From 247bc56cb347d1fe78b3f8191367fd8d85425b87 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Thu, 29 Aug 2024 09:27:43 +0200 Subject: [PATCH] update to TLS 1.0.0 (and mirage-crypto 1.0.0) API --- git-mirage.opam | 8 ++++---- git-paf.opam | 6 +++--- git-unix.opam | 4 ++-- git.opam | 2 +- src/git-mirage/git_mirage_http.ml | 28 ++++++++++++++++------------ src/git-mirage/git_mirage_ssh.ml | 12 ++++++------ src/git-unix/git_unix_mimic.ml | 8 +++++--- 7 files changed, 37 insertions(+), 31 deletions(-) diff --git a/git-mirage.opam b/git-mirage.opam index 1cb942860..9637da634 100644 --- a/git-mirage.opam +++ b/git-mirage.opam @@ -18,15 +18,15 @@ depends: [ "awa-mirage" {>= "0.2.0"} "dns" {>= "6.1.3"} "dns-client" {>= "6.1.3"} - "tls" - "tls-mirage" + "tls" {>= "1.0.0"} + "tls-mirage" {>= "1.0.0"} "uri" "happy-eyeballs-mirage" {>= "0.1.2"} "happy-eyeballs" {>= "0.1.2"} "ca-certs-nss" - "mirage-crypto" + "mirage-crypto" {>= "1.0.0"} "ptime" - "x509" {>= "0.16.2"} + "x509" {>= "1.0.0"} "cstruct" "tcpip" {>= "7.0.0"} "domain-name" {>= "0.3.0"} diff --git a/git-paf.opam b/git-paf.opam index a54776d1f..1e9c24d88 100644 --- a/git-paf.opam +++ b/git-paf.opam @@ -11,7 +11,7 @@ depends: [ "dune" {>= "2.8.0"} "git" {= version} "mimic" {>= "0.0.4"} - "paf" {>= "0.2.0"} + "paf" {>= "0.7.0"} "ca-certs-nss" "fmt" "ipaddr" @@ -21,13 +21,13 @@ depends: [ "tcpip" {>= "7.0.0"} "mirage-time" "rresult" {>= "0.7.0"} - "tls" {>= "0.14.0"} + "tls" {>= "1.0.0"} "uri" "bigstringaf" "domain-name" "httpaf" "mirage-flow" {>= "4.0.0"} - "tls-mirage" + "tls-mirage" {>= "1.0.0"} ] conflicts: [ "result" {< "1.5"} ] build: [ diff --git a/git-unix.opam b/git-unix.opam index 0e2bfc30d..af3d7d605 100644 --- a/git-unix.opam +++ b/git-unix.opam @@ -40,9 +40,9 @@ depends: [ "cstruct" {>= "6.0.0"} "mirage-flow" {>= "4.0.0"} "ke" {>= "0.4" & with-test} - "mirage-crypto-rng" {>= "0.11.0" & with-test} + "mirage-crypto-rng" {>= "1.0.0" & with-test} "mimic" {>= "0.0.8"} - "tls" {>= "0.14.0"} + "tls" {>= "1.0.0"} ] conflicts: [ "result" {< "1.5"} ] build: [ diff --git a/git.opam b/git.opam index ad8b5f6a1..29896c640 100644 --- a/git.opam +++ b/git.opam @@ -40,7 +40,7 @@ depends: [ "encore" {>= "0.8"} "alcotest" {with-test & >= "1.1.0"} "alcotest-lwt" {with-test & >= "1.1.0"} - "mirage-crypto-rng" {with-test & >= "0.8.0"} + "mirage-crypto-rng" {with-test & >= "1.0.0"} "cmdliner" {with-test & >= "1.1.0"} "base-unix" {with-test} "hxd" {>= "0.3.2"} diff --git a/src/git-mirage/git_mirage_http.ml b/src/git-mirage/git_mirage_http.ml index 4cf729b6c..ca63cf7ab 100644 --- a/src/git-mirage/git_mirage_http.ml +++ b/src/git-mirage/git_mirage_http.ml @@ -270,23 +270,27 @@ struct match NSS.authenticator () with | Ok authenticator -> authenticator | Error (`Msg err) -> - print_endline ("[git-mirage-http] NSS authenticator error: " ^ err); - exit 64) + print_endline ("[git-mirage-http] NSS authenticator error: " ^ err); + exit 64) | Some str -> ( match X509.Authenticator.of_string str with | Ok auth -> auth time | Error (`Msg msg) -> - print_endline ("[git-mirage-http] authenticator error: " ^ msg); - exit 64) + print_endline ("[git-mirage-http] authenticator error: " ^ msg); + exit 64) in - let tls = Tls.Config.client ~authenticator () in - let ctx = Mimic.add git_mirage_http_tls_config tls ctx in - let ctx = - Option.fold ~none:ctx - ~some:(fun headers -> Mimic.add git_mirage_http_headers headers ctx) - headers - in - Lwt.return ctx + match Tls.Config.client ~authenticator () with + | Error (`Msg msg) -> + print_endline ("[git-mirage-http] tls error: " ^ msg); + exit 64 + | Ok tls -> + let ctx = Mimic.add git_mirage_http_tls_config tls ctx in + let ctx = + Option.fold ~none:ctx + ~some:(fun headers -> Mimic.add git_mirage_http_headers headers ctx) + headers + in + Lwt.return ctx let ctx = Mimic.empty end diff --git a/src/git-mirage/git_mirage_ssh.ml b/src/git-mirage/git_mirage_ssh.ml index cd99e1258..9c0bae145 100644 --- a/src/git-mirage/git_mirage_ssh.ml +++ b/src/git-mirage/git_mirage_ssh.ml @@ -151,19 +151,19 @@ struct let ctx = match authenticator with | Some (Error err) -> - print_endline ("[git-mirage-ssh] authenticator error: " ^ err); - exit 64 + print_endline ("[git-mirage-ssh] authenticator error: " ^ err); + exit 64 | Some (Ok authenticator) -> Mimic.add git_mirage_ssh_authenticator authenticator ctx | None -> ctx in match key, password with | Some (Error (`Msg err)), _ -> - print_endline ("[git-mirage-ssh] ssh key error: " ^ err); - exit 64 + print_endline ("[git-mirage-ssh] ssh key error: " ^ err); + exit 64 | Some _, Some _ -> - print_endline "[git-mirage-ssh] both key and password provided"; - exit 64 + print_endline "[git-mirage-ssh] both key and password provided"; + exit 64 | Some (Ok key), None -> let ctx = Mimic.add git_mirage_ssh_key key ctx in Lwt.return ctx diff --git a/src/git-unix/git_unix_mimic.ml b/src/git-unix/git_unix_mimic.ml index b95ec75c9..03b4870ba 100644 --- a/src/git-unix/git_unix_mimic.ml +++ b/src/git-unix/git_unix_mimic.ml @@ -8,9 +8,11 @@ module Happy_eyeballs = struct let happy_eyeballs = Mimic.make ~name:"happy-eyeballs-lwt" - let resolve t ?aaaa_timeout ?connect_delay ?connect_timeout ?resolve_timeout ?resolve_retries addr ports = - Happy_eyeballs_lwt.connect ?aaaa_timeout ?connect_delay ?connect_timeout ?resolve_timeout ?resolve_retries - t addr ports >|= Rresult.R.open_error_msg + let resolve t ?aaaa_timeout ?connect_delay ?connect_timeout ?resolve_timeout + ?resolve_retries addr ports = + Happy_eyeballs_lwt.connect ?aaaa_timeout ?connect_delay ?connect_timeout + ?resolve_timeout ?resolve_retries t addr ports + >|= Rresult.R.open_error_msg end module TCP = struct