[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Creating a new Authenticator



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Hi Johann,

On 01/05/2015 15:44, J. Beleites wrote:
> To be able to manipulate how TLS certificates are verified I wanted
> to create a new authenticator (which I could pass, for example, to 
> X509.Authenticator.authenticate to authenticate certificates). The 
> authenticator type required (X509.Authenticator.t) is defined as 
> ?host:Certificate.host -> Certificate.stack -> res

It would be interesting to know what exactly you want to achieve
during certificate verification.

In https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L39
we collect the authenticators - you should be able to extend that file
(as well as the ml).

For side-effecting authenticators (which read a file with trust
anchors etc) we provide some authenticator abstractions in
https://github.com/mirleft/ocaml-tls/blob/master/lwt/x509_lwt.mli

> However, for some reason I am failing to create a function to use
> as authenticator; the type checker doesn't seem happy with what
> I'm writing. This also happens if I simply copy-and-paste the null 
> authenticator from the Authenticator module and try to use it as 
> authenticator. For instance:
> 
> This works fin: # X509.Authenticator.authenticate
> X509.Authenticator.null;; - : ?host:host -> stack ->
> X509.Authenticator.res = <fun>
> 
> However, this doesn't: # let auth ?host:_ (c, _) = `Ok c in 
> X509.Authenticator.authenticate auth;; Error: This expression has
> type ?host:'a -> 'b * 'c -> [> `Ok of 'b ] but an expression was
> expected of type X509_lwt.authenticator
> 
> I'm probably missing something simple here. Any ideas as to what
> it may be?

I'm missing some context here.. Our current design hides type t inside
of X509.Authenticator - to add a new, you'll have to modify this piece
of code (inside of the X509 library). [This design might change at
some point.]

Hannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCQAGBQJUqrcvAAoJELyJZYjffCjuNNoQALUXJl5mDTgdUjEhyW01h04/
ibfb09jTnT5dKBf9CPys/mRvjE/3QYvks3gVNukD6ZpW5R3VaySvXXeSNC7M16vI
zwEkNiW94YVNMOtEBMjm13AS1640Kd0/qQHP2nQZ8xb3tL9UQexJMxXLlX70uFK0
8GoT1dUtu1EcZ4fd2xReExr7/OlcGZBNZbdQzhMiFfErh9w5hv/+F0tUyFLXTHQW
ZtxNbYJsdylCXfQB/ykgZzpErhmTHB8gLI1ZVocf6M4yKeu0qKK1NMNaBbIS8s9F
jf8xO8H8VknJGl6WysNVK2ZS1sjbn+jcvJL7Qa58XXMkK2EXVMBY+7VHBrJ2e2J7
xRY7I4xKMMs+736SRd5jU4JKETagJWwpdW6FTdg+9eyoHhDuN4/22EAUIR/sqGSQ
5G79C67giB6mi/yRKMWe8MHQP4qPU1kxLXkT9KZYdCjxXEwPhjgLgzlFwU3zfBQq
YLpEbKX6H1tXCMMVyjxYfPJVhKZYWKwgX6Sbi38hAx2QLPiMacfeUQt/sYOtw0M8
Aih7M90xsEsAHPSDc8KVTxZh2MKXJeftdzcUJGJnHeAmAeCsvXF1DSnOoHovKQFh
HsMYkCXGWF9VExUdIqv6LW0/R8teYVXfWKMFI9F/ymGWATufcFjVkdR1cw4HsGyk
DzJVEWsCJeNcmaRIPqy2
=EiKH
-----END PGP SIGNATURE-----

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.