5.106. kink/tls/TLS_CLIENT¶
5.106.1. type tls_client¶
A `tls_client` is a factory of client side TLS connections.
A `tls_client` holds various data which live longer than single TLS connections, such as key pairs, certificates, and data for session resumption.
5.106.1.1. Clnt.connect(Tcp ...[$config={}])¶
`connect` makes a client side TLS connection, and performs the initial handshake.
Config methods:
• C.remote_hostname(Remote_hostname)
• C.on_success($success): default = VAL.identity
• C.on_error($error): default = {(:Exc) Exc.raise}
If `Remote_hostname` is specified, it will be used as the server hostname of SNI. Also, the created `tls` will verify the host name of the remote certificate using `Remote_hostname`.
If the connection is made and the initial handshake succeeds, `connect` tail-calls $success with the created `tls`.
If the connection is not made, or the initial handshake fails, `connect` tail-calls $error with an `exception`.
Preconditions
• `Tcp` must be a `tcp`, which the TLS connection uses.
• The protocol family of `Tcp` must be IPv4 or IPv6.
• `Tcp` must be open.
• `Remote_hostname` must be a `str`.
• $success must be a fun which takes a `tls`.
• $error must be a fun which takes an `exception`.
5.106.2. TLS_CLIENT.new(Ta ...[$config={}])¶
`new` makes a new `tls_client`.
Config methods:
• C.key_pair_set(Kps): default = KEY_PAIR_SET.empty
• C.on_success($success): default = VAL.identity
• C.on_error($error): default = {(:Exc) Exc.raise }
`Ta` is used to verify certificates of TLS servers.
`Kps` is used for certificate-based client authentication.
If a tls_client is successfully made, `new` tail-calls $success with the created tls_client.
If an error occurs, `new` tail-calls $error with the error message.
Preconditions
• `Ta` must be a `trust_anchor`
• `Kps` must be a `key_pair_set`
• $success must be a fun which takes a `tls_client`
• $error must be a fun which takes an `exception`
5.106.3. TLS_CLIENT.is?(Val)¶
`is?` returns whether `Val` is a tls_client.