Skip to content

Commit

Permalink
Use http-client-openssl instead of http-client-tls
Browse files Browse the repository at this point in the history
Using http-client-openssl that also handle the SSL_CERT_FILE environment variable

refs #99
  • Loading branch information
jfroche committed Dec 20, 2023
1 parent e2b81c8 commit aad6162
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 14 deletions.
35 changes: 22 additions & 13 deletions app/Main.hs
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,18 @@ import Data.Bifunctor (first)
import Data.HashMap.Strict (HashMap)
import Data.List (nubBy)
import Data.Text (Text, unpack)
import Network.Connection (TLSSettings(..))
import Network.HTTP.Client (defaultManagerSettings, ManagerSettings (managerConnCount))
import Network.HTTP.Conduit (Manager, newManager, mkManagerSettings)
import Network.HTTP.Client (ManagerSettings (managerConnCount))
import Network.HTTP.Conduit (Manager, newManager)
import Network.HTTP.Simple (HttpException(..), Request, Response,
defaultRequest, setRequestBodyJSON, setRequestHeader,
setRequestMethod, setRequestPort,
setRequestPath, setRequestHost, setRequestManager,
setRequestSecure, httpLBS, getResponseBody,
getResponseStatusCode)
import Network.HTTP.Client.OpenSSL (defaultMakeContext, defaultOpenSSLSettings,
opensslManagerSettings, osslSettingsVerifyMode)
import OpenSSL.Session (contextSetDefaultVerifyPaths,
VerificationMode (VerifyNone, VerifyPeer))
import System.Environment (getEnvironment)
import System.IO (BufferMode (LineBuffering), hSetBuffering, stderr, stdout)
import System.Posix.Process (executeFile)
Expand Down Expand Up @@ -298,16 +301,22 @@ getHttpManager opts = newManager $ applyConfig basicManagerSettings
-- Unless we use the unlimited flag, in that case, use the default value.
{ managerConnCount = if maxConnections > 0 then maxConnections else managerConnCount settings
}

basicManagerSettings = if getOptionsValue oConnectTls opts
then mkManagerSettings tlsSettings Nothing
else defaultManagerSettings
tlsSettings = TLSSettingsSimple
{ settingDisableCertificateValidation =
not $ getOptionsValue oValidateCerts opts
, settingDisableSession = False
, settingUseServerName = True
}
basicManagerSettings =
(opensslManagerSettings makeContext)
{ managerConnCount = maxConnections }
makeContext = do
context <- defaultMakeContext opensslSettings
contextSetDefaultVerifyPaths context
pure context
opensslSettings = defaultOpenSSLSettings
{ osslSettingsVerifyMode =
if not $ getOptionsValue oValidateCerts opts
then VerifyNone
else VerifyPeer
True -- verify the certificate chain
True -- verify the hostname
Nothing
}

-- | Main logic of our application.
--
Expand Down
1 change: 1 addition & 0 deletions nix/haskell-dependencies.nix
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ haskellPackages:
hspec-discover
hspec-expectations
http-client
http-client-openssl
http-conduit
megaparsec
optparse-applicative
Expand Down
4 changes: 3 additions & 1 deletion package.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,10 @@ dependencies:
- containers
- dotenv
- directory
- HsOpenSSL
- http-conduit
- http-client
- http-client-openssl
- megaparsec
- network-uri
- optparse-applicative
Expand All @@ -28,7 +30,7 @@ dependencies:
- utf8-string
- optparse-applicative

ghc-options: -Wall -Werror
ghc-options: -threaded -rtsopts -Wall -Werror

library:
source-dirs: src
Expand Down

0 comments on commit aad6162

Please sign in to comment.