SSL Support

[Lucu.git] / Network / HTTP / Lucu / Config.hs

diff --git a/Network/HTTP/Lucu/Config.hs b/Network/HTTP/Lucu/Config.hs
index b605d81750c7dc74c93fe5a722e52547b35f0f81..c5f3f3eb7edd4764283fcd888f9de3627209034a 100644 (file)
--- a/Network/HTTP/Lucu/Config.hs
+++ b/Network/HTTP/Lucu/Config.hs
@@ -1,26 +1,33 @@
 -- |Configurations for the Lucu httpd like a port to listen.
 module Network.HTTP.Lucu.Config
     ( Config(..)
+    , SSLConfig(..)
     , defaultConfig
     )
     where
 
+import qualified Data.ByteString as Strict (ByteString)
+import qualified Data.ByteString.Char8 as C8 hiding (ByteString)
 import           Network
 import           Network.BSD
 import           Network.HTTP.Lucu.MIMEType.Guess
 import           Network.HTTP.Lucu.MIMEType.DefaultExtensionMap
+import           OpenSSL.Session
 import           System.IO.Unsafe
 
 -- |Configuration record for the Lucu httpd. You need to use
 -- 'defaultConfig' or setup your own configuration to run the httpd.
 data Config = Config {
     -- |A string which will be sent to clients as \"Server\" field.
-      cnfServerSoftware :: !String
+      cnfServerSoftware :: !Strict.ByteString
     -- |The host name of the server. This value will be used in
     -- built-in pages like \"404 Not Found\".
-    , cnfServerHost :: !HostName
+    , cnfServerHost :: !Strict.ByteString
     -- |A port ID to listen to HTTP clients.
     , cnfServerPort :: !PortID
+    -- |Configuration for HTTPS connections. Set this 'Nothing' to
+    -- disable HTTPS.
+    , cnfSSLConfig :: !(Maybe SSLConfig)
     -- |The maximum number of requests to accept in one connection
     -- simultaneously. If a client exceeds this limitation, its last
     -- request won't be processed until a response for its earliest
@@ -46,22 +53,32 @@ data Config = Config {
     -- guessed only by file name. 
     -- 
     -- Guessing by file magic is indeed a wonderful idea but that is
-    -- not implemented (yet). But hey, don't you think it's better a
-    -- file system got a MIME Type as a part of inode? Or it might be
-    -- a good idea to use GnomeVFS
+    -- not implemented (yet). But, don't you think it's better a file
+    -- system got a MIME Type as a part of inode? Or it might be a
+    -- good idea to use GnomeVFS
     -- (<http://developer.gnome.org/doc/API/2.0/gnome-vfs-2.0/>)
     -- instead of vanilla FS.
     , cnfExtToMIMEType :: !ExtMap
     }
 
+-- |Configuration record for HTTPS connections.
+data SSLConfig
+    = SSLConfig {
+        -- |A port ID to listen to HTTPS clients.
+        sslServerPort :: !PortID
+        -- |An SSL context for accepting connections.
+      , sslContext    :: !SSLContext
+      }
+
 -- |The default configuration. Generally you can use this value as-is,
 -- or possibly you just want to replace the 'cnfServerSoftware' and
--- 'cnfServerPort'.
+-- 'cnfServerPort'. SSL connections are disabled by default.
 defaultConfig :: Config
 defaultConfig = Config {
-                  cnfServerSoftware              = "Lucu/1.0"
-                , cnfServerHost                  = unsafePerformIO getHostName
+                  cnfServerSoftware              = C8.pack "Lucu/1.0"
+                , cnfServerHost                  = C8.pack (unsafePerformIO getHostName)
                 , cnfServerPort                  = Service "http"
+                , cnfSSLConfig                   = Nothing
                 , cnfMaxPipelineDepth            = 100
                 , cnfMaxEntityLength             = 16 * 1024 * 1024 -- 16 MiB
                 , cnfMaxOutputChunkLength        = 5 * 1024 * 1024  -- 5 MiB