如何使用Network.HTTP.Client处理TlsNotSupported并调用HTTPS URL?
我正在尝试使用Network.HTTP.Client调用API,并试图找出如何正确处理如何使用Network.HTTP.Client处理TlsNotSupported并调用HTTPS URL?,http,haskell,ssl,Http,Haskell,Ssl,我正在尝试使用Network.HTTP.Client调用API,并试图找出如何正确处理TlsNotSupported异常并通过SSL调用API。这本书中没有例子,也没有(令人惊讶的)我在网上其他地方能找到的任何例子 以下是我现有的代码: module Main where import Network.URL import qualified Network.URI as URI import qualified Network.HTTP as HTTP import qualified Da
TlsNotSupported
异常并通过SSL调用API。这本书中没有例子,也没有(令人惊讶的)我在网上其他地方能找到的任何例子
以下是我现有的代码:
module Main where
import Network.URL
import qualified Network.URI as URI
import qualified Network.HTTP as HTTP
import qualified Data.ByteString as BS
import qualified Data.ByteString.Lazy as LBS
import qualified Data.ByteString.Base64 as B64
import qualified Network.HTTP.Client as HTTPClient
import qualified Network.HTTP.Types.Header as HTTPHeaders
import qualified Data.ByteString.Char8 as C
import qualified Network.HTTP.Types.Status as HTTPStatus
import qualified Data.Text as T
import qualified Control.Exception as E
import qualified Data.Text.Encoding as TE
import Data.Aeson
import Control.Applicative ((<*>), (<$>), pure)
import Control.Monad (mzero)
data Bookmark = Bookmark {
url :: T.Text,
title :: Maybe T.Text
} deriving Show
data Note = Note {
author :: T.Text,
text :: T.Text
} deriving Show
instance FromJSON Bookmark where
parseJSON (Object v) = Bookmark <$>
v .: T.pack "href" <*>
v .: T.pack "description"
parseJSON _ = mzero
b64Encode :: String -> String
b64Encode = T.unpack . TE.decodeUtf8 . B64.encode . TE.encodeUtf8 . T.pack
basicAuthHeader :: String -> String -> String
basicAuthHeader username password = "Authorization: " ++
b64Encode (username ++ ":" ++ username)
postsURL token = "https://api.pinboard.in/posts/all?format=json&auth_token=" ++ token
parse :: BS.ByteString -> Maybe [Bookmark]
parse response = decode (LBS.fromStrict response)
transform = LBS.fromStrict . C.pack
errorHandler :: HTTPClient.HttpException -> IO (Maybe a)
errorHandler (HTTPClient.StatusCodeException status _ _) = return Nothing
errorHandler (HTTPClient.InvalidUrlException _ _) = return Nothing
errorHandler (HTTPClient.HttpParserException _) = return Nothing
errorHandler e = do
case e of
HTTPClient.TlsNotSupported -> (putStrLn $ "Bummer. " ++ show e) >> return Nothing
main = do
putStrLn "Enter auth token: "
token <- getLine
manager <- HTTPClient.newManager HTTPClient.defaultManagerSettings
request <- HTTPClient.parseUrl $ postsURL token
