There are many cases where a default TLS database is not able to be
defined within the constraints of a system. For example glib-networking
(or glib-openssl) cannot retrieve the default certificate store on iOS
or Android and need to be initialized from a cert file of certificates
bundled with the application.
Previously GStreamer was relying on a custom patch to glib-networking to
populate the default database from the file pointed to by the
CA_CERTIFICATES environment variable however the mechanism that enabled
this was recently remove from glib-networking.
Adding a more generic g_tls_backend_set_default_database() API allows
application developers to override the default database using their own
certificates as well as allowing equivalent functionality on Android/iOS
(or others) as on the default database handling Linux.
Fixes https://gitlab.gnome.org/GNOME/glib-networking/issues/35
I’m unsure what the original reasoning for returning TRUE by default
from supports_dtls was, but it is not backwards-compatible. If a
pre-existing GTlsBackend implementation never implements the
supports_dtls vfunc, the supports_dtls() method will magically return
TRUE rather than FALSE.
Since any backend which does implement DTLS should be implementing the
supports_dtls vfunc (and no DTLS-supporting backends have actually been
merged yet; see bug #697908), it seems safer to make this slight API
break in the name of backwards compatibility than to leave it as
returning TRUE incorrectly.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=787485
Make it a bit more obvious when the DTLS methods aren’t implemented by a
particular TLS backend; return an invalid type rather than crashing.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=752240
It's unnecessary, and only adds visual noise; we have been fairly
inconsistent in the past, but the semi-colon-less version clearly
dominates in the code base.
https://bugzilla.gnome.org/show_bug.cgi?id=669355
Add a new GDtlsConnection interface, plus derived GDtlsClientConnection
and GDtlsServerConnection interfaces, for implementing Datagram TLS
support in glib-networking.
A GDtlsConnection is a GDatagramBased, so may be used as a normal
datagram socket, wrapping all datagrams from a base GDatagramBased in
DTLS segments.
Test cases are included in the implementation in glib-networking.
https://bugzilla.gnome.org/show_bug.cgi?id=752240
gio/gproxyresolver.h: GProxyResolver already documented in gio/giotypes.h
gio/gtlsbackend.h: GTlsBackend already documented in gio/gtlsbackend.c
gio/gtlsclientconnection.h: GTlsClientConnection already documented in gio/gtlsclientconnection.c
gio/gtlsconnection.h: GTlsConnection already documented in gio/gtlsconnection.c
gio/gunixconnection.h: GTcpConnection already documented in gio/giotypes.h
glib/gversion.h: GLIB_CHECK_VERSION already documented in glib/gversion.c
Found these thanks to the improved gobject-introspection
GTK-Doc comment block/annotation parser.
See https://bugzilla.gnome.org/show_bug.cgi?id=672254https://bugzilla.gnome.org/show_bug.cgi?id=673385
Add _g_io_module_get_default(), which implements the
figure-out-the-best-available-module-that-is-actually-usable logic,
and use that to simplify g_proxy_resolver_get_default(),
g_settings_backend_get_default(), g_tls_backend_get_default(), and
g_vfs_get_default().
https://bugzilla.gnome.org/show_bug.cgi?id=620932
The database is an abstract object implemented by the various TLS
backends, which is used by GTlsConnection to lookup certificates
and keys, as well as verify certificate chains.
Also add GTlsInteraction, which can be used to prompt the user
for a password or PIN (used with the database).
https://bugzilla.gnome.org/show_bug.cgi?id=636572
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.
Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.
https://bugzilla.gnome.org/show_bug.cgi?id=588189