Commit Graph

22 Commits

Author SHA1 Message Date
Michael Catanzaro
587068c969 GTlsCertificate: fix loading of chain with private key
If a private key (or anything, in fact) follows the final certificate in
the file, certificate parsing will be aborted and only the first
certificate in the chain will be returned, with the private key not set.
Be tolerant of this, rather than expecting the final character in the
file to be the newline following the last certificate.

https://bugzilla.gnome.org/show_bug.cgi?id=754264
2015-08-29 08:43:29 -05:00
Xavier Claessens
74c22150cf docs: fix up docs issues in gio/ 2015-02-05 16:20:43 +01:00
Dan Winship
982d0e11d7 GTlsCertificate: fix loading of bad certificate chains
g_tls_certificate_new_from_file() was only loading the complete chain
if it was fully valid, but we only meant to be validating that it
formed an actual chain (since the caller may be planning to ignore
other errors).

https://bugzilla.gnome.org/show_bug.cgi?id=729739
2014-11-01 17:11:25 -04:00
Aleix Conchillo Flaqué
da053e345b tlscertificate: add support for certificate chains
This patch changes the behavior of the following functions:

   g_tls_certificate_new_from_pem
   g_tls_certificate_new_from_file
   g_tls_certificate_new_from_files

If more than one certificate is found it will try to load the chain.

It is assumed that the chain will be in the right order (top-level
certificate will be the last one in the file). If the chain cannot be
verified, the first certificate in the file will be returned as before.

https://bugzilla.gnome.org/show_bug.cgi?id=729739
2014-10-06 10:19:48 -07:00
Dan Winship
65f2669173 gtlscertificate: fix certificate list parsing with trailing comments
g_tls_certificate_list_new_from_file() was supposed to ignore non-PEM
content, but it accidentally required that there not be anything after
the last certificate. Fix that.

https://bugzilla.gnome.org/show_bug.cgi?id=727692
2014-04-09 10:39:45 -04:00
William Jon McCann
20f4d1820b docs: use "Returns:" consistently
Instead of "Return value:".
2014-02-19 19:41:52 -05:00
Matthias Clasen
3232425785 Docs: replace <literal> by ` 2014-02-06 08:07:16 -05:00
Matthias Clasen
42cf80780b Docs: Big entity cleanup
Strip lots of entity use from |[ ]| examples (which are now
implicit CDATA). Also remove many redundant uses of <!-- -->.
2014-02-01 12:00:30 -05:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Matthias Clasen
3872049445 Add includes to all gio docs 2014-01-07 22:55:43 -05:00
Stef Walter
7518f7a674 Revert "gtlscertificate: Add certificate-bytes and private-key-bytes props"
* In order to add contstruct properties to an abstract base
   calls, and retain ABI stability, the base class must add a
   default implementation of those properties.
 * We cannot add a default implementation of certificate-bytes
   or private-key-bytes since certificate and private-key properties
   are writable on construct-only.

This reverts commit 541c985869.

https://bugzilla.gnome.org/show_bug.cgi?id=682081
2012-08-21 13:30:02 +02:00
Stef Walter
541c985869 gtlscertificate: Add certificate-bytes and private-key-bytes props
* These properties contain the same data as certificate and
   private-key, but as GBytes

https://bugzilla.gnome.org/show_bug.cgi?id=681319
2012-08-06 22:23:20 +02:00
Stef Walter
49b35f0930 gtlscertificate: Don't confuse certificate and public key in docs
* A certificate sorta acts as a public key, but more specifically
   it contains a public key (in its subjectPublicKeyInfo) field.
 * Documentation was confusing and could have read like the
   certificate and certificate-pem properties were returning the
   public key part of the certificate.

https://bugzilla.gnome.org/show_bug.cgi?id=681158
2012-08-06 10:44:52 +02:00
Stef Walter
6ddf40f301 gtlscertificate: Add g_tls_certificate_is_same() function
* Certificate equality in PKIX in general is equality between
   the DER encoding of the certificates.

https://bugzilla.gnome.org/show_bug.cgi?id=681116
2012-08-03 18:58:30 +02:00
Dan Winship
1dc8d1f932 GTlsCertificate: support unencrypted PKCS#8 private keys
PKCS#8 is the "right" way to encode private keys. Although the APIs do
not currently support encrypted keys, we should at least support
unencrypted PKCS#8 keys.

https://bugzilla.gnome.org/show_bug.cgi?id=664321
2011-11-18 20:26:58 -05:00
Ryan Lortie
09429e2c82 gio static fixups 2011-10-16 21:41:15 -04:00
Nicolas Dufresne
fdfb42b9f2 Rework PEM parsing to not be order dependent
Some valid PEM file would not work because the private key was put
before the certificate.
2011-07-27 16:23:33 -04:00
Dan Winship
784619bc3a Fix two leaks seen when using TLS connections
g_tls_certificate_list_new_from_file() was leaking the file contents,
and GSource was leaking the GSourcePrivate structure that got
created when using child sources.
2011-04-07 08:32:06 -04:00
Johan Dahlin
fdaaa22b58 Correct gtk-doc SECTION: syntax
g-ir-scanner does not allow a space between the : and the
section name.
2011-02-01 16:18:02 -02:00
Dan Winship
73d6bd8a45 Add g_tls_certificate_verify()
Add a method to verify a certificate against a CA; this can be used
for apps that need to test against non-default CAs.

Also make the GTlsCertificate::issuer property virtual
2010-12-07 10:41:05 +01:00
Matthias Clasen
eed36d38d1 Various doc tweaks 2010-11-28 23:55:43 -05:00
Dan Winship
59d62726de Add initial TLS (SSL) support to gio
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.

Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.

https://bugzilla.gnome.org/show_bug.cgi?id=588189
2010-11-26 15:57:11 -05:00