putStrLn $ "Calling " ++ postsURL token
response <- (Just <$> HTTPClient.httpLbs request manager) `E.catch` errorHandler
return ()
提前谢谢 您需要使用。特别是,将您对defaultManagerSettings
的使用替换为
我得到了一个不同的结果。看来TLS是受支持的
您是否使用Gandi标准SSL CA或UTN USERFirst硬件作为信任锚
$echo-e“GET/posts/all?format=json&auth\u token=asd HTTP/1.1\r\n主机:api.pinboard.in\r\n\r\n”|\
openssl s_客户端-tls1-connect api.pinboard.in:443-servername api.pinboard.in-ign_eof
已连接(00000003)
深度=1 C=FR,O=GANDI SAS,CN=GANDI标准SSL CA
验证错误:num=20:无法获取本地颁发者证书
验证返回:0
---
证书链
0 s:/OU=Domain Control Validated/OU=Gandi标准通配符SSL/CN=*.pinboard.in
i:/C=FR/O=GANDI SAS/CN=GANDI标准SSL CA
1 s:/C=FR/O=GANDI SAS/CN=GANDI标准SSL CA
i:/C=US/ST=UT/L=盐湖城/O=用户信任网络/OU=http://www.usertrust.com/CN=UTN-用户优先硬件
---
服务器证书
-----开始证书-----
MIIE4ZCCA8UgawibagirajTQPN18JRBS6EACUBEWQYJKOZHIHVCNAQEFBQAW
QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
ZGKGU3RHBMRHCMQGU1NMIENBB4XDTEZMDGwntawmdawmboxDTE1MDKWMZIZNTK1
OVOWYTEHMB8GA1ECXMYRG9TYWLUIENVBNRYB2WGVMFSAWRHDGVKMSQWIGYDVQQL
EXTHYW5KASBTDGDGFYZCBXAWXKY2FYZCBTU0WXFJAUBGNVBAMUDSOUGLUYM9H
CMQUAW4WGGEIMA0GCSQGSIB3DQEBAQUA4IBDWAWGGEKAOIBAQCMWELG8RLAC+PD
YRSORwf5dZ+OGDFNOT9IT+nEJh3Y9e95y2xxfQQnMfGcrj4UdMNx6Vie2Baz3yD
HU6HWET5ZLPWA43U7XOF2DP5NSGKTCZQ+IZ124uVvDs+Q5LAH6/AHUPLZMDZ
xDM9JSz8pxXmS9HSJmR1tamYi9B+d30/yxHPibe62Ku6FQ4yoa+F2GVGDVQVVPZ
7gbwBgu6PKLVNRQPrhUdjdgEj0h44/4DZ/sUw3Jw2cti0yELh4eDLgXonvqCUrOQ
79NJTESQBBHBUER0LTDUBCXCZAM5IQK4PTZUAI5RML/fcphBaWh0t0XSg9cMFAl
BINQPR9TAGMBAAGJGG0MIIBSDAFBGNHSMEGDAWGBS2QP+iqC/Qps1LsWjz51AQ
Mad5ITAdBgNVHQ4EFgQUzuFnVq27SbN342v9mBiEc7tygJIwDgYDVR0PAQH/BAQD
AGWGMAWGALUDEWEB/WQCMAAWHQYDVR0LBBYWFAYKWYBBQUHAWEGCSGAQUFBWMC
MGAGA1UDIARZMFCWWYLKWYBBAGYMQECAHOWPDA6BGGRBGEFBQCCARYUAHR0CDOV
L3d3dy5nYW5kaS5uZXQvY29udHJhY3RzL2ZyL3NzbC9jcHMvcGRmLzAIBgZngQwB
AgEwPAYDVR0fBDUwMzAxoC+GLYYRAHR0CDOVL2NYBC5NYW5KAS5 UZXQVR2FUZGLT
DGFUZGFYZFNTTENBLMNYBDBQBGGRBGEFBQCBAQREMFWWWWYIKWYBBQUHMAK2H0
Dha6ly9jcnuz2fuzgkubmv0l0dhbmrpu3rhbmrhcmrtu0xdqs5jcnqwiqyikwyb
BQUHMAGGFWH0DHA6LY9VY3NWLMDBMRPLM5LDDALBNGNVHREHJACG0QLNBPBMJV
YXJKLMLLUGGTWAW5IB2FYZC5PBJANBGKQHKIG9W0BAQUFAAOCAQE9I7Ilujiohl
QKMAUS7XWTVERDDQJNNOPBWWW7FCD+VaEnpNCCjqxwrTdWjm4MkjtN2HfDesw1c
IQPLVAMNN35M3AQU7FvYCbKCKJXLNJ1TUKSD/IIFJuqgHNjqyvfe6IIW/Mss+Qq
2TUmVF0HLF2+fyihsdYTlqcv5bR/X7DWBFI1XeComadF6K8TTiekJMr2WWWWKRGY
TsWTqMPBPkyHBJPL589/ETBvqvx1cu/CU81hiadlVino/Buha0cDjNYZra2gOfRR
U2+VK9TSN9CT0LFOyamHsiIWGD1HFZDV8XITMZSNSLM3JBZQ1BSQN82+9n2CKWG
IS0WjmfyaA==
-----结束证书-----
subject=/OU=Domain Control Validated/OU=Gandi标准通配符SSL/CN=*.pinboard.in
