yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
372 commits 1 branch 11 tags 1.7 MiB
Haskell 98.7%
Shell 1.3%
Find a file
Felipe Lessa 3f280e2d70 Define MonadState TLSSt's state function. 
For some reason that I still don't know, when using state's
default definition with libraries

         base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702
         bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376
         cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874
         certificate-1.2.1-c61f160cdafc328081aeb08858403878
         crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2
         cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2
         cryptohash-0.7.4-f6e253339d77757de756f81f77755b35
         mtl-2.1-e90c46af21f3870cee46f6218510d29d

I get <<loop>> for anything that uses the 'modify' function
(which in turn is defined in terms of 'state').  In particular, I
get it for 'startHandshakeClient' which is used in the beginning
by all tls clients.  For example,

  $ tls-simpleclient graph.facebook.com 443
  tls-simpleclient: <<loop>>

This commit fixes this bug.

(This is a harmless commit in the sense that even if I don't know
why this bug was happenning, it doesn't hurt to have an explicit
definition of 'state' -- it may actually save a few nanoseconds
here and there.)

Conflicts:

	Network/TLS/State.hs
2012-04-20 21:07:08 +01:00
Network Define MonadState TLSSt's state function. 2012-04-20 21:07:08 +01:00
Tests add a backend close operation. 2012-03-28 08:08:33 +01:00
.gitignore add extra stuff in gitignore. 2011-12-20 07:35:40 +00:00
LICENSE update LICENSE 2011-06-07 08:28:49 +01:00
README.md add some debug info 2012-04-20 21:05:46 +01:00
Setup.hs initial import 2010-09-09 22:47:19 +01:00
Tests.hs expand tabs in Tests 2012-03-28 08:06:13 +01:00
tls.cabal put a high bound for cryptocipher 2012-04-20 21:06:21 +01:00
TODO update documentation: TLS1.2 is working 2011-08-17 20:50:57 +01:00

README.md

haskell TLS

This library provide native Haskell TLS and SSL protocol implementation for server and client.

Description

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Only core protocol available here, have a look at the tls-extra package for default ciphers, compressions and certificates functions.

Features

  • tiny code base (more than 20 times smaller than openSSL, and 10 times smaller than gnuTLS)
  • permissive license: BSD3.
  • supported versions: SSL3, TLS1.0, TLS1.1, TLS1.2.
  • key exchange supported: only RSA.
  • bulk algorithm supported: any stream or block ciphers.
  • supported extensions: secure renegociation, next protocol negotiation (draft 2)

Common Issues

The tools mentioned below are all available from the tls-debug package.

  • Certificate issues

It's useful to run the following command, which will connect to the destination and retrieve the certificate chained used.

tls-retrievecertificate -d <destination> -p <port> -v -c

As an output it will print every certificates in the chain and will gives the issuer and subjects of each. It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:

(subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)

A "CA is unknown" error indicates that your system doesn't have a certificate in the trusted store belonging to any of the node of the chain.