static gchar *
describe_certificate_errors (GIOStream *io)
{
GTlsCertificateFlags flags;
GString *str;
if (!G_IS_TLS_CONNECTION (io))
return NULL;
flags = g_tls_connection_get_peer_certificate_errors (G_TLS_CONNECTION (io));
if (flags == 0)
return NULL;
str = g_string_new ("");
if (flags & G_TLS_CERTIFICATE_UNKNOWN_CA)
{
g_string_append (str, "untrusted-issuer ");
flags &= ~G_TLS_CERTIFICATE_UNKNOWN_CA;
}
if (flags & G_TLS_CERTIFICATE_BAD_IDENTITY)
{
g_string_append (str, "bad-server-identity ");
flags &= ~G_TLS_CERTIFICATE_BAD_IDENTITY;
}
if (flags & G_TLS_CERTIFICATE_NOT_ACTIVATED)
{
g_string_append (str, "not-yet-valid ");
flags &= ~G_TLS_CERTIFICATE_NOT_ACTIVATED;
}
if (flags & G_TLS_CERTIFICATE_EXPIRED)
{
g_string_append (str, "expired ");
flags &= ~G_TLS_CERTIFICATE_EXPIRED;
}
if (flags & G_TLS_CERTIFICATE_REVOKED)
{
g_string_append (str, "revoked ");
flags &= ~G_TLS_CERTIFICATE_REVOKED;
}
if (flags & G_TLS_CERTIFICATE_INSECURE)
{
g_string_append (str, "insecure ");
flags &= ~G_TLS_CERTIFICATE_INSECURE;
}
if (flags & G_TLS_CERTIFICATE_GENERIC_ERROR)
{
g_string_append (str, "generic-error ");
flags &= ~G_TLS_CERTIFICATE_GENERIC_ERROR;
}
if (flags != 0)
{
g_string_append (str, "...");
}
return g_string_free (str, FALSE);
}
static void
soup_socket_get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
SoupSocketPrivate *priv = SOUP_SOCKET_GET_PRIVATE (object);
switch (prop_id) {
case PROP_LOCAL_ADDRESS:
g_value_set_object (value, soup_socket_get_local_address (SOUP_SOCKET (object)));
break;
case PROP_REMOTE_ADDRESS:
g_value_set_object (value, soup_socket_get_remote_address (SOUP_SOCKET (object)));
break;
case PROP_NON_BLOCKING:
g_value_set_boolean (value, priv->non_blocking);
break;
case PROP_IS_SERVER:
g_value_set_boolean (value, priv->is_server);
break;
case PROP_SSL_CREDENTIALS:
g_value_set_pointer (value, priv->ssl_creds);
break;
case PROP_SSL_STRICT:
g_value_set_boolean (value, priv->ssl_strict);
break;
case PROP_SSL_FALLBACK:
g_value_set_boolean (value, priv->ssl_fallback);
break;
case PROP_TRUSTED_CERTIFICATE:
g_value_set_boolean (value, priv->tls_errors == 0);
break;
case PROP_ASYNC_CONTEXT:
g_value_set_pointer (value, priv->async_context ? g_main_context_ref (priv->async_context) : NULL);
break;
case PROP_USE_THREAD_CONTEXT:
g_value_set_boolean (value, priv->use_thread_context);
break;
case PROP_TIMEOUT:
g_value_set_uint (value, priv->timeout);
break;
case PROP_TLS_CERTIFICATE:
if (G_IS_TLS_CONNECTION (priv->conn))
g_value_set_object (value, g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (priv->conn)));
else
g_value_set_object (value, NULL);
break;
case PROP_TLS_ERRORS:
g_value_set_flags (value, priv->tls_errors);
break;
case PROP_PROXY_RESOLVER:
g_value_set_object (value, priv->proxy_resolver);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
/* Called when GSocketClient signals an event.
* Calls purple_tls_certificate_attach_to_tls_connection() on the client's
* connection when it's about to handshake.
