LCOV - code coverage report
Current view: top level - gio - gtlsconnection.c (source / functions) Coverage Total Hit
Test: unnamed Lines: 24.4 % 135 33
Test Date: 2024-11-26 05:23:01 Functions: 25.0 % 32 8
Branches: - 0 0

             Branch data     Line data    Source code
       1                 :             : /* GIO - GLib Input, Output and Streaming Library
       2                 :             :  *
       3                 :             :  * Copyright © 2010 Red Hat, Inc
       4                 :             :  *
       5                 :             :  * SPDX-License-Identifier: LGPL-2.1-or-later
       6                 :             :  *
       7                 :             :  * This library is free software; you can redistribute it and/or
       8                 :             :  * modify it under the terms of the GNU Lesser General Public
       9                 :             :  * License as published by the Free Software Foundation; either
      10                 :             :  * version 2.1 of the License, or (at your option) any later version.
      11                 :             :  *
      12                 :             :  * This library is distributed in the hope that it will be useful,
      13                 :             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14                 :             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      15                 :             :  * Lesser General Public License for more details.
      16                 :             :  *
      17                 :             :  * You should have received a copy of the GNU Lesser General
      18                 :             :  * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
      19                 :             :  */
      20                 :             : 
      21                 :             : #include "config.h"
      22                 :             : #include "glib.h"
      23                 :             : 
      24                 :             : #include "gtlsconnection.h"
      25                 :             : #include "gcancellable.h"
      26                 :             : #include "gioenumtypes.h"
      27                 :             : #include "gsocket.h"
      28                 :             : #include "gtlsbackend.h"
      29                 :             : #include "gtlscertificate.h"
      30                 :             : #include "gtlsclientconnection.h"
      31                 :             : #include "gtlsdatabase.h"
      32                 :             : #include "gtlsinteraction.h"
      33                 :             : #include "glibintl.h"
      34                 :             : #include "gmarshal-internal.h"
      35                 :             : 
      36                 :             : /**
      37                 :             :  * GTlsConnection:
      38                 :             :  *
      39                 :             :  * `GTlsConnection` is the base TLS connection class type, which wraps
      40                 :             :  * a [class@Gio.IOStream] and provides TLS encryption on top of it. Its
      41                 :             :  * subclasses, [iface@Gio.TlsClientConnection] and
      42                 :             :  * [iface@Gio.TlsServerConnection], implement client-side and server-side TLS,
      43                 :             :  * respectively.
      44                 :             :  *
      45                 :             :  * For DTLS (Datagram TLS) support, see [iface@Gio.DtlsConnection].
      46                 :             :  *
      47                 :             :  * Since: 2.28
      48                 :             :  */
      49                 :             : 
      50                 :          82 : G_DEFINE_ABSTRACT_TYPE (GTlsConnection, g_tls_connection, G_TYPE_IO_STREAM)
      51                 :             : 
      52                 :             : static void g_tls_connection_get_property (GObject    *object,
      53                 :             :                                            guint       prop_id,
      54                 :             :                                            GValue     *value,
      55                 :             :                                            GParamSpec *pspec);
      56                 :             : static void g_tls_connection_set_property (GObject      *object,
      57                 :             :                                            guint         prop_id,
      58                 :             :                                            const GValue *value,
      59                 :             :                                            GParamSpec   *pspec);
      60                 :             : 
      61                 :             : enum {
      62                 :             :   ACCEPT_CERTIFICATE,
      63                 :             : 
      64                 :             :   LAST_SIGNAL
      65                 :             : };
      66                 :             : 
      67                 :             : static guint signals[LAST_SIGNAL] = { 0 };
      68                 :             : 
      69                 :             : enum {
      70                 :             :   PROP_0,
      71                 :             :   PROP_BASE_IO_STREAM,
      72                 :             :   PROP_REQUIRE_CLOSE_NOTIFY,
      73                 :             :   PROP_REHANDSHAKE_MODE,
      74                 :             :   PROP_USE_SYSTEM_CERTDB,
      75                 :             :   PROP_DATABASE,
      76                 :             :   PROP_INTERACTION,
      77                 :             :   PROP_CERTIFICATE,
      78                 :             :   PROP_PEER_CERTIFICATE,
      79                 :             :   PROP_PEER_CERTIFICATE_ERRORS,
      80                 :             :   PROP_ADVERTISED_PROTOCOLS,
      81                 :             :   PROP_NEGOTIATED_PROTOCOL,
      82                 :             :   PROP_PROTOCOL_VERSION,
      83                 :             :   PROP_CIPHERSUITE_NAME,
      84                 :             : };
      85                 :             : 
      86                 :             : static void
      87                 :           3 : g_tls_connection_class_init (GTlsConnectionClass *klass)
      88                 :             : {
      89                 :           3 :   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
      90                 :             : 
      91                 :           3 :   gobject_class->get_property = g_tls_connection_get_property;
      92                 :           3 :   gobject_class->set_property = g_tls_connection_set_property;
      93                 :             : 
      94                 :             :   /**
      95                 :             :    * GTlsConnection:base-io-stream:
      96                 :             :    *
      97                 :             :    * The #GIOStream that the connection wraps. The connection holds a reference
      98                 :             :    * to this stream, and may run operations on the stream from other threads
      99                 :             :    * throughout its lifetime. Consequently, after the #GIOStream has been
     100                 :             :    * constructed, application code may only run its own operations on this
     101                 :             :    * stream when no #GIOStream operations are running.
     102                 :             :    *
     103                 :             :    * Since: 2.28
     104                 :             :    */
     105                 :           3 :   g_object_class_install_property (gobject_class, PROP_BASE_IO_STREAM,
     106                 :             :                                    g_param_spec_object ("base-io-stream", NULL, NULL,
     107                 :             :                                                         G_TYPE_IO_STREAM,
     108                 :             :                                                         G_PARAM_READWRITE |
     109                 :             :                                                         G_PARAM_CONSTRUCT_ONLY |
     110                 :             :                                                         G_PARAM_STATIC_STRINGS));
     111                 :             :   /**
     112                 :             :    * GTlsConnection:use-system-certdb:
     113                 :             :    *
     114                 :             :    * Whether or not the system certificate database will be used to
     115                 :             :    * verify peer certificates. See
     116                 :             :    * g_tls_connection_set_use_system_certdb().
     117                 :             :    *
     118                 :             :    * Deprecated: 2.30: Use GTlsConnection:database instead
     119                 :             :    */
     120                 :           3 :   g_object_class_install_property (gobject_class, PROP_USE_SYSTEM_CERTDB,
     121                 :             :                                    g_param_spec_boolean ("use-system-certdb", NULL, NULL,
     122                 :             :                                                          TRUE,
     123                 :             :                                                          G_PARAM_READWRITE |
     124                 :             :                                                          G_PARAM_CONSTRUCT |
     125                 :             :                                                          G_PARAM_STATIC_STRINGS |
     126                 :             :                                                          G_PARAM_DEPRECATED));
     127                 :             :   /**
     128                 :             :    * GTlsConnection:database: (nullable)
     129                 :             :    *
     130                 :             :    * The certificate database to use when verifying this TLS connection.
     131                 :             :    * If no certificate database is set, then the default database will be
     132                 :             :    * used. See g_tls_backend_get_default_database().
     133                 :             :    *
     134                 :             :    * When using a non-default database, #GTlsConnection must fall back to using
     135                 :             :    * the #GTlsDatabase to perform certificate verification using
     136                 :             :    * g_tls_database_verify_chain(), which means certificate verification will
     137                 :             :    * not be able to make use of TLS session context. This may be less secure.
