How to provide a client certificate to http-client-tls?

前端 未结 1 824
梦谈多话
梦谈多话 2021-02-14 18:39

I am using http-client-tls to connect to a TLS-enabled server that requires a client certificate. I suspect I need to tweak TLSSettings with a loaded certificate and correct cyp

相关标签:
1条回答
  • 2021-02-14 19:05

    Thanks to Moritz Agerman for sharing his code. Here is a full Haskell module that can use crt.pem and key.pem files to provide client-side certificate as requested by server:

     {-# LANGUAGE OverloadedStrings #-}
     module TLS where
    
     import           Data.Default
     import           Network.Connection
     import           Network.HTTP.Client
     import           Network.HTTP.Client.TLS
     import           Network.TLS
     import           Network.TLS.Extra.Cipher
     import           Servant.Client
    
     makeClientManager :: String -> Scheme -> IO Manager
     makeClientManager hostname Https = mkMngr hostname "crt.pem" "key.pem"
     makeClientManager _        Http  = newManager defaultManagerSettings
    
     mkMngr :: String -> FilePath -> FilePath -> IO Manager
     mkMngr hostName crtFile keyFile = do
       creds <- either error Just `fmap` credentialLoadX509 crtFile keyFile
       let hooks = def
                   { onCertificateRequest = \_ -> return creds
                   , onServerCertificate = \_ _ _ _ -> return []
                   }
           clientParams = (defaultParamsClient hostName  "")
                          { clientHooks = hooks
                          , clientSupported = def { supportedCiphers = ciphersuite_all }
                          }
           tlsSettings = TLSSettings clientParams
    
       newManager $ mkManagerSettings tlsSettings Nothing
    

    Not sure if this does bypass server certificate validation or not as onServerCertificate hook is a constant [].

    0 讨论(0)
提交回复
热议问题