Skip to content

Commit 334d451

Browse files
phadejphadej
committed
Add openssl flag
1 parent 0247582 commit 334d451

File tree

3 files changed

+47
-8
lines changed

3 files changed

+47
-8
lines changed

cabal.project

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,5 @@ constraints: semigroups ^>=0.19
1010

1111
allow-newer: aeson-1.4.3.0:hashable
1212
allow-newer: aeson-1.4.3.0:semigroups
13+
14+
constraints: github +openssl

github.cabal

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,11 @@ source-repository head
4747
type: git
4848
location: git://github.com/phadej/github.git
4949

50+
flag openssl
51+
description: "Use http-client-openssl"
52+
manual: True
53+
default: False
54+
5055
library
5156
default-language: Haskell2010
5257
ghc-options: -Wall
@@ -165,18 +170,26 @@ library
165170
, exceptions >=0.10.2 && <0.11
166171
, hashable >=1.2.7.0 && <1.4
167172
, http-client >=0.5.12 && <0.7
168-
, http-client-tls >=0.3.5.3 && <0.4
169173
, http-link-header >=1.0.3.1 && <1.1
170174
, http-types >=0.12.3 && <0.13
171175
, iso8601-time >=0.1.5 && <0.2
172176
, network-uri >=2.6.1.0 && <2.7
173-
, tagged
174-
, tls >=1.4.1
177+
, tagged >=0.8.5 && <0.9
175178
, transformers-compat >=0.6.5 && <0.7
176179
, unordered-containers >=0.2.10.0 && <0.3
177180
, vector >=0.12.0.1 && <0.13
178181
, vector-instances >=3.4 && <3.5
179182

183+
if flag(openssl)
184+
build-depends:
185+
http-client-openssl >=0.3.0.0 && <0.4
186+
, HsOpenSSL >=0.11.4.16 && <0.12
187+
, HsOpenSSL-x509-system >=0.1.0.3 && <0.2
188+
else
189+
build-depends:
190+
http-client-tls >=0.3.5.3 && <0.4
191+
, tls >=1.4.1
192+
180193
if !impl(ghc >= 8.0)
181194
build-depends:
182195
semigroups >=0.18.5 && <0.20
@@ -186,8 +199,8 @@ test-suite github-test
186199
type: exitcode-stdio-1.0
187200
hs-source-dirs: spec
188201
main-is: Spec.hs
189-
ghc-options: -Wall
190-
build-tool-depends: hspec-discover:hspec-discover >=2.6.1 && <2.8
202+
ghc-options: -Wall -threaded
203+
build-tool-depends: hspec-discover:hspec-discover >=2.7.1 && <2.8
191204
other-extensions: TemplateHaskell
192205
other-modules:
193206
GitHub.ActivitySpec

src/GitHub/Request.hs

Lines changed: 27 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,6 @@ import Network.HTTP.Client
7474
(HttpException (..), Manager, RequestBody (..), Response (..), getUri,
7575
httpLbs, method, newManager, redirectCount, requestBody, requestHeaders,
7676
setQueryString, setRequestIgnoreStatus)
77-
import Network.HTTP.Client.TLS (tlsManagerSettings)
7877
import Network.HTTP.Link.Parser (parseLinkHeaderBS)
7978
import Network.HTTP.Link.Types (Link (..), LinkParam (..), href, linkParams)
8079
import Network.HTTP.Types (Method, RequestHeaders, Status (..))
@@ -88,18 +87,43 @@ import qualified Data.Vector as V
8887
import qualified Network.HTTP.Client as HTTP
8988
import qualified Network.HTTP.Client.Internal as HTTP
9089

90+
#ifdef MIN_VERSION_http_client_tls
91+
import Network.HTTP.Client.TLS (tlsManagerSettings)
92+
#else
93+
import Network.HTTP.Client.OpenSSL (opensslManagerSettings, withOpenSSL)
94+
95+
import qualified OpenSSL.Session as SSL
96+
import qualified OpenSSL.X509.SystemStore as SSL
97+
#endif
98+
9199
import GitHub.Auth (Auth, AuthMethod, endpoint, setAuthRequest)
92100
import GitHub.Data (Error (..))
93101
import GitHub.Data.PullRequests (MergeResult (..))
94102
import GitHub.Data.Request
95103

104+
#ifdef MIN_VERSION_http_client_tls
105+
withOpenSSL :: IO a -> IO a
106+
withOpenSSL = id
107+
#else
108+
tlsManagerSettings :: HTTP.ManagerSettings
109+
tlsManagerSettings = opensslManagerSettings $ do
110+
ctx <- SSL.context
111+
SSL.contextAddOption ctx SSL.SSL_OP_NO_SSLv2
112+
SSL.contextAddOption ctx SSL.SSL_OP_NO_SSLv3
113+
SSL.contextAddOption ctx SSL.SSL_OP_NO_TLSv1
114+
SSL.contextSetCiphers ctx "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
115+
SSL.contextLoadSystemCerts ctx
116+
SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing
117+
return ctx
118+
#endif
119+
96120
-- | Execute 'Request' in 'IO'
97121
executeRequest
98122
:: (AuthMethod am, ParseResponse mt a)
99123
=> am
100124
-> GenRequest mt rw a
101125
-> IO (Either Error a)
102-
executeRequest auth req = do
126+
executeRequest auth req = withOpenSSL $ withOpenSSL $ do
103127
manager <- newManager tlsManagerSettings
104128
executeRequestWithMgr manager auth req
105129

@@ -137,7 +161,7 @@ executeRequestWithMgr mgr auth req = runExceptT $ do
137161

138162
-- | Like 'executeRequest' but without authentication.
139163
executeRequest' :: ParseResponse mt a => GenRequest mt 'RO a -> IO (Either Error a)
140-
executeRequest' req = do
164+
executeRequest' req = withOpenSSL $ do
141165
manager <- newManager tlsManagerSettings
142166
executeRequestWithMgr' manager req
143167

0 commit comments

Comments
 (0)