-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS
--   1.1 or TLS 1.0 if necessary). HTTP/2 can be negotiated by ALPN. API
--   docs and the README are available at
--   <a>http://www.stackage.org/package/warp-tls</a>.
@package warp-tls
@version 3.4.13

module Network.Wai.Handler.WarpTLS.Internal

-- | Determines where to load the certificate, chain certificates, and key
--   from.
data CertSettings
CertFromFile :: !FilePath -> ![FilePath] -> !FilePath -> CertSettings
CertFromMemory :: !ByteString -> ![ByteString] -> !ByteString -> CertSettings
CertFromRef :: !IORef ByteString -> ![IORef ByteString] -> !IORef ByteString -> CertSettings

-- | Settings for WarpTLS.
data TLSSettings
TLSSettings :: CertSettings -> OnInsecure -> Logging -> [Version] -> [Cipher] -> Bool -> ServerHooks -> Maybe DHParams -> Maybe Config -> Maybe Credentials -> Maybe SessionManager -> [HashAndSignatureAlgorithm] -> TLSSettings

-- | Where are the certificate, chain certificates, and key loaded from?
--   
--   <pre>
--   &gt;&gt;&gt; certSettings defaultTlsSettings
--   CertFromFile "certificate.pem" [] "key.pem"
--   </pre>
[certSettings] :: TLSSettings -> CertSettings

-- | Do we allow insecure connections with this server as well?
--   
--   <pre>
--   &gt;&gt;&gt; onInsecure defaultTlsSettings
--   DenyInsecure "This server only accepts secure HTTPS connections."
--   </pre>
--   
--   Since 1.4.0
[onInsecure] :: TLSSettings -> OnInsecure

-- | The level of logging to turn on.
--   
--   Default: <a>defaultLogging</a>.
--   
--   Since 1.4.0
[tlsLogging] :: TLSSettings -> Logging

-- | The TLS versions this server accepts.
--   
--   Since 1.4.2
[tlsAllowedVersions] :: TLSSettings -> [Version]

-- | The TLS ciphers this server accepts.
--   
--   Since 1.4.2
[tlsCiphers] :: TLSSettings -> [Cipher]

-- | Whether or not to demand a certificate from the client. If this is set
--   to True, you must handle received certificates in a server hook or all
--   connections will fail.
--   
--   <pre>
--   &gt;&gt;&gt; tlsWantClientCert defaultTlsSettings
--   False
--   </pre>
--   
--   Since 3.0.2
[tlsWantClientCert] :: TLSSettings -> Bool

-- | The server-side hooks called by the tls package, including actions to
--   take when a client certificate is received. See the <a>Network.TLS</a>
--   module for details.
--   
--   Default: defaultServerHooks
--   
--   Since 3.0.2
[tlsServerHooks] :: TLSSettings -> ServerHooks

-- | Configuration for ServerDHEParams more function lives in
--   <tt>crypton</tt> package
--   
--   Default: Nothing
--   
--   Since 3.2.2
[tlsServerDHEParams] :: TLSSettings -> Maybe DHParams

-- | Configuration for in-memory TLS session manager. If Nothing,
--   <a>noSessionManager</a> is used. Otherwise, an in-memory TLS session
--   manager is created according to <tt>Config</tt>.
--   
--   Default: Nothing
--   
--   Since 3.2.4
[tlsSessionManagerConfig] :: TLSSettings -> Maybe Config

-- | Specifying <a>Credentials</a> directly. If this value is specified,
--   other fields such as <tt>certFile</tt> are ignored.
--   
--   Since 3.2.12
[tlsCredentials] :: TLSSettings -> Maybe Credentials

-- | Specifying <a>SessionManager</a> directly. If this value is specified,
--   <a>tlsSessionManagerConfig</a> is ignored.
--   
--   Since 3.2.12
[tlsSessionManager] :: TLSSettings -> Maybe SessionManager

-- | Specifying supported hash/signature algorithms, ordered by decreasing
--   priority. See the <a>Network.TLS</a> module for details
--   
--   Since 3.3.3
[tlsSupportedHashSignatures] :: TLSSettings -> [HashAndSignatureAlgorithm]

-- | Default <a>TLSSettings</a>. Use this to create <a>TLSSettings</a> with
--   the field record name (aka accessors).
defaultTlsSettings :: TLSSettings

-- | An action when a plain HTTP comes to HTTP over TLS/SSL port.
data OnInsecure
DenyInsecure :: ByteString -> OnInsecure
AllowInsecure :: OnInsecure

-- | Some programs need access to cert settings
getCertSettings :: TLSSettings -> CertSettings
instance GHC.Internal.Show.Show Network.Wai.Handler.WarpTLS.Internal.CertSettings
instance GHC.Internal.Show.Show Network.Wai.Handler.WarpTLS.Internal.OnInsecure


-- | HTTP over TLS support for Warp via the TLS package.
--   
--   If HTTP/2 is negotiated by ALPN, HTTP/2 over TLS is used. Otherwise
--   HTTP/1.1 over TLS is used.
--   
--   Support for SSL is now obsoleted.
module Network.Wai.Handler.WarpTLS

-- | Running <a>Application</a> with <a>TLSSettings</a> and
--   <a>Settings</a>.
runTLS :: TLSSettings -> Settings -> Application -> IO ()

-- | Running <a>Application</a> with <a>TLSSettings</a> and <a>Settings</a>
--   using specified <a>Socket</a>.
runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()

