mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-11-14 13:26:16 +01:00
Merge branch 'mcatanzaro/gtlsconnection-changes' into 'master'
Deprecate old GTlsConnection functionality even harder! See merge request GNOME/glib!1227
This commit is contained in:
commit
88e7529101
@ -103,14 +103,12 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
|
|||||||
/**
|
/**
|
||||||
* GTlsClientConnection:use-ssl3:
|
* GTlsClientConnection:use-ssl3:
|
||||||
*
|
*
|
||||||
* If %TRUE, forces the connection to use a fallback version of TLS
|
* SSL 3.0 is no longer supported. See
|
||||||
* or SSL, rather than trying to negotiate the best version of TLS
|
* g_tls_client_connection_set_use_ssl3() for details.
|
||||||
* to use. See g_tls_client_connection_set_use_ssl3().
|
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
* Deprecated: 2.56: SSL 3.0 is insecure, and this property does not
|
* Deprecated: 2.56: SSL 3.0 is insecure.
|
||||||
* generally enable or disable it, despite its name.
|
|
||||||
*/
|
*/
|
||||||
g_object_interface_install_property (iface,
|
g_object_interface_install_property (iface,
|
||||||
g_param_spec_boolean ("use-ssl3",
|
g_param_spec_boolean ("use-ssl3",
|
||||||
@ -270,16 +268,14 @@ g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
|
|||||||
* g_tls_client_connection_get_use_ssl3:
|
* g_tls_client_connection_get_use_ssl3:
|
||||||
* @conn: the #GTlsClientConnection
|
* @conn: the #GTlsClientConnection
|
||||||
*
|
*
|
||||||
* Gets whether @conn will force the lowest-supported TLS protocol
|
* SSL 3.0 is no longer supported. See
|
||||||
* version rather than attempt to negotiate the highest mutually-
|
* g_tls_client_connection_set_use_ssl3() for details.
|
||||||
* supported version of TLS; see g_tls_client_connection_set_use_ssl3().
|
|
||||||
*
|
*
|
||||||
* Returns: whether @conn will use the lowest-supported TLS protocol version
|
* Returns: %FALSE
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
* Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
|
* Deprecated: 2.56: SSL 3.0 is insecure.
|
||||||
* actually indicate whether it is enabled.
|
|
||||||
*/
|
*/
|
||||||
gboolean
|
gboolean
|
||||||
g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
|
g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
|
||||||
@ -289,32 +285,28 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
|
|||||||
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
|
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
|
||||||
|
|
||||||
g_object_get (G_OBJECT (conn), "use-ssl3", &use_ssl3, NULL);
|
g_object_get (G_OBJECT (conn), "use-ssl3", &use_ssl3, NULL);
|
||||||
return use_ssl3;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* g_tls_client_connection_set_use_ssl3:
|
* g_tls_client_connection_set_use_ssl3:
|
||||||
* @conn: the #GTlsClientConnection
|
* @conn: the #GTlsClientConnection
|
||||||
* @use_ssl3: whether to use the lowest-supported protocol version
|
* @use_ssl3: a #gboolean, ignored
|
||||||
*
|
*
|
||||||
* Since 2.42.1, if @use_ssl3 is %TRUE, this forces @conn to use the
|
* Since GLib 2.42.1, SSL 3.0 is no longer supported.
|
||||||
* lowest-supported TLS protocol version rather than trying to properly
|
|
||||||
* negotiate the highest mutually-supported protocol version with the
|
|
||||||
* peer. Be aware that SSL 3.0 is generally disabled by the
|
|
||||||
* #GTlsBackend, so the lowest-supported protocol version is probably
|
|
||||||
* not SSL 3.0.
|
|
||||||
*
|
*
|
||||||
* Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to
|
* From GLib 2.42.1 through GLib 2.62, this function could be used to
|
||||||
* be sent to the server, causing modern TLS servers to immediately
|
* force use of TLS 1.0, the lowest-supported TLS protocol version at
|
||||||
* terminate the connection. You should generally only use this function
|
* the time. In the past, this was needed to connect to broken TLS
|
||||||
* if you need to connect to broken servers that exhibit TLS protocol
|
* servers that exhibited protocol version intolerance. Such servers
|
||||||
* version intolerance, and when an initial attempt to connect to a
|
* are no longer common, and using TLS 1.0 is no longer considered
|
||||||
* server normally has already failed.
|
* acceptable.
|
||||||
|
*
|
||||||
|
* Since GLib 2.64, this function does nothing.
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
* Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
|
* Deprecated: 2.56: SSL 3.0 is insecure.
|
||||||
* generally enable or disable it, despite its name.
|
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
|
g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
|
||||||
@ -322,7 +314,7 @@ g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
|
|||||||
{
|
{
|
||||||
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
|
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
|
||||||
|
|
||||||
g_object_set (G_OBJECT (conn), "use-ssl3", use_ssl3, NULL);
|
g_object_set (G_OBJECT (conn), "use-ssl3", FALSE, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -139,7 +139,8 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
|
|||||||
TRUE,
|
TRUE,
|
||||||
G_PARAM_READWRITE |
|
G_PARAM_READWRITE |
|
||||||
G_PARAM_CONSTRUCT |
|
G_PARAM_CONSTRUCT |
|
||||||
G_PARAM_STATIC_STRINGS));
|
G_PARAM_STATIC_STRINGS |
|
||||||
|
G_PARAM_DEPRECATED));
|
||||||
/**
|
/**
|
||||||
* GTlsConnection:database:
|
* GTlsConnection:database:
|
||||||
*
|
*
|
||||||
@ -195,6 +196,8 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
|
|||||||
* g_tls_connection_set_rehandshake_mode().
|
* g_tls_connection_set_rehandshake_mode().
