package tls

  1. Overview
  2. Docs

Module Tls.CoreSource

Core type definitions

Sourceval (let*) : ('a, 'b) result -> ('a -> ('c, 'b) result) -> ('c, 'b) result
Sourceval guard : bool -> 'a -> (unit, 'a) result
Sourceval map_reader_error : ('a, 'b) result -> ('a, [> `Fatal of [> `ReaderError of 'b ] ]) result
Sourcetype tls13 = [
  1. | `TLS_1_3
]
Sourceval pp_tls13 : Format.formatter -> [< `TLS_1_3 ] -> unit
Sourcetype tls_before_13 = [
  1. | `TLS_1_0
  2. | `TLS_1_1
  3. | `TLS_1_2
]
Sourceval pp_tls_before_13 : Format.formatter -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 ] -> unit
Sourcetype tls_version = [
  1. | tls13
  2. | tls_before_13
]
Sourceval pp_tls_version : Format.formatter -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> unit
Sourceval pair_of_tls_version : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> int * int
Sourceval compare_tls_version : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> int
Sourceval next : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> [> `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
Sourceval all_versions : (([< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 TLS_1_1 TLS_1_2 TLS_1_3 ] as 'a) * [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]) -> 'a list
Sourceval tls_version_of_pair : (int * int) -> [> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
Sourcetype tls_any_version = [
  1. | tls_version
  2. | `SSL_3
  3. | `TLS_1_X of int
]
Sourceval pp_tls_any_version : Format.formatter -> [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] -> unit
Sourceval any_version_to_version : [> tls_version ] -> [> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
Sourceval version_eq : [> tls_version ] -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> bool
Sourceval version_ge : [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> bool
Sourceval tls_any_version_of_pair : (int * int) -> [> `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] option
Sourceval pair_of_tls_any_version : [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] -> int * int
Sourceval max_protocol_version : ('a * 'b) -> 'b
Sourceval min_protocol_version : ('a * 'b) -> 'a
Sourcetype tls_hdr = {
  1. content_type : Packet.content_type;
  2. version : tls_any_version;
}
Sourceval pp_tls_hdr : Format.formatter -> tls_hdr -> unit
Sourcemodule SessionID : sig ... end
Sourcemodule PreSharedKeyID : sig ... end
Sourcetype psk_identity = (Cstruct.t * int32) * Cstruct.t
Sourceval binders_len : ('a * Cstruct.t) list -> int
Sourcetype group = [
  1. | `FFDHE2048
  2. | `FFDHE3072
  3. | `FFDHE4096
  4. | `FFDHE6144
  5. | `FFDHE8192
  6. | `X25519
  7. | `P256
  8. | `P384
  9. | `P521
]
Sourceval pp_group : Format.formatter -> [< `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] -> unit
Sourceval named_group_to_group : Packet.named_group -> [> `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] option
Sourceval group_to_named_group : [< `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] -> Packet.named_group
Sourceval group_to_impl : [< `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] -> [> `Finite_field of Mirage_crypto_pk.Dh.group | `P256 | `P384 | `P521 | `X25519 ]
Sourcetype signature_algorithm = [
  1. | `RSA_PKCS1_MD5
  2. | `RSA_PKCS1_SHA1
  3. | `RSA_PKCS1_SHA224
  4. | `RSA_PKCS1_SHA256
  5. | `RSA_PKCS1_SHA384
  6. | `RSA_PKCS1_SHA512
  7. | `ECDSA_SECP256R1_SHA1
  8. | `ECDSA_SECP256R1_SHA256
  9. | `ECDSA_SECP384R1_SHA384
  10. | `ECDSA_SECP521R1_SHA512
  11. | `RSA_PSS_RSAENC_SHA256
  12. | `RSA_PSS_RSAENC_SHA384
  13. | `RSA_PSS_RSAENC_SHA512
  14. | `ED25519
]
Sourceval hash_of_signature_algorithm : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> [> `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ]
Sourceval signature_scheme_of_signature_algorithm : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> [> `ECDSA | `ED25519 | `RSA_PKCS1 | `RSA_PSS ]
Sourceval pp_signature_algorithm : Format.formatter -> [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ] -> unit
Sourceval rsa_sigalg : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> bool
Sourceval tls13_sigalg : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> bool
Sourceval pk_matches_sa : [> `ED25519 of 'a | `P256 of 'b | `P384 of 'c | `P521 of 'd | `RSA of 'e ] -> [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ] -> bool
Sourcetype client_extension = [
  1. | `Hostname of [ `host ] Domain_name.t
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of Packet.named_group list
  4. | `SecureRenegotiation of Cstruct.t
  5. | `Padding of int
  6. | `SignatureAlgorithms of signature_algorithm list
  7. | `ExtendedMasterSecret
  8. | `ALPN of string list
  9. | `KeyShare of (Packet.named_group * Cstruct.t) list
  10. | `EarlyDataIndication
  11. | `PreSharedKeys of psk_identity list
  12. | `SupportedVersions of tls_any_version list
  13. | `PostHandshakeAuthentication
  14. | `Cookie of Cstruct.t
  15. | `PskKeyExchangeModes of Packet.psk_key_exchange_mode list
  16. | `ECPointFormats
  17. | `UnknownExtension of int * Cstruct.t
]
Sourcetype server13_extension = [
  1. | `KeyShare of group * Cstruct.t
  2. | `PreSharedKey of int
  3. | `SelectedVersion of tls_version
]
Sourcetype server_extension = [
  1. | server13_extension
  2. | `Hostname
  3. | `MaxFragmentLength of Packet.max_fragment_length
  4. | `SecureRenegotiation of Cstruct.t
  5. | `ExtendedMasterSecret
  6. | `ALPN of string
  7. | `ECPointFormats
  8. | `UnknownExtension of int * Cstruct.t
]
Sourcetype encrypted_extension = [
  1. | `Hostname
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of group list
  4. | `ALPN of string
  5. | `EarlyDataIndication
  6. | `UnknownExtension of int * Cstruct.t
]
Sourcetype hello_retry_extension = [
  1. | `SelectedGroup of group
  2. | `Cookie of Cstruct.t
  3. | `SelectedVersion of tls_version
  4. | `UnknownExtension of int * Cstruct.t
]
Sourcetype client_hello = {
  1. client_version : tls_any_version;
  2. client_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuites : Packet.any_ciphersuite list;
  5. extensions : client_extension list;
}
Sourcetype server_hello = {
  1. server_version : tls_version;
  2. server_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuite : Ciphersuite.ciphersuite;
  5. extensions : server_extension list;
}
Sourcetype dh_parameters = {
  1. dh_p : Cstruct.t;
  2. dh_g : Cstruct.t;
  3. dh_Ys : Cstruct.t;
}
Sourcetype hello_retry = {
  1. retry_version : tls_version;
  2. ciphersuite : Ciphersuite.ciphersuite13;
  3. sessionid : SessionID.t option;
  4. selected_group : group;
  5. extensions : hello_retry_extension list;
}
Sourcetype session_ticket_extension = [
  1. | `EarlyDataIndication of int32
  2. | `UnknownExtension of int * Cstruct.t
]
Sourcetype session_ticket = {
  1. lifetime : int32;
  2. age_add : int32;
  3. nonce : Cstruct.t;
  4. ticket : Cstruct.t;
  5. extensions : session_ticket_extension list;
}
Sourcetype certificate_request_extension = [
  1. | `SignatureAlgorithms of signature_algorithm list
  2. | `CertificateAuthorities of X509.Distinguished_name.t list
  3. | `UnknownExtension of int * Cstruct.t
]
Sourcetype tls_handshake =
  1. | HelloRequest
  2. | HelloRetryRequest of hello_retry
  3. | EncryptedExtensions of encrypted_extension list
  4. | ServerHelloDone
  5. | ClientHello of client_hello
  6. | ServerHello of server_hello
  7. | Certificate of Cstruct.t
  8. | ServerKeyExchange of Cstruct.t
  9. | CertificateRequest of Cstruct.t
  10. | ClientKeyExchange of Cstruct.t
  11. | CertificateVerify of Cstruct.t
  12. | Finished of Cstruct.t
  13. | SessionTicket of session_ticket
  14. | KeyUpdate of Packet.key_update_request_type
  15. | EndOfEarlyData
Sourceval pp_handshake : Format.formatter -> tls_handshake -> unit
Sourceval src : Logs.src
Sourcemodule Tracing : sig ... end
Sourcetype master_secret = Cstruct.t

