depressed-pho / hsopenssl Goto Github PK
View Code? Open in Web Editor NEWOpenSSL binding for Haskell
Home Page: http://hackage.haskell.org/package/HsOpenSSL
License: Creative Commons Zero v1.0 Universal
OpenSSL binding for Haskell
Home Page: http://hackage.haskell.org/package/HsOpenSSL
License: Creative Commons Zero v1.0 Universal
While trying to install the latest version of HsOpenSSL from Hackage or this git repo (0.10.1.4), the build died, complaining about a syntax error on line 54 of the X509.hsc file:
X509.hsc:54:21: error: missing binary operator before token "("
I am using GHC 7.0.4 on Debian.
Given that this is a partial binding, it would be good to expose pointers to objects like SSL_CONTEXT and SSL and X509 so that users of the binding to extend it to add missing functionality. As a binding to another concrete library, nothing is gained from hiding these pointers. This could be as easy as exposing types like SSL_CTX_ and functions like withSslCtx.
When I tried to use the OpenSSL binaries that was linked to from http://hackage.haskell.org/trac/ghc/wiki/Builder, I had to change a line in the cabal file from:
Extra-Libraries: eay32 ssl32
to
Extra-Libraries: eay32 ssleay32
I can understand why this library might not want to be super-opinionated about the right way to statically check that withOpenSSL
is being used correctly. I would like to propose that some very lightweight machinery be added to make it possible for downstream authors to add such if they want:
module OpenSSL (InitOpenSSL, withOpenSSL) where
data InitOpenSSL = InitOpenSSL -- Constructor not exported
withOpenSSL :: (InitOpenSSL -> IO a) -> IO a
withOpenSSL act = do
loadErrorStrings >> addAllAlgorithms >> libraryInit >> setupMutex
act InitOpenSSL
The existing common use can still be easily supported:
main = withOpenSSL $ const $ do ...
And if library authors wish, they can now require an argument of type InitOpenSSL, or use a ReaderT, or use ImplicitParams, or whatever method they like to statically check that the init has been done, and authors who do not wish to do so still need not wade through much machinery from this library to use it for their purposes.
Calling getDigestNames
returns []
Hello,
I am using Travis CI for continuous integration testing of my package, and since the upgrade to version 0.11.1 cabal is unable to compile HsOpenSSL:
Building HsOpenSSL-0.11.1...
Preprocessing library HsOpenSSL-0.11.1...
Option.hsc: In function ‘main’:
Option.hsc:144:5: error: ‘SSL_OP_SAFARI_ECDHE_ECDSA_BUG’ undeclared (first use in this function)
Option.hsc:144:5: note: each undeclared identifier is reported only once for each function it appears in compiling dist/build/OpenSSL/SSL/Option_hsc_make.c failed (exit code 1)
https://travis-ci.org/solatis/dissent/builds/45645870
I assume this is caused by some version mismatch between libopenssl installed on the build machine and what HsOpenSSL assumes. Who's at fault here ?
I'm writing a program to interface with another program written in python. I find that the ciphered result are different.
In ghci, the ciphered result is \GS\n\197:
import OpenSSL
import OpenSSL.EVP.Cipher
import Data.Maybe
method <- fmap fromJust $ withOpenSSL $ getCipherByName "bf-cfb"
cipher method "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" "\xcc\x88\xa5\x26\x85\xaf\x7f\x8d" Encrypt "abcd"
In python, the ciphered result is K\x10<Q
import M2Crypto
M2Crypto.EVP.Cipher("bf_cfb", "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", "\xcc\x88\xa5\x26\x85\xaf\x7f\x8d", 1).update("abcd")
In shell, with abcd.txt containing the string "abcd", abcd.bin shown in vim as K^P<Q}
openssl bf-cfb -in abcd.txt -out abcd.bin -pass pass:abc -K 900150983cd24fb0d6963f7d28e17f72 -iv cc88a52685af7f8d -nosalt
I assume the M2Crypto result is equivalent to command line result, why the HsOpenSSL result is different?
