-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | HTTP over TLS support for Warp via the TLS package
--   
--   SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS
--   1.1 or TLS 1.0 if necessary). HTTP/2 can be negotiated by ALPN. API
--   docs and the README are available at
--   <a>http://www.stackage.org/package/warp-tls</a>.
@package warp-tls
@version 3.4.4

module Network.Wai.Handler.WarpTLS.Internal

-- | Determines where to load the certificate, chain certificates, and key
--   from.
data CertSettings
CertFromFile :: !FilePath -> ![FilePath] -> !FilePath -> CertSettings
CertFromMemory :: !ByteString -> ![ByteString] -> !ByteString -> CertSettings
CertFromRef :: !IORef ByteString -> ![IORef ByteString] -> !IORef ByteString -> CertSettings

-- | Settings for WarpTLS.
data TLSSettings
TLSSettings :: CertSettings -> OnInsecure -> Logging -> [Version] -> [Cipher] -> Bool -> ServerHooks -> Maybe DHParams -> Maybe Config -> Maybe Credentials -> Maybe SessionManager -> [HashAndSignatureAlgorithm] -> TLSSettings

-- | Where are the certificate, chain certificates, and key loaded from?
--   
--   <pre>
--   &gt;&gt;&gt; certSettings defaultTlsSettings
--   CertFromFile "certificate.pem" [] "key.pem"
--   </pre>
[certSettings] :: TLSSettings -> CertSettings

-- | Do we allow insecure connections with this server as well?
--   
--   <pre>
--   &gt;&gt;&gt; onInsecure defaultTlsSettings
--   DenyInsecure "This server only accepts secure HTTPS connections."
--   </pre>
--   
--   Since 1.4.0
[onInsecure] :: TLSSettings -> OnInsecure

-- | The level of logging to turn on.
--   
--   Default: <a>defaultLogging</a>.
--   
--   Since 1.4.0
[tlsLogging] :: TLSSettings -> Logging

-- | The TLS versions this server accepts.
--   
--   Since 1.4.2
[tlsAllowedVersions] :: TLSSettings -> [Version]

-- | The TLS ciphers this server accepts.
--   
--   Since 1.4.2
[tlsCiphers] :: TLSSettings -> [Cipher]

-- | Whether or not to demand a certificate from the client. If this is set
--   to True, you must handle received certificates in a server hook or all
--   connections will fail.
--   
--   <pre>
--   &gt;&gt;&gt; tlsWantClientCert defaultTlsSettings
--   False
--   </pre>
--   
--   Since 3.0.2
[tlsWantClientCert] :: TLSSettings -> Bool

-- | The server-side hooks called by the tls package, including actions to
--   take when a client certificate is received. See the <a>Network.TLS</a>
--   module for details.
--   
--   Default: def
--   
--   Since 3.0.2
[tlsServerHooks] :: TLSSettings -> ServerHooks

-- | Configuration for ServerDHEParams more function lives in
--   <tt>crypton</tt> package
--   
--   Default: Nothing
--   
--   Since 3.2.2
[tlsServerDHEParams] :: TLSSettings -> Maybe DHParams

-- | Configuration for in-memory TLS session manager. If Nothing,
--   <a>noSessionManager</a> is used. Otherwise, an in-memory TLS session
--   manager is created according to <tt>Config</tt>.
--   
--   Default: Nothing
--   
--   Since 3.2.4
[tlsSessionManagerConfig] :: TLSSettings -> Maybe Config

-- | Specifying <a>Credentials</a> directly. If this value is specified,
--   other fields such as <tt>certFile</tt> are ignored.
--   
--   Since 3.2.12
[tlsCredentials] :: TLSSettings -> Maybe Credentials

-- | Specifying <a>SessionManager</a> directly. If this value is specified,
--   <a>tlsSessionManagerConfig</a> is ignored.
--   
--   Since 3.2.12
[tlsSessionManager] :: TLSSettings -> Maybe SessionManager

-- | Specifying supported hash/signature algorithms, ordered by decreasing
--   priority. See the <a>Network.TLS</a> module for details
--   
--   Since 3.3.3
[tlsSupportedHashSignatures] :: TLSSettings -> [HashAndSignatureAlgorithm]

-- | Default <a>TLSSettings</a>. Use this to create <a>TLSSettings</a> with
--   the field record name (aka accessors).
defaultTlsSettings :: TLSSettings

-- | An action when a plain HTTP comes to HTTP over TLS/SSL port.
data OnInsecure
DenyInsecure :: ByteString -> OnInsecure
AllowInsecure :: OnInsecure

-- | Some programs need access to cert settings
getCertSettings :: TLSSettings -> CertSettings
instance GHC.Show.Show Network.Wai.Handler.WarpTLS.Internal.OnInsecure
instance GHC.Show.Show Network.Wai.Handler.WarpTLS.Internal.CertSettings