the master secret of a TLS connection

Sourcetype psk13 = {
  1. identifier : Cstruct.t;
  2. obfuscation : int32;
  3. secret : Cstruct.t;
  4. lifetime : int32;
  5. early_data : int32;
  6. issued_at : Ptime.t;
}
Sourcetype epoch_state = [
  1. | `ZeroRTT
  2. | `Established
]
Sourcetype epoch_data = {
  1. state : epoch_state;
  2. protocol_version : tls_version;
  3. ciphersuite : Ciphersuite.ciphersuite;
  4. peer_random : Cstruct.t;
  5. peer_certificate_chain : X509.Certificate.t list;
  6. peer_certificate : X509.Certificate.t option;
  7. peer_name : [ `host ] Domain_name.t option;
  8. trust_anchor : X509.Certificate.t option;
  9. received_certificates : X509.Certificate.t list;
  10. own_random : Cstruct.t;
  11. own_certificate : X509.Certificate.t list;
  12. own_private_key : X509.Private_key.t option;
  13. own_name : [ `host ] Domain_name.t option;
  14. master_secret : master_secret;
  15. session_id : SessionID.t;
  16. extended_ms : bool;
  17. alpn_protocol : string option;
}

information about an open session

Sourceval supports_key_usage : ?not_present:bool -> X509.Extension.key_usage -> X509.Certificate.t -> bool
Sourceval supports_extended_key_usage : ?not_present:bool -> X509.Extension.extended_key_usage -> X509.Certificate.t -> bool