cohttp-eio: Use system authenticator in example

CHANGES.md

@@ -1,5 +1,6 @@
 ## Unreleased
 
+- cohttp-eio: Use system authenticator in example.
 - http, cohttp: remove the scheme field from requests. This means that
   [Request.uri] no longer returns the same URI as was to create the request
   with [Request.make] (@rgrinberg 1086)

cohttp-eio.opam

@@ -30,6 +30,7 @@ depends: [
   "uri"
   "tls-eio" {with-test & >= "1.0.0"}
   "mirage-crypto-rng-eio" {with-test & >= "0.11.2"}
+  "ca-certs" {with-test & >= "1.0.0"}
   "fmt"
   "ptime"
   "http" {= version}

cohttp-eio/examples/client_tls.ml

@@ -1,13 +1,16 @@
 open Cohttp_eio
 
+let authenticator =
+  match Ca_certs.authenticator () with
+  | Ok x -> x
+  | Error (`Msg m) ->
+      Fmt.failwith "Failed to create system store X509 authenticator: %s" m
+
 let () =
   Logs.set_reporter (Logs_fmt.reporter ());
   Logs_threaded.enable ();
   Logs.Src.set_level Cohttp_eio.src (Some Debug)
 
-let null_auth ?ip:_ ~host:_ _ =
-  Ok None (* Warning: use a real authenticator in your code! *)
-
 let https ~authenticator =
   let tls_config =
     match Tls.Config.client ~authenticator () with
@@ -24,9 +27,7 @@ let https ~authenticator =
 let () =
   Eio_main.run @@ fun env ->
   Mirage_crypto_rng_eio.run (module Mirage_crypto_rng.Fortuna) env @@ fun () ->
-  let client =
-    Client.make ~https:(Some (https ~authenticator:null_auth)) env#net
-  in
+  let client = Client.make ~https:(Some (https ~authenticator)) env#net in
   Eio.Switch.run @@ fun sw ->
   let resp, body =
     Client.get ~sw client (Uri.of_string "https://example.com")

cohttp-eio/examples/dune

@@ -9,6 +9,7 @@
   logs.fmt
   logs.threaded
   tls-eio
+  ca-certs
   mirage-crypto-rng-eio))
 
 (alias

dune-project

@@ -381,6 +381,7 @@
   uri
   (tls-eio (and :with-test (>= 1.0.0)))
   (mirage-crypto-rng-eio (and :with-test (>= 0.11.2)))
+  (ca-certs (and :with-test  (>= "1.0.0")))
   fmt
   ptime
   (http