| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  | /* GIO - GLib Input, Output and Streaming Library
 | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Copyright © 2010 Red Hat, Inc | 
					
						
							| 
									
										
										
										
											2015-06-25 12:58:14 +01:00
										 |  |  |  |  * Copyright © 2015 Collabora, Ltd. | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * This library is free software; you can redistribute it and/or | 
					
						
							|  |  |  |  |  * modify it under the terms of the GNU Lesser General Public | 
					
						
							|  |  |  |  |  * License as published by the Free Software Foundation; either | 
					
						
							|  |  |  |  |  * version 2 of the License, or (at your option) any later version. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * This library is distributed in the hope that it will be useful, | 
					
						
							|  |  |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU | 
					
						
							|  |  |  |  |  * Lesser General Public License for more details. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * You should have received a copy of the GNU Lesser General | 
					
						
							| 
									
										
										
										
											2014-01-23 12:58:29 +01:00
										 |  |  |  |  * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
 | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  */ | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | #include "config.h"
 | 
					
						
							|  |  |  |  | #include "glib.h"
 | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | #include "gtlsbackend.h"
 | 
					
						
							|  |  |  |  | #include "gdummytlsbackend.h"
 | 
					
						
							|  |  |  |  | #include "gioenumtypes.h"
 | 
					
						
							|  |  |  |  | #include "giomodule-priv.h"
 | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * SECTION:gtls | 
					
						
							|  |  |  |  |  * @title: TLS Overview | 
					
						
							| 
									
										
										
										
											2010-11-28 23:55:43 -05:00
										 |  |  |  |  * @short_description: TLS (aka SSL) support for GSocketConnection | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  * @include: gio/gio.h | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * #GTlsConnection and related classes provide TLS (Transport Layer | 
					
						
							|  |  |  |  |  * Security, previously known as SSL, Secure Sockets Layer) support for | 
					
						
							|  |  |  |  |  * gio-based network streams. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2015-06-25 12:58:14 +01:00
										 |  |  |  |  * #GDtlsConnection and related classes provide DTLS (Datagram TLS) support for | 
					
						
							|  |  |  |  |  * GIO-based network sockets, using the #GDatagramBased interface. The TLS and | 
					
						
							|  |  |  |  |  * DTLS APIs are almost identical, except TLS is stream-based and DTLS is | 
					
						
							|  |  |  |  |  * datagram-based. They share certificate and backend infrastructure. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * In the simplest case, for a client TLS connection, you can just set the | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  * #GSocketClient:tls flag on a #GSocketClient, and then any | 
					
						
							|  |  |  |  |  * connections created by that client will have TLS negotiated | 
					
						
							|  |  |  |  |  * automatically, using appropriate default settings, and rejecting | 
					
						
							|  |  |  |  |  * any invalid or self-signed certificates (unless you change that | 
					
						
							|  |  |  |  |  * default by setting the #GSocketClient:tls-validation-flags | 
					
						
							|  |  |  |  |  * property). The returned object will be a #GTcpWrapperConnection, | 
					
						
							|  |  |  |  |  * which wraps the underlying #GTlsClientConnection. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * For greater control, you can create your own #GTlsClientConnection, | 
					
						
							|  |  |  |  |  * wrapping a #GSocketConnection (or an arbitrary #GIOStream with | 
					
						
							|  |  |  |  |  * pollable input and output streams) and then connect to its signals, | 
					
						
							|  |  |  |  |  * such as #GTlsConnection::accept-certificate, before starting the | 
					
						
							|  |  |  |  |  * handshake. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Server-side TLS is similar, using #GTlsServerConnection. At the | 
					
						
							|  |  |  |  |  * moment, there is no support for automatically wrapping server-side | 
					
						
							|  |  |  |  |  * connections in the way #GSocketClient does for client-side | 
					
						
							|  |  |  |  |  * connections. | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * SECTION:gtlsbackend | 
					
						
							|  |  |  |  |  * @title: GTlsBackend | 
					
						
							|  |  |  |  |  * @short_description: TLS backend implementation | 
					
						
							|  |  |  |  |  * @include: gio/gio.h | 
					
						
							| 
									
										
										
