[glib] Add GTlsConnection:use-system-certdb

From: Dan Winship <danw src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib] Add GTlsConnection:use-system-certdb
Date: Tue, 7 Dec 2010 10:15:50 +0000 (UTC)
commit d6e94070ddb015e73573a620234a8929f8aaac16
Author: Dan Winship <danw gnome org>
Date:   Wed Dec 1 13:49:39 2010 -0500

    Add GTlsConnection:use-system-certdb
    
    This can be set FALSE if you don't want to validate certificates
    against the system database.

 docs/reference/gio/gio-sections.txt |    2 +
 gio/gdummytlsbackend.c              |    3 +-
 gio/gio.symbols                     |    2 +
 gio/gtlsconnection.c                |   70 +++++++++++++++++++++++++++++++++++
 gio/gtlsconnection.h                |    4 ++
 5 files changed, 80 insertions(+), 1 deletions(-)
---
diff --git a/docs/reference/gio/gio-sections.txt b/docs/reference/gio/gio-sections.txt
index 3a78935..bcff388 100644
--- a/docs/reference/gio/gio-sections.txt
+++ b/docs/reference/gio/gio-sections.txt
@@ -3064,6 +3064,8 @@ g_tls_connection_get_require_close_notify
 GTlsRehandshakeMode
 g_tls_connection_set_rehandshake_mode
 g_tls_connection_get_rehandshake_mode
+g_tls_connection_set_use_system_certdb
+g_tls_connection_get_use_system_certdb
 <SUBSECTION>
 g_tls_connection_handshake
 g_tls_connection_handshake_async
diff --git a/gio/gdummytlsbackend.c b/gio/gdummytlsbackend.c
index fd55aa9..f2d7186 100644
--- a/gio/gdummytlsbackend.c
+++ b/gio/gdummytlsbackend.c
@@ -184,6 +184,7 @@ enum
   PROP_BASE_IO_STREAM,
   PROP_REQUIRE_CLOSE_NOTIFY,
   PROP_REHANDSHAKE_MODE,
+  PROP_USE_SYSTEM_CERTDB,
   PROP_VALIDATION_FLAGS,
   PROP_SERVER_IDENTITY,
   PROP_USE_SSL3,
@@ -243,12 +244,12 @@ g_dummy_tls_connection_class_init (GDummyTlsConnectionClass *connection_class)
   g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
   g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
   g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
+  g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
   g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
   g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
   g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3");
   g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas");
   g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
-
 }
 
 static void
diff --git a/gio/gio.symbols b/gio/gio.symbols
index b7077ee..d5af410 100644
--- a/gio/gio.symbols
+++ b/gio/gio.symbols
@@ -2043,6 +2043,7 @@ g_tls_connection_get_certificate
 g_tls_connection_get_peer_certificate
 g_tls_connection_get_rehandshake_mode
 g_tls_connection_get_require_close_notify
+g_tls_connection_get_use_system_certdb
 g_tls_connection_get_type G_GNUC_CONST
 g_tls_connection_handshake
 g_tls_connection_handshake_async
@@ -2051,6 +2052,7 @@ g_tls_connection_set_certificate
 g_tls_connection_set_peer_certificate
 g_tls_connection_set_rehandshake_mode
 g_tls_connection_set_require_close_notify
+g_tls_connection_set_use_system_certdb
 #endif
 #endif
 
