Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
Core type definitions
val any_version_to_version :
[> tls_version ] ->
[> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
val version_eq :
[> tls_version ] ->
[< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
bool
val pp_tls_hdr : Stdlib.Format.formatter -> tls_hdr -> unit
module SessionID : sig ... end
val named_group_to_group :
Packet.named_group ->
[> `FFDHE2048
| `FFDHE3072
| `FFDHE4096
| `FFDHE6144
| `FFDHE8192
| `P256
| `P384
| `P521
| `X25519 ]
option
val group_to_named_group :
[< `FFDHE2048
| `FFDHE3072
| `FFDHE4096
| `FFDHE6144
| `FFDHE8192
| `P256
| `P384
| `P521
| `X25519 ] ->
Packet.named_group
type signature_algorithm = [
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512
| `ED25519
]
val hash_of_signature_algorithm :
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ] ->
[> `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ]
val signature_scheme_of_signature_algorithm :
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ] ->
[> `ECDSA | `ED25519 | `RSA_PKCS1 | `RSA_PSS ]
val pp_signature_algorithm :
Stdlib.Format.formatter ->
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ] ->
unit
val rsa_sigalg :
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ] ->
bool
val tls13_sigalg :
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ] ->
bool
val pk_matches_sa :
[> `ED25519 of 'a | `P256 of 'b | `P384 of 'c | `P521 of 'd | `RSA of 'e ] ->
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ] ->
bool
type client_extension = [
| `Hostname of [ `host ] Domain_name.t
| `MaxFragmentLength of Packet.max_fragment_length
| `SupportedGroups of Packet.named_group list
| `SecureRenegotiation of Cstruct.t
| `Padding of int
| `SignatureAlgorithms of signature_algorithm list
| `ExtendedMasterSecret
| `ALPN of string list
| `EarlyDataIndication
| `SupportedVersions of tls_any_version list
| `PostHandshakeAuthentication
| `Cookie of Cstruct.t
| `PskKeyExchangeModes of Packet.psk_key_exchange_mode list
| `ECPointFormats
| `UnknownExtension of int * Cstruct.t
]
type server_extension = [
| server13_extension
| `Hostname
| `MaxFragmentLength of Packet.max_fragment_length
| `SecureRenegotiation of Cstruct.t
| `ExtendedMasterSecret
| `ALPN of string
| `ECPointFormats
| `UnknownExtension of int * Cstruct.t
]
type encrypted_extension = [
| `Hostname
| `MaxFragmentLength of Packet.max_fragment_length
| `SupportedGroups of group list
| `ALPN of string
| `EarlyDataIndication
| `UnknownExtension of int * Cstruct.t
]
type hello_retry_extension = [
| `SelectedGroup of group
| `Cookie of Cstruct.t
| `SelectedVersion of tls_version
| `UnknownExtension of int * Cstruct.t
]
type client_hello = {
client_version : tls_any_version;
client_random : Cstruct.t;
sessionid : SessionID.t option;
ciphersuites : Packet.any_ciphersuite list;
extensions : client_extension list;
}
type server_hello = {
server_version : tls_version;
server_random : Cstruct.t;
sessionid : SessionID.t option;
ciphersuite : Ciphersuite.ciphersuite;
extensions : server_extension list;
}
type hello_retry = {
retry_version : tls_version;
ciphersuite : Ciphersuite.ciphersuite13;
sessionid : SessionID.t option;
selected_group : group;
extensions : hello_retry_extension list;
}
type session_ticket = {
lifetime : int32;
age_add : int32;
nonce : Cstruct.t;
ticket : Cstruct.t;
extensions : session_ticket_extension list;
}
type certificate_request_extension = [
| `SignatureAlgorithms of signature_algorithm list
| `CertificateAuthorities of X509.Distinguished_name.t list
| `UnknownExtension of int * Cstruct.t
]
type tls_handshake =
| HelloRequest
| HelloRetryRequest of hello_retry
| EncryptedExtensions of encrypted_extension list
| ServerHelloDone
| ClientHello of client_hello
| ServerHello of server_hello
| Certificate of Cstruct.t
| ServerKeyExchange of Cstruct.t
| CertificateRequest of Cstruct.t
| ClientKeyExchange of Cstruct.t
| CertificateVerify of Cstruct.t
| Finished of Cstruct.t
| SessionTicket of session_ticket
| KeyUpdate of Packet.key_update_request_type
| EndOfEarlyData
val pp_handshake : Stdlib.Format.formatter -> tls_handshake -> unit
module Tracing : sig ... end
type tls_alert = Packet.alert_level * Packet.alert_type
type epoch_data = {
side : [ `Client | `Server ];
state : epoch_state;
protocol_version : tls_version;
ciphersuite : Ciphersuite.ciphersuite;
peer_random : Cstruct.t;
peer_certificate_chain : X509.Certificate.t list;
peer_certificate : X509.Certificate.t option;
peer_name : [ `host ] Domain_name.t option;
trust_anchor : X509.Certificate.t option;
received_certificates : X509.Certificate.t list;
own_random : Cstruct.t;
own_certificate : X509.Certificate.t list;
own_private_key : X509.Private_key.t option;
own_name : [ `host ] Domain_name.t option;
master_secret : master_secret;
exporter_master_secret : master_secret;
session_id : SessionID.t;
extended_ms : bool;
alpn_protocol : string option;
}
information about an open session
val supports_key_usage :
?not_present:bool ->
X509.Extension.key_usage ->
X509.Certificate.t ->
bool
val supports_extended_key_usage :
?not_present:bool ->
X509.Extension.extended_key_usage ->
X509.Certificate.t ->
bool