Support "insecure" TLS.

In addition to the plaintext and "secure" TLS modes. It's useful when one authenticates against a LDAP server with a self-signed certificate, for example.
2015-04-01 22:19:00 +00:00 · 2015-04-01 22:19:00 +00:00 · c65895bb59
commit c65895bb59
parent e56c2b41c9
7 changed files with 68 additions and 7 deletions
--- a/src/Ldap/Client.hs
+++ b/src/Ldap/Client.hs
@ -122,8 +122,9 @@ with host port f = do
  params = Conn.ConnectionParams
    { Conn.connectionHostname =
        case host of
-          Plain  h -> h
-          Secure h -> h
+          Plain    h -> h
+          Secure   h -> h
+          Insecure h -> h
    , Conn.connectionPort = port
    , Conn.connectionUseSecure =
        case host of
@ -133,6 +134,11 @@ with host port f = do
            , Conn.settingDisableSession = False
            , Conn.settingUseServerName = False
            }
+          Insecure _ -> Just Conn.TLSSettingsSimple
+            { Conn.settingDisableCertificateValidation = True
+            , Conn.settingDisableSession = False
+            , Conn.settingUseServerName = False
+            }
    , Conn.connectionUseSocks = Nothing
    }

--- a/src/Ldap/Client/Internal.hs
+++ b/src/Ldap/Client/Internal.hs
@ -51,6 +51,7 @@ import qualified Ldap.Asn1.Type as Type
 data Host =
    Plain String
  | Secure String
+  | Insecure String
    deriving (Show, Eq, Ord)

 data Ldap = Ldap
--- a/ssl/cert.pem
+++ b/ssl/cert.pem
@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIJAL+SevcUdGeVMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0xNTA0MDEyMjA2NTZaFw00MjA4MTcyMjA2NTZaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMq+GXKsMouYN7wpvSlBz4/BY4A/uQ19sP9LQId8VVrHZxUbt4QP5m+uFkYw
+qCznxHeXunDruidrJiCsJ5TfPqXZ9E+/hO0ewzpxiTGyycgxgippBJXcEIYRvHPD
+J/BtnNwsQD1vJExq7vJg2ItvZYPVyu/rCevTqsr12nJ+iZ/zx8+PsgRFqSJ9iuQa
+PiejWEQNqNirMHclgvpYNSarEcqyu2U6j+jJtre8NIguzx0ErLYoJxfjznoPoBzG
+4n/S9gJljX1/DcCKCZmMRTpxSy6UPLuS5BIWVhXrbTRP3QUm5qWQdcpOgCH8WGK1
+EDk5E8qzzSg/e+cDv9etz+4jUScCAwEAAaNQME4wHQYDVR0OBBYEFL3gfN6W366G
+XF6/UN8HXnHyVepYMB8GA1UdIwQYMBaAFL3gfN6W366GXF6/UN8HXnHyVepYMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADDaU8lRRUMIVYNl51Dnow9g
+I2CgTLuTE+ftj27NSzURKCPy9QOPQ2FIFAoL57lAKlyds/tWx5zk4GoVUlIlFb+O
+43uJ0NKrT5tXDsu68d3wfgwna+kpPFib3n8G1GQWI9DoaBoNOcbl2f11Tu2kujIh
+LPk75BQnBLxRZRE0VSeLHE4ncy8HPZeqoDdrpjLn92aNLlojK0GfgjimkvR/trCd
+doQuooLYwyFGQRd6HcrqWqoIuDKimBgnu9lcF7GEsks2f4fxtqewqrYvAzZ+Olkv
+MUMU6xdL5/6ai/xqcOza3cJoR84obIHWzzzDe8BZpD1/TfPQJiCLVqmslQiR+Fc=
+-----END CERTIFICATE-----
--- a/ssl/key.pem
+++ b/ssl/key.pem
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKvhlyrDKLmDe8
+Kb0pQc+PwWOAP7kNfbD/S0CHfFVax2cVG7eED+ZvrhZGMKgs58R3l7pw67onayYg
+rCeU3z6l2fRPv4TtHsM6cYkxssnIMYIqaQSV3BCGEbxzwyfwbZzcLEA9byRMau7y
+YNiLb2WD1crv6wnr06rK9dpyfomf88fPj7IERakifYrkGj4no1hEDajYqzB3JYL6
+WDUmqxHKsrtlOo/oyba3vDSILs8dBKy2KCcX4856D6AcxuJ/0vYCZY19fw3AigmZ
+jEU6cUsulDy7kuQSFlYV6200T90FJualkHXKToAh/FhitRA5ORPKs80oP3vnA7/X
+rc/uI1EnAgMBAAECggEAUQ6z6e8CvmD7V5VwdYBEVftBptLTT5uDGm6hvAlvrr2u
+bvgH5RreTKRTb3igpGN9XzsgZWk5oezq74EkyhZ/W5vKW9/8azkzYLhn26DZn9p7
+ai1WkfvL92475CSQYUXRww1GGcnHv225XtpteUHuWkktu8JC0zBrRn4I+mGw8Gu1
+9Fd0ptmOQhiAkRRQO0ErULkSPKB3cYJDvvqgOCJ8G1cTnez0txFVa3kL5NYZDZtP
+lpNz0pOoTKvrOf7dwpGk0oajaxEulb4dzR/Tl9WDGkVby2DEyG+33o0Bq2BT/piM
+C/t+3TjF0+X5VAOvlCh4i8Seipxpgktf0ohgd62qMQKBgQD5xB+Fwo3UfSBHbS1d
+j5liyCgib+5a2N5MlGy6KUf1KfsBgn2QZs4Dz4kcVUmULaSdyL927G87Wyd4Ca3p
+BWu7pMVx2YM1eEvBQkM1BNFAb5eB8hldtNXt7shKRohRBh+Xa63foiLwz40hAMpd
+KCxFzgrwDOX4/gM12UmsrAXg3QKBgQDPzYUmUDwR46bnudzIXi9zmXAiy24G5k6q
+KdRGLxde2iy5qTSZY47kgzCyfd9UfzWQy2r4cyKN/3bNmlsfGV734yagEcGjGn39
+MhV9K6sSvX9lckyPhFjjWmInAlEKOADa1nexGKOWO5fyP5MBdu8Enq2R5yrO9HG3
+aB9xcHG30wKBgAtw2mjMIqcLHEFpVNymSUZnGL+LFQYATR6A5gIZBfzK8X5+NbY5
+n1I5XXR4y6gH9zRrD6oo5md3o3UyLE8yOl8cCxdN+V6npgCyQlXZZKRo+C2xo0vR
+jsMZXv9X/8KGX0gWXJ6T1LnnJ/XNDXf68Rw5dfLNBHPFXuxGicNpFdPZAoGBAK6v
+8a/MoULUonmImF5kNvWx1j+ZzevE7fpEYauCaN4XAKQu5wXPWM8mrehOwlBxA+Gt
+70Xe2/yM9h1PFizlkh1G+jBz3Nk1KxaPZNstu4lsfc0VMeEv+91cHMj4PJIflDBj
+PIlG0jY38Lr30KfZiILUtcrCjw0dFv98a3pccWx7AoGBAPIxhVChDoThlxIXwznq
+MT1dHx8mqDmBGHACPrg4wAEs8xZbXLyokny/2n6YWIX0dGj9WIwQjMRrRK9b2JE5
+VmCNcq3ZXXshrP2+p0l9CPdNHubGvYy3LK+n3nwUuIkIHfdT/21DOFizMVzxhLDy
+/s+4Xn40x7nuJMSyfmvN1EKY
+-----END PRIVATE KEY-----
--- a/test/Main.hs
+++ b/test/Main.hs
@ -12,7 +12,11 @@ import           SpecHelper (port)

