1
0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-09-01 21:59:38 +02:00
Files
build
docs
gio
completion
fam
gdbus-2.0
gvdb
inotify
kqueue
tests
win32
xdgmime
.gitignore
ChangeLog
Makefile.am
data-to-c.pl
dbus-daemon.xml
gaction.c
gaction.h
gactiongroup.c
gactiongroup.h
gactiongroupexporter.c
gactiongroupexporter.h
gactionmap.c
gactionmap.h
gappinfo.c
gappinfo.h
gappinfoprivate.h
gapplication-tool.c
gapplication.c
gapplication.h
gapplicationcommandline.c
gapplicationcommandline.h
gapplicationimpl-dbus.c
gapplicationimpl.h
gasynchelper.c
gasynchelper.h
gasyncinitable.c
gasyncinitable.h
gasyncresult.c
gasyncresult.h
gbufferedinputstream.c
gbufferedinputstream.h
gbufferedoutputstream.c
gbufferedoutputstream.h
gbytesicon.c
gbytesicon.h
gcancellable.c
gcancellable.h
gcharsetconverter.c
gcharsetconverter.h
gcocoanotificationbackend.c
gcontenttype-win32.c
gcontenttype.c
gcontenttype.h
gcontenttypeprivate.h
gcontextspecificgroup.c
gcontextspecificgroup.h
gconverter.c
gconverter.h
gconverterinputstream.c
gconverterinputstream.h
gconverteroutputstream.c
gconverteroutputstream.h
gcredentials.c
gcredentials.h
gcredentialsprivate.h
gdatainputstream.c
gdatainputstream.h
gdataoutputstream.c
gdataoutputstream.h
gdbus-tool.c
gdbusactiongroup-private.h
gdbusactiongroup.c
gdbusactiongroup.h
gdbusaddress.c
gdbusaddress.h
gdbusauth.c
gdbusauth.h
gdbusauthmechanism.c
gdbusauthmechanism.h
gdbusauthmechanismanon.c
gdbusauthmechanismanon.h
gdbusauthmechanismexternal.c
gdbusauthmechanismexternal.h
gdbusauthmechanismsha1.c
gdbusauthmechanismsha1.h
gdbusauthobserver.c
gdbusauthobserver.h
gdbusconnection.c
gdbusconnection.h
gdbusdaemon.c
gdbusdaemon.h
gdbuserror.c
gdbuserror.h
gdbusinterface.c
gdbusinterface.h
gdbusinterfaceskeleton.c
gdbusinterfaceskeleton.h
gdbusintrospection.c
gdbusintrospection.h
gdbusmenumodel.c
gdbusmenumodel.h
gdbusmessage.c
gdbusmessage.h
gdbusmethodinvocation.c
gdbusmethodinvocation.h
gdbusnameowning.c
gdbusnameowning.h
gdbusnamewatching.c
gdbusnamewatching.h
gdbusobject.c
gdbusobject.h
gdbusobjectmanager.c
gdbusobjectmanager.h
gdbusobjectmanagerclient.c
gdbusobjectmanagerclient.h
gdbusobjectmanagerserver.c
gdbusobjectmanagerserver.h
gdbusobjectproxy.c
gdbusobjectproxy.h
gdbusobjectskeleton.c
gdbusobjectskeleton.h
gdbusprivate.c
gdbusprivate.h
gdbusproxy.c
gdbusproxy.h
gdbusserver.c
gdbusserver.h
gdbusutils.c
gdbusutils.h
gdelayedsettingsbackend.c
gdelayedsettingsbackend.h
gdesktopappinfo.c
gdesktopappinfo.h
gdrive.c
gdrive.h
gdummyfile.c
gdummyfile.h
gdummyproxyresolver.c
gdummyproxyresolver.h
gdummytlsbackend.c
gdummytlsbackend.h
gemblem.c
gemblem.h
gemblemedicon.c
gemblemedicon.h
gfdonotificationbackend.c
gfile.c
gfile.h
gfileattribute-priv.h
gfileattribute.c
gfileattribute.h
gfiledescriptorbased.c
gfiledescriptorbased.h
gfileenumerator.c
gfileenumerator.h