     138                 :             :    * For example, if you create your own #GTlsDatabase that just wraps the
     139                 :             :    * default #GTlsDatabase, you might expect that you have not changed anything,
     140                 :             :    * but this is not true because you may have altered the behavior of
     141                 :             :    * #GTlsConnection by causing it to use g_tls_database_verify_chain(). See the
     142                 :             :    * documentation of g_tls_database_verify_chain() for more details on specific
     143                 :             :    * security checks that may not be performed. Accordingly, setting a
     144                 :             :    * non-default database is discouraged except for specialty applications with
     145                 :             :    * unusual security requirements.
     146                 :             :    *
     147                 :             :    * Since: 2.30
     148                 :             :    */
     149                 :           3 :   g_object_class_install_property (gobject_class, PROP_DATABASE,
     150                 :             :                                    g_param_spec_object ("database", NULL, NULL,
     151                 :             :                                                          G_TYPE_TLS_DATABASE,
     152                 :             :                                                          G_PARAM_READWRITE |
     153                 :             :                                                          G_PARAM_STATIC_STRINGS));
     154                 :             :   /**
     155                 :             :    * GTlsConnection:interaction: (nullable)
     156                 :             :    *
     157                 :             :    * A #GTlsInteraction object to be used when the connection or certificate
     158                 :             :    * database need to interact with the user. This will be used to prompt the
     159                 :             :    * user for passwords where necessary.
     160                 :             :    *
     161                 :             :    * Since: 2.30
     162                 :             :    */
     163                 :           3 :   g_object_class_install_property (gobject_class, PROP_INTERACTION,
     164                 :             :                                    g_param_spec_object ("interaction", NULL, NULL,
     165                 :             :                                                         G_TYPE_TLS_INTERACTION,
     166                 :             :                                                         G_PARAM_READWRITE |
     167                 :             :                                                         G_PARAM_STATIC_STRINGS));
     168                 :             :   /**
     169                 :             :    * GTlsConnection:require-close-notify:
     170                 :             :    *
     171                 :             :    * Whether or not proper TLS close notification is required.
     172                 :             :    * See g_tls_connection_set_require_close_notify().
     173                 :             :    *
     174                 :             :    * Since: 2.28
     175                 :             :    */
     176                 :           3 :   g_object_class_install_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY,
     177                 :             :                                    g_param_spec_boolean ("require-close-notify", NULL, NULL,
     178                 :             :                                                          TRUE,
     179                 :             :                                                          G_PARAM_READWRITE |
     180                 :             :                                                          G_PARAM_CONSTRUCT |
     181                 :             :                                                          G_PARAM_STATIC_STRINGS));
     182                 :             :   /**
     183                 :             :    * GTlsConnection:rehandshake-mode:
     184                 :             :    *
     185                 :             :    * The rehandshaking mode. See
     186                 :             :    * g_tls_connection_set_rehandshake_mode().
     187                 :             :    *
     188                 :             :    * Since: 2.28
     189                 :             :    *
     190                 :             :    * Deprecated: 2.60: The rehandshake mode is ignored.
     191                 :             :    */
     192                 :           3 :   g_object_class_install_property (gobject_class, PROP_REHANDSHAKE_MODE,
     193                 :             :                                    g_param_spec_enum ("rehandshake-mode", NULL, NULL,
     194                 :             :                                                       G_TYPE_TLS_REHANDSHAKE_MODE,
     195                 :             :                                                       G_TLS_REHANDSHAKE_SAFELY,
     196                 :             :                                                       G_PARAM_READWRITE |
     197                 :             :                                                       G_PARAM_CONSTRUCT |
     198                 :             :                                                       G_PARAM_STATIC_STRINGS |
     199                 :             :                                                       G_PARAM_DEPRECATED));
     200                 :             :   /**
     201                 :             :    * GTlsConnection:certificate:
     202                 :             :    *
     203                 :             :    * The connection's certificate; see
     204                 :             :    * g_tls_connection_set_certificate().
     205                 :             :    *
     206                 :             :    * Since: 2.28
     207                 :             :    */
     208                 :           3 :   g_object_class_install_property (gobject_class, PROP_CERTIFICATE,
     209                 :             :                                    g_param_spec_object ("certificate", NULL, NULL,
     210                 :             :                                                         G_TYPE_TLS_CERTIFICATE,
     211                 :             :                                                         G_PARAM_READWRITE |
     212                 :             :                                                         G_PARAM_STATIC_STRINGS));
     213                 :             :   /**
     214                 :             :    * GTlsConnection:peer-certificate: (nullable)
     215                 :             :    *
     216                 :             :    * The connection's peer's certificate, after the TLS handshake has
     217                 :             :    * completed or failed. Note in particular that this is not yet set
     218                 :             :    * during the emission of #GTlsConnection::accept-certificate.
     219                 :             :    *
     220                 :             :    * (You can watch for a #GObject::notify signal on this property to
     221                 :             :    * detect when a handshake has occurred.)
     222                 :             :    *
     223                 :             :    * Since: 2.28
     224                 :             :    */
     225                 :           3 :   g_object_class_install_property (gobject_class, PROP_PEER_CERTIFICATE,
     226                 :             :                                    g_param_spec_object ("peer-certificate", NULL, NULL,
     227                 :             :                                                         G_TYPE_TLS_CERTIFICATE,
     228                 :             :                                                         G_PARAM_READABLE |
     229                 :             :                                                         G_PARAM_STATIC_STRINGS));
     230                 :             :   /**
     231                 :             :    * GTlsConnection:peer-certificate-errors:
     232                 :             :    *
     233                 :             :    * The errors noticed while verifying
     234                 :             :    * #GTlsConnection:peer-certificate. Normally this should be 0, but
     235                 :             :    * it may not be if #GTlsClientConnection:validation-flags is not
     236                 :             :    * %G_TLS_CERTIFICATE_VALIDATE_ALL, or if
     237                 :             :    * #GTlsConnection::accept-certificate overrode the default
     238                 :             :    * behavior.
     239                 :             :    *
     240                 :             :    * GLib guarantees that if certificate verification fails, at least
     241                 :             :    * one error will be set, but it does not guarantee that all possible
     242                 :             :    * errors will be set. Accordingly, you may not safely decide to
     243                 :             :    * ignore any particular type of error. For example, it would be
     244                 :             :    * incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow
     245                 :             :    * expired certificates, because this could potentially be the only
     246                 :             :    * error flag set even if other problems exist with the certificate.
     247                 :             :    *
     248                 :             :    * Since: 2.28
     249                 :             :    */
     250                 :           3 :   g_object_class_install_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS,
     251                 :             :                                    g_param_spec_flags ("peer-certificate-errors", NULL, NULL,
     252                 :             :                                                        G_TYPE_TLS_CERTIFICATE_FLAGS,
     253                 :             :                                                        0,
     254                 :             :                                                        G_PARAM_READABLE |
     255                 :             :                                                        G_PARAM_STATIC_STRINGS));
     256                 :             :   /**
     257                 :             :    * GTlsConnection:advertised-protocols: (nullable)
     258                 :             :    *
     259                 :             :    * The list of application-layer protocols that the connection
     260                 :             :    * advertises that it is willing to speak. See
     261                 :             :    * g_tls_connection_set_advertised_protocols().