										
											2015-02-05 16:20:43 +01:00
										 |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2015-06-25 12:58:14 +01:00
										 |  |  |  |  * TLS (Transport Layer Security, aka SSL) and DTLS backend. | 
					
						
							| 
									
										
										
										
											2015-02-05 16:20:43 +01:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  */ | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * GTlsBackend: | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2015-06-25 12:58:14 +01:00
										 |  |  |  |  * TLS (Transport Layer Security, aka SSL) and DTLS backend. This is an | 
					
						
							| 
									
										
										
										
											2012-04-03 13:20:01 +02:00
										 |  |  |  |  * internal type used to coordinate the different classes implemented | 
					
						
							|  |  |  |  |  * by a TLS backend. | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | G_DEFINE_INTERFACE (GTlsBackend, g_tls_backend, G_TYPE_OBJECT); | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | static void | 
					
						
							|  |  |  |  | g_tls_backend_default_init (GTlsBackendInterface *iface) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_default: | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the default #GTlsBackend for the system. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2011-05-05 15:18:22 -04:00
										 |  |  |  |  * Returns: (transfer none): a #GTlsBackend | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GTlsBackend * | 
					
						
							|  |  |  |  | g_tls_backend_get_default (void) | 
					
						
							|  |  |  |  | { | 
					
						
							| 
									
										
										
										
											2011-06-21 18:21:27 -04:00
										 |  |  |  |   return _g_io_module_get_default (G_TLS_BACKEND_EXTENSION_POINT_NAME, | 
					
						
							|  |  |  |  | 				   "GIO_USE_TLS", NULL); | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_supports_tls: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Checks if TLS is supported; if this returns %FALSE for the default | 
					
						
							|  |  |  |  |  * #GTlsBackend, it means no "real" TLS backend is available. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2014-02-19 19:35:23 -05:00
										 |  |  |  |  * Returns: whether or not TLS is supported | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | gboolean | 
					
						
							|  |  |  |  | g_tls_backend_supports_tls (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   if (G_TLS_BACKEND_GET_INTERFACE (backend)->supports_tls) | 
					
						
							|  |  |  |  |     return G_TLS_BACKEND_GET_INTERFACE (backend)->supports_tls (backend); | 
					
						
							|  |  |  |  |   else if (G_IS_DUMMY_TLS_BACKEND (backend)) | 
					
						
							|  |  |  |  |     return FALSE; | 
					
						
							|  |  |  |  |   else | 
					
						
							|  |  |  |  |     return TRUE; | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-25 12:58:14 +01:00
										 |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_supports_dtls: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Checks if DTLS is supported. DTLS support may not be available even if TLS | 
					
						
							|  |  |  |  |  * support is available, and vice-versa. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Returns: whether DTLS is supported | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.48 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | gboolean | 
					
						
							|  |  |  |  | g_tls_backend_supports_dtls (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   if (G_TLS_BACKEND_GET_INTERFACE (backend)->supports_dtls) | 
					
						
							|  |  |  |  |     return G_TLS_BACKEND_GET_INTERFACE (backend)->supports_dtls (backend); | 
					
						
							|  |  |  |  |   else if (G_IS_DUMMY_TLS_BACKEND (backend)) | 
					
						
							|  |  |  |  |     return FALSE; | 
					
						
							|  |  |  |  |   else | 
					
						
							|  |  |  |  |     return TRUE; | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-04 08:54:55 +02:00
										 |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_default_database: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the default #GTlsDatabase used to verify TLS connections. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2014-02-19 19:35:23 -05:00
										 |  |  |  |  * Returns: (transfer full): the default database, which should be | 
					
						
							| 
									
										
										
										
											2011-08-11 11:36:22 +02:00
										 |  |  |  |  *               unreffed when done. | 
					
						
							| 
									
										
										