gfileicon.c
gfileicon.h
gfileinfo-priv.h
gfileinfo.c
gfileinfo.h
gfileinputstream.c
gfileinputstream.h
gfileiostream.c
gfileiostream.h
gfilemonitor.c
gfilemonitor.h
gfilenamecompleter.c
gfilenamecompleter.h
gfileoutputstream.c
gfileoutputstream.h
gfilterinputstream.c
gfilterinputstream.h
gfilteroutputstream.c
gfilteroutputstream.h
ggtknotificationbackend.c
ghttpproxy.c
ghttpproxy.h
gicon.c
gicon.h
ginetaddress.c
ginetaddress.h
ginetaddressmask.c
ginetaddressmask.h
ginetsocketaddress.c
ginetsocketaddress.h
ginitable.c
ginitable.h
ginputstream.c
ginputstream.h
gio-autocleanups.h
gio-querymodules.c
gio.h
gio.rc.in
gioenums.h
gioenumtypes.c.template
gioenumtypes.h.template
gioerror.c
gioerror.h
giomodule-priv.h
giomodule.c
giomodule.h
gioprivate.h
gioscheduler.c
gioscheduler.h
giostream.c
giostream.h
giotypes.h
giowin32-priv.h
gkeyfilesettingsbackend.c
glib-compile-resources.c
glib-compile-schemas.c
glistmodel.c
glistmodel.h
gliststore.c
gliststore.h
gloadableicon.c
gloadableicon.h
glocalfile.c
glocalfile.h
glocalfileenumerator.c
glocalfileenumerator.h
glocalfileinfo.c
glocalfileinfo.h
glocalfileinputstream.c
glocalfileinputstream.h
glocalfileiostream.c
glocalfileiostream.h
glocalfilemonitor.c
glocalfilemonitor.h
glocalfileoutputstream.c
glocalfileoutputstream.h
glocalvfs.c
glocalvfs.h
gmemoryinputstream.c
gmemoryinputstream.h
gmemoryoutputstream.c
gmemoryoutputstream.h
gmemorysettingsbackend.c
gmenu.c
gmenu.h
gmenuexporter.c
gmenuexporter.h
gmenumodel.c
gmenumodel.h
gmount.c
gmount.h
gmountoperation.c
gmountoperation.h
gmountprivate.h
gnativesocketaddress.c
gnativesocketaddress.h
gnativevolumemonitor.c
gnativevolumemonitor.h
gnetworkaddress.c
gnetworkaddress.h
gnetworking.c
gnetworking.h.in
gnetworking.h.win32
gnetworkingprivate.h
gnetworkmonitor.c
gnetworkmonitor.h
gnetworkmonitorbase.c
gnetworkmonitorbase.h
gnetworkmonitornetlink.c
gnetworkmonitornetlink.h
gnetworkmonitornm.c
gnetworkmonitornm.h
gnetworkservice.c
gnetworkservice.h
gnextstepsettingsbackend.c
gnotification-private.h
gnotification.c
gnotification.h
gnotificationbackend.c
gnotificationbackend.h
gnullsettingsbackend.c
goutputstream.c
goutputstream.h
gpermission.c
gpermission.h
gpollableinputstream.c
gpollableinputstream.h
gpollableoutputstream.c
gpollableoutputstream.h
gpollableutils.c
gpollableutils.h
gpollfilemonitor.c
gpollfilemonitor.h
gpropertyaction.c
gpropertyaction.h
gproxy.c
gproxy.h
gproxyaddress.c
gproxyaddress.h
gproxyaddressenumerator.c
gproxyaddressenumerator.h
gproxyresolver.c
gproxyresolver.h
gregistrysettingsbackend.c
gregistrysettingsbackend.h
gremoteactiongroup.c
gremoteactiongroup.h
gresolver.c
gresolver.h
gresource-tool.c
gresource.c
gresource.h
gresourcefile.c
gresourcefile.h
gschema.dtd
gseekable.c
gseekable.h
gsettings-mapping.c
gsettings-mapping.h
gsettings-tool.c
