5.107. kink/tls/TLS_SERVER

5.107.1. type tls_server

A `tls_server` is a factory of server side TLS connections.

A `tls_server` holds various data which live longer than single TLS connections, such as key pairs, certificates, and data for session resumption.

5.107.1.1. Serv.connect(Tcp ...[$config={}])

`connect` makes a new `tls` connection, and does the initial handshake.

Config methods:

• C.req_cert

• C.on_success($success): default = VAL.identity

• C.on_error($error): default = {(:Exc) Exc.raise }

If C.req_cert is called, the TLS connection desires certificate-based client authentications, and verifies the returned certificate. If no certificate is returned from the client, or verification fails, `connect` results in an error. Note that, if you desire client certs, usually you also need to configure the `tls_server` with a non-empty `trust_anchor`.

If the connection is made and the initial handshake succeeds, `connect` tail-calls $success with the created `tls` connection.

If the connection is not made, or the initial handshake fails, `connect` tail-calls $error with an `exception`.

Preconditions

• `Tcp` must be a `tcp`, which the TLS connection uses.

• The protocol family of `Tcp` must be IPv4 or IPv6.

• `Tcp` must be open.

• $success must be a fun which takes a `tls`

• $error must be a fun which takes an `exception`

5.107.2. TLS_SERVER.new(Key_pair_set ...[$config={}])

`new` makes a new tls_server.

Config methods:

• C.trust_anchor(Ta): default = empty trust_anchor

• C.on_success($success): default = VAL.identity

• C.on_error($error): default = {(:Exc) Exc.raise }

`Ta` is used to verify certificates of TLS clients.

If a tls_server is successfully made, `new` tails-calls $success with the `tls_server`.

If creation results in an error, `new` tail-calls $error with an `exception`.

Preconditions

• `Key_pair_set` must be a key_pair_set, which contains the key pairs of the TLS server.

• `Ta` must be a `trust_anchor`.

• $success must be a fun which takes a `tls_server`.

• $error must be a fun which takes an `exception`.

5.107.3. TLS_SERVER.is?(Val)

`is?` returns whether `Val` is a tls_server.