Library
Module
Module type
Parameter
Class
Class type
Authenticators of certificate chains
type a = ?host:host -> t list -> Validation.result
An authenticator a
is a function type which takes a hostname and a certificate stack to an authentication decision Validation.result
.
chain_of_trust ?time trust_anchors
is authenticator
, which uses the given time
and list of trust_anchors
to verify the certificate chain. This is an implementation of the algorithm described in RFC 5280, using Validation.verify_chain_of_trust
. The given trust anchors are not checked to be valid trust anchors any further (you have to do this manually with Validation.valid_ca
or Validation.valid_cas
)!
val server_key_fingerprint :
?time:float ->
hash:Nocrypto.Hash.hash ->
fingerprints:(string * Cstruct.t) list ->
a
server_key_fingerprint ~time hash fingerprints
is an authenticator
which uses the given time
and list of fingerprints
to verify that the fingerprint of the first element of the certificate chain matches the given fingerprint, using Validation.trust_key_fingerprint
.
val server_cert_fingerprint :
?time:float ->
hash:Nocrypto.Hash.hash ->
fingerprints:(string * Cstruct.t) list ->
a
server_cert_fingerprint ~time hash fingerprints
is an authenticator
which uses the given time
and list of fingerprints
to verify the first element of the certificate chain, using Validation.trust_cert_fingerprint
.
val null : a
null
is authenticator
, which always returns `Ok
. (Useful for testing purposes only.)
val a_of_sexp : Sexplib.Sexp.t -> a
a_of_sexp sexp
is authenticator
, the unmarshalled sexp
. Note: only null
is supported.
val sexp_of_a : a -> Sexplib.Sexp.t
sexp_of_a authenticator
is sexp
, the marshalled authenticator
. Note: always emits null
.