Conf (bytesrw.Bytesrw

type tls_version =

| Tls_v1_2
| Tls_v1_3

The type for TLS versions.

type kind =

| Client
(*
Configuration for talking to a server.
*)
| Server
(*
Configuration for talking to clients.
*)

The type for kind of TLS configurations.

type t

The type for configuring TLS connections.

val make : 
  ?alpn_protocols:string list ->
  ?min_tls_version:tls_version ->
  ?max_tls_version:tls_version ->
  ?own_certs:X509_certchain.own list ->
  ?trusted_certs:X509_certchain.t list ->
  ?verify_peer:bool ->
  kind ->
  (t, string) Stdlib.result

make kind is a TLS configuration with given properties, ee corresponding accessors for semantics. The same configuration can used for multiple TLS connections. The defaults are as follows:

alpn_protocols defaults to [].
min_tls_version defaults to Tls_v1_2.
max_tls_version defaults to Tls_v1_3.
If kind is Client:
- own_certs defaults to [].
- verify_peer defaults to true. Warning. Setting this to false is insecure.
- trusted_certs defaults to X509_certchain.system_ca_certs if verify_peer is true and [] otherwise.
If kind is Server:
- own_certs has no default. A non-empty list must be provided otherwise the function errors.
- verify_peer defaults to false.
- trusted_certs defaults to [].

val alpn_protocols : t -> string list

alpn_protocols c is the list of supported protocols identifiers for the connection in decreasing preference order. See the IANA list of ALPN protocols.

val kind : t -> kind

kind c is the kind of TLS configuration of c.

val min_tls_version : t -> tls_version

min_tls_version c is the minimal TLS version of c.

val max_tls_version : t -> tls_version

max_tls_version c is the maximal TLS version of c.

val own_certs : t -> X509_certchain.own list

own_certs c are the certificates for this host.

This must be given for servers. Note that browsers usually expect the full certification chain. For clients this can be provided in order to perform mutual TLS, in this case only the first certificate in the list is taken into account.

val trusted_certs : t -> X509_certchain.t list

trusted_certs c is the set of certificates that are used to verify the peer's certificate.

val verify_peer : t -> bool

verify_peer c is true if the peer is verified with trusted_certs. If kind c is Client and this is false the connection is insecure.

Formatters

val pp_tls_version : Stdlib.Format.formatter -> tls_version -> unit

pp_tls_version formats TLS versions for inspection.

val pp_kind : Stdlib.Format.formatter -> kind -> unit

pp_lind formats configuration kinds for inspection.