[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Creating a new Authenticator



On 01/05/2015 03:44 PM, J. Beleites wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

To be able to manipulate how TLS certificates are verified I wanted to
create a new authenticator (which I could pass, for example, to
X509.Authenticator.authenticate to authenticate certificates). The
authenticator type required (X509.Authenticator.t) is defined as
     ?host:Certificate.host -> Certificate.stack -> res

However, for some reason I am failing to create a function to use as
authenticator; the type checker doesn't seem happy with what I'm
writing. This also happens if I simply copy-and-paste the null
authenticator from the Authenticator module and try to use it as
authenticator. For instance:

This works fin:
# X509.Authenticator.authenticate X509.Authenticator.null;;
- - : ?host:host -> stack -> X509.Authenticator.res = <fun>

However, this doesn't:
# let auth ?host:_ (c, _) = `Ok c in
   X509.Authenticator.authenticate auth;;
Error: This expression has type ?host:'a -> 'b * 'c -> [> `Ok of 'b ]
        but an expression was expected of type X509_lwt.authenticator

I'm probably missing something simple here. Any ideas as to what it
may be?

Hi Johann,

I think the issue is that X509.Authenticator.t is abstract <https://github.com/mirleft/ocaml-x509/blob/master/lib/x509.mli#L41>.

To experiment with your own authenticators, the easiest thing is probably to build ocaml-x509 from source and either make the X509.Authenticator.t type in the interface into a type alias or hack your experimental authenticator directly into x509.ml depending on what seems more appropriate.

I hope this helps.

Cheers,

David

Thank you!
Johann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUqrFeAAoJEOuX0wv5Pf0In1EH/iU7XAA0H/+4C3iXAkcyKHrS
+iPbl8Tld6i2kdjWAxCkd/RPf2+KRThYDqgvZMCqovHIO6qZViMXomqUV1wplvSI
qp8H7GE+kvqJcJwbXVdTcEOsgtKtl4FY92qh3Ue/leuG0iiR1J9Ox+SU5ZEwlYeQ
EXdCbTN/XwvTtFL4evjbtkb8rkVImlKOx75e5aJucCl2ZccCX8eG6zk18JsajbZ+
JG3OqTP6PmnKaD2tc6YHKZcDXlYZ6DIvdKYCdHW8jMkTAZ6hX4AAev2Cr/RuYfV1
xSsuHZ3oMwPftkril29uJw3H57kLieCgExfKJnFn48ZCETHLf+rf5IfT3kqd01w=
=gDoM
-----END PGP SIGNATURE-----



_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.