如何向http-client-tls提供客户端证书? [英] How to provide a client certificate to http-client-tls?
问题描述
我使用 http-client-tls 连接到需要客户端证书的启用TLS的服务器。我怀疑我需要调整 TLSSettings 带有加载的证书和正确的密码套件参数,但绝对不清楚如何执行此操作。
有人有一些使用客户端证书的示例代码吗?
感谢Moritz Agerman分享他的代码。这是一个完整的Haskell模块,可以使用 crt.pem
和 key.pem
文件将客户端证书作为由服务器请求:
{ - #LANGUAGE OverloadedStrings# - }
模块TLS其中
导入Data.Default
导入Network.Connection
导入Network.HTTP.Client
导入Network.HTTP.Client.TLS
导入Network.TLS
导入网络。 TLS.Extra.Cipher
import Servant.Client
makeClientManager :: String - >方案 - > IO管理器
makeClientManager主机名Https = mkMngr主机名crt.pemkey.pem
makeClientManager _ Http = newManager defaultManagerSettings
mkMngr :: String - > FilePath - > FilePath - > IO管理器
mkMngr主机名crtFile KEYFILE =做
creds< - 或者错误只是`fmap` credentialLoadX509 crtFile KEYFILE
让钩= DEF
{onCertificateRequest = \_ - >返回信用
,onServerCertificate = \ _ _ _ _ - >返回[]
}
clientParams =(defaultParamsClient hostName)
{clientHooks = hooks
,clientSupported = def {supportedCiphers = ciphersuite_all}
}
tlsSettings = TLSSettings clientParams
newManager $ mkManagerSettings tlsSettings Nothing
不知道是否这样不会绕过服务器证书验证或不是 onServerCertificate
hook是一个常量 []
。
I am using http-client-tls to connect to a TLS-enabled server that requires a client certificate. I suspect I need to tweak TLSSettings with a loaded certificate and correct cypher-suites parameters but it is definitely not clear how to do this.
Does anybody have some example code that uses client-side certificates?
Thanks to Moritz Agerman for sharing his code. Here is a full Haskell module that can use crt.pem
and key.pem
files to provide client-side certificate as requested by server:
{-# LANGUAGE OverloadedStrings #-}
module TLS where
import Data.Default
import Network.Connection
import Network.HTTP.Client
import Network.HTTP.Client.TLS
import Network.TLS
import Network.TLS.Extra.Cipher
import Servant.Client
makeClientManager :: String -> Scheme -> IO Manager
makeClientManager hostname Https = mkMngr hostname "crt.pem" "key.pem"
makeClientManager _ Http = newManager defaultManagerSettings
mkMngr :: String -> FilePath -> FilePath -> IO Manager
mkMngr hostName crtFile keyFile = do
creds <- either error Just `fmap` credentialLoadX509 crtFile keyFile
let hooks = def
{ onCertificateRequest = \_ -> return creds
, onServerCertificate = \_ _ _ _ -> return []
}
clientParams = (defaultParamsClient hostName "")
{ clientHooks = hooks
, clientSupported = def { supportedCiphers = ciphersuite_all }
}
tlsSettings = TLSSettings clientParams
newManager $ mkManagerSettings tlsSettings Nothing
Not sure if this does bypass server certificate validation or not as onServerCertificate
hook is a constant []
.
这篇关于如何向http-client-tls提供客户端证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!