Loading pkgs/development/compilers/elm/packages/ghc9_6/default.nix +6 −4 Original line number Diff line number Diff line Loading @@ -27,6 +27,12 @@ pkgs.haskell.packages.ghc96.override { --prefix PATH ':' ${lib.makeBinPath [ nodejs ]} ''; patches = [ # Fix TLS compatibility issues with package.elm-lang.org # see: https://github.com/elm/compiler/pull/2325 ./tls-compatibility.patch ]; description = "Delightful language for reliable webapps"; homepage = "https://elm-lang.org/"; license = lib.licenses.bsd3; Loading @@ -37,10 +43,6 @@ pkgs.haskell.packages.ghc96.override { inherit fetchElmDeps; elmVersion = elmPkgs.elm.version; # Fix TLS issues # see https://github.com/elm/compiler/pull/2325 tls = self.callPackage ./tls-1.9.0.nix { }; }; in elmPkgs Loading pkgs/development/compilers/elm/packages/ghc9_6/tls-1.9.0.nixdeleted 100644 → 0 +0 −79 Original line number Diff line number Diff line { mkDerivation, asn1-encoding, asn1-types, async, base, bytestring, cereal, crypton, crypton-x509, crypton-x509-store, crypton-x509-validation, data-default-class, gauge, hourglass, lib, memory, mtl, network, QuickCheck, tasty, tasty-quickcheck, transformers, unix-time, }: mkDerivation { pname = "tls"; version = "1.9.0"; sha256 = "5605b9cbe0903b100e9de72800641453f74bf5dade6176dbe10b34ac9353433e"; libraryHaskellDepends = [ asn1-encoding asn1-types async base bytestring cereal crypton crypton-x509 crypton-x509-store crypton-x509-validation data-default-class memory mtl network transformers unix-time ]; testHaskellDepends = [ asn1-types async base bytestring crypton crypton-x509 crypton-x509-validation data-default-class hourglass QuickCheck tasty tasty-quickcheck ]; benchmarkHaskellDepends = [ asn1-types async base bytestring crypton crypton-x509 crypton-x509-validation data-default-class gauge hourglass QuickCheck tasty-quickcheck ]; homepage = "https://github.com/haskell-tls/hs-tls"; description = "TLS/SSL protocol native implementation (Server and Client)"; license = lib.licenses.bsd3; } pkgs/development/compilers/elm/packages/ghc9_6/tls-compatibility.patch 0 → 100644 +81 −0 Original line number Diff line number Diff line From c8ca5e14650a77446a6577eb356ddd09c3928bac Mon Sep 17 00:00:00 2001 From: Ben Millwood <thebenmachine+git@gmail.com> Date: Tue, 17 Jun 2025 16:39:07 +0100 Subject: [PATCH] Fix TLS connection to package.elm-lang.org It seems like the server hosting https://package.elm-lang.org has an old enough SSL library that it doesn't support EMS. Reconfigure the https client so that it will still connect in this case. --- builder/src/Http.hs | 21 +++++++++++++++++++-- elm.cabal | 3 +++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/builder/src/Http.hs b/builder/src/Http.hs index 6105263fa..fd8b87bba 100644 --- a/builder/src/Http.hs +++ b/builder/src/Http.hs @@ -29,15 +29,19 @@ import qualified Data.Binary as Binary import qualified Data.Binary.Get as Binary import qualified Data.ByteString.Builder as B import qualified Data.ByteString.Char8 as BS +import Data.Default (def) import qualified Data.Digest.Pure.SHA as SHA import qualified Data.String as String +import qualified Network.Connection as NC import Network.HTTP (urlEncodeVars) import Network.HTTP.Client -import Network.HTTP.Client.TLS (tlsManagerSettings) +import Network.HTTP.Client.TLS (mkManagerSettings) import Network.HTTP.Types.Header (Header, hAccept, hAcceptEncoding, hUserAgent) import Network.HTTP.Types.Method (Method, methodGet, methodPost) import qualified Network.HTTP.Client as Multi (RequestBody(RequestBodyLBS)) import qualified Network.HTTP.Client.MultipartFormData as Multi +import qualified Network.TLS as TLS +import Network.TLS.Extra.Cipher (ciphersuite_default) import qualified Json.Encode as Encode import qualified Elm.Version as V @@ -49,7 +53,20 @@ import qualified Elm.Version as V getManager :: IO Manager getManager = - newManager tlsManagerSettings + newManager (mkManagerSettings dontRequireEMS Nothing) + where + -- See https://github.com/NixOS/nixpkgs/pull/414495 + dontRequireEMS = + NC.TLSSettingsSimple + { NC.settingDisableCertificateValidation = False + , NC.settingDisableSession = False + , NC.settingUseServerName = False + , NC.settingClientSupported = + def + { TLS.supportedCiphers = ciphersuite_default + , TLS.supportedExtendedMainSecret = TLS.AllowEMS + } + } diff --git a/elm.cabal b/elm.cabal index 144fada90..0bd1eb5dc 100644 --- a/elm.cabal +++ b/elm.cabal @@ -206,6 +206,8 @@ Executable elm binary, bytestring, containers, + crypton-connection, + data-default, directory, edit-distance, file-embed, @@ -229,6 +231,7 @@ Executable elm snap-server, template-haskell, time, + tls, unordered-containers, utf8-string, vector, Loading
