Plasma GitLab Archive
Projects Blog Knowledge

Previous  Up  Next

Module Nettls_support

module Nettls_support: sig .. end
Support types and functions for TLS
type credentials = [ `Anonymous | `X509 of Netx509.x509_certificate ]
The types of credentials
type raw_credentials = [ `Anonymous | `X509 of string ]
The encoded credentials:
  • `X509 s: The X509 certificate in DER encoding
  • `Anonymous: no certificate or other key is available

type cred_type = [ `Anonymous | `X509 ]
The type of credential types
class type tls_session_props = object .. end
Direct access to TLS properties of a session 
val get_tls_session_props : Netsys_crypto_types.tls_endpoint -> tls_session_props
Get the session properties for an endpoint for which the handshake is already done
val get_tls_user_name : tls_session_props -> string
Get the "user name" of client certificates. It is determined as follows:

  • if there is a subjectAltName with an email address (i.e. rfc822 type), this address is returned
  • if there is a subjectAltName using the directory name format, it is checked whether there is a "uid", "email", or "cn" name component
  • otherwise, it is checked whether there is a "uid", "email", or "cn" name component in the subject
Raises Not_found if nothing approriate is found.
val squash_file_tls_endpoint : (module Netsys_crypto_types.FILE_TLS_ENDPOINT) ->
       (module Netsys_crypto_types.TLS_ENDPOINT)
Coerce a file endpoint to a normal endpoint
val is_endpoint_host : string -> tls_session_props -> bool
is_endpoint_host name props: checks whether name matches the certificate of the endpoint in props.

In particular, this function checks the DNS alternate name, and the common name of the subject. The certificate name can use wildcards.

Returns true if name could be verified this way.

NB. This doesn't check SNI (addressed_server), because this is the peer's task.

This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml