5.107. kink/tls/TLS_SERVER

5.107.1. type tls_server

A `tls_server` is a factory of server side TLS connections.

A `tls_server` holds various data which live longer than single TLS connections, such as key pairs, certificates, and data for session resumption.

5.107.1.1. Serv.connect(Tcp ...[$config={}])

`connect` makes a new `tls` connection, and does the initial handshake.

If the connection is made and the initial handshake succeeds, `connect` tail-calls the success cont with the created `tls` connection.

If the connection is not made, or the initial handshake fails, `connect` tail-calls the error cont with the error message.

Preconditions

• `Tcp` must be a `tcp`, which the TLS connection uses.

• The protocol family of `Tcp` must be IPv4 or IPv6.

• `Tcp` must be open.

• $config must be a fun which takes a config val.

Config val methods

• C.req_cert: The TLS connection desires certificate-based client authentications, and verifies the returned certificate. If no certificate is returned from the client, or verification fails, `connect` results in an error. Note that, if you desire client certs, usually you also should have configured the tls_server with a non-empty trust_anchor.

• C.on_success($success): Use $success as the success cont of `connect`. If not called, VAL.identity is used as the default.

• C.on_error($error): Use $error as the error cont of `connect`. If not called, a fun which raises an exception is used as the default.

5.107.2. TLS_SERVER.new(Key_pair_set ...[$config={}])

`new` makes a new tls_server.

If a tls_server is successfully made, `new` tails-calls the success cont with the tls_server.

If creation results in an error, `new` tail-calls the error cont with the error message.

Preconditions

• Key_pair_set must be a key_pair_set, which contains the key pairs of the TLS server.

• $config must be a fun which takes a config val.

Config val methods

• C.trust_anchor(Ta): Use the trust_anchor `Ta` to verify certificates of TLS clients. If not called, the empty trust_anchor is used.

• C.on_success($success): $success is the success cont of `new`. If not called, VAL.identity is used as the default.

• C.on_error($error): $error is the error cont of `new`. If not called, a fun which raises an exception is used as the default.

5.107.3. TLS_SERVER.is?(Val)

`is?` returns whether `Val` is a tls_server.