luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-11-14 05:16:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add GTlsConnection:use-system-certdb

Browse Source 
This can be set FALSE if you don't want to validate certificates
against the system database.
This commit is contained in:
Dan Winship 2010-12-01 13:49:39 -05:00
parent 73d6bd8a45
commit d6e94070dd
5 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/reference/gio/gio-sections.txt
View File

@ -3064,6 +3064,8 @@ g_tls_connection_get_require_close_notify
GTlsRehandshakeMode GTlsRehandshakeMode
g_tls_connection_set_rehandshake_mode g_tls_connection_set_rehandshake_mode
g_tls_connection_get_rehandshake_mode g_tls_connection_get_rehandshake_mode
g_tls_connection_set_use_system_certdb
g_tls_connection_get_use_system_certdb
<SUBSECTION> <SUBSECTION>
g_tls_connection_handshake g_tls_connection_handshake
g_tls_connection_handshake_async g_tls_connection_handshake_async

3
gio/gdummytlsbackend.c
View File

@ -184,6 +184,7 @@ enum
PROP_BASE_IO_STREAM, PROP_BASE_IO_STREAM,
PROP_REQUIRE_CLOSE_NOTIFY, PROP_REQUIRE_CLOSE_NOTIFY,
PROP_REHANDSHAKE_MODE, PROP_REHANDSHAKE_MODE,
PROP_USE_SYSTEM_CERTDB,
PROP_VALIDATION_FLAGS, PROP_VALIDATION_FLAGS,
PROP_SERVER_IDENTITY, PROP_SERVER_IDENTITY,
PROP_USE_SSL3, PROP_USE_SSL3,
@ -243,12 +244,12 @@ g_dummy_tls_connection_class_init (GDummyTlsConnectionClass *connection_class)
g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream"); g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify"); g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode"); g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags"); g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity"); g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3"); g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3");
g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas"); g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas");
g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode"); g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
} }
static void static void

2
gio/gio.symbols
View File

@ -2043,6 +2043,7 @@ g_tls_connection_get_certificate
g_tls_connection_get_peer_certificate g_tls_connection_get_peer_certificate
g_tls_connection_get_rehandshake_mode g_tls_connection_get_rehandshake_mode
g_tls_connection_get_require_close_notify g_tls_connection_get_require_close_notify
g_tls_connection_get_use_system_certdb
g_tls_connection_get_type G_GNUC_CONST g_tls_connection_get_type G_GNUC_CONST
g_tls_connection_handshake g_tls_connection_handshake
g_tls_connection_handshake_async g_tls_connection_handshake_async
@ -2051,6 +2052,7 @@ g_tls_connection_set_certificate
g_tls_connection_set_peer_certificate g_tls_connection_set_peer_certificate
g_tls_connection_set_rehandshake_mode g_tls_connection_set_rehandshake_mode
g_tls_connection_set_require_close_notify g_tls_connection_set_require_close_notify
g_tls_connection_set_use_system_certdb
#endif #endif
#endif #endif

70
gio/gtlsconnection.c
View File

@ -84,6 +84,7 @@ enum {
PROP_BASE_IO_STREAM, PROP_BASE_IO_STREAM,
PROP_REQUIRE_CLOSE_NOTIFY, PROP_REQUIRE_CLOSE_NOTIFY,
PROP_REHANDSHAKE_MODE, PROP_REHANDSHAKE_MODE,
PROP_USE_SYSTEM_CERTDB,
PROP_CERTIFICATE, PROP_CERTIFICATE,
PROP_PEER_CERTIFICATE PROP_PEER_CERTIFICATE
}; };
@ -118,6 +119,23 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
G_PARAM_READWRITE | G_PARAM_READWRITE |
G_PARAM_CONSTRUCT_ONLY | G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS)); G_PARAM_STATIC_STRINGS));
/**
* GTlsConnection:use-system-certdb:
*
* Whether or not the system certificate database will be used to
* verify peer certificates. See
* g_tls_connection_set_use_system_certdb().
*
* Since: 2.28
*/
g_object_class_install_property (gobject_class, PROP_USE_SYSTEM_CERTDB,
g_param_spec_boolean ("use-system-certdb",
P_("Use system certificate database"),
P_("Whether to verify peer certificates against the system certificate database"),
TRUE,
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/** /**
* GTlsConnection:require-close-notify: * GTlsConnection:require-close-notify:
* *
@ -132,6 +150,7 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
P_("Whether to require proper TLS close notification"), P_("Whether to require proper TLS close notification"),
TRUE, TRUE,
G_PARAM_READWRITE | G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS)); G_PARAM_STATIC_STRINGS));
/** /**
* GTlsConnection:rehandshake-mode: * GTlsConnection:rehandshake-mode:
@ -148,6 +167,7 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
G_TYPE_TLS_REHANDSHAKE_MODE, G_TYPE_TLS_REHANDSHAKE_MODE,
G_TLS_REHANDSHAKE_SAFELY, G_TLS_REHANDSHAKE_SAFELY,
G_PARAM_READWRITE | G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS)); G_PARAM_STATIC_STRINGS));
/** /**
* GTlsConnection:certificate: * GTlsConnection:certificate:
@ -342,6 +362,56 @@ g_tls_connection_set_property (GObject *object,
} }
} }
/**
* g_tls_connection_set_use_system_certdb:
* @conn: a #GTlsConnection
* @use_system_certdb: whether to use the system certificate database
*
* Sets whether @conn uses the system certificate database to verify
* peer certificates. This is %TRUE by default. If set to %FALSE, then
* peer certificate validation will always set the
* %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
* #GTlsConnection::accept-certificate will always be emitted on
* client-side connections, unless that bit is not set in
* #GTlsClientConnection:validation-flags).
*
* Since: 2.28
*/
void
g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
gboolean use_system_certdb)
{
g_return_if_fail (G_IS_TLS_CONNECTION (conn));
g_object_set (G_OBJECT (conn),
"use-system-certdb", use_system_certdb,
NULL);
}
/**
* g_tls_connection_get_use_system_certdb:
* @conn: a #GTlsConnection
*
* Gets whether @conn uses the system certificate database to verify
* peer certificates. See g_tls_connection_set_use_system_certdb().
*
* Return value: whether @conn uses the system certificate database
*
* Since: 2.28
*/
gboolean
g_tls_connection_get_use_system_certdb (GTlsConnection *conn)
{
gboolean use_system_certdb;
g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), TRUE);
g_object_get (G_OBJECT (conn),
"use-system-certdb", &use_system_certdb,
NULL);
return use_system_certdb;
}
/** /**
* g_tls_connection_set_certificate: * g_tls_connection_set_certificate:
* @conn: a #GTlsConnection * @conn: a #GTlsConnection

4
gio/gtlsconnection.h
View File

@ -85,6 +85,10 @@ struct _GTlsConnectionClass
GType g_tls_connection_get_type (void) G_GNUC_CONST; GType g_tls_connection_get_type (void) G_GNUC_CONST;
void g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
gboolean use_system_certdb);
gboolean g_tls_connection_get_use_system_certdb (GTlsConnection *conn);
void g_tls_connection_set_certificate (GTlsConnection *conn, void g_tls_connection_set_certificate (GTlsConnection *conn,
GTlsCertificate *certificate); GTlsCertificate *certificate);
GTlsCertificate *g_tls_connection_get_certificate (GTlsConnection *conn); GTlsCertificate *g_tls_connection_get_certificate (GTlsConnection *conn);