5.106. kink/tls/TLS_CLIENT

5.106.1. type tls_client

A `tls_client` is a factory of client side TLS connections.

A `tls_client` holds various data which live longer than single TLS connections, such as key pairs, certificates, and data for session resumption.

5.106.1.1. Clnt.connect(Tcp ...[$config={}])

`connect` makes a client side TLS connection, and performs the initial handshake.

If the connection is made and the initial handshake succeeds, `connect` tail-calls the success cont with the created `tls` connection.

If the connection is not made, or the initial handshake fails, `connect` tail-calls the error cont with the error message.

Preconditions

• `Tcp` must be a `tcp`, which the TLS connection uses.

• The protocol family of `Tcp` must be IPv4 or IPv6.

• `Tcp` must be open.

• $config must be a fun which takes a config val.

Config val methods

• C.remote_hostname(Remote_hostname): Specifies Remote_hostname, which must be a str, as the server hostname of SNI. Also, verifies the host name of the remote certificate using Remote_hostname.

• C.on_success($success): Specifies $success as the success cont of `connect`. $success must be a fun which takes a `tls` val. If not called, VAL.identity is used as the default.

• C.on_error($error): Specifies $error as the error cont of `connect`. $error must be a fun which takes a str as the error message. If not called, a fun which raises an exception is used as the default.

5.106.2. TLS_CLIENT.new(Ta ...[$config={}])

`new` makes a new tls_client.

If a tls_client is successfully made, `new` tail-calls the success cont with the created tls_client.

If an error occurs, `new` tail-calls the error cont with the error message.

Preconditions

• `Ta` must be a trust_anchor, which is used to verify TLS servers.

• $config must be a fun which takes a config val.

Config val methods

• C.key_pair_set(Kps): Use `Kps` as the key_pair_set of certificate-based client authentication. If not called, KEY_PAIR_SET.empty is used as the default.

• C.on_success($success): Use $success as the success cont of `new`. If not called, VAL.identity is used as the default.

• C.on_error($error): Use $error as the error cont of `new`. If not called, a fun which raises an exception is used as the default.

5.106.3. TLS_CLIENT.is?(Val)

`is?` returns whether `Val` is a tls_client.