[new release] tls, tls-mirage, tls-lwt, tls-eio and tls-async (0.16.0)

[hannesm]

Transport Layer Security purely in OCaml

• Project page: https://github.com/mirleft/ocaml-tls
• Documentation: https://mirleft.github.io/ocaml-tls/doc

CHANGES:

• BREAKING: new opam package tls-lwt (formerly tls.lwt), in dune:
  (libraries tls.lwt) should now be libraries (tls-lwt)
  (update to mirage-crypto 0.11, split tls-lwt away mirleft/ocaml-tls#468 @hannesm, reported Installing tls-async also installs lwt mirleft/ocaml-tls#449 by @mbacarella)
• tls: update to mirage-crypto 0.11 API (update to mirage-crypto 0.11, split tls-lwt away mirleft/ocaml-tls#468 @hannesm)
• tls: relax SignatureAlgorithms extension handling to allow OpenSSL
  interoperability tests with TLS 1.0 and TLS 1.1 (tls-lwt: do not catch out of memory exception mirleft/ocaml-tls#469 @hannesm)
• tls: remove Utils.filter_map and and Utils.option, use Stdlib instead (Fewer code by using new Stdlib functions mirleft/ocaml-tls#455
  @hannesm)
• tls: do not globally open Utils (Fewer code by using new Stdlib functions mirleft/ocaml-tls#455 @hannesm)
• tls: export log source of Tracing module (tracing: expose log src mirleft/ocaml-tls#461 @bikallem)
• tls: remove unused ciphersuites to reduce binary size (remove unneeded ciphersuites mirleft/ocaml-tls#467 @hannesm)
• tls-lwt: do not catch out of memory exception (tls-lwt: do not catch out of memory exception mirleft/ocaml-tls#469 @hannesm)
• tls-eio: add fuzz testing using crowbar (tls-eio: add fuzz tests using crowbar mirleft/ocaml-tls#456 tls-eio: improve fuzz tests mirleft/ocaml-tls#463 @talex5)
• tls-eio: update to eio 0.7 (tls-eio: add fuzz tests using crowbar mirleft/ocaml-tls#456 @talex5)
• tls-eio: fix test for develop with vendoring (misc: develop against vendored dependencies mirleft/ocaml-tls#462 @bikallem)

[hannesm]

Since ocamlfind's tls.lwt is now tls-lwt, there's expectation of failures (in addition to the API changes in #23282). I'll observe the CI and add in separate PR(s) upper bound constraints (of course, anyone helping out is highly appreciated).

[hannesm]

I have a question for both the opam-repository maintainers and @talex5: the tls-async.opam has a "ocaml" {< "5.0.0"} bound, and I understand this was useful at some point for some CI system(s) -- but is this the right thing to have? I do not think that anything in tls-async is incompatible with OCaml 5.0. Any advice on this is highly appreciated (I test the relaxation at mirleft/ocaml-tls#471).

[hannesm]

update: I removed the upper bound for ocaml

[talex5]

I have a question for both the opam-repository maintainers and @talex5: the tls-async.opam has a "ocaml" {< "5.0.0"} bound, and I understand this was useful at some point for some CI system(s) -- but is this the right thing to have?

mirleft/ocaml-tls@ea1631c says:

• Temporary fix for tls-async in CI
  tls-async can't be tested on OCaml 5 yet, and this prevents the CI from
  testing other packages there. This annotation can be removed once a
  compatible version of core is released.

So it should be fine to remove it now (v0.15.1 seems to work with OCaml 5).

[hannesm]

Revdep faliures (fixed by applying upper bounds)

• dns split dns-client opam package into three: dns-client, dns-client-lwt, dns-client-mirage mirage/ocaml-dns#331 //cc @hannesm @reynir
• albatross //cc @hannesm @reynir
• paf (+paf-cohttp) //cc @dinosaure Follow the upgrade of mirage-crypto-rng.0.11.0 dinosaure/paf-le-chien#84
• letters tls.lwt is now tls-lwt oxidizing/letters#53 @joseferben
• sihl //cc @joseferben
• mehari-mirage //cc @ArtichOwO update to mirage-crypto-rng 0.11 API changes Psi-Prod/Mehari#62
• sendmail-lwt //cc @dinosaure Upgrade sendmail with tls.0.16.0 mirage/colombe#67
• capnp-rpc-unix //cc @talex5 (Mirage_crypto_rng_unix.initialize has a different signaure, see [new release] mirage-crypto, mirage-crypto-rng, mirage-crypto-rng-mirage, mirage-crypto-rng-lwt, mirage-crypto-rng-eio, mirage-crypto-rng-async, mirage-crypto-pk and mirage-crypto-ec (0.11.0) #23282 update to mirage-crypto-rng 0.11 and dns 7.0.0 API changes mirage/capnp-rpc#261
• ocaml-irc-client //cc @johnelse tls.lwt is now tls-lwt johnelse/ocaml-irc-client#61
• tlstunnel-lwt //cc @hannesm tls.lwt is now tls-lwt hannesm/tlstunnel-lwt#30

If you need help to update your project, please don't hesitate to reach out.

This PR looks fine to be merged now :)

[dinosaure]

The error on MacOS seems unrelated to this release, let's merge :)