webapp: Use securemem for constant time auth token comparisons.

Debian stable does not have securemem, but neither does it have warp-tls,
so just disable use of securemem when not building with https support.
This commit is contained in:
Joey Hess 2014-03-12 21:21:10 -04:00
parent ea0138d8a1
commit 66b8b9c094
9 changed files with 63 additions and 33 deletions

2
debian/control vendored
View file

@ -39,6 +39,8 @@ Build-Depends:
libghc-warp-tls-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
libghc-wai-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
libghc-wai-logger-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
libghc-securemem-dev,
libghc-byteable-dev,
libghc-dns-dev,
libghc-case-insensitive-dev,
libghc-http-types-dev,