From f8194ff43473412605b66aca723be9d0546d242f Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 2 Aug 2021 11:07:37 +0200 Subject: [PATCH 1/3] [new release] tls, tls-mirage and tls-async (0.14.0) CHANGES: * Breaking: peer_name (in config and epoch data, also own_name) is now a [`host] Domain_name.t instead of a string. (mirleft/ocaml-tls#434 mirleft/ocaml-tls#438 @torinnd @hannesm) * Add a X509_async module (mirleft/ocaml-tls#435 @torinnd) * Client and server constructor log messages are on the debug level (mirleft/ocaml-tls#436 reported by @talex5, fix by @hannesm) * Adapt to cstruct 6.0.0 API (Cstruct.len is deprecated) mirleft/ocaml-tls#439 @hannesm --- packages/tls-async/tls-async.0.14.0/opam | 48 +++++++++++++++ packages/tls-mirage/tls-mirage.0.14.0/opam | 46 +++++++++++++++ packages/tls/tls.0.14.0/opam | 69 ++++++++++++++++++++++ 3 files changed, 163 insertions(+) create mode 100644 packages/tls-async/tls-async.0.14.0/opam create mode 100644 packages/tls-mirage/tls-mirage.0.14.0/opam create mode 100644 packages/tls/tls.0.14.0/opam diff --git a/packages/tls-async/tls-async.0.14.0/opam b/packages/tls-async/tls-async.0.14.0/opam new file mode 100644 index 000000000000..36e815880b92 --- /dev/null +++ b/packages/tls-async/tls-async.0.14.0/opam @@ -0,0 +1,48 @@ +opam-version: "2.0" +homepage: "https://github.com/mirleft/ocaml-tls" +dev-repo: "git+https://github.com/mirleft/ocaml-tls.git" +bug-reports: "https://github.com/mirleft/ocaml-tls/issues" +doc: "https://mirleft.github.io/ocaml-tls/doc" +maintainer: ["Hannes Mehnert " "David Kaloper "] +license: "BSD-2-Clause" + +build: [ + ["dune" "subst"] {dev} + ["dune" "build" "-p" name "-j" jobs] + ["dune" "runtest" "-p" name "-j" jobs] {with-test} +] + +depends: [ + "ocaml" {>= "4.08.0"} + "dune" {>= "1.0"} + "tls" {= version} + "x509" {>= "0.13.0"} + "ptime" {>= "0.8.1"} + "async" {>= "v0.14"} + "async_find" {>= "v0.14"} + "async_unix" {>= "v0.14"} + "core" {>= "v0.14"} + "cstruct-async" + "ppx_jane" {>= "v0.14"} + "mirage-crypto-rng-async" +] +tags: [ "org:mirage"] +synopsis: "Transport Layer Security purely in OCaml, Async layer" +description: """ +Tls-async provides Async-friendly tls bindings +""" +authors: [ + "David Kaloper " + "Hannes Mehnert " + "Eric Ebinger " + "Calascibetta Romain " +] +url { + src: + "https://github.com/mirleft/ocaml-tls/releases/download/v0.14.0/tls-v0.14.0.tbz" + checksum: [ + "sha256=1c09048710927a83a88ebc8b89263691cacff52b31081a214e88df79a8b655d8" + "sha512=4daf0569ad26b1fabdfc8a5c377998250c7bfe715839b68545632057ac88ee5bab785fed98eff639bae1490394c89f21cc92e26c6c1018b3f29c6ce9627db2e1" + ] +} +x-commit-hash: "91aa06fb7acaf3af758f0a59dce6ba0a02bba6cb" diff --git a/packages/tls-mirage/tls-mirage.0.14.0/opam b/packages/tls-mirage/tls-mirage.0.14.0/opam new file mode 100644 index 000000000000..b5b76e4a791f --- /dev/null +++ b/packages/tls-mirage/tls-mirage.0.14.0/opam @@ -0,0 +1,46 @@ +opam-version: "2.0" +homepage: "https://github.com/mirleft/ocaml-tls" +dev-repo: "git+https://github.com/mirleft/ocaml-tls.git" +bug-reports: "https://github.com/mirleft/ocaml-tls/issues" +doc: "https://mirleft.github.io/ocaml-tls/doc" +maintainer: ["Hannes Mehnert " "David Kaloper "] +license: "BSD-2-Clause" + +build: [ + ["dune" "subst"] {dev} + ["dune" "build" "-p" name "-j" jobs] + ["dune" "runtest" "-p" name "-j" jobs] {with-test} +] + +depends: [ + "ocaml" {>= "4.08.0"} + "dune" {>= "1.0"} + "tls" {= version} + "x509" {>= "0.13.0"} + "fmt" + "lwt" {>= "3.0.0"} + "mirage-flow" {>= "2.0.0"} + "mirage-kv" {>= "3.0.0"} + "mirage-clock" {>= "3.0.0"} + "ptime" {>= "0.8.1"} + "mirage-crypto" + "mirage-crypto-pk" +] +tags: [ "org:mirage"] +synopsis: "Transport Layer Security purely in OCaml, MirageOS layer" +description: """ +Tls-mirage provides an effectful FLOW module to be used in the MirageOS +ecosystem. +""" +authors: [ + "David Kaloper " "Hannes Mehnert " +] +url { + src: + "https://github.com/mirleft/ocaml-tls/releases/download/v0.14.0/tls-v0.14.0.tbz" + checksum: [ + "sha256=1c09048710927a83a88ebc8b89263691cacff52b31081a214e88df79a8b655d8" + "sha512=4daf0569ad26b1fabdfc8a5c377998250c7bfe715839b68545632057ac88ee5bab785fed98eff639bae1490394c89f21cc92e26c6c1018b3f29c6ce9627db2e1" + ] +} +x-commit-hash: "91aa06fb7acaf3af758f0a59dce6ba0a02bba6cb" diff --git a/packages/tls/tls.0.14.0/opam b/packages/tls/tls.0.14.0/opam new file mode 100644 index 000000000000..775857e141be --- /dev/null +++ b/packages/tls/tls.0.14.0/opam @@ -0,0 +1,69 @@ +opam-version: "2.0" +homepage: "https://github.com/mirleft/ocaml-tls" +dev-repo: "git+https://github.com/mirleft/ocaml-tls.git" +bug-reports: "https://github.com/mirleft/ocaml-tls/issues" +doc: "https://mirleft.github.io/ocaml-tls/doc" +maintainer: ["Hannes Mehnert " "David Kaloper "] +license: "BSD-2-Clause" + +build: [ + ["dune" "subst"] {dev} + ["dune" "build" "-p" name "-j" jobs] + ["dune" "runtest" "-p" name "-j" jobs] {with-test} +] + +depends: [ + "ocaml" {>= "4.08.0"} + "dune" {>= "1.0"} + "ppx_sexp_conv" {>= "v0.9.0"} + "ppx_cstruct" {>= "3.0.0"} + "cstruct" {>= "6.0.0"} + "cstruct-sexp" + "sexplib" + "mirage-crypto" {>= "0.8.1"} + "mirage-crypto-ec" {>= "0.10.0"} + "mirage-crypto-pk" + "mirage-crypto-rng" {>= "0.8.0"} + "x509" {>= "0.13.0"} + "domain-name" {>= "0.3.0"} + "fmt" + "rresult" + "cstruct-unix" {with-test & >= "3.0.0"} + "ounit2" {with-test & >= "2.2.0"} + "lwt" {>= "3.0.0"} + "ptime" {>= "0.8.1"} + "hkdf" + "logs" + "alcotest" {with-test} + "randomconv" {with-test} +] + +tags: [ "org:mirage"] +synopsis: "Transport Layer Security purely in OCaml" +description: """ +Transport Layer Security (TLS) is probably the most widely deployed security +protocol on the Internet. It provides communication privacy to prevent +eavesdropping, tampering, and message forgery. Furthermore, it optionally +provides authentication of the involved endpoints. TLS is commonly deployed for +securing web services ([HTTPS](http://tools.ietf.org/html/rfc2818)), emails, +virtual private networks, and wireless networks. + +TLS uses asymmetric cryptography to exchange a symmetric key, and optionally +authenticate (using X.509) either or both endpoints. It provides algorithmic +agility, which means that the key exchange method, symmetric encryption +algorithm, and hash algorithm are negotiated. + +Read [further](https://nqsb.io) and our [Usenix Security 2015 paper](https://usenix15.nqsb.io). +""" +authors: [ + "David Kaloper " "Hannes Mehnert " +] +url { + src: + "https://github.com/mirleft/ocaml-tls/releases/download/v0.14.0/tls-v0.14.0.tbz" + checksum: [ + "sha256=1c09048710927a83a88ebc8b89263691cacff52b31081a214e88df79a8b655d8" + "sha512=4daf0569ad26b1fabdfc8a5c377998250c7bfe715839b68545632057ac88ee5bab785fed98eff639bae1490394c89f21cc92e26c6c1018b3f29c6ce9627db2e1" + ] +} +x-commit-hash: "91aa06fb7acaf3af758f0a59dce6ba0a02bba6cb" From 93ba70980756021a3d60235e4e33fef875e5b013 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 2 Aug 2021 11:50:39 +0200 Subject: [PATCH 2/3] tls-async: fix lower bound (requires x509 0.14.0) paf & conduit-lwt-unix: restrict to earlier tls versions --- packages/conduit-lwt-unix/conduit-lwt-unix.4.0.0/opam | 1 + packages/paf/paf.0.0.3/opam | 2 +- packages/paf/paf.0.0.4/opam | 2 +- packages/tls-async/tls-async.0.14.0/opam | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/conduit-lwt-unix/conduit-lwt-unix.4.0.0/opam b/packages/conduit-lwt-unix/conduit-lwt-unix.4.0.0/opam index b10a15a21b1f..dc25556845d3 100644 --- a/packages/conduit-lwt-unix/conduit-lwt-unix.4.0.0/opam +++ b/packages/conduit-lwt-unix/conduit-lwt-unix.4.0.0/opam @@ -26,6 +26,7 @@ depends: [ depopts: ["tls" "lwt_ssl" "launchd"] conflicts: [ "tls" {< "0.13.0"} + "tls" {>= "0.14.0"} "ssl" {< "0.5.9"} ] build: [ diff --git a/packages/paf/paf.0.0.3/opam b/packages/paf/paf.0.0.3/opam index 722fa3cf8415..29d4d27651f0 100644 --- a/packages/paf/paf.0.0.3/opam +++ b/packages/paf/paf.0.0.3/opam @@ -36,7 +36,7 @@ depends: [ "duration" {>= "0.1.3"} "faraday" {>= "0.7.2"} "ipaddr" {>= "5.0.1"} - "tls" {>= "0.13.0"} + "tls" {>= "0.13.0" & < "0.14.0"} "x509" {>= "0.13.0"} ] build: ["dune" "build" "-p" name "-j" jobs] diff --git a/packages/paf/paf.0.0.4/opam b/packages/paf/paf.0.0.4/opam index afe3e8c5d4c9..ecf86a39cfbb 100644 --- a/packages/paf/paf.0.0.4/opam +++ b/packages/paf/paf.0.0.4/opam @@ -35,7 +35,7 @@ depends: [ "duration" {>= "0.1.3"} "faraday" {>= "0.7.2"} "ipaddr" {>= "5.0.1"} - "tls" {>= "0.13.0"} + "tls" {>= "0.13.0" & < "0.14.0"} "x509" {>= "0.13.0"} ] build: ["dune" "build" "-p" name "-j" jobs] diff --git a/packages/tls-async/tls-async.0.14.0/opam b/packages/tls-async/tls-async.0.14.0/opam index 36e815880b92..1e014849f799 100644 --- a/packages/tls-async/tls-async.0.14.0/opam +++ b/packages/tls-async/tls-async.0.14.0/opam @@ -16,7 +16,7 @@ depends: [ "ocaml" {>= "4.08.0"} "dune" {>= "1.0"} "tls" {= version} - "x509" {>= "0.13.0"} + "x509" {>= "0.14.0"} "ptime" {>= "0.8.1"} "async" {>= "v0.14"} "async_find" {>= "v0.14"} From 6cd527bd68fbcb7cb19131872838444fef59cf10 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 2 Aug 2021 12:11:16 +0200 Subject: [PATCH 3/3] conduit-lwt-unix 2.2.2: restrict to earlier tls --- packages/conduit-lwt-unix/conduit-lwt-unix.2.2.2/opam | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/conduit-lwt-unix/conduit-lwt-unix.2.2.2/opam b/packages/conduit-lwt-unix/conduit-lwt-unix.2.2.2/opam index 021d3139e4ba..641325ef7439 100644 --- a/packages/conduit-lwt-unix/conduit-lwt-unix.2.2.2/opam +++ b/packages/conduit-lwt-unix/conduit-lwt-unix.2.2.2/opam @@ -21,6 +21,7 @@ depends: [ depopts: ["tls" "lwt_ssl" "launchd"] conflicts: [ "tls" {< "0.12.2"} + "tls" {>= "0.14.0"} "ssl" {< "0.5.9"} ] build: [