发卡机构=/C=FR/O=GANDI SAS/CN=GANDI标准SSL CA
---
未发送客户端证书CA名称
---
SSL握手读取3332字节,写入438字节
---
新的TLSv1/SSLv3密码是DHE-RSA-AES256-SHA
服务器公钥为2048位
支持安全的重新协商
压缩:无
扩展:无
SSL会话:
协议:TLSv1
密码:DHE-RSA-AES256-SHA
会话ID:C4D0B1D4C4DA50734AFA09A3675A9A6828053B022A516F53E6C2BEA303C49AFC
会话ID ctx:
主钥匙:34A2E6C6B1D17AE7214380462438E9C670CA1E8F9E719D0DEFB7EDEC87D847D1DF317523BAAE05278A10E1EDAE51C5
键Arg:无
PSK身份:无
PSK标识提示:无
SRP用户名:无
TLS会话票证生存期提示:300(秒)
TLS会话票证:
0000-15 99 b9 ce d4 d9 bc 6f-d5 4b 12 83 cd 6f eb b0……好的……好的。。
0010-f6 37 a3 66 21 ea ff d1 cf 73 56 fa 25 99 61 1c.7.f!。。。。sV.%每年。
0020-38 15 a6 e9 e8 47 cc f8-2b df 8d 64 68 13 1c应为8…G…+…dh。。。
0030-8d 8a 32 a5 ca dd 79 d7-f6 d0 0c 1e e4 50 01 64..2…y…P.d
0040-73 3e 9f 34 42 3d 4d 56-a3 cc 09 d8 aa 7b 2a 82 s>.4B=MV….{*。
0050-5d 96 c3 1f 3e 19 48 c7-90 c6 4c 07 75 15 e5 42]…>.H…L.u.B
0060-13 31 c1 fc b4 cc 5f 8e-0b a1 cd 5f bc 7a 16 9c.1。。
0070-24 3c 5b e7 52 97 ce 15-4f b1 01 44 dc 72 35 82$您试过了吗?是的,我试过了,尽管parseUrl
也将安全设置为True
。
$ runhaskell Pinboard.hs
Enter auth token:
blah
Calling https://api.pinboard.in/posts/all?format=json&auth_token=asd
Bummer. TlsNotSupported
Calling https://api.pinboard.in/posts/all?format=json&auth_token=asd
Bummer. TlsNotSupported
$ echo -e "GET /posts/all?format=json&auth_token=asd HTTP/1.1\r\nHost:api.pinboard.in\r\n\r\n" | \
openssl s_client -tls1 -connect api.pinboard.in:443 -servername api.pinboard.in -ign_eof
CONNECTED(00000003)
depth=1 C = FR, O = GANDI SAS, CN = Gandi Standard SSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.pinboard.in
i:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
1 s:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIRAJhTQpn18jrbs6EACUBuCEEwDQYJKoZIhvcNAQEFBQAw
QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTEzMDgwNTAwMDAwMFoXDTE1MDkwMzIzNTk1
OVowYTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQL
ExtHYW5kaSBTdGFuZGFyZCBXaWxkY2FyZCBTU0wxFjAUBgNVBAMUDSoucGluYm9h
cmQuaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmwELG8RLaC+PD
YRSORwf5dZ+OGDFNnot9It+nEJh3Y9e95y2xxfQQnMfGcrj4UdMNx6Vie2Baz3yD
hU6hweT5ZlpWA43u7xoF2DP5NsgktcTZzQ+IZ124uVvDs+Q5LAH6/aHUplzmdZDz
xDM9JSz8pxXmS9HSJmR1tamYi9B+d30/yxHPibe62Ku6FQ4yoa+f2GVGdvqqvvpZ
7gbwBgu6PKLVNRQPrhUdjdgEj0h44/4DZ/sUw3Jw2cti0yELh4eDLgXonvqCUrOQ
79NJTEzqBBHBUER0ltdUbCXczAm5IQk4pTzSUaI5rML/fcphBaWh0t0XSg9cMFAl
biNqpr9tAgMBAAGjggG0MIIBsDAfBgNVHSMEGDAWgBS2qP+iqC/Qps1LsWjz51AQ
Mad5ITAdBgNVHQ4EFgQUzuFnVq27SbN342v9mBiEc7tygJIwDgYDVR0PAQH/BAQD
AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MGAGA1UdIARZMFcwSwYLKwYBBAGyMQECAhowPDA6BggrBgEFBQcCARYuaHR0cDov
