Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow TLS ClientParams to be provided to Transport.TLS (connect) #126

Open
darrell-roberts opened this issue Jan 5, 2022 · 1 comment
Open

Allow TLS ClientParams to be provided to Transport.TLS (connect) #126

darrell-roberts opened this issue Jan 5, 2022 · 1 comment

Comments

@darrell-roberts
Copy link

Hi,

For TLS connections to mongo it is common to require a client certificate that is requested by the mongo server. I got this working by making the following change to the connect function in the Transport.TLS module.

connect :: Maybe TLS.ClientParams -> HostName -> PortID -> IO Pipe
connect clientParams host port = bracketOnError (connectTo host port) hClose $ \handle -> do

  let params = (TLS.defaultParamsClient host "")
        { TLS.clientSupported = def
            { TLS.supportedCiphers = TLS.ciphersuite_default}
        , TLS.clientHooks = def
            { TLS.onServerCertificate = \_ _ _ _ -> return []}
        }

  context <- TLS.contextNew handle (fromMaybe params clientParams)
  TLS.handshake context

  conn <- tlsConnection context
  rec
    p <- newPipeWith sd conn
    sd <- access p slaveOk "admin" retrieveServerData
  return p

It simply adds an optional parameter for ClientParams allowing the caller to setup whatever TLS configuration needed.
@darrell-roberts darrell-roberts changed the title Allow SSL ClientParams to be provided to Transport.TLS (connect) Allow TLS ClientParams to be provided to Transport.TLS (connect) Jan 6, 2022
@darrell-roberts
Copy link
Author

I created a PR with a proposed solution to adding this support. It preserves the original function and adds a new one that allows passing optional TLS client parameters.

VictorDenisov added a commit that referenced this issue Mar 22, 2022
@VictorDenisov
Allow optional TLS params
2ab662b 
Merge pull request #129 from darrell-roberts/master

for issue #126.
why-not-try-calmer added a commit to why-not-try-calmer/mongodb that referenced this issue Jun 18, 2022
@why-not-try-calmer
Adjusted codebase to avoid all warnings, including deprecated Produce…
701a4ab 
…r/Consumer from conduit. Removed a few unnecessary parentheses too.

Fixed erroneously removed CPP expressions.

Removed unused imports.

for issue mongodb-haskell#126. Allow optional TLS params

Removing superfluous brackets; simplifying a few functions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@darrell-roberts