GHC 7.4.1, when using the EVP.Cipher module I get no ciphers listed, although OpenSSL on my machine has plenty of options:
$ ghci
GHCi, version 7.4.1: http://www.haskell.org/ghc/ :? for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
Prelude> import OpenSSL.EVP.Cipher
Prelude OpenSSL.EVP.Cipher> :!openssl list-cipher-commands
aes-128-cbc
aes-128-ecb
aes-192-cbc
aes-192-ecb
aes-256-cbc
aes-256-ecb
base64
bf
bf-cbc
bf-cfb
bf-ecb
bf-ofb
camellia-128-cbc
camellia-128-ecb
camellia-192-cbc
camellia-192-ecb
camellia-256-cbc
camellia-256-ecb
cast
cast-cbc
cast5-cbc
cast5-cfb
cast5-ecb
cast5-ofb
des
des-cbc
des-cfb
des-ecb
des-ede
des-ede-cbc
des-ede-cfb
des-ede-ofb
des-ede3
des-ede3-cbc
des-ede3-cfb
des-ede3-ofb
des-ofb
des3
desx
rc2
rc2-40-cbc
rc2-64-cbc
rc2-cbc
rc2-cfb
rc2-ecb
rc2-ofb
rc4
rc4-40
seed
seed-cbc
seed-cfb
seed-ecb
seed-ofb
zlib
Prelude OpenSSL.EVP.Cipher> getCipherNames
Loading package bytestring-0.9.2.1 ... linking ... done.
Loading package transformers-0.3.0.0 ... linking ... done.
Loading package mtl-2.1 ... linking ... done.
Loading package array-0.4.0.0 ... linking ... done.
Loading package deepseq-1.3.0.0 ... linking ... done.
Loading package text-0.11.2.0 ... linking ... done.
Loading package parsec-3.1.2 ... linking ... done.
Loading package unix-2.5.1.0 ... linking ... done.
Loading package network-2.3.0.11 ... linking ... done.
Loading package old-locale-1.0.0.4 ... linking ... done.
Loading package time-1.4 ... linking ... done.
Loading package HsOpenSSL-0.10.2 ... linking ... done.
[]
Prelude OpenSSL.EVP.Cipher> x <- getCipherByName "rc4"
Prelude OpenSSL.EVP.Cipher> case x of { Just _ -> print 1; }
*** Exception: <interactive>:6:1-32: Non-exhaustive patterns in case
Prelude OpenSSL.EVP.Cipher> x <- getCipherByName "aes-256-cbc"
Prelude OpenSSL.EVP.Cipher> case x of { Just _ -> print 1; }
*** Exception: <interactive>:8:1-32: Non-exhaustive patterns in case
Prelude OpenSSL.EVP.Cipher>
openssl
libs and includes are not included in OS X 10.11. I'm not sure if this is permanent or just an effect of the beta release but we should keep our eye on it so when 10.11 is released, HsOpenSSL will work smoothly.
The documentation indicates that SSL_write (like normal write) will return the number of bytes written, which might be fewer bytes than given. It is probably necessary for the write functions to return the number of bytes written so that a partial write could be detected or even to continue to write the remaining bytes after a partial write.
As of OpenSSL 1.0.2 there is hostname validation available. It's only 3 imports needed to take advantage of this, and it makes using OpenSSL much nicer for secure TLS!
It'd be nice to bind at least the 3 procedures used in this example.
I have openssl
installed and working. But I get this error when building HsOpenSSL
:
Configuring HsOpenSSL-0.11.1.1...
Building HsOpenSSL-0.11.1.1...
Preprocessing library HsOpenSSL-0.11.1.1...
In file included from BN.hsc:45:
/private/var/folders/7g/hqr575c56f57x2z04zkrfvm40000gn/T/stack18674/HsOpenSSL-0.11.1.1/cbits/HsOpenSSL.h:3:10: fatal error: 'openssl/asn1.h' file not found
#include <openssl/asn1.h>
^
1 error generated.
Hi all.
Is there any chance to get support of reading/writing DER format in HsOpenSSL ?
This is required to disable SSLv3 vulnerable to POODLE attack.
I need a way to turn of padding for DES-CBC
, but it seems there's no way to do so in HsOpenSSL.
I really need this and willing to contribute. What's the best way to add this to HsOpenSSL without breaking anything? Should I just add something like cipherBSNoPad
? Any suggestions?
I'm attempting to set a CA certificate using contextSetCAFile
, but when I send the https request, I get the following error:
TlsExceptionHostPort (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))) "hostname" port
You can see my attempt here. Is there anything else I need to do to specify the CA? My ca.crt
file has the following format:
-----BEGIN CERTIFICATE-----
...base64...
