It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.
server_of_fd server fd is
t, after server-side TLS handshake of
val client_of_fd : Tls.Config.client -> ?host:[ `host ] Domain_name.t -> Lwt_unix.file_descr -> t Lwt.t
client_of_fd client ~host fd is
t, after client-side TLS handshake of
client configuration and
accept server fd is
t, sockaddr, after accepting a client on
fd and upgrading to a TLS connection.
connect client (host, port) is
t, after successful connection to
port and TLS upgrade.
read t buffer is
length, the number of bytes read into
read_bytes t bytes offset len is
read_bytes, the amount of bytes read.
write_bytes t bytes offset length writes
length bytes of
bytes starting at
offset to the session.
close t closes the TLS session by sending a close notify to the peer.
val reneg : ?authenticator:X509.Authenticator.t -> ?acceptable_cas:X509.Distinguished_name.t list -> ?cert:Tls.Config.own_cert -> ?drop:bool -> t -> unit Lwt.t
reneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished. Optionally, a new
acceptable_cas can be used. The own certificate can be adjusted by
true (the default), application data received before the renegotiation finished is dropped.
key_update ~request t updates the traffic key and requests a traffic key update from the peer if
request is provided and
true (the default). This is only supported in TLS 1.3.