Build History for branch/main

changes for 1.0.2

tls-lwt: read add an optional ?off argument (#510) * tls-lwt: read has an optional ?off argument * add a check for off, as proposed by @reynir

Merge pull request #509 from hannesm/use-kdf Use kdf instead of hkdf

changes for 1.0.1

Merge pull request #508 from dinosaure/fix-fd-leak Fix file-descriptor leak into the miou impl. spotted by httpcats

Merge pull request #507 from dinosaure/fix-32bits Fix the test on x86_32 architecture where our test is a bit too fast between the creation of the certificate and the authenticator called by the TLS handshake

Merge pull request #506 from hannesm/miou-bound miou: lower bound to miou.0.3; tls: mark unavailable on arm32

changes for 1.0.0

Add the miou implementation (#503) * Add the Miou implementation of TLS

TLS over an existing connection (#499) * TLS over Lwt_io.channel * tls-async: TLS over Reader/Writer * tls-lwt: server TLS over Lwt_io.channels

Merge pull request #505 from hannesm/janitor reduce the errors

require mirage-crypto 1.1.0 (since in 1.0.0 AES-CCM is broken) (#504) * require mirage-crypto 1.1.0 (since in 1.0.0 AES-CCM is broken) * require ocaml 4.13 (using String.get_uint8)

Tls: in Config.{client,server} avoid raising an exception (#502) * Tls: in Config.{client,server} avoid raising an exception Instead, a result value is returned. Addresses #411

TLS without `cstruct` (#497) Instead of using cstruct (bigarray-backed memory), we use string and bytes where appropriate. This brings ocaml-tls on par with mirage-crypto 1.0.0 series and x509 1.0.0 (also asn1-combinators 0.3.0). The tls-eio and tls-mirage still use cstruct to provide the API dictated by eio/mirage-flow. It is noteworthy that we still have various performance possibilities now (remove allocations, encrypt/decrypt_into, ...), and also the resulting bench/speed.exe is already more performant than the earlier one. Since this is a breaking change, we will bump the major version of TLS. Co-authored-by: Hannes Mehnert <hannes@mehnert.org> Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Co-authored-by: ArthurW <arthur@tarides.com>

Add a benchmark for throughput and handshakes (#500) * based on @reynir's work in MirageVPN * à la mirage-crypto to see the throughput and handshake/s of ocaml-tls * output are markdown tables Co-authored-by: Calascibetta Romain <romain.calascibetta@gmail.com>

Merge pull request #501 from hannesm/fix-feedback tests/feedback: fix for TLS 1.3, run as test

Merge pull request #498 from MisterDA/update-upper-bounds Update upper bounds on mirage-crypo and hkdf

changes for 0.17.5

Merge pull request #496 from hannesm/channel-binding support channel bindings (RFC 5929, 9266)

Merge pull request #495 from hannesm/fix Fix eporter secret computations

Merge pull request #492 from reynir/send_application_data-ready Document why Tls.Engine.send_application_data is None

add 489 to changes

Implement Eio.Resource.Close (#489) * Implement Eio.Resource.Close. * Require that the underlying socket implements Eio.Resource.Close.

changes for 0.17.4 release

Shutdown (#488) * tls-mirage: do not FLOW.close on error this is the responsibility of the caller (esp. since we'll have half-closed flows soon) * refine engine for shutdown * Engine: guard functions with write_closed * lwt: adapt to shutdown API * lwt: only open Lwt.Infix, not Lwt * tls-lwt: improve failure message * tls-lwt: use reraise instead of fail * tls-mirage support for shutdown * tls-mirage: eof on read_closed * tls-mirage: only close in close * minimal changes to get eio and async compiling * randomconv dependency: move to tls-lwt, restrict to < 0.2.0 * tls-lwt: add ptime dependency * read: a closed results in eof * tls-eio: update for new shutdown system This is a direct port of the changes to tls-lwt to tls-eio. * tls-eio: update fuzz tests to test half-shutdown --------- Co-authored-by: Thomas Leonard <talex5@gmail.com>

changes from 487