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
|
*
|
||||||
|
* Deprecated: 2.60: The rehandshake mode is ignored.
|
||||||
*/
|
*/
|
||||||
g_object_class_install_property (gobject_class, PROP_REHANDSHAKE_MODE,
|
g_object_class_install_property (gobject_class, PROP_REHANDSHAKE_MODE,
|
||||||
g_param_spec_enum ("rehandshake-mode",
|
g_param_spec_enum ("rehandshake-mode",
|
||||||
@ -730,27 +733,17 @@ g_tls_connection_get_require_close_notify (GTlsConnection *conn)
|
|||||||
* @conn: a #GTlsConnection
|
* @conn: a #GTlsConnection
|
||||||
* @mode: the rehandshaking mode
|
* @mode: the rehandshaking mode
|
||||||
*
|
*
|
||||||
* Sets how @conn behaves with respect to rehandshaking requests, when
|
* Since GLib 2.64, changing the rehandshake mode is no longer supported
|
||||||
* TLS 1.2 or older is in use.
|
* and will have no effect.
|
||||||
*
|
*
|
||||||
* %G_TLS_REHANDSHAKE_NEVER means that it will never agree to
|
* With TLS 1.2, the connection will allow a rehandshake only if the
|
||||||
* rehandshake after the initial handshake is complete. (For a client,
|
* other end of the connection supports the TLS `renegotiation_info`
|
||||||
* this means it will refuse rehandshake requests from the server, and
|
* extension. This means that rehandshaking will not work against older
|
||||||
* for a server, this means it will close the connection with an error
|
|
||||||
* if the client attempts to rehandshake.)
|
|
||||||
*
|
|
||||||
* %G_TLS_REHANDSHAKE_SAFELY means that the connection will allow a
|
|
||||||
* rehandshake only if the other end of the connection supports the
|
|
||||||
* TLS `renegotiation_info` extension. This is the default behavior,
|
|
||||||
* but means that rehandshaking will not work against older
|
|
||||||
* implementations that do not support that extension.
|
* implementations that do not support that extension.
|
||||||
*
|
*
|
||||||
* %G_TLS_REHANDSHAKE_UNSAFELY means that the connection will allow
|
* With TLS 1.3, rehandshaking has been removed from the TLS protocol,
|
||||||
* rehandshaking even without the `renegotiation_info` extension. On
|
* replaced by separate post-handshake authentication and rekey
|
||||||
* the server side in particular, this is not recommended, since it
|
* operations.
|
||||||
* leaves the server open to certain attacks. However, this mode is
|
|
||||||
* necessary if you need to allow renegotiation with older client
|
|
||||||
* software.
|
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
@ -766,7 +759,7 @@ g_tls_connection_set_rehandshake_mode (GTlsConnection *conn,
|
|||||||
g_return_if_fail (G_IS_TLS_CONNECTION (conn));
|
g_return_if_fail (G_IS_TLS_CONNECTION (conn));
|
||||||
|
|
||||||
g_object_set (G_OBJECT (conn),
|
g_object_set (G_OBJECT (conn),
|
||||||
"rehandshake-mode", mode,
|
"rehandshake-mode", G_TLS_REHANDSHAKE_SAFELY,
|
||||||
NULL);
|
NULL);
|
||||||
}
|
}
|
||||||
G_GNUC_END_IGNORE_DEPRECATIONS
|
G_GNUC_END_IGNORE_DEPRECATIONS
|
||||||
@ -778,7 +771,7 @@ G_GNUC_END_IGNORE_DEPRECATIONS
|
|||||||
* Gets @conn rehandshaking mode. See
|
* Gets @conn rehandshaking mode. See
|
||||||
* g_tls_connection_set_rehandshake_mode() for details.
|
* g_tls_connection_set_rehandshake_mode() for details.
|
||||||
*
|
*
|
||||||
* Returns: @conn's rehandshaking mode
|
* Returns: %G_TLS_REHANDSHAKE_SAFELY
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
@ -792,12 +785,12 @@ g_tls_connection_get_rehandshake_mode (GTlsConnection *conn)
|
|||||||
{
|
{
|
||||||
GTlsRehandshakeMode mode;
|
GTlsRehandshakeMode mode;
|
||||||
|
|
||||||
g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), G_TLS_REHANDSHAKE_NEVER);
|
g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), G_TLS_REHANDSHAKE_SAFELY);
|
||||||
|
|
||||||
g_object_get (G_OBJECT (conn),
|
g_object_get (G_OBJECT (conn),
|
||||||
"rehandshake-mode", &mode,
|
"rehandshake-mode", &mode,
|
||||||
NULL);
|
NULL);
|
||||||
return mode;
|
return G_TLS_REHANDSHAKE_SAFELY;
|
||||||
}
|
}
|
||||||
G_GNUC_END_IGNORE_DEPRECATIONS
|
G_GNUC_END_IGNORE_DEPRECATIONS
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user