 main :: IO ()
 main =
-  bracket (do (_, out, _, h) <- runInteractiveProcess "./test/ldap.js" [] Nothing (Just [("PORT", show port)])
+  bracket (do (_, out, _, h) <- runInteractiveProcess "./test/ldap.js" [] Nothing
+                                  (Just [ ("PORT", show port)
+                                        , ("SSL_CERT", "./ssl/cert.pem")
+                                        , ("SSL_KEY", "./ssl/key.pem")
+                                        ])
              hGetLine out
              return h)
          (\h -> do terminateProcess h
--- a/test/SpecHelper.hs
+++ b/test/SpecHelper.hs
@ -28,7 +28,7 @@ locally :: (Ldap -> IO a) -> IO (Either LdapError a)
 locally = Ldap.with localhost port

 localhost :: Host
-localhost = Plain "localhost"
+localhost = Insecure "localhost"

 port :: Num a => a
 port = 24620
--- a/test/ldap.js
+++ b/test/ldap.js
@ -1,8 +1,12 @@
 #!/usr/bin/env nodejs

+var fs = require('fs');
 var ldapjs = require('ldapjs');
-var server = ldapjs.createServer();
-var port = process.env.PORT
+
+var port = process.env.PORT;
+var certificate = fs.readFileSync(process.env.SSL_CERT, "utf-8");
+var key = fs.readFileSync(process.env.SSL_KEY, "utf-8");
+var server = ldapjs.createServer({certificate: certificate, key: key});

 // <http://bulbapedia.bulbagarden.net/wiki/List_of_Pok%C3%A9mon_by_National_Pok%C3%A9dex_number>
 var pokemon = [
@ -105,5 +109,5 @@ server.del('o=localhost', [], function(req, res, next) {
 });

 server.listen(port, function() {
-  console.log("ldap://localhost:%d", port);
+  console.log("ldaps://localhost:%d", port);
 });