     262                 :             :    *
     263                 :             :    * Since: 2.60
     264                 :             :    */
     265                 :           3 :   g_object_class_install_property (gobject_class, PROP_ADVERTISED_PROTOCOLS,
     266                 :             :                                    g_param_spec_boxed ("advertised-protocols", NULL, NULL,
     267                 :             :                                                        G_TYPE_STRV,
     268                 :             :                                                        G_PARAM_READWRITE |
     269                 :             :                                                        G_PARAM_STATIC_STRINGS));
     270                 :             :   /**
     271                 :             :    * GTlsConnection:negotiated-protocol:
     272                 :             :    *
     273                 :             :    * The application-layer protocol negotiated during the TLS
     274                 :             :    * handshake. See g_tls_connection_get_negotiated_protocol().
     275                 :             :    *
     276                 :             :    * Since: 2.60
     277                 :             :    */
     278                 :           3 :   g_object_class_install_property (gobject_class, PROP_NEGOTIATED_PROTOCOL,
     279                 :             :                                    g_param_spec_string ("negotiated-protocol", NULL, NULL,
     280                 :             :                                                         NULL,
     281                 :             :                                                         G_PARAM_READABLE |
     282                 :             :                                                         G_PARAM_STATIC_STRINGS));
     283                 :             : 
     284                 :             :   /**
     285                 :             :    * GTlsConnection:protocol-version:
     286                 :             :    *
     287                 :             :    * The TLS protocol version in use. See g_tls_connection_get_protocol_version().
     288                 :             :    *
     289                 :             :    * Since: 2.70
     290                 :             :    */
     291                 :           3 :   g_object_class_install_property (gobject_class, PROP_PROTOCOL_VERSION,
     292                 :             :                                    g_param_spec_enum ("protocol-version", NULL, NULL,
     293                 :             :                                                       G_TYPE_TLS_PROTOCOL_VERSION,
     294                 :             :                                                       G_TLS_PROTOCOL_VERSION_UNKNOWN,
     295                 :             :                                                       G_PARAM_READABLE |
     296                 :             :                                                       G_PARAM_STATIC_STRINGS));
     297                 :             : 
     298                 :             :   /**
     299                 :             :    * GTlsConnection:ciphersuite-name: (nullable)
     300                 :             :    *
     301                 :             :    * The name of the TLS ciphersuite in use. See g_tls_connection_get_ciphersuite_name().
     302                 :             :    *
     303                 :             :    * Since: 2.70
     304                 :             :    */
     305                 :           3 :   g_object_class_install_property (gobject_class, PROP_CIPHERSUITE_NAME,
     306                 :             :                                    g_param_spec_string ("ciphersuite-name", NULL, NULL,
     307                 :             :                                                         NULL,
     308                 :             :                                                         G_PARAM_READABLE |
     309                 :             :                                                         G_PARAM_STATIC_STRINGS));
     310                 :             : 
     311                 :             :   /**
     312                 :             :    * GTlsConnection::accept-certificate:
     313                 :             :    * @conn: a #GTlsConnection
     314                 :             :    * @peer_cert: the peer's #GTlsCertificate
     315                 :             :    * @errors: the problems with @peer_cert.
     316                 :             :    *
     317                 :             :    * Emitted during the TLS handshake after the peer certificate has
     318                 :             :    * been received. You can examine @peer_cert's certification path by
     319                 :             :    * calling g_tls_certificate_get_issuer() on it.
     320                 :             :    *
     321                 :             :    * For a client-side connection, @peer_cert is the server's
     322                 :             :    * certificate, and the signal will only be emitted if the
     323                 :             :    * certificate was not acceptable according to @conn's
     324                 :             :    * #GTlsClientConnection:validation_flags. If you would like the
     325                 :             :    * certificate to be accepted despite @errors, return %TRUE from the
     326                 :             :    * signal handler. Otherwise, if no handler accepts the certificate,
     327                 :             :    * the handshake will fail with %G_TLS_ERROR_BAD_CERTIFICATE.
     328                 :             :    *
     329                 :             :    * GLib guarantees that if certificate verification fails, this signal
     330                 :             :    * will be emitted with at least one error will be set in @errors, but
     331                 :             :    * it does not guarantee that all possible errors will be set.
     332                 :             :    * Accordingly, you may not safely decide to ignore any particular
     333                 :             :    * type of error. For example, it would be incorrect to ignore
     334                 :             :    * %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired
     335                 :             :    * certificates, because this could potentially be the only error flag
     336                 :             :    * set even if other problems exist with the certificate.
     337                 :             :    *
     338                 :             :    * For a server-side connection, @peer_cert is the certificate
     339                 :             :    * presented by the client, if this was requested via the server's
     340                 :             :    * #GTlsServerConnection:authentication_mode. On the server side,
     341                 :             :    * the signal is always emitted when the client presents a
     342                 :             :    * certificate, and the certificate will only be accepted if a
     343                 :             :    * handler returns %TRUE.
     344                 :             :    *
     345                 :             :    * Note that if this signal is emitted as part of asynchronous I/O
     346                 :             :    * in the main thread, then you should not attempt to interact with
     347                 :             :    * the user before returning from the signal handler. If you want to
     348                 :             :    * let the user decide whether or not to accept the certificate, you
     349                 :             :    * would have to return %FALSE from the signal handler on the first
     350                 :             :    * attempt, and then after the connection attempt returns a
     351                 :             :    * %G_TLS_ERROR_BAD_CERTIFICATE, you can interact with the user, and
     352                 :             :    * if the user decides to accept the certificate, remember that fact,
     353                 :             :    * create a new connection, and return %TRUE from the signal handler
     354                 :             :    * the next time.
     355                 :             :    *
     356                 :             :    * If you are doing I/O in another thread, you do not
     357                 :             :    * need to worry about this, and can simply block in the signal
     358                 :             :    * handler until the UI thread returns an answer.
     359                 :             :    *
     360                 :             :    * Returns: %TRUE to accept @peer_cert (which will also
     361                 :             :    * immediately end the signal emission). %FALSE to allow the signal
     362                 :             :    * emission to continue, which will cause the handshake to fail if
     363                 :             :    * no one else overrides it.
     364                 :             :    *
     365                 :             :    * Since: 2.28
     366                 :             :    */
     367                 :           3 :   signals[ACCEPT_CERTIFICATE] =
     368                 :           3 :     g_signal_new (I_("accept-certificate"),
     369                 :             :                   G_TYPE_TLS_CONNECTION,
     370                 :             :                   G_SIGNAL_RUN_LAST,
     371                 :             :                   G_STRUCT_OFFSET (GTlsConnectionClass, accept_certificate),
     372                 :             :                   g_signal_accumulator_true_handled, NULL,
     373                 :             :                   _g_cclosure_marshal_BOOLEAN__OBJECT_FLAGS,
     374                 :             :                   G_TYPE_BOOLEAN, 2,
     375                 :             :                   G_TYPE_TLS_CERTIFICATE,
     376                 :             :                   G_TYPE_TLS_CERTIFICATE_FLAGS);
     377                 :           3 :   g_signal_set_va_marshaller (signals[ACCEPT_CERTIFICATE],
     378                 :             :                               G_TYPE_FROM_CLASS (klass),
     379                 :             :                               _g_cclosure_marshal_BOOLEAN__OBJECT_FLAGSv);
     380                 :           3 : }
     381                 :             : 
     382                 :             : static void
     383                 :          44 : g_tls_connection_init (GTlsConnection *conn)
     384                 :             : {
     385                 :          44 : }
     386                 :             : 
     387                 :             : static void
     388                 :           0 : g_tls_connection_get_property (GObject    *object,
     389                 :             :                                guint       prop_id,
     390                 :             :                                GValue     *value,
     391                 :             :                                GParamSpec *pspec)
     392                 :             : {
     393                 :           0 :   G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
     394                 :           0 : }
     395                 :             : 
     396                 :             : static void
     397                 :           0 : g_tls_connection_set_property (GObject      *object,
     398                 :             :                                guint         prop_id,
     399                 :             :                                const GValue *value,
     400                 :             :                                GParamSpec   *pspec)
     401                 :             : {
     402                 :           0 :   G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
     403                 :           0 : }
     404                 :             : 
     405                 :             : /**
     406                 :             :  * g_tls_connection_set_use_system_certdb:
     407                 :             :  * @conn: a #GTlsConnection
     408                 :             :  * @use_system_certdb: whether to use the system certificate database
     409                 :             :  *
     410                 :             :  * Sets whether @conn uses the system certificate database to verify
     411                 :             :  * peer certificates. This is %TRUE by default. If set to %FALSE, then
     412                 :             :  * peer certificate validation will always set the
     413                 :             :  * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
     414                 :             :  * #GTlsConnection::accept-certificate will always be emitted on
     415                 :             :  * client-side connections, unless that bit is not set in
     416                 :             :  * #GTlsClientConnection:validation-flags).
