gtlscertificate: Add ability to load PKCS#12 encrypted files
This adds two construct properties to GTlsCertificate
:
-
pkcs12-data
which is DER encoded PKCS#12 format bytes -
password
which is used to decrypt the PKCS#12 data and any private keys in it
These have to be implemented by the TLS backend. In glib-networking!184 (merged) I have implemented for both OpenSSL and gnutls.
This changes the behavior of:
-
g_tls_certificate_new_from_file()
Now attempts to load as PKCS#12 if the filename ends in.p12
or.pfx
This adds two functions:
-
g_tls_certificate_new_from_pkcs12()
for directly creating from the data. -
g_tls_certificate_new_from_file_with_password()
variant of g_tls_certificate_new_from_file with password for PKCS#12 files
All of the types were chosen to fit in with the existing API. Though personally I'd rather pass around GBytes
than guchar*, gsize
pairs, I think consistency is nice.
And adds a new error:
-
G_TLS_ERROR_BAD_CERTIFICATE_PASSWORD
for when decrypting PKCS#12 data fails
This would be targeting 2.72 whenever that branches.
Edited by Emmanuele Bassi