Library
Module
Module type
Parameter
Class
Class type
Low-level API
It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.
val server_of_fd : Tls.Config.server -> Lwt_unix.file_descr -> t Lwt.t
server_of_fd server fd
is t
, after server-side TLS handshake of fd
using server
configuration.
val server_of_channels :
Tls.Config.server ->
(Lwt_io.input_channel * Lwt_io.output_channel) ->
t Lwt.t
server_of_channels server (ic, oc)
is t
, after server-side TLS handshake on the input/output channels ic, oc
using server
configuration.
val client_of_fd :
Tls.Config.client ->
?host:[ `host ] Domain_name.t ->
Lwt_unix.file_descr ->
t Lwt.t
client_of_fd client ~host fd
is t
, after client-side TLS handshake of fd
using client
configuration and host
.
val client_of_channels :
Tls.Config.client ->
?host:[ `host ] Domain_name.t ->
(Lwt_io.input_channel * Lwt_io.output_channel) ->
t Lwt.t
client_of_channels client ~host (ic, oc)
is t
, after client-side TLS handshake over the input/output channels ic, oc
using client
configuration and host
.
val accept :
Tls.Config.server ->
Lwt_unix.file_descr ->
(t * Lwt_unix.sockaddr) Lwt.t
accept server fd
is t, sockaddr
, after accepting a client on fd
and upgrading to a TLS connection.
val connect : Tls.Config.client -> (string * int) -> t Lwt.t
connect client (host, port)
is t
, after successful connection to host
on port
and TLS upgrade.
val read_bytes : t -> Lwt_bytes.t -> int -> int -> int Lwt.t
read_bytes t bytes offset len
is read_bytes
, the amount of bytes read.
val write_bytes : t -> Lwt_bytes.t -> int -> int -> unit Lwt.t
write_bytes t bytes offset length
writes length
bytes of bytes
starting at offset
to the session.
shutdown t direction
closes the direction
of the TLS session t
. If `read_write
or `write
is closed, a TLS close_notify is sent to the other endpoint. If this results in a fully closed session (or an errorneous session), the underlying file descriptor is closed.
val reneg :
?authenticator:X509.Authenticator.t ->
?acceptable_cas:X509.Distinguished_name.t list ->
?cert:Tls.Config.own_cert ->
?drop:bool ->
t ->
unit Lwt.t
reneg ~authenticator ~acceptable_cas ~cert ~drop t
renegotiates the session, and blocks until the renegotiation finished. Optionally, a new authenticator
and acceptable_cas
can be used. The own certificate can be adjusted by cert
. If drop
is true
(the default), application data received before the renegotiation finished is dropped.
key_update ~request t
updates the traffic key and requests a traffic key update from the peer if request
is provided and true
(the default). This is only supported in TLS 1.3.
val epoch : t -> (Tls.Core.epoch_data, unit) result
epoch t
returns epoch
, which contains information of the active session.