use eio-ssl instead of tls-eio

ushitora-anqou · Apr 1, 2024 · debfc95 · debfc95
1 parent 2722649
commit debfc95
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 59 deletions.
diff --git a/lib_yume/client.ml b/lib_yume/client.ml
@@ -1,14 +1,29 @@
-let null_auth ?ip:_ ~host:_ _ =
-  Ok None (* Warning: use a real authenticator in your code! *)
+let connect net ~sw url =
+  let service =
+    match Uri.port url with
+    | Some port -> string_of_int port
+    | None -> (
+        match Uri.scheme url with
+        | Some "ws" -> "http"
+        | Some "wss" -> "https"
+        | Some scheme -> scheme
+        | None -> "http")
+  in
+  let tls_enabled = match service with "443" | "https" -> true | _ -> false in
+  let host = Uri.host_with_default ~default:"localhost" url in
+  let addr =
+    match Eio.Net.getaddrinfo_stream net host ~service with
+    | [] -> failwith "getaddrinfo failed"
+    | addr :: _ -> addr
+  in
 
-let https ~authenticator =
-  let tls_config = Tls.Config.client ~authenticator () in
-  fun uri raw ->
-    let host =
-      Uri.host uri
-      |> Option.map (fun x -> Domain_name.(host_exn (of_string_exn x)))
-    in
-    Tls_eio.client_of_flow ?host tls_config raw
+  let socket = Eio.Net.connect ~sw net addr in
+  if not tls_enabled then socket
+  else
+    let ctx = Ssl.create_context Ssl.TLSv1_3 Ssl.Client_context in
+    let ctx = Eio_ssl.Context.create ~ctx socket in
+    let ssl = Eio_ssl.connect ctx in
+    ssl
 
 module Response = struct
   type t = { resp : Http.Response.t; body : Cohttp_eio.Body.t }
@@ -27,11 +42,7 @@ let request ?headers ?body ~meth env ~sw (url : string) =
   let body =
     body |> Option.map (function `Fixed src -> Cohttp_eio.Body.of_string src)
   in
-  let client =
-    Cohttp_eio.Client.make
-      ~https:(Some (https ~authenticator:null_auth))
-      (Eio.Stdenv.net env)
-  in
+  let client = Cohttp_eio.Client.make_generic (connect (Eio.Stdenv.net env)) in
   let resp, body =
     Cohttp_eio.Client.call ~sw ?headers ?body client meth (Uri.of_string url)
   in

diff --git a/lib_yume/dune b/lib_yume/dune
@@ -4,9 +4,9 @@
   (pps ppx_deriving.show ppx_deriving.make))
  (libraries
   cohttp-eio
-  eio.unix
+  eio-ssl
   multipart_form
   multipart_form-eio
-  tls-eio
-  yojson
-  websocket))
+  websocket
+  x509
+  yojson))
diff --git a/lib_yume/ws.ml b/lib_yume/ws.ml
@@ -56,55 +56,20 @@ module Client = struct
     in
     let req = Cohttp.Request.make ~headers url in
 
-    (* Make socket *)
-    let host = Uri.host url |> Option.get in
-    let service =
-      match Uri.port url with
-      | Some port -> string_of_int port
-      | None -> (
-          match Uri.scheme url with
-          | Some "ws" -> "http"
-          | Some "wss" -> "https"
-          | Some scheme -> scheme
-          | None -> "http")
-    in
-    let addr =
-      match Eio.Net.getaddrinfo_stream (Eio.Stdenv.net env) host ~service with
-      | [] -> failwith "getaddrinfo failed"
-      | addr :: _ -> addr
-    in
-    let socket = Eio.Net.connect ~sw (Eio.Stdenv.net env) addr in
-    let flow =
-      let tls_enabled =
-        match service with "443" | "https" -> true | _ -> false
-      in
-      if not tls_enabled then (socket :> Eio.Flow.two_way_ty Eio.Resource.t)
-      else
-        let host =
-          Result.to_option
-            (Result.bind (Domain_name.of_string host) Domain_name.host)
-        in
-        let client =
-          Tls_eio.client_of_flow
-            Tls.Config.(
-              client ~version:(`TLS_1_0, `TLS_1_3)
-                ~authenticator:Client.null_auth ~ciphers:Ciphers.supported ())
-            ?host socket
-        in
-        (client :> Eio.Flow.two_way_ty Eio.Resource.t)
-    in
+    (* Connect *)
+    let flow = Client.connect (Eio.Stdenv.net env) ~sw url in
 
     (* Drain handshake *)
     let ic = Eio.Buf_read.of_flow ~max_size:max_int flow in
     Eio.Buf_write.with_flow flow (fun oc -> drain_handshake req ic oc nonce);
 
-    (socket, flow, ic)
+    (flow, ic)
 
   let connect ?(extra_headers = Cohttp.Header.init ()) ~sw env url =
     let url = Uri.of_string url in
 
     let nonce = Base64.encode_exn (random_string 16) in
-    let socket, flow, ic = connect' env sw url nonce extra_headers in
+    let flow, ic = connect' env sw url nonce extra_headers in
 
     (* Start writer fiber. All writes must be done in this fiber,
        because Eio.Flow.write is not thread-safe.
@@ -132,7 +97,12 @@ module Client = struct
           make_read_frame ~mode:(Client random_string) ic oc ())
     in
 
-    { socket; id = random_string 10; read_frame; write_frame }
+    {
+      socket = (flow :> _ Eio.Net.stream_socket_ty Eio.Resource.t);
+      id = random_string 10;
+      read_frame;
+      write_frame;
+    }
 
   let id { id; _ } = id
   let read { read_frame; _ } = read_frame ()

diff --git a/waq.opam b/waq.opam
@@ -23,6 +23,7 @@ depends: [
   "cppo"
   "cstruct"
   "eio"
+  "eio-ssl"
   "eio_main"
   "dune" {>= "3.7"}
   "fpath"
@@ -78,4 +79,5 @@ pin-depends:[
   [ "websocket.2.16" "git+https://github.com/ushitora-anqou/ocaml-websocket#74988ec5ec7d7c620e7d58c5509acd003107c513" ]
   [ "multipart_form.0.5.0" "git+https://github.com/dinosaure/multipart_form#a794239b8fc9601540ffea489b2c470227216c5e" ]
   [ "multipart_form-eio.0.5.0" "git+https://github.com/dinosaure/multipart_form#a794239b8fc9601540ffea489b2c470227216c5e" ]
+  [ "eio-ssl.0.3.0" "git+https://github.com/anmonteiro/eio-ssl#5e83c3ffb2200affde9d900de02f6994dd6421da" ]
 ]