										
											2011-08-04 08:54:55 +02:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.30 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GTlsDatabase * | 
					
						
							|  |  |  |  | g_tls_backend_get_default_database (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   g_return_val_if_fail (G_IS_TLS_BACKEND (backend), NULL); | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  |   /* This method was added later, so accept the (remote) possibility it can be NULL */ | 
					
						
							|  |  |  |  |   if (!G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database) | 
					
						
							|  |  |  |  |     return NULL; | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database (backend); | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_certificate_type: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the #GType of @backend's #GTlsCertificate implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2014-02-19 19:35:23 -05:00
										 |  |  |  |  * Returns: the #GType of @backend's #GTlsCertificate | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  *   implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GType | 
					
						
							|  |  |  |  | g_tls_backend_get_certificate_type (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_certificate_type (); | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_client_connection_type: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the #GType of @backend's #GTlsClientConnection implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2014-02-19 19:35:23 -05:00
										 |  |  |  |  * Returns: the #GType of @backend's #GTlsClientConnection | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  *   implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GType | 
					
						
							|  |  |  |  | g_tls_backend_get_client_connection_type (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_client_connection_type (); | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_server_connection_type: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the #GType of @backend's #GTlsServerConnection implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2014-02-19 19:35:23 -05:00
										 |  |  |  |  * Returns: the #GType of @backend's #GTlsServerConnection | 
					
						
							| 
									
										
										
										
											2009-12-21 20:50:32 +01:00
										 |  |  |  |  *   implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.28 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GType | 
					
						
							|  |  |  |  | g_tls_backend_get_server_connection_type (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_server_connection_type (); | 
					
						
							|  |  |  |  | } | 
					
						
							| 
									
										
										
										
											2011-08-04 08:54:55 +02:00
										 |  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-25 12:58:14 +01:00
										 |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_dtls_client_connection_type: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the #GType of @backend’s #GDtlsClientConnection implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Returns: the #GType of @backend’s #GDtlsClientConnection | 
					
						
							|  |  |  |  |  *   implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.48 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GType | 
					
						
							|  |  |  |  | g_tls_backend_get_dtls_client_connection_type (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_dtls_client_connection_type (); | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_dtls_server_connection_type: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Gets the #GType of @backend’s #GDtlsServerConnection implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Returns: the #GType of @backend’s #GDtlsServerConnection | 
					
						
							|  |  |  |  |  *   implementation. | 
					
						
							|  |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.48 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GType | 
					
						
							|  |  |  |  | g_tls_backend_get_dtls_server_connection_type (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_dtls_server_connection_type (); | 
					
						
							|  |  |  |  | } | 
					
						
							|  |  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-08-04 08:54:55 +02:00
										 |  |  |  | /**
 | 
					
						
							|  |  |  |  |  * g_tls_backend_get_file_database_type: | 
					
						
							|  |  |  |  |  * @backend: the #GTlsBackend | 
					
						
							|  |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2012-02-19 15:41:12 +00:00
										 |  |  |  |  * Gets the #GType of @backend's #GTlsFileDatabase implementation. | 
					
						
							| 
									
										
										
										
											2011-08-04 08:54:55 +02:00
										 |  |  |  |  * | 
					
						
							| 
									
										
										
										
											2014-02-19 19:35:23 -05:00
										 |  |  |  |  * Returns: the #GType of backend's #GTlsFileDatabase implementation. | 
					
						
							| 
									
										
										
										
											2011-08-04 08:54:55 +02:00
										 |  |  |  |  * | 
					
						
							|  |  |  |  |  * Since: 2.30 | 
					
						
							|  |  |  |  |  */ | 
					
						
							|  |  |  |  | GType | 
					
						
							|  |  |  |  | g_tls_backend_get_file_database_type (GTlsBackend *backend) | 
					
						
							|  |  |  |  | { | 
					
						
							|  |  |  |  |   g_return_val_if_fail (G_IS_TLS_BACKEND (backend), 0); | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  |   /* This method was added later, so accept the (remote) possibility it can be NULL */ | 
					
						
							|  |  |  |  |   if (!G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type) | 
					
						
							|  |  |  |  |     return 0; | 
					
						
							|  |  |  |  | 
 | 
					
						
							|  |  |  |  |   return G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type (); | 
					
						
							|  |  |  |  | } |