luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-01 23:13:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "gtlscertificate: Add support for PKCS #11 backed certificates"

Browse Source 
This reverts commit b6d8efbebc.

This GLib API is good, but the implentation is not ready, so there's no
reason to commit to the API in GLib 2.64. We can reland again when the
implementation is ready.

There are three problems: (a) The glib-networking implementation normally
works, but the test has been broken for a long time. I'm not comfortable
with adding a major new feature without a working test. This is
glib-networking#104. (b) The WebKit implementation never landed. There
is a working patch, but it hasn't been accepted upstream yet. This API
isn't needed in GLib until WebKit is ready to start using it.
https://bugs.webkit.org/show_bug.cgi?id=200805. (c) Similarly, even if
the WebKit API was ready, that itself isn't useful until an application
is ready to start using it, and the Epiphany level work never happened.

Let's try again for GLib 2.66. Reverting this commit now just means we
gain another six months before committing to the API forever. No reason
to keep this in GLib 2.64 when nothing is using it yet.
This commit is contained in:
Michael Catanzaro
2020-01-30 04:10:05 -06:00
parent 0d3d3e1d84
commit d58e5de9e9
5 changed files with 4 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
gio/tests/tls-certificate.c
View File

@@ -398,38 +398,6 @@ list_from_file (const Reference *ref)
g_assert_cmpint (g_list_length (list), ==, 0);
}
static void
from_pkcs11_uri (void)
{
GError *error = NULL;
GTlsCertificate *cert;
gchar *pkcs11_uri = NULL;
cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", NULL, &error);
g_assert_no_error (error);
g_assert_nonnull (cert);
g_object_get (cert, "pkcs11-uri", &pkcs11_uri, NULL);
g_assert_cmpstr ("pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=ca-bundle.crt", ==, pkcs11_uri);
g_free (pkcs11_uri);
g_object_unref (cert);
}
static void
from_unsupported_pkcs11_uri (void)
{
GError *error = NULL;
GTlsCertificate *cert;
/* This is a magic value in gtesttlsbackend.c simulating an unsupported backend */
cert = g_tls_certificate_new_from_pkcs11_uris ("unsupported", NULL, &error);
g_assert_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED);
g_assert_null (cert);
g_clear_error (&error);
}
int
main (int argc,
char *argv[])
@@ -496,11 +464,6 @@ main (int argc,
&ref, (GTestDataFunc)from_files_pkcs8enc);
g_test_add_data_func ("/tls-certificate/list_from_file",
&ref, (GTestDataFunc)list_from_file);
g_test_add_func ("/tls-certificate/pkcs11-uri",
from_pkcs11_uri);
g_test_add_func ("/tls-certificate/pkcs11-uri-unsupported",
from_unsupported_pkcs11_uri);
rtv = g_test_run();