     417                 :             :  *
     418                 :             :  * Deprecated: 2.30: Use g_tls_connection_set_database() instead
     419                 :             :  */
     420                 :             : void
     421                 :           0 : g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
     422                 :             :                                         gboolean        use_system_certdb)
     423                 :             : {
     424                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     425                 :             : 
     426                 :           0 :   g_object_set (G_OBJECT (conn),
     427                 :             :                 "use-system-certdb", use_system_certdb,
     428                 :             :                 NULL);
     429                 :             : }
     430                 :             : 
     431                 :             : /**
     432                 :             :  * g_tls_connection_get_use_system_certdb:
     433                 :             :  * @conn: a #GTlsConnection
     434                 :             :  *
     435                 :             :  * Gets whether @conn uses the system certificate database to verify
     436                 :             :  * peer certificates. See g_tls_connection_set_use_system_certdb().
     437                 :             :  *
     438                 :             :  * Returns: whether @conn uses the system certificate database
     439                 :             :  *
     440                 :             :  * Deprecated: 2.30: Use g_tls_connection_get_database() instead
     441                 :             :  */
     442                 :             : gboolean
     443                 :           0 : g_tls_connection_get_use_system_certdb (GTlsConnection *conn)
     444                 :             : {
     445                 :             :   gboolean use_system_certdb;
     446                 :             : 
     447                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), TRUE);
     448                 :             : 
     449                 :           0 :   g_object_get (G_OBJECT (conn),
     450                 :             :                 "use-system-certdb", &use_system_certdb,
     451                 :             :                 NULL);
     452                 :           0 :   return use_system_certdb;
     453                 :             : }
     454                 :             : 
     455                 :             : /**
     456                 :             :  * g_tls_connection_set_database:
     457                 :             :  * @conn: a #GTlsConnection
     458                 :             :  * @database: (nullable): a #GTlsDatabase
     459                 :             :  *
     460                 :             :  * Sets the certificate database that is used to verify peer certificates.
     461                 :             :  * This is set to the default database by default. See
     462                 :             :  * g_tls_backend_get_default_database(). If set to %NULL, then
     463                 :             :  * peer certificate validation will always set the
     464                 :             :  * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
     465                 :             :  * #GTlsConnection::accept-certificate will always be emitted on
     466                 :             :  * client-side connections, unless that bit is not set in
     467                 :             :  * #GTlsClientConnection:validation-flags).
     468                 :             :  *
     469                 :             :  * There are nonintuitive security implications when using a non-default
     470                 :             :  * database. See #GTlsConnection:database for details.
     471                 :             :  *
     472                 :             :  * Since: 2.30
     473                 :             :  */
     474                 :             : void
     475                 :           0 : g_tls_connection_set_database (GTlsConnection *conn,
     476                 :             :                                GTlsDatabase   *database)
     477                 :             : {
     478                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     479                 :           0 :   g_return_if_fail (database == NULL || G_IS_TLS_DATABASE (database));
     480                 :             : 
     481                 :           0 :   g_object_set (G_OBJECT (conn),
     482                 :             :                 "database", database,
     483                 :             :                 NULL);
     484                 :             : }
     485                 :             : 
     486                 :             : /**
     487                 :             :  * g_tls_connection_get_database:
     488                 :             :  * @conn: a #GTlsConnection
     489                 :             :  *
     490                 :             :  * Gets the certificate database that @conn uses to verify
     491                 :             :  * peer certificates. See g_tls_connection_set_database().
     492                 :             :  *
     493                 :             :  * Returns: (transfer none) (nullable): the certificate database that @conn uses or %NULL
     494                 :             :  *
     495                 :             :  * Since: 2.30
     496                 :             :  */
     497                 :             : GTlsDatabase*
     498                 :           0 : g_tls_connection_get_database (GTlsConnection *conn)
     499                 :             : {
     500                 :           0 :   GTlsDatabase *database = NULL;
     501                 :             : 
     502                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
     503                 :             : 
     504                 :           0 :   g_object_get (G_OBJECT (conn),
     505                 :             :                 "database", &database,
     506                 :             :                 NULL);
     507                 :           0 :   if (database)
     508                 :           0 :     g_object_unref (database);
     509                 :           0 :   return database;
     510                 :             : }
     511                 :             : 
     512                 :             : /**
     513                 :             :  * g_tls_connection_set_certificate:
     514                 :             :  * @conn: a #GTlsConnection
     515                 :             :  * @certificate: the certificate to use for @conn
     516                 :             :  *
     517                 :             :  * This sets the certificate that @conn will present to its peer
     518                 :             :  * during the TLS handshake. For a #GTlsServerConnection, it is
     519                 :             :  * mandatory to set this, and that will normally be done at construct
     520                 :             :  * time.
     521                 :             :  *
     522                 :             :  * For a #GTlsClientConnection, this is optional. If a handshake fails
     523                 :             :  * with %G_TLS_ERROR_CERTIFICATE_REQUIRED, that means that the server
     524                 :             :  * requires a certificate, and if you try connecting again, you should
     525                 :             :  * call this method first. You can call
     526                 :             :  * g_tls_client_connection_get_accepted_cas() on the failed connection
     527                 :             :  * to get a list of Certificate Authorities that the server will
     528                 :             :  * accept certificates from.
     529                 :             :  *
     530                 :             :  * (It is also possible that a server will allow the connection with
     531                 :             :  * or without a certificate; in that case, if you don't provide a
     532                 :             :  * certificate, you can tell that the server requested one by the fact
     533                 :             :  * that g_tls_client_connection_get_accepted_cas() will return
     534                 :             :  * non-%NULL.)
     535                 :             :  *
     536                 :             :  * Since: 2.28
     537                 :             :  */
     538                 :             : void
     539                 :           0 : g_tls_connection_set_certificate (GTlsConnection  *conn,
     540                 :             :                                   GTlsCertificate *certificate)
     541                 :             : {
     542                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     543                 :           0 :   g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate));
     544                 :             : 
     545                 :           0 :   g_object_set (G_OBJECT (conn), "certificate", certificate, NULL);
     546                 :             : }
     547                 :             : 
     548                 :             : /**
     549                 :             :  * g_tls_connection_get_certificate:
     550                 :             :  * @conn: a #GTlsConnection
     551                 :             :  *
     552                 :             :  * Gets @conn's certificate, as set by
     553                 :             :  * g_tls_connection_set_certificate().
