| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Metro.TP.TLSSetting
Contents
Description
Helpers for setting up a tls connection with tls package,
for further customization, please refer to tls package.
Note, functions in this module will throw error if can't load certificates or CA store.
Synopsis
- makeClientParams :: FilePath -> ServiceID -> IO ClientParams
- makeClientParams' :: FilePath -> [FilePath] -> FilePath -> FilePath -> ServiceID -> IO ClientParams
- makeServerParams :: FilePath -> [FilePath] -> FilePath -> IO ServerParams
- makeServerParams' :: FilePath -> [FilePath] -> FilePath -> FilePath -> IO ServerParams
Make TLS settings
Arguments
| :: FilePath | trusted certificates. |
| -> ServiceID | |
| -> IO ClientParams |
make a simple tls ClientParams that will validate server and use tls connection
without providing client's own certificate. suitable for connecting server which don't
validate clients.
we defer setting of clientServerIdentification to connecting phase.
Note, tls's default validating method require server has v3 certificate.
you can use openssl's V3 extension to issue such a certificate. or change ClientParams
before connecting.
Arguments
| :: FilePath | public certificate (X.509 format). |
| -> [FilePath] | chain certificates (X.509 format). the root of your certificate chain should be already trusted by server, or tls will fail. |
| -> FilePath | private key associated. |
| -> FilePath | trusted certificates. |
| -> ServiceID | |
| -> IO ClientParams |
make a simple tls ClientParams that will validate server and use tls connection
while providing client's own certificate as well. suitable for connecting server which
validate clients.
Also only accept v3 certificate.
Arguments
| :: FilePath | public certificate (X.509 format). |
| -> [FilePath] | chain certificates (X.509 format). the root of your certificate chain should be already trusted by client, or tls will fail. |
| -> FilePath | private key associated. |
| -> IO ServerParams |
make a simple tls ServerParams without validating client's certificate.
Arguments
| :: FilePath | public certificate (X.509 format). |
| -> [FilePath] | chain certificates (X.509 format). |
| -> FilePath | private key associated. |
| -> FilePath | server will use these certificates to validate clients. |
| -> IO ServerParams |
make a tls ServerParams that also validating client's certificate.