Commit 0f99cfa8 authored by Stef Walter's avatar Stef Walter

GTlsDatabase and related objects

The database is an abstract object implemented by the various TLS
backends, which is used by GTlsConnection to lookup certificates
and keys, as well as verify certificate chains.

Also add GTlsInteraction, which can be used to prompt the user
for a password or PIN (used with the database).

https://bugzilla.gnome.org/show_bug.cgi?id=636572
parent a187199e
......@@ -138,6 +138,10 @@
<xi:include href="xml/gtlsclientconnection.xml"/>
<xi:include href="xml/gtlsserverconnection.xml"/>
<xi:include href="xml/gtlsbackend.xml"/>
<xi:include href="xml/gtlsdatabase.xml"/>
<xi:include href="xml/gtlsfiledatabase.xml"/>
<xi:include href="xml/gtlsinteraction.xml"/>
<xi:include href="xml/gtlspassword.xml"/>
</chapter>
<chapter id="resolver">
<title>DNS resolution</title>
......
......@@ -3028,9 +3028,11 @@ GTlsBackend
GTlsBackendInterface
g_tls_backend_get_default
g_tls_backend_supports_tls
g_tls_backend_get_default_database
g_tls_backend_get_certificate_type
g_tls_backend_get_client_connection_type
g_tls_backend_get_server_connection_type
g_tls_backend_get_file_database_type
<SUBSECTION Standard>
G_IS_TLS_BACKEND
G_TLS_BACKEND
......@@ -3079,6 +3081,10 @@ g_tls_connection_set_rehandshake_mode
g_tls_connection_get_rehandshake_mode
g_tls_connection_set_use_system_certdb
g_tls_connection_get_use_system_certdb
g_tls_connection_get_database
g_tls_connection_set_database
g_tls_connection_get_interaction
g_tls_connection_set_interaction
<SUBSECTION>
g_tls_connection_handshake
g_tls_connection_handshake_async
......@@ -3120,6 +3126,58 @@ G_TYPE_TLS_CLIENT_CONNECTION
g_tls_client_connection_get_type
</SECTION>
<SECTION>
<FILE>gtlsdatabase</FILE>
<TITLE>GTlsDatabase</TITLE>
GTlsDatabase
GTlsDatabaseVerifyFlags
G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT
g_tls_database_verify_chain
g_tls_database_verify_chain_async
g_tls_database_verify_chain_finish
GTlsDatabaseLookupFlags
g_tls_database_lookup_certificate_issuer
g_tls_database_lookup_certificate_issuer_async
g_tls_database_lookup_certificate_issuer_finish
g_tls_database_lookup_certificates_issued_by
g_tls_database_lookup_certificates_issued_by_async
g_tls_database_lookup_certificates_issued_by_finish
g_tls_database_create_certificate_handle
g_tls_database_lookup_certificate_for_handle
g_tls_database_lookup_certificate_for_handle_async
g_tls_database_lookup_certificate_for_handle_finish
<SUBSECTION Standard>
G_IS_TLS_DATABASE
G_IS_TLS_DATABASE_CLASS
G_TLS_DATABASE
G_TLS_DATABASE_CLASS
G_TLS_DATABASE_GET_CLASS
G_TYPE_TLS_DATABASE
G_TYPE_TLS_DATABASE_LOOKUP_FLAGS
G_TYPE_TLS_DATABASE_VERIFY_FLAGS
<SUBSECTION Private>
g_tls_database_lookup_flags_get_type
g_tls_database_verify_flags_get_type
g_tls_database_get_type
GTlsDatabasePrivate
