Hello community, here is the log from the commit of package ghc-warp-tls for openSUSE:Factory checked in at 2020-07-09 13:19:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-warp-tls" Thu Jul 9 13:19:46 2020 rev:2 rq:819594 version:3.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes 2020-06-19 17:05:52.256888546 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.3060/ghc-warp-tls.changes 2020-07-09 13:20:16.945443098 +0200 @@ -1,0 +2,10 @@ +Fri Jun 26 02:00:24 UTC 2020 - [email protected] + +- Update warp-tls to version 3.3.0. + ## 3.3.0 + + * Breaking changes: certFile and keyFile are not exported anymore. + * Allow TLS credentials to be retrieved from an IORef. + [#806](https://github.com/yesodweb/wai/pull/806) + +------------------------------------------------------------------- Old: ---- warp-tls-3.2.12.tar.gz New: ---- warp-tls-3.3.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-warp-tls.spec ++++++ --- /var/tmp/diff_new_pack.WmCE1a/_old 2020-07-09 13:20:17.585445120 +0200 +++ /var/tmp/diff_new_pack.WmCE1a/_new 2020-07-09 13:20:17.589445134 +0200 @@ -18,7 +18,7 @@ %global pkg_name warp-tls Name: ghc-%{pkg_name} -Version: 3.2.12 +Version: 3.3.0 Release: 0 Summary: HTTP over TLS support for Warp via the TLS package License: MIT ++++++ warp-tls-3.2.12.tar.gz -> warp-tls-3.3.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.2.12/ChangeLog.md new/warp-tls-3.3.0/ChangeLog.md --- old/warp-tls-3.2.12/ChangeLog.md 2020-05-28 03:18:01.000000000 +0200 +++ new/warp-tls-3.3.0/ChangeLog.md 2020-06-25 03:58:59.000000000 +0200 @@ -1,3 +1,9 @@ +## 3.3.0 + +* Breaking changes: certFile and keyFile are not exported anymore. +* Allow TLS credentials to be retrieved from an IORef. + [#806](https://github.com/yesodweb/wai/pull/806) + ## 3.2.12 * A config field: tlsCredentials and tlsSessionManager. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.2.12/Network/Wai/Handler/WarpTLS.hs new/warp-tls-3.3.0/Network/Wai/Handler/WarpTLS.hs --- old/warp-tls-3.2.12/Network/Wai/Handler/WarpTLS.hs 2020-05-28 03:18:01.000000000 +0200 +++ new/warp-tls-3.3.0/Network/Wai/Handler/WarpTLS.hs 2020-06-25 03:58:59.000000000 +0200 @@ -13,17 +13,23 @@ -- Support for SSL is now obsoleted. module Network.Wai.Handler.WarpTLS ( + -- * Runner + runTLS + , runTLSSocket -- * Settings - TLSSettings + , TLSSettings , defaultTlsSettings -- * Smart constructors + -- ** From files , tlsSettings - , tlsSettingsMemory , tlsSettingsChain + -- ** From memory + , tlsSettingsMemory , tlsSettingsChainMemory + -- ** From references + , tlsSettingsRef + , tlsSettingsChainRef -- * Accessors - , certFile - , keyFile , tlsCredentials , tlsLogging , tlsAllowedVersions @@ -35,11 +41,12 @@ , tlsSessionManager , onInsecure , OnInsecure (..) - -- * Runner - , runTLS - , runTLSSocket -- * Exception , WarpTLSException (..) + -- * DH parameters (re-exports) + -- + -- | This custom DH parameters are not necessary anymore because + -- pre-defined DH parameters are supported in the TLS package. , DH.Params , DH.generateParams ) where @@ -71,17 +78,29 @@ ---------------------------------------------------------------- +-- | Determines where to load the certificate, chain +-- certificates, and key from. +data CertSettings + = CertFromFile !FilePath ![FilePath] !FilePath + | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString + | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef S.ByteString) + +-- | The default 'CertSettings'. +defaultCertSettings :: CertSettings +defaultCertSettings = CertFromFile "certificate.pem" [] "key.pem" + +---------------------------------------------------------------- + -- | Settings for WarpTLS. data TLSSettings = TLSSettings { - certFile :: FilePath - -- ^ File containing the certificate. - , chainCertFiles :: [FilePath] - -- ^ Files containing chain certificates. - , keyFile :: FilePath - -- ^ File containing the key - , certMemory :: Maybe S.ByteString - , chainCertsMemory :: [S.ByteString] - , keyMemory :: Maybe S.ByteString + certSettings :: CertSettings + -- ^ Where are the certificate, chain certificates, and key + -- loaded from? + -- + -- >>> certSettings defaultTlsSettings + -- tlsSettings "certificate.pem" "key.pem" + -- + -- @since 3.3.0 , onInsecure :: OnInsecure -- ^ Do we allow insecure connections with this server as well? -- @@ -175,12 +194,7 @@ -- | Default 'TLSSettings'. Use this to create 'TLSSettings' with the field record name (aka accessors). defaultTlsSettings :: TLSSettings defaultTlsSettings = TLSSettings { - certFile = "certificate.pem" - , chainCertFiles = [] - , keyFile = "key.pem" - , certMemory = Nothing - , chainCertsMemory = [] - , keyMemory = Nothing + certSettings = defaultCertSettings , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections." , tlsLogging = def #if MIN_VERSION_tls(1,5,0) @@ -215,8 +229,7 @@ -> FilePath -- ^ Key file -> TLSSettings tlsSettings cert key = defaultTlsSettings { - certFile = cert - , keyFile = key + certSettings = CertFromFile cert [] key } -- | A smart constructor for 'TLSSettings' that allows specifying @@ -229,9 +242,7 @@ -> FilePath -- ^ Key file -> TLSSettings tlsSettingsChain cert chainCerts key = defaultTlsSettings { - certFile = cert - , chainCertFiles = chainCerts - , keyFile = key + certSettings = CertFromFile cert chainCerts key } -- | A smart constructor for 'TLSSettings', but uses in-memory representations @@ -242,10 +253,9 @@ :: S.ByteString -- ^ Certificate bytes -> S.ByteString -- ^ Key bytes -> TLSSettings -tlsSettingsMemory cert key = defaultTlsSettings - { certMemory = Just cert - , keyMemory = Just key - } +tlsSettingsMemory cert key = defaultTlsSettings { + certSettings = CertFromMemory cert [] key + } -- | A smart constructor for 'TLSSettings', but uses in-memory representations -- of the certificate and key based on 'defaultTlsSettings'. @@ -256,11 +266,34 @@ -> [S.ByteString] -- ^ Chain certificate bytes -> S.ByteString -- ^ Key bytes -> TLSSettings -tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings - { certMemory = Just cert - , chainCertsMemory = chainCerts - , keyMemory = Just key - } +tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings { + certSettings = CertFromMemory cert chainCerts key + } + +-- | A smart constructor for 'TLSSettings', but uses references to in-memory +-- representations of the certificate and key based on 'defaultTlsSettings'. +-- +-- @since 3.3.0 +tlsSettingsRef + :: I.IORef S.ByteString -- ^ Reference to certificate bytes + -> I.IORef (S.ByteString) -- ^ Reference to key bytes + -> TLSSettings +tlsSettingsRef cert key = defaultTlsSettings { + certSettings = CertFromRef cert [] key + } + +-- | A smart constructor for 'TLSSettings', but uses references to in-memory +-- representations of the certificate and key based on 'defaultTlsSettings'. +-- +-- @since 3.3.0 +tlsSettingsChainRef + :: I.IORef S.ByteString -- ^ Reference to certificate bytes + -> [I.IORef S.ByteString] -- ^ Reference to chain certificate bytes + -> I.IORef (S.ByteString) -- ^ Reference to key bytes + -> TLSSettings +tlsSettingsChainRef cert chainCerts key = defaultTlsSettings { + certSettings = CertFromRef cert chainCerts key + } ---------------------------------------------------------------- @@ -276,15 +309,19 @@ loadCredentials :: TLSSettings -> IO TLS.Credentials loadCredentials TLSSettings{ tlsCredentials = Just creds } = return creds -loadCredentials TLSSettings{..} = case (certMemory, keyMemory) of - (Nothing, Nothing) -> do - cred <- either error id <$> TLS.credentialLoadX509Chain certFile chainCertFiles keyFile - return $ TLS.Credentials [cred] - (mcert, mkey) -> do - cert <- maybe (S.readFile certFile) return mcert - key <- maybe (S.readFile keyFile) return mkey - cred <- either error return $ TLS.credentialLoadX509ChainFromMemory cert chainCertsMemory key - return $ TLS.Credentials [cred] +loadCredentials TLSSettings{..} = case certSettings of + CertFromFile cert chainFiles key -> do + cred <- either error id <$> TLS.credentialLoadX509Chain cert chainFiles key + return $ TLS.Credentials [cred] + CertFromRef certRef chainCertsRef keyRef -> do + cert <- I.readIORef certRef + chainCerts <- mapM I.readIORef chainCertsRef + key <- I.readIORef keyRef + cred <- either error return $ TLS.credentialLoadX509ChainFromMemory cert chainCerts key + return $ TLS.Credentials [cred] + CertFromMemory certMemory chainCertsMemory keyMemory -> do + cred <- either error return $ TLS.credentialLoadX509ChainFromMemory certMemory chainCertsMemory keyMemory + return $ TLS.Credentials [cred] getSessionManager :: TLSSettings -> IO TLS.SessionManager getSessionManager TLSSettings{ tlsSessionManager = Just mgr } = return mgr @@ -346,7 +383,7 @@ ---------------------------------------------------------------- getter :: TLS.TLSParams params => TLSSettings -> Settings -> Socket -> params -> IO (IO (Connection, Transport), SockAddr) -getter tlsset@TLSSettings{..} set sock params = do +getter tlsset set sock params = do #if WINDOWS (s, sa) <- windowsThreadBlockHack $ accept sock #else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.2.12/warp-tls.cabal new/warp-tls-3.3.0/warp-tls.cabal --- old/warp-tls-3.2.12/warp-tls.cabal 2020-05-28 03:18:01.000000000 +0200 +++ new/warp-tls-3.3.0/warp-tls.cabal 2020-06-25 03:58:59.000000000 +0200 @@ -1,5 +1,5 @@ Name: warp-tls -Version: 3.2.12 +Version: 3.3.0 Synopsis: HTTP over TLS support for Warp via the TLS package License: MIT License-file: LICENSE
