Commit Graph

33 Commits

Author SHA1 Message Date
Patrick Griffis
f9fc29f0b7 gtlscertificate: Add support for PKCS #11 backed certificates
This reverts commit d58e5de9e9.
2020-10-01 17:09:04 +01:00
Michael Catanzaro
d58e5de9e9 Revert "gtlscertificate: Add support for PKCS #11 backed certificates"
This reverts commit b6d8efbebc.

This GLib API is good, but the implentation is not ready, so there's no
reason to commit to the API in GLib 2.64. We can reland again when the
implementation is ready.

There are three problems: (a) The glib-networking implementation normally
works, but the test has been broken for a long time. I'm not comfortable
with adding a major new feature without a working test. This is
glib-networking#104. (b) The WebKit implementation never landed. There
is a working patch, but it hasn't been accepted upstream yet. This API
isn't needed in GLib until WebKit is ready to start using it.
https://bugs.webkit.org/show_bug.cgi?id=200805. (c) Similarly, even if
the WebKit API was ready, that itself isn't useful until an application
is ready to start using it, and the Epiphany level work never happened.

Let's try again for GLib 2.66. Reverting this commit now just means we
gain another six months before committing to the API forever. No reason
to keep this in GLib 2.64 when nothing is using it yet.
2020-01-30 04:19:22 -06:00
Patrick Griffis
b6d8efbebc gtlscertificate: Add support for PKCS #11 backed certificates
This adds properties to allow backends to expose PKCS #11 support.
2019-10-02 10:12:40 -07:00
Fredrik Ternerot
a437a50694 gtlscertificate: Allow any type of private key in PEM files
Allow any type of private key in PEM files by treating PEM guards ending
with "PRIVATE KEY-----" as a private key instead of looking for a
pre-defined set of PEM guards. This enables the possibility for custom
GTlsBackend to add support for new key types.

Test cases have been expanded to ensure PEM parsing works for private
key when either header or footer is missing.

Encrypted PKCS#8 is still rejected. Test case has been added for this to
ensure behaviour is the same before and after this change.
2018-12-18 11:43:08 +01:00
Fredrik Ternerot
feff178c3f gtlscertificate: Fix bug in PEM private key parser
Make sure to not go outside of PEM data buffer when looking for private
key.

Also adding test case that triggers this bug.
2018-12-14 20:18:55 +01:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
Emmanuele Bassi
f952fdf3fc Drop trailing semi-colon from G_DEFINE_ macro
It's unnecessary, and only adds visual noise; we have been fairly
inconsistent in the past, but the semi-colon-less version clearly
dominates in the code base.

https://bugzilla.gnome.org/show_bug.cgi?id=669355
2017-04-10 10:38:31 +01:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Piotr Drąg
10c490cdfe Use Unicode in translatable strings
See https://developer.gnome.org/hig/stable/typography.html

https://bugzilla.gnome.org/show_bug.cgi?id=772221
2016-10-12 21:30:42 +02:00
Christoph Reiter
f8189ddf98 gio: Add filename type annotations
https://bugzilla.gnome.org/show_bug.cgi?id=767245
2016-06-04 20:38:42 +02:00
Philip Withnall
292fd1155a gtlscertificate: Fix error reporting if a GError is not passed in
If the certificate constructor is called as:
   g_tls_certificate_new_from_pem (data, length, NULL);
and PEM parsing fails for the private key, the function would have
continued to try and create a certificate using a NULL key_pem value,
which would have failed or crashed.

Use g_propagate_error() correctly to avoid this.

Coverity CID: 1325403
2015-10-03 10:58:18 +01:00
Michael Catanzaro
587068c969 GTlsCertificate: fix loading of chain with private key
If a private key (or anything, in fact) follows the final certificate in
the file, certificate parsing will be aborted and only the first
certificate in the chain will be returned, with the private key not set.
Be tolerant of this, rather than expecting the final character in the
file to be the newline following the last certificate.

https://bugzilla.gnome.org/show_bug.cgi?id=754264
2015-08-29 08:43:29 -05:00
Xavier Claessens
74c22150cf docs: fix up docs issues in gio/ 2015-02-05 16:20:43 +01:00
Dan Winship
982d0e11d7 GTlsCertificate: fix loading of bad certificate chains
g_tls_certificate_new_from_file() was only loading the complete chain
if it was fully valid, but we only meant to be validating that it
formed an actual chain (since the caller may be planning to ignore
other errors).

https://bugzilla.gnome.org/show_bug.cgi?id=729739
2014-11-01 17:11:25 -04:00
Aleix Conchillo Flaqué
da053e345b tlscertificate: add support for certificate chains
This patch changes the behavior of the following functions:

   g_tls_certificate_new_from_pem
   g_tls_certificate_new_from_file
   g_tls_certificate_new_from_files

If more than one certificate is found it will try to load the chain.

