fix Tls.Config.client/server breaking change

conduit-lwt-unix.opam

@@ -25,7 +25,7 @@ depends: [
 ]
 depopts: ["tls-lwt" "lwt_ssl" "launchd"]
 conflicts: [
-  "tls-lwt" {< "0.16.0"}
+  "tls-lwt" {< "1.0.0"}
   "ssl" {< "0.5.12"}
 ]
 build: [

conduit-mirage.opam

@@ -17,12 +17,12 @@ depends: [
   "mirage-flow-combinators" {>= "2.0.0"}
   "mirage-random" {>= "2.0.0"}
   "mirage-time" {>= "2.0.0"}
-  "dns-client-mirage" {>= "8.0.0"}
+  "dns-client-mirage" {>= "9.0.0"}
   "conduit-lwt" {=version}
   "vchan" {>= "5.0.0"}
   "xenstore"
-  "tls" {>= "0.11.0"}
-  "tls-mirage" {>= "0.17.4"}
+  "tls" {>= "1.0.0"}
+  "tls-mirage" {>= "1.0.0"}
   "ca-certs-nss"
   "ipaddr" {>= "3.0.0"}
   "ipaddr-sexp"

src/conduit-lwt-unix/conduit_lwt_tls.real.ml

@@ -30,20 +30,25 @@ module X509 = struct
 end
 
 module Client = struct
+  let config ?certificates ~authenticator () =
+    match Tls.Config.client ~authenticator ?certificates () with
+    | Ok config -> config
+    | Error (`Msg msg) -> failwith msg
+
   let connect ?src ?certificates ~authenticator host sa =
     Conduit_lwt_server.with_socket sa (fun fd ->
         (match src with
         | None -> Lwt.return_unit
         | Some src_sa -> Lwt_unix.bind fd src_sa)
         >>= fun () ->
-        let config = Tls.Config.client ~authenticator ?certificates () in
+        let config = config ~authenticator ?certificates () in
         Lwt_unix.connect fd sa >>= fun () ->
         Tls_lwt.Unix.client_of_fd config ~host fd >|= fun t ->
         let ic, oc = Tls_lwt.of_t t in
         (fd, ic, oc))
 
   let tunnel ?certificates ~authenticator host channels =
-    let config = Tls.Config.client ~authenticator ?certificates () in
+    let config = config ~authenticator ?certificates () in
     Tls_lwt.Unix.client_of_channels config ~host channels >|= fun t ->
     Tls_lwt.of_t t
 end
@@ -64,7 +69,11 @@ module Server = struct
   let init ?backlog ~certfile ~keyfile ?stop ?timeout sa callback =
     X509_lwt.private_of_pems ~cert:certfile ~priv_key:keyfile
     >>= fun certificate ->
-    let config = Tls.Config.server ~certificates:(`Single certificate) () in
+    let config =
+      match Tls.Config.server ~certificates:(`Single certificate) () with
+      | Ok config -> config
+      | Error (`Msg msg) -> failwith msg
+    in
     init' ?backlog ?stop ?timeout config sa callback
 end
 

src/conduit-mirage/conduit_mirage.ml

@@ -178,9 +178,14 @@ let tls_client ~host ~authenticator x =
   let peer_name =
     Result.to_option (Result.bind (Domain_name.of_string host) Domain_name.host)
   in
-  `TLS (Tls.Config.client ?peer_name ~authenticator (), x)
-
-let tls_server ?authenticator x = `TLS (Tls.Config.server ?authenticator (), x)
+  match Tls.Config.client ?peer_name ~authenticator () with
+  | Ok config -> `TLS (config, x)
+  | Error (`Msg msg) -> failwith msg
+
+let tls_server ?authenticator x =
+  match Tls.Config.server ?authenticator () with
+  | Ok config -> `TLS (config, x)
+  | Error (`Msg msg) -> failwith msg
 
 module TLS (S : S) = struct
   module TLS = Tls_mirage.Make (S.Flow)

src/conduit-mirage/resolver_mirage.ml

@@ -25,7 +25,7 @@ module type S = sig
 end
 
 module Make
-    (R : Mirage_random.S)
+    (R : Mirage_crypto_rng_mirage.S)
     (T : Mirage_time.S)
     (C : Mirage_clock.MCLOCK)
     (P : Mirage_clock.PCLOCK)

src/conduit-mirage/resolver_mirage.mli

@@ -31,7 +31,7 @@ end
 
 (** Provides a DNS-enabled {!Resolver_lwt} given a network stack. *)
 module Make
-    (R : Mirage_random.S)
+    (R : Mirage_crypto_rng_mirage.S)
     (T : Mirage_time.S)
     (C : Mirage_clock.MCLOCK)
     (P : Mirage_clock.PCLOCK)