M src/Network/URI/Fetch.hs => src/Network/URI/Fetch.hs +6 -2
@@ 107,14 107,18 @@ newSession' :: String -> IO Session
newSession' appname = do
(ietfLocale, unixLocale) <- rfc2616Locale
#ifdef WITH_HTTP_URI
- managerHTTP' <- HTTP.newManager $ TLS.opensslManagerSettings TLS.context
+ httpsCtxt <- TLS.context
+ TLS.contextSetDefaultCiphers httpsCtxt
+ TLS.contextSetCADirectory httpsCtxt "/etc/ssl/certs"
+ TLS.contextSetVerificationMode httpsCtxt $ TLS.VerifyPeer True True Nothing
+ managerHTTP' <- HTTP.newManager $ TLS.opensslManagerSettings $ return httpsCtxt
#endif
#ifdef WITH_RAW_CONNECTIONS
connCtxt <- TLS.context
TLS.contextSetDefaultCiphers connCtxt
TLS.contextSetCADirectory connCtxt "/etc/ssl/certs"
TLS.contextSetVerificationMode connCtxt $
- TLS.VerifyPeer True True Nothing
+ TLS.VerifyPeer True True $ Just $ \valid _ -> return valid -- FIXME: Implement Trust-On-First-Use
#endif
#ifdef WITH_XDG
apps' <- loadXDGConfig unixLocale