*/
static void
socket_client_event_cb(GSocketClient *client, GSocketClientEvent event,
GSocketConnectable *connectable, GIOStream *connection,
gpointer user_data)
{
if (event == G_SOCKET_CLIENT_TLS_HANDSHAKING) {
/* Attach libpurple's certificate subsystem to the
* GTlsConnection right before it starts the handshake
*/
purple_tls_certificate_attach_to_tls_connection(
G_TLS_CONNECTION(connection));
}
}
static void
initialize_io (CockpitStream *self)
{
GInputStream *is;
GOutputStream *os;
g_return_if_fail (self->priv->in_source == NULL);
is = g_io_stream_get_input_stream (self->priv->io);
os = g_io_stream_get_output_stream (self->priv->io);
if (!G_IS_POLLABLE_INPUT_STREAM (is) ||
!g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (is)) ||
!G_IS_POLLABLE_OUTPUT_STREAM (os) ||
!g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (os)))
{
g_warning ("%s: stream is not pollable", self->priv->name);
close_immediately (self, "internal-error");
return;
}
if (self->priv->connecting)
{
cockpit_connectable_unref (self->priv->connecting);
self->priv->connecting = NULL;
}
self->priv->in_source = g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (is), NULL);
g_source_set_name (self->priv->in_source, "stream-input");
g_source_set_callback (self->priv->in_source, (GSourceFunc)dispatch_input, self, NULL);
g_source_attach (self->priv->in_source, self->priv->context);
if (G_IS_TLS_CONNECTION (self->priv->io))
{
self->priv->sig_accept_cert = g_signal_connect (G_TLS_CONNECTION (self->priv->io),
"accept-certificate",
G_CALLBACK (on_rejected_certificate),
self);
}
else
{
self->priv->sig_accept_cert = 0;
}
start_output (self);
g_signal_emit (self, cockpit_stream_sig_open, 0);
}
static void
e_soup_ssl_trust_network_event_cb (SoupMessage *msg,
GSocketClientEvent event,
GIOStream *connection,
gpointer user_data)
{
ESoupSslTrustData *handler = user_data;
/* It's either a GTlsConnection or a GTcpConnection */
if (event == G_SOCKET_CLIENT_TLS_HANDSHAKING &&
G_IS_TLS_CONNECTION (connection)) {
g_signal_connect_closure (
G_TLS_CONNECTION (connection), "accept-certificate",
handler->accept_certificate_closure, FALSE);
}
}
static gboolean
g_tls_server_connection_gnutls_initable_init (GInitable *initable,
GCancellable *cancellable,
GError **error)
{
GTlsCertificate *cert;
if (!g_tls_server_connection_gnutls_parent_initable_iface->
init (initable, cancellable, error))
return FALSE;
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert)))
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Certificate has no private key"));
return FALSE;
}
return TRUE;
}
static GTlsCertificate *
lookup_client_certificate (GTlsClientConnection *conn,
GError **error)
{
GList *l, *accepted;
GList *c, *certificates;
GTlsDatabase *database;
GTlsCertificate *certificate = NULL;
GTlsConnection *base;
accepted = g_tls_client_connection_get_accepted_cas (conn);
for (l = accepted; l != NULL; l = g_list_next (l))
{
base = G_TLS_CONNECTION (conn);
database = g_tls_connection_get_database (base);
certificates = g_tls_database_lookup_certificates_issued_by (database, l->data,
g_tls_connection_get_interaction (base),
G_TLS_DATABASE_LOOKUP_KEYPAIR,
NULL, error);
if (error && *error)
break;
if (certificates)
certificate = g_object_ref (certificates->data);
for (c = certificates; c != NULL; c = g_list_next (c))
g_object_unref (c->data);
g_list_free (certificates);
}
for (l = accepted; l != NULL; l = g_list_next (l))
g_byte_array_unref (l->data);
g_list_free (accepted);
if (certificate == NULL && error && !*error)
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
"Server requested a certificate, but could not find relevant certificate in database.");
return certificate;
}
/**
* g_vfs_ftp_connection_enable_tls:
* @conn: a connection without an active data connection
* @server_identity: address of the server used to verify the certificate
* @cb: callback called if there's a verification error
* @user_data: user data passed to @cb
* @cancellable: cancellable to interrupt wait
* @error: %NULL or location to take a potential error
*
* Tries to enable TLS on the given @connection. If setting up TLS fails,
* %FALSE will be returned and @error will be set. When this function fails,
* you need to check if the connection is still usable. It might have been
* closed.
*
* Returns: %TRUE on success, %FALSE otherwise.
