[glib/mcatanzaro/validation-flags: 1/2] gtlsclientconnection: deprecate validation-flags property
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/mcatanzaro/validation-flags: 1/2] gtlsclientconnection: deprecate validation-flags property
- Date: Wed, 4 Aug 2021 20:26:41 +0000 (UTC)
commit acff685c13d51a3ea1014bb3471e7698e15d5f05
Author: Michael Catanzaro <mcatanzaro redhat com>
Date: Wed Aug 4 15:20:03 2021 -0500
gtlsclientconnection: deprecate validation-flags property
It doesn't work as expected, and you shouldn't be trying to use it
anyway.
gio/gtlsclientconnection.c | 22 +++++++++++++++++++++-
gio/gtlsclientconnection.h | 4 ++--
2 files changed, 23 insertions(+), 3 deletions(-)
---
diff --git a/gio/gtlsclientconnection.c b/gio/gtlsclientconnection.c
index d0a740f4f..0fbb2668a 100644
--- a/gio/gtlsclientconnection.c
+++ b/gio/gtlsclientconnection.c
@@ -59,7 +59,20 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
* ways indicated here will be rejected unless the application
* overrides the default via #GTlsConnection::accept-certificate.
*
+ * GLib guarantees that if certificate verification fails, at least one
+ * flag will be set, but it does not guarantee that all possible flags
+ * will be set. Accordingly, you may not safely decide to ignore any
+ * particular type of error. For example, it would be incorrect to mask
+ * %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates,
+ * because this could potentially be the only error flag set even if
+ * other problems exist with the certificate. Therefore, there is no
+ * safe way to use this property. This is not a horrible problem,
+ * though, because you should not be attempting to ignore validation
+ * errors anyway.
+ *
* Since: 2.28
+ *
+ * Deprecated: 2.70. Do not attempt to ignore validation errors.
*/
g_object_interface_install_property (iface,
g_param_spec_flags ("validation-flags",
@@ -69,7 +82,8 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
G_TLS_CERTIFICATE_VALIDATE_ALL,
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
- G_PARAM_STATIC_STRINGS));
+ G_PARAM_STATIC_STRINGS |
+ G_PARAM_DEPRECATED));
/**
* GTlsClientConnection:server-identity:
@@ -186,6 +200,8 @@ g_tls_client_connection_new (GIOStream *base_io_stream,
* Returns: the validation flags
*
* Since: 2.28
+ *
+ * Deprecated: 2.70. Do not attempt to ignore validation errors.
*/
GTlsCertificateFlags
g_tls_client_connection_get_validation_flags (GTlsClientConnection *conn)
@@ -207,7 +223,11 @@ g_tls_client_connection_get_validation_flags (GTlsClientConnection *conn)
* checks performed when validating a server certificate. By default,
* %G_TLS_CERTIFICATE_VALIDATE_ALL is used.
*
+ * See #GTlsClientConnection:validation-flags for more information.
+ *
* Since: 2.28
+ *
+ * Deprecated: 2.70. Do not attempt to ignore validation errors.
*/
void
g_tls_client_connection_set_validation_flags (GTlsClientConnection *conn,
diff --git a/gio/gtlsclientconnection.h b/gio/gtlsclientconnection.h
index 29dbafcf4..c14ba98c5 100644
--- a/gio/gtlsclientconnection.h
+++ b/gio/gtlsclientconnection.h
@@ -59,9 +59,9 @@ GIOStream * g_tls_client_connection_new (GIOStream
GSocketConnectable *server_identity,
GError **error);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_70
GTlsCertificateFlags g_tls_client_connection_get_validation_flags (GTlsClientConnection *conn);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_70
void g_tls_client_connection_set_validation_flags (GTlsClientConnection *conn,
GTlsCertificateFlags flags);
GLIB_AVAILABLE_IN_ALL
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