</SECTION>
<SECTION>
<FILE>gtlsfiledatabase</FILE>
<TITLE>GTlsFileDatabase</TITLE>
GTlsFileDatabase
GTlsFileDatabaseInterface
g_tls_file_database_new
<SUBSECTION Standard>
G_TLS_FILE_DATABASE
G_TLS_FILE_DATABASE_GET_INTERFACE
G_TYPE_TLS_FILE_DATABASE
G_IS_TLS_FILE_DATABASE
<SUBSECTION Private>
g_tls_file_database_get_type
</SECTION>
<SECTION>
<FILE>gtlsserverconnection</FILE>
<TITLE>GTlsServerConnection</TITLE>
......@@ -3135,6 +3193,65 @@ G_TYPE_TLS_SERVER_CONNECTION
g_tls_server_connection_get_type
</SECTION>
<SECTION>
<FILE>gtlspassword</FILE>
<TITLE>GTlsPassword</TITLE>
GTlsPassword
GTlsPasswordInterface
GTlsPasswordFlags
g_tls_password_new
g_tls_password_get_value
g_tls_password_set_value
g_tls_password_set_value_full
g_tls_password_get_description
g_tls_password_set_description
g_tls_password_get_flags
g_tls_password_set_flags
g_tls_password_get_warning
g_tls_password_set_warning
<SUBSECTION Standard>
g_tls_password_flags_get_type
g_tls_password_get_type
G_IS_TLS_PASSWORD
G_TLS_PASSWORD
G_TLS_PASSWORD_GET_INTERFACE
G_TYPE_TLS_PASSWORD
G_TYPE_TLS_PASSWORD_FLAGS
</SECTION>
<SECTION>
<FILE>gtlsinteraction</FILE>
<TITLE>GTlsInteraction</TITLE>
GTlsInteraction
GTlsInteractionResult
g_tls_interaction_ask_password
g_tls_interaction_ask_password_async
g_tls_interaction_ask_password_finish
<SUBSECTION Standard>
GTlsInteractionClass
G_IS_TLS_INTERACTION
G_IS_TLS_INTERACTION_CLASS
G_TYPE_TLS_INTERACTION
G_TLS_INTERACTION
G_TLS_INTERACTION_CLASS
G_TLS_INTERACTION_GET_CLASS
G_TYPE_TLS_INTERACTION_RESULT
<SUBSECTION Private>
GTlsInteractionPrivate
g_tls_interaction_get_type
g_tls_interaction_result_get_type
GTlsConsoleInteraction
GTlsConsoleInteractionClass
G_IS_TLS_CONSOLE_INTERACTION
G_IS_TLS_CONSOLE_INTERACTION_CLASS
g_tls_console_interaction_new
G_TLS_CONSOLE_INTERACTION
G_TYPE_TLS_CONSOLE_INTERACTION
G_TLS_CONSOLE_INTERACTION_CLASS
G_TLS_CONSOLE_INTERACTION_GET_CLASS
g_tls_console_interaction_get_type
</SECTION>
<SECTION>
<FILE>gtimezonemonitor</FILE>
<TITLE>GTimeZoneMonitor</TITLE>
......
......@@ -110,6 +110,8 @@ g_tls_backend_get_type
g_tls_certificate_get_type
g_tls_client_connection_get_type
g_tls_connection_get_type
g_tls_database_get_type
g_tls_file_database_get_type
g_tls_server_connection_get_type
g_unix_connection_get_type
g_unix_fd_list_get_type
......
......@@ -382,6 +382,10 @@ libgio_2_0_la_SOURCES = \
gtlscertificate.c \
gtlsclientconnection.c \
gtlsconnection.c \
gtlsdatabase.c \
gtlsfiledatabase.c \
gtlsinteraction.c \
gtlspassword.c \
gtlsserverconnection.c \
gunionvolumemonitor.c \
gunionvolumemonitor.h \
......@@ -535,6 +539,10 @@ gio_headers = \
gtlscertificate.h \
gtlsclientconnection.h \
gtlsconnection.h \
gtlsdatabase.h \
gtlsfiledatabase.h \
gtlsinteraction.h \
gtlspassword.h \
gtlsserverconnection.h \
gvfs.h \
gvolume.h \
......