L3d3dy5nYW5kaS5uZXQvY29udHJhY3RzL2ZyL3NzbC9jcHMvcGRmLzAIBgZngQwB
AgEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5nYW5kaS5uZXQvR2FuZGlT
dGFuZGFyZFNTTENBLmNybDBqBggrBgEFBQcBAQReMFwwNwYIKwYBBQUHMAKGK2h0
dHA6Ly9jcnQuZ2FuZGkubmV0L0dhbmRpU3RhbmRhcmRTU0xDQS5jcnQwIQYIKwYB
BQUHMAGGFWh0dHA6Ly9vY3NwLmdhbmRpLm5ldDAlBgNVHREEHjAcgg0qLnBpbmJv
YXJkLmluggtwaW5ib2FyZC5pbjANBgkqhkiG9w0BAQUFAAOCAQEAn9i7ilujiOhL
QKMAAuS7xWTvERddqjnnOPBwUw7FCd+VaEnpNCCjqxwrTdWjm4MkjtN2HfDesw1c
IqpLVAMNn35m3aqu7fvyCbBKCkjXLnj1TuKsd/IIFJuqgHNjqyvfe6IIW/Mss+Qq
2TUmVF0HLF2+fyihsdYTlqcv5bR/X7dwbFi1xecoMaDf6K8TTiEKjmr2wNWuKRGy
TsWTqMPBPkyHBJPL589/ETBvqvx1cu/CU81hiadlVino/Buha0cDjNYZra2gOfRR
U2+vK9tsN9Ct0lfOYAamHSiIwGD1HfzdV8xItmZSNsLm3jBZQ1bsqN82+9n2CKWG
IS0WjmfyaA==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.pinboard.in
issuer=/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 3332 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: C4D0B1D4C4DA50734AFA09A3675A9A6828053B022A516F53E6C2BEA303C49AFC
Session-ID-ctx:
Master-Key: 34A2E6C6B1D17AE7214380462438E9C670CA1E8F9E719D0DEFB7EDE1EC87D847D1DF317523BAAE05278A10E1EDAE51C5
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 15 99 b9 ce d4 d9 bc 6f-d5 4b 12 83 cd 6f eb b0 .......o.K...o..
0010 - f6 37 a3 66 21 ea ff d1-cf 73 56 fa 25 99 61 1c .7.f!....sV.%.a.
0020 - 38 15 a6 e9 e8 47 cc f8-2b df 8d 64 68 13 1c be 8....G..+..dh...
0030 - 8d 8a 32 a5 ca dd 79 d7-f6 d0 0c 1e e4 50 01 64 ..2...y......P.d
0040 - 73 3e 9f 34 42 3d 4d 56-a3 cc 09 d8 aa 7b 2a 82 s>.4B=MV.....{*.
0050 - 5d 96 c3 1f 3e 19 48 c7-90 c6 4c 07 75 15 e5 42 ]...>.H...L.u..B
0060 - 13 31 c1 fc b4 cc 5f 8e-0b a1 cd 5f bc 7a 16 9c .1...._...._.z..
0070 - 24 3c 5b e7 52 97 ce 15-4f b1 01 44 dc 72 35 82 $<[.R...O..D.r5.
0080 - 4e c9 f9 19 69 26 1c 82-44 f5 c0 6a 57 99 54 da N...i&..D..jW.T.
0090 - cf a8 f4 6f 6b ab c6 ec-98 c6 91 31 d1 20 5c 5c ...ok......1. \\
00a0 - 0f 94 42 5a 8f f5 f7 0d-cd 31 71 04 66 89 5f c1 ..BZ.....1q.f._.
00b0 - 00 84 cd 9e c1 99 52 4f-c0 1e 43 25 f2 36 b9 28 ......RO..C%.6.(
Start Time: 1408986495
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
HTTP/1.1 403 Forbidden
Date: Mon, 25 Aug 2014 17:07:55 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 292
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /posts/all
on this server.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at api.pinboard.in Port 80</address>
</body></html>
read:errno=0
riemann::~$