diff --git a/gio/gtlsconnection.c b/gio/gtlsconnection.c
index e55f6f5..4ea9211 100644
--- a/gio/gtlsconnection.c
+++ b/gio/gtlsconnection.c
@@ -84,6 +84,7 @@ enum {
   PROP_BASE_IO_STREAM,
   PROP_REQUIRE_CLOSE_NOTIFY,
   PROP_REHANDSHAKE_MODE,
+  PROP_USE_SYSTEM_CERTDB,
   PROP_CERTIFICATE,
   PROP_PEER_CERTIFICATE
 };
@@ -119,6 +120,23 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
 							G_PARAM_CONSTRUCT_ONLY |
 							G_PARAM_STATIC_STRINGS));
   /**
+   * GTlsConnection:use-system-certdb:
+   *
+   * Whether or not the system certificate database will be used to
+   * verify peer certificates. See
+   * g_tls_connection_set_use_system_certdb().
+   *
+   * Since: 2.28
+   */
+  g_object_class_install_property (gobject_class, PROP_USE_SYSTEM_CERTDB,
+				   g_param_spec_boolean ("use-system-certdb",
+							 P_("Use system certificate database"),
+							 P_("Whether to verify peer certificates against the system certificate database"),
+							 TRUE,
+							 G_PARAM_READWRITE |
+							 G_PARAM_CONSTRUCT |
+							 G_PARAM_STATIC_STRINGS));
+  /**
    * GTlsConnection:require-close-notify:
    *
    * Whether or not proper TLS close notification is required.
@@ -132,6 +150,7 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
 							 P_("Whether to require proper TLS close notification"),
 							 TRUE,
 							 G_PARAM_READWRITE |
+							 G_PARAM_CONSTRUCT |
 							 G_PARAM_STATIC_STRINGS));
   /**
    * GTlsConnection:rehandshake-mode:
@@ -148,6 +167,7 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
 						      G_TYPE_TLS_REHANDSHAKE_MODE,
 						      G_TLS_REHANDSHAKE_SAFELY,
 						      G_PARAM_READWRITE |
+						      G_PARAM_CONSTRUCT |
 						      G_PARAM_STATIC_STRINGS));
   /**
    * GTlsConnection:certificate:
@@ -343,6 +363,56 @@ g_tls_connection_set_property (GObject      *object,
 }
 
 /**
+ * g_tls_connection_set_use_system_certdb:
+ * @conn: a #GTlsConnection
+ * @use_system_certdb: whether to use the system certificate database
+ *
+ * Sets whether @conn uses the system certificate database to verify
+ * peer certificates. This is %TRUE by default. If set to %FALSE, then
+ * peer certificate validation will always set the
+ * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
+ * #GTlsConnection::accept-certificate will always be emitted on
+ * client-side connections, unless that bit is not set in
+ * #GTlsClientConnection:validation-flags).
+ *
+ * Since: 2.28
+ */
+void
+g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
+					gboolean        use_system_certdb)
+{
+  g_return_if_fail (G_IS_TLS_CONNECTION (conn));
+
+  g_object_set (G_OBJECT (conn),
+		"use-system-certdb", use_system_certdb,
+		NULL);
+}
+
+/**
+ * g_tls_connection_get_use_system_certdb:
+ * @conn: a #GTlsConnection
+ *
+ * Gets whether @conn uses the system certificate database to verify
+ * peer certificates. See g_tls_connection_set_use_system_certdb().
+ *
+ * Return value: whether @conn uses the system certificate database
+ *
+ * Since: 2.28
+ */
+gboolean
+g_tls_connection_get_use_system_certdb (GTlsConnection *conn)
+{
+  gboolean use_system_certdb;
+
+  g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), TRUE);
+
+  g_object_get (G_OBJECT (conn),
+		"use-system-certdb", &use_system_certdb,
+		NULL);
+  return use_system_certdb;
+}
+
+/**
  * g_tls_connection_set_certificate:
  * @conn: a #GTlsConnection
  * @certificate: the certificate to use for @conn
diff --git a/gio/gtlsconnection.h b/gio/gtlsconnection.h
index 86f1f68..4b835a3 100644
--- a/gio/gtlsconnection.h
+++ b/gio/gtlsconnection.h
@@ -85,6 +85,10 @@ struct _GTlsConnectionClass
 
 GType                g_tls_connection_get_type                 (void) G_GNUC_CONST;
 
+void                 g_tls_connection_set_use_system_certdb    (GTlsConnection       *conn,
+								gboolean              use_system_certdb);
+gboolean             g_tls_connection_get_use_system_certdb    (GTlsConnection       *conn);
+
 void                 g_tls_connection_set_certificate          (GTlsConnection       *conn,
 								GTlsCertificate      *certificate);
 GTlsCertificate     *g_tls_connection_get_certificate          (GTlsConnection       *conn);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]