It is assumed that the chain will be in the right order (top-level
certificate will be the last one in the file). If the chain cannot be
verified, the first certificate in the file will be returned as before.

https://bugzilla.gnome.org/show_bug.cgi?id=729739
2014-10-06 10:19:48 -07:00
Dan Winship
65f2669173 gtlscertificate: fix certificate list parsing with trailing comments
g_tls_certificate_list_new_from_file() was supposed to ignore non-PEM
content, but it accidentally required that there not be anything after
the last certificate. Fix that.

https://bugzilla.gnome.org/show_bug.cgi?id=727692
2014-04-09 10:39:45 -04:00
William Jon McCann
20f4d1820b docs: use "Returns:" consistently
Instead of "Return value:".
2014-02-19 19:41:52 -05:00
Matthias Clasen
3232425785 Docs: replace <literal> by ` 2014-02-06 08:07:16 -05:00
Matthias Clasen
42cf80780b Docs: Big entity cleanup
Strip lots of entity use from |[ ]| examples (which are now
implicit CDATA). Also remove many redundant uses of <!-- -->.
2014-02-01 12:00:30 -05:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Matthias Clasen
3872049445 Add includes to all gio docs 2014-01-07 22:55:43 -05:00
Stef Walter
7518f7a674 Revert "gtlscertificate: Add certificate-bytes and private-key-bytes props"
* In order to add contstruct properties to an abstract base
   calls, and retain ABI stability, the base class must add a
   default implementation of those properties.
 * We cannot add a default implementation of certificate-bytes
   or private-key-bytes since certificate and private-key properties
   are writable on construct-only.

This reverts commit 541c985869.

https://bugzilla.gnome.org/show_bug.cgi?id=682081
2012-08-21 13:30:02 +02:00
Stef Walter
541c985869 gtlscertificate: Add certificate-bytes and private-key-bytes props
* These properties contain the same data as certificate and
   private-key, but as GBytes

https://bugzilla.gnome.org/show_bug.cgi?id=681319
2012-08-06 22:23:20 +02:00
Stef Walter
49b35f0930 gtlscertificate: Don't confuse certificate and public key in docs
* A certificate sorta acts as a public key, but more specifically
   it contains a public key (in its subjectPublicKeyInfo) field.
 * Documentation was confusing and could have read like the
   certificate and certificate-pem properties were returning the
   public key part of the certificate.

https://bugzilla.gnome.org/show_bug.cgi?id=681158
2012-08-06 10:44:52 +02:00
Stef Walter
6ddf40f301 gtlscertificate: Add g_tls_certificate_is_same() function
* Certificate equality in PKIX in general is equality between
   the DER encoding of the certificates.

https://bugzilla.gnome.org/show_bug.cgi?id=681116
2012-08-03 18:58:30 +02:00
Dan Winship
1dc8d1f932 GTlsCertificate: support unencrypted PKCS#8 private keys
PKCS#8 is the "right" way to encode private keys. Although the APIs do
not currently support encrypted keys, we should at least support
unencrypted PKCS#8 keys.

https://bugzilla.gnome.org/show_bug.cgi?id=664321
2011-11-18 20:26:58 -05:00
Ryan Lortie
09429e2c82 gio static fixups 2011-10-16 21:41:15 -04:00
Nicolas Dufresne
fdfb42b9f2 Rework PEM parsing to not be order dependent
Some valid PEM file would not work because the private key was put
before the certificate.
2011-07-27 16:23:33 -04:00
Dan Winship
784619bc3a Fix two leaks seen when using TLS connections
g_tls_certificate_list_new_from_file() was leaking the file contents,
and GSource was leaking the GSourcePrivate structure that got
created when using child sources.
2011-04-07 08:32:06 -04:00
Johan Dahlin
fdaaa22b58 Correct gtk-doc SECTION: syntax
g-ir-scanner does not allow a space between the : and the
section name.
2011-02-01 16:18:02 -02:00
Dan Winship
73d6bd8a45 Add g_tls_certificate_verify()
Add a method to verify a certificate against a CA; this can be used
for apps that need to test against non-default CAs.

Also make the GTlsCertificate::issuer property virtual
2010-12-07 10:41:05 +01:00
Matthias Clasen
eed36d38d1 Various doc tweaks 2010-11-28 23:55:43 -05:00
Dan Winship
59d62726de Add initial TLS (SSL) support to gio
This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.

Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.

https://bugzilla.gnome.org/show_bug.cgi?id=588189
2010-11-26 15:57:11 -05:00