-- | HTTP over TLS support for Warp via the TLS package.
--   
--   If HTTP/2 is negotiated by ALPN, HTTP/2 over TLS is used. Otherwise
--   HTTP/1.1 over TLS is used.
--   
--   Support for SSL is now obsoleted.
module Network.Wai.Handler.WarpTLS

-- | Running <a>Application</a> with <a>TLSSettings</a> and
--   <a>Settings</a>.
runTLS :: TLSSettings -> Settings -> Application -> IO ()

-- | Running <a>Application</a> with <a>TLSSettings</a> and <a>Settings</a>
--   using specified <a>Socket</a>.
runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()

-- | Settings for WarpTLS.
data TLSSettings

-- | Default <a>TLSSettings</a>. Use this to create <a>TLSSettings</a> with
--   the field record name (aka accessors).
defaultTlsSettings :: TLSSettings

-- | A smart constructor for <a>TLSSettings</a> based on
--   <a>defaultTlsSettings</a>.
tlsSettings :: FilePath -> FilePath -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a> that allows specifying
--   chain certificates based on <a>defaultTlsSettings</a>.
--   
--   Since 3.0.3
tlsSettingsChain :: FilePath -> [FilePath] -> FilePath -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses in-memory
--   representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
--   
--   Since 3.0.1
tlsSettingsMemory :: ByteString -> ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses in-memory
--   representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
--   
--   Since 3.0.3
tlsSettingsChainMemory :: ByteString -> [ByteString] -> ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses references to
--   in-memory representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
tlsSettingsRef :: IORef ByteString -> IORef ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses references to
--   in-memory representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
tlsSettingsChainRef :: IORef ByteString -> [IORef ByteString] -> IORef ByteString -> TLSSettings

-- | Determines where to load the certificate, chain certificates, and key
--   from.
data CertSettings

-- | Specifying <a>Credentials</a> directly. If this value is specified,
--   other fields such as <tt>certFile</tt> are ignored.
--   
--   Since 3.2.12
tlsCredentials :: TLSSettings -> Maybe Credentials

-- | The level of logging to turn on.
--   
--   Default: <a>defaultLogging</a>.
--   
--   Since 1.4.0
tlsLogging :: TLSSettings -> Logging

-- | The TLS versions this server accepts.
--   
--   Since 1.4.2
tlsAllowedVersions :: TLSSettings -> [Version]

-- | The TLS ciphers this server accepts.
--   
--   Since 1.4.2
tlsCiphers :: TLSSettings -> [Cipher]

-- | Whether or not to demand a certificate from the client. If this is set
--   to True, you must handle received certificates in a server hook or all
--   connections will fail.
--   
--   <pre>
--   &gt;&gt;&gt; tlsWantClientCert defaultTlsSettings
--   False
--   </pre>
--   
--   Since 3.0.2
tlsWantClientCert :: TLSSettings -> Bool

-- | The server-side hooks called by the tls package, including actions to
--   take when a client certificate is received. See the <a>Network.TLS</a>
--   module for details.
--   
--   Default: def
--   
--   Since 3.0.2
tlsServerHooks :: TLSSettings -> ServerHooks

-- | Configuration for ServerDHEParams more function lives in
--   <tt>crypton</tt> package
--   
--   Default: Nothing
--   
--   Since 3.2.2
tlsServerDHEParams :: TLSSettings -> Maybe DHParams

-- | Configuration for in-memory TLS session manager. If Nothing,
--   <a>noSessionManager</a> is used. Otherwise, an in-memory TLS session
--   manager is created according to <tt>Config</tt>.
--   
--   Default: Nothing
--   
--   Since 3.2.4
tlsSessionManagerConfig :: TLSSettings -> Maybe Config

-- | Specifying <a>SessionManager</a> directly. If this value is specified,
--   <a>tlsSessionManagerConfig</a> is ignored.
--   
--   Since 3.2.12
tlsSessionManager :: TLSSettings -> Maybe SessionManager

-- | Do we allow insecure connections with this server as well?
--   
--   <pre>
--   &gt;&gt;&gt; onInsecure defaultTlsSettings
--   DenyInsecure "This server only accepts secure HTTPS connections."
--   </pre>
--   
--   Since 1.4.0
onInsecure :: TLSSettings -> OnInsecure

-- | An action when a plain HTTP comes to HTTP over TLS/SSL port.
data OnInsecure
DenyInsecure :: ByteString -> OnInsecure
AllowInsecure :: OnInsecure
data WarpTLSException
InsecureConnectionDenied :: WarpTLSException
ClientClosedConnectionPrematurely :: WarpTLSException
instance GHC.Show.Show Network.Wai.Handler.WarpTLS.WarpTLSException
instance GHC.Exception.Type.Exception Network.Wai.Handler.WarpTLS.WarpTLSException