-- | Settings for WarpTLS.
data TLSSettings

-- | Default <a>TLSSettings</a>. Use this to create <a>TLSSettings</a> with
--   the field record name (aka accessors).
defaultTlsSettings :: TLSSettings

-- | A smart constructor for <a>TLSSettings</a> based on
--   <a>defaultTlsSettings</a>.
tlsSettings :: FilePath -> FilePath -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a> that allows specifying
--   chain certificates based on <a>defaultTlsSettings</a>.
--   
--   Since 3.0.3
tlsSettingsChain :: FilePath -> [FilePath] -> FilePath -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses in-memory
--   representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
--   
--   Since 3.0.1
tlsSettingsMemory :: ByteString -> ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses in-memory
--   representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
--   
--   Since 3.0.3
tlsSettingsChainMemory :: ByteString -> [ByteString] -> ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses references to
--   in-memory representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.

-- | <i>Deprecated: This function was added to allow Warp to serve new
--   certificates without restarting, but it has always behaved the same as
--   <a>tlsSettingsMemory</a>. It will be removed in the next major
--   release. To retain existing behavior, swich to
--   <a>tlsSettingsMemory</a>. To dynamically update credentials, see
--   <a>tlsSettingsSni</a>.</i>
tlsSettingsRef :: IORef ByteString -> IORef ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses references to
--   in-memory representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.

-- | <i>Deprecated: This function was added to allow Warp to serve new
--   certificates without restarting, but it has always behaved the same as
--   <a>tlsSettingsChainMemory</a>. It will be removed in the next major
--   release. To retain existing behavior, swich to
--   <a>tlsSettingsChainMemory</a>. To dynamically update credentials, see
--   <a>tlsSettingsSni</a>.</i>
tlsSettingsChainRef :: IORef ByteString -> [IORef ByteString] -> IORef ByteString -> TLSSettings

-- | Determines where to load the certificate, chain certificates, and key
--   from.
data CertSettings

-- | Smart constructor for TLS settings that obtains its credentials during
--   Server Name Indication. Can be used to return different credentials
--   depending on the hostname but also to retrieve dynamically updated
--   credentials from an IORef. Credentials can be loaded from PEM-encoded
--   chain and key files using <a>credentialLoadX509</a>.
tlsSettingsSni :: (Maybe HostName -> IO Credentials) -> TLSSettings

-- | Specifying <a>Credentials</a> directly. If this value is specified,
--   other fields such as <tt>certFile</tt> are ignored.
--   
--   Since 3.2.12
tlsCredentials :: TLSSettings -> Maybe Credentials

-- | The level of logging to turn on.
--   
--   Default: <a>defaultLogging</a>.
--   
--   Since 1.4.0
tlsLogging :: TLSSettings -> Logging

-- | The TLS versions this server accepts.
--   
--   Since 1.4.2
tlsAllowedVersions :: TLSSettings -> [Version]

-- | The TLS ciphers this server accepts.
--   
--   Since 1.4.2
tlsCiphers :: TLSSettings -> [Cipher]

-- | Whether or not to demand a certificate from the client. If this is set
--   to True, you must handle received certificates in a server hook or all
--   connections will fail.
--   
--   <pre>
--   &gt;&gt;&gt; tlsWantClientCert defaultTlsSettings
--   False
--   </pre>
--   
--   Since 3.0.2
tlsWantClientCert :: TLSSettings -> Bool

-- | The server-side hooks called by the tls package, including actions to
--   take when a client certificate is received. See the <a>Network.TLS</a>
--   module for details.
--   
--   Default: defaultServerHooks
--   
--   Since 3.0.2
tlsServerHooks :: TLSSettings -> ServerHooks

-- | Configuration for ServerDHEParams more function lives in
--   <tt>crypton</tt> package
--   
--   Default: Nothing
--   
--   Since 3.2.2
tlsServerDHEParams :: TLSSettings -> Maybe DHParams

-- | Configuration for in-memory TLS session manager. If Nothing,
--   <a>noSessionManager</a> is used. Otherwise, an in-memory TLS session
--   manager is created according to <tt>Config</tt>.
--   
--   Default: Nothing
--   
--   Since 3.2.4
tlsSessionManagerConfig :: TLSSettings -> Maybe Config

-- | Specifying <a>SessionManager</a> directly. If this value is specified,
--   <a>tlsSessionManagerConfig</a> is ignored.
--   
--   Since 3.2.12
tlsSessionManager :: TLSSettings -> Maybe SessionManager

-- | Do we allow insecure connections with this server as well?
--   
--   <pre>
--   &gt;&gt;&gt; onInsecure defaultTlsSettings
--   DenyInsecure "This server only accepts secure HTTPS connections."
--   </pre>
--   
--   Since 1.4.0
onInsecure :: TLSSettings -> OnInsecure

-- | An action when a plain HTTP comes to HTTP over TLS/SSL port.
data OnInsecure
DenyInsecure :: ByteString -> OnInsecure
AllowInsecure :: OnInsecure
data WarpTLSException
InsecureConnectionDenied :: WarpTLSException
ClientClosedConnectionPrematurely :: WarpTLSException

-- | Get <a>Connection</a> and <a>Transport</a> for a TLS connection that
--   is already did the handshake. @since 3.4.7
attachConn :: SockAddr -> Context -> IO (Connection, Transport)
instance GHC.Internal.Exception.Type.Exception Network.Wai.Handler.WarpTLS.WarpTLSException
instance GHC.Internal.Show.Show Network.Wai.Handler.WarpTLS.WarpTLSException
