Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Search for TLS trust anchors lazily #395

Merged
merged 1 commit into from
May 21, 2021
Merged

Search for TLS trust anchors lazily #395

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions CHANGES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
## Unreleased

* change the type of `Conduit_lwt_tls.X509.default_authenticator` and
`Conduit_lwt_unix.default_ctx` to be lazy, avoiding various side-effects
(system interactions, logging) due to constructing these values at
initialisation time. (@craigfe, #395)

## v4.0.0 (2021-04-15)

* conduit-mirage: replace the alias `X509_lwt.priv` by
Expand Down
7 changes: 4 additions & 3 deletions src/conduit-lwt-unix/conduit_lwt_tls.real.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,10 @@ module X509 = struct
type authenticator = X509.Authenticator.t

let default_authenticator =
match Ca_certs.authenticator () with
| Ok a -> a
| Error (`Msg msg) -> failwith msg
lazy
(match Ca_certs.authenticator () with
| Ok a -> a
| Error (`Msg msg) -> failwith msg)
end

module Client = struct
Expand Down
2 changes: 1 addition & 1 deletion src/conduit-lwt-unix/conduit_lwt_tls.real.mli
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ module X509 : sig

type authenticator = X509.Authenticator.t

val default_authenticator : authenticator
val default_authenticator : authenticator Lazy.t
end

module Client : sig
Expand Down
14 changes: 8 additions & 6 deletions src/conduit-lwt-unix/conduit_lwt_unix.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,14 +149,16 @@ let flow_of_fd fd sa =
TCP { fd; ip = Ipaddr_unix.of_inet_addr ip; port }

let default_ctx =
{
src = None;
tls_own_key = `None;
tls_authenticator = Conduit_lwt_tls.X509.default_authenticator;
}
lazy
{
src = None;
tls_own_key = `None;
tls_authenticator = Lazy.force Conduit_lwt_tls.X509.default_authenticator;
}

let init ?src ?(tls_own_key = `None)
?(tls_authenticator = Conduit_lwt_tls.X509.default_authenticator) () =
?(tls_authenticator = Lazy.force Conduit_lwt_tls.X509.default_authenticator)
() =
match src with
| None -> Lwt.return { src = None; tls_own_key; tls_authenticator }
| Some host -> (
Expand Down
2 changes: 1 addition & 1 deletion src/conduit-lwt-unix/conduit_lwt_unix.mli
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ type ctx [@@deriving sexp_of]

(** {2 Connection and listening} *)

val default_ctx : ctx
val default_ctx : ctx Lazy.t
(** Default context that listens on all source addresses with no TLS certificate
associated with the Conduit *)

Expand Down
2 changes: 1 addition & 1 deletion tests/conduit-lwt-unix/cdtest_tls.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ let perform () =
let client =
`TLS (`Hostname "", `IP Ipaddr.(V6 V6.localhost), `Port port)
in
Conduit_lwt_unix.(connect ~ctx:default_ctx client)
Conduit_lwt_unix.(connect ~ctx:(Lazy.force default_ctx) client)
>>= fun (_flow, ic, oc) ->
Lwt_log.notice "Connected!" >>= fun () ->
Lwt_io.write oc "hello" >>= fun () ->
Expand Down