Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
val src : Logs.src
val trace_cipher :
[< `AES_128_CCM_SHA256
| `AES_128_GCM_SHA256
| `AES_256_GCM_SHA384
| `CHACHA20_POLY1305_SHA256
| `DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `DHE_RSA_WITH_AES_128_CBC_SHA
| `DHE_RSA_WITH_AES_128_CBC_SHA256
| `DHE_RSA_WITH_AES_128_CCM
| `DHE_RSA_WITH_AES_128_GCM_SHA256
| `DHE_RSA_WITH_AES_256_CBC_SHA
| `DHE_RSA_WITH_AES_256_CBC_SHA256
| `DHE_RSA_WITH_AES_256_CCM
| `DHE_RSA_WITH_AES_256_GCM_SHA384
| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA
| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA
| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
| `ECDHE_RSA_WITH_AES_128_CBC_SHA
| `ECDHE_RSA_WITH_AES_128_CBC_SHA256
| `ECDHE_RSA_WITH_AES_128_GCM_SHA256
| `ECDHE_RSA_WITH_AES_256_CBC_SHA
| `ECDHE_RSA_WITH_AES_256_CBC_SHA384
| `ECDHE_RSA_WITH_AES_256_GCM_SHA384
| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
| `RSA_WITH_3DES_EDE_CBC_SHA
| `RSA_WITH_AES_128_CBC_SHA
| `RSA_WITH_AES_128_CBC_SHA256
| `RSA_WITH_AES_128_CCM
| `RSA_WITH_AES_128_GCM_SHA256
| `RSA_WITH_AES_256_CBC_SHA
| `RSA_WITH_AES_256_CBC_SHA256
| `RSA_WITH_AES_256_CCM
| `RSA_WITH_AES_256_GCM_SHA384 AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ] ->
unit
val change_cipher_spec : Packet.content_type * Cstruct.t
val hostname : Core.client_hello -> [ `host ] Domain_name.t option
val groups :
Core.client_hello ->
[> `FFDHE2048
| `FFDHE3072
| `FFDHE4096
| `FFDHE6144
| `FFDHE8192
| `P256
| `P384
| `P521
| `X25519 ]
list
val find_matching :
[ `host ] Domain_name.t ->
(X509.Certificate.t list * 'a) list ->
(X509.Certificate.t list * 'a) option
val agreed_cert :
[< `Multiple of
(X509.Certificate.t list
* [> `ED25519 of 'b
| `P256 of 'c
| `P384 of 'd
| `P521 of 'e
| `RSA of 'f ] as 'a)
list
| `Multiple_default of
(X509.Certificate.t list * 'g) * (X509.Certificate.t list * 'h) list
| `None
| `Single of X509.Certificate.t list * 'g ] ->
?f:(X509.Certificate.t -> bool) ->
?signature_algorithms:
[< `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `ED25519
| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ]
list ->
[ `host ] Domain_name.t option ->
(X509.Certificate.t list * 'g,
[> `Error of
[> `CouldntSelectCertificate
| `NoCertificateConfigured
| `NoMatchingCertificateFound of string ] ])
result
val get_alpn_protocols : Core.client_hello -> string list option
val alpn_protocol :
Config.config ->
Core.client_hello ->
(string option, [> `Fatal of [> `NoApplicationProtocol ] ]) result
val get_alpn_protocol : Core.server_hello -> string option
val empty_common_session_data : State.common_session_data
val empty_session : State.session_data
val empty_session13 : Ciphersuite.ciphersuite13 -> State.session_data13
val common_session_data_of_epoch :
Core.epoch_data ->
State.common_session_data ->
State.common_session_data
val session_of_epoch : Core.epoch_data -> State.session_data
val session13_of_epoch :
Ciphersuite.ciphersuite13 ->
Core.epoch_data ->
State.session_data13
val to_client_ext_type :
[< `ALPN of 'a
| `Cookie of 'b
| `Draft of 'c
| `ECPointFormats
| `EarlyDataIndication
| `ExtendedMasterSecret
| `Hostname of 'd
| `KeyShare of 'e
| `MaxFragmentLength of 'f
| `Padding of 'g
| `PostHandshakeAuthentication
| `PreSharedKeys of 'h
| `PskKeyExchangeModes of 'i
| `SecureRenegotiation of 'j
| `SignatureAlgorithms of 'k
| `SupportedGroups of 'l
| `SupportedVersions of 'm
| `UnknownExtension of 'n ] ->
[> `ALPN
| `Cookie
| `Draft
| `ECPointFormats
| `EarlyDataIndication
| `ExtendedMasterSecret
| `Hostname
| `KeyShare
| `MaxFragmentLength