gsettings.c
gsettings.h
gsettingsbackend.c
gsettingsbackend.h
gsettingsbackendinternal.h
gsettingsschema-internal.h
gsettingsschema.c
gsettingsschema.h
gsimpleaction.c
gsimpleaction.h
gsimpleactiongroup.c
gsimpleactiongroup.h
gsimpleasyncresult.c
gsimpleasyncresult.h
gsimpleiostream.c
gsimpleiostream.h
gsimplepermission.c
gsimplepermission.h
gsimpleproxyresolver.c
gsimpleproxyresolver.h
gsocket.c
gsocket.h
gsocketaddress.c
gsocketaddress.h
gsocketaddressenumerator.c
gsocketaddressenumerator.h
gsocketclient.c
gsocketclient.h
gsocketconnectable.c
gsocketconnectable.h
gsocketconnection.c
gsocketconnection.h
gsocketcontrolmessage.c
gsocketcontrolmessage.h
gsocketinputstream.c
gsocketinputstream.h
gsocketlistener.c
gsocketlistener.h
gsocketoutputstream.c
gsocketoutputstream.h
gsocketservice.c
gsocketservice.h
gsocks4aproxy.c
gsocks4aproxy.h
gsocks4proxy.c
gsocks4proxy.h
gsocks5proxy.c
gsocks5proxy.h
gsrvtarget.c
gsrvtarget.h
gsubprocess.c
gsubprocess.h
gsubprocesslauncher-private.h
gsubprocesslauncher.c
gsubprocesslauncher.h
gtask.c
gtask.h
gtcpconnection.c
gtcpconnection.h
gtcpwrapperconnection.c
gtcpwrapperconnection.h
gtestdbus.c
gtestdbus.h
gthemedicon.c
gthemedicon.h
gthreadedresolver.c
gthreadedresolver.h
gthreadedsocketservice.c
gthreadedsocketservice.h
gtlsbackend.c
gtlsbackend.h
gtlscertificate.c
gtlscertificate.h
gtlsclientconnection.c
gtlsclientconnection.h
gtlsconnection.c
gtlsconnection.h
gtlsdatabase.c
gtlsdatabase.h
gtlsfiledatabase.c
gtlsfiledatabase.h
gtlsinteraction.c
gtlsinteraction.h
gtlspassword.c
gtlspassword.h
gtlsserverconnection.c
gtlsserverconnection.h
gunionvolumemonitor.c
gunionvolumemonitor.h
gunixconnection.c
gunixconnection.h
gunixcredentialsmessage.c
gunixcredentialsmessage.h
gunixfdlist.c
gunixfdlist.h
gunixfdmessage.c
gunixfdmessage.h
gunixinputstream.c
gunixinputstream.h
gunixmount.c
gunixmount.h
gunixmounts.c
gunixmounts.h
gunixoutputstream.c
gunixoutputstream.h
gunixsocketaddress.c
gunixsocketaddress.h
gunixvolume.c
gunixvolume.h
gunixvolumemonitor.c
gunixvolumemonitor.h
gvfs.c
gvfs.h
gvolume.c
gvolume.h
gvolumemonitor.c
gvolumemonitor.h
gwin32appinfo.c
gwin32appinfo.h
gwin32inputstream.c
gwin32inputstream.h
gwin32mount.c
gwin32mount.h
gwin32networking.h
gwin32outputstream.c
gwin32outputstream.h
gwin32registrykey.c
gwin32registrykey.h
gwin32volumemonitor.c
gwin32volumemonitor.h
gzlibcompressor.c
gzlibcompressor.h
gzlibdecompressor.c
gzlibdecompressor.h
makefile.msc
strinfo.c
thumbnail-verify.c
thumbnail-verify.h
glib
gmodule
gobject
gthread
m4macros
po
tests
.dir-locals.el
.gitignore
AUTHORS
COPYING
ChangeLog.pre-1-2
ChangeLog.pre-2-0
ChangeLog.pre-2-10
ChangeLog.pre-2-12
ChangeLog.pre-2-14
ChangeLog.pre-2-16
ChangeLog.pre-2-18
ChangeLog.pre-2-2
ChangeLog.pre-2-20
ChangeLog.pre-2-4
ChangeLog.pre-2-6
ChangeLog.pre-2-8
HACKING
