Skip to content

Commit

Permalink
Merge pull request #550 from marinelli/tls-2
Browse files Browse the repository at this point in the history
Fix running tests with badssl.com
  • Loading branch information
snoyberg authored Dec 16, 2024
2 parents c982be2 + a8f05ac commit e36f741
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 3 deletions.
2 changes: 2 additions & 0 deletions http-client-tls/http-client-tls.cabal
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ test-suite spec
, http-client-tls
, http-types
, crypton-connection
, data-default
, tls

benchmark benchmark
main-is: Bench.hs
Expand Down
21 changes: 18 additions & 3 deletions http-client-tls/test/Spec.hs
Original file line number Diff line number Diff line change
@@ -1,13 +1,28 @@
{-# LANGUAGE CPP #-}
{-# LANGUAGE OverloadedStrings #-}
import Test.Hspec
import Network.Connection
import Network.HTTP.Client
import Network.HTTP.Client.TLS
import Network.HTTP.Client.TLS hiding (tlsManagerSettings)
import Network.HTTP.Types
import Control.Monad (join)
import Data.Default
import qualified Network.TLS as TLS

main :: IO ()
main = hspec $ do
let tlsSettings = def
-- Since the release of v2.0.0 of the `tls` package , the default value of
-- the `supportedExtendedMainSecret` parameter `is `RequireEMS`, this means
-- that all the connections to a server not supporting TLS1.2+EMS will fail.
-- The badssl.com service does not yet support TLS1.2+EMS connections, so
-- let's switch to the value `AllowEMS`, ie: TLS1.2 conenctions without EMS.
#if MIN_VERSION_crypton_connection(0,4,0)
{settingClientSupported = def {TLS.supportedExtendedMainSecret = TLS.AllowEMS}}
#endif

let tlsManagerSettings = mkManagerSettings tlsSettings Nothing

it "make a TLS connection" $ do
manager <- newManager tlsManagerSettings
withResponse "https://httpbin.org/status/418" manager $ \res ->
Expand Down Expand Up @@ -52,13 +67,13 @@ main = hspec $ do
-- https://github.com/snoyberg/http-client/issues/289
it "accepts TLS settings" $ do
let
tlsSettings = TLSSettingsSimple
tlsSettings' = tlsSettings
{ settingDisableCertificateValidation = True
, settingDisableSession = False
, settingUseServerName = False
}
socketSettings = Nothing
managerSettings = mkManagerSettings tlsSettings socketSettings
managerSettings = mkManagerSettings tlsSettings' socketSettings
manager <- newTlsManagerWith managerSettings
let url = "https://wrong.host.badssl.com"
request <- parseRequest url
Expand Down

0 comments on commit e36f741

Please sign in to comment.