     554                 :             :  *
     555                 :             :  * Returns: (transfer none) (nullable): @conn's certificate, or %NULL
     556                 :             :  *
     557                 :             :  * Since: 2.28
     558                 :             :  */
     559                 :             : GTlsCertificate *
     560                 :           0 : g_tls_connection_get_certificate (GTlsConnection *conn)
     561                 :             : {
     562                 :             :   GTlsCertificate *certificate;
     563                 :             : 
     564                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
     565                 :             : 
     566                 :           0 :   g_object_get (G_OBJECT (conn), "certificate", &certificate, NULL);
     567                 :           0 :   if (certificate)
     568                 :           0 :     g_object_unref (certificate);
     569                 :             : 
     570                 :           0 :   return certificate;
     571                 :             : }
     572                 :             : 
     573                 :             : /**
     574                 :             :  * g_tls_connection_set_interaction:
     575                 :             :  * @conn: a connection
     576                 :             :  * @interaction: (nullable): an interaction object, or %NULL
     577                 :             :  *
     578                 :             :  * Set the object that will be used to interact with the user. It will be used
     579                 :             :  * for things like prompting the user for passwords.
     580                 :             :  *
     581                 :             :  * The @interaction argument will normally be a derived subclass of
     582                 :             :  * #GTlsInteraction. %NULL can also be provided if no user interaction
     583                 :             :  * should occur for this connection.
     584                 :             :  *
     585                 :             :  * Since: 2.30
     586                 :             :  */
     587                 :             : void
     588                 :           0 : g_tls_connection_set_interaction (GTlsConnection       *conn,
     589                 :             :                                   GTlsInteraction      *interaction)
     590                 :             : {
     591                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     592                 :           0 :   g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
     593                 :             : 
     594                 :           0 :   g_object_set (G_OBJECT (conn), "interaction", interaction, NULL);
     595                 :             : }
     596                 :             : 
     597                 :             : /**
     598                 :             :  * g_tls_connection_get_interaction:
     599                 :             :  * @conn: a connection
     600                 :             :  *
     601                 :             :  * Get the object that will be used to interact with the user. It will be used
     602                 :             :  * for things like prompting the user for passwords. If %NULL is returned, then
     603                 :             :  * no user interaction will occur for this connection.
     604                 :             :  *
     605                 :             :  * Returns: (transfer none) (nullable): The interaction object.
     606                 :             :  *
     607                 :             :  * Since: 2.30
     608                 :             :  */
     609                 :             : GTlsInteraction *
     610                 :           0 : g_tls_connection_get_interaction (GTlsConnection       *conn)
     611                 :             : {
     612                 :           0 :   GTlsInteraction *interaction = NULL;
     613                 :             : 
     614                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
     615                 :             : 
     616                 :           0 :   g_object_get (G_OBJECT (conn), "interaction", &interaction, NULL);
     617                 :           0 :   if (interaction)
     618                 :           0 :     g_object_unref (interaction);
     619                 :             : 
     620                 :           0 :   return interaction;
     621                 :             : }
     622                 :             : 
     623                 :             : /**
     624                 :             :  * g_tls_connection_get_peer_certificate:
     625                 :             :  * @conn: a #GTlsConnection
     626                 :             :  *
     627                 :             :  * Gets @conn's peer's certificate after the handshake has completed
     628                 :             :  * or failed. (It is not set during the emission of
     629                 :             :  * #GTlsConnection::accept-certificate.)
     630                 :             :  *
     631                 :             :  * Returns: (transfer none) (nullable): @conn's peer's certificate, or %NULL
     632                 :             :  *
     633                 :             :  * Since: 2.28
     634                 :             :  */
     635                 :             : GTlsCertificate *
     636                 :           0 : g_tls_connection_get_peer_certificate (GTlsConnection *conn)
     637                 :             : {
     638                 :             :   GTlsCertificate *peer_certificate;
     639                 :             : 
     640                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
     641                 :             : 
     642                 :           0 :   g_object_get (G_OBJECT (conn), "peer-certificate", &peer_certificate, NULL);
     643                 :           0 :   if (peer_certificate)
     644                 :           0 :     g_object_unref (peer_certificate);
     645                 :             : 
     646                 :           0 :   return peer_certificate;
     647                 :             : }
     648                 :             : 
     649                 :             : /**
     650                 :             :  * g_tls_connection_get_peer_certificate_errors:
     651                 :             :  * @conn: a #GTlsConnection
     652                 :             :  *
     653                 :             :  * Gets the errors associated with validating @conn's peer's
     654                 :             :  * certificate, after the handshake has completed or failed. (It is
     655                 :             :  * not set during the emission of #GTlsConnection::accept-certificate.)
     656                 :             :  *
     657                 :             :  * See #GTlsConnection:peer-certificate-errors for more information.
     658                 :             :  *
     659                 :             :  * Returns: @conn's peer's certificate errors
     660                 :             :  *
     661                 :             :  * Since: 2.28
     662                 :             :  */
     663                 :             : GTlsCertificateFlags
     664                 :           0 : g_tls_connection_get_peer_certificate_errors (GTlsConnection *conn)
     665                 :             : {
     666                 :             :   GTlsCertificateFlags errors;
     667                 :             : 
     668                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), 0);
     669                 :             : 
     670                 :           0 :   g_object_get (G_OBJECT (conn), "peer-certificate-errors", &errors, NULL);
     671                 :           0 :   return errors;
     672                 :             : }
     673                 :             : 
     674                 :             : /**
     675                 :             :  * g_tls_connection_set_require_close_notify:
     676                 :             :  * @conn: a #GTlsConnection
     677                 :             :  * @require_close_notify: whether or not to require close notification
     678                 :             :  *
     679                 :             :  * Sets whether or not @conn expects a proper TLS close notification
     680                 :             :  * before the connection is closed. If this is %TRUE (the default),
     681                 :             :  * then @conn will expect to receive a TLS close notification from its
     682                 :             :  * peer before the connection is closed, and will return a
     683                 :             :  * %G_TLS_ERROR_EOF error if the connection is closed without proper
     684                 :             :  * notification (since this may indicate a network error, or
     685                 :             :  * man-in-the-middle attack).
     686                 :             :  *
     687                 :             :  * In some protocols, the application will know whether or not the
     688                 :             :  * connection was closed cleanly based on application-level data
     689                 :             :  * (because the application-level data includes a length field, or is
     690                 :             :  * somehow self-delimiting); in this case, the close notify is
     691                 :             :  * redundant and sometimes omitted. (TLS 1.1 explicitly allows this;
     692                 :             :  * in TLS 1.0 it is technically an error, but often done anyway.) You
     693                 :             :  * can use g_tls_connection_set_require_close_notify() to tell @conn
     694                 :             :  * to allow an "unannounced" connection close, in which case the close
     695                 :             :  * will show up as a 0-length read, as in a non-TLS
     696                 :             :  * #GSocketConnection, and it is up to the application to check that
     697                 :             :  * the data has been fully received.
