From 045b805199ee6e1635bbabc79552a075855a1473 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Sun, 7 Jan 2018 16:02:17 -0600 Subject: [PATCH] tlsclientconnection: Deprecate ssl3 property and functions I originally planned to introduce a new property and functions to replace these, with the same behavior but less-confusing names. But that might not be the best approach in the long run. Instead, let's just deprecate them without replacement. TLS 1.2 intolerance is no longer a thing in the wild, and no known GTlsBackend supports TLS 1.3 yet. But you might need to use this property in the future, even though it's deprecated, if your GTlsBackend has added support for TLS 1.3 and you need to talk to a server that is TLS 1.3 intolerant. Independently of all that, these APIs simply no longer do what their names suggest, so deprecation is sensible regardless. https://bugzilla.gnome.org/show_bug.cgi?id=792217 --- gio/gtlsclientconnection.c | 12 +++++++++++- gio/gtlsclientconnection.h | 4 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/gio/gtlsclientconnection.c b/gio/gtlsclientconnection.c index 13fbfde5a..f80c62572 100644 --- a/gio/gtlsclientconnection.c +++ b/gio/gtlsclientconnection.c @@ -115,6 +115,9 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface) * as the fallback version. * * Since: 2.28 + * + * Deprecated: 2.56: SSL 3.0 is insecure, and this property does not + * generally enable or disable it, despite its name. */ g_object_interface_install_property (iface, g_param_spec_boolean ("use-ssl3", @@ -123,7 +126,8 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface) FALSE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT | - G_PARAM_STATIC_STRINGS)); + G_PARAM_STATIC_STRINGS | + G_PARAM_DEPRECATED)); /** * GTlsClientConnection:accepted-cas: (type GLib.List) (element-type GLib.ByteArray) @@ -280,6 +284,9 @@ g_tls_client_connection_set_server_identity (GTlsClientConnection *conn, * Returns: whether @conn will use the lowest-supported TLS protocol version * * Since: 2.28 + * + * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not + * actually indicate whether it is enabled. */ gboolean g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn) @@ -307,6 +314,9 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn) * the lowest-supported protocol version is probably not SSL 3.0. * * Since: 2.28 + * + * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not + * generally enable or disable it, despite its name. */ void g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn, diff --git a/gio/gtlsclientconnection.h b/gio/gtlsclientconnection.h index 84711ec0b..29dbafcf4 100644 --- a/gio/gtlsclientconnection.h +++ b/gio/gtlsclientconnection.h @@ -69,9 +69,9 @@ GSocketConnectable *g_tls_client_connection_get_server_identity (GTlsClientCo GLIB_AVAILABLE_IN_ALL void g_tls_client_connection_set_server_identity (GTlsClientConnection *conn, GSocketConnectable *identity); -GLIB_AVAILABLE_IN_ALL +GLIB_DEPRECATED_IN_2_56 gboolean g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn); -GLIB_AVAILABLE_IN_ALL +GLIB_DEPRECATED_IN_2_56 void g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn, gboolean use_ssl3); GLIB_AVAILABLE_IN_ALL