commit ghc-warp-tls for openSUSE:Factory

root Fri, 21 Jul 2017 13:48:35 -0700

Hello community,

here is the log from the commit of package ghc-warp-tls for openSUSE:Factory 
checked in at 2017-07-21 22:48:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
 and      /work/SRC/openSUSE:Factory/.ghc-warp-tls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ghc-warp-tls"

Fri Jul 21 22:48:16 2017 rev:5 rq:511248 version:3.2.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes        
2017-02-22 13:53:41.354995817 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new/ghc-warp-tls.changes   
2017-07-21 22:48:19.921761005 +0200
@@ -1,0 +2,5 @@
+Tue Jul 11 03:02:25 UTC 2017 - [email protected]
+
+- Update to version 3.2.4.
+
+-------------------------------------------------------------------

Old:
----
  warp-tls-3.2.3.tar.gz

New:
----
  warp-tls-3.2.4.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ghc-warp-tls.spec ++++++
--- /var/tmp/diff_new_pack.6WtT5W/_old  2017-07-21 22:48:22.161445070 +0200
+++ /var/tmp/diff_new_pack.6WtT5W/_new  2017-07-21 22:48:22.161445070 +0200
@@ -18,7 +18,7 @@
 
 %global pkg_name warp-tls
 Name:           ghc-%{pkg_name}
-Version:        3.2.3
+Version:        3.2.4
 Release:        0
 Summary:        HTTP over TLS support for Warp via the TLS package
 License:        MIT
@@ -33,6 +33,7 @@
 BuildRequires:  ghc-rpm-macros
 BuildRequires:  ghc-streaming-commons-devel
 BuildRequires:  ghc-tls-devel
+BuildRequires:  ghc-tls-session-manager-devel
 BuildRequires:  ghc-wai-devel
 BuildRequires:  ghc-warp-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

++++++ warp-tls-3.2.3.tar.gz -> warp-tls-3.2.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/warp-tls-3.2.3/Network/Wai/Handler/WarpTLS.hs 
new/warp-tls-3.2.4/Network/Wai/Handler/WarpTLS.hs
--- old/warp-tls-3.2.3/Network/Wai/Handler/WarpTLS.hs   2017-01-27 
04:25:50.000000000 +0100
+++ new/warp-tls-3.2.4/Network/Wai/Handler/WarpTLS.hs   2017-07-04 
04:48:27.000000000 +0200
@@ -31,6 +31,7 @@
     , tlsWantClientCert
     , tlsServerHooks
     , tlsServerDHEParams
+    , tlsSessionManagerConfig
     , onInsecure
     , OnInsecure (..)
     -- * Runner
@@ -60,6 +61,7 @@
 import qualified Network.TLS as TLS
 import qualified Crypto.PubKey.DH as DH
 import qualified Network.TLS.Extra as TLSExtra
+import qualified Network.TLS.SessionManager as SM
 import Network.Wai (Application)
 import Network.Wai.Handler.Warp
 import Network.Wai.Handler.Warp.Internal
@@ -102,7 +104,7 @@
     -- ^ The TLS ciphers this server accepts.
     --
     -- >>> tlsCiphers defaultTlsSettings
-    -- 
[ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA1,DHE-RSA-AES128-SHA1,DHE-DSA-AES128-SHA1,DHE-DSA-AES256-SHA1,RSA-aes128-sha1,RSA-aes256-sha1]
+    -- 
[ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1]
     --
     -- Since 1.4.2
   , tlsWantClientCert :: Bool
@@ -129,6 +131,15 @@
     -- Default: Nothing
     --
     -- Since 3.2.2
+  , tlsSessionManagerConfig :: Maybe SM.Config
+    -- ^ Configuration for in-memory TLS session manager.
+    -- If Nothing, 'TLS.noSessionManager' is used.
+    -- Otherwise, an in-memory TLS session manager is created
+    -- according to 'Config'.
+    --
+    -- Default: Nothing
+    --
+    -- Since 3.2.4
   }
 
 -- | Default 'TLSSettings'. Use this to create 'TLSSettings' with the field 
record name (aka accessors).
@@ -147,24 +158,12 @@
   , tlsWantClientCert = False
   , tlsServerHooks = def
   , tlsServerDHEParams = Nothing
+  , tlsSessionManagerConfig = Nothing
   }
 
 -- taken from stunnel example in tls-extra
 ciphers :: [TLS.Cipher]
-ciphers =
-    [ TLSExtra.cipher_ECDHE_RSA_AES128GCM_SHA256
-    , TLSExtra.cipher_ECDHE_RSA_AES128CBC_SHA256
-    , TLSExtra.cipher_ECDHE_RSA_AES128CBC_SHA
-    , TLSExtra.cipher_DHE_RSA_AES128GCM_SHA256
-    , TLSExtra.cipher_DHE_RSA_AES256_SHA256
-    , TLSExtra.cipher_DHE_RSA_AES128_SHA256
-    , TLSExtra.cipher_DHE_RSA_AES256_SHA1
-    , TLSExtra.cipher_DHE_RSA_AES128_SHA1
-    , TLSExtra.cipher_DHE_DSS_AES128_SHA1
-    , TLSExtra.cipher_DHE_DSS_AES256_SHA1
-    , TLSExtra.cipher_AES128_SHA1
-    , TLSExtra.cipher_AES256_SHA1
-    ]
+ciphers = TLSExtra.ciphersuite_strong
 
 ----------------------------------------------------------------
 
@@ -252,10 +251,13 @@
             key <- maybe (S.readFile keyFile) return mkey
             either error return $
               TLS.credentialLoadX509ChainFromMemory cert chainCertsMemory key
-    runTLSSocket' tlsset set credential sock app
+    mgr <- case tlsSessionManagerConfig of
+      Nothing     -> return TLS.noSessionManager
+      Just config -> SM.newSessionManager config
+    runTLSSocket' tlsset set credential mgr sock app
 
-runTLSSocket' :: TLSSettings -> Settings -> TLS.Credential -> Socket -> 
Application -> IO ()
-runTLSSocket' tlsset@TLSSettings{..} set credential sock app =
+runTLSSocket' :: TLSSettings -> Settings -> TLS.Credential -> 
TLS.SessionManager -> Socket -> Application -> IO ()
+runTLSSocket' tlsset@TLSSettings{..} set credential mgr sock app =
     runSettingsConnectionMakerSecure set get app
   where
     get = getter tlsset sock params
@@ -273,20 +275,13 @@
           (if settingsHTTP2Enabled set then Just alpn else Nothing)
       }
     shared = def {
-        TLS.sharedCredentials = TLS.Credentials [credential]
+        TLS.sharedCredentials    = TLS.Credentials [credential]
+      , TLS.sharedSessionManager = mgr
       }
     supported = def { -- TLS.Supported
         TLS.supportedVersions       = tlsAllowedVersions
       , TLS.supportedCiphers        = tlsCiphers
       , TLS.supportedCompressions   = [TLS.nullCompression]
-      , TLS.supportedHashSignatures = [
-          -- Safari 8 and go tls have bugs on SHA 512 and SHA 384.
-          -- So, we don't specify them here at this moment.
-          (TLS.HashSHA256, TLS.SignatureRSA)
-        , (TLS.HashSHA224, TLS.SignatureRSA)
-        , (TLS.HashSHA1,   TLS.SignatureRSA)
-        , (TLS.HashSHA1,   TLS.SignatureDSS)
-        ]
       , TLS.supportedSecureRenegotiation = True
       , TLS.supportedClientInitiatedRenegotiation = False
       , TLS.supportedSession             = True
@@ -296,9 +291,6 @@
 alpn :: [S.ByteString] -> IO S.ByteString
 alpn xs
   | "h2"    `elem` xs = return "h2"
-  | "h2-16" `elem` xs = return "h2-16"
-  | "h2-15" `elem` xs = return "h2-15"
-  | "h2-14" `elem` xs = return "h2-14"
   | otherwise         = return "http/1.1"
 
 ----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/warp-tls-3.2.3/warp-tls.cabal 
new/warp-tls-3.2.4/warp-tls.cabal
--- old/warp-tls-3.2.3/warp-tls.cabal   2017-01-27 04:25:50.000000000 +0100
+++ new/warp-tls-3.2.4/warp-tls.cabal   2017-07-04 04:48:27.000000000 +0200
@@ -1,5 +1,5 @@
 Name:                warp-tls
-Version:             3.2.3
+Version:             3.2.4
 Synopsis:            HTTP over TLS support for Warp via the TLS package
 License:             MIT
 License-file:        LICENSE
@@ -23,10 +23,11 @@
                    , wai                           >= 3.2      && < 3.3
                    , warp                          >= 3.2.10   && < 3.3
                    , data-default-class            >= 0.0.1
-                   , tls                           >= 1.3.5
+                   , tls                           >= 1.3.10
                    , cryptonite                    >= 0.12
                    , network                       >= 2.2.1
                    , streaming-commons
+                   , tls-session-manager
   Exposed-modules:   Network.Wai.Handler.WarpTLS
   ghc-options:       -Wall

commit ghc-warp-tls for openSUSE:Factory

Reply via email to