val authenticator : ?hash_whitelist:Mirage_crypto.Hash.hash list -> ?crl:string -> KV.t -> X509.Authenticator.t Lwt.tauthenticator ~hash_whitelist ~crl store creates an authenticator, using the given certificate authorities in the store as value for key "ca_roots.crt". If hash_whitelist is provided, only these hash algorithms are allowed for signatures of the certificate chain. If crl is provided, the corresponding file is read and used as revocation list (DER encoded). Both options only apply if `CAs is used.
val certificate : KV.t -> [< `Default | `Name of string ] -> (X509.Certificate.t list * Mirage_crypto_pk.Rsa.priv) Lwt.tcertificate store typ unmarshals a certificate chain and private key material from the store.