| `Padding
| `PostHandshakeAuthentication
| `PreSharedKey
| `PskKeyExchangeMode
| `SecureRenegotiation
| `SignatureAlgorithms
| `SupportedGroups
| `SupportedVersion
| `UnknownExtension ]
val to_server_ext_type :
[< `ALPN of 'a
| `Draft of 'b
| `ECPointFormats
| `EarlyDataIndication
| `ExtendedMasterSecret
| `Hostname
| `KeyShare of 'c
| `MaxFragmentLength of 'd
| `PreSharedKey of 'e
| `SecureRenegotiation of 'f
| `SelectedVersion of 'g
| `UnknownExtension of 'h ] ->
[> `ALPN
| `Draft
| `ECPointFormats
| `EarlyDataIndication
| `ExtendedMasterSecret
| `Hostname
| `KeyShare
| `MaxFragmentLength
| `PreSharedKey
| `SecureRenegotiation
| `SupportedVersion
| `UnknownExtension ]
val server_exts_subset_of_client :
[< `ALPN of 'a
| `Draft of 'b
| `ECPointFormats
| `EarlyDataIndication
| `ExtendedMasterSecret
| `Hostname
| `KeyShare of 'c
| `MaxFragmentLength of 'd
| `PreSharedKey of 'e
| `SecureRenegotiation of 'f
| `SelectedVersion of 'g
| `UnknownExtension of 'h ]
list ->
[< `ALPN of 'i
| `Cookie of 'j
| `Draft of 'k
| `ECPointFormats
| `EarlyDataIndication
| `ExtendedMasterSecret
| `Hostname of 'l
| `KeyShare of 'm
| `MaxFragmentLength of 'n
| `Padding of 'o
| `PostHandshakeAuthentication
| `PreSharedKeys of 'p
| `PskKeyExchangeModes of 'q
| `SecureRenegotiation of 'r
| `SignatureAlgorithms of 's
| `SupportedGroups of 't
| `SupportedVersions of 'u
| `UnknownExtension of 'v ]
list ->
bool
module Group : sig ... end
module GroupSet : sig ... end
val of_list : GroupSet.elt list -> GroupSet.t
val client_hello_valid :
[< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] ->
Core.client_hello ->
(unit,
[> `EmptyCiphersuites
| `NoGoodSignatureAlgorithms of Core.signature_algorithm list
| `NoKeyShareExtension
| `NoSignatureAlgorithmsExtension
| `NoSupportedCiphersuite of Packet.any_ciphersuite list
| `NoSupportedGroupExtension
| `NotSetExtension of Core.client_extension list
| `NotSetKeyShare of (Packet.named_group * Cstruct.t) list
| `NotSetSupportedGroup of Packet.named_group list
| `NotSubsetKeyShareSupportedGroup of
Packet.named_group list * (Packet.named_group * Cstruct.t) list ])
result
val server_hello_valid : Core.server_hello -> bool
val to_sign_1_3 : string option -> Cstruct.t
val signature :
[< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
?context_string:string ->
Cstruct.t ->
Core.signature_algorithm list option ->
Core.signature_algorithm list ->
X509.Private_key.t ->
(Cstruct.t,
[> `Error of
[> `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list ]
| `Fatal of [> `KeyTooSmall | `SigningFailed of string ] ])
result
val peer_key :
X509.Certificate.t option ->
(X509.Public_key.t, [> `Fatal of [> `NoCertificateReceived ] ]) result
val verify_digitally_signed :
[< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
?context_string:string ->
Core.signature_algorithm list ->
Cstruct.t ->
Cstruct.t ->
X509.Certificate.t option ->
(unit,
[> `Error of
[> `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list ]
| `Fatal of
[> `NoCertificateReceived
| `ReaderError of Reader.error
| `SignatureVerificationFailed of string ] ])
result
val validate_chain :
(?ip:'a ->
host:'b ->
X509.Certificate.t list ->
(('c list * 'd) option, 'e) result)
option ->
Cstruct.t list ->
'a option ->
'b ->
(X509.Certificate.t option * X509.Certificate.t list * 'c list * 'd option,
[> `Error of [> `AuthenticationFailure of 'e ]
| `Fatal of [> `BadCertificateChain | `KeyTooSmall ] ])
result
val output_key_update :
request:bool ->
State.state ->
(State.state * (Packet.content_type * Cstruct.t),
[> `Fatal of [> `InvalidSession ] ])
result