......@@ -30,6 +30,8 @@
#include "gtlsbackend.h"
#include "gtlscertificate.h"
#include "gtlsclientconnection.h"
#include "gtlsdatabase.h"
#include "gtlsfiledatabase.h"
#include "gtlsserverconnection.h"
#include "gsimpleasyncresult.h"
......@@ -40,9 +42,11 @@
static GType _g_dummy_tls_certificate_get_type (void);
static GType _g_dummy_tls_connection_get_type (void);
static GType _g_dummy_tls_database_get_type (void);
struct _GDummyTlsBackend {
GObject parent_instance;
GObject parent_instance;
GTlsDatabase *database;
};
static void g_dummy_tls_backend_iface_init (GTlsBackendInterface *iface);
......@@ -67,12 +71,20 @@ g_dummy_tls_backend_class_init (GDummyTlsBackendClass *backend_class)
{
}
static GTlsDatabase*
g_dummy_tls_backend_get_default_database (GTlsBackend *backend)
{
return g_object_new (_g_dummy_tls_database_get_type (), NULL);
}
static void
g_dummy_tls_backend_iface_init (GTlsBackendInterface *iface)
{
iface->get_certificate_type = _g_dummy_tls_certificate_get_type;
iface->get_client_connection_type = _g_dummy_tls_connection_get_type;
iface->get_server_connection_type = _g_dummy_tls_connection_get_type;
iface->get_file_database_type = _g_dummy_tls_database_get_type;
iface->get_default_database = g_dummy_tls_backend_get_default_database;
}
/* Dummy certificate type */
......@@ -188,6 +200,7 @@ enum
PROP_CONN_REQUIRE_CLOSE_NOTIFY,
PROP_CONN_REHANDSHAKE_MODE,
PROP_CONN_CERTIFICATE,
PROP_CONN_DATABASE,
PROP_CONN_PEER_CERTIFICATE,
PROP_CONN_PEER_CERTIFICATE_ERRORS,
PROP_CONN_VALIDATION_FLAGS,
......@@ -251,6 +264,7 @@ g_dummy_tls_connection_class_init (GDummyTlsConnectionClass *connection_class)
g_object_class_override_property (gobject_class, PROP_CONN_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
g_object_class_override_property (gobject_class, PROP_CONN_REHANDSHAKE_MODE, "rehandshake-mode");
g_object_class_override_property (gobject_class, PROP_CONN_CERTIFICATE, "certificate");
g_object_class_override_property (gobject_class, PROP_CONN_DATABASE, "database");
g_object_class_override_property (gobject_class, PROP_CONN_PEER_CERTIFICATE, "peer-certificate");
g_object_class_override_property (gobject_class, PROP_CONN_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
g_object_class_override_property (gobject_class, PROP_CONN_VALIDATION_FLAGS, "validation-flags");
......@@ -281,3 +295,92 @@ g_dummy_tls_connection_initable_iface_init (GInitableIface *iface)
iface->init = g_dummy_tls_connection_initable_init;
}
/* Dummy database type.
*/
typedef struct _GDummyTlsDatabase GDummyTlsDatabase;
typedef struct _GDummyTlsDatabaseClass GDummyTlsDatabaseClass;
struct _GDummyTlsDatabase {
GTlsDatabase parent_instance;
};
struct _GDummyTlsDatabaseClass {
GTlsDatabaseClass parent_class;
};
enum
{
PROP_DATABASE_0,
PROP_ANCHORS,
};
static void g_dummy_tls_database_file_database_iface_init (GTlsFileDatabaseInterface *iface);
static void g_dummy_tls_database_initable_iface_init (GInitableIface *iface);
#define g_dummy_tls_database_get_type _g_dummy_tls_database_get_type
G_DEFINE_TYPE_WITH_CODE (GDummyTlsDatabase, g_dummy_tls_database, G_TYPE_TLS_DATABASE,
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
g_dummy_tls_database_file_database_iface_init);
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_dummy_tls_database_initable_iface_init);)
static void
g_dummy_tls_database_get_property (GObject *object,
guint prop_id,
GValue *value,
GParamSpec *pspec)
{
/* We need to define this method to make GObject happy, but it will
* never be possible to construct a working GDummyTlsDatabase, so
* it doesn't have to do anything useful.
