[web-devel] Initial SSL support for Warp

Michael Snoyman michael at snoyman.com
Sat Oct 22 22:02:13 CEST 2011


Hi all,

Thanks (once again) to Vincent's awesome tls package, I've just added
experimental support to Warp for SSL connections. The basic idea is to
create an abstraction within Warp called a Connection, which handles
sending and receiving data. This abstraction provides for vectored and
non-vectored I/O, as well as enumerator-based I/O. In other words, it
supports all of the features Warp already uses. Then a separate
package, warp-tls, provides an alternate way of creating a Connection
that uses the tls package instead of a raw socket.

I've put this code up in a separate branch[1]. The one piece of the
puzzle most definitely not implemented yet is proper timeout support.
I'm waiting till Kazu and I come up with some clarity on the recent
slowloris discussion before implementing the timeout code for tls.
Also, I'm sure some thing could be more efficient, but it's certainly
working.

I've included a pong.hs demo, as well as a self-signed private key and
certificate, so in order to test this out, you should need to:

1. Clone the repo
2. "cabal install" warp
3. "runghc pong.hs" inside the warp-tls package

Another change that likely makes sense is to improve the TLSSettings
setup so it doesn't need to read the key and certificate from a file.
I'm definitely open to other suggestions. Also, I don't have a
particular use case for this right now, it was just something sitting
on my TODO list and was relatively easy to implement, so I decided to
take a crack at it.

Michael

[1] https://github.com/yesodweb/wai/tree/warp-tls



More information about the web-devel mailing list