pkgs/development/compilers/elm/packages/ghc9_6/default.nix +6 −4 Original line number Diff line number Diff line Loading @@ -27,6 +27,12 @@ pkgs.haskell.packages.ghc96.override { --prefix PATH ':' ${lib.makeBinPath [ nodejs ]} ''; patches = [ # Fix TLS compatibility issues with package.elm-lang.org # see: https://github.com/elm/compiler/pull/2325 ./tls-compatibility.patch ]; description = "Delightful language for reliable webapps"; homepage = "https://elm-lang.org/"; license = lib.licenses.bsd3; Loading @@ -37,10 +43,6 @@ pkgs.haskell.packages.ghc96.override { inherit fetchElmDeps; elmVersion = elmPkgs.elm.version; # Fix TLS issues # see https://github.com/elm/compiler/pull/2325 tls = self.callPackage ./tls-1.9.0.nix { }; }; in elmPkgs Loading
pkgs/development/compilers/elm/packages/ghc9_6/tls-1.9.0.nixdeleted 100644 → 0 +0 −79 Original line number Diff line number Diff line { mkDerivation, asn1-encoding, asn1-types, async, base, bytestring, cereal, crypton, crypton-x509, crypton-x509-store, crypton-x509-validation, data-default-class, gauge, hourglass, lib, memory, mtl, network, QuickCheck, tasty, tasty-quickcheck, transformers, unix-time, }: mkDerivation { pname = "tls"; version = "1.9.0"; sha256 = "5605b9cbe0903b100e9de72800641453f74bf5dade6176dbe10b34ac9353433e"; libraryHaskellDepends = [ asn1-encoding asn1-types async base bytestring cereal crypton crypton-x509 crypton-x509-store crypton-x509-validation data-default-class memory mtl network transformers unix-time ]; testHaskellDepends = [ asn1-types async base bytestring crypton crypton-x509 crypton-x509-validation data-default-class hourglass QuickCheck tasty tasty-quickcheck ]; benchmarkHaskellDepends = [ asn1-types async base bytestring crypton crypton-x509 crypton-x509-validation data-default-class gauge hourglass QuickCheck tasty-quickcheck ]; homepage = "https://github.com/haskell-tls/hs-tls"; description = "TLS/SSL protocol native implementation (Server and Client)"; license = lib.licenses.bsd3; }
pkgs/development/compilers/elm/packages/ghc9_6/tls-compatibility.patch 0 → 100644 +81 −0 Original line number Diff line number Diff line From c8ca5e14650a77446a6577eb356ddd09c3928bac Mon Sep 17 00:00:00 2001 From: Ben Millwood <thebenmachine+git@gmail.com> Date: Tue, 17 Jun 2025 16:39:07 +0100 Subject: [PATCH] Fix TLS connection to package.elm-lang.org It seems like the server hosting https://package.elm-lang.org has an old enough SSL library that it doesn't support EMS. Reconfigure the https client so that it will still connect in this case. --- builder/src/Http.hs | 21 +++++++++++++++++++-- elm.cabal | 3 +++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/builder/src/Http.hs b/builder/src/Http.hs index 6105263fa..fd8b87bba 100644 --- a/builder/src/Http.hs +++ b/builder/src/Http.hs @@ -29,15 +29,19 @@ import qualified Data.Binary as Binary import qualified Data.Binary.Get as Binary import qualified Data.ByteString.Builder as B import qualified Data.ByteString.Char8 as BS +import Data.Default (def) import qualified Data.Digest.Pure.SHA as SHA import qualified Data.String as String +import qualified Network.Connection as NC import Network.HTTP (urlEncodeVars) import Network.HTTP.Client -import Network.HTTP.Client.TLS (tlsManagerSettings) +import Network.HTTP.Client.TLS (mkManagerSettings) import Network.HTTP.Types.Header (Header, hAccept, hAcceptEncoding, hUserAgent) import Network.HTTP.Types.Method (Method, methodGet, methodPost) import qualified Network.HTTP.Client as Multi (RequestBody(RequestBodyLBS)) import qualified Network.HTTP.Client.MultipartFormData as Multi +import qualified Network.TLS as TLS +import Network.TLS.Extra.Cipher (ciphersuite_default) import qualified Json.Encode as Encode import qualified Elm.Version as V @@ -49,7 +53,20 @@ import qualified Elm.Version as V getManager :: IO Manager getManager = - newManager tlsManagerSettings + newManager (mkManagerSettings dontRequireEMS Nothing) + where + -- See https://github.com/NixOS/nixpkgs/pull/414495 + dontRequireEMS = + NC.TLSSettingsSimple + { NC.settingDisableCertificateValidation = False + , NC.settingDisableSession = False + , NC.settingUseServerName = False + , NC.settingClientSupported = + def + { TLS.supportedCiphers = ciphersuite_default + , TLS.supportedExtendedMainSecret = TLS.AllowEMS + } + } diff --git a/elm.cabal b/elm.cabal index 144fada90..0bd1eb5dc 100644 --- a/elm.cabal +++ b/elm.cabal @@ -206,6 +206,8 @@ Executable elm binary, bytestring, containers, + crypton-connection, + data-default, directory, edit-distance, file-embed, @@ -229,6 +231,7 @@ Executable elm snap-server, template-haskell, time, + tls, unordered-containers, utf8-string, vector,
