pkgs/development/compilers/elm/packages/ghc9_6/tls-compatibility.patch at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / development / compilers / elm / packages / ghc9_6 / tls-compatibility.patch

at devShellTools-shell 81 lines 2.8 kB view raw

 1From c8ca5e14650a77446a6577eb356ddd09c3928bac Mon Sep 17 00:00:00 2001
 2From: Ben Millwood <thebenmachine+git@gmail.com>
 3Date: Tue, 17 Jun 2025 16:39:07 +0100
 4Subject: [PATCH] Fix TLS connection to package.elm-lang.org
 5
 6It seems like the server hosting https://package.elm-lang.org has an old
 7enough SSL library that it doesn't support EMS. Reconfigure the https
 8client so that it will still connect in this case.
 9---
10 builder/src/Http.hs | 21 +++++++++++++++++++--
11 elm.cabal           |  3 +++
12 2 files changed, 22 insertions(+), 2 deletions(-)
13
14diff --git a/builder/src/Http.hs b/builder/src/Http.hs
15index 6105263fa..fd8b87bba 100644
16--- a/builder/src/Http.hs
17+++ b/builder/src/Http.hs
18@@ -29,15 +29,19 @@ import qualified Data.Binary as Binary
19 import qualified Data.Binary.Get as Binary
20 import qualified Data.ByteString.Builder as B
21 import qualified Data.ByteString.Char8 as BS
22+import Data.Default (def)
23 import qualified Data.Digest.Pure.SHA as SHA
24 import qualified Data.String as String
25+import qualified Network.Connection as NC
26 import Network.HTTP (urlEncodeVars)
27 import Network.HTTP.Client
28-import Network.HTTP.Client.TLS (tlsManagerSettings)
29+import Network.HTTP.Client.TLS (mkManagerSettings)
30 import Network.HTTP.Types.Header (Header, hAccept, hAcceptEncoding, hUserAgent)
31 import Network.HTTP.Types.Method (Method, methodGet, methodPost)
32 import qualified Network.HTTP.Client as Multi (RequestBody(RequestBodyLBS))
33 import qualified Network.HTTP.Client.MultipartFormData as Multi
34+import qualified Network.TLS as TLS
35+import Network.TLS.Extra.Cipher (ciphersuite_default)
36 
37 import qualified Json.Encode as Encode
38 import qualified Elm.Version as V
39@@ -49,7 +53,20 @@ import qualified Elm.Version as V
40 
41 getManager :: IO Manager
42 getManager =
43-  newManager tlsManagerSettings
44+  newManager (mkManagerSettings dontRequireEMS Nothing)
45+  where
46+    -- See https://github.com/NixOS/nixpkgs/pull/414495
47+    dontRequireEMS =
48+      NC.TLSSettingsSimple
49+        { NC.settingDisableCertificateValidation = False
50+        , NC.settingDisableSession = False
51+        , NC.settingUseServerName = False
52+        , NC.settingClientSupported =
53+            def
54+              { TLS.supportedCiphers = ciphersuite_default
55+              , TLS.supportedExtendedMainSecret = TLS.AllowEMS
56+              }
57+        }
58 
59 
60 
61diff --git a/elm.cabal b/elm.cabal
62index 144fada90..0bd1eb5dc 100644
63--- a/elm.cabal
64+++ b/elm.cabal
65@@ -206,6 +206,8 @@ Executable elm
66         binary,
67         bytestring,
68         containers,
69+        crypton-connection,
70+        data-default,
71         directory,
72         edit-distance,
73         file-embed,
74@@ -229,6 +231,7 @@ Executable elm
75         snap-server,
76         template-haskell,
77         time,
78+        tls,
79         unordered-containers,
80         utf8-string,
81         vector,