Xen project Mailing List

[MirageOS-devel] TLS on Xen

To: "mirageos-devel@xxxxxxxxxxxxxxxxxxxx" <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>

From: Thomas Leonard <talex5@xxxxxxxxx>

Date: Tue, 13 Jan 2015 17:03:48 +0000

Delivery-date: Tue, 13 Jan 2015 17:03:56 +0000

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

I've sent PRs for various patches to make TLS work on Xen. The changes needed are: 1. Add generic error handling for FLOWs, so we can propagate errors reliably. 2. Fix the page alignment requirements for Netif. 3. Add TLS support to conduit. PRs: Add `error_message` support for FLOW (can be merged now): https://github.com/mirage/mirage-console/pull/33 https://github.com/mirage/ocaml-vchan/pull/60 https://github.com/mirage/mirage-tcpip/pull/98 (any other places implementing FLOW?) Update the FLOW signature: https://github.com/mirage/mirage/pull/346 Update TLS and Conduit (they both require and provide FLOW, so they will be broken briefly): https://github.com/mirleft/ocaml-tls/pull/225 We could add a dummy version of `error_message` here first to ease upgrades, if desired. However, Conduit_mirage will break anyway due to the extra TLS functor argument. Make Netif not require aligned single-page buffers: https://github.com/mirage/mirage-net-xen/pull/17 (optional: remove now-pointess copying in ocaml-tls) You can then configure conduit for TLS like this: let mode = `TLS (tls_config, `TCP (`Port 443)) in The mode contains the TLS arguments and a configuration for some underlying channel. I'm fairly happy with it. One minor problem is creating the TLS server from a TLS config. Is there a function for this? In conduit, I currently have: let server = Tls.Config.(server ~ciphers:config.ciphers ~version:config.protocol_versions ~hashes:config.hashes ~reneg:config.use_reneg ?certificate:config.own_certificate ~secure_reneg:config.secure_reneg) () in However, this will silently fail to pass any new config attributes that get adding later. -- Dr Thomas Leonard http://0install.net/ GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.