-
Notifications
You must be signed in to change notification settings - Fork 73
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
conduit-lwt-unix: allow openssl clients to customize the ssl context …
…and the verification (#417) * conduit-lwt-unix: create client ssl context on init The ssl context may be used for connect_with_ssl. When tls_own_key is not configured the configured ssl_ctx is used, by default this is the default client ssl_ctx, just as before. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com> * conduit-lwt-unix: fail when hostname verification cannot be done on SSL When a valid hostname is not available it's better to fail early with a useful error message rather than letting the connection go on and letting OpenSSL fail with an undecipherable message. Note that the "hostname" parameters are strings and don't have to be hostnames, they can be IPs as well when using cohttp. Ideally these should be a union type of domain names and ip addresses for better clarity, but this would be a breaking change. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com> * conduit-lwt-unix: Add flexibility for OpenSSL verification This is not exposed currently to the user, so there is no change in functionality. This allows clients to turn on and off hostname and ip verification in the remote cert independently in the unusual case where it's needed by changing the default in the library. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com> * conduit-lwt-unix: allow users to configure client ssl verification The only options allowed are whether the hostname or the IP are used to validate the remote host's certificate Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com> * conduit-lwt-unix: Change verification and SNI when using IP to connect Now the SNIs is only sent when there's a domain name, as this is the only type of server names allowed by the RFC Additionally IP verification for the peer certificate can be enabled if needed Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> * changes: add entries regarding conduit-lwt-unix-ssl Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com> Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com>
- Loading branch information
Showing
7 changed files
with
103 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters