Avoid calling "openssl req" external process

This required patching HsOpenSSL. stack.yaml has been updated to pull the patched version from github. stack.yaml was also updated to lts-4.2.
author: Andrew Cady <d@jerkface.net> 2016-01-21 22:50:25 -0500
committer: Andrew Cady <d@jerkface.net> 2016-01-22 11:15:22 -0500
commit: 3581adc163fd0b41485d822944efe6cdd4607aed (patch)
tree: 41d8bfecd58e5a84547297c0e2d0263241a348b5
parent: 6fe3bd340f0fed8910758a32bbd86ccee135bf18 (diff)
3 files changed, 12 insertions, 10 deletions
diff --git a/acme-encrypt.cabal b/acme-encrypt.cabal
index 229fe77..55b94ff 100644
--- a/acme-encrypt.cabal
+++ b/acme-encrypt.cabal
@@ -23,8 +23,8 @@ executable acme-encrypt-exe
  ghc-options:         -threaded -rtsopts -with-rtsopts=-N -Wall
  build-depends:       base,
                       cryptonite, aeson, bytestring, base64-bytestring, SHA,
-                       text, HsOpenSSL, process, wreq, lens, lens-aeson,
+                       text, HsOpenSSL, wreq, lens, lens-aeson,
-                       optparse-applicative, directory, mtl, process-extras, time
+                       optparse-applicative, directory, mtl, time
                     -- , acme-encrypt
  default-language:    Haskell2010
diff --git a/acme.hs b/acme.hs
index dc11452..5ea5eeb 100644
--- a/acme.hs
+++ b/acme.hs
@@ -48,7 +48,6 @@ import           OpenSSL.X509.Request
 import           Options.Applicative        hiding (header)
 import qualified Options.Applicative        as Opt
 import           System.Directory
-import           System.Process.ByteString
 stagingDirectoryUrl, liveDirectoryUrl :: String
 liveDirectoryUrl = "https://acme-v01.api.letsencrypt.org/directory"
@@ -108,7 +107,7 @@ genKey privKeyFile = withOpenSSL $ do
    pem <- writePKCS8PrivateKey kp Nothing
    writeFile privKeyFile pem
-genReq :: FilePath -> String -> IO ByteString
+genReq :: FilePath -> String -> IO String
 genReq domainKeyFile domain = withOpenSSL $ do
  (Keys priv pub) <- readKeys domainKeyFile
  Just dig <- getDigestByName "SHA256"
@@ -117,10 +116,7 @@ genReq domainKeyFile domain = withOpenSSL $ do
  setVersion req 0
  setPublicKey req pub
  signX509Req req priv (Just dig)
-  pem <- writeX509Req req ReqNewFormat
+  writeX509ReqDER req
-  -- Sigh.  No DER support for X509 reqs in HsOpenSSL.
-  (_, o, _) <- readProcessWithExitCode "openssl" (words "req -outform der") (encodeUtf8 $ T.pack pem)
-  return o
 data Keys = Keys SomeKeyPair RSAPubKey
 readKeys :: String -> IO Keys
diff --git a/stack.yaml b/stack.yaml
index 2639f7b..e6d5f5d 100644
--- a/stack.yaml
+++ b/stack.yaml
@@ -1,17 +1,23 @@
 # For more information, see: https://github.com/commercialhaskell/stack/blob/release/doc/yaml_configuration.md
 # Specifies the GHC version and set of packages available (e.g., lts-3.5, nightly-2015-09-21, ghc-7.10.2)
-resolver: lts-4.1
+resolver: lts-4.2
 # Local packages, usually specified by relative directory name
 packages:
 - '.'
+- location:
+    git: git@github.com:afcady/HSOpenSSL.git
+    commit: 217f85d1a5ab82e3d4791bfb9f841c9303d150c6
+  extra-dep: true
 # Packages to be pulled from upstream that are not in the resolver (e.g., acme-missiles-0.3)
 extra-deps: []
 # Override default flag values for local packages and extra-deps
-flags: {}
+flags:
+  HsOpenSSL:
+    fast-bignum: false
 # Extra package databases containing global packages
 extra-package-dbs: []
author	Andrew Cady <d@jerkface.net>	2016-01-21 22:50:25 -0500
committer	Andrew Cady <d@jerkface.net>	2016-01-22 11:15:22 -0500
commit	3581adc163fd0b41485d822944efe6cdd4607aed (patch)
tree	41d8bfecd58e5a84547297c0e2d0263241a348b5
parent	6fe3bd340f0fed8910758a32bbd86ccee135bf18 (diff)