INSTALL.in
Makefile.am
NEWS
NEWS.pre-1-3
README.commits
README.in
README.rationale
README.win32
acglib.m4
acinclude.m4
autogen.sh
check-abis.sh
config.h.win32.in
configure.ac
gio-2.0.pc.in
gio-unix-2.0.pc.in
gio-windows-2.0.pc.in
glib-2.0.pc.in
glib-gettextize.in
glib-tap.mk
glib-zip.in
glib.doap
glib.mk
gmodule-2.0.pc.in
gmodule-export-2.0.pc.in
gmodule-no-export-2.0.pc.in
gobject-2.0.pc.in
gthread-2.0.pc.in
makefile.msc
msvc_recommended_pragmas.h
sanity_check
tap-driver.sh
tap-test
win32-fixup.pl
glib/gio/gtlsclientconnection.c
2015-04-07 18:23:39 +01:00

367 lines
12 KiB
C

/* GIO - GLib Input, Output and Streaming Library
*
* Copyright © 2010 Red Hat, Inc
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
#include "glib.h"
#include "gtlsclientconnection.h"
#include "ginitable.h"
#include "gioenumtypes.h"
#include "gsocket.h"
#include "gsocketconnectable.h"
#include "gtlsbackend.h"
#include "gtlscertificate.h"
#include "glibintl.h"
/**
* SECTION:gtlsclientconnection
* @short_description: TLS client-side connection
* @include: gio/gio.h
*
* #GTlsClientConnection is the client-side subclass of
* #GTlsConnection, representing a client-side TLS connection.
*/
/**
* GTlsClientConnection:
*
* Abstract base class for the backend-specific client connection
* type.
*
* Since: 2.28
*/
G_DEFINE_INTERFACE (GTlsClientConnection, g_tls_client_connection, G_TYPE_TLS_CONNECTION)
static void
g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
{
/**
* GTlsClientConnection:validation-flags:
*
* What steps to perform when validating a certificate received from
* a server. Server certificates that fail to validate in all of the
* ways indicated here will be rejected unless the application
* overrides the default via #GTlsConnection::accept-certificate.
*
* Since: 2.28
*/
g_object_interface_install_property (iface,
g_param_spec_flags ("validation-flags",
P_("Validation flags"),
P_("What certificate validation to perform"),
G_TYPE_TLS_CERTIFICATE_FLAGS,
G_TLS_CERTIFICATE_VALIDATE_ALL,
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/**
* GTlsClientConnection:server-identity:
*
* A #GSocketConnectable describing the identity of the server that
* is expected on the other end of the connection.
*
* If the %G_TLS_CERTIFICATE_BAD_IDENTITY flag is set in
* #GTlsClientConnection:validation-flags, this object will be used
* to determine the expected identify of the remote end of the
* connection; if #GTlsClientConnection:server-identity is not set,
* or does not match the identity presented by the server, then the
* %G_TLS_CERTIFICATE_BAD_IDENTITY validation will fail.
*
* In addition to its use in verifying the server certificate,
* this is also used to give a hint to the server about what
* certificate we expect, which is useful for servers that serve
* virtual hosts.
