[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Creating a new Authenticator

To: "J. Beleites" <jcb98@xxxxxxxxx>
From: David Sheets <dwws2@xxxxxxxxx>
Date: Mon, 05 Jan 2015 16:35:58 +0000
Cc: Anil Madhavapeddy <avsm2@xxxxxxxxxxxx>, mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 06 Jan 2015 10:15:45 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

On 01/05/2015 03:44 PM, J. Beleites wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

To be able to manipulate how TLS certificates are verified I wanted to
create a new authenticator (which I could pass, for example, to
X509.Authenticator.authenticate to authenticate certificates). The
authenticator type required (X509.Authenticator.t) is defined as
     ?host:Certificate.host -> Certificate.stack -> res

However, for some reason I am failing to create a function to use as
authenticator; the type checker doesn't seem happy with what I'm
writing. This also happens if I simply copy-and-paste the null
authenticator from the Authenticator module and try to use it as
authenticator. For instance:

This works fin:
# X509.Authenticator.authenticate X509.Authenticator.null;;
- - : ?host:host -> stack -> X509.Authenticator.res = <fun>

However, this doesn't:
# let auth ?host:_ (c, _) = `Ok c in
   X509.Authenticator.authenticate auth;;
Error: This expression has type ?host:'a -> 'b * 'c -> [> `Ok of 'b ]
        but an expression was expected of type X509_lwt.authenticator

I'm probably missing something simple here. Any ideas as to what it
may be?


Hi Johann,

I think the issue is that X509.Authenticator.t is abstract<https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L41>.

To experiment with your own authenticators, the easiest thing isprobably to build ocaml-x509 from source and either make theX509.Authenticator.t type in the interface into a type alias or hackyour experimental authenticator directly into x509.ml depending on whatseems more appropriate.


I hope this helps.

Cheers,

David

Thank you!
Johann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUqrFeAAoJEOuX0wv5Pf0In1EH/iU7XAA0H/+4C3iXAkcyKHrS
+iPbl8Tld6i2kdjWAxCkd/RPf2+KRThYDqgvZMCqovHIO6qZViMXomqUV1wplvSI
qp8H7GE+kvqJcJwbXVdTcEOsgtKtl4FY92qh3Ue/leuG0iiR1J9Ox+SU5ZEwlYeQ
EXdCbTN/XwvTtFL4evjbtkb8rkVImlKOx75e5aJucCl2ZccCX8eG6zk18JsajbZ+
JG3OqTP6PmnKaD2tc6YHKZcDXlYZ6DIvdKYCdHW8jMkTAZ6hX4AAev2Cr/RuYfV1
xSsuHZ3oMwPftkril29uJw3H57kLieCgExfKJnFn48ZCETHLf+rf5IfT3kqd01w=
=gDoM
-----END PGP SIGNATURE-----



_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

References:
- [MirageOS-devel] Creating a new Authenticator
  - From: J. Beleites

Prev by Date: Re: [MirageOS-devel] Creating a new Authenticator
Next by Date: Re: [MirageOS-devel] Installing tls - failing to install ctypes and conf-gmp
Previous by thread: Re: [MirageOS-devel] Creating a new Authenticator
Next by thread: Re: [MirageOS-devel] irmin storage overhead and dedup
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.