Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Sat, Oct 09, 2010 at 12:53:17PM +0100, Maciej Piechotka wrote: I don't think I quite follow. Could you explain? sorry for beeing confusing. I meant something like a pure iteratee interface, so that you get the marshalled data to send in a bytestring format, and then you can decide yourself what to do with this bytestring (send it to a handle, discard it, process it as the other side) Maybe serverStartTLS? ok, I'll think about it; I'm not thrilled by that though ;) -- Vincent ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Fri, Oct 8, 2010 at 3:29 PM, Maciej Piechotka uzytkown...@gmail.com wrote: I had in mind something like: import Data.ByteString import Data.Iteratee clientEnum :: MonadIO m = params - Enumerator ByteString m a - Enumerator ByteString m a clientEnum params client = ... i.e. clientEnum :: MonadIO m = params - (Iteratee ByteString m a - m (Iteratee ByteString m a)) -- ^ Client function - Iteratee ByteString m a --^ Output - m (Iteratee ByteString m a) --^ Input Where inner enumerator is simply a client side while 'outer' is a outside/server part. Regards I'm afraid I haven't really looked at iteratee 0.4 enough to understand those type signatures completely, but it looks pretty similar to the API I have. Am I missing something? And is there a reason you can't implement that against the current tls API? Michael ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On 10/10/10, Michael Snoyman mich...@snoyman.com wrote: On Fri, Oct 8, 2010 at 3:29 PM, Maciej Piechotka uzytkown...@gmail.com wrote: I had in mind something like: import Data.ByteString import Data.Iteratee clientEnum :: MonadIO m = params - Enumerator ByteString m a - Enumerator ByteString m a clientEnum params client = ... i.e. clientEnum :: MonadIO m = params - (Iteratee ByteString m a - m (Iteratee ByteString m a)) -- ^ Client function - Iteratee ByteString m a --^ Output - m (Iteratee ByteString m a) --^ Input Where inner enumerator is simply a client side while 'outer' is a outside/server part. Regards I'm afraid I haven't really looked at iteratee 0.4 enough to understand those type signatures completely, but it looks pretty similar to the API I have. Am I missing something? And is there a reason you can't implement that against the current tls API? Michael Yes as far as I understend. My signature is parametrized both in client side of protocol as well as native. I.e. in my signature you don't need to have any Handle but the encrypted output is simply passed to next iteratee. Regards ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Sun, Oct 10, 2010 at 3:09 PM, Maciej Piechotka uzytkown...@gmail.com wrote: On 10/10/10, Michael Snoyman mich...@snoyman.com wrote: On Fri, Oct 8, 2010 at 3:29 PM, Maciej Piechotka uzytkown...@gmail.com wrote: I had in mind something like: import Data.ByteString import Data.Iteratee clientEnum :: MonadIO m = params - Enumerator ByteString m a - Enumerator ByteString m a clientEnum params client = ... i.e. clientEnum :: MonadIO m = params - (Iteratee ByteString m a - m (Iteratee ByteString m a)) -- ^ Client function - Iteratee ByteString m a --^ Output - m (Iteratee ByteString m a) --^ Input Where inner enumerator is simply a client side while 'outer' is a outside/server part. Regards I'm afraid I haven't really looked at iteratee 0.4 enough to understand those type signatures completely, but it looks pretty similar to the API I have. Am I missing something? And is there a reason you can't implement that against the current tls API? Michael Yes as far as I understend. My signature is parametrized both in client side of protocol as well as native. I.e. in my signature you don't need to have any Handle but the encrypted output is simply passed to next iteratee. Sorry, I see what you're saying now. Yes, that would indeed be a nice feature, though not one I needed for http-enumerator. Michael ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Fri, Oct 08, 2010 at 12:59:56PM +0100, Maciej Piechotka wrote: 1. Could also callback in addition to handles be added? Like: connect' :: (ByteString - IO ()) - IO ByteString - TLSClient IO () Would an interface that generate the packet to send and just return them as bytes be even better ? connect' :: TLSClient () ByteString I'm hoping to have something like that so i can use quickcheck to verify that all possible configurations result in a workable connection. 2. Does listen corresponds to listen(2)? If yes how to handle STARTTLS server-side? If no - please rename it. it's not doing the same thing as the socket listen(2). it waits for the handle passed as argument to establish a new TLS session as in: listen to the new tls connection. after reading STARTTLS, you would call listen that would listen for the TLS context to be established. Please suggest something, if you want me to rename it though, as I can't really think of a better name. -- Vincent Hanquez ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Sat, 2010-10-09 at 09:27 +0100, Vincent Hanquez wrote: On Fri, Oct 08, 2010 at 12:59:56PM +0100, Maciej Piechotka wrote: 1. Could also callback in addition to handles be added? Like: connect' :: (ByteString - IO ()) - IO ByteString - TLSClient IO () Would an interface that generate the packet to send and just return them as bytes be even better ? connect' :: TLSClient () ByteString I'm hoping to have something like that so i can use quickcheck to verify that all possible configurations result in a workable connection. I don't think I quite follow. Could you explain? 