Commit Graph

27 Commits

Author SHA1 Message Date
Michael Catanzaro
407b86afb8 Improve documentation of client connection validation flags
Validation fails if ANY of the flags are set. Not if they're ALL set.
This is obvious and no programmer would be confused, but let's fix it
anyway.
2020-05-05 13:58:07 -05:00
Michael Catanzaro
d3768c89ae Merge branch 'mcatanzaro/copy-session-state' into 'master'
Improve documentation for footgun function g_tls_client_connection_copy_session_state()

See merge request GNOME/glib!1039
2019-11-18 21:14:37 +00:00
Michael Catanzaro
fb54646899 Improve documentation of g_tls_client_connection_copy_session_state()
This function has numerous undocumented limitations. In particular, it
is not possible to ensure this function actually does anything. Document
these problems.
2019-11-18 13:55:34 -06:00
Michael Catanzaro
9d2c949b54 gtlsclientconnection: use-ssl3 is now ignored
For many years after SSL 3.0 support was removed, we used this function
to indicate that we should perform protocol version fallback to the
lowest-supported protocol version, to workaround protocol version
intolerance. Nowadays this is no longer needed, and support has been
removed from glib-networking, so update the documentation.
2019-11-18 13:52:39 -06:00
Michael Catanzaro
08fe93589e Update documentation of g_tls_client_connection_set_use_ssl3()
We now send the fallback SCSV, meaning use of this function will cause
modern servers to immediately terminate the connection, so let's warn
API users to expect that behavior and be crystal clear that this
function should only be used as a fallback when a normal connection
attempt has already failed.

Also, the documentation is mostly duplicated between the property and
the function, so let's just reference the function documentation from
the property.
2018-08-04 16:33:28 -05:00
Michael Catanzaro
045b805199 tlsclientconnection: Deprecate ssl3 property and functions
I originally planned to introduce a new property and functions to
replace these, with the same behavior but less-confusing names. But that
might not be the best approach in the long run. Instead, let's just
deprecate them without replacement.

TLS 1.2 intolerance is no longer a thing in the wild, and no known
GTlsBackend supports TLS 1.3 yet. But you might need to use this
property in the future, even though it's deprecated, if your
GTlsBackend has added support for TLS 1.3 and you need to talk to a
server that is TLS 1.3 intolerant.

Independently of all that, these APIs simply no longer do what their
names suggest, so deprecation is sensible regardless.

https://bugzilla.gnome.org/show_bug.cgi?id=792217
2018-01-08 19:17:01 -06:00
Michael Catanzaro
9e5254ebce tlsclientconnection: Update use-ssl3 documentation
The property documentation correctly indicates how this code works
nowadays, but the function documentation is obsolete and misleading.
Update it.

https://bugzilla.gnome.org/show_bug.cgi?id=792217
2018-01-08 19:17:01 -06:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Philip Withnall
3add5e2837 gio: Document thread safety of the streams API
Specifically, GIOStream and the TLS connection streams.

Includes wording adapted from suggestions by Dan Winship
<danw@gnome.org>.

https://bugzilla.gnome.org/show_bug.cgi?id=735754
2016-01-11 15:58:42 +00:00
Ross Lagerwall
495d864e43 docs: Fix documentation for 95d300eac5 2015-04-07 18:23:39 +01:00
Ross Lagerwall
95d300eac5 tls: Add support for copying session data
Add support for copying session data between client connections.
This is needed for implementing FTP over SSL. Most servers use a separate
session for each control connection and enforce sharing of each control
connection's session between the related data connection.

Copying session data between two connections is needed for two reasons:
1) The data connection runs on a separate port and so has a different
server_identity which means it would not normally share the session with
the control connection using the session caching currently implemented.
2) It is typical to have multiple control connections, each of which
uses a different session with the same server_identity, so only one of
these sessions gets stored in the cache. If a data connection is opened,
(ignoring the port issue) it may try and reuse the wrong control
connection's session, and fail.

