[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] Creating a new Authenticator
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hi Johann, On 01/05/2015 15:44, J. Beleites wrote: > To be able to manipulate how TLS certificates are verified I wanted > to create a new authenticator (which I could pass, for example, to > X509.Authenticator.authenticate to authenticate certificates). The > authenticator type required (X509.Authenticator.t) is defined as > ?host:Certificate.host -> Certificate.stack -> res It would be interesting to know what exactly you want to achieve during certificate verification. In https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L39 we collect the authenticators - you should be able to extend that file (as well as the ml). For side-effecting authenticators (which read a file with trust anchors etc) we provide some authenticator abstractions in https://github.com/mirleft/ocaml-tls/blob/master/lwt/x509_lwt.mli > However, for some reason I am failing to create a function to use > as authenticator; the type checker doesn't seem happy with what > I'm writing. This also happens if I simply copy-and-paste the null > authenticator from the Authenticator module and try to use it as > authenticator. For instance: > > This works fin: # X509.Authenticator.authenticate > X509.Authenticator.null;; - : ?host:host -> stack -> > X509.Authenticator.res = <fun> > > However, this doesn't: # let auth ?host:_ (c, _) = `Ok c in > X509.Authenticator.authenticate auth;; Error: This expression has > type ?host:'a -> 'b * 'c -> [> `Ok of 'b ] but an expression was > expected of type X509_lwt.authenticator > > I'm probably missing something simple here. Any ideas as to what > it may be? I'm missing some context here.. Our current design hides type t inside of X509.Authenticator - to add a new, you'll have to modify this piece of code (inside of the X509 library). [This design might change at some point.] Hannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCQAGBQJUqrcvAAoJELyJZYjffCjuNNoQALUXJl5mDTgdUjEhyW01h04/ ibfb09jTnT5dKBf9CPys/mRvjE/3QYvks3gVNukD6ZpW5R3VaySvXXeSNC7M16vI zwEkNiW94YVNMOtEBMjm13AS1640Kd0/qQHP2nQZ8xb3tL9UQexJMxXLlX70uFK0 8GoT1dUtu1EcZ4fd2xReExr7/OlcGZBNZbdQzhMiFfErh9w5hv/+F0tUyFLXTHQW ZtxNbYJsdylCXfQB/ykgZzpErhmTHB8gLI1ZVocf6M4yKeu0qKK1NMNaBbIS8s9F jf8xO8H8VknJGl6WysNVK2ZS1sjbn+jcvJL7Qa58XXMkK2EXVMBY+7VHBrJ2e2J7 xRY7I4xKMMs+736SRd5jU4JKETagJWwpdW6FTdg+9eyoHhDuN4/22EAUIR/sqGSQ 5G79C67giB6mi/yRKMWe8MHQP4qPU1kxLXkT9KZYdCjxXEwPhjgLgzlFwU3zfBQq YLpEbKX6H1tXCMMVyjxYfPJVhKZYWKwgX6Sbi38hAx2QLPiMacfeUQt/sYOtw0M8 Aih7M90xsEsAHPSDc8KVTxZh2MKXJeftdzcUJGJnHeAmAeCsvXF1DSnOoHovKQFh HsMYkCXGWF9VExUdIqv6LW0/R8teYVXfWKMFI9F/ymGWATufcFjVkdR1cw4HsGyk DzJVEWsCJeNcmaRIPqy2 =EiKH -----END PGP SIGNATURE----- _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |