Making cabal-install SSL capable

Michael Snoyman michael at snoyman.com
Tue Apr 28 08:21:04 UTC 2015 

On Tue, Apr 28, 2015 at 11:12 AM Herbert Valerio Riedel <hvriedel at gmail.com>
wrote:

> On 2015-04-28 at 06:08:38 +0200, Michael Snoyman wrote:
>
> [...]
>
> > I offered Duncan last week that I'd port cabal-install over to
> > http-client/http-client-tls to add SSL support. That offer still stands.
>
> I did a quick check trying to find out the additional dependencies
> (relative to what 'cabal-install' currently depends on) http-client-tls
> would pull in (it seems http-client and tls each roughly account for
> half the ~50 deps below):
>
>   async-2.0.2
>   base64-bytestring-1.0.0.1
>   blaze-builder-0.4.0.1
>   byteable-0.1.1
>   cereal-0.4.1.1
>   clock-0.4.5.0
>   cryptohash-0.11.6
>   data-default-class-0.0.1
>   data-default-instances-base-0.0.1
>   data-default-instances-containers-0.0.1
>   data-default-instances-old-locale-0.0.1
>   dlist-0.7.1.1
>   data-default-instances-dlist-0.0.1
>   data-default-0.5.3
>   cookie-0.4.1.4
>   hashable-1.2.3.2
>   case-insensitive-1.2.0.4
>   hourglass-0.2.9
>   asn1-types-0.3.0
>   asn1-encoding-0.9.0
>   asn1-parse-0.9.0
>   crypto-pubkey-types-0.4.3
>   http-types-0.8.6
>   mime-types-0.1.0.6
>   pem-0.2.2
>   primitive-0.6
>   securemem-0.1.7
>   crypto-cipher-types-0.0.9
>   cipher-aes-0.2.10
>   cipher-des-0.0.6
>   cipher-rc4-0.1.4
>   socks-0.5.4
>   streaming-commons-0.1.12
>   transformers-compat-0.4.0.4
>   exceptions-0.8.0.2
>   utf8-string-1
>   publicsuffixlist-0.1
>   http-client-0.4.11.1
>   vector-0.10.12.3
>   crypto-random-0.0.9
>   crypto-numbers-0.2.7
>   crypto-pubkey-0.2.8
>   x509-1.5.0.1
>   x509-store-1.5.0
>   x509-system-1.5.0
>   x509-validation-1.5.1
>   tls-1.2.17
>   connection-0.2.4
>   http-client-tls-0.2.2
>
> In contrast, I was surprised to see, that extending the HTTP package (or
> maybe just writing a 'HTTPS'-companion package) to use HsOpenSSL seems
> to pull in 'HsOpenSSL' as the only additional package...
>
> For comparision here's what http-streams (which I'm not suggesting right
> now, as I think going the 'HTTP'+'HsOpenSSL'-route would be better
> currently) would pull in (which could have a few deps less if it didn't
> pull in 'aeson'...):
>
>   HsOpenSSL-0.11.1.1
>   base64-bytestring-1.0.0.1
>   blaze-builder-0.4.0.1
>   bytestring-builder-0.10.6.0.0
>   dlist-0.7.1.1
>   hashable-1.2.3.2
>   case-insensitive-1.2.0.4
>   primitive-0.6
>   scientific-0.3.3.8
>   attoparsec-0.12.1.6
>   syb-0.4.4
>   unordered-containers-0.2.5.1
>   http-common-0.8.2.0
>   vector-0.10.12.3
>   aeson-0.8.0.2
>   zlib-bindings-0.1.1.5
>   io-streams-1.3.0.0
>   openssl-streams-1.2.1.0
>   http-streams-0.8.3.1
>
> Cheers,
>   hvr
>

I have no intention of playing the "minimal dependency" game (though I
don't mind dropping data-default, which accounts for 6 of the dependencies
listed there). I will point out- as Gershom already did- that in many cases
it's likely easier to install a few extra Haskell packages than it is to
pull in OpenSSL as a dependency, especially on Windows. (And that's
ignoring the fact that http-client-openssl exists.)

As a historical point of interest, I originally wrote http-client (or, as
it was called at the time, http-enumerator) because I was trying to add
OpenID support to an application, and the openid package[1] had done
exactly what you've described: add HsOpenSSL to the HTTP package. I could
never get a single connection to work with that combination. But maybe a
brand new approach at writing that code will work.

Michael

[1] http://hackage.haskell.org/package/openid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/cabal-devel/attachments/20150428/1a2212a6/attachment.html>

More information about the cabal-devel mailing list