vshabanov
commented
3 years ago I will gladly accept a pull request with new functions added and will publish a new HsOpenSSL version on Hackage.
Open glguy opened 3 years ago
vshabanov
commented
3 years ago I will gladly accept a pull request with new functions added and will publish a new HsOpenSSL version on Hackage.
HsOpenSSL only allows you to specify a PEM decryption password when decoding a PEM file and then using
sslContextSetPrivateKeywith the resulting key, but HsOpenSSL can only open RSA and DSA keys this way. The better solution is to usesslContextSetPrivateKeyFileto set any private key so that all algorithms supported by the underlying OpenSSL version will be available (things like elliptic curve systems). Unfortunately HsOpenSSL doesn't expose the ability to set the default password callback/userdata needed to provide a password to this function, nor does it expose the internal functions to wrapPemPasswordSupplyfor use with these callbacks.I've temporarily added bindings to the necessary functions in my connection library
https://github.com/glguy/irc-core/blob/5c4f379ecf8b40f9b9d72206a5cc9a248d224e24/hookup/src/Hookup/OpenSSL.hsc#L34-L49 https://github.com/glguy/irc-core/blob/5c4f379ecf8b40f9b9d72206a5cc9a248d224e24/hookup/src/Hookup.hs#L593-L599
The good solution would be to add a
PemPasswordSupplyparameter tosslContextSetPrivateKeyFilethat would temporarily set the default password callback and userdata the same as is done in the PEM read implementation.Note,
sslContextSetPrivateKeyFilewould need to switch to asafeimport