=> a |
|
-> [TlsCertificateFlags] |
|
-> m () |
Sets conn
's validation flags, to override the default set of
checks performed when validating a server certificate. By default,
TlsCertificateFlagsValidateAll
is used.
Since: 2.28
Properties
acceptedCas
A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.
Each item in the list is a ByteArray
which contains the complete
subject DN of the certificate authority.
Since: 2.28
getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()] Source #
Get the value of the “accepted-cas
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #acceptedCas
serverIdentity
A SocketConnectable
describing the identity of the server that
is expected on the other end of the connection.
If the TlsCertificateFlagsBadIdentity
flag is set in
TlsClientConnection
:validation-flags
, this object will be used
to determine the expected identify of the remote end of the
connection; if TlsClientConnection
:server-identity
is not set,
or does not match the identity presented by the server, then the
TlsCertificateFlagsBadIdentity
validation will fail.
In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.
Since: 2.28
constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “server-identity
” property. This is rarely needed directly, but it is used by new
.
getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable Source #
Get the value of the “server-identity
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #serverIdentity
setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m () Source #
Set the value of the “server-identity
” property.
When overloading is enabled, this is equivalent to
set
tlsClientConnection [ #serverIdentity:=
value ]
useSsl3
If True
, forces the connection to use a fallback version of TLS
or SSL, rather than trying to negotiate the best version of TLS
to use. See tlsClientConnectionSetUseSsl3
.
Since: 2.28
constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “use-ssl3
” property. This is rarely needed directly, but it is used by new
.
getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool Source #
Get the value of the “use-ssl3
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #useSsl3
setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m () Source #
Set the value of the “use-ssl3
” property.
When overloading is enabled, this is equivalent to
set
tlsClientConnection [ #useSsl3:=
value ]
validationFlags
What steps to perform when validating a certificate received from
a server. Server certificates that fail to validate in all of the
ways indicated here will be rejected unless the application
overrides the default via TlsConnection
::accept-certificate
.
Since: 2.28
constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “validation-flags
” property. This is rarely needed directly, but it is used by new
.
getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags] Source #
Get the value of the “validation-flags
” property.
When overloading is enabled, this is equivalent to
get
tlsClientConnection #validationFlags
setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m () Source #
Set the value of the “validation-flags
” property.
When overloading is enabled, this is equivalent to
set
tlsClientConnection [ #validationFlags:=
value ]