From c65895bb59a9306257dcb93f0a3f66d7d7e65f9f Mon Sep 17 00:00:00 2001
From: Matvey Aksenov <matvey.aksenov@gmail.com>
Date: Wed, 1 Apr 2015 22:19:00 +0000
Subject: [PATCH] Support "insecure" TLS.

In addition to the plaintext and "secure" TLS modes. It's useful
when one authenticates against a LDAP server with a self-signed
certificate, for example.
---
 src/Ldap/Client.hs          | 10 ++++++++--
 src/Ldap/Client/Internal.hs |  1 +
 ssl/cert.pem                | 18 ++++++++++++++++++
 ssl/key.pem                 | 28 ++++++++++++++++++++++++++++
 test/Main.hs                |  6 +++++-
 test/SpecHelper.hs          |  2 +-
 test/ldap.js                | 10 +++++++---
 7 files changed, 68 insertions(+), 7 deletions(-)
 create mode 100644 ssl/cert.pem
 create mode 100644 ssl/key.pem

diff --git a/src/Ldap/Client.hs b/src/Ldap/Client.hs
index 77fcea6..f14e85c 100644
--- a/src/Ldap/Client.hs
+++ b/src/Ldap/Client.hs
@@ -122,8 +122,9 @@ with host port f = do
   params = Conn.ConnectionParams
     { Conn.connectionHostname =
         case host of
-          Plain  h -> h
-          Secure h -> h
+          Plain    h -> h
+          Secure   h -> h
+          Insecure h -> h
     , Conn.connectionPort = port
     , Conn.connectionUseSecure =
         case host of
@@ -133,6 +134,11 @@ with host port f = do
             , Conn.settingDisableSession = False
             , Conn.settingUseServerName = False
             }
+          Insecure _ -> Just Conn.TLSSettingsSimple
+            { Conn.settingDisableCertificateValidation = True
+            , Conn.settingDisableSession = False
+            , Conn.settingUseServerName = False
+            }
     , Conn.connectionUseSocks = Nothing
     }
 
diff --git a/src/Ldap/Client/Internal.hs b/src/Ldap/Client/Internal.hs
index ea87d52..128104c 100644
--- a/src/Ldap/Client/Internal.hs
+++ b/src/Ldap/Client/Internal.hs
@@ -51,6 +51,7 @@ import qualified Ldap.Asn1.Type as Type
 data Host =
     Plain String
   | Secure String
+  | Insecure String
     deriving (Show, Eq, Ord)
 
