Merge pull request #432 from hannesm/tls-1

Adapt to tls 1.0.0 API changes
mirage · Aug 29, 2024 · aee602d · aee602d
2 parents 0e778ab + 0544219
commit aee602d
Show file tree

Hide file tree

Showing 10 changed files with 35 additions and 26 deletions.
diff --git a/conduit-async.opam b/conduit-async.opam
@@ -8,7 +8,7 @@ tags: "org:mirage"
 homepage: "https:/mirage/ocaml-conduit"
 bug-reports: "https:/mirage/ocaml-conduit/issues"
 depends: [
- "ocaml" {>= "4.08.0"}
+ "ocaml" {>= "4.13.0"}
  "dune" {>= "2.0"}
  "core" {>= "v0.15.0"}
  "uri" {>= "4.0.0"}

diff --git a/conduit-lwt-unix.opam b/conduit-lwt-unix.opam
@@ -8,13 +8,13 @@ tags: "org:mirage"
 homepage: "https:/mirage/ocaml-conduit"
 bug-reports: "https:/mirage/ocaml-conduit/issues"
 depends: [
- "ocaml" {>= "4.08.0"}
+ "ocaml" {>= "4.13.0"}
  "dune" {>= "2.0"}
  "base-unix"
  "logs"
  "ppx_sexp_conv" {>="v0.13.0"}
  "conduit-lwt" {=version}
- "lwt" {>= "3.0.0"}
+ "lwt" {>= "5.7.0"}
  "uri" {>= "1.9.4"}
  "ipaddr" {>= "4.0.0"}
  "ipaddr-sexp"
@@ -25,7 +25,7 @@ depends: [
 ]
 depopts: ["tls-lwt" "lwt_ssl" "launchd"]
 conflicts: [
- "tls-lwt" {< "0.16.0"}
+ "tls-lwt" {< "1.0.0"}
  "ssl" {< "0.5.12"}
 ]
 build: [

diff --git a/conduit-lwt.opam b/conduit-lwt.opam
@@ -8,13 +8,13 @@ tags: "org:mirage"
 homepage: "https:/mirage/ocaml-conduit"
 bug-reports: "https:/mirage/ocaml-conduit/issues"
 depends: [
- "ocaml" {>= "4.08.0"}
+ "ocaml" {>= "4.13.0"}
  "dune" {>= "2.0"}
  "base-unix"
  "ppx_sexp_conv" {>="v0.13.0"}
  "sexplib0"
  "conduit" {=version}
- "lwt" {>= "3.0.0"}
+ "lwt" {>= "5.7.0"}
 ]
 build: [
  ["dune" "subst"] {dev}

diff --git a/conduit-mirage.opam b/conduit-mirage.opam
@@ -6,7 +6,7 @@ tags: "org:mirage"
 homepage: "https:/mirage/ocaml-conduit"
 bug-reports: "https:/mirage/ocaml-conduit/issues"
 depends: [
- "ocaml" {>= "4.08.0"}
+ "ocaml" {>= "4.13.0"}
  "dune" {>= "2.0"}
  "ppx_sexp_conv" {>="v0.13.0"}
  "sexplib0"
@@ -15,14 +15,14 @@ depends: [
  "mirage-clock" {>= "3.0.0"}
  "mirage-flow" {>= "4.0.0"}
  "mirage-flow-combinators" {>= "2.0.0"}
- "mirage-random" {>= "2.0.0"}
+ "mirage-crypto-rng-mirage" {>= "1.0.0"}
  "mirage-time" {>= "2.0.0"}
  "dns-client-mirage" {>= "8.0.0"}
  "conduit-lwt" {=version}
  "vchan" {>= "5.0.0"}
  "xenstore"
- "tls" {>= "0.11.0"}
- "tls-mirage" {>= "0.17.4"}
+ "tls" {>= "1.0.0"}
+ "tls-mirage" {>= "1.0.0"}
  "ca-certs-nss"
  "ipaddr" {>= "3.0.0"}
  "ipaddr-sexp"

diff --git a/conduit.opam b/conduit.opam
@@ -9,7 +9,7 @@ homepage: "https:/mirage/ocaml-conduit"
 doc: "https://mirage.github.io/ocaml-conduit/"
 bug-reports: "https:/mirage/ocaml-conduit/issues"
 depends: [
- "ocaml" {>= "4.08.0"}
+ "ocaml" {>= "4.13.0"}
  "dune" {>= "2.0"}
  "ppx_sexp_conv" {>="v0.13.0"}
  "sexplib0"

diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.real.ml b/src/conduit-lwt-unix/conduit_lwt_tls.real.ml
@@ -36,11 +36,13 @@ module Client = struct
  | None -> Lwt.return_unit
  | Some src_sa -> Lwt_unix.bind fd src_sa)
  >>= fun () ->
- let config = Tls.Config.client ~authenticator ?certificates () in
- Lwt_unix.connect fd sa >>= fun () ->
- Tls_lwt.Unix.client_of_fd config ~host fd >|= fun t ->
- let ic, oc = Tls_lwt.of_t t in
- (fd, ic, oc))
+ match Tls.Config.client ~authenticator ?certificates () with
+ | Error (`Msg msg) -> failwith ("tls configuration problem: " ^ msg)
+ | Ok config ->
+ Lwt_unix.connect fd sa >>= fun () ->
+ Tls_lwt.Unix.client_of_fd config ~host fd >|= fun t ->
+ let ic, oc = Tls_lwt.of_t t in
+ (fd, ic, oc))
 end
 
 module Server = struct
@@ -59,8 +61,9 @@ module Server = struct
  let init ?backlog ~certfile ~keyfile ?stop ?timeout sa callback =
  X509_lwt.private_of_pems ~cert:certfile ~priv_key:keyfile
  >>= fun certificate ->
- let config = Tls.Config.server ~certificates:(`Single certificate) () in
- init' ?backlog ?stop ?timeout config sa callback
+ match Tls.Config.server ~certificates:(`Single certificate) () with
+ | Error (`Msg msg) -> failwith ("tls configuration problem: " ^ msg)
+ | Ok config -> init' ?backlog ?stop ?timeout config sa callback
 end
 
 let available = true
diff --git a/src/conduit-mirage/conduit_mirage.ml b/src/conduit-mirage/conduit_mirage.ml
@@ -177,9 +177,14 @@ let tls_client ~host ~authenticator x =
  let peer_name =
  Result.to_option (Result.bind (Domain_name.of_string host) Domain_name.host)
  in
- `TLS (Tls.Config.client ?peer_name ~authenticator (), x)
-
-let tls_server ?authenticator x = `TLS (Tls.Config.server ?authenticator (), x)
+ match Tls.Config.client ?peer_name ~authenticator () with
+ | Error (`Msg msg) -> failwith ("tls configuration problem: " ^ msg)
+ | Ok cfg -> `TLS (cfg, x)
+
+let tls_server ?authenticator x =
+ match Tls.Config.server ?authenticator () with
+ | Error (`Msg msg) -> failwith ("tls configuration problem: " ^ msg)
+ | Ok cfg -> `TLS (cfg, x)
 
 module TLS (S : S) = struct
  module TLS = Tls_mirage.Make (S.Flow)

diff --git a/src/conduit-mirage/dune b/src/conduit-mirage/dune
@@ -5,6 +5,7 @@
  (pps ppx_sexp_conv))
  (modules conduit_mirage resolver_mirage conduit_xenstore)
  (wrapped false)
- (libraries conduit conduit-lwt tcpip mirage-clock mirage-random mirage-time
- mirage-flow mirage-flow-combinators dns-client-mirage ipaddr-sexp vchan
- tls tls-mirage xenstore.client uri.services ca-certs-nss fmt))
+ (libraries conduit conduit-lwt tcpip mirage-clock mirage-crypto-rng-mirage
+ mirage-time mirage-flow mirage-flow-combinators dns-client-mirage
+ ipaddr-sexp vchan tls tls-mirage xenstore.client uri.services ca-certs-nss
+ fmt))
diff --git a/src/conduit-mirage/resolver_mirage.ml b/src/conduit-mirage/resolver_mirage.ml
@@ -25,7 +25,7 @@ module type S = sig
 end
 
 module Make
- (R : Mirage_random.S)
+ (R : Mirage_crypto_rng_mirage.S)
  (T : Mirage_time.S)
  (C : Mirage_clock.MCLOCK)
  (P : Mirage_clock.PCLOCK)

diff --git a/src/conduit-mirage/resolver_mirage.mli b/src/conduit-mirage/resolver_mirage.mli
@@ -31,7 +31,7 @@ end
 
 (** Provides a DNS-enabled {!Resolver_lwt} given a network stack. *)
 module Make
- (R : Mirage_random.S)
+ (R : Mirage_crypto_rng_mirage.S)
  (T : Mirage_time.S)
  (C : Mirage_clock.MCLOCK)
  (P : Mirage_clock.PCLOCK)