From a8f05acd12d5e64f205fb4678e82ebd0ddd44055 Mon Sep 17 00:00:00 2001 From: Giorgio Marinelli Date: Sun, 15 Dec 2024 16:11:43 +0100 Subject: [PATCH] Fix running tests with tls >=2.0.0 --- http-client-tls/http-client-tls.cabal | 2 ++ http-client-tls/test/Spec.hs | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/http-client-tls/http-client-tls.cabal b/http-client-tls/http-client-tls.cabal index 35e1c663..862b6dad 100644 --- a/http-client-tls/http-client-tls.cabal +++ b/http-client-tls/http-client-tls.cabal @@ -46,6 +46,8 @@ test-suite spec , http-client-tls , http-types , crypton-connection + , data-default + , tls benchmark benchmark main-is: Bench.hs diff --git a/http-client-tls/test/Spec.hs b/http-client-tls/test/Spec.hs index dfea83fe..010a8c3d 100644 --- a/http-client-tls/test/Spec.hs +++ b/http-client-tls/test/Spec.hs @@ -1,13 +1,28 @@ +{-# LANGUAGE CPP #-} {-# LANGUAGE OverloadedStrings #-} import Test.Hspec import Network.Connection import Network.HTTP.Client -import Network.HTTP.Client.TLS +import Network.HTTP.Client.TLS hiding (tlsManagerSettings) import Network.HTTP.Types import Control.Monad (join) +import Data.Default +import qualified Network.TLS as TLS main :: IO () main = hspec $ do + let tlsSettings = def + -- Since the release of v2.0.0 of the `tls` package , the default value of + -- the `supportedExtendedMainSecret` parameter `is `RequireEMS`, this means + -- that all the connections to a server not supporting TLS1.2+EMS will fail. + -- The badssl.com service does not yet support TLS1.2+EMS connections, so + -- let's switch to the value `AllowEMS`, ie: TLS1.2 conenctions without EMS. +#if MIN_VERSION_crypton_connection(0,4,0) + {settingClientSupported = def {TLS.supportedExtendedMainSecret = TLS.AllowEMS}} +#endif + + let tlsManagerSettings = mkManagerSettings tlsSettings Nothing + it "make a TLS connection" $ do manager <- newManager tlsManagerSettings withResponse "https://httpbin.org/status/418" manager $ \res -> @@ -52,13 +67,13 @@ main = hspec $ do -- https://github.com/snoyberg/http-client/issues/289 it "accepts TLS settings" $ do let - tlsSettings = TLSSettingsSimple + tlsSettings' = tlsSettings { settingDisableCertificateValidation = True , settingDisableSession = False , settingUseServerName = False } socketSettings = Nothing - managerSettings = mkManagerSettings tlsSettings socketSettings + managerSettings = mkManagerSettings tlsSettings' socketSettings manager <- newTlsManagerWith managerSettings let url = "https://wrong.host.badssl.com" request <- parseRequest url