Tls: in Config.{client,server} avoid raising an exception (#502)

* Tls: in Config.{client,server} avoid raising an exception

Instead, a result value is returned. Addresses #411

Author: hannesm

async/examples/test_client.ml

@@ -2,7 +2,9 @@ open! Core
 open! Async
 open Deferred.Or_error.Let_syntax
 
-let config = Tls.Config.client ~authenticator:(fun ?ip:_ ~host:_ _ -> Ok None) ()
+let config = match Tls.Config.client ~authenticator:(fun ?ip:_ ~host:_ _ -> Ok None) () with
+  | Ok cfg -> cfg
+  | Error `Msg msg -> invalid_arg msg
 
 let test_client () =
   let host = "127.0.0.1" in

async/examples/test_server.ml

@@ -12,12 +12,15 @@ let serve_tls ~low_level port handler =
     Tls_async.X509_async.Private_key.of_pem_file server_key |> Deferred.Or_error.ok_exn
   in
   let config =
-    Tls.Config.(
-      server
-        ~version:(`TLS_1_0, `TLS_1_2)
-        ~certificates:(`Single (certificate, priv_key))
-        ~ciphers:Ciphers.supported
-        ())
+    match Tls.Config.(
+        server
+          ~version:(`TLS_1_0, `TLS_1_2)
+          ~certificates:(`Single (certificate, priv_key))
+          ~ciphers:Ciphers.supported
+          ())
+    with
+    | Ok cfg -> cfg
+    | Error `Msg msg -> invalid_arg msg
   in
   let where_to_listen = Tcp.Where_to_listen.of_port port in
   let on_handler_error = `Ignore in

bench/speed.ml

@@ -62,11 +62,18 @@ type state =
   ; client_out : int
   ; direction : [ `To_server | `To_client ] }
 
+let get_ok = function
+  | Ok cfg -> cfg
+  | Error `Msg msg -> invalid_arg msg
+
 let make ?groups ~cipher ~digest ~key version direction =
   let cert = cert ~digest ~key in
-  let client_cfg = Tls.Config.client ?groups ~version:(version, version)
-    ~ciphers:[ cipher ] ~authenticator ()
-  and server_cfg = Tls.Config.server ~certificates:(`Single ([ cert ], key)) () in
+  let client_cfg =
+    get_ok (Tls.Config.client ?groups ~version:(version, version)
+                 ~ciphers:[ cipher ] ~authenticator ())
+  and server_cfg =
+    get_ok (Tls.Config.server ~certificates:(`Single ([ cert ], key)) ())
+  in
   let client_state, client_out = Tls.Engine.client client_cfg
   and server_state = Tls.Engine.server server_cfg in
   { flow= To_server (client_state, server_state, Some client_out)

eio/tests/fuzz.ml

@@ -209,7 +209,7 @@ end = struct
   let null_auth ?ip:_ ~host:_ _ = Ok None
 
   let client =
-    Tls.Config.client ~authenticator:null_auth ()
+    Result.get_ok (Tls.Config.client ~authenticator:null_auth ())
 
   let read_file path =
     let ch = open_in_bin path in
@@ -222,7 +222,7 @@ end = struct
     let certs = Result.get_ok (X509.Certificate.decode_pem_multiple (read_file "server.pem")) in
     let pk = Result.get_ok (X509.Private_key.decode_pem (read_file "server.key")) in
     let certificates = `Single (certs, pk) in
-    Tls.Config.(server ~version:(`TLS_1_0, `TLS_1_3) ~certificates ~ciphers:Ciphers.supported ())
+    Result.get_ok Tls.Config.(server ~version:(`TLS_1_0, `TLS_1_3) ~certificates ~ciphers:Ciphers.supported ())
 end
 
 let dispatch_commands ~to_server ~to_client actions =

eio/tests/tls_eio.md

@@ -38,7 +38,7 @@ let test_client ~net (host, service) =
           (Result.bind (Domain_name.of_string host) Domain_name.host)
       in
       Tls_eio.client_of_flow
-        Tls.Config.(client ~version:(`TLS_1_0, `TLS_1_3) ?cached_ticket:!mypsk ~ticket_cache ~authenticator ~ciphers:Ciphers.supported ())
+        (Result.get_ok Tls.Config.(client ~version:(`TLS_1_0, `TLS_1_3) ?cached_ticket:!mypsk ~ticket_cache ~authenticator ~ciphers:Ciphers.supported ()))
         ?host socket
     in
     let req = String.concat "\r\n" [
@@ -68,7 +68,7 @@ let server_config dir =
       ~priv_key:(dir / "server-ec.key")
   in
   let certificates = `Multiple [ certificate ; ec_certificate ] in
-  Tls.Config.(server ~version:(`TLS_1_0, `TLS_1_3) ~certificates ~ciphers:Ciphers.supported ())
+  Result.get_ok Tls.Config.(server ~version:(`TLS_1_0, `TLS_1_3) ~certificates ~ciphers:Ciphers.supported ())
 
 let serve_ssl ~config server_s callback =
   Switch.run @@ fun sw ->