如何向http-client-tls提供客戶端證書？

Question

我正在使用http-client-tls連接到需要客戶端證書的啓用TLS的服務器。我懷疑我需要調整TLSSettings加載的證書和正確的密碼套件參數，但它肯定不清楚如何做到這一點。

有沒有人有一些使用客戶端證書的示例代碼？

Answer 1

感謝Moritz Agerman分享他的代碼。這是一個完整的Haskell模塊，可以使用crt.pem和key.pem文件提供客戶端證書的服務器的要求：

{-# LANGUAGE OverloadedStrings #-} 
module TLS where 

import   Data.Default 
import   Network.Connection 
import   Network.HTTP.Client 
import   Network.HTTP.Client.TLS 
import   Network.TLS 
import   Network.TLS.Extra.Cipher 
import   Servant.Client 

makeClientManager :: String -> Scheme -> IO Manager 
makeClientManager hostname Https = mkMngr hostname "crt.pem" "key.pem" 
makeClientManager _  Http = newManager defaultManagerSettings 

mkMngr :: String -> FilePath -> FilePath -> IO Manager 
mkMngr hostName crtFile keyFile = do 
    creds <- either error Just `fmap` credentialLoadX509 crtFile keyFile 
    let hooks = def 
       { onCertificateRequest = \_ -> return creds 
       , onServerCertificate = \_ _ _ _ -> return [] 
       } 
     clientParams = (defaultParamsClient hostName "") 
         { clientHooks = hooks 
         , clientSupported = def { supportedCiphers = ciphersuite_all } 
         } 
     tlsSettings = TLSSettings clientParams 

    newManager $ mkManagerSettings tlsSettings Nothing 

不知道這樣做旁路服務器證書驗證或不作爲onServerCertificate掛鉤是一個常數[]。