Update documentation of g_tls_connection_handshake() one last time

Let's entirely deprecate calling this function for rehandshaking. The
current documentation is OK, but guarantees defined behavior (to attempt
a rehandshake) when TLS 1.2 is in use. But there's no way to force TLS
1.2, and also no way to check which version of TLS is in use. I really
should have deprecated use of this function for rehandshaking entirely
last time I updated it.

Fortunately, there should be no compatibility risk for existing code,
because rehandshaking has no visible effects at the API level.
This commit is contained in:
Michael Catanzaro 2018-11-17 11:14:27 -06:00
parent 11847b831e
commit 2031e37dfc
2 changed files with 18 additions and 7 deletions

View File

@ -656,8 +656,15 @@ g_dtls_connection_get_rehandshake_mode (GDtlsConnection *conn)
* Likewise, on the server side, although a handshake is necessary at * Likewise, on the server side, although a handshake is necessary at
* the beginning of the communication, you do not need to call this * the beginning of the communication, you do not need to call this
* function explicitly unless you want clearer error reporting. * function explicitly unless you want clearer error reporting.
* However, you may call g_dtls_connection_handshake() later on to *
* renegotiate parameters (encryption methods, etc) with the client. * If TLS 1.2 or older is in use, you may call
* g_dtls_connection_handshake() after the initial handshake to
* rehandshake; however, this usage is deprecated because rehandshaking
* is no longer part of the TLS protocol in TLS 1.3. Accordingly, the
* behavior of calling this function after the initial handshake is now
* undefined, except it is guaranteed to be reasonable and
* nondestructive so as to preserve compatibility with code written for
* older versions of GLib.
* *
* #GDtlsConnection::accept_certificate may be emitted during the * #GDtlsConnection::accept_certificate may be emitted during the
* handshake. * handshake.

View File

@ -756,11 +756,15 @@ g_tls_connection_get_rehandshake_mode (GTlsConnection *conn)
* Likewise, on the server side, although a handshake is necessary at * Likewise, on the server side, although a handshake is necessary at
* the beginning of the communication, you do not need to call this * the beginning of the communication, you do not need to call this
* function explicitly unless you want clearer error reporting. * function explicitly unless you want clearer error reporting.
* However, you may call g_tls_connection_handshake() later on to *
* rehandshake, if TLS 1.2 or older is in use. With TLS 1.3, the * If TLS 1.2 or older is in use, you may call
* behavior is undefined but guaranteed to be reasonable and * g_tls_connection_handshake() after the initial handshake to
* nondestructive, so most older code should be expected to continue to * rehandshake; however, this usage is deprecated because rehandshaking
* work without changes. * is no longer part of the TLS protocol in TLS 1.3. Accordingly, the
* behavior of calling this function after the initial handshake is now
* undefined, except it is guaranteed to be reasonable and
* nondestructive so as to preserve compatibility with code written for
* older versions of GLib.
* *
* #GTlsConnection::accept_certificate may be emitted during the * #GTlsConnection::accept_certificate may be emitted during the
* handshake. * handshake.