*
* Since: 2.28
*/
g_object_interface_install_property (iface,
g_param_spec_object ("server-identity",
P_("Server identity"),
P_("GSocketConnectable identifying the server"),
G_TYPE_SOCKET_CONNECTABLE,
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/**
* GTlsClientConnection:use-ssl3:
*
* If %TRUE, tells the connection to use a fallback version of TLS
* or SSL, rather than trying to negotiate the best version of TLS
* to use. This can be used when talking to servers that don't
* implement version negotiation correctly and therefore refuse to
* handshake at all with a "modern" TLS handshake.
*
* Despite the property name, the fallback version is not
* necessarily SSL 3.0; if SSL 3.0 has been disabled, the
* #GTlsClientConnection will use the next highest available version
* (normally TLS 1.0) as the fallback version.
*
* Since: 2.28
*/
g_object_interface_install_property (iface,
g_param_spec_boolean ("use-ssl3",
P_("Use fallback"),
P_("Use fallback version of SSL/TLS rather than most recent version"),
FALSE,
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/**
* GTlsClientConnection:accepted-cas: (type GLib.List) (element-type GLib.ByteArray)
*
* A list of the distinguished names of the Certificate Authorities
* that the server will accept client certificates signed by. If the
* server requests a client certificate during the handshake, then
* this property will be set after the handshake completes.
*
* Each item in the list is a #GByteArray which contains the complete
* subject DN of the certificate authority.
*
* Since: 2.28
*/
g_object_interface_install_property (iface,
g_param_spec_pointer ("accepted-cas",
P_("Accepted CAs"),
P_("Distinguished names of the CAs the server accepts certificates from"),
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS));
}
/**
* g_tls_client_connection_new:
* @base_io_stream: the #GIOStream to wrap
* @server_identity: (allow-none): the expected identity of the server
* @error: #GError for error reporting, or %NULL to ignore.
*
* Creates a new #GTlsClientConnection wrapping @base_io_stream (which
* must have pollable input and output streams) which is assumed to
* communicate with the server identified by @server_identity.
*
* Returns: (transfer full) (type GTlsClientConnection): the new
* #GTlsClientConnection, or %NULL on error
*
* Since: 2.28
*/
GIOStream *
g_tls_client_connection_new (GIOStream *base_io_stream,
GSocketConnectable *server_identity,
GError **error)
{
GObject *conn;
GTlsBackend *backend;
backend = g_tls_backend_get_default ();
conn = g_initable_new (g_tls_backend_get_client_connection_type (backend),
NULL, error,
"base-io-stream", base_io_stream,
"server-identity", server_identity,
NULL);
return G_IO_STREAM (conn);
}
/**
* g_tls_client_connection_get_validation_flags:
* @conn: the #GTlsClientConnection
*
* Gets @conn's validation flags
*
* Returns: the validation flags
*
* Since: 2.28
*/
GTlsCertificateFlags
g_tls_client_connection_get_validation_flags (GTlsClientConnection *conn)
{
GTlsCertificateFlags flags = 0;
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
g_object_get (G_OBJECT (conn), "validation-flags", &flags, NULL);
return flags;
}
/**
* g_tls_client_connection_set_validation_flags:
* @conn: the #GTlsClientConnection
* @flags: the #GTlsCertificateFlags to use
*
* Sets @conn's validation flags, to override the default set of
* checks performed when validating a server certificate. By default,
* %G_TLS_CERTIFICATE_VALIDATE_ALL is used.
*
* Since: 2.28
*/
void
g_tls_client_connection_set_validation_flags (GTlsClientConnection *conn,
GTlsCertificateFlags flags)
{
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
g_object_set (G_OBJECT (conn), "validation-flags", flags, NULL);
}
/**
* g_tls_client_connection_get_server_identity:
* @conn: the #GTlsClientConnection
*
* Gets @conn's expected server identity
*
* Returns: (transfer none): a #GSocketConnectable describing the
* expected server identity, or %NULL if the expected identity is not
* known.
