package tls-mirage

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

X.509 handling given a key value store and a clock

Parameters

module KV : Mirage_kv.RO
module C : Mirage_clock.PCLOCK

Signature

val authenticator : ?hash_whitelist:Mirage_crypto.Hash.hash list -> ?crl:string -> KV.t -> X509.Authenticator.t Lwt.t

authenticator ~hash_whitelist ~crl store creates an authenticator, using the given certificate authorities in the store as value for key "ca_roots.crt". If hash_whitelist is provided, only these hash algorithms are allowed for signatures of the certificate chain. If crl is provided, the corresponding file is read and used as revocation list (DER encoded). Both options only apply if `CAs is used.

val certificate : KV.t -> [< `Default | `Name of string ] -> (X509.Certificate.t list * Mirage_crypto_pk.Rsa.priv) Lwt.t

certificate store typ unmarshals a certificate chain and private key material from the store.

OCaml

Innovation. Community. Security.