Skip to content

Instantly share code, notes, and snippets.

@superduper

superduper/SslClientAuth.hs

Created September 3, 2015 23:51
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save superduper/9ea4b0804673694ad701 to your computer and use it in GitHub Desktop.
Save superduper/9ea4b0804673694ad701 to your computer and use it in GitHub Desktop.
Download ZIP
Example how to use wreq with ssl
Raw
SslClientAuth.hs
{-# LANGUAGE OverloadedStrings #-}
module Network.HttpSSL (
postSSL
, SSLOptions (..)
) where
{-
build-depends:
wreq
, HsOpenSSL
, http-client-openssl
, lens
-}
import Control.Lens
import Data.ByteString.Lazy (ByteString)
import Network.HTTP.Client.OpenSSL
import Network.Wreq
import OpenSSL (withOpenSSL)
import OpenSSL.Session (SSLContext)
import qualified OpenSSL.Session as SSL
data SSLOptions = SSLOptions {
optionsClientCert :: FilePath
, optionsCaCert :: FilePath }
setupSSLCtx :: SSLOptions -> IO SSLContext
setupSSLCtx (SSLOptions clientCert caCert) =
do ctx <- SSL.context
SSL.contextSetPrivateKeyFile ctx clientCert
SSL.contextSetCertificateFile ctx caCert
return ctx
postSSL :: SSLOptions -- ^ Options
-> String -- ^ URL
-> ByteString
-> IO (Response ByteString)
postSSL sopts url b =
let mkOpts c = defaults & manager .~ Left (opensslManagerSettings c)
call o = postWith (mkOpts o) url
in withOpenSSL $ call (setupSSLCtx sopts) b
@umurgdk
Copy link

umurgdk commented Feb 14, 2016

Oh after hours finally manage to make a request to Docker Rest API. For servers such as Docker you need to force openssl library to use TLSv1 like:

SSL.contextAddOption           ctx SSL.SSL_OP_NO_SSLv2
SSL.contextAddOption           ctx SSL.SSL_OP_NO_SSLv3

There is also SSL_OP_NO_TLSv1in case of you want to force library to use something else.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment