search

haskell-tls / hs-certificate

Certificate and Key Reader/Writer in haskell
60 stars 57 forks source link

getSystemCertificateStore throws an exception when crt files cannot be read #16

Closed swtw7466 closed 11 years ago

swtw7466 commented 11 years ago

The problem

[ghci] Prelude System.Certificate.X509> getSystemCertificateStore
[ghci] *** Exception: /etc/ssl/certs/localhost.crt: openBinaryFile: permission denied (Permission denied)

Why

% ls -l /etc/ssl/certs/
-rw-r--r--. 1 root root 571450 Apr  8  2010 ca-bundle.crt
-rw-r--r--. 1 root root 651083 Apr  8  2010 ca-bundle.trust.crt
-rw-------  1 root root   1192 Aug 24 19:01 localhost.crt

So our administrator doesn't want the file to be read by everyone.

Solution

Check whether crt files are readable:

 listDirectoryCerts path = (map (path </>) . filter isCert <$> getDirectoryContents path)
                       >>= filterM doesFileExist
+                      >>= filterM (liftM readable . getPermissions)
vincenthz commented 11 years ago

While i don't see a reason why a x509 certificate should not be made readable :-), this is probably a good idea to filter errors. I wonder do if it not be better to just catch all io exceptions.

swtw7466 commented 11 years ago

Indeed, the way will solve my problem as well as other IO problems. I've updated the branch to catch all IO exceptions.

vincenthz commented 11 years ago

awesome. Thanks !