Module Tls_mirage.X509

X.509 handling given a key value store and a clock

Parameters

module KV : Mirage_kv.RO
module C : Mirage_clock.PCLOCK

Signature

val authenticator : ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?crl:string -> KV.t -> X509.Authenticator.t Lwt.t

authenticator ~allowed_hashes ~crl store creates an authenticator, using the given certificate authorities in the store as value for key "ca_roots.crt". If allowed_hashes is provided, only these hash algorithms are allowed for signatures of the certificate chain. If crl is provided, the corresponding file is read and used as revocation list (DER encoded). Both options only apply if `CAs is used.

val certificate : KV.t -> [< `Default | `Name of string ] -> Tls.Config.certchain Lwt.t

certificate store typ unmarshals a certificate chain and private key material from the store.