Tls_mirage.Make
TLS module given a flow
type error = [
| `Tls_alert of Tls.Packet.alert_type
| `Tls_failure of Tls.Engine.failure
| `Read of F.error
| `Write of F.write_error
]
possible errors: incoming alert, processing failure, or a problem in the underlying flow.
The type for write errors.
we provide the FLOW interface
include Mirage_flow.S
with type error := error
and type write_error := write_error
val pp_error : error Fmt.t
val pp_write_error : write_error Fmt.t
val write : flow -> Cstruct.t -> (unit, write_error) Stdlib.result Lwt.t
val writev : flow -> Cstruct.t list -> (unit, write_error) Stdlib.result Lwt.t
val shutdown : flow -> [ `read | `read_write | `write ] -> unit Lwt.t
val close : flow -> unit Lwt.t
val underlying : flow -> F.flow
underlying t
returns the underlying flow. This is useful to extract information such as src
and dst
of that flow.
val reneg :
?authenticator:X509.Authenticator.t ->
?acceptable_cas:X509.Distinguished_name.t list ->
?cert:Tls.Config.own_cert ->
?drop:bool ->
flow ->
(unit, [ write_error | `Msg of string ]) Stdlib.result Lwt.t
reneg ~authenticator ~acceptable_cas ~cert ~drop t
renegotiates the session, and blocks until the renegotiation finished. Optionally, a new authenticator
and acceptable_cas
can be used. The own certificate can be adjusted by cert
. If drop
is true
(the default), application data received before the renegotiation finished is dropped.
val key_update :
?request:bool ->
flow ->
(unit, [ write_error | `Msg of string ]) Stdlib.result Lwt.t
key_update ~request t
updates the traffic key and requests a traffic key update from the peer if request
is provided and true
(the default). This is only supported in TLS 1.3.
val client_of_flow :
Tls.Config.client ->
?host:[ `host ] Domain_name.t ->
F.flow ->
(flow, write_error) Stdlib.result Lwt.t
client_of_flow client ~host flow
upgrades the existing connection to TLS using the client
configuration, using host
as peer name.
val server_of_flow :
Tls.Config.server ->
F.flow ->
(flow, write_error) Stdlib.result Lwt.t
server_of_flow server flow
upgrades the flow to a TLS connection using the server
configuration.
val epoch : flow -> (Tls.Core.epoch_data, unit) Stdlib.result
epoch flow
extracts information of the established session.