| Copyright | Copyright © 2015 PivotCloud Inc. |
|---|---|
| License | MIT |
| Maintainer | Lars Kuhtz <lkuhtz@pivotmail.com> |
| Stability | experimental |
| Safe Haskell | None |
| Language | Haskell2010 |
Configuration.Utils.Internal.HttpsCertPolicy
Description
This module provides means for defining and using HTTPS certificate validation polices for HTTPS requests.
Synopsis
- data HttpsCertPolicy = HttpsCertPolicy {}
- certPolicyInsecure :: Lens' HttpsCertPolicy Bool
- certPolicyHostFingerprints :: Lens' HttpsCertPolicy (HashMap ServiceID Fingerprint)
- defaultHttpsCertPolicy :: HttpsCertPolicy
- pHttpsCertPolicy :: Text -> MParser HttpsCertPolicy
- simpleHttpWithValidationPolicy :: Text -> HttpsCertPolicy -> IO (Response ByteString)
- httpWithValidationPolicy :: Request -> HttpsCertPolicy -> IO (Response ByteString)
- newtype VerboseTlsException = VerboseTlsException Text
HTTPS Certificate Validation Policy
data HttpsCertPolicy Source #
Constructors
| HttpsCertPolicy | |
Fields
| |
Instances
| Eq HttpsCertPolicy Source # | |
Defined in Configuration.Utils.Internal.HttpsCertPolicy Methods (==) :: HttpsCertPolicy -> HttpsCertPolicy -> Bool # (/=) :: HttpsCertPolicy -> HttpsCertPolicy -> Bool # | |
| Show HttpsCertPolicy Source # | |
Defined in Configuration.Utils.Internal.HttpsCertPolicy Methods showsPrec :: Int -> HttpsCertPolicy -> ShowS # show :: HttpsCertPolicy -> String # showList :: [HttpsCertPolicy] -> ShowS # | |
Arguments
| :: Text | prefix for the command line options |
| -> MParser HttpsCertPolicy |
HTTP Requests With Certificate Validation Policy
simpleHttpWithValidationPolicy Source #
Arguments
| :: Text | HTTP or HTTPS URL |
| -> HttpsCertPolicy | |
| -> IO (Response ByteString) |
Make an HTTP request with a given certificate validation policy.
NOTE that the HTTP request is strictly loaded into memory.
NOTE that this implementation opens a new TCP connection for each single request. HTTPS certificates validation results are not cached between different requests.
newtype VerboseTlsException Source #
The Haskell tls library provides only limited means for providing
user friendly error messages. In particular we'd like to provide the
user with fingerprints of the reject certificate for self-signed
certificates. Also we want to provide the user with some guidance what
a particular failure may indicate with respect to security of the
connection.
Here we employ a hack for better error handling: Based on the assumption
that we initialize a new connection Manager and also a new certificate
cache for each request, we write the certificate that is received
from the server in the TLS handshake to an IORef. If the handshakes
fails later on because the certificate is rejected we can recover the
rejected certificate from the IORef.
What we really want are exceptions that can be consumed programatically. In particular exceptions should include rejected certificates.
Constructors
| VerboseTlsException Text |