GTlsServerConnection: Add SNI support

Add GTlsServerConnection:server-identity, for reporting the identity requested by the client via the SNI extension. Based on a patch from Marcin Lewandowski https://bugzilla.gnome.org/show_bug.cgi?id=681312
2025-02-24 19:22:11 +01:00 · 2012-12-12 11:59:12 +01:00 · 2012-12-12 11:59:12 +01:00 · af88962c23
commit af88962c23
parent 69003a0751
3 changed files with 56 additions and 4 deletions
--- a/docs/reference/gio/gio-sections.txt
+++ b/docs/reference/gio/gio-sections.txt
@ -3738,6 +3738,7 @@ g_tls_file_database_get_type
 GTlsServerConnection
 GTlsServerConnectionInterface
 g_tls_server_connection_new
+g_tls_server_connection_get_server_identity
 <SUBSECTION Standard>
 G_IS_TLS_SERVER_CONNECTION
 G_TLS_SERVER_CONNECTION
--- a/gio/gtlsserverconnection.c
+++ b/gio/gtlsserverconnection.c
@ -60,6 +60,32 @@ g_tls_server_connection_default_init (GTlsServerConnectionInterface *iface)
 							  G_TLS_AUTHENTICATION_NONE,
 							  G_PARAM_READWRITE |
 							  G_PARAM_STATIC_STRINGS));
+
+  /**
+   * GTlsServerConnection:server-identity:
+   *
+   * The server identity chosen by the client via the SNI extension.
+   * If the client sends that extension in the handshake, this
+   * property will be updated when it is parsed.
+   *
+   * You can connect to #GObject::notify for this property to be
+   * notified when this is set, and then call
+   * g_tls_connection_set_certificate() to set an appropriate
+   * certificate to send in reply. Beware that the notification may be
+   * emitted in a different thread from the one that you started the
+   * handshake in (but, as long as you are not also getting or setting
+   * the certificate from another thread, it is safe to call
+   * g_tls_connection_set_certificate() from that thread).
+   *
+   * Since: 2.46
+   */
+  g_object_interface_install_property (iface,
+				       g_param_spec_string ("server-identity",
+                                                            P_("Server Identity"),
+                                                            P_("The server identity requested by the client"),
+                                                            NULL,
+                                                            G_PARAM_READABLE |
+                                                            G_PARAM_STATIC_STRINGS));
 }

 /**
@ -92,3 +118,24 @@ g_tls_server_connection_new (GIOStream        *base_io_stream,
 			 NULL);
  return G_IO_STREAM (conn);
 }
+
+/**
+ * g_tls_server_connection_get_server_identity:
+ * @conn: a #GTlsServerConnection
+ *
+ * Gets the server identity requested by the client via the SNI
+ * extension, after it has been set during the handshake.
+ *
+ * Return value: the requested server identity, or %NULL if the
+ *   client didn't use SNI.
+ *
+ * Since: 2.46
+ */
+const gchar *
+g_tls_server_connection_get_server_identity (GTlsServerConnection *conn)
+{
+  if (G_TLS_SERVER_CONNECTION_GET_INTERFACE (conn)->get_server_identity)
+    return G_TLS_SERVER_CONNECTION_GET_INTERFACE (conn)->get_server_identity (conn);
+  else
+    return NULL;
+}
--- a/gio/gtlsserverconnection.h
+++ b/gio/gtlsserverconnection.h
@ -54,6 +54,7 @@ struct _GTlsServerConnectionInterface
 {
  GTypeInterface g_iface;

+  const char * (*get_server_identity) (GTlsServerConnection *);
 };

 GLIB_AVAILABLE_IN_ALL
@ -64,6 +65,9 @@ GIOStream *           g_tls_server_connection_new                      (GIOStrea
                                                          GTlsCertificate       *certificate,
                                                          GError               **error);

+GLIB_AVAILABLE_IN_2_46
+const gchar *g_tls_server_connection_get_server_identity (GTlsServerConnection  *conn);
+
 G_END_DECLS

 #endif /* __G_TLS_SERVER_CONNECTION_H__ */