 data Ldap = Ldap
diff --git a/ssl/cert.pem b/ssl/cert.pem
new file mode 100644
index 0000000..5ca9af5
--- /dev/null
+++ b/ssl/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIJAL+SevcUdGeVMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0xNTA0MDEyMjA2NTZaFw00MjA4MTcyMjA2NTZaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMq+GXKsMouYN7wpvSlBz4/BY4A/uQ19sP9LQId8VVrHZxUbt4QP5m+uFkYw
+qCznxHeXunDruidrJiCsJ5TfPqXZ9E+/hO0ewzpxiTGyycgxgippBJXcEIYRvHPD
+J/BtnNwsQD1vJExq7vJg2ItvZYPVyu/rCevTqsr12nJ+iZ/zx8+PsgRFqSJ9iuQa
+PiejWEQNqNirMHclgvpYNSarEcqyu2U6j+jJtre8NIguzx0ErLYoJxfjznoPoBzG
+4n/S9gJljX1/DcCKCZmMRTpxSy6UPLuS5BIWVhXrbTRP3QUm5qWQdcpOgCH8WGK1
+EDk5E8qzzSg/e+cDv9etz+4jUScCAwEAAaNQME4wHQYDVR0OBBYEFL3gfN6W366G
+XF6/UN8HXnHyVepYMB8GA1UdIwQYMBaAFL3gfN6W366GXF6/UN8HXnHyVepYMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADDaU8lRRUMIVYNl51Dnow9g
+I2CgTLuTE+ftj27NSzURKCPy9QOPQ2FIFAoL57lAKlyds/tWx5zk4GoVUlIlFb+O
+43uJ0NKrT5tXDsu68d3wfgwna+kpPFib3n8G1GQWI9DoaBoNOcbl2f11Tu2kujIh
+LPk75BQnBLxRZRE0VSeLHE4ncy8HPZeqoDdrpjLn92aNLlojK0GfgjimkvR/trCd
+doQuooLYwyFGQRd6HcrqWqoIuDKimBgnu9lcF7GEsks2f4fxtqewqrYvAzZ+Olkv
+MUMU6xdL5/6ai/xqcOza3cJoR84obIHWzzzDe8BZpD1/TfPQJiCLVqmslQiR+Fc=
+-----END CERTIFICATE-----
diff --git a/ssl/key.pem b/ssl/key.pem
new file mode 100644
index 0000000..15e98f7
--- /dev/null
+++ b/ssl/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKvhlyrDKLmDe8
+Kb0pQc+PwWOAP7kNfbD/S0CHfFVax2cVG7eED+ZvrhZGMKgs58R3l7pw67onayYg
+rCeU3z6l2fRPv4TtHsM6cYkxssnIMYIqaQSV3BCGEbxzwyfwbZzcLEA9byRMau7y
+YNiLb2WD1crv6wnr06rK9dpyfomf88fPj7IERakifYrkGj4no1hEDajYqzB3JYL6
+WDUmqxHKsrtlOo/oyba3vDSILs8dBKy2KCcX4856D6AcxuJ/0vYCZY19fw3AigmZ
+jEU6cUsulDy7kuQSFlYV6200T90FJualkHXKToAh/FhitRA5ORPKs80oP3vnA7/X
+rc/uI1EnAgMBAAECggEAUQ6z6e8CvmD7V5VwdYBEVftBptLTT5uDGm6hvAlvrr2u
+bvgH5RreTKRTb3igpGN9XzsgZWk5oezq74EkyhZ/W5vKW9/8azkzYLhn26DZn9p7
+ai1WkfvL92475CSQYUXRww1GGcnHv225XtpteUHuWkktu8JC0zBrRn4I+mGw8Gu1
+9Fd0ptmOQhiAkRRQO0ErULkSPKB3cYJDvvqgOCJ8G1cTnez0txFVa3kL5NYZDZtP
+lpNz0pOoTKvrOf7dwpGk0oajaxEulb4dzR/Tl9WDGkVby2DEyG+33o0Bq2BT/piM
+C/t+3TjF0+X5VAOvlCh4i8Seipxpgktf0ohgd62qMQKBgQD5xB+Fwo3UfSBHbS1d
+j5liyCgib+5a2N5MlGy6KUf1KfsBgn2QZs4Dz4kcVUmULaSdyL927G87Wyd4Ca3p
+BWu7pMVx2YM1eEvBQkM1BNFAb5eB8hldtNXt7shKRohRBh+Xa63foiLwz40hAMpd
+KCxFzgrwDOX4/gM12UmsrAXg3QKBgQDPzYUmUDwR46bnudzIXi9zmXAiy24G5k6q
+KdRGLxde2iy5qTSZY47kgzCyfd9UfzWQy2r4cyKN/3bNmlsfGV734yagEcGjGn39
+MhV9K6sSvX9lckyPhFjjWmInAlEKOADa1nexGKOWO5fyP5MBdu8Enq2R5yrO9HG3
+aB9xcHG30wKBgAtw2mjMIqcLHEFpVNymSUZnGL+LFQYATR6A5gIZBfzK8X5+NbY5
+n1I5XXR4y6gH9zRrD6oo5md3o3UyLE8yOl8cCxdN+V6npgCyQlXZZKRo+C2xo0vR
+jsMZXv9X/8KGX0gWXJ6T1LnnJ/XNDXf68Rw5dfLNBHPFXuxGicNpFdPZAoGBAK6v
+8a/MoULUonmImF5kNvWx1j+ZzevE7fpEYauCaN4XAKQu5wXPWM8mrehOwlBxA+Gt
+70Xe2/yM9h1PFizlkh1G+jBz3Nk1KxaPZNstu4lsfc0VMeEv+91cHMj4PJIflDBj
+PIlG0jY38Lr30KfZiILUtcrCjw0dFv98a3pccWx7AoGBAPIxhVChDoThlxIXwznq
+MT1dHx8mqDmBGHACPrg4wAEs8xZbXLyokny/2n6YWIX0dGj9WIwQjMRrRK9b2JE5
+VmCNcq3ZXXshrP2+p0l9CPdNHubGvYy3LK+n3nwUuIkIHfdT/21DOFizMVzxhLDy
+/s+4Xn40x7nuJMSyfmvN1EKY
+-----END PRIVATE KEY-----
diff --git a/test/Main.hs b/test/Main.hs
index 73b6ad6..da49d6d 100644
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -12,7 +12,11 @@ import           SpecHelper (port)
 
 main :: IO ()
 main =
-  bracket (do (_, out, _, h) <- runInteractiveProcess "./test/ldap.js" [] Nothing (Just [("PORT", show port)])
+  bracket (do (_, out, _, h) <- runInteractiveProcess "./test/ldap.js" [] Nothing
+                                  (Just [ ("PORT", show port)
+                                        , ("SSL_CERT", "./ssl/cert.pem")
+                                        , ("SSL_KEY", "./ssl/key.pem")
+                                        ])
               hGetLine out
               return h)
           (\h -> do terminateProcess h
diff --git a/test/SpecHelper.hs b/test/SpecHelper.hs
index b9440c9..dd81638 100644
--- a/test/SpecHelper.hs
+++ b/test/SpecHelper.hs
@@ -28,7 +28,7 @@ locally :: (Ldap -> IO a) -> IO (Either LdapError a)
 locally = Ldap.with localhost port
 
 localhost :: Host
-localhost = Plain "localhost"
+localhost = Insecure "localhost"
 
 port :: Num a => a
 port = 24620
diff --git a/test/ldap.js b/test/ldap.js
index 3056021..d21b472 100755
--- a/test/ldap.js
+++ b/test/ldap.js
@@ -1,8 +1,12 @@
 #!/usr/bin/env nodejs
 
+var fs = require('fs');
 var ldapjs = require('ldapjs');
-var server = ldapjs.createServer();
-var port = process.env.PORT
+
+var port = process.env.PORT;
+var certificate = fs.readFileSync(process.env.SSL_CERT, "utf-8");
+var key = fs.readFileSync(process.env.SSL_KEY, "utf-8");
+var server = ldapjs.createServer({certificate: certificate, key: key});
 
 // <http://bulbapedia.bulbagarden.net/wiki/List_of_Pok%C3%A9mon_by_National_Pok%C3%A9dex_number>
 var pokemon = [
@@ -105,5 +109,5 @@ server.del('o=localhost', [], function(req, res, next) {
 });
 
 server.listen(port, function() {
-  console.log("ldap://localhost:%d", port);
+  console.log("ldaps://localhost:%d", port);
 });