Skip to content

Allow TLS ClientParams to be provided to Transport.TLS (connect) #126

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
darrell-roberts opened this issue Jan 5, 2022 · 1 comment
Open

Allow TLS ClientParams to be provided to Transport.TLS (connect) #126

darrell-roberts opened this issue Jan 5, 2022 · 1 comment

Comments

@darrell-roberts
Copy link

Hi,

For TLS connections to mongo it is common to require a client certificate that is requested by the mongo server. I got this working by making the following change to the connect function in the Transport.TLS module.

connect :: Maybe TLS.ClientParams -> HostName -> PortID -> IO Pipe
connect clientParams host port = bracketOnError (connectTo host port) hClose $ \handle -> do

  let params = (TLS.defaultParamsClient host "")
        { TLS.clientSupported = def
            { TLS.supportedCiphers = TLS.ciphersuite_default}
        , TLS.clientHooks = def
            { TLS.onServerCertificate = \_ _ _ _ -> return []}
        }

  context <- TLS.contextNew handle (fromMaybe params clientParams)
  TLS.handshake context

  conn <- tlsConnection context
  rec
    p <- newPipeWith sd conn
    sd <- access p slaveOk "admin" retrieveServerData
  return p

It simply adds an optional parameter for ClientParams allowing the caller to setup whatever TLS configuration needed.
@darrell-roberts darrell-roberts changed the title Allow SSL ClientParams to be provided to Transport.TLS (connect) Allow TLS ClientParams to be provided to Transport.TLS (connect) Jan 6, 2022
@darrell-roberts
Copy link
Author

I created a PR with a proposed solution to adding this support. It preserves the original function and adds a new one that allows passing optional TLS client parameters.

VictorDenisov added a commit that referenced this issue Mar 22, 2022
@VictorDenisov
Allow optional TLS params
2ab662b 
Merge pull request #129 from darrell-roberts/master

for issue #126.
why-not-try-calmer added a commit to why-not-try-calmer/mongodb that referenced this issue Jun 18, 2022
@why-not-try-calmer
Adjusted codebase to avoid all warnings, including deprecated Produce…
701a4ab 
…r/Consumer from conduit. Removed a few unnecessary parentheses too.

Fixed erroneously removed CPP expressions.

Removed unused imports.

for issue mongodb-haskell#126. Allow optional TLS params

Removing superfluous brackets; simplifying a few functions.
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@darrell-roberts