From 9e777332de4978e79bf90973595666419ace1c73 Mon Sep 17 00:00:00 2001
From: Ryan Kavanagh <rak@rak.ac>
Date: Fri, 12 Jun 2020 22:17:43 -0400
Subject: extended tlsUtils

---
 gemini/tlsUtils.ml  | 18 ++++++++++--------
 gemini/tlsUtils.mli |  5 +++++
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/gemini/tlsUtils.ml b/gemini/tlsUtils.ml
index 584221b..b0d65ae 100644
--- a/gemini/tlsUtils.ml
+++ b/gemini/tlsUtils.ml
@@ -2,6 +2,7 @@ module type TLS_UTILS =
 sig
   type authenticator = X509_lwt.authenticator Lwt.t
   type ciphers = Tls.Ciphersuite.ciphersuite list
+  type own_cert = Tls.Config.own_cert
 
   val null_auth : authenticator
 
@@ -11,15 +12,16 @@ sig
     -> X509.Distinguished_name.t
     -> (Tls.Config.certchain, string) result
 
-  (*val connect : authenticator:authenticator -> ?peer_name:string ->
-    ?ciphers:ciphers -> string * int
-    -> (Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t *)
+  val connect : authenticator:authenticator -> ?peer_name:string ->
+    ?ciphers:ciphers -> ?own_cert:own_cert -> string * int
+    -> (Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t
 end
 
 module TlsUtils : TLS_UTILS =
 struct
-  type authenticator = X509.Authenticator.t Lwt.t
+  type authenticator = X509_lwt.authenticator Lwt.t
   type ciphers = Tls.Ciphersuite.ciphersuite list
+  type own_cert = Tls.Config.own_cert
 
   let null_auth = Lwt.return (fun ~host:_ -> fun _ -> Ok None)
 
@@ -42,13 +44,13 @@ struct
         | Ok cert -> Ok ([cert], priv)
         | Error _ -> Error "Unable to sign")
 
-  (*let connect authenticator ?peer_name ?(ciphers=Tls.Config.Ciphers.default)
-      (host, port) =
+  let connect ~authenticator ?peer_name ?(ciphers=Tls.Config.Ciphers.default)
+      ?(own_cert=`None) (host, port) =
     let peer_name = match peer_name with
       | Some name -> name
       | None -> host in
+    let%lwt authenticator = authenticator in
       Tls_lwt.connect_ext
       Tls.Config.(client ~peer_name:peer_name ~authenticator
-                    ~ciphers ()) (host, port)
-  *)
+                    ~ciphers ~certificates:own_cert ()) (host, port)
 end
diff --git a/gemini/tlsUtils.mli b/gemini/tlsUtils.mli
index 35a674d..a0d89ff 100644
--- a/gemini/tlsUtils.mli
+++ b/gemini/tlsUtils.mli
@@ -2,6 +2,7 @@ module type TLS_UTILS =
 sig
   type authenticator = X509_lwt.authenticator Lwt.t
   type ciphers = Tls.Ciphersuite.ciphersuite list
+  type own_cert = Tls.Config.own_cert
 
   val null_auth : authenticator
 
@@ -10,6 +11,10 @@ sig
   val self_sign : ?bits:int -> ?days:int
     -> X509.Distinguished_name.t
     -> (Tls.Config.certchain, string) result
+
+  val connect : authenticator:authenticator -> ?peer_name:string ->
+    ?ciphers:ciphers -> ?own_cert:own_cert -> string * int
+    -> (Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t
 end
 
 module TlsUtils : TLS_UTILS
-- 
cgit v1.2.3