*
* Since: 2.28
*/
GSocketConnectable *
g_tls_client_connection_get_server_identity (GTlsClientConnection *conn)
{
GSocketConnectable *identity = NULL;
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
g_object_get (G_OBJECT (conn), "server-identity", &identity, NULL);
if (identity)
g_object_unref (identity);
return identity;
}
/**
* g_tls_client_connection_set_server_identity:
* @conn: the #GTlsClientConnection
* @identity: a #GSocketConnectable describing the expected server identity
*
* Sets @conn's expected server identity, which is used both to tell
* servers on virtual hosts which certificate to present, and also
* to let @conn know what name to look for in the certificate when
* performing %G_TLS_CERTIFICATE_BAD_IDENTITY validation, if enabled.
*
* Since: 2.28
*/
void
g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
GSocketConnectable *identity)
{
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
g_object_set (G_OBJECT (conn), "server-identity", identity, NULL);
}
/**
* g_tls_client_connection_get_use_ssl3:
* @conn: the #GTlsClientConnection
*
* Gets whether @conn will use SSL 3.0 rather than the
* highest-supported version of TLS; see
* g_tls_client_connection_set_use_ssl3().
*
* Returns: whether @conn will use SSL 3.0
*
* Since: 2.28
*/
gboolean
g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
{
gboolean use_ssl3 = FALSE;
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
g_object_get (G_OBJECT (conn), "use-ssl3", &use_ssl3, NULL);
return use_ssl3;
}
/**
* g_tls_client_connection_set_use_ssl3:
* @conn: the #GTlsClientConnection
* @use_ssl3: whether to use SSL 3.0
*
* If @use_ssl3 is %TRUE, this forces @conn to use SSL 3.0 rather than
* trying to properly negotiate the right version of TLS or SSL to use.
* This can be used when talking to servers that do not implement the
* fallbacks correctly and which will therefore fail to handshake with
* a "modern" TLS handshake attempt.
*
* Since: 2.28
*/
void
g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
gboolean use_ssl3)
{
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
g_object_set (G_OBJECT (conn), "use-ssl3", use_ssl3, NULL);
}
/**
* g_tls_client_connection_get_accepted_cas:
* @conn: the #GTlsClientConnection
*
* Gets the list of distinguished names of the Certificate Authorities
* that the server will accept certificates from. This will be set
* during the TLS handshake if the server requests a certificate.
* Otherwise, it will be %NULL.
*
* Each item in the list is a #GByteArray which contains the complete
* subject DN of the certificate authority.
*
* Returns: (element-type GByteArray) (transfer full): the list of
* CA DNs. You should unref each element with g_byte_array_unref() and then
* the free the list with g_list_free().
*
* Since: 2.28
*/
GList *
g_tls_client_connection_get_accepted_cas (GTlsClientConnection *conn)
{
GList *accepted_cas = NULL;
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), NULL);
g_object_get (G_OBJECT (conn), "accepted-cas", &accepted_cas, NULL);
return accepted_cas;
}
/**
* g_tls_client_connection_copy_session_state:
* @conn: a #GTlsClientConnection
* @source: a #GTlsClientConnection
*
* Copies session state from one connection to another. This is
* not normally needed, but may be used when the same session
* needs to be used between different endpoints as is required
* by some protocols such as FTP over TLS. @source should have
* already completed a handshake, and @conn should not have
* completed a handshake.
*
* Since: 2.46
*/
void
g_tls_client_connection_copy_session_state (GTlsClientConnection *conn,
GTlsClientConnection *source)
{
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (source));
g_return_if_fail (G_TLS_CLIENT_CONNECTION_GET_INTERFACE (conn)->copy_session_state != NULL);
G_TLS_CLIENT_CONNECTION_GET_INTERFACE (conn)->copy_session_state (conn,
source);
}