search

aesiniath / http-streams

Haskell HTTP client library for use with io-streams
https://hackage.haskell.org/package/http-streams
BSD 3-Clause "New" or "Revised" License
50 stars 48 forks source link

Revised fix for #18 #20

Closed ixmatus closed 11 years ago

ixmatus commented 11 years ago

What it fixes

The usage of the convenience functions to retrieve a resource: resp <- get url concatHandler

In particular, when an HTTPS resource scheme is provided. The HsOpenSSL library only works if the request is wrapped in an withOpenSSL computation. The intended effect however is to not require the programmer to do anything specifically different if providing an HTTPS scheme vs. an HTTP scheme.

The default behavior (without withOpenSSL) ends in a segmentation fault and to fix that the request needs to be explicitly wrapped, which makes the original intention of the convenience functions moot.

This fixes that, by wrapping ONLY the connection builder that was branched from a match on an HTTPS scheme in the URI.

The only problem is the inability to modify the OpenSSL context created before the request is made; however, if the user needs that ability it would be easy to build what they need on their own or revise this current solution to enable the user to pass their own SSL context through the convenience functions (modifying which ciphers are used, cert checking, cert locations, etc...).

istathar commented 11 years ago

The problem with the other way (using a global IORef) is that I still have to wrap the request using withOpenSSL and I think passing an SSLContext (if I have one) to the convenience function would be cleaner than always wrapping the request.

Then you'd have to explain to anyone wanting to make a plain http request what an SSLContext is and how to construct one. Which would then require them to have called withOpenSSL in their main function, even though they're doing nothing of the sort.

would appear more friendly than using unsafePerformIO

The justification for the use of unsafePerformIO is documented at Inconvenience.hs line 119.

Meanwhile, I think we've established that the problem here was the failure to call withOpenSSL in your main function as is documented at "Convenience APIs". I'd like to find a way to guard the openssl library better, but in the mean time I think we'll stick with the API we have.

AfC