-
Notifications
You must be signed in to change notification settings - Fork 125
/
ssl_ext.mli
82 lines (57 loc) · 2.8 KB
/
ssl_ext.mli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
(*
Copyright © 2011 MLstate
This file is part of OPA.
OPA is free software: you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License, version 3, as published by
the Free Software Foundation.
OPA is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for
more details.
You should have received a copy of the GNU Affero General Public License
along with OPA. If not, see <http://www.gnu.org/licenses/>.
*)
(**
Additionnal bindings to SSL
@see <http://www.openssl.org/docs/ssl/ssl.html> for OpenSSL functions
@see <http://savonet.rastageeks.org/browser/trunk/ocaml-ssl> for base Ocaml-ssl source code
@see "ssl_ext.c" for the c-implementation of external values
@author Frederic Ye
*)
(** {6 SSL} *)
(** Another SSL initialisation function, that adds support for all digests, ciphers and algorithms *)
val init : unit -> unit
val set_session_id_context : Ssl.context -> unit
(** Set CTX options for bugs workarounds and renegotiation (SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
-> fails with Opera if the second is not set...
Should be able to select whatever options we want :
@see <http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html> Damnit \@see needs a description
*)
val set_ctx_options : Ssl.context -> int
val set_verify : Ssl.socket -> Ssl.verify_mode list -> Ssl.verify_callback option -> unit
(** Compute the digest of a certificate *)
val compute_digest : Ssl.certificate -> string -> int -> string
val certificate_to_string : Ssl.certificate -> string -> int -> string
(** Exception raised when there is an error during a renegotiation *)
exception Renegotiation_error
(** Exception raised when there is an error during a hanshake *)
exception Handshake_error of Ssl.ssl_error
(** Renegotiate ssl function has to be used with do_handshake function to
complete a full renegotiation. *)
val renegotiate : Ssl.socket -> unit
(** Return the verify_callback that does no verifications.
Usefull if we don't want OpenSSL to check the client certificate validity *)
val no_client_verify_callback : Ssl.verify_callback
val check_chain : Ssl.certificate -> string -> bool
val do_handshake : Ssl.socket -> unit
(** {6 RSA} *)
exception RSA_error
type rsa_key
(** Read an SSL RSA private key from a given file *)
val rsa_read_privkey : string -> rsa_key
(** Read an SSL RSA public key from a given file *)
val rsa_read_pubkey : string -> rsa_key
(** Convert an SSL RSA key to a Cryptokit RSA key format *)
val rsa_key_to_cryptokit_hex_rsa : rsa_key -> Cryptokit.RSA.key
(** Convert a [Ssl.ssl_error] to a string *)
val error_to_string : Ssl.ssl_error -> string