     698                 :             :  *
     699                 :             :  * Note that this only affects the behavior when the peer closes the
     700                 :             :  * connection; when the application calls g_io_stream_close() itself
     701                 :             :  * on @conn, this will send a close notification regardless of the
     702                 :             :  * setting of this property. If you explicitly want to do an unclean
     703                 :             :  * close, you can close @conn's #GTlsConnection:base-io-stream rather
     704                 :             :  * than closing @conn itself, but note that this may only be done when no other
     705                 :             :  * operations are pending on @conn or the base I/O stream.
     706                 :             :  *
     707                 :             :  * Since: 2.28
     708                 :             :  */
     709                 :             : void
     710                 :           0 : g_tls_connection_set_require_close_notify (GTlsConnection *conn,
     711                 :             :                                            gboolean        require_close_notify)
     712                 :             : {
     713                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     714                 :             : 
     715                 :           0 :   g_object_set (G_OBJECT (conn),
     716                 :             :                 "require-close-notify", require_close_notify,
     717                 :             :                 NULL);
     718                 :             : }
     719                 :             : 
     720                 :             : /**
     721                 :             :  * g_tls_connection_get_require_close_notify:
     722                 :             :  * @conn: a #GTlsConnection
     723                 :             :  *
     724                 :             :  * Tests whether or not @conn expects a proper TLS close notification
     725                 :             :  * when the connection is closed. See
     726                 :             :  * g_tls_connection_set_require_close_notify() for details.
     727                 :             :  *
     728                 :             :  * Returns: %TRUE if @conn requires a proper TLS close
     729                 :             :  * notification.
     730                 :             :  *
     731                 :             :  * Since: 2.28
     732                 :             :  */
     733                 :             : gboolean
     734                 :           0 : g_tls_connection_get_require_close_notify (GTlsConnection *conn)
     735                 :             : {
     736                 :             :   gboolean require_close_notify;
     737                 :             : 
     738                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), TRUE);
     739                 :             : 
     740                 :           0 :   g_object_get (G_OBJECT (conn),
     741                 :             :                 "require-close-notify", &require_close_notify,
     742                 :             :                 NULL);
     743                 :           0 :   return require_close_notify;
     744                 :             : }
     745                 :             : 
     746                 :             : /**
     747                 :             :  * g_tls_connection_set_rehandshake_mode:
     748                 :             :  * @conn: a #GTlsConnection
     749                 :             :  * @mode: the rehandshaking mode
     750                 :             :  *
     751                 :             :  * Since GLib 2.64, changing the rehandshake mode is no longer supported
     752                 :             :  * and will have no effect. With TLS 1.3, rehandshaking has been removed from
     753                 :             :  * the TLS protocol, replaced by separate post-handshake authentication and
     754                 :             :  * rekey operations.
     755                 :             :  *
     756                 :             :  * Since: 2.28
     757                 :             :  *
     758                 :             :  * Deprecated: 2.60. Changing the rehandshake mode is no longer
     759                 :             :  *   required for compatibility. Also, rehandshaking has been removed
     760                 :             :  *   from the TLS protocol in TLS 1.3.
     761                 :             :  */
     762                 :             : G_GNUC_BEGIN_IGNORE_DEPRECATIONS
     763                 :             : void
     764                 :           0 : g_tls_connection_set_rehandshake_mode (GTlsConnection       *conn,
     765                 :             :                                        GTlsRehandshakeMode   mode)
     766                 :             : {
     767                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     768                 :             : 
     769                 :           0 :   g_object_set (G_OBJECT (conn),
     770                 :             :                 "rehandshake-mode", G_TLS_REHANDSHAKE_SAFELY,
     771                 :             :                 NULL);
     772                 :             : }
     773                 :             : G_GNUC_END_IGNORE_DEPRECATIONS
     774                 :             : 
     775                 :             : /**
     776                 :             :  * g_tls_connection_get_rehandshake_mode:
     777                 :             :  * @conn: a #GTlsConnection
     778                 :             :  *
     779                 :             :  * Gets @conn rehandshaking mode. See
     780                 :             :  * g_tls_connection_set_rehandshake_mode() for details.
     781                 :             :  *
     782                 :             :  * Returns: %G_TLS_REHANDSHAKE_SAFELY
     783                 :             :  *
     784                 :             :  * Since: 2.28
     785                 :             :  *
     786                 :             :  * Deprecated: 2.60. Changing the rehandshake mode is no longer
     787                 :             :  *   required for compatibility. Also, rehandshaking has been removed
     788                 :             :  *   from the TLS protocol in TLS 1.3.
     789                 :             :  */
     790                 :             : G_GNUC_BEGIN_IGNORE_DEPRECATIONS
     791                 :             : GTlsRehandshakeMode
     792                 :           0 : g_tls_connection_get_rehandshake_mode (GTlsConnection       *conn)
     793                 :             : {
     794                 :             :   GTlsRehandshakeMode mode;
     795                 :             : 
     796                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), G_TLS_REHANDSHAKE_SAFELY);
     797                 :             : 
     798                 :             :   /* Continue to call g_object_get(), even though the return value is
     799                 :             :    * ignored, so that behavior doesn’t change for derived classes.
     800                 :             :    */
     801                 :           0 :   g_object_get (G_OBJECT (conn),
     802                 :             :                 "rehandshake-mode", &mode,
     803                 :             :                 NULL);
     804                 :           0 :   return G_TLS_REHANDSHAKE_SAFELY;
     805                 :             : }
     806                 :             : G_GNUC_END_IGNORE_DEPRECATIONS
     807                 :             : 
     808                 :             : /**
     809                 :             :  * g_tls_connection_set_advertised_protocols:
     810                 :             :  * @conn: a #GTlsConnection
     811                 :             :  * @protocols: (array zero-terminated=1) (nullable): a %NULL-terminated
     812                 :             :  *   array of ALPN protocol names (eg, "http/1.1", "h2"), or %NULL
     813                 :             :  *
     814                 :             :  * Sets the list of application-layer protocols to advertise that the
     815                 :             :  * caller is willing to speak on this connection. The
     816                 :             :  * Application-Layer Protocol Negotiation (ALPN) extension will be
     817                 :             :  * used to negotiate a compatible protocol with the peer; use
     818                 :             :  * g_tls_connection_get_negotiated_protocol() to find the negotiated
     819                 :             :  * protocol after the handshake.  Specifying %NULL for the the value
     820                 :             :  * of @protocols will disable ALPN negotiation.
     821                 :             :  *
     822                 :             :  * See [IANA TLS ALPN Protocol IDs](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids)
     823                 :             :  * for a list of registered protocol IDs.
     824                 :             :  *
     825                 :             :  * Since: 2.60
     826                 :             :  */
     827                 :             : void
     828                 :           0 : g_tls_connection_set_advertised_protocols (GTlsConnection      *conn,
     829                 :             :                                            const gchar * const *protocols)
     830                 :             : {
     831                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
     832                 :             : 
     833                 :           0 :   g_object_set (G_OBJECT (conn),
     834                 :             :                 "advertised-protocols", protocols,
     835                 :             :                 NULL);
     836                 :             : }
     837                 :             : 
     838                 :             : /**
     839                 :             :  * g_tls_connection_get_negotiated_protocol:
     840                 :             :  * @conn: a #GTlsConnection
     841                 :             :  *
     842                 :             :  * Gets the name of the application-layer protocol negotiated during
     843                 :             :  * the handshake.
     844                 :             :  *
     845                 :             :  * If the peer did not use the ALPN extension, or did not advertise a
     846                 :             :  * protocol that matched one of @conn's protocols, or the TLS backend
     847                 :             :  * does not support ALPN, then this will be %NULL. See
     848                 :             :  * g_tls_connection_set_advertised_protocols().