2. Does listen corresponds to listen(2)? If yes how to handle STARTTLS server-side? If no - please rename it. it's not doing the same thing as the socket listen(2). it waits for the handle passed as argument to establish a new TLS session as in: listen to the new tls connection. after reading STARTTLS, you would call listen that would listen for the TLS context to be established. Please suggest something, if you want me to rename it though, as I can't really think of a better name. Maybe serverStartTLS? Regards signature.asc Description: This is a digitally signed message part ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
[Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Wed, 2010-10-06 at 22:26 +0100, Vincent Hanquez wrote: Hi haskellers, I'ld like to announce the tls package [1][2], which is a native implementation of the TLS protocol, client and server. It's currently mostly supporting SSL3, TLS1.0 and TLS1.1. It's got *lots* of rough edges, and a bunch of unsupported features, but it's humming along, and at each iteration it's becoming more tighly secure and featureful. I would recommend against using this implementation in a production system just yet, or in an aggressive environment either (specially for the server side); I don't think it should necessary fail, but it's still an early implementation with probable API changes on the way. [1] http://github.com/vincenthz/hs-tls [2] http://hackage.haskell.org/package/tls 1. Could also callback in addition to handles be added? Like: connect' :: (ByteString - IO ()) - IO ByteString - TLSClient IO () Why: - It allows to wrap it into Enumerators 2. Does listen corresponds to listen(2)? If yes how to handle STARTTLS server-side? If no - please rename it. Regards signature.asc Description: This is a digitally signed message part ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Fri, Oct 8, 2010 at 1:59 PM, Maciej Piechotka uzytkown...@gmail.com wrote: On Wed, 2010-10-06 at 22:26 +0100, Vincent Hanquez wrote: Hi haskellers, I'ld like to announce the tls package [1][2], which is a native implementation of the TLS protocol, client and server. It's currently mostly supporting SSL3, TLS1.0 and TLS1.1. It's got *lots* of rough edges, and a bunch of unsupported features, but it's humming along, and at each iteration it's becoming more tighly secure and featureful. I would recommend against using this implementation in a production system just yet, or in an aggressive environment either (specially for the server side); I don't think it should necessary fail, but it's still an early implementation with probable API changes on the way. [1] http://github.com/vincenthz/hs-tls [2] http://hackage.haskell.org/package/tls 1. Could also callback in addition to handles be added? Like: connect' :: (ByteString - IO ()) - IO ByteString - TLSClient IO () Why: - It allows to wrap it into Enumerators It's entirely possible to wrap the current interface into enumerators/iteratees[1]. That's how http-enumerator works. Michael [1] http://github.com/snoyberg/http-enumerator/blob/master/Network/TLS/Client/Enumerator.hs ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
Re: [Haskell-cafe] Re: ANNOUNCE: tls, native TLS/SSL protocol implementation
On Fri, 2010-10-08 at 15:14 +0200, Michael Snoyman wrote: On Fri, Oct 8, 2010 at 1:59 PM, Maciej Piechotka uzytkown...@gmail.com wrote: On Wed, 2010-10-06 at 22:26 +0100, Vincent Hanquez wrote: Hi haskellers, I'ld like to announce the tls package [1][2], which is a native implementation of the TLS protocol, client and server. It's currently mostly supporting SSL3, TLS1.0 and TLS1.1. It's got *lots* of rough edges, and a bunch of unsupported features, but it's humming along, and at each iteration it's becoming more tighly secure and featureful. I would recommend against using this implementation in a production system just yet, or in an aggressive environment either (specially for the server side); I don't think it should necessary fail, but it's still an early implementation with probable API changes on the way. [1] http://github.com/vincenthz/hs-tls [2] http://hackage.haskell.org/package/tls 1. Could also callback in addition to handles be added? Like: connect' :: (ByteString - IO ()) - IO ByteString - TLSClient IO () Why: - It allows to wrap it into Enumerators It's entirely possible to wrap the current interface into enumerators/iteratees[1]. That's how http-enumerator works. Michael [1] http://github.com/snoyberg/http-enumerator/blob/master/Network/TLS/Client/Enumerator.hs I had in mind something like: import Data.ByteString import Data.Iteratee clientEnum :: MonadIO m = params - Enumerator ByteString m a - Enumerator ByteString m a clientEnum params client = ... i.e. clientEnum :: MonadIO m = params - (Iteratee ByteString m a - m (Iteratee ByteString m a)) -- ^ Client function - Iteratee ByteString m a --^ Output - m (Iteratee ByteString m a) --^ Input Where inner enumerator is simply a client side while 'outer' is a outside/server part. Regards signature.asc Description: This is a digitally signed message part ___ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
