No matching definitions.

tls/conn

src/tls/conn.tur
defn

tls-wrap-fd

(tls-wrap-fd [ctx : int fd : int] :)

bind an accepted TCP fd to a new server-side TLS conn.

ctxhandle from tls-ctx-new with cert + key loaded.
fdaccepted TCP socket (blocking; we use mbedtls_net_send/recv).

Conn handle as :int on success; 0 on allocation or ssl_setup failure.

(let [conn (tls-wrap-fd ctx client-fd)]
    (tls-handshake conn)
    ...
    (tls-shutdown conn)
    (tls-free conn))

Since: T3

defn

tls-handshake

(tls-handshake [conn : int] :)

drive the TLS handshake to completion (blocking).

connhandle from tls-wrap-fd.

0 on success; non-zero mbedTLS error code on failure (peer reset, cert mismatch, version mismatch, ...).

Since: T3

defn

tls-read

(tls-read [conn : int buf : int len : int] :)

decrypt up to `len` bytes from the TLS stream into `buf`.

connhandle from tls-wrap-fd (post-handshake).
bufcaller-owned destination buffer, as a raw pointer.
lenbuffer capacity in bytes.

Bytes read (> 0) on success; 0 on clean close_notify from peer; negative mbedTLS error code on transport failure. Like recv(), may return fewer bytes than requested.

Since: T3

defn

tls-write

(tls-write [conn : int buf : int len : int] :)

encrypt and send `len` bytes from `buf` over the TLS stream.

connhandle from tls-wrap-fd (post-handshake).
bufcaller-owned source buffer, as a raw pointer.
lenbytes to send.

Bytes written (> 0) on success; negative mbedTLS error code on failure. May return fewer bytes than requested.

Since: T3

defn

tls-shutdown

(tls-shutdown [conn : int] :)

send a close_notify alert (best-effort).

connhandle from tls-wrap-fd. 0 is a safe no-op.

Since: T3

defn

tls-free

(tls-free [conn : int] :)

release the conn's mbedTLS state. Does NOT close the fd.

connhandle from tls-wrap-fd. 0 is a safe no-op.

Since: T3