*/
}
static void
g_dummy_tls_database_set_property (GObject *object,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
/* Just ignore all attempts to set properties. */
}
static void
g_dummy_tls_database_class_init (GDummyTlsDatabaseClass *database_class)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (database_class);
gobject_class->get_property = g_dummy_tls_database_get_property;
gobject_class->set_property = g_dummy_tls_database_set_property;
g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
}
static void
g_dummy_tls_database_init (GDummyTlsDatabase *database)
{
}
static void
g_dummy_tls_database_file_database_iface_init (GTlsFileDatabaseInterface *iface)
{
}
static gboolean
g_dummy_tls_database_initable_init (GInitable *initable,
GCancellable *cancellable,
GError **error)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_UNAVAILABLE,
_("TLS support is not available"));
return FALSE;
}
static void
g_dummy_tls_database_initable_iface_init (GInitableIface *iface)
{
iface->init = g_dummy_tls_database_initable_init;
}
......@@ -124,7 +124,11 @@
#include <gio/gtlscertificate.h>
#include <gio/gtlsclientconnection.h>
#include <gio/gtlsconnection.h>
#include <gio/gtlsdatabase.h>
#include <gio/gtlsfiledatabase.h>
#include <gio/gtlsinteraction.h>
#include <gio/gtlsserverconnection.h>
#include <gio/gtlspassword.h>
#include <gio/gvfs.h>
#include <gio/gvolume.h>
#include <gio/gvolumemonitor.h>
......
......@@ -782,6 +782,7 @@ g_tls_authentication_mode_get_type
g_tls_certificate_flags_get_type
g_tls_rehandshake_mode_get_type
g_emblemed_icon_get_type
g_tls_database_verify_flags_get_type
g_emblemed_icon_new
g_emblemed_icon_get_icon
g_emblemed_icon_get_emblems
......@@ -1428,6 +1429,7 @@ g_tls_certificate_new_from_pem
g_tls_certificate_verify
g_tls_connection_emit_accept_certificate
g_tls_connection_get_certificate
g_tls_connection_get_interaction
g_tls_connection_get_peer_certificate
g_tls_connection_get_peer_certificate_errors
g_tls_connection_get_rehandshake_mode
......@@ -1438,6 +1440,7 @@ g_tls_connection_handshake
g_tls_connection_handshake_async
g_tls_connection_handshake_finish
g_tls_connection_set_certificate
g_tls_connection_set_interaction
g_tls_connection_set_rehandshake_mode
g_tls_connection_set_require_close_notify
g_tls_connection_set_use_system_certdb
......@@ -1452,6 +1455,24 @@ g_tls_client_connection_set_use_ssl3
g_tls_client_connection_set_validation_flags
g_tls_server_connection_get_type
g_tls_server_connection_new
g_tls_database_get_type
g_tls_database_lookup_issuer
g_tls_database_lookup_issuer_async
g_tls_database_lookup_issuer_finish
g_tls_database_verify_chain
g_tls_database_verify_chain_async
g_tls_database_verify_chain_finish
g_tls_file_database_get_type
g_tls_file_database_new
g_tls_interaction_get_type
g_tls_interaction_ask_password
g_tls_interaction_ask_password_finish
g_tls_password_get_type
g_tls_password_get_value
g_tls_password_set_value
g_tls_password_take_value
g_tls_password_get_flags
g_tls_password_get_description
g_time_zone_monitor_get_type
g_time_zone_monitor_get
g_dbus_interface_get_info
......
......@@ -1392,6 +1392,48 @@ typedef enum {
G_TLS_REHANDSHAKE_UNSAFELY
} GTlsRehandshakeMode;
/**
* GTlsPasswordFlags:
* @G_TLS_PASSWORD_NONE: No flags
* @G_TLS_PASSWORD_RETRY: The password was wrong, and the user should retry.
* @G_TLS_PASSWORD_MANY_TRIES: Hint to the user that the password has been
* wrong many times, and the user may not have many chances left.
* @G_TLS_PASSWORD_FINAL_TRY: Hint to the user that this is the last try to get
* this password right.
*
* Various flags for the password.
