Merge branch 'mcatanzaro/copy-session-state' into 'master'

Improve documentation for footgun function g_tls_client_connection_copy_session_state()

See merge request GNOME/glib!1039
This commit is contained in:
Michael Catanzaro 2019-11-18 21:14:37 +00:00
commit d3768c89ae

View File

@ -351,12 +351,34 @@ g_tls_client_connection_get_accepted_cas (GTlsClientConnection *conn)
* @conn: a #GTlsClientConnection * @conn: a #GTlsClientConnection
* @source: a #GTlsClientConnection * @source: a #GTlsClientConnection
* *
* Copies session state from one connection to another. This is * Possibly copies session state from one connection to another, for use
* not normally needed, but may be used when the same session * in TLS session resumption. This is not normally needed, but may be
* needs to be used between different endpoints as is required * used when the same session needs to be used between different
* by some protocols such as FTP over TLS. @source should have * endpoints, as is required by some protocols, such as FTP over TLS.
* already completed a handshake, and @conn should not have * @source should have already completed a handshake and, since TLS 1.3,
* completed a handshake. * it should have been used to read data at least once. @conn should not
* have completed a handshake.
*
* It is not possible to know whether a call to this function will
* actually do anything. Because session resumption is normally used
* only for performance benefit, the TLS backend might not implement
* this function. Even if implemented, it may not actually succeed in
* allowing @conn to resume @source's TLS session, because the server
* may not have sent a session resumption token to @source, or it may
* refuse to accept the token from @conn. There is no way to know
* whether a call to this function is actually successful.
*
* Using this function is not required to benefit from session
* resumption. If the TLS backend supports session resumption, the
* session will be resumed automatically if it is possible to do so
* without weakening the privacy guarantees normally provided by TLS,
* without need to call this function. For example, with TLS 1.3,
* a session ticket will be automatically copied from any
* #GTlsClientConnection that has previously received session tickets
* from the server, provided a ticket is available that has not
* previously been used for session resumption, since session ticket
* reuse would be a privacy weakness. Using this function causes the
* ticket to be copied without regard for privacy considerations.
* *
* Since: 2.46 * Since: 2.46
*/ */