Commit Graph

29 Commits

Author SHA1 Message Date
Michael Catanzaro
85f7d493d7 Deprecate TLS rehandshake APIs
Allowing unsafe rehandshakes used to be required for web compatibility,
but this is no longer a concern in 2018. So there should no longer be
compatibility benefits to calling this function. All it does is make
your TLS connection insecure.

Also, rehandshaking no longer exists at all in TLS 1.3.

At some point (maybe soon!) glib-networking will begin ignoring the
rehandshake mode, so let's deprecate it now.
2018-11-20 22:07:58 -06:00
Michael Catanzaro
2031e37dfc Update documentation of g_tls_connection_handshake() one last time
Let's entirely deprecate calling this function for rehandshaking. The
current documentation is OK, but guarantees defined behavior (to attempt
a rehandshake) when TLS 1.2 is in use. But there's no way to force TLS
1.2, and also no way to check which version of TLS is in use. I really
should have deprecated use of this function for rehandshaking entirely
last time I updated it.

Fortunately, there should be no compatibility risk for existing code,
because rehandshaking has no visible effects at the API level.
2018-11-20 22:04:50 -06:00
Michael Catanzaro
68878ab50b Update documentation of g_tls_connection_handshake() again
I made a mistake when last updating the documentation in 94a99ae9. I
wrote that, with TLS 1.3, this would perform a rekey instead of a
rehandshake. In fact, that's only true for client connections. For
server connections, it's a no-op.

I was a bit nervous about how to document the behavior anyway, because
we really don't know what behavior will be reasonable with non-GnuTLS
crypto backends. This behavior is reasonable for the GnuTLS backend, but
might not necessarily make sense for OpenSSL. Ideally, we would
discourage API users from doing things which could have unexpected
effects, so instead of documenting what the GnuTLS backend does, I think
it'd be better to document that this is "undefined but not dangerous,"
since of course we want to make sure that existing code that doesn't
know about TLS 1.3 is not broken.
2018-11-12 14:49:30 -06:00
Michael Catanzaro
94a99ae917 Update documentation of g_tls_connection_handshake
Rehandshaking is not a thing in TLS 1.3. In that case,
g_tls_connection_handshake() should instead perform a re-key.
2018-07-27 10:48:50 -05:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Piotr Drąg
10c490cdfe Use Unicode in translatable strings
See https://developer.gnome.org/hig/stable/typography.html

https://bugzilla.gnome.org/show_bug.cgi?id=772221
2016-10-12 21:30:42 +02:00
Philip Withnall
c3d6934f18 gio: Add DTLS interfaces
Add a new GDtlsConnection interface, plus derived GDtlsClientConnection
and GDtlsServerConnection interfaces, for implementing Datagram TLS
support in glib-networking.

A GDtlsConnection is a GDatagramBased, so may be used as a normal
datagram socket, wrapping all datagrams from a base GDatagramBased in
DTLS segments.

Test cases are included in the implementation in glib-networking.

https://bugzilla.gnome.org/show_bug.cgi?id=752240
2016-01-18 14:25:06 +00:00
Philip Withnall
3add5e2837 gio: Document thread safety of the streams API
Specifically, GIOStream and the TLS connection streams.

Includes wording adapted from suggestions by Dan Winship
<danw@gnome.org>.