**/
gboolean
g_vfs_ftp_connection_enable_tls (GVfsFtpConnection * conn,
GSocketConnectable *server_identity,
CertificateCallback cb,
gpointer user_data,
GCancellable * cancellable,
GError ** error)
{
GIOStream *secure;
g_return_val_if_fail (conn != NULL, FALSE);
g_return_val_if_fail (conn->data == NULL, FALSE);
g_return_val_if_fail (!conn->waiting_for_reply, FALSE);
g_return_val_if_fail (g_buffered_input_stream_get_available (G_BUFFERED_INPUT_STREAM (conn->commands_in)) == 0, FALSE);
secure = g_tls_client_connection_new (conn->commands,
server_identity,
error);
if (secure == NULL)
return FALSE;
g_object_unref (conn->commands);
conn->commands = secure;
create_input_stream (conn);
g_signal_connect (secure, "accept-certificate", G_CALLBACK (cb), user_data);
if (!g_tls_connection_handshake (G_TLS_CONNECTION (secure),
cancellable,
error))
{
/* Close here to be sure it won't get used anymore */
g_io_stream_close (secure, cancellable, NULL);
return FALSE;
}
return TRUE;
}
/**
* g_vfs_ftp_connection_data_connection_enable_tls:
* @conn: a connection with an active control connection
* @server_identity: address of the server used to verify the certificate
* @cb: callback called if there's a verification error
* @user_data: user data passed to @cb
* @cancellable: cancellable to interrupt wait
* @error: %NULL or location to take a potential error
*
* Tries to enable TLS on the given @connection's data connection. If setting
* up TLS fails, %FALSE will be returned and @error will be set.
*
* Returns: %TRUE on success, %FALSE otherwise.
**/
gboolean
g_vfs_ftp_connection_data_connection_enable_tls (GVfsFtpConnection *conn,
GSocketConnectable *server_identity,
CertificateCallback cb,
gpointer user_data,
GCancellable * cancellable,
GError ** error)
{
GIOStream *secure;
g_return_val_if_fail (conn != NULL, FALSE);
g_return_val_if_fail (conn->commands != NULL, FALSE);
secure = g_tls_client_connection_new (conn->data,
server_identity,
error);
if (secure == NULL)
return FALSE;
g_object_unref (conn->data);
conn->data = secure;
g_tls_client_connection_copy_session_state (G_TLS_CLIENT_CONNECTION (secure),
G_TLS_CLIENT_CONNECTION (conn->commands));
g_signal_connect (secure, "accept-certificate", G_CALLBACK (cb), user_data);
if (!g_tls_connection_handshake (G_TLS_CONNECTION (secure),
cancellable,
error))
{
/* Close here to be sure it won't get used anymore */
g_io_stream_close (secure, cancellable, NULL);
return FALSE;
}
return TRUE;
}
int
main (int argc,
char *argv[])
{
GSocket *socket, *new_socket, *recv_socket;
GSocketAddress *src_address;
GSocketAddress *address;
GSocketType socket_type;
GSocketFamily socket_family;
GError *error = NULL;
GOptionContext *context;
GCancellable *cancellable;
char *display_addr;
GTlsCertificate *tlscert = NULL;
GIOStream *connection;
GInputStream *istream;
GOutputStream *ostream;
g_type_init ();
context = g_option_context_new (" - Test GSocket server stuff");
g_option_context_add_main_entries (context, cmd_entries, NULL);
if (!g_option_context_parse (context, &argc, &argv, &error))
{
g_printerr ("%s: %s\n", argv[0], error->message);
return 1;
}
if (unix_socket && argc != 2)
{
g_printerr ("%s: %s\n", argv[0], "Need to specify unix socket name");
return 1;
}
if (cancel_timeout)
{
GThread *thread;
cancellable = g_cancellable_new ();
thread = g_thread_new ("cancel", cancel_thread, cancellable);
g_thread_unref (thread);
}
else
{
cancellable = NULL;
}
if (tls_cert_file)
{
if (use_udp)
{
g_printerr ("DTLS (TLS over UDP) is not supported");
return 1;
}
tlscert = g_tls_certificate_new_from_file (tls_cert_file, &error);
if (!tlscert)
{
g_printerr ("Could not read server certificate '%s': %s\n",
tls_cert_file, error->message);
return 1;
}
}
loop = g_main_loop_new (NULL, FALSE);
if (use_udp)
socket_type = G_SOCKET_TYPE_DATAGRAM;
else
socket_type = G_SOCKET_TYPE_STREAM;
if (unix_socket)
socket_family = G_SOCKET_FAMILY_UNIX;
else
socket_family = G_SOCKET_FAMILY_IPV4;
socket = g_socket_new (socket_family, socket_type, 0, &error);
if (socket == NULL)
{
g_printerr ("%s: %s\n", argv[0], error->message);
return 1;
}
if (non_blocking)
g_socket_set_blocking (socket, FALSE);
