package tls

  1. Overview
  2. Docs
Module type
Class type

TLS module given a flow



module FLOW = F
type error = [
  1. | `Tls_alert of Tls.Packet.alert_type
  2. | `Tls_failure of Tls.Engine.failure
  3. | `Read of F.error
  4. | `Write of F.write_error

possible errors: incoming alert, processing failure, or a problem in the underlying flow.

type write_error = [
  1. | `Closed
  2. | error

The type for write errors.

type buffer = Cstruct.t
type +'a io = 'a Lwt.t
type tracer = Sexplib.Sexp.t -> unit

we provide the FLOW interface

include Mirage_flow_lwt.S with type 'a io := 'a io and type buffer := buffer and type error := error and type write_error := write_error
val pp_error : error Fmt.t

pp_error is the pretty-printer for errors.

val pp_write_error : write_error Fmt.t

pp_write_error is the pretty-printer for write errors.

type flow

The type for flows. A flow represents the state of a single reliable stream that is connected to an endpoint.

val read : flow -> (buffer Mirage_flow.or_eof, error) Pervasives.result io

read flow blocks until some data is available and returns a fresh buffer containing it.

The returned buffer will be of a size convenient to the flow implementation, but will always have at least 1 byte.

If the remote endpoint calls close then calls to read will keep returning data until all the in-flight data has been read. read flow will return `Eof when the remote endpoint has called close and when there is no more in-flight data.

val write : flow -> buffer -> (unit, write_error) Pervasives.result io

write flow buffer writes a buffer to the flow. There is no indication when the buffer has actually been read and, therefore, it must not be reused. The contents may be transmitted in separate packets, depending on the underlying transport. The result Ok () indicates success, Error `Closed indicates that the connection is now closed and therefore the data could not be written. Other errors are possible.

val writev : flow -> buffer list -> (unit, write_error) Pervasives.result io

writev flow buffers writes a sequence of buffers to the flow. There is no indication when the buffers have actually been read and, therefore, they must not be reused. The result Ok () indicates success, Error `Closed indicates that the connection is now closed and therefore the data could not be written. Other errors are possible.

val close : flow -> unit io

close flow flushes all pending writes and signals the remote endpoint that there will be no future writes. Once the remote endpoint has read all pending data, it is expected that calls to read on the remote return `Eof.

Note it is still possible for the remote endpoint to write to the flow and for the local endpoint to call read. This state where the local endpoint has called close but the remote endpoint has not called close is similar to that of a half-closed TCP connection or a Unix socket after shutdown(SHUTDOWN_WRITE).

close flow waits until the remote endpoint has also called close before returning. At this point no data can flow in either direction and resources associated with the flow can be freed.

val reneg : ?authenticator:X509.Authenticator.a -> ?acceptable_cas:X509.distinguished_name list -> ?cert:Tls.Config.own_cert -> ?drop:bool -> flow -> (unit, write_error) Result.result Lwt.t

reneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished. Optionally, a new authenticator and acceptable_cas can be used. The own certificate can be adjusted by cert. If drop is true (the default), application data received before the renegotiation finished is dropped.

val client_of_flow : ?trace:tracer -> Tls.Config.client -> ?host:string -> FLOW.flow -> (flow, write_error) Result.result Lwt.t

client_of_flow ~trace client ~host flow upgrades the existing connection to TLS using the client configuration, using host as peer name.

val server_of_flow : ?trace:tracer -> Tls.Config.server -> FLOW.flow -> (flow, write_error) Result.result Lwt.t

server_of_flow ?tracer server flow upgrades the flow to a TLS connection using the server configuration.

val epoch : flow -> (Tls.Core.epoch_data, unit) Result.result

epoch flow extracts information of the established session.


Innovation. Community. Security.