     849                 :             :  *
     850                 :             :  * Returns: (nullable): the negotiated protocol, or %NULL
     851                 :             :  *
     852                 :             :  * Since: 2.60
     853                 :             :  */
     854                 :             : const gchar *
     855                 :           0 : g_tls_connection_get_negotiated_protocol (GTlsConnection *conn)
     856                 :             : {
     857                 :             :   GTlsConnectionClass *class;
     858                 :             : 
     859                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
     860                 :             : 
     861                 :           0 :   class = G_TLS_CONNECTION_GET_CLASS (conn);
     862                 :           0 :   if (class->get_negotiated_protocol == NULL)
     863                 :           0 :     return NULL;
     864                 :             : 
     865                 :           0 :   return class->get_negotiated_protocol (conn);
     866                 :             : }
     867                 :             : 
     868                 :             : /**
     869                 :             :  * g_tls_channel_binding_error_quark:
     870                 :             :  *
     871                 :             :  * Gets the TLS channel binding error quark.
     872                 :             :  *
     873                 :             :  * Returns: a #GQuark.
     874                 :             :  *
     875                 :             :  * Since: 2.66
     876                 :             :  */
     877                 :           7 : G_DEFINE_QUARK (g-tls-channel-binding-error-quark, g_tls_channel_binding_error)
     878                 :             : 
     879                 :             : /**
     880                 :             :  * g_tls_connection_get_channel_binding_data:
     881                 :             :  * @conn: a #GTlsConnection
     882                 :             :  * @type: #GTlsChannelBindingType type of data to fetch
     883                 :             :  * @data: (out callee-allocates)(optional)(transfer none): #GByteArray is
     884                 :             :  *        filled with the binding data, or %NULL
     885                 :             :  * @error: a #GError pointer, or %NULL
     886                 :             :  *
     887                 :             :  * Query the TLS backend for TLS channel binding data of @type for @conn.
     888                 :             :  *
     889                 :             :  * This call retrieves TLS channel binding data as specified in RFC
     890                 :             :  * [5056](https://tools.ietf.org/html/rfc5056), RFC
     891                 :             :  * [5929](https://tools.ietf.org/html/rfc5929), and related RFCs.  The
     892                 :             :  * binding data is returned in @data.  The @data is resized by the callee
     893                 :             :  * using #GByteArray buffer management and will be freed when the @data
     894                 :             :  * is destroyed by g_byte_array_unref(). If @data is %NULL, it will only
     895                 :             :  * check whether TLS backend is able to fetch the data (e.g. whether @type
     896                 :             :  * is supported by the TLS backend). It does not guarantee that the data
     897                 :             :  * will be available though.  That could happen if TLS connection does not
     898                 :             :  * support @type or the binding data is not available yet due to additional
     899                 :             :  * negotiation or input required.
     900                 :             :  *
     901                 :             :  * Returns: %TRUE on success, %FALSE otherwise
     902                 :             :  *
     903                 :             :  * Since: 2.66
     904                 :             :  */
     905                 :             : gboolean
     906                 :           2 : g_tls_connection_get_channel_binding_data (GTlsConnection          *conn,
     907                 :             :                                            GTlsChannelBindingType   type,
     908                 :             :                                            GByteArray              *data,
     909                 :             :                                            GError                 **error)
     910                 :             : {
     911                 :             :   GTlsConnectionClass *class;
     912                 :             : 
     913                 :           2 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), FALSE);
     914                 :           2 :   g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
     915                 :             : 
     916                 :           2 :   class = G_TLS_CONNECTION_GET_CLASS (conn);
     917                 :           2 :   if (class->get_binding_data == NULL)
     918                 :             :     {
     919                 :           2 :       g_set_error_literal (error, G_TLS_CHANNEL_BINDING_ERROR,
     920                 :             :           G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
     921                 :             :           _("TLS backend does not implement TLS binding retrieval"));
     922                 :           2 :       return FALSE;
     923                 :             :     }
     924                 :             : 
     925                 :           0 :   return class->get_binding_data (conn, type, data, error);
     926                 :             : }
     927                 :             : 
     928                 :             : /**
     929                 :             :  * g_tls_connection_handshake:
     930                 :             :  * @conn: a #GTlsConnection
     931                 :             :  * @cancellable: (nullable): a #GCancellable, or %NULL
     932                 :             :  * @error: a #GError, or %NULL
     933                 :             :  *
     934                 :             :  * Attempts a TLS handshake on @conn.
     935                 :             :  *
     936                 :             :  * On the client side, it is never necessary to call this method;
     937                 :             :  * although the connection needs to perform a handshake after
     938                 :             :  * connecting (or after sending a "STARTTLS"-type command),
     939                 :             :  * #GTlsConnection will handle this for you automatically when you try
     940                 :             :  * to send or receive data on the connection. You can call
     941                 :             :  * g_tls_connection_handshake() manually if you want to know whether
     942                 :             :  * the initial handshake succeeded or failed (as opposed to just
     943                 :             :  * immediately trying to use @conn to read or write, in which case,
     944                 :             :  * if it fails, it may not be possible to tell if it failed before or
     945                 :             :  * after completing the handshake), but beware that servers may reject
     946                 :             :  * client authentication after the handshake has completed, so a
     947                 :             :  * successful handshake does not indicate the connection will be usable.
     948                 :             :  *
     949                 :             :  * Likewise, on the server side, although a handshake is necessary at
     950                 :             :  * the beginning of the communication, you do not need to call this
     951                 :             :  * function explicitly unless you want clearer error reporting.
     952                 :             :  *
     953                 :             :  * Previously, calling g_tls_connection_handshake() after the initial
     954                 :             :  * handshake would trigger a rehandshake; however, this usage was
     955                 :             :  * deprecated in GLib 2.60 because rehandshaking was removed from the
     956                 :             :  * TLS protocol in TLS 1.3. Since GLib 2.64, calling this function after
     957                 :             :  * the initial handshake will no longer do anything.
     958                 :             :  *
     959                 :             :  * When using a #GTlsConnection created by #GSocketClient, the
     960                 :             :  * #GSocketClient performs the initial handshake, so calling this
     961                 :             :  * function manually is not recommended.
     962                 :             :  *
     963                 :             :  * #GTlsConnection::accept_certificate may be emitted during the
     964                 :             :  * handshake.
     965                 :             :  *
     966                 :             :  * Returns: success or failure
     967                 :             :  *
     968                 :             :  * Since: 2.28
     969                 :             :  */
     970                 :             : gboolean
     971                 :           0 : g_tls_connection_handshake (GTlsConnection   *conn,
     972                 :             :                             GCancellable     *cancellable,
     973                 :             :                             GError          **error)
     974                 :             : {
     975                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), FALSE);
     976                 :             : 
     977                 :           0 :   return G_TLS_CONNECTION_GET_CLASS (conn)->handshake (conn, cancellable, error);
     978                 :             : }
     979                 :             : 
     980                 :             : /**
     981                 :             :  * g_tls_connection_handshake_async:
     982                 :             :  * @conn: a #GTlsConnection
     983                 :             :  * @io_priority: the [I/O priority](iface.AsyncResult.html#io-priority) of the request
     984                 :             :  * @cancellable: (nullable): a #GCancellable, or %NULL
     985                 :             :  * @callback: callback to call when the handshake is complete
     986                 :             :  * @user_data: the data to pass to the callback function
     987                 :             :  *
     988                 :             :  * Asynchronously performs a TLS handshake on @conn. See
     989                 :             :  * g_tls_connection_handshake() for more information.
