Module Tls_mirage.Make

TLS module given a flow

Parameters

module F : Mirage_flow.S

Signature

type error = [
  1. | `Tls_alert of Tls.Packet.alert_type
  2. | `Tls_failure of Tls.Engine.failure
  3. | `Read of F.error
  4. | `Write of F.write_error
]

possible errors: incoming alert, processing failure, or a problem in the underlying flow.

type write_error = [
  1. | `Closed
  2. | error
]

The type for write errors.

we provide the FLOW interface

include Mirage_flow.S with type error := error and type write_error := write_error
val pp_error : error Fmt.t
val pp_write_error : write_error Fmt.t
type flow
val read : flow -> (Cstruct.t Mirage_flow.or_eof, error) Stdlib.result Lwt.t
val write : flow -> Cstruct.t -> (unit, write_error) Stdlib.result Lwt.t
val writev : flow -> Cstruct.t list -> (unit, write_error) Stdlib.result Lwt.t
val shutdown : flow -> [ `read | `read_write | `write ] -> unit Lwt.t
val close : flow -> unit Lwt.t
val underlying : flow -> F.flow

underlying t returns the underlying flow. This is useful to extract information such as src and dst of that flow.

val reneg : ?authenticator:X509.Authenticator.t -> ?acceptable_cas:X509.Distinguished_name.t list -> ?cert:Tls.Config.own_cert -> ?drop:bool -> flow -> (unit, [ write_error | `Msg of string ]) Stdlib.result Lwt.t

reneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished. Optionally, a new authenticator and acceptable_cas can be used. The own certificate can be adjusted by cert. If drop is true (the default), application data received before the renegotiation finished is dropped.

val key_update : ?request:bool -> flow -> (unit, [ write_error | `Msg of string ]) Stdlib.result Lwt.t

key_update ~request t updates the traffic key and requests a traffic key update from the peer if request is provided and true (the default). This is only supported in TLS 1.3.

val client_of_flow : Tls.Config.client -> ?host:[ `host ] Domain_name.t -> F.flow -> (flow, write_error) Stdlib.result Lwt.t

client_of_flow client ~host flow upgrades the existing connection to TLS using the client configuration, using host as peer name.

val server_of_flow : Tls.Config.server -> F.flow -> (flow, write_error) Stdlib.result Lwt.t

server_of_flow server flow upgrades the flow to a TLS connection using the server configuration.

val epoch : flow -> (Tls.Core.epoch_data, unit) Stdlib.result

epoch flow extracts information of the established session.