https://bugzilla.gnome.org/show_bug.cgi?id=735754
2016-01-11 15:58:42 +00:00
Philip Withnall
1ac2a606fc gtlsconnection: Fix a typo in the documentation 2015-11-06 11:27:24 +01:00
William Jon McCann
20f4d1820b docs: use "Returns:" consistently
Instead of "Return value:".
2014-02-19 19:41:52 -05:00
Matthias Clasen
e7fd3de86d Eradicate links and xrefs
These are all replaced by markdown ref links.
2014-02-08 12:26:56 -05:00
Matthias Clasen
3232425785 Docs: replace <literal> by ` 2014-02-06 08:07:16 -05:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Cosimo Cecchi
62570a52b1 gio: don't quote quark names for G_DEFINE_QUARK 2012-08-28 13:16:25 -04:00
Matthias Clasen
60d2cb665e Use G_DEFINE_QUARK for quarks in GIO 2012-08-28 00:08:08 -04:00
Robert Ancell
4143842eb4 Add missing allow-none annotations for function parameters.
Found using:
find . -name '*.c' | xargs grep 'or %NULL' | grep ' \* @' | grep -v '@error' | grep -v allow-none
2012-03-31 20:34:28 +11:00
Martin Pitt
782f839383 [gi] Add missing Gio transfer annotations 2011-08-11 11:38:20 +02:00
Stef Walter
0f99cfa882 GTlsDatabase and related objects
The database is an abstract object implemented by the various TLS
backends, which is used by GTlsConnection to lookup certificates
and keys, as well as verify certificate chains.

Also add GTlsInteraction, which can be used to prompt the user
for a password or PIN (used with the database).

https://bugzilla.gnome.org/show_bug.cgi?id=636572
2011-08-04 08:54:55 +02:00
Johan Dahlin
ec98953e42 Pass in NULL instead of g_cclosure_marshal_generic
NULL is now a shortcut for g_cclosure_marshal_generic, so avoid
referencing it directly.

https://bugzilla.gnome.org/show_bug.cgi?id=654917
2011-07-19 14:38:34 -03:00
Colin Walters
b74e2a720a Stop using glib-genmarshal at build time
To help cross compilation, don't use glib-genmarshal in our
build.  This is easy now that we have g_cclosure_marshal_generic().

In gobject/, add gmarshal.[ch] to git (making the existing entry
points stubs).

In gio/, simply switch to using g_cclosure_marshal_generic().

https://bugzilla.gnome.org/show_bug.cgi?id=652168
2011-06-20 17:24:07 -04:00
Matthias Clasen
01f63b19f9 Fix links in gio docs 2011-06-04 18:48:19 -04:00
Brian Cameron
37ef8cbba5 Fix for bug #637720. void functions should not return a value. 2010-12-22 01:37:21 -06:00
Dan Winship
f5c3e0d3d5 Change the handling of the peer certificate in GTlsConnection
Make the certificate and peer-certificate properties virtual, and add
peer-certificate-errors as well. Change the documentation on
peer-certificate to say that it's not set until after the handshake
succeeds (which means notify::peer-certificate can be used to tell
when a handshake has completed).
2010-12-07 14:58:42 +01:00
Dan Winship
4f6efb681d Change the semantics of GTlsConnection:require-close-notify
We were combining "allow un-notified closes" and "close without
notifying" into a single property, which meant that it was impossible
to "be liberal in what you accept and conservative in what you send".
Change require-close-notify to only be about the peer behavior, and
make our connections always close-notify properly when closing (while
noting that you can just close the base-io-stream directly if you want
to do an unclean close).
2010-12-07 10:41:06 +01:00
Dan Winship
95cba18349 Remove GTlsConnection::need-certificate
Trying to do this as a signal won't work well with either
GTlsCertificateDB (in which case looking up a certificate in the db is
a blocking/asynchronous act) or session resumption support (in which
case the certificate or lack thereof is part of the session definition
and so needs to be known immediately). Make the caller use
g_tls_connection_set_certificate() ahead of time (or when retrying)
instead.
2010-12-07 10:41:05 +01:00
Dan Winship
d6e94070dd Add GTlsConnection:use-system-certdb
This can be set FALSE if you don't want to validate certificates
against the system database.
2010-12-07 10:41:05 +01:00
Matthias Clasen
eed36d38d1 Various doc tweaks 2010-11-28 23:55:43 -05:00
Dan Winship
59d62726de Add initial TLS (SSL) support to gio
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.

Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.

https://bugzilla.gnome.org/show_bug.cgi?id=588189
2010-11-26 15:57:11 -05:00