*
* Since: 2.30
*/
typedef enum _GTlsPasswordFlags
{
G_TLS_PASSWORD_NONE = 0,
G_TLS_PASSWORD_RETRY = 1 << 1,
G_TLS_PASSWORD_MANY_TRIES = 1 << 2,
G_TLS_PASSWORD_FINAL_TRY = 1 << 3
} GTlsPasswordFlags;
/**
* GTlsInteractionResult:
* @G_TLS_INTERACTION_HANDLED: The interaction completed, and resulting data
* is available.
* @G_TLS_INTERACTION_ABORTED: The user cancelled the interaction, and requested
* the operation to be aborted.
* @G_TLS_INTERACTION_UNHANDLED: The interaction was unhandled (i.e. not
* implemented).
*
* #GTlsInteractionResult is returned by various functions in #GTlsInteraction
* when finishing an interaction request.
*
* Since: 2.30
*/
typedef enum {
G_TLS_INTERACTION_HANDLED,
G_TLS_INTERACTION_ABORTED,
G_TLS_INTERACTION_UNHANDLED
} GTlsInteractionResult;
/**
* GDBusInterfaceSkeletonFlags:
* @G_DBUS_INTERFACE_SKELETON_FLAGS_NONE: No flags set.
......@@ -1428,6 +1470,34 @@ typedef enum
G_DBUS_OBJECT_MANAGER_CLIENT_FLAGS_DO_NOT_AUTO_START = (1<<0)
} GDBusObjectManagerClientFlags;
/**
* GTlsDatabaseVerifyFlags:
* @G_TLS_DATABASE_VERIFY_NONE: No verification flags
*
* Flags for g_tls_database_verify_chain().
*
* Since: 2.30
*/
typedef enum {
G_TLS_DATABASE_VERIFY_NONE = 0,
} GTlsDatabaseVerifyFlags;
/**
* GTlsDatabaseLookupFlags:
* @G_TLS_DATABASE_LOOKUP_NONE: No lookup flags
* @G_TLS_DATABASE_LOOKUP_KEYPAIR: Restrict lookup to certificates that have
* a private key.
*
* Flags for g_tls_database_lookup_handle(), g_tls_database_lookup_issuer(),
* and g_tls_database_lookup_issued().
*
* Since: 2.30
*/
typedef enum {
G_TLS_DATABASE_LOOKUP_NONE = 0,
G_TLS_DATABASE_LOOKUP_KEYPAIR = 1,
} GTlsDatabaseLookupFlags;
G_END_DECLS
#endif /* __GIO_ENUMS_H__ */
......@@ -206,6 +206,10 @@ typedef struct _GThemedIcon GThemedIcon;
typedef struct _GTlsCertificate GTlsCertificate;
typedef struct _GTlsClientConnection GTlsClientConnection; /* Dummy typedef */
typedef struct _GTlsConnection GTlsConnection;
typedef struct _GTlsDatabase GTlsDatabase;
typedef struct _GTlsFileDatabase GTlsFileDatabase;
typedef struct _GTlsInteraction GTlsInteraction;
typedef struct _GTlsPassword GTlsPassword;
typedef struct _GTlsServerConnection GTlsServerConnection; /* Dummy typedef */
typedef struct _GVfs GVfs; /* Dummy typedef */
......
......@@ -149,6 +149,28 @@ g_tls_backend_supports_tls (GTlsBackend *backend)
return TRUE;
}
/**
* g_tls_backend_get_default_database:
* @backend: the #GTlsBackend
*
* Gets the default #GTlsDatabase used to verify TLS connections.
*
* Return value: the default database, which should be unreffed when done.
