upgrade tls and fix breaking changes

.devcontainer/Dockerfile

@@ -1,10 +1,9 @@
-FROM hadolint/hadolint:latest-alpine AS hadolint
-FROM ocaml/opam:debian-ocaml-4.14
+FROM ocaml/opam:debian-12-ocaml-4.14
 
 USER root
 
 # copy hadolint
-COPY --from=hadolint /bin/hadolint /bin/hadolint
+COPY --from=hadolint/hadolint:latest-alpine /bin/hadolint /bin/hadolint
 
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND noninteractive
@@ -20,14 +19,16 @@ RUN apt-get update -q && apt-get install -yqq --no-install-recommends \
   #
   # build dependencies (would also be installed by opam depext)
   gcc \
+  jq \
   libev-dev \
   libgmp-dev \
   libssl-dev \
   pkg-config \
   #
   # cleanup installations
   && apt-get autoremove -y \
-  && apt-get clean all
+  && apt-get clean all \
+  && rm -rf /var/lib/apt/lists/*
 
 # add timezone
 RUN ln -fs /usr/share/zoneinfo/Europe/Zurich /etc/localtime
@@ -39,7 +40,8 @@ RUN bash -c 'echo "http		80/tcp	www		# WorldWideWeb HTTP" >> /etc/services' \
 USER opam
 
 # install oh-my-zsh
-RUN zsh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" \
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -q -O - | zsh \
   && cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc \
   && sed -i "/^plugins=/c\plugins=(git dotenv)" ~/.zshrc \
   #

.github/workflows/ci.yml

@@ -13,35 +13,38 @@ jobs:
           # Disable macos build for now since it keeps failing with dune not found
           # - macos-latest
           - ubuntu-latest
-        ocaml-version:
-          - 4.11.1
+        ocaml-compiler:
+          - 4.14
+          - 4.13
+          - 4.12
+          - 4.11
           - 4.10.1
-          - 4.09.1
-          - 4.08.1
+          - 4.09
+          - 4.08
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Retrieve opam cache
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         if: runner.os != 'Windows'
         id: cache-opam
         with:
           path: ~/.opam
-          key: v1-${{ runner.os }}-opam-${{ matrix.ocaml-version }}-${{ hashFiles('*.opam.locked') }}
-          restore-keys: |
-            v2-${{ runner.os }}-opam-${{ matrix.ocaml-version }}-
-      - name: Use OCaml ${{ matrix.ocaml-version }}
-        uses: avsm/setup-ocaml@v1
+          key: v1-${{ runner.os }}-opam-${{ matrix.ocaml-compiler }}-${{ hashFiles('*.opam.locked') }}
+      - name: Use OCaml ${{ matrix.ocaml-compiler }}
+        uses: ocaml/setup-ocaml@v3
         with:
-          ocaml-version: ${{ matrix.ocaml-version }}
+          ocaml-compiler: ${{ matrix.ocaml-compiler }}
       - name: Install dependencies
         if: steps.cache-opam.outputs.cache-hit != 'true'
         run: |
           opam install -y dune
-          opam install -y . --deps-only --with-doc --with-test --locked --unlock-base
+          opam install -y . --deps-only --with-doc --with-test --locked --update-invariant
       - name: Recover from an Opam broken state
         if: steps.cache-opam.outputs.cache-hit == 'true'
-        run: opam upgrade --fixup
+        run: |
+          opam install -y dune
+          opam upgrade --fixup
       - name: Build
         run: make build
       - name: Run tests

dune-project

@@ -47,9 +47,9 @@
   (sendmail
    (>= 0.7.0))
   (tls-lwt
-   (>= 0.16.0))
+   (>= 1.0.4))
   (tls
-   (>= 0.16.0))
+   (>= 1.0.4))
   (x509
    (>= 0.9.0))
   ;; Test dependencies

letters.opam

@@ -21,8 +21,8 @@ depends: [
   "ocaml" {>= "4.08.1"}
   "ptime" {>= "0.8.5"}
   "sendmail" {>= "0.7.0"}
-  "tls-lwt" {>= "0.16.0"}
-  "tls" {>= "0.16.0"}
+  "tls-lwt" {>= "1.0.4"}
+  "tls" {>= "1.0.4"}
   "x509" {>= "0.9.0"}
   "alcotest" {>= "1.1.0" & with-test}
   "alcotest-lwt" {>= "1.1.0" & with-test}

