3f280e2d70
For some reason that I still don't know, when using state's default definition with libraries base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702 bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376 cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874 certificate-1.2.1-c61f160cdafc328081aeb08858403878 crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2 cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2 cryptohash-0.7.4-f6e253339d77757de756f81f77755b35 mtl-2.1-e90c46af21f3870cee46f6218510d29d I get <<loop>> for anything that uses the 'modify' function (which in turn is defined in terms of 'state'). In particular, I get it for 'startHandshakeClient' which is used in the beginning by all tls clients. For example, $ tls-simpleclient graph.facebook.com 443 tls-simpleclient: <<loop>> This commit fixes this bug. (This is a harmless commit in the sense that even if I don't know why this bug was happenning, it doesn't hurt to have an explicit definition of 'state' -- it may actually save a few nanoseconds here and there.) Conflicts: Network/TLS/State.hs |
||
---|---|---|
Network | ||
Tests | ||
.gitignore | ||
LICENSE | ||
README.md | ||
Setup.hs | ||
Tests.hs | ||
tls.cabal | ||
TODO |
haskell TLS
This library provide native Haskell TLS and SSL protocol implementation for server and client.
Description
This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.
Only core protocol available here, have a look at the tls-extra package for default ciphers, compressions and certificates functions.
Features
- tiny code base (more than 20 times smaller than openSSL, and 10 times smaller than gnuTLS)
- permissive license: BSD3.
- supported versions: SSL3, TLS1.0, TLS1.1, TLS1.2.
- key exchange supported: only RSA.
- bulk algorithm supported: any stream or block ciphers.
- supported extensions: secure renegociation, next protocol negotiation (draft 2)
Common Issues
The tools mentioned below are all available from the tls-debug package.
- Certificate issues
It's useful to run the following command, which will connect to the destination and retrieve the certificate chained used.
tls-retrievecertificate -d <destination> -p <port> -v -c
As an output it will print every certificates in the chain and will gives the issuer and subjects of each. It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:
(subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)
A "CA is unknown" error indicates that your system doesn't have a certificate in the trusted store belonging to any of the node of the chain.