Allow TLS ClientParams to be provided to Transport.TLS (connect)

[darrell-roberts]

Hi,

For TLS connections to mongo it is common to require a client certificate that is requested by the mongo server. I got this working by making the following change to the connect function in the Transport.TLS module.

connect :: Maybe TLS.ClientParams -> HostName -> PortID -> IO Pipe
connect clientParams host port = bracketOnError (connectTo host port) hClose $ \handle -> do

  let params = (TLS.defaultParamsClient host "")
        { TLS.clientSupported = def
            { TLS.supportedCiphers = TLS.ciphersuite_default}
        , TLS.clientHooks = def
            { TLS.onServerCertificate = \_ _ _ _ -> return []}
        }

  context <- TLS.contextNew handle (fromMaybe params clientParams)
  TLS.handshake context

  conn <- tlsConnection context
  rec
    p <- newPipeWith sd conn
    sd <- access p slaveOk "admin" retrieveServerData
  return p

It simply adds an optional parameter for ClientParams allowing the caller to setup whatever TLS configuration needed.

[darrell-roberts]

I created a PR with a proposed solution to adding this support. It preserves the original function and adds a new one that allows passing optional TLS client parameters.