Deprecate TLS rehandshake APIs

Allowing unsafe rehandshakes used to be required for web compatibility, but this is no longer a concern in 2018. So there should no longer be compatibility benefits to calling this function. All it does is make your TLS connection insecure. Also, rehandshaking no longer exists at all in TLS 1.3. At some point (maybe soon!) glib-networking will begin ignoring the rehandshake mode, so let's deprecate it now.
2024-11-09 19:06:15 +01:00 · 2018-11-20 22:04:56 -06:00 · 2018-11-20 22:04:56 -06:00 · 85f7d493d7
commit 85f7d493d7
parent 2031e37dfc
5 changed files with 28 additions and 6 deletions
--- a/gio/gdtlsconnection.c
+++ b/gio/gdtlsconnection.c
@ -162,6 +162,10 @@ g_dtls_connection_default_init (GDtlsConnectionInterface *iface)
   * g_dtls_connection_set_rehandshake_mode().
   *
   * Since: 2.48
+   *
+   * Deprecated: 2.60. Changing the rehandshake mode is no longer
+   *   required for compatibility. Also, rehandshaking has been removed
+   *   from the TLS protocol in TLS 1.3.
   */
  g_object_interface_install_property (iface,
                                       g_param_spec_enum ("rehandshake-mode",
@ -171,7 +175,8 @@ g_dtls_connection_default_init (GDtlsConnectionInterface *iface)
                                                          G_TLS_REHANDSHAKE_NEVER,
                                                          G_PARAM_READWRITE |
                                                          G_PARAM_CONSTRUCT |
-                                                          G_PARAM_STATIC_STRINGS));
+                                                          G_PARAM_STATIC_STRINGS |
+                                                          G_PARAM_DEPRECATED));
  /**
   * GDtlsConnection:certificate:
   *
@ -597,6 +602,10 @@ g_dtls_connection_get_require_close_notify (GDtlsConnection *conn)
 * software.
 *
 * Since: 2.48
+ *
+ * Deprecated: 2.60. Changing the rehandshake mode is no longer
+ *   required for compatibility. Also, rehandshaking has been removed
+ *   from the TLS protocol in TLS 1.3.
 */
 void
 g_dtls_connection_set_rehandshake_mode (GDtlsConnection     *conn,
--- a/gio/gdtlsconnection.h
+++ b/gio/gdtlsconnection.h
@ -123,10 +123,10 @@ void                  g_dtls_connection_set_require_close_notify    (GDtlsConnec
 GLIB_AVAILABLE_IN_2_48
 gboolean              g_dtls_connection_get_require_close_notify    (GDtlsConnection       *conn);

-GLIB_AVAILABLE_IN_2_48
+GLIB_DEPRECATED_IN_2_60
 void                  g_dtls_connection_set_rehandshake_mode        (GDtlsConnection       *conn,
                                                                     GTlsRehandshakeMode    mode);
-GLIB_AVAILABLE_IN_2_48
+GLIB_DEPRECATED_IN_2_60
 GTlsRehandshakeMode   g_dtls_connection_get_rehandshake_mode        (GDtlsConnection       *conn);

 GLIB_AVAILABLE_IN_2_48
--- a/gio/gioenums.h
+++ b/gio/gioenums.h
@ -1593,6 +1593,10 @@ typedef enum {
 * g_tls_connection_set_rehandshake_mode().
 *
 * Since: 2.28
+ *
+ * Deprecated: 2.60. Changing the rehandshake mode is no longer
+ *   required for compatibility. Also, rehandshaking has been removed
+ *   from the TLS protocol in TLS 1.3.
 */
 typedef enum {
  G_TLS_REHANDSHAKE_NEVER,
--- a/gio/gtlsconnection.c
+++ b/gio/gtlsconnection.c
@ -194,7 +194,8 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
 						      G_TLS_REHANDSHAKE_SAFELY,
 						      G_PARAM_READWRITE |
 						      G_PARAM_CONSTRUCT |
-						      G_PARAM_STATIC_STRINGS));
+						      G_PARAM_STATIC_STRINGS |
+						      G_PARAM_DEPRECATED));
  /**
   * GTlsConnection:certificate:
   *
@ -697,6 +698,10 @@ g_tls_connection_get_require_close_notify (GTlsConnection *conn)
 * software.
 *
 * Since: 2.28
+ *
+ * Deprecated: 2.60. Changing the rehandshake mode is no longer
+ *   required for compatibility. Also, rehandshaking has been removed
+ *   from the TLS protocol in TLS 1.3.
 */
 void
 g_tls_connection_set_rehandshake_mode (GTlsConnection       *conn,
@ -719,6 +724,10 @@ g_tls_connection_set_rehandshake_mode (GTlsConnection       *conn,
 * Returns: @conn's rehandshaking mode
 *
 * Since: 2.28
+ *
+ * Deprecated: 2.60. Changing the rehandshake mode is no longer
+ *   required for compatibility. Also, rehandshaking has been removed
+ *   from the TLS protocol in TLS 1.3.
 */
 GTlsRehandshakeMode
 g_tls_connection_get_rehandshake_mode (GTlsConnection       *conn)
--- a/gio/gtlsconnection.h
+++ b/gio/gtlsconnection.h
@ -109,10 +109,10 @@ void                  g_tls_connection_set_require_close_notify    (GTlsConnecti
 GLIB_AVAILABLE_IN_ALL
 gboolean              g_tls_connection_get_require_close_notify    (GTlsConnection       *conn);

-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_60
 void                  g_tls_connection_set_rehandshake_mode        (GTlsConnection       *conn,
 								    GTlsRehandshakeMode   mode);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_60
 GTlsRehandshakeMode   g_tls_connection_get_rehandshake_mode        (GTlsConnection       *conn);

 GLIB_AVAILABLE_IN_ALL