This patch changes the behavior of the following functions:
g_tls_certificate_new_from_pem
g_tls_certificate_new_from_file
g_tls_certificate_new_from_files
If more than one certificate is found it will try to load the chain.
It is assumed that the chain will be in the right order (top-level
certificate will be the last one in the file). If the chain cannot be
verified, the first certificate in the file will be returned as before.
https://bugzilla.gnome.org/show_bug.cgi?id=729739
g_tls_certificate_list_new_from_file() was supposed to ignore non-PEM
content, but it accidentally required that there not be anything after
the last certificate. Fix that.
https://bugzilla.gnome.org/show_bug.cgi?id=727692
* In order to add contstruct properties to an abstract base
calls, and retain ABI stability, the base class must add a
default implementation of those properties.
* We cannot add a default implementation of certificate-bytes
or private-key-bytes since certificate and private-key properties
are writable on construct-only.
This reverts commit 541c985869.
https://bugzilla.gnome.org/show_bug.cgi?id=682081
* A certificate sorta acts as a public key, but more specifically
it contains a public key (in its subjectPublicKeyInfo) field.
* Documentation was confusing and could have read like the
certificate and certificate-pem properties were returning the
public key part of the certificate.
https://bugzilla.gnome.org/show_bug.cgi?id=681158
PKCS#8 is the "right" way to encode private keys. Although the APIs do
not currently support encrypted keys, we should at least support
unencrypted PKCS#8 keys.
https://bugzilla.gnome.org/show_bug.cgi?id=664321
g_tls_certificate_list_new_from_file() was leaking the file contents,
and GSource was leaking the GSourcePrivate structure that got
created when using child sources.
Add a method to verify a certificate against a CA; this can be used
for apps that need to test against non-default CAs.
Also make the GTlsCertificate::issuer property virtual
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.
Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.
https://bugzilla.gnome.org/show_bug.cgi?id=588189