gtlscertificate: Add ability to load PKCS#12 encrypted files (!2239) · Merge requests · GNOME / GLib

Patrick Griffis requested to merge pgriffis/gtlscertificate-password into main Sep 04, 2021

This adds two construct properties to GTlsCertificate:

pkcs12-data which is DER encoded PKCS#12 format bytes
password which is used to decrypt the PKCS#12 data and any private keys in it

These have to be implemented by the TLS backend. In glib-networking!184 (merged) I have implemented for both OpenSSL and gnutls.

This changes the behavior of:

g_tls_certificate_new_from_file() Now attempts to load as PKCS#12 if the filename ends in .p12 or .pfx

This adds two functions:

g_tls_certificate_new_from_pkcs12() for directly creating from the data.
g_tls_certificate_new_from_file_with_password() variant of g_tls_certificate_new_from_file with password for PKCS#12 files

All of the types were chosen to fit in with the existing API. Though personally I'd rather pass around GBytes than guchar*, gsize pairs, I think consistency is nice.

And adds a new error:

G_TLS_ERROR_BAD_CERTIFICATE_PASSWORD for when decrypting PKCS#12 data fails

This would be targeting 2.72 whenever that branches.

Edited Jan 07, 2022 by Emmanuele Bassi

gtlscertificate: Add ability to load PKCS#12 encrypted files

Merge request reports