diff --git a/CHANGES.md b/CHANGES.md index 9e777a20..264820be 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,11 +1,9 @@ -## Unreleased +## v4.0.1 (2021-08-06) -* change the type of `Conduit_lwt_tls.X509.default_authenticator` and - `Conduit_lwt_unix.default_ctx` to be lazy, avoiding various side-effects - (system interactions, logging) due to constructing these values at - initialisation time. (@craigfe, #395) - -* Add missing `ipaddr-sexp` dependency on conduit-async (#385 @anmonteiro) +* Add missing `ipaddr-sexp` dependency on conduit-async (#385, @anmonteiro) +* Update the link of the documentation (959f57a & #398, reported by @misterfish, @zshipko, @dinosaure) +* Gitignore `opam/` even if it is a symlink (#394, @CraigFe, @avsm) +* Adapt `conduit-lwt-unix` to `tls.0.14.0` (#396, @hannesm, @dinosaure) ## v4.0.0 (2021-04-15) diff --git a/conduit-async.opam b/conduit-async.opam index 857adb6a..e0752b64 100644 --- a/conduit-async.opam +++ b/conduit-async.opam @@ -9,7 +9,7 @@ homepage: "https://github.com/mirage/ocaml-conduit" bug-reports: "https://github.com/mirage/ocaml-conduit/issues" depends: [ "ocaml" {>= "4.03.0"} - "dune" + "dune" {>= "2.0"} "core" "uri" {>= "4.0.0"} "ppx_here" {>= "v0.9.0"} @@ -25,7 +25,7 @@ conflicts: [ "async_ssl" {< "v0.9.0"} ] build: [ - ["dune" "subst"] {pinned} + ["dune" "subst"] {dev} ["dune" "build" "-p" name "-j" jobs] ] dev-repo: "git+https://github.com/mirage/ocaml-conduit.git" diff --git a/conduit-lwt-unix.opam b/conduit-lwt-unix.opam index ff512daa..fda23e34 100644 --- a/conduit-lwt-unix.opam +++ b/conduit-lwt-unix.opam @@ -9,7 +9,7 @@ homepage: "https://github.com/mirage/ocaml-conduit" bug-reports: "https://github.com/mirage/ocaml-conduit/issues" depends: [ "ocaml" {>= "4.07.0"} - "dune" + "dune" {>= "2.0"} "base-unix" "logs" "ppx_sexp_conv" {>="v0.13.0"} @@ -25,11 +25,11 @@ depends: [ ] depopts: ["tls" "lwt_ssl" "launchd"] conflicts: [ - "tls" {< "0.13.0"} + "tls" {< "0.14.0"} "ssl" {< "0.5.9"} ] build: [ - ["dune" "subst"] {pinned} + ["dune" "subst"] {dev} ["dune" "build" "-p" name "-j" jobs] ] dev-repo: "git+https://github.com/mirage/ocaml-conduit.git" diff --git a/conduit-lwt.opam b/conduit-lwt.opam index e1cf55b1..655cef4d 100644 --- a/conduit-lwt.opam +++ b/conduit-lwt.opam @@ -9,7 +9,7 @@ homepage: "https://github.com/mirage/ocaml-conduit" bug-reports: "https://github.com/mirage/ocaml-conduit/issues" depends: [ "ocaml" {>= "4.03.0"} - "dune" + "dune" {>= "2.0"} "base-unix" "ppx_sexp_conv" {>="v0.13.0"} "sexplib" @@ -17,7 +17,7 @@ depends: [ "lwt" {>= "3.0.0"} ] build: [ - ["dune" "subst"] {pinned} + ["dune" "subst"] {dev} ["dune" "build" "-p" name "-j" jobs] ] dev-repo: "git+https://github.com/mirage/ocaml-conduit.git" diff --git a/conduit-mirage.opam b/conduit-mirage.opam index 77f030b7..087877fa 100644 --- a/conduit-mirage.opam +++ b/conduit-mirage.opam @@ -7,7 +7,7 @@ homepage: "https://github.com/mirage/ocaml-conduit" bug-reports: "https://github.com/mirage/ocaml-conduit/issues" depends: [ "ocaml" {>= "4.07.0"} - "dune" + "dune" {>= "2.0"} "ppx_sexp_conv" {>="v0.13.0"} "sexplib" "uri" {>= "4.0.0"} @@ -34,7 +34,7 @@ conflicts: [ ] build: [ - ["dune" "subst"] {pinned} + ["dune" "subst"] {dev} ["dune" "build" "-p" name "-j" jobs] ["dune" "runtest" "-p" name] {with-test} ] diff --git a/conduit.opam b/conduit.opam index 6634a474..d48c7579 100644 --- a/conduit.opam +++ b/conduit.opam @@ -10,7 +10,7 @@ doc: "https://mirage.github.io/ocaml-conduit/" bug-reports: "https://github.com/mirage/ocaml-conduit/issues" depends: [ "ocaml" {>= "4.03.0"} - "dune" + "dune" {>= "2.0"} "ppx_sexp_conv" {>="v0.13.0"} "sexplib" "astring" @@ -20,7 +20,7 @@ depends: [ "ipaddr-sexp" ] build: [ - ["dune" "subst"] {pinned} + ["dune" "subst"] {dev} ["dune" "build" "-p" name "-j" jobs] ] dev-repo: "git+https://github.com/mirage/ocaml-conduit.git" diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.dummy.mli b/src/conduit-lwt-unix/conduit_lwt_tls.dummy.mli index 14c5474a..bed1b289 100644 --- a/src/conduit-lwt-unix/conduit_lwt_tls.dummy.mli +++ b/src/conduit-lwt-unix/conduit_lwt_tls.dummy.mli @@ -30,7 +30,7 @@ module Client : sig ?src:Lwt_unix.sockaddr -> ?certificates:'a -> authenticator:X509.authenticator -> - string -> + [ `host ] Domain_name.t -> Lwt_unix.sockaddr -> (Lwt_unix.file_descr * Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t end diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.real.ml b/src/conduit-lwt-unix/conduit_lwt_tls.real.ml index 8c7b1cf7..148345bc 100644 --- a/src/conduit-lwt-unix/conduit_lwt_tls.real.ml +++ b/src/conduit-lwt-unix/conduit_lwt_tls.real.ml @@ -23,10 +23,9 @@ module X509 = struct type authenticator = X509.Authenticator.t let default_authenticator = - lazy - (match Ca_certs.authenticator () with - | Ok a -> a - | Error (`Msg msg) -> failwith msg) + match Ca_certs.authenticator () with + | Ok a -> a + | Error (`Msg msg) -> failwith msg end module Client = struct diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.real.mli b/src/conduit-lwt-unix/conduit_lwt_tls.real.mli index 8eba4d40..fa831ccd 100644 --- a/src/conduit-lwt-unix/conduit_lwt_tls.real.mli +++ b/src/conduit-lwt-unix/conduit_lwt_tls.real.mli @@ -23,7 +23,7 @@ module X509 : sig type authenticator = X509.Authenticator.t - val default_authenticator : authenticator Lazy.t + val default_authenticator : authenticator end module Client : sig @@ -31,7 +31,7 @@ module Client : sig ?src:Lwt_unix.sockaddr -> ?certificates:Tls.Config.own_cert -> authenticator:X509.authenticator -> - string -> + [ `host ] Domain_name.t -> Lwt_unix.sockaddr -> (Lwt_unix.file_descr * Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t end diff --git a/src/conduit-lwt-unix/conduit_lwt_unix.ml b/src/conduit-lwt-unix/conduit_lwt_unix.ml index 208d202b..35699661 100644 --- a/src/conduit-lwt-unix/conduit_lwt_unix.ml +++ b/src/conduit-lwt-unix/conduit_lwt_unix.ml @@ -149,16 +149,14 @@ let flow_of_fd fd sa = TCP { fd; ip = Ipaddr_unix.of_inet_addr ip; port } let default_ctx = - lazy - { - src = None; - tls_own_key = `None; - tls_authenticator = Lazy.force Conduit_lwt_tls.X509.default_authenticator; - } + { + src = None; + tls_own_key = `None; + tls_authenticator = Conduit_lwt_tls.X509.default_authenticator; + } let init ?src ?(tls_own_key = `None) - ?(tls_authenticator = Lazy.force Conduit_lwt_tls.X509.default_authenticator) - () = + ?(tls_authenticator = Conduit_lwt_tls.X509.default_authenticator) () = match src with | None -> Lwt.return { src = None; tls_own_key; tls_authenticator } | Some host -> ( @@ -264,6 +262,15 @@ let connect_with_tls_native ~ctx (`Hostname hostname, `IP ip, `Port port) = Conduit_lwt_tls.X509.private_of_pems ~cert ~priv_key >|= fun certificate -> Some (`Single certificate)) >>= fun certificates -> + let hostname = + try Domain_name.(host_exn (of_string_exn hostname)) + with Invalid_argument msg -> + let s = + Printf.sprintf "couldn't convert %s to a [`host] Domain_name.t: %s" + hostname msg + in + invalid_arg s + in Conduit_lwt_tls.Client.connect ?src:ctx.src ?certificates ~authenticator:ctx.tls_authenticator hostname sa >|= fun (fd, ic, oc) -> diff --git a/src/conduit-lwt-unix/conduit_lwt_unix.mli b/src/conduit-lwt-unix/conduit_lwt_unix.mli index 1fb1d9d9..cdcb032f 100644 --- a/src/conduit-lwt-unix/conduit_lwt_unix.mli +++ b/src/conduit-lwt-unix/conduit_lwt_unix.mli @@ -153,7 +153,7 @@ type ctx [@@deriving sexp_of] (** {2 Connection and listening} *) -val default_ctx : ctx Lazy.t +val default_ctx : ctx (** Default context that listens on all source addresses with no TLS certificate associated with the Conduit *) diff --git a/tests/conduit-lwt-unix/cdtest_tls.ml b/tests/conduit-lwt-unix/cdtest_tls.ml index e47ea118..122b0449 100644 --- a/tests/conduit-lwt-unix/cdtest_tls.ml +++ b/tests/conduit-lwt-unix/cdtest_tls.ml @@ -49,7 +49,7 @@ let perform () = let client = `TLS (`Hostname "", `IP Ipaddr.(V6 V6.localhost), `Port port) in - Conduit_lwt_unix.(connect ~ctx:(Lazy.force default_ctx) client) + Conduit_lwt_unix.(connect ~ctx:default_ctx client) >>= fun (_flow, ic, oc) -> Lwt_log.notice "Connected!" >>= fun () -> Lwt_io.write oc "hello" >>= fun () ->