*
* Since: 2.30
*/
GTlsDatabase *
g_tls_backend_get_default_database (GTlsBackend *backend)
{
g_return_val_if_fail (G_IS_TLS_BACKEND (backend), NULL);
/* This method was added later, so accept the (remote) possibility it can be NULL */
if (!G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database)
return NULL;
return G_TLS_BACKEND_GET_INTERFACE (backend)->get_default_database (backend);
}
/**
* g_tls_backend_get_certificate_type:
* @backend: the #GTlsBackend
......@@ -199,3 +221,25 @@ g_tls_backend_get_server_connection_type (GTlsBackend *backend)
{
return G_TLS_BACKEND_GET_INTERFACE (backend)->get_server_connection_type ();
}
/**
* g_tls_backend_get_file_database_type:
* @backend: the #GTlsBackend
*
* Gets the #GTyep of @backend's #GTlsFileDatabase implementation.
*
* Return value: the #GType of backend's #GTlsFileDatabase implementation.
*
* Since: 2.30
*/
GType
g_tls_backend_get_file_database_type (GTlsBackend *backend)
{
g_return_val_if_fail (G_IS_TLS_BACKEND (backend), 0);
/* This method was added later, so accept the (remote) possibility it can be NULL */
if (!G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type)
return 0;
return G_TLS_BACKEND_GET_INTERFACE (backend)->get_file_database_type ();
}
......@@ -58,9 +58,12 @@ typedef struct _GTlsBackendInterface GTlsBackendInterface;
/**
* GTlsBackendInterface:
* @g_iface: The parent interface.
* @supports_tls: returns whether the backend supports TLS.
* @get_default_database: returns a default #GTlsDatabase instance.
* @get_certificate_type: returns the #GTlsCertificate implementation type
* @get_client_connection_type: returns the #GTlsClientConnection implementation type
* @get_server_connection_type: returns the #GTlsServerConnection implementation type
* @get_file_database_type: returns the #GTlsFileDatabase implementation type.
*
* Provides an interface for describing TLS-related types.
*
......@@ -71,21 +74,26 @@ struct _GTlsBackendInterface
GTypeInterface g_iface;
/* methods */
gboolean ( *supports_tls) (GTlsBackend *backend);
GType ( *get_certificate_type) (void);
GType ( *get_client_connection_type) (void);
GType ( *get_server_connection_type) (void);
gboolean ( *supports_tls) (GTlsBackend *backend);
GType ( *get_certificate_type) (void);
GType ( *get_client_connection_type) (void);
GType ( *get_server_connection_type) (void);
GType ( *get_file_database_type) (void);
GTlsDatabase * ( *get_default_database) (GTlsBackend *backend);
};
GType g_tls_backend_get_type (void) G_GNUC_CONST;
GType g_tls_backend_get_type (void) G_GNUC_CONST;
GTlsBackend *g_tls_backend_get_default (void);
GTlsBackend * g_tls_backend_get_default (void);
gboolean g_tls_backend_supports_tls (GTlsBackend *backend);
GTlsDatabase * g_tls_backend_get_default_database (GTlsBackend *backend);
GType g_tls_backend_get_certificate_type (GTlsBackend *backend);
GType g_tls_backend_get_client_connection_type (GTlsBackend *backend);
GType g_tls_backend_get_server_connection_type (GTlsBackend *backend);
gboolean g_tls_backend_supports_tls (GTlsBackend *backend);
GType g_tls_backend_get_certificate_type (GTlsBackend *backend);
GType g_tls_backend_get_client_connection_type (GTlsBackend *backend);
GType g_tls_backend_get_server_connection_type (GTlsBackend *backend);
GType g_tls_backend_get_file_database_type (GTlsBackend *backend);
G_END_DECLS
......
......@@ -28,6 +28,8 @@
#include "gtlsbackend.h"
#include "gtlscertificate.h"
#include "gtlsclientconnection.h"
#include "gtlsdatabase.h"
#include "gtlsinteraction.h"
#include "glibintl.h"
/**
......@@ -77,6 +79,8 @@ enum {
PROP_REQUIRE_CLOSE_NOTIFY,
PROP_REHANDSHAKE_MODE,
PROP_USE_SYSTEM_CERTDB,
PROP_DATABASE,
PROP_INTERACTION,
PROP_CERTIFICATE,
PROP_PEER_CERTIFICATE,
PROP_PEER_CERTIFICATE_ERRORS
......@@ -112,7 +116,7 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
* verify peer certificates. See
* g_tls_connection_set_use_system_certdb().