     990                 :             :  *
     991                 :             :  * Since: 2.28
     992                 :             :  */
     993                 :             : void
     994                 :           0 : g_tls_connection_handshake_async (GTlsConnection       *conn,
     995                 :             :                                   int                   io_priority,
     996                 :             :                                   GCancellable         *cancellable,
     997                 :             :                                   GAsyncReadyCallback   callback,
     998                 :             :                                   gpointer              user_data)
     999                 :             : {
    1000                 :           0 :   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
    1001                 :             : 
    1002                 :           0 :   G_TLS_CONNECTION_GET_CLASS (conn)->handshake_async (conn, io_priority,
    1003                 :             :                                                       cancellable,
    1004                 :             :                                                       callback, user_data);
    1005                 :             : }
    1006                 :             : 
    1007                 :             : /**
    1008                 :             :  * g_tls_connection_handshake_finish:
    1009                 :             :  * @conn: a #GTlsConnection
    1010                 :             :  * @result: a #GAsyncResult.
    1011                 :             :  * @error: a #GError pointer, or %NULL
    1012                 :             :  *
    1013                 :             :  * Finish an asynchronous TLS handshake operation. See
    1014                 :             :  * g_tls_connection_handshake() for more information.
    1015                 :             :  *
    1016                 :             :  * Returns: %TRUE on success, %FALSE on failure, in which
    1017                 :             :  * case @error will be set.
    1018                 :             :  *
    1019                 :             :  * Since: 2.28
    1020                 :             :  */
    1021                 :             : gboolean
    1022                 :           0 : g_tls_connection_handshake_finish (GTlsConnection  *conn,
    1023                 :             :                                    GAsyncResult    *result,
    1024                 :             :                                    GError         **error)
    1025                 :             : {
    1026                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), FALSE);
    1027                 :             : 
    1028                 :           0 :   return G_TLS_CONNECTION_GET_CLASS (conn)->handshake_finish (conn, result, error);
    1029                 :             : }
    1030                 :             : 
    1031                 :             : /**
    1032                 :             :  * g_tls_connection_get_protocol_version:
    1033                 :             :  * @conn: a #GTlsConnection
    1034                 :             :  *
    1035                 :             :  * Returns the current TLS protocol version, which may be
    1036                 :             :  * %G_TLS_PROTOCOL_VERSION_UNKNOWN if the connection has not handshaked, or
    1037                 :             :  * has been closed, or if the TLS backend has implemented a protocol version
    1038                 :             :  * that is not a recognized #GTlsProtocolVersion.
    1039                 :             :  *
    1040                 :             :  * Returns: The current TLS protocol version
    1041                 :             :  *
    1042                 :             :  * Since: 2.70
    1043                 :             :  */
    1044                 :             : GTlsProtocolVersion
    1045                 :           0 : g_tls_connection_get_protocol_version (GTlsConnection *conn)
    1046                 :             : {
    1047                 :             :   GTlsProtocolVersion protocol_version;
    1048                 :             :   GEnumClass *enum_class;
    1049                 :             :   GEnumValue *enum_value;
    1050                 :             : 
    1051                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), G_TLS_PROTOCOL_VERSION_UNKNOWN);
    1052                 :             : 
    1053                 :           0 :   g_object_get (G_OBJECT (conn),
    1054                 :             :                 "protocol-version", &protocol_version,
    1055                 :             :                 NULL);
    1056                 :             : 
    1057                 :             :   /* Convert unknown values to G_TLS_PROTOCOL_VERSION_UNKNOWN. */
    1058                 :           0 :   enum_class = g_type_class_peek_static (G_TYPE_TLS_PROTOCOL_VERSION);
    1059                 :           0 :   enum_value = g_enum_get_value (enum_class, protocol_version);
    1060                 :           0 :   return enum_value ? protocol_version : G_TLS_PROTOCOL_VERSION_UNKNOWN;
    1061                 :             : }
    1062                 :             : 
    1063                 :             : /**
    1064                 :             :  * g_tls_connection_get_ciphersuite_name:
    1065                 :             :  * @conn: a #GTlsConnection
    1066                 :             :  *
    1067                 :             :  * Returns the name of the current TLS ciphersuite, or %NULL if the
    1068                 :             :  * connection has not handshaked or has been closed. Beware that the TLS
    1069                 :             :  * backend may use any of multiple different naming conventions, because
    1070                 :             :  * OpenSSL and GnuTLS have their own ciphersuite naming conventions that
    1071                 :             :  * are different from each other and different from the standard, IANA-
    1072                 :             :  * registered ciphersuite names. The ciphersuite name is intended to be
    1073                 :             :  * displayed to the user for informative purposes only, and parsing it
    1074                 :             :  * is not recommended.
    1075                 :             :  *
    1076                 :             :  * Returns: (nullable): The name of the current TLS ciphersuite, or %NULL
    1077                 :             :  *
    1078                 :             :  * Since: 2.70
    1079                 :             :  */
    1080                 :             : gchar *
    1081                 :           0 : g_tls_connection_get_ciphersuite_name (GTlsConnection *conn)
    1082                 :             : {
    1083                 :             :   gchar *ciphersuite_name;
    1084                 :             : 
    1085                 :           0 :   g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
    1086                 :             : 
    1087                 :           0 :   g_object_get (G_OBJECT (conn),
    1088                 :             :                 "ciphersuite-name", &ciphersuite_name,
    1089                 :             :                 NULL);
    1090                 :             : 
    1091                 :           0 :   return g_steal_pointer (&ciphersuite_name);
    1092                 :             : }
    1093                 :             : 
    1094                 :             : /**
    1095                 :             :  * g_tls_error_quark:
    1096                 :             :  *
    1097                 :             :  * Gets the TLS error quark.
    1098                 :             :  *
    1099                 :             :  * Returns: a #GQuark.
    1100                 :             :  *
    1101                 :             :  * Since: 2.28
    1102                 :             :  */
    1103                 :          17 : G_DEFINE_QUARK (g-tls-error-quark, g_tls_error)
    1104                 :             : 
    1105                 :             : /**
    1106                 :             :  * g_tls_connection_emit_accept_certificate:
    1107                 :             :  * @conn: a #GTlsConnection
    1108                 :             :  * @peer_cert: the peer's #GTlsCertificate
    1109                 :             :  * @errors: the problems with @peer_cert
    1110                 :             :  *
    1111                 :             :  * Used by #GTlsConnection implementations to emit the
    1112                 :             :  * #GTlsConnection::accept-certificate signal.
    1113                 :             :  *
    1114                 :             :  * Returns: %TRUE if one of the signal handlers has returned
    1115                 :             :  *     %TRUE to accept @peer_cert
    1116                 :             :  *
    1117                 :             :  * Since: 2.28
    1118                 :             :  */
    1119                 :             : gboolean
    1120                 :           0 : g_tls_connection_emit_accept_certificate (GTlsConnection       *conn,
    1121                 :             :                                           GTlsCertificate      *peer_cert,
    1122                 :             :                                           GTlsCertificateFlags  errors)
    1123                 :             : {
    1124                 :           0 :   gboolean accept = FALSE;
    1125                 :             : 
    1126                 :           0 :   g_signal_emit (conn, signals[ACCEPT_CERTIFICATE], 0,
    1127                 :             :                  peer_cert, errors, &accept);
    1128                 :           0 :   return accept;
    1129                 :             : }
        

Generated by: LCOV version 2.0-1