[new release] tls (6 packages) (1.0.0)

[hannesm]

Transport Layer Security purely in OCaml

• Project page: https://github.com/mirleft/ocaml-tls
• Documentation: https://mirleft.github.io/ocaml-tls/doc

CHANGES:

• API breaking change: remove usage of Cstruct.t inside of TLS, use bytes
  and string instead (TLS without cstruct mirleft/ocaml-tls#497 by @art-w, @hannesm, @dinosaure, @reynir)
  Performance is up to 3x improved (bandwidth), 2x improvement for handshake/s
  on an Intel Core(TM) i7-5600U CPU @ 2.60GHz
• FEATURE: add tls-miou-unix package, which adds miou support for TLS
  (Add the Miou implementation of TLS mirleft/ocaml-tls#494 Add the miou implementation mirleft/ocaml-tls#503 @dinosaure)
• FEATURE: tls-lwt and tls-async: allow TLS over an existing connection
  Tls_lwt.client_of_channels : Tls.Config.client -> ?host:[host] Domain_name.t -> Lwt_io.input_channel * Lwt_io.output_channel -> t Lwt.tandTls_lwt.server_of_channels : Tls.Config.server -> Lwt_io.input_channel * Lwt_io.output_channel -> t Lwt.t`
  (TLS over an existing connection mirleft/ocaml-tls#499 @art-w @MisterDA)
• API breaking changes: revise errors - reduce the polymorphic variant
  in size, align it with RFC specified errors, be in parts more precise
  about errors, in other parts skip data (reduce the errors mirleft/ocaml-tls#505, @hannesm - fixes Unhandled alert mirleft/ocaml-tls#491)
  NB: if you relied on a specific error constructor, please open an issue
• Remove unused constructors from Packet.{alert_type, compression_methods,
  client_certificate_type, extension_type} (reduce the errors mirleft/ocaml-tls#505, @hannesm)
  NB: if you relied on specific constructors, please open an issue
• API breaking change: Tls.Config.{server,client} now return a result
  type instead of raising an exception (Tls: in Config.{client,server} avoid raising an exception mirleft/ocaml-tls#502, @hannesm, fixes Config.client and Config.server raise Invalid_argument mirleft/ocaml-tls#411)
• FEATURE: add bench/speed.exe, a benchmark for bandwidth (for different
  ciphersuites) and handshakes (different key exchanges and private keys)
  (Add a benchmark for throughput and handshakes using bechamel mirleft/ocaml-tls#500 @hannesm @dinosaure @reynir)
• BUGFIX: tests/feedback.exe update with TLS 1.3 semantics, run as test
  (tests/feedback: fix for TLS 1.3, run as test mirleft/ocaml-tls#501, @hannesm - reported by @dinosaure)

[hannesm]

please note that the tls-miou-unix fuzz test may fail on your CI systems with EMFILE -- this can be ignored (an upstream fix in miou is on its way).

[hannesm]

failing CI tests:

• tls-miou-unix (see comment above)
• arm32: tls-eio & tls receiving SIGBUS, and feedback.exe fails (can't see an error message though)

it is not clear to me how to proceed, I can see multiple options about the arm32 failures:

• someone with arm32 machine or needs could ran the tests and send the output that is not visible from CI
• we can disable the tests or the tls package on arm32
• we can ignore the test failures on arm32

I don't have a clear preference. please let me know what you think is appropriate.

[hannesm]

I decided to make this unavailable on arm32. If there's someone in need for arm32 support, please open an issue and we can discuss.

[dinosaure]

About miou, if #26389 is merged before, we should have a green CI then 👍.

[dinosaure]

An error appears about tls-miou-unix:

# the test failed:
# 
#     [ERROR] Unexpected result: Ok [Ok ] & Error
#                                         authentication failure: leaf certificate X.509 certificate

Which can be ignored at the moment. This test works on other machine and it's about a fake certificate generated in the fly just for the test.

[hannesm]

@dinosaure it is a strange error only happening on 32bit x86. Maybe worth to investigate, maybe somewhere (in x509 / asn1) we're not 32bit clean anymore? Would be nice to get a smaller test case out of it and debug that properly (but I fail to have time and energy for a 32bit setup).

[hannesm]

fine to merge, only CI issue is the 32bit fuzz test of miou, which may be looked into some day. eventually if there's demand (tls on 32 bit systems) and a bug report.

[dinosaure]

Thanks!