if (unix_socket)
{
src_address = socket_address_from_string (argv[1]);
if (src_address == NULL)
{
g_printerr ("%s: Could not parse '%s' as unix socket name\n", argv[0], argv[1]);
return 1;
}
}
else
{
src_address = g_inet_socket_address_new (g_inet_address_new_any (G_SOCKET_FAMILY_IPV4), port);
}
if (!g_socket_bind (socket, src_address, !dont_reuse_address, &error))
{
g_printerr ("Can't bind socket: %s\n", error->message);
return 1;
}
g_object_unref (src_address);
if (!use_udp)
{
if (!g_socket_listen (socket, &error))
{
g_printerr ("Can't listen on socket: %s\n", error->message);
return 1;
}
address = g_socket_get_local_address (socket, &error);
if (!address)
{
g_printerr ("Error getting local address: %s\n",
error->message);
return 1;
}
display_addr = socket_address_to_string (address);
g_print ("listening on %s...\n", display_addr);
g_free (display_addr);
ensure_socket_condition (socket, G_IO_IN, cancellable);
new_socket = g_socket_accept (socket, cancellable, &error);
if (!new_socket)
{
g_printerr ("Error accepting socket: %s\n",
error->message);
return 1;
}
if (non_blocking)
g_socket_set_blocking (new_socket, FALSE);
if (read_timeout)
g_socket_set_timeout (new_socket, read_timeout);
address = g_socket_get_remote_address (new_socket, &error);
if (!address)
{
g_printerr ("Error getting remote address: %s\n",
error->message);
return 1;
}
display_addr = socket_address_to_string (address);
g_print ("got a new connection from %s\n", display_addr);
g_free(display_addr);
g_object_unref (address);
recv_socket = new_socket;
connection = G_IO_STREAM (g_socket_connection_factory_create_connection (recv_socket));
g_object_unref (new_socket);
}
else
{
recv_socket = socket;
connection = NULL;
}
if (tlscert)
{
GIOStream *tls_conn;
tls_conn = g_tls_server_connection_new (connection, tlscert, &error);
if (!tls_conn)
{
g_printerr ("Could not create TLS connection: %s\n",
error->message);
return 1;
}
if (!g_tls_connection_handshake (G_TLS_CONNECTION (tls_conn),
cancellable, &error))
{
g_printerr ("Error during TLS handshake: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
connection = tls_conn;
}
if (connection)
{
istream = g_io_stream_get_input_stream (connection);
ostream = g_io_stream_get_output_stream (connection);
}
else
{
g_assert (use_udp);
istream = NULL;
ostream = NULL;
}
while (TRUE)
{
gchar buffer[4096];
gssize size;
gsize to_send;
if (use_udp)
{
ensure_socket_condition (recv_socket, G_IO_IN, cancellable);
size = g_socket_receive_from (recv_socket, &address,
buffer, sizeof buffer,
cancellable, &error);
}
else
{
ensure_connection_condition (connection, G_IO_IN, cancellable);
size = g_input_stream_read (istream,
buffer, sizeof buffer,
cancellable, &error);
}
if (size < 0)
{
g_printerr ("Error receiving from socket: %s\n",
error->message);
return 1;
}
if (size == 0)
break;
g_print ("received %" G_GSSIZE_FORMAT " bytes of data", size);
if (use_udp)
g_print (" from %s", socket_address_to_string (address));
g_print ("\n");
if (verbose)
g_print ("-------------------------\n"
"%.*s\n"
"-------------------------\n",
(int)size, buffer);
to_send = size;
#ifdef __QNXNTO__
if (delay_)
#else
if (delay)
#endif
{
#ifdef __QNXNTO__
if (verbose)
g_print ("delaying %d seconds before response\n", delay_);
g_usleep (1000 * 1000 * delay_);
#else
if (verbose)
g_print ("delaying %d seconds before response\n", delay);
g_usleep (1000 * 1000 * delay);
#endif
}
while (to_send > 0)
{
if (use_udp)
{
ensure_socket_condition (recv_socket, G_IO_OUT, cancellable);
size = g_socket_send_to (recv_socket, address,
buffer, to_send, cancellable, &error);
}
else
{
ensure_connection_condition (connection, G_IO_OUT, cancellable);
size = g_output_stream_write (ostream,
buffer, to_send,
cancellable, &error);
}
if (size < 0)
{
if (g_error_matches (error,
G_IO_ERROR,
G_IO_ERROR_WOULD_BLOCK))
{
g_print ("socket send would block, handling\n");
g_error_free (error);
error = NULL;
continue;
}
else
{
g_printerr ("Error sending to socket: %s\n",
error->message);
return 1;
}
}
g_print ("sent %" G_GSSIZE_FORMAT " bytes of data\n", size);
if (size == 0)
{
g_printerr ("Unexpected short write\n");
return 1;
}
to_send -= size;
}
}
