summaryrefslogblamecommitdiff
path: root/gemini/tlsUtils.ml
blob: 0916185b7a3f7a51607b786e3a1be9edae5b21ed (plain) (tree) 
17fb2a0







































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39







































                                                                    
module type TLS_UTILS =
sig
  type authenticator = X509_lwt.authenticator Lwt.t

  val null_auth : authenticator

  val ca : Lwt_io.file_name -> authenticator

  val self_sign : ?bits:int -> ?days:int
    -> X509.Distinguished_name.t
    -> (Tls.Config.certchain, string) result
end

module TlsUtils : TLS_UTILS =
struct
  type authenticator = X509.Authenticator.t Lwt.t

  let null_auth = Lwt.return (fun ~host:_ -> fun _ -> Ok None)

  let ca path = if Sys.is_directory path then
      X509_lwt.authenticator (`Ca_dir path)
    else
      X509_lwt.authenticator (`Ca_file path)

  let self_sign ?(bits=2048) ?(days=1) dnames =
    let () = Mirage_crypto_rng_unix.initialize () in
    let priv = Mirage_crypto_pk.Rsa.generate ~bits:bits () in
    let csr = X509.Signing_request.create dnames (`RSA priv) in
    let valid_from : Ptime.t = Ptime_clock.now () in
    let valid_span = Ptime.Span.of_int_s (days * 24 * 60 * 60) in
    let open Base in
    let open Result.Monad_infix in
     Result.of_option (Ptime.add_span valid_from valid_span)
       ~error:"exceeds posix time range" >>= (fun valid_until ->
        match X509.Signing_request.sign csr ~valid_from ~valid_until
                (`RSA priv) dnames with
        | Ok cert -> Ok ([cert], priv)
        | Error _ -> Error "Unable to sign")
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 05:23:47 +0000