*
* Since: 2.28
* Deprecated: 2.30: Use GTlsConnection:database instead
*/
g_object_class_install_property (gobject_class, PROP_USE_SYSTEM_CERTDB,
g_param_spec_boolean ("use-system-certdb",
......@@ -122,6 +126,38 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/**
* GTlsConnection:database:
*
* The certificate database to use when verifying this TLS connection.
* If no cerificate database is set, then the default database will be
* used. See g_tls_backend_get_default_database().
*
* Since: 2.30
*/
g_object_class_install_property (gobject_class, PROP_DATABASE,
g_param_spec_object ("database",
P_("Database"),
P_("Certificate database to use for looking up or verifying certificates"),
G_TYPE_TLS_DATABASE,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
/**
* GTlsConnection:interaction:
*
* A #GTlsInteraction object to be used when the connection or certificate
* database need to interact with the user. This will be used to prompt the
* user for passwords where necessary.
*
* Since: 2.30
*/
g_object_class_install_property (gobject_class, PROP_INTERACTION,
g_param_spec_object ("interaction",
P_("Interaction"),
P_("Optional object for user interaction"),
G_TYPE_TLS_INTERACTION,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
/**
* GTlsConnection:require-close-notify:
*
......@@ -306,7 +342,7 @@ g_tls_connection_set_property (GObject *object,
* client-side connections, unless that bit is not set in
* #GTlsClientConnection:validation-flags).
*
* Since: 2.28
* Deprecated: 2.30: Use g_tls_connection_set_database() instead
*/
void
g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
......@@ -328,7 +364,7 @@ g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
*
* Return value: whether @conn uses the system certificate database
*
* Since: 2.28
* Deprecated: 2.30: Use g_tls_connection_get_database() instead
*/
gboolean
g_tls_connection_get_use_system_certdb (GTlsConnection *conn)
......@@ -343,6 +379,60 @@ g_tls_connection_get_use_system_certdb (GTlsConnection *conn)
return use_system_certdb;
}
/**
* g_tls_connection_set_database:
* @conn: a #GTlsConnection
* @database: a #GTlsDatabase
*
* Sets the certificate database that is used to verify peer certificates.
* This is set to the default database by default. See
* g_tls_backend_get_default_database(). If set to %NULL, then
* peer certificate validation will always set the
* %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
* #GTlsConnection::accept-certificate will always be emitted on
* client-side connections, unless that bit is not set in
* #GTlsClientConnection:validation-flags).
*
* Since: 2.30
*/
void
g_tls_connection_set_database (GTlsConnection *conn,
GTlsDatabase *database)
{
g_return_if_fail (G_IS_TLS_CONNECTION (conn));
g_return_if_fail (database == NULL || G_IS_TLS_DATABASE (database));
g_object_set (G_OBJECT (conn),
"database", database,
NULL);
}
/**
* g_tls_connection_get_database:
* @conn: a #GTlsConnection
*
* Gets the certificate database that @conn uses to verify
* peer certificates. See g_tls_connection_set_database().
*
* Return value: the certificate database that @conn uses or %NULL
*
* Since: 2.30
*/
GTlsDatabase*
g_tls_connection_get_database (GTlsConnection *conn)
{
GTlsDatabase *database = NULL;
g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
g_object_get (G_OBJECT (conn),
"database", &database,
NULL);
if (database)
g_object_unref (database);
return database;
}
/**
* g_tls_connection_set_certificate:
* @conn: a #GTlsConnection
......@@ -404,6 +494,56 @@ g_tls_connection_get_certificate (GTlsConnection *conn)
return certificate;
}
/**
* g_tls_connection_set_interaction:
* @conn: a connection
* @interaction: (allow-none): an interaction object, or %NULL
*
* Set the object that will be used to interact with the user. It will be used
* for things like prompting the user for passwords.
*
* The @interaction argument will normally be a derived subclass of
* #GTlsInteraction. %NULL can also be provided if no user interaction
* should occur for this connection.
*
* Since: 2.30
*/