upstream: github.com/mirage/ca-certs
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge pull request #18 from hannesm/ci

CI fixes, x509 0.13.0

authored by

Hannes Mehnert and committed by
GitHub
0897b71d 81415a1a

+18 -18
+1 -1
.ocamlformat
··· 1 - version = 0.15.0 1 + version = 0.18.0 2 2 profile=conventional
+3 -3
ca-certs.opam
··· 23 23 "ptime" 24 24 "logs" 25 25 "mirage-crypto" 26 - "x509" {>= "0.11.0"} 27 - "ocaml" {>= "4.07.0"} 26 + "x509" {>= "0.13.0"} 27 + "ocaml" {>= "4.08.0"} 28 28 "alcotest" {with-test} 29 29 ] 30 30 dev-repo: "git+https://github.com/mirage/ca-certs.git" 31 31 build: [ 32 - ["dune" "subst"] {pinned} 32 + ["dune" "subst"] {dev} 33 33 [ 34 34 "dune" 35 35 "build"
+1 -1
ca-certs.opam.template
··· 1 1 build: [ 2 - ["dune" "subst"] {pinned} 2 + ["dune" "subst"] {dev} 3 3 [ 4 4 "dune" 5 5 "build"
+2 -2
dune-project
··· 12 12 (name ca-certs) 13 13 (depends 14 14 astring bos fpath rresult ptime logs mirage-crypto 15 - (x509 (>= 0.11.0)) 16 - (ocaml (>= 4.07.0)) 15 + (x509 (>= 0.13.0)) 16 + (ocaml (>= 4.08.0)) 17 17 (alcotest :with-test)) 18 18 (synopsis "Detect root CA certificates from the operating system") 19 19 (description
+7 -7
lib/ca_certs.ml
··· 16 16 | _ -> 17 17 Error 18 18 (`Msg 19 - ( "ca-certs: no trust anchor file found, looked into " ^ path ^ ".\n" 20 - ^ issue )) 19 + ("ca-certs: no trust anchor file found, looked into " ^ path ^ ".\n" 20 + ^ issue)) 21 21 22 22 let detect_list paths = 23 23 let rec one = function 24 24 | [] -> 25 25 Error 26 26 (`Msg 27 - ( "ca-certs: no trust anchor file found, looked into " 28 - ^ String.concat ", " paths ^ ".\n" ^ issue )) 27 + ("ca-certs: no trust anchor file found, looked into " 28 + ^ String.concat ", " paths ^ ".\n" ^ issue)) 29 29 | path :: paths -> ( 30 - match detect_one path with Ok data -> Ok data | Error _ -> one paths ) 30 + match detect_one path with Ok data -> Ok data | Error _ -> one paths) 31 31 in 32 32 one paths 33 33 ··· 95 95 Bos.OS.Cmd.(run_out cmd |> out_string |> success) 96 96 | s -> Error (`Msg ("ca-certs: unknown system " ^ s ^ ".\n" ^ issue)) 97 97 98 - let authenticator ?crls ?hash_whitelist () = 98 + let authenticator ?crls ?allowed_hashes () = 99 99 let open Rresult.R.Infix in 100 100 trust_anchors () >>= fun data -> 101 101 let time () = Some (Ptime_clock.now ()) in ··· 119 119 let cas = List.rev cas in 120 120 match cas with 121 121 | [] -> Error (`Msg ("ca-certs: empty trust anchors.\n" ^ issue)) 122 - | _ -> Ok (X509.Authenticator.chain_of_trust ?crls ?hash_whitelist ~time cas) 122 + | _ -> Ok (X509.Authenticator.chain_of_trust ?crls ?allowed_hashes ~time cas)
+4 -4
lib/ca_certs.mli
··· 1 1 val authenticator : 2 2 ?crls:X509.CRL.t list -> 3 - ?hash_whitelist:Mirage_crypto.Hash.hash list -> 3 + ?allowed_hashes:Mirage_crypto.Hash.hash list -> 4 4 unit -> 5 5 (X509.Authenticator.t, [> `Msg of string ]) result 6 - (** [authenticator ~crls ~hash_whitelist ()] detects the root CAs (trust 6 + (** [authenticator ~crls ~allowed_hashes ()] detects the root CAs (trust 7 7 anchors) in the operating system's trust store using {!trust_anchors}. It 8 8 constructs an authenticator with the current timestamp {!Ptime_clock.now}, 9 - and the provided [~crls] and [~hash_whitelist] arguments, to be used for 10 - {!Tls.Config.client}. 9 + and the provided [~crls] and [~allowed_hashes] arguments. The resulting 10 + authenticator can be used for {!Tls.Config.client}. 11 11 Returns [Error `Msg msg] if detection did not succeed. *) 12 12 13 13 val trust_anchors : unit -> (string, [> `Msg of string ]) result