From 064298a3d450ee4dcaad24fa25d3c329232466dd Mon Sep 17 00:00:00 2001
From: Adrian Cochrane <adrian@openwork.nz>
Date: Sun, 11 Oct 2020 21:05:09 +1300
Subject: [PATCH] Adjust OpenSSL settings (Help please!)

---
 src/Network/URI/Fetch.hs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/Network/URI/Fetch.hs b/src/Network/URI/Fetch.hs
index 062dda6..1767d95 100644
--- a/src/Network/URI/Fetch.hs
+++ b/src/Network/URI/Fetch.hs
@@ -107,14 +107,18 @@ newSession' :: String -> IO Session
 newSession' appname = do
     (ietfLocale, unixLocale) <- rfc2616Locale
 #ifdef WITH_HTTP_URI
-    managerHTTP' <- HTTP.newManager $ TLS.opensslManagerSettings TLS.context
+    httpsCtxt <- TLS.context
+    TLS.contextSetDefaultCiphers httpsCtxt
+    TLS.contextSetCADirectory httpsCtxt "/etc/ssl/certs"
+    TLS.contextSetVerificationMode httpsCtxt $ TLS.VerifyPeer True True Nothing
+    managerHTTP' <- HTTP.newManager $ TLS.opensslManagerSettings $ return httpsCtxt
 #endif
 #ifdef WITH_RAW_CONNECTIONS
     connCtxt <- TLS.context
     TLS.contextSetDefaultCiphers connCtxt
     TLS.contextSetCADirectory connCtxt "/etc/ssl/certs"
     TLS.contextSetVerificationMode connCtxt $
-        TLS.VerifyPeer True True Nothing
+        TLS.VerifyPeer True True $ Just $ \valid _ -> return valid -- FIXME: Implement Trust-On-First-Use
 #endif
 #ifdef WITH_XDG
     apps' <- loadXDGConfig unixLocale
-- 
2.30.2