-----END CERTIFICATE-----
When I use curl to send the request, the certificate works fine:
curl https://host:port/path --cert ./client-cert.pem --key client-key.pem --cacert ca.crt
Any guidance is appreciated!
The test-suite for this package has been disabled in stackage because of this outdated dependency. When a fix is published to hackage please send a PR to re-enable the tests to stackage (it's in the skipped-tests section) or ping me.
Hello,
HsOpenSSL does not build against Haskell Platform 2011.4 (GHC 7.0.4), because two modules import Foreign.ForeignPtr.Unsafe, which does was not added until base 4.4.
The two fixes I see are:
happstack-server-tls uses HsOpenSSL and this makes it tricky to install.
OpenSSL/BN.hsc:180:24:
Not in scope: data constructor ‘J#’
Perhaps you meant one of these:
‘C#’ (imported from GHC.Base), ‘D#’ (imported from GHC.Base),
‘F#’ (imported from GHC.Base)
OpenSSL/BN.hsc:181:29:
Not in scope: data constructor ‘J#’
Perhaps you meant one of these:
‘C#’ (imported from GHC.Base), ‘D#’ (imported from GHC.Base),
‘F#’ (imported from GHC.Base)
OpenSSL/BN.hsc:215:16:
Not in scope: data constructor ‘J#’
Perhaps you meant one of these:
‘C#’ (imported from GHC.Base), ‘D#’ (imported from GHC.Base),
‘F#’ (imported from GHC.Base)
Causes build server to crash (ubuntu), under GHC 7.10.
The API changes from time-1.5
to time-1.6
don't affect HsOpenSSL afaics.
I've already performed a .cabal
-edit on Hackage to this effect: https://hackage.haskell.org/package/HsOpenSSL-0.11.1.1/revisions/, so there's no need to upload a new release to address this ticket.
Or, more accurately, needlessly includes an integer-gmp build dep. This makes the code less portable for no notable gain.
I notice the code builds fine without the integer-gmp dependency - why is this included at all and what is the issue with removing it?
I can successfully decrypt some rsa encrypted data with
openssl rsautl -inkey key.pem -decrypt
Does the library have functionality equivalent to this? I suspect that the OpenSSL C function RSA_private_decrypt
needs to be called, and a scan of the source for the library doesn't show this as a foreign import.
Specifically, I get the following error:
Loading package HsOpenSSL-0.10.1 ... linking ... ghc: [...path to libraries...]/HsOpenSSL-0.10.1/ghc-7.0.4/HSHsOpenSSL-0.10.1.o: unknown symbol `X509_CRL_get0_by_serial'
It works fine with the compiler, but this means that HsOpenSSL cannot be used from GHCi, and packages that use HsOpenSSL cannot use Template Haskell, as it uses the bytecode interpreter too.
HsOpenSSL 0.9.0.1 works just fine and doesn't have this issue at all.
I'm running GHC 7.0.4, as the error message shows.
Hopefully there's a simple fix to this, or I did something wrong, since it's blocking my use of HsOpenSSL :)
Thanks in advance for any reply.
HsOpenSSL is segfaulting on my machine (OS X 10.8.3, Intel x86_64) in basic usage. This seems to happen on any call out to OpenSSL.
I'm using the latest version on Hackage, 0.10.3.3., and I've tried this with GHC 7.4.2 and 7.6.3, and with both OpenSSL 0.9.8r (the version that comes with OS X 10.8) and 1.0.1e.
I also posted a question on Stack Overflow about this, but didn't get any takers. I assume the problem has something to do with OS X. If there's anything I can do to help debug, please let me know.
I just cloned the repository, ran cabal install successfully, and then compiled examples/Server.hs with ghc --make -threaded Server.hs
. I then run Server
. I used openssl s_client -connect localhost:4112
to test the server and issue a GET request to the server. The server accepts the connection, but after the GET request it closes the connection and prints this:
Server: thread blocked indefinitely in an MVar operation
The API for integer-gmp has significantly changed with integer-gmp-1.0.0.0
See https://hackage.haskell.org/package/integer-gmp-1.0.0.0/candidate/docs/GHC-Integer-GMP-Internals.html for details
I'm getting the following build error when building with GHC 7.10.2 on ubuntu 12.04.5 LTS (the distro I get on CircleCI). Anyone have any ideas?
Building HsOpenSSL-0.11.1.1...
Preprocessing library HsOpenSSL-0.11.1.1...
[ 1 of 33] Compiling OpenSSL.SSL.Option ( .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/SSL/Option.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/SSL/Option.o )
[ 2 of 33] Compiling OpenSSL.ERR ( OpenSSL/ERR.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/ERR.o )
[ 3 of 33] Compiling OpenSSL.Stack ( OpenSSL/Stack.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/Stack.o )
[ 4 of 33] Compiling OpenSSL.DH.Internal ( OpenSSL/DH/Internal.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/DH/Internal.o )
/tmp/stack108855/HsOpenSSL-0.11.1.1/OpenSSL/DH/Internal.hs:17:1: Warning:
The import of ‘Control.Applicative’ is redundant
except perhaps to import instances from ‘Control.Applicative’
To import instances alone, use: import Control.Applicative()
[ 5 of 33] Compiling OpenSSL.Objects ( .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/Objects.hs, .stack-work/dist/x86_64-linux/Cabal-1.22.4.0/build/OpenSSL/Objects.o )
/tmp/ghc109525_0/ghc_32.o: In function `r7OL_closure':
(.data+0x0): multiple definition of `__stginit_HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects'
/tmp/ghc109525_0/ghc_32.o:(.data+0x0): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x10): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames1_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x10): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7SA_info':
(.text+0x2c8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames1_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0x2c8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x20): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x20): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xe98): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_getObjNames_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xe98): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x30): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_MDMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x30): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xeb8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_MDMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xeb8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x38): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CipherMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x38): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xed8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CipherMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xed8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x40): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_PKeyMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x40): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xef8): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_PKeyMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xef8): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x48): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CompMethodType_closure'
/tmp/ghc109525_0/ghc_32.o:(.data+0x48): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `c7W6_info':
(.text+0xf18): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_CompMethodType_static_info'
/tmp/ghc109525_0/ghc_32.o:(.text+0xf18): first defined here
/tmp/ghc109525_0/ghc_32.o: In function `r7pH_closure':
(.data+0x50): multiple definition of `HsOpezuGnLae7U7W9ZZI8AcRoM668H_OpenSSLziObjects_ObjNameType_closure_tbl'
/tmp/ghc109525_0/ghc_32.o:(.data+0x50): first defined here
/tmp/ghc109525_0/ghc_31.o: In function `OpenSSLziObjects_d7Ce':
ghc_29.c:(.text+0x0): multiple definition of `OpenSSLziObjects_d7Ce'
/tmp/ghc109525_0/ghc_31.o:ghc_29.c:(.text+0x0): first defined here
collect2: error: ld returned 1 exit status
In line 30 of cbits/HsOpenSSL.h
there is the line:
# include "../dist/build/autogen/cabal_macros.h"
This causes the the compilation to fail, when the cabal option --builddir
is used, to use a directory instead of the default of dist
(See: http://www.haskell.org/cabal/users-guide/installing-packages.html#setup-test)
The --builddir
is often set automatically to various values by sandboxing tools, such as HsEnv
This is the relevant error message:
In file included from cbits/HsOpenSSL.c:1:0:
cbits/HsOpenSSL.h:30:50:
fatal error: ../dist/build/autogen/cabal_macros.h: No such file or directory
compilation terminated.
Failed to install HsOpenSSL-0.10.3.3
cabal: Error: some packages failed to install:
While searching I also found this compilation log that someone had that suffers from the same problem(their --builddir
is apparently set to dist/dist-sandbox-dc2d92ee
): https://gist.github.com/roman/5681021
I am not sure how to fix this bug in HsOpenSSL.
Basically the following is needed for that (untested though!):
diff --git a/OpenSSL/ASN1.hsc b/OpenSSL/ASN1.hsc
index 39e6706..aa23f29 100644
--- a/OpenSSL/ASN1.hsc
+++ b/OpenSSL/ASN1.hsc
@@ -29,7 +29,9 @@ import Foreign.C
import OpenSSL.BIO
import OpenSSL.BN
import OpenSSL.Utils
+#if !(MIN_VERSION_time(1,5,0))
import System.Locale
+#endif
{- ASN1_OBJECT --------------------------------------------------------------- -}
@@ -139,7 +141,11 @@ peekASN1Time time
, "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
]
]
+#if MIN_VERSION_time(1,5,0)
+ , knownTimeZones = []
+#else
, intervals = undefined
+#endif
, amPm = undefined
, dateTimeFmt = undefined
, dateFmt = undefined
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.