tlsclientconnection: Deprecate ssl3 property and functions

I originally planned to introduce a new property and functions to replace these, with the same behavior but less-confusing names. But that might not be the best approach in the long run. Instead, let's just deprecate them without replacement. TLS 1.2 intolerance is no longer a thing in the wild, and no known GTlsBackend supports TLS 1.3 yet. But you might need to use this property in the future, even though it's deprecated, if your GTlsBackend has added support for TLS 1.3 and you need to talk to a server that is TLS 1.3 intolerant. Independently of all that, these APIs simply no longer do what their names suggest, so deprecation is sensible regardless. https://bugzilla.gnome.org/show_bug.cgi?id=792217
2025-01-11 23:16:14 +01:00 · 2018-01-07 16:02:17 -06:00 · 2018-01-07 16:02:17 -06:00 · 045b805199
commit 045b805199
parent 9e5254ebce
2 changed files with 13 additions and 3 deletions
--- a/gio/gtlsclientconnection.c
+++ b/gio/gtlsclientconnection.c
@ -115,6 +115,9 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
   * as the fallback version.
   *
   * Since: 2.28
+   *
+   * Deprecated: 2.56: SSL 3.0 is insecure, and this property does not
+   * generally enable or disable it, despite its name.
   */
  g_object_interface_install_property (iface,
 				       g_param_spec_boolean ("use-ssl3",
@ -123,7 +126,8 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
 							     FALSE,
 							     G_PARAM_READWRITE |
 							     G_PARAM_CONSTRUCT |
-							     G_PARAM_STATIC_STRINGS));
+							     G_PARAM_STATIC_STRINGS |
+							     G_PARAM_DEPRECATED));

  /**
   * GTlsClientConnection:accepted-cas: (type GLib.List) (element-type GLib.ByteArray)
@ -280,6 +284,9 @@ g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
 * Returns: whether @conn will use the lowest-supported TLS protocol version
 *
 * Since: 2.28
+ *
+ * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
+ * actually indicate whether it is enabled.
 */
 gboolean
 g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
@ -307,6 +314,9 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
 * the lowest-supported protocol version is probably not SSL 3.0.
 *
 * Since: 2.28
+ *
+ * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
+ * generally enable or disable it, despite its name.
 */
 void
 g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
--- a/gio/gtlsclientconnection.h
+++ b/gio/gtlsclientconnection.h
@ -69,9 +69,9 @@ GSocketConnectable   *g_tls_client_connection_get_server_identity  (GTlsClientCo
 GLIB_AVAILABLE_IN_ALL
 void                  g_tls_client_connection_set_server_identity  (GTlsClientConnection    *conn,
 								    GSocketConnectable      *identity);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_56
 gboolean              g_tls_client_connection_get_use_ssl3         (GTlsClientConnection    *conn);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_56
 void                  g_tls_client_connection_set_use_ssl3         (GTlsClientConnection    *conn,
 								    gboolean                 use_ssl3);
 GLIB_AVAILABLE_IN_ALL