Module Tls_lwt.Unix

Low-level API

Unix API

It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.

type t

Abstract type of a session

Constructors

val server_of_fd : Tls.Config.server -> Lwt_unix.file_descr -> t Lwt.t

server_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.

val server_of_channels : Tls.Config.server -> (Lwt_io.input_channel * Lwt_io.output_channel) -> t Lwt.t

server_of_channels server (ic, oc) is t, after server-side TLS handshake on the input/output channels ic, oc using server configuration.

val client_of_fd : Tls.Config.client -> ?host:[ `host ] Domain_name.t -> Lwt_unix.file_descr -> t Lwt.t

client_of_fd client ~host fd is t, after client-side TLS handshake of fd using client configuration and host.

val client_of_channels : Tls.Config.client -> ?host:[ `host ] Domain_name.t -> (Lwt_io.input_channel * Lwt_io.output_channel) -> t Lwt.t

client_of_channels client ~host (ic, oc) is t, after client-side TLS handshake over the input/output channels ic, oc using client configuration and host.

val accept : Tls.Config.server -> Lwt_unix.file_descr -> (t * Lwt_unix.sockaddr) Lwt.t

accept server fd is t, sockaddr, after accepting a client on fd and upgrading to a TLS connection.

val connect : Tls.Config.client -> (string * int) -> t Lwt.t

connect client (host, port) is t, after successful connection to host on port and TLS upgrade.

Common stream operations

val read : t -> ?off:int -> bytes -> int Lwt.t

read t ~off buffer is length, the number of bytes read into buffer. It fills buffer starting at off (default is 0).

val write : t -> string -> unit Lwt.t

write t buffer writes the buffer to the session.

val writev : t -> string list -> unit Lwt.t

writev t buffers writes the buffers to the session.

val read_bytes : t -> Lwt_bytes.t -> int -> int -> int Lwt.t

read_bytes t bytes offset len is read_bytes, the amount of bytes read.

val write_bytes : t -> Lwt_bytes.t -> int -> int -> unit Lwt.t

write_bytes t bytes offset length writes length bytes of bytes starting at offset to the session.

val shutdown : t -> [ `read | `write | `read_write ] -> unit Lwt.t

shutdown t direction closes the direction of the TLS session t. If `read_write or `write is closed, a TLS close_notify is sent to the other endpoint. If this results in a fully closed session (or an errorneous session), the underlying file descriptor is closed.

val close : t -> unit Lwt.t

close t closes the TLS session and the underlying file descriptor.

val reneg : ?authenticator:X509.Authenticator.t -> ?acceptable_cas:X509.Distinguished_name.t list -> ?cert:Tls.Config.own_cert -> ?drop:bool -> t -> unit Lwt.t

reneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished. Optionally, a new authenticator and acceptable_cas can be used. The own certificate can be adjusted by cert. If drop is true (the default), application data received before the renegotiation finished is dropped.

val key_update : ?request:bool -> t -> unit Lwt.t

key_update ~request t updates the traffic key and requests a traffic key update from the peer if request is provided and true (the default). This is only supported in TLS 1.3.

val epoch : t -> (Tls.Core.epoch_data, unit) Stdlib.result

epoch t returns epoch, which contains information of the active session.