Connection: A new hope for client network connection.

Opening connection is nowadays a complicated business: One of the leading complication provider is TLS. In itself, there’s nothing complicated about it, however the sheer amount of configurability make it too fiddly for casual programmer that want to open a simple connection to send bytes back and forth.

For example, you want to have to good default behavior for TLS sessions, certificate caching, certificate exceptions to name a few.

To solve this problem, i’ve create the connection package. It bundles simple default with easy settings, and will hopefully reduce the amount of general code that a typical client connection requires by bundling together:

  • network: open raw sockets.
  • socks: for all SOCKS proxy needs.
  • tls : for all SSL/TLS need, session, STARTTLS like command.

Here is the Connection package and its API

You can also found the code and more example in connection repository

Examples

Let’s start with a simplest example: i want to connect to “www.example.com” , on port 80, and close the connection straight away. It’s as simple as using the network package directly, and doesn’t add any overhead.

1
2
3
4
5
6
7
8
9
10
11
12
import Network.Connection
import Data.Default

main = do
    ctx <- initConnectionContext
    con <- connectTo ctx $ ConnectionParams
                              { connectionHostname  = "www.example.com"
                              , connectionPort      = fromIntegral 80
                              , connectionUseSecure = Nothing
                              , connectionUseSocks  = Nothing
                              }
    connectionClose con

Now what if i want to connect to the same host on the same port, but using the SOCKS_PROXY environment variable if it exists to connect to a SOCKS proxy. Turns out it’s very simple, and simply tweaking the connectionUseSocks setting:

1
            , connectionUseSocks  = Just def

socks isn’t hard to use in general anyway, but what if we want to use a SSL connection on port 443 (https). Turns out this is just as simple, and the only change required is to change connectionUseSecure to ‘Just def’, as such:

1
2
3
4
5
6
    con <- connectTo ctx $ ConnectionParams
                              { connectionHostname  = "www.example.com"
                              , connectionPort      = fromIntegral 443
                              , connectionUseSecure = Just def
                              , connectionUseSocks  = Nothing
                              }

What’s next

  • provide the ability to turn on/off TLS session
  • provide certificate verification caching capability (just like http-conduit) when session is not convenient enough.
  • provide client certificate.
  • provide the ability to store certificate exceptions, so that non valid certificates (expired, hostname non matching, etc) can be overriden, or to add extra verifications for valid certificate through TOFU (Trust on first use) akin to ssh known_hosts

posted by Vincent Hanquez on November 2, 2012.

tags tls, connection, network, socks, haskell.

in haskell.