diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-21 22:50:25 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-22 11:15:22 -0500 |
commit | 3581adc163fd0b41485d822944efe6cdd4607aed (patch) | |
tree | 41d8bfecd58e5a84547297c0e2d0263241a348b5 /acme.hs | |
parent | 6fe3bd340f0fed8910758a32bbd86ccee135bf18 (diff) |
Avoid calling "openssl req" external process
This required patching HsOpenSSL. stack.yaml has been updated to pull
the patched version from github.
stack.yaml was also updated to lts-4.2.
Diffstat (limited to 'acme.hs')
-rw-r--r-- | acme.hs | 8 |
1 files changed, 2 insertions, 6 deletions
@@ -48,7 +48,6 @@ import OpenSSL.X509.Request | |||
48 | import Options.Applicative hiding (header) | 48 | import Options.Applicative hiding (header) |
49 | import qualified Options.Applicative as Opt | 49 | import qualified Options.Applicative as Opt |
50 | import System.Directory | 50 | import System.Directory |
51 | import System.Process.ByteString | ||
52 | 51 | ||
53 | stagingDirectoryUrl, liveDirectoryUrl :: String | 52 | stagingDirectoryUrl, liveDirectoryUrl :: String |
54 | liveDirectoryUrl = "https://acme-v01.api.letsencrypt.org/directory" | 53 | liveDirectoryUrl = "https://acme-v01.api.letsencrypt.org/directory" |
@@ -108,7 +107,7 @@ genKey privKeyFile = withOpenSSL $ do | |||
108 | pem <- writePKCS8PrivateKey kp Nothing | 107 | pem <- writePKCS8PrivateKey kp Nothing |
109 | writeFile privKeyFile pem | 108 | writeFile privKeyFile pem |
110 | 109 | ||
111 | genReq :: FilePath -> String -> IO ByteString | 110 | genReq :: FilePath -> String -> IO String |
112 | genReq domainKeyFile domain = withOpenSSL $ do | 111 | genReq domainKeyFile domain = withOpenSSL $ do |
113 | (Keys priv pub) <- readKeys domainKeyFile | 112 | (Keys priv pub) <- readKeys domainKeyFile |
114 | Just dig <- getDigestByName "SHA256" | 113 | Just dig <- getDigestByName "SHA256" |
@@ -117,10 +116,7 @@ genReq domainKeyFile domain = withOpenSSL $ do | |||
117 | setVersion req 0 | 116 | setVersion req 0 |
118 | setPublicKey req pub | 117 | setPublicKey req pub |
119 | signX509Req req priv (Just dig) | 118 | signX509Req req priv (Just dig) |
120 | pem <- writeX509Req req ReqNewFormat | 119 | writeX509ReqDER req |
121 | -- Sigh. No DER support for X509 reqs in HsOpenSSL. | ||
122 | (_, o, _) <- readProcessWithExitCode "openssl" (words "req -outform der") (encodeUtf8 $ T.pack pem) | ||
123 | return o | ||
124 | 120 | ||
125 | data Keys = Keys SomeKeyPair RSAPubKey | 121 | data Keys = Keys SomeKeyPair RSAPubKey |
126 | readKeys :: String -> IO Keys | 122 | readKeys :: String -> IO Keys |