continue #395 -- fix compilation in case of tls.dummy is used #404
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hannesm
added a commit
to hannesm/opam-repository
that referenced
this pull request
Oct 9, 2021
…and conduit-async (4.0.2) CHANGES: * Adapt conduit-mirage to tls 0.15.0 (@hannesm mirage/ocaml-conduit#404) * Remove Conduit_mirage.Endpoint.ok_authenticator (@hannesm mirage/ocaml-conduit#404) * Now Conduit_mirage.Endpoint.server does not use an authenticator - and thus not request a client certificate (@hannesm mirage/ocaml-conduit#404)
this fixes compilation without the tls library (improving mirage#395 @craigfe)
hannesm
changed the title
dinosaure
approved these changes
Oct 9, 2021
|
thanks, I figured the "use lazy for trust anchors" change hasn't been released at all, so I went ahead with the other change (adapt to tls 0.15.0) merged into the main branch, and released 4.0.2 with only that change. whoever is pushing for the lazy trust anchors, please do so and go ahead (I've no clue whether this impacts any API users / what version number should be assigned). |
|
part of #407 |
hannesm
added a commit
to hannesm/opam-repository
that referenced
this pull request
Oct 20, 2021
…and conduit-async (5.0.0) CHANGES: * change the type of `Conduit_lwt_tls.X509.default_authenticator` and `Conduit_lwt_unix.default_ctx` to be lazy, avoiding various side-effects (system interactions, logging) due to constructing these values at initialisation time. (@craigfe, mirage/ocaml-conduit#395 mirage/ocaml-conduit#404) * Adapt conduit-mirage to dns-client 6.0.0 API (mirage/ocaml-conduit#406 @hannesm) * Use Lwt.pause instead of Lwt_unix.yield (mirage/ocaml-conduit#403 @MisterDA) * Avoid deprecated Fmt.kstrf (mirage/ocaml-conduit#407 @hannesm)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the PR #395 was partial - using tls.dummy.ml lead to compilation errors (since Lazy.force was used on a value
()).//cc @craigfe
Also, theok_authenticatorwas removed -- for common operations client certificates are not required (so thetls_authenticatorpassed toserveris by defaultNone). This makes conduit compatible with recent X509 (& tls) releases 0.15.0 - but still maintain backwards compatibility.the other change above -- tls 0.15.0 compatibility -- was merged into master and released independently of this PR.