feat(portal_tcp): add upgrade_to_tls function

author: Clombrong <cromblong@egregore.fun> 2025-06-28 09:25:05 +0200
committer: Clombrong <cromblong@egregore.fun> 2025-06-28 09:26:46 +0200
commit: 27230436c2f8602a61a267ecbb07f46b7a4d02c3 (patch)
tree: 7ba7da7ba8afa3529b76efe9d3669c60ac780d77 /portal/tcp/portal.ml
parent: 68fc2a71f492b935a60ed314d4d618c9cfec7742 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/portal/tcp/portal.ml b/portal/tcp/portal.ml
index a817645..47f8c04 100644
--- a/portal/tcp/portal.ml
+++ b/portal/tcp/portal.ml
@@ -173,3 +173,16 @@ let connect (domain : string) : t Lwt.t =
   let _socket = Plain s
   in let stream, push = socket_to_stream _socket
      in {stream; push; _socket=_socket}
+
+(** [upgrade_to_tls fd] returns a promise to an [Tls_lwt.Unix.t] socket that wraps
+    [fd] with STARTTLS. *)
+let upgrade_to_tls (fd : Lwt_unix.file_descr) : Tls_lwt.Unix.t Lwt.t =
+  let handle_msg = function
+    | Ok thing -> thing
+    | Error `Msg m -> failwith m
+  in
+  try
+    let authenticator = Ca_certs.authenticator () |> handle_msg in
+    let tls_config = Tls.Config.client ~authenticator () |> handle_msg in
+    Tls_lwt.Unix.client_of_fd tls_config fd
+  with Failure msg -> Lwt.fail_with msg
author	Clombrong <cromblong@egregore.fun>	2025-06-28 09:25:05 +0200
committer	Clombrong <cromblong@egregore.fun>	2025-06-28 09:26:46 +0200
commit	27230436c2f8602a61a267ecbb07f46b7a4d02c3 (patch)
tree	7ba7da7ba8afa3529b76efe9d3669c60ac780d77 /portal/tcp/portal.ml
parent	68fc2a71f492b935a60ed314d4d618c9cfec7742 (diff)