diff options
-rw-r--r-- | gemini/tlsUtils.ml | 18 | ||||
-rw-r--r-- | gemini/tlsUtils.mli | 5 |
2 files changed, 15 insertions, 8 deletions
diff --git a/gemini/tlsUtils.ml b/gemini/tlsUtils.ml index 584221b..b0d65ae 100644 --- a/gemini/tlsUtils.ml +++ b/gemini/tlsUtils.ml @@ -2,6 +2,7 @@ module type TLS_UTILS = sig type authenticator = X509_lwt.authenticator Lwt.t type ciphers = Tls.Ciphersuite.ciphersuite list + type own_cert = Tls.Config.own_cert val null_auth : authenticator @@ -11,15 +12,16 @@ sig -> X509.Distinguished_name.t -> (Tls.Config.certchain, string) result - (*val connect : authenticator:authenticator -> ?peer_name:string -> - ?ciphers:ciphers -> string * int - -> (Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t *) + val connect : authenticator:authenticator -> ?peer_name:string -> + ?ciphers:ciphers -> ?own_cert:own_cert -> string * int + -> (Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t end module TlsUtils : TLS_UTILS = struct - type authenticator = X509.Authenticator.t Lwt.t + type authenticator = X509_lwt.authenticator Lwt.t type ciphers = Tls.Ciphersuite.ciphersuite list + type own_cert = Tls.Config.own_cert let null_auth = Lwt.return (fun ~host:_ -> fun _ -> Ok None) @@ -42,13 +44,13 @@ struct | Ok cert -> Ok ([cert], priv) | Error _ -> Error "Unable to sign") - (*let connect authenticator ?peer_name ?(ciphers=Tls.Config.Ciphers.default) - (host, port) = + let connect ~authenticator ?peer_name ?(ciphers=Tls.Config.Ciphers.default) + ?(own_cert=`None) (host, port) = let peer_name = match peer_name with | Some name -> name | None -> host in + let%lwt authenticator = authenticator in Tls_lwt.connect_ext Tls.Config.(client ~peer_name:peer_name ~authenticator - ~ciphers ()) (host, port) - *) + ~ciphers ~certificates:own_cert ()) (host, port) end diff --git a/gemini/tlsUtils.mli b/gemini/tlsUtils.mli index 35a674d..a0d89ff 100644 --- a/gemini/tlsUtils.mli +++ b/gemini/tlsUtils.mli @@ -2,6 +2,7 @@ module type TLS_UTILS = sig type authenticator = X509_lwt.authenticator Lwt.t type ciphers = Tls.Ciphersuite.ciphersuite list + type own_cert = Tls.Config.own_cert val null_auth : authenticator @@ -10,6 +11,10 @@ sig val self_sign : ?bits:int -> ?days:int -> X509.Distinguished_name.t -> (Tls.Config.certchain, string) result + + val connect : authenticator:authenticator -> ?peer_name:string -> + ?ciphers:ciphers -> ?own_cert:own_cert -> string * int + -> (Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t end module TlsUtils : TLS_UTILS |