Tls_async
module Session : sig ... end
Low-level API for working with TLS sessions. Most applications should use the high-level API below
module X509_async : sig ... end
Helper functions for Async_unix
-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem
val listen :
?buffer_age_limit:Async.Writer.buffer_age_limit ->
?max_connections:int ->
?max_accepts_per_batch:int ->
?backlog:int ->
?socket:
([ `Unconnected ], [< Async.Socket.Address.t ] as 'address) Async.Socket.t ->
on_handler_error:[ `Call of 'address -> exn -> unit | `Ignore | `Raise ] ->
Tls.Config.server ->
('address, 'listening_on) Async.Tcp.Where_to_listen.t ->
('address ->
Session.t ->
Async.Reader.t ->
Async.Writer.t ->
unit Async.Deferred.t) ->
('address, 'listening_on) Async.Tcp.Server.t Async.Deferred.t
listen
creates a Tcp.Server.t
with the requested parameters, including those specified in Tls.Config.server
. The handler function exposes the low-level Session.t
to accommodate cases like interrogating a client certificate
type 'a tls_handler = Session.t -> 'a io_handler
val upgrade_server_handler :
config:Tls.Config.server ->
'a tls_handler ->
'a io_handler
upgrade_server_handler
is what listen
calls to handle each client. It is exposed so that low-level end-users of the library can use tls-async inside of code that manages Tcp services directly.
The tls_handler
argument will be called with the client Tls session, reader and writer to be used for cleartext data.
The outer reader
and writer
will read encrypted data from and write encrypted data to the connected socket.
val connect :
?socket:([ `Unconnected ], 'addr) Async.Socket.t ->
(Tls.Config.client ->
'addr Async.Tcp.Where_to_connect.t ->
host:[ `host ] Domain_name.t option ->
(Session.t * Async.Reader.t * Async.Writer.t) Async.Deferred.Or_error.t)
Async.Tcp.Aliases.with_connect_options
connect
behaves similarly to Tcp.connect
, exposing a cleartext reader and writer. Callers should ensure they close the Writer.t
and wait for the unit Deferred.t
returned by `Closed_and_flushed_downstream
to completely shut down the TLS connection
host
is used for peer name verification and should generally be provided. Passing None
will disable peer name verification unless peer_name
was provided in the Tls.Config.client
. If both are present host
overwrites peer_name
.
val upgrade_client_to_tls :
Tls.Config.client ->
host:[ `host ] Domain_name.t option ->
Async.Reader.t ->
Async.Writer.t ->
(Session.t * Async.Reader.t * Async.Writer.t) Async.Deferred.Or_error.t
upgrade_client_to_tls
upgrades an existing reader/writer to TLS, returning a cleartext reader and writer. Callers should ensure they close the Writer.t
and wait for the unit Deferred.t
returned by `Closed_and_flushed_downstream
to completely shut down the TLS connection
host
is used for peer name verification and should generally be provided. Passing None
will disable peer name verification unless peer_name
was provided in the Tls.Config.client
. If both are present host
overwrites peer_name
.