letters.opam.locked

@@ -9,74 +9,75 @@ homepage: "https://github.com/oxidizing/letters/"
 doc: "https://oxidizing.github.io/letters/"
 bug-reports: "https://github.com/oxidizing/letters/issues"
 depends: [
-  "angstrom" {= "0.16.0"}
-  "asn1-combinators" {= "0.2.6"}
+  "angstrom" {= "0.16.1"}
+  "asn1-combinators" {= "0.3.2"}
   "astring" {= "0.8.5"}
   "base-bytes" {= "base"}
   "base-threads" {= "base"}
   "base-unix" {= "base"}
   "base64" {= "3.5.1"}
   "bigarray-overlap" {= "0.2.1"}
-  "bigstringaf" {= "0.9.1"}
+  "bigstringaf" {= "0.10.0"}
   "bos" {= "0.2.1"}
-  "ca-certs" {= "0.2.3"}
-  "cmdliner" {= "1.2.0"}
+  "ca-certs" {= "1.0.0"}
+  "cmdliner" {= "1.3.0"}
   "coin" {= "0.1.4"}
-  "colombe" {= "0.8.0"}
+  "colombe" {= "0.11.0"}
   "conf-gmp" {= "4"}
   "conf-gmp-powm-sec" {= "3"}
   "conf-pkg-config" {= "3"}
-  "containers" {= "3.13.1"}
-  "cppo" {= "1.6.9"}
+  "containers" {= "3.15"}
+  "cppo" {= "1.8.0"}
   "csexp" {= "1.5.2"}
   "cstruct" {= "6.2.0"}
+  "digestif" {= "1.2.0"}
   "domain-name" {= "0.4.0"}
-  "dune" {= "3.14.0"}
-  "dune-configurator" {= "3.14.0"}
+  "dune" {= "3.17.0"}
+  "dune-configurator" {= "3.17.0"}
   "duration" {= "0.2.1"}
   "either" {= "1.0.0"}
   "emile" {= "1.1"}
-  "eqaf" {= "0.9"}
+  "eqaf" {= "0.10"}
   "fmt" {= "0.9.0"}
   "fpath" {= "0.7.3"}
   "gmap" {= "0.3.0"}
-  "hkdf" {= "1.0.4"}
-  "ipaddr" {= "5.5.0"}
+  "hxd" {= "0.3.3"}
+  "ipaddr" {= "5.6.0"}
+  "kdf" {= "1.0.0"}
   "ke" {= "0.6"}
   "logs" {= "0.7.0"}
-  "lwt" {= "5.7.0"}
-  "macaddr" {= "5.5.0"}
-  "mirage-crypto" {= "0.11.3"}
-  "mirage-crypto-ec" {= "0.11.3"}
-  "mirage-crypto-pk" {= "0.11.3"}
-  "mirage-crypto-rng" {= "0.11.3"}
-  "mirage-crypto-rng-lwt" {= "0.11.3"}
-  "mrmime" {= "0.6.0"}
-  "mtime" {= "2.0.0"}
-  "ocaml" {= "4.14.1"}
+  "lwt" {= "5.9.0"}
+  "macaddr" {= "5.6.0"}
+  "mirage-crypto" {= "1.1.0"}
+  "mirage-crypto-ec" {= "1.1.0"}
+  "mirage-crypto-pk" {= "1.1.0"}
+  "mirage-crypto-rng" {= "1.1.0"}
+  "mirage-crypto-rng-lwt" {= "1.1.0"}
+  "mrmime" {= "0.6.1"}
+  "mtime" {= "2.1.0"}
+  "ocaml" {= "4.14.2"}
   "ocaml-syntax-shims" {= "1.0.0"}
-  "ocamlbuild" {= "0.14.3"}
+  "ocamlbuild" {= "0.15.0"}
   "ocamlfind" {= "1.9.6"}
   "ocplib-endian" {= "1.2"}
-  "pbkdf" {= "1.2.0"}
-  "pecu" {= "0.6"}
+  "ohex" {= "0.2.0"}
+  "pecu" {= "0.7"}
   "prettym" {= "0.0.3"}
-  "ptime" {= "1.1.0"}
-  "re" {= "1.11.0"}
+  "ptime" {= "1.2.0"}
+  "re" {= "1.12.0"}
   "rosetta" {= "0.3.0"}
   "rresult" {= "0.7.0"}
-  "sendmail" {= "0.8.0"}
+  "sendmail" {= "0.11.0"}
   "seq" {= "base"}
-  "sexplib0" {= "v0.16.0"}
-  "tls" {= "0.17.3"}
-  "tls-lwt" {= "0.17.3"}
+  "tls" {= "1.0.4"}
+  "tls-lwt" {= "1.0.4"}
   "topkg" {= "1.0.7"}
-  "unstrctrd" {= "0.3"}
+  "unstrctrd" {= "0.4"}
   "uutf" {= "1.0.3"}
   "uuuu" {= "0.3.0"}
-  "x509" {= "0.16.5"}
+  "x509" {= "1.0.5"}
   "yuscii" {= "0.3.0"}
-  "zarith" {= "1.13"}
+  "zarith" {= "1.14"}
 ]
 build: [
   ["dune" "subst"] {dev}

