From b8da6e9ef9b768213cffb764e86652bc16f9eadb Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Wed, 27 Nov 2019 22:21:35 +0900 Subject: [PATCH 1/2] exposing getClientCertificateChain. --- core/Network/TLS.hs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/Network/TLS.hs b/core/Network/TLS.hs index e608ea853..6050e30d3 100644 --- a/core/Network/TLS.hs +++ b/core/Network/TLS.hs @@ -109,6 +109,7 @@ module Network.TLS , unClientRandom , unServerRandom , HandshakeMode13(..) + , getClientCertificateChain -- ** Negotiated , getNegotiatedProtocol , getClientSNI @@ -170,6 +171,7 @@ import Network.TLS.Hooks import Network.TLS.Measurement import Network.TLS.Parameters import Network.TLS.Session +import qualified Network.TLS.State as S import Network.TLS.Struct ( TLSError(..), TLSException(..) , HashAndSignatureAlgorithm, HashAlgorithm(..), SignatureAlgorithm(..) , Header(..), ProtocolType(..), CertificateType(..) @@ -186,3 +188,6 @@ import Data.X509.Validation hiding (HostName) {-# DEPRECATED Bytes "Use Data.ByteString.Bytestring instead of Bytes." #-} type Bytes = B.ByteString + +getClientCertificateChain :: Context -> IO (Maybe CertificateChain) +getClientCertificateChain ctx = usingState_ ctx S.getClientCertificateChain From c5296ee5d48f870c86eb92b496c04f2ceb2b472d Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Fri, 20 Dec 2019 12:41:20 +0900 Subject: [PATCH 2/2] doc for getClientCertificateChain --- core/Network/TLS.hs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/Network/TLS.hs b/core/Network/TLS.hs index 6050e30d3..b04bd1939 100644 --- a/core/Network/TLS.hs +++ b/core/Network/TLS.hs @@ -189,5 +189,10 @@ import Data.X509.Validation hiding (HostName) {-# DEPRECATED Bytes "Use Data.ByteString.Bytestring instead of Bytes." #-} type Bytes = B.ByteString +-- | Getting certificates from a client, if any. +-- Note that the certificates are not sent by a client +-- on resumption even if client authentication is required. +-- So, this API would be replaced by the one which can treat +-- both cases of full-negotiation and resumption. getClientCertificateChain :: Context -> IO (Maybe CertificateChain) getClientCertificateChain ctx = usingState_ ctx S.getClientCertificateChain