Merge pull request #399 from mirage/prepare-v4.0.1

Prepare v4.0.1
mirage · Aug 8, 2021 · 174e320 · 174e320
2 parents 959f57a + 76424aa
commit 174e320
Show file tree

Hide file tree

Showing 12 changed files with 39 additions and 35 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,11 +1,9 @@
-## Unreleased
+## v4.0.1 (2021-08-06)
 
-* change the type of `Conduit_lwt_tls.X509.default_authenticator` and
-  `Conduit_lwt_unix.default_ctx` to be lazy, avoiding various side-effects
-  (system interactions, logging) due to constructing these values at
-  initialisation time. (@craigfe, #395)
-
-* Add missing `ipaddr-sexp` dependency on conduit-async (#385 @anmonteiro)
+* Add missing `ipaddr-sexp` dependency on conduit-async (#385, @anmonteiro)
+* Update the link of the documentation (959f57a & #398, reported by @misterfish, @zshipko, @dinosaure)
+* Gitignore `opam/` even if it is a symlink (#394, @CraigFe, @avsm)
+* Adapt `conduit-lwt-unix` to `tls.0.14.0` (#396, @hannesm, @dinosaure)
 
 ## v4.0.0 (2021-04-15)
 

diff --git a/conduit-async.opam b/conduit-async.opam
@@ -9,7 +9,7 @@ homepage: "https://github.com/mirage/ocaml-conduit"
 bug-reports: "https://github.com/mirage/ocaml-conduit/issues"
 depends: [
   "ocaml" {>= "4.03.0"}
-  "dune"
+  "dune" {>= "2.0"}
   "core"
   "uri" {>= "4.0.0"}
   "ppx_here" {>= "v0.9.0"}
@@ -25,7 +25,7 @@ conflicts: [
   "async_ssl" {< "v0.9.0"}
 ]
 build: [
-  ["dune" "subst"] {pinned}
+  ["dune" "subst"] {dev}
   ["dune" "build" "-p" name "-j" jobs]
 ]
 dev-repo: "git+https://github.com/mirage/ocaml-conduit.git"

diff --git a/conduit-lwt-unix.opam b/conduit-lwt-unix.opam
@@ -9,7 +9,7 @@ homepage: "https://github.com/mirage/ocaml-conduit"
 bug-reports: "https://github.com/mirage/ocaml-conduit/issues"
 depends: [
   "ocaml" {>= "4.07.0"}
-  "dune"
+  "dune" {>= "2.0"}
   "base-unix"
   "logs"
   "ppx_sexp_conv" {>="v0.13.0"}
@@ -25,11 +25,11 @@ depends: [
 ]
 depopts: ["tls" "lwt_ssl" "launchd"]
 conflicts: [
-  "tls" {< "0.13.0"}
+  "tls" {< "0.14.0"}
   "ssl" {< "0.5.9"}
 ]
 build: [
-  ["dune" "subst"] {pinned}
+  ["dune" "subst"] {dev}
   ["dune" "build" "-p" name "-j" jobs]
 ]
 dev-repo: "git+https://github.com/mirage/ocaml-conduit.git"

diff --git a/conduit-lwt.opam b/conduit-lwt.opam
@@ -9,15 +9,15 @@ homepage: "https://github.com/mirage/ocaml-conduit"
 bug-reports: "https://github.com/mirage/ocaml-conduit/issues"
 depends: [
   "ocaml" {>= "4.03.0"}
-  "dune"
+  "dune" {>= "2.0"}
   "base-unix"
   "ppx_sexp_conv" {>="v0.13.0"}
   "sexplib"
   "conduit" {=version}
   "lwt" {>= "3.0.0"}
 ]
 build: [
-  ["dune" "subst"] {pinned}
+  ["dune" "subst"] {dev}
   ["dune" "build" "-p" name "-j" jobs]
 ]
 dev-repo: "git+https://github.com/mirage/ocaml-conduit.git"

diff --git a/conduit-mirage.opam b/conduit-mirage.opam
@@ -7,7 +7,7 @@ homepage: "https://github.com/mirage/ocaml-conduit"
 bug-reports: "https://github.com/mirage/ocaml-conduit/issues"
 depends: [
   "ocaml" {>= "4.07.0"}
-  "dune"
+  "dune" {>= "2.0"}
   "ppx_sexp_conv" {>="v0.13.0"}
   "sexplib"
   "uri" {>= "4.0.0"}
@@ -34,7 +34,7 @@ conflicts: [
 ]
 
 build: [
-  ["dune" "subst"] {pinned}
+  ["dune" "subst"] {dev}
   ["dune" "build" "-p" name "-j" jobs]
   ["dune" "runtest" "-p" name] {with-test}
 ]

diff --git a/conduit.opam b/conduit.opam
@@ -10,7 +10,7 @@ doc: "https://mirage.github.io/ocaml-conduit/"
 bug-reports: "https://github.com/mirage/ocaml-conduit/issues"
 depends: [
   "ocaml" {>= "4.03.0"}
-  "dune"
+  "dune" {>= "2.0"}
   "ppx_sexp_conv" {>="v0.13.0"}
   "sexplib"
   "astring"
@@ -20,7 +20,7 @@ depends: [
   "ipaddr-sexp"
 ]
 build: [
-  ["dune" "subst"] {pinned}
+  ["dune" "subst"] {dev}
   ["dune" "build" "-p" name "-j" jobs]
 ]
 dev-repo: "git+https://github.com/mirage/ocaml-conduit.git"

diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.dummy.mli b/src/conduit-lwt-unix/conduit_lwt_tls.dummy.mli
@@ -30,7 +30,7 @@ module Client : sig
     ?src:Lwt_unix.sockaddr ->
     ?certificates:'a ->
     authenticator:X509.authenticator ->
-    string ->
+    [ `host ] Domain_name.t ->
     Lwt_unix.sockaddr ->
     (Lwt_unix.file_descr * Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t
 end

diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.real.ml b/src/conduit-lwt-unix/conduit_lwt_tls.real.ml
@@ -23,10 +23,9 @@ module X509 = struct
   type authenticator = X509.Authenticator.t
 
   let default_authenticator =
-    lazy
-      (match Ca_certs.authenticator () with
-      | Ok a -> a
-      | Error (`Msg msg) -> failwith msg)
+    match Ca_certs.authenticator () with
+    | Ok a -> a
+    | Error (`Msg msg) -> failwith msg
 end
 
 module Client = struct

diff --git a/src/conduit-lwt-unix/conduit_lwt_tls.real.mli b/src/conduit-lwt-unix/conduit_lwt_tls.real.mli
@@ -23,15 +23,15 @@ module X509 : sig
 
   type authenticator = X509.Authenticator.t
 
-  val default_authenticator : authenticator Lazy.t
+  val default_authenticator : authenticator
 end
 
 module Client : sig
   val connect :
     ?src:Lwt_unix.sockaddr ->
     ?certificates:Tls.Config.own_cert ->
     authenticator:X509.authenticator ->
-    string ->
+    [ `host ] Domain_name.t ->
     Lwt_unix.sockaddr ->
     (Lwt_unix.file_descr * Lwt_io.input_channel * Lwt_io.output_channel) Lwt.t
 end

diff --git a/src/conduit-lwt-unix/conduit_lwt_unix.ml b/src/conduit-lwt-unix/conduit_lwt_unix.ml
@@ -149,16 +149,14 @@ let flow_of_fd fd sa =
       TCP { fd; ip = Ipaddr_unix.of_inet_addr ip; port }
 
 let default_ctx =
-  lazy
-    {
-      src = None;
-      tls_own_key = `None;
-      tls_authenticator = Lazy.force Conduit_lwt_tls.X509.default_authenticator;
-    }
+  {
+    src = None;
+    tls_own_key = `None;
+    tls_authenticator = Conduit_lwt_tls.X509.default_authenticator;
+  }
 
 let init ?src ?(tls_own_key = `None)
-    ?(tls_authenticator = Lazy.force Conduit_lwt_tls.X509.default_authenticator)
-    () =
+    ?(tls_authenticator = Conduit_lwt_tls.X509.default_authenticator) () =
   match src with
   | None -> Lwt.return { src = None; tls_own_key; tls_authenticator }
   | Some host -> (
@@ -264,6 +262,15 @@ let connect_with_tls_native ~ctx (`Hostname hostname, `IP ip, `Port port) =
       Conduit_lwt_tls.X509.private_of_pems ~cert ~priv_key
       >|= fun certificate -> Some (`Single certificate))
   >>= fun certificates ->
+  let hostname =
+    try Domain_name.(host_exn (of_string_exn hostname))
+    with Invalid_argument msg ->
+      let s =
+        Printf.sprintf "couldn't convert %s to a [`host] Domain_name.t: %s"
+          hostname msg
+      in
+      invalid_arg s
+  in
   Conduit_lwt_tls.Client.connect ?src:ctx.src ?certificates
     ~authenticator:ctx.tls_authenticator hostname sa
   >|= fun (fd, ic, oc) ->

diff --git a/src/conduit-lwt-unix/conduit_lwt_unix.mli b/src/conduit-lwt-unix/conduit_lwt_unix.mli
@@ -153,7 +153,7 @@ type ctx [@@deriving sexp_of]
 
 (** {2 Connection and listening} *)
 
-val default_ctx : ctx Lazy.t
+val default_ctx : ctx
 (** Default context that listens on all source addresses with no TLS certificate
     associated with the Conduit *)
 

diff --git a/tests/conduit-lwt-unix/cdtest_tls.ml b/tests/conduit-lwt-unix/cdtest_tls.ml
@@ -49,7 +49,7 @@ let perform () =
     let client =
       `TLS (`Hostname "", `IP Ipaddr.(V6 V6.localhost), `Port port)
     in
-    Conduit_lwt_unix.(connect ~ctx:(Lazy.force default_ctx) client)
+    Conduit_lwt_unix.(connect ~ctx:default_ctx client)
     >>= fun (_flow, ic, oc) ->
     Lwt_log.notice "Connected!" >>= fun () ->
     Lwt_io.write oc "hello" >>= fun () ->