[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] TLS on Xen

I've sent PRs for various patches to make TLS work on Xen. The changes
needed are:

1. Add generic error handling for FLOWs, so we can propagate errors reliably.
2. Fix the page alignment requirements for Netif.
3. Add TLS support to conduit.


Add `error_message` support for FLOW (can be merged now):


(any other places implementing FLOW?)

Update the FLOW signature:


Update TLS and Conduit (they both require and provide FLOW, so they
will be broken briefly):


We could add a dummy version of `error_message` here first to ease
upgrades, if desired. However, Conduit_mirage will break anyway due to
the extra TLS functor argument.

Make Netif not require aligned single-page buffers:


(optional: remove now-pointess copying in ocaml-tls)

You can then configure conduit for TLS like this:

        let mode = `TLS (tls_config, `TCP (`Port 443)) in

The mode contains the TLS arguments and a configuration for some
underlying channel.

I'm fairly happy with it. One minor problem is creating the TLS server
from a TLS config. Is there a function for this? In conduit, I
currently have:

          let server = Tls.Config.(server
            () in

However, this will silently fail to pass any new config attributes
that get adding later.

Dr Thomas Leonard        http://0install.net/
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.