lib/letters.ml

@@ -243,11 +243,11 @@ let send =
     let recipients =
       List.map
         (fun recipient ->
-          (match recipient with
-           | To a -> a
-           | Cc a -> a
-           | Bcc a -> a)
-          |> str_to_colombe_address)
+           (match recipient with
+            | To a -> a
+            | Cc a -> a
+            | Bcc a -> a)
+           |> str_to_colombe_address)
         recipients
     in
     let domain =

lib/letters.mli

@@ -33,7 +33,7 @@ module Config : sig
     -> hostname:string
     -> with_starttls:bool
     -> t
-    [@@deprecated "Replace with [create] function"]
+  [@@deprecated "Replace with [create] function"]
 
   (** Add a port to configuration record
 
@@ -105,7 +105,7 @@ val build_email
   -> subject:string
   -> body:body
   -> (Mrmime.Mt.t, string) result
-  [@@deprecated "Replace with [create_email] function"]
+[@@deprecated "Replace with [create_email] function"]
 
 (** Send the previously created email
 

lib/sendmail_handler.ml

@@ -35,22 +35,29 @@ let rdwr =
   }
 ;;
 
+let convert_tls_error = fun (`Msg msg) -> `Protocol (`Invalid_login_challenge msg)
+
 let run_with_starttls
-  ~hostname
-  ?port
-  ~domain
-  ?authentication
-  ~tls_authenticator
-  ~from
-  ~recipients
-  ~mail
+      ~hostname
+      ?port
+      ~domain
+      ?authentication
+      ~tls_authenticator
+      ~from
+      ~recipients
+      ~mail
   =
+  let ( let* ) = Lwt_result.bind in
   let port =
     match port with
     | Some port -> port
     | None -> 465
   in
-  let tls = Tls.Config.client ~authenticator:tls_authenticator () in
+  let* tls =
+    Tls.Config.client ~authenticator:tls_authenticator ()
+    |> Lwt_result.lift
+    |> Lwt_result.map_error convert_tls_error
+  in
   let ctx = Sendmail_with_starttls.Context_with_tls.make () in
   let open Lwt.Infix in
   Lwt_unix.gethostbyname (Domain_name.to_string hostname)
@@ -94,7 +101,7 @@ let run_with_starttls
 
 let run ~hostname ?port ~domain ?authentication ~tls_authenticator ~from ~recipients ~mail
   =
-  let ( let* ) = Lwt.bind in
+  let ( let* ) = Lwt_result.bind in
   let port =
     match port with
     | Some port -> port
@@ -103,6 +110,7 @@ let run ~hostname ?port ~domain ?authentication ~tls_authenticator ~from ~recipi
   let ctx = Colombe.State.Context.make () in
   let* ic, oc =
     Tls_lwt.connect tls_authenticator (Domain_name.to_string hostname, port)
+    |> Lwt_result.map_error convert_tls_error
   in
   let mail_stream () =
     match mail () with

service-test/test.ml

@@ -5,8 +5,8 @@ let ( let* ) = Lwt.bind
 let get_ethereal_account_details () =
   let open Yojson.Basic.Util in
   (* see the README.md how to generate the account file and the path
-   * below is relative to the location of the executable under _build
-   *)
+     * below is relative to the location of the executable under _build
+  *)
   let json = Yojson.Basic.from_file "../../../ethereal_account.json" in
   let username = json |> member "username" |> to_string in
   let password = json |> member "password" |> to_string in
@@ -21,8 +21,8 @@ let get_ethereal_account_details () =
 let get_mailtrap_account_details () =
   let open Yojson.Basic.Util in
   (* see the README.md how to generate the account file and the path
-   * below is relative to the location of the executable under _build
-   *)
+     * below is relative to the location of the executable under _build
+  *)
   let json = Yojson.Basic.from_file "../../../mailtrap_account.json" in
   let username = json |> member "username" |> to_string in
   let password = json |> member "password" |> to_string in