This operation is conceptually the same as OpenSSL's SSL_copy_session_id
operation.

https://bugzilla.gnome.org/show_bug.cgi?id=745255
2015-04-06 14:54:12 +01:00
Ryan Lortie
bf19b8e6c3 gio docs: remote errant colon from docstring
This does not belong there.
2015-03-12 17:01:00 -04:00
Dan Winship
7f5c862e16 GTlsClientConnection: loosen the semantics of "use-ssl3"
If SSL 3.0 has been disabled (at the host, application, or library
level), then the "use-ssl3" property becomes a "fail-immediately"
property.

Despite the name, the point of the property wasn't really specifically
to use SSL 3.0; it was to allow fallback when talking to broken
servers that do SSL/TLS negotiation incorrectly and break when they
see unexpectedly-high version numbers. So if we can't fall back to SSL
3.0, then the "use-ssl3" property should fall back to TLS 1.0 instead
(since there are hosts that will reject a TLS 1.2 handshake, but
accept a TLS 1.0 one).

glib-networking is being updated to implement that behavior, so update
the documentation here.

https://bugzilla.gnome.org/show_bug.cgi?id=738633
2014-11-22 11:02:22 -05:00
Evan Nemerson
570b27b9ac gio: port annotations from the Vala metadata.
https://bugzilla.gnome.org/show_bug.cgi?id=730493
2014-05-23 10:04:06 -07:00
William Jon McCann
20f4d1820b docs: use "Returns:" consistently
Instead of "Return value:".
2014-02-19 19:41:52 -05:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Evan Nemerson
c3d6595f5a GIO: add lots of annotations for Vala bindings
https://bugzilla.gnome.org/show_bug.cgi?id=667447
2012-01-11 15:50:08 -05:00
Martin Pitt
782f839383 [gi] Add missing Gio transfer annotations 2011-08-11 11:38:20 +02:00
Colin Walters
b74e2a720a Stop using glib-genmarshal at build time
To help cross compilation, don't use glib-genmarshal in our
build.  This is easy now that we have g_cclosure_marshal_generic().

In gobject/, add gmarshal.[ch] to git (making the existing entry
points stubs).

In gio/, simply switch to using g_cclosure_marshal_generic().

https://bugzilla.gnome.org/show_bug.cgi?id=652168
2011-06-20 17:24:07 -04:00
Dan Winship
914d10055c Add two annotations for g-i 2011-05-05 15:18:22 -04:00
Matthias Clasen
f4773faa9f Drop annotation that break the documentation build 2011-01-05 17:46:28 -05:00
Stef Walter
4e33967a00 Change GTlsClientConnection::accepted-cas to contain DER DNs
This property is now a GList of GByteArray values. Each
GByteArray contains the raw DER DN of the certificate authority.
This is far more useful for looking up a certificate (with the
relevant issuer) than a string encoded DN.

https://bugzilla.gnome.org/show_bug.cgi?id=637262
2011-01-05 09:35:06 -08:00
Benjamin Otte
07fd29c323 tls: Make g_tls_{client|server}_connection_new() return a GIOStream
The main use case for these objects is as an IO stream, so it makes
sense to return them that way from the start.
2010-12-07 19:39:24 +01:00
Benjamin Otte
c59ba60fbe tls: Clarify docs for g_tls_client_connection_set_validation_flags()
And fix a typo in there.
2010-12-07 19:39:23 +01:00
Dan Winship
95cba18349 Remove GTlsConnection::need-certificate
Trying to do this as a signal won't work well with either
GTlsCertificateDB (in which case looking up a certificate in the db is
a blocking/asynchronous act) or session resumption support (in which
case the certificate or lack thereof is part of the session definition
and so needs to be known immediately). Make the caller use
g_tls_connection_set_certificate() ahead of time (or when retrying)
instead.
2010-12-07 10:41:05 +01:00
Dan Winship
59d62726de Add initial TLS (SSL) support to gio
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.

Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.

https://bugzilla.gnome.org/show_bug.cgi?id=588189
2010-11-26 15:57:11 -05:00