Module Nettls_support

module Nettls_support: sig .. end

Support types and functions for TLS


type credentials = [ `Anonymous | `X509 of Netx509.x509_certificate ] 

The types of credentials

type raw_credentials = [ `Anonymous | `X509 of string ] 

The encoded credentials:

type cred_type = [ `Anonymous | `X509 ] 

The type of credential types

class type tls_session_props = object .. end

Direct access to TLS properties of a session

val get_tls_session_props : Netsys_crypto_types.tls_endpoint -> tls_session_props

Get the session properties for an endpoint for which the handshake is already done

val get_tls_user_name : tls_session_props -> string

Get the "user name" of client certificates. It is determined as follows:

Raises Not_found if nothing approriate is found.

val squash_file_tls_endpoint : (module Netsys_crypto_types.FILE_TLS_ENDPOINT) ->
(module Netsys_crypto_types.TLS_ENDPOINT)

Coerce a file endpoint to a normal endpoint

val is_endpoint_host : string -> tls_session_props -> bool

is_endpoint_host name props: checks whether name matches the certificate of the endpoint in props.

In particular, this function checks the DNS alternate name, and the common name of the subject. The certificate name can use wildcards.

Returns true if name could be verified this way.

NB. This doesn't check SNI (addressed_server), because this is the peer's task.