Conduit_lwt_unixSourceConnection establishment using the Lwt_unix library
Configuration fragment for a TLS client connecting to a remote endpoint
type client = [ | `TLS of client_tls_config| `TLS_tunnel of [ `Hostname of string ] * ic * oc| `TLS_native of client_tls_configForce use of native OCaml TLS stack to connect.
*)| `OpenSSL of client_tls_configForce use of Lwt OpenSSL bindings to connect.
*)| `TCP of [ `IP of Ipaddr.t ] * [ `Port of int ]Use TCP to connect to the given ip, port tuple.
| `Unix_domain_socket of [ `File of string ]Use UNIX domain sockets to connect to a socket on the path.
| `Vchan_direct of [ `Domid of int ] * [ `Port of string ]Connect to the remote VM on the domid, port tuple.
| `Vchan_domain_socket of [ `Domain_name of string ] * [ `Port of string ]Use the Vchan name resolution to connect
*) ]Set of supported client connections that are supported by this module:
`TLS (`Hostname host, `IP ip, `Port port): Use OCaml-TLS or OpenSSL (depending on CONDUIT_TLS) to connect to the given host, ip, port tuple via TCP.`TLS_native _: Force use of native OCaml TLS stack to connect.`OpenSSL _: Force use of Lwt OpenSSL bindings to connect.`TCP (`IP ip, `Port port): Use TCP to connect to the given ip, port tuple.`Unix_domain_socket (`File path): Use UNIX domain sockets to connect to a socket on the path.`Vchan_direct (`Domid domid, `Port port): Connect to the remote VM on the domid, port tuple.`Vchan_domain_socket (`Domain_name domain, `Port port_name): Use the Vchan name resolution to connect.type server_tls_config =
[ `Crt_file_path of string ]
* [ `Key_file_path of string ]
* [ `Password of bool -> string | `No_password ]
* [ `Port of int ]Configuration fragment for a listening TLS server
Set of ways to create TCP servers
`Port port: Create a socket listening to provided port.`Socket file_descr: Use the provided file descriptor to create a server.type server = [ | `TLS of server_tls_config| `OpenSSL of server_tls_config| `TLS_native of server_tls_config| `TCP of tcp_config| `Unix_domain_socket of [ `File of string ]| `Vchan_direct of int * string| `Vchan_domain_socket of string * string| `Launchd of string ]Set of supported listening mechanisms that are supported by this module.
`TLS server_tls_config: Use OCaml-TLS or OpenSSL (depending on CONDUIT_TLS) to connect to the given host, ip, port tuple via TCP.`TLS_native _: Force use of native OCaml TLS stack to connect.`OpenSSL _: Force use of Lwt OpenSSL bindings to connect.`TCP (`Port port): Listen on the specified TCPv4 port.`Unix_domain_socket (`File path): Use UNIX domain sockets to listen on the path.`Vchan_direct (domid, port): Listen for the remote VM on the domid, port tuple.`Vchan_domain_socket (domain, port_name): Use the Vchan name resolution to listen`Listening_socket fd: Use the socket given, useful for inherited systemd sockets.`Launchd name: uses MacOS X launchd to start the service, via the name of the Sockets element within the service description plist file. See the ocaml-launchd documentation for more.tcp_flow contains the state of a single TCP connection.
domain_flow contains the state of a single Unix domain socket connection.
vchan_flow contains the state of a single Vchan shared memory connection.
type flow = private | TCP of tcp_flow| Tunnel of string * ic * oc| Domain_socket of domain_flow| Vchan of vchan_flowA flow contains the state of a single connection, over a specific transport method.
type tls_own_key = [ | `None| `TLS of
[ `Crt_file_path of string ]
* [ `Key_file_path of string ]
* [ `Password of bool -> string | `No_password ] ]Type describing where to locate a PEM key in the filesystem
State handler for an active conduit
Default context that listens on all source addresses with no TLS certificate associated with the Conduit
val init :
?src:string ->
?tls_own_key:tls_own_key ->
?tls_authenticator:Conduit_lwt_tls.X509.authenticator ->
?ssl_ctx:Conduit_lwt_unix_ssl.Client.context ->
?ssl_client_verify:Conduit_lwt_unix_ssl.Client.verify ->
unit ->
ctx ioinit ?src ?tls_own_key ?tls_authenticator ?ssl_ctx () will initialize a Unix conduit that binds to the src interface if specified.
If TLS server connections are used, then tls_own_key must contain a valid certificate to be used to advertise a TLS connection. In TLS mode the certificate is validated using tls_authenticator. By default, the validation is using the OS trust anchors.
If SSL client connections are used, then tls_own_key may contain a valid certificate to be used to advertise a TLS connection. If it's not configured ssl_ctx will be used to configure OpenSSL.
connect ~ctx client establishes an outgoing connection via the ctx context to the endpoint described by client
val serve :
?backlog:int ->
?timeout:int ->
?stop:unit io ->
on_exn:(exn -> unit) ->
ctx:ctx ->
mode:server ->
(flow -> ic -> oc -> unit io) ->
unit ioserve ?backlog ?timeout ?stop ~on_exn ~ctx ~mode fn establishes a listening connection of type mode, using the ctx context. The stop thread will terminate the server if it ever becomes determined. Every connection will be served in a new lightweight thread that is invoked via the fn callback. The fn callback is passed the flow representing the client connection and the associated input ic and output oc channels. If the callback raises an exception, it is passed to on_exn.
set_max_active nconn sets the maximum number of active connections accepted. When the limit is hit accept blocks until another server connection is closed.
endp_of_flow flow retrieves the original endp from the established flow
endp_to_client ~ctx endp converts an endp into a a concrete connection mechanism of type client
endp_to_server ~ctx endp converts an endp into a a concrete connection mechanism of type server
Currently selected method of using TLS for client and servers