Skip to content

Commit 71bd010

Browse files
dinosauredinosaure
committed
tls-mirage keeps cstruct but we do casts internally
1 parent 80f9830 commit 71bd010

File tree

2 files changed

+14
-12
lines changed

2 files changed

+14
-12
lines changed

mirage/tls_mirage.ml

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ module Make (F : Mirage_flow.S) = struct
2727
| `Write_closed of Tls.Engine.state
2828
| `Closed
2929
| `Error of error ] ;
30-
mutable linger : Cstruct.t list ;
30+
mutable linger : string list ;
3131
}
3232

3333
let half_close state mode =
@@ -51,7 +51,7 @@ module Make (F : Mirage_flow.S) = struct
5151
let tls_fail f = `Error (`Tls_failure f)
5252

5353
let write_flow flow buf =
54-
F.write flow.flow buf >>= function
54+
F.write flow.flow (Cstruct.of_string buf) >>= function
5555
| Ok _ as o -> Lwt.return o
5656
| Error `Closed ->
5757
flow.state <- half_close flow.state `write;
@@ -70,14 +70,14 @@ module Make (F : Mirage_flow.S) = struct
7070
( match resp with
7171
| None -> Lwt.return @@ Ok ()
7272
| Some buf -> write_flow flow buf) >>= fun _ ->
73-
Lwt.return @@ `Ok data
73+
Lwt.return @@ `Ok (Option.map Cstruct.of_string data)
7474
| Error (fail, `Response resp) ->
7575
let reason = match fail with
7676
| `Alert a -> tls_alert a
7777
| f -> tls_fail f
7878
in
7979
flow.state <- reason ;
80-
F.write flow.flow resp >>= fun _ ->
80+
F.write flow.flow (Cstruct.of_string resp) >>= fun _ ->
8181
Lwt.return reason
8282
in
8383
match flow.state with
@@ -92,7 +92,7 @@ module Make (F : Mirage_flow.S) = struct
9292
flow.state <- half_close flow.state `read;
9393
Lwt.return `Eof
9494
| Ok `Data buf -> match flow.state with
95-
| `Active tls | `Write_closed tls -> handle tls buf
95+
| `Active tls | `Write_closed tls -> handle tls (Cstruct.to_string buf)
9696
| `Read_closed _ | `Closed -> Lwt.return `Eof
9797
| `Error _ as e -> Lwt.return e
9898

@@ -106,13 +106,15 @@ module Make (F : Mirage_flow.S) = struct
106106
| `Error e -> Lwt.return @@ Error e )
107107
| bufs ->
108108
flow.linger <- [] ;
109-
Lwt.return @@ Ok (`Data (Cstruct.concat @@ List.rev bufs))
109+
let str = String.concat "" (List.rev bufs) in
110+
Lwt.return @@ Ok (`Data (Cstruct.of_string str))
110111

111112
let writev flow bufs =
112113
match flow.state with
113114
| `Closed | `Write_closed _ -> Lwt.return @@ Error `Closed
114115
| `Error e -> Lwt.return @@ Error (e :> write_error)
115116
| `Active tls | `Read_closed tls ->
117+
let bufs = List.map Cstruct.to_string bufs in
116118
match Tls.Engine.send_application_data tls bufs with
117119
| Some (tls, answer) ->
118120
flow.state <- `Active tls ;
@@ -138,7 +140,7 @@ module Make (F : Mirage_flow.S) = struct
138140
(* read_react re-throws *)
139141
read_react flow >>= function
140142
| `Ok mbuf ->
141-
flow.linger <- Option.to_list mbuf @ flow.linger ;
143+
flow.linger <- Option.(to_list (map Cstruct.to_string mbuf)) @ flow.linger ;
142144
drain_handshake flow
143145
| `Error e -> Lwt.return @@ Error (e :> write_error)
144146
| `Eof -> Lwt.return @@ Error `Closed
@@ -273,23 +275,23 @@ module X509 (KV : Mirage_kv.RO) (C: Mirage_clock.PCLOCK) = struct
273275
| None -> Lwt.return None
274276
| Some filename ->
275277
read kv (Mirage_kv.Key.v filename) >>= fun data ->
276-
err_fail pp_msg (X509.CRL.decode_der data) >|= fun crl ->
278+
err_fail pp_msg (X509.CRL.decode_der (Cstruct.to_string data)) >|= fun crl ->
277279
Some [ crl ]
278280

279281
let authenticator ?allowed_hashes ?crl kv =
280282
let time () = Some (Ptime.v (C.now_d_ps ())) in
281283
let now = Ptime.v (C.now_d_ps ()) in
282-
read kv ca_roots_file >>=
284+
read kv ca_roots_file >|= Cstruct.to_string >>=
283285
decode_or_fail X509.Certificate.decode_pem_multiple >>= fun cas ->
284286
let ta = X509.Validation.valid_cas ~time:now cas in
285287
read_crl kv crl >|= fun crls ->
286288
X509.Authenticator.chain_of_trust ?crls ?allowed_hashes ~time ta
287289

288290
let certificate kv =
289291
let read name =
290-
read kv (Mirage_kv.Key.v (name ^ ".pem")) >>=
292+
read kv (Mirage_kv.Key.v (name ^ ".pem")) >|= Cstruct.to_string >>=
291293
decode_or_fail X509.Certificate.decode_pem_multiple >>= fun certs ->
292-
read kv (Mirage_kv.Key.v (name ^ ".key")) >>=
294+
read kv (Mirage_kv.Key.v (name ^ ".key")) >|= Cstruct.to_string >>=
293295
decode_or_fail X509.Private_key.decode_pem >|= fun pk ->
294296
(certs, pk)
295297
in function | `Default -> read default_cert

mirage/tls_mirage.mli

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ module X509 (KV : Mirage_kv.RO) (C : Mirage_clock.PCLOCK) : sig
6060
If [crl] is provided, the corresponding file is read and used as
6161
revocation list (DER encoded). Both options only apply if [`CAs] is used.
6262
*)
63-
val authenticator : ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?crl:string ->
63+
val authenticator : ?allowed_hashes:Digestif.hash' list -> ?crl:string ->
6464
KV.t -> X509.Authenticator.t Lwt.t
6565

6666
(** [certificate store typ] unmarshals a certificate chain and

0 commit comments

Comments
 (0)