@@ -30,3 +30,60 @@ You can also build this locally by conducting the steps:
3030opam install --deps-only -t . # or a named package instead of `.` - i.e. ./tls-lwt.opam
3131dune build --profile=release # you can also put a package list here, i.e. tls,tls-lwt -- you can also use `@all` target to compile examples as well
3232```
33+
34+ ## Usage
35+
36+ The core of ` ocaml-tls ` (the opam package ` tls ` , available in the ` lib `
37+ subdirectory) is an library independent of schedulers and does not perform any
38+ I/O operations. The library is designed so that a ` Tls.Engine.state ` state
39+ informs you of when to write and when to feed more data. It does not use
40+ mutation and is in a value-passing style (so, read data and state is the input,
41+ and data to be sent or presented to the upper layer, and state is the output).
42+
43+ There are therefore ` ocaml-tls ` derivations with different schedulers that
44+ perform read and write operations. These derivations offer an interface similar
45+ to what an SSL socket (like [ ssl] [ ssl ] ) can offer.
46+ - [ lwt] ( https://ocsigen.org/lwt/latest/manual/manual ) : ` tls-lwt ` proposes to
47+ initiate a TLS flow with ` Lwt_io.{input,output}_channel ` from a Unix socket.
48+ It can also propose an abstract type ` Tls_lwt.Unix.t ` (which can be created
49+ from a Unix socket) associated with a ` Tls_lwt.Unix ` interface similar to a
50+ Unix socket.
51+ - [ miou] ( https://github.com/robur-coop/miou ) : ` tls-miou-unix ` proposes a TLS
52+ flow via an abstract type ` Tls_miou_unix.t ` and an interface similar to a Unix
53+ socket from a ` Miou_unix.file_descr ` socket.
54+ - [ MirageOS] ( https://mirageos.org ) : ` tls-mirage ` proposes a composition
55+ of a [ ` Mirage_flow.S ` ] ( https://github.com/mirage/mirage-flow/ ) module to
56+ obtain a new ` Mirage_flow.S ` (corresponding to the TLS layer) which uses the
57+ lwt scheduler.
58+ - [ eio] ( https://github.com/ocaml-multicore/eio ) : ` tls-eio ` proposes the creation
59+ of an _ eio flow_ from another _ eio flow_ .
60+ - [ async] ( https://github.com/janestreet/async ) : ` tls-async ` proposes a TLS flow
61+ via ` Async.{Reader,Writer}.t ` from a ` Async.Socket ` .
62+
63+ Depending on the scheduler you choose, you should choose one of these
64+ ` ocaml-tls ` derivations, distributed in the mentioned opam packages (tls-lwt,
65+ tls-mirage, tls-eio, tls-async). Each one takes advantage of what the scheduler
66+ used has to offer.
67+
68+ ### Composability
69+
70+ ` ocaml-tls ` can also be used as it is in order to be able to compose with other
71+ protocols without choosing a scheduler. This is the case, for example, with
72+ [ sendmail.starttls] [ sendmail ] , which composes the SMTP and TLS protocols. The
73+ user can also be more selective about the use of certificates involved in a TLS
74+ connection, as [ albatross] [ albatross ] can offer in its transactions between
75+ clients and the server.
76+
77+ When seen as OCaml values, the critical elements that enable instantiation of a
78+ TLS connection can be very finely controlled.
79+
80+ ### Portability
81+
82+ ocaml-tls is currently used for [ MirageOS unikernels] ( https://mirageos.org ) ,
83+ which makes it portable and available on many systems (even the most restricted
84+ ones such as [ Solo5] ( https://github.com/solo5/solo5 ) as long as OCaml is
85+ available on them.
86+
87+ [ sendmail ] : https://github.com/mirage/colombe
88+ [ albatross ] : https://github.com/robur-coop/albatross
89+ [ ssl ] : https://github.com/savonet/ocaml-ssl
0 commit comments