From af88962c2362bf4de998e5eb0db4f5d92d4c8b67 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Wed, 12 Dec 2012 11:59:12 +0100 Subject: [PATCH] GTlsServerConnection: Add SNI support Add GTlsServerConnection:server-identity, for reporting the identity requested by the client via the SNI extension. Based on a patch from Marcin Lewandowski https://bugzilla.gnome.org/show_bug.cgi?id=681312 --- docs/reference/gio/gio-sections.txt | 1 + gio/gtlsserverconnection.c | 47 +++++++++++++++++++++++++++++ gio/gtlsserverconnection.h | 12 +++++--- 3 files changed, 56 insertions(+), 4 deletions(-) diff --git a/docs/reference/gio/gio-sections.txt b/docs/reference/gio/gio-sections.txt index 9eb68b2d3..cb46e77ce 100644 --- a/docs/reference/gio/gio-sections.txt +++ b/docs/reference/gio/gio-sections.txt @@ -3738,6 +3738,7 @@ g_tls_file_database_get_type GTlsServerConnection GTlsServerConnectionInterface g_tls_server_connection_new +g_tls_server_connection_get_server_identity G_IS_TLS_SERVER_CONNECTION G_TLS_SERVER_CONNECTION diff --git a/gio/gtlsserverconnection.c b/gio/gtlsserverconnection.c index 4c2f48682..aad9c3772 100644 --- a/gio/gtlsserverconnection.c +++ b/gio/gtlsserverconnection.c @@ -60,6 +60,32 @@ g_tls_server_connection_default_init (GTlsServerConnectionInterface *iface) G_TLS_AUTHENTICATION_NONE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); + + /** + * GTlsServerConnection:server-identity: + * + * The server identity chosen by the client via the SNI extension. + * If the client sends that extension in the handshake, this + * property will be updated when it is parsed. + * + * You can connect to #GObject::notify for this property to be + * notified when this is set, and then call + * g_tls_connection_set_certificate() to set an appropriate + * certificate to send in reply. Beware that the notification may be + * emitted in a different thread from the one that you started the + * handshake in (but, as long as you are not also getting or setting + * the certificate from another thread, it is safe to call + * g_tls_connection_set_certificate() from that thread). + * + * Since: 2.46 + */ + g_object_interface_install_property (iface, + g_param_spec_string ("server-identity", + P_("Server Identity"), + P_("The server identity requested by the client"), + NULL, + G_PARAM_READABLE | + G_PARAM_STATIC_STRINGS)); } /** @@ -92,3 +118,24 @@ g_tls_server_connection_new (GIOStream *base_io_stream, NULL); return G_IO_STREAM (conn); } + +/** + * g_tls_server_connection_get_server_identity: + * @conn: a #GTlsServerConnection + * + * Gets the server identity requested by the client via the SNI + * extension, after it has been set during the handshake. + * + * Return value: the requested server identity, or %NULL if the + * client didn't use SNI. + * + * Since: 2.46 + */ +const gchar * +g_tls_server_connection_get_server_identity (GTlsServerConnection *conn) +{ + if (G_TLS_SERVER_CONNECTION_GET_INTERFACE (conn)->get_server_identity) + return G_TLS_SERVER_CONNECTION_GET_INTERFACE (conn)->get_server_identity (conn); + else + return NULL; +} diff --git a/gio/gtlsserverconnection.h b/gio/gtlsserverconnection.h index ad61e30fc..c96c9040f 100644 --- a/gio/gtlsserverconnection.h +++ b/gio/gtlsserverconnection.h @@ -54,15 +54,19 @@ struct _GTlsServerConnectionInterface { GTypeInterface g_iface; + const char * (*get_server_identity) (GTlsServerConnection *); }; GLIB_AVAILABLE_IN_ALL -GType g_tls_server_connection_get_type (void) G_GNUC_CONST; +GType g_tls_server_connection_get_type (void) G_GNUC_CONST; GLIB_AVAILABLE_IN_ALL -GIOStream * g_tls_server_connection_new (GIOStream *base_io_stream, - GTlsCertificate *certificate, - GError **error); +GIOStream * g_tls_server_connection_new (GIOStream *base_io_stream, + GTlsCertificate *certificate, + GError **error); + +GLIB_AVAILABLE_IN_2_46 +const gchar *g_tls_server_connection_get_server_identity (GTlsServerConnection *conn); G_END_DECLS