g_print ("connection closed\n");
if (connection)
{
if (!g_io_stream_close (connection, NULL, &error))
{
g_printerr ("Error closing connection stream: %s\n",
error->message);
return 1;
}
g_object_unref (connection);
}
if (!g_socket_close (socket, &error))
{
g_printerr ("Error closing master socket: %s\n",
error->message);
return 1;
}
g_object_unref (socket);
return 0;
}
static void
on_socket_connect (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
CockpitStream *self = user_data;
GError *error = NULL;
g_socket_connection_connect_finish (G_SOCKET_CONNECTION (object), result, &error);
if (!error && !self->priv->closed)
{
g_debug ("%s: connected", self->priv->name);
if (self->priv->options && self->priv->options->tls_client)
{
self->priv->io = g_tls_client_connection_new (G_IO_STREAM (object), NULL, &error);
if (self->priv->io)
{
g_debug ("%s: tls handshake", self->priv->name);
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (self->priv->io),
self->priv->options->tls_client_flags);
if (self->priv->options->tls_cert)
{
g_tls_connection_set_certificate (G_TLS_CONNECTION (self->priv->io),
self->priv->options->tls_cert);
}
if (self->priv->options->tls_database)
{
g_tls_connection_set_database (G_TLS_CONNECTION (self->priv->io),
self->priv->options->tls_database);
}
/* We track data end the same way we do for HTTP */
g_tls_connection_set_require_close_notify (G_TLS_CONNECTION (self->priv->io), FALSE);
}
}
else
{
self->priv->io = g_object_ref (object);
}
}
if (error)
{
g_debug ("%s: couldn't connect: %s", self->priv->name, error->message);
g_clear_error (&self->priv->connect_error);
self->priv->connect_error = error;
g_socket_address_enumerator_next_async (self->priv->connecting, NULL,
on_address_next, g_object_ref (self));
}
else
{
initialize_io (self);
}
g_object_unref (object);
g_object_unref (self);
}
static void
on_socket_connect (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
CockpitWebSocketStream *self = COCKPIT_WEB_SOCKET_STREAM (user_data);
CockpitChannel *channel = COCKPIT_CHANNEL (self);
const gchar *problem = "protocol-error";
gchar **protocols = NULL;
GList *l, *names = NULL;
GError *error = NULL;
JsonObject *options;
JsonObject *headers;
const gchar *value;
JsonNode *node;
GIOStream *io;
io = cockpit_connect_stream_finish (result, &error);
if (error)
{
problem = cockpit_stream_problem (error, self->origin, "couldn't connect",
cockpit_channel_close_options (channel));
cockpit_channel_close (channel, problem);
goto out;
}
options = cockpit_channel_get_options (channel);
if (!cockpit_json_get_strv (options, "protocols", NULL, &protocols))
{
cockpit_channel_fail (channel, "protocol-error",
"%s: invalid \"protocol\" value in WebSocket stream request", self->origin);
goto out;
}
if (G_IS_TLS_CONNECTION (io))
{
self->sig_accept_cert = g_signal_connect (G_TLS_CONNECTION (io),
"accept-certificate",
G_CALLBACK (on_rejected_certificate),
self);
}
else
{
self->sig_accept_cert = 0;
}
self->client = web_socket_client_new_for_stream (self->url, self->origin, (const gchar **)protocols, io);
node = json_object_get_member (options, "headers");
if (node)
{
if (!JSON_NODE_HOLDS_OBJECT (node))
{
cockpit_channel_fail (channel, "protocol-error",
"%s: invalid \"headers\" field in WebSocket stream request", self->origin);
goto out;
}
headers = json_node_get_object (node);
names = json_object_get_members (headers);
for (l = names; l != NULL; l = g_list_next (l))
{
node = json_object_get_member (headers, l->data);
if (!node || !JSON_NODE_HOLDS_VALUE (node) || json_node_get_value_type (node) != G_TYPE_STRING)
{
cockpit_channel_fail (channel, "protocol-error",
"%s: invalid header value in WebSocket stream request: %s",
self->origin, (gchar *)l->data);
goto out;
}
value = json_node_get_string (node);
g_debug ("%s: sending header: %s %s", self->origin, (gchar *)l->data, value);
web_socket_client_include_header (WEB_SOCKET_CLIENT (self->client), l->data, value);
}
}
self->sig_open = g_signal_connect (self->client, "open", G_CALLBACK (on_web_socket_open), self);
self->sig_message = g_signal_connect (self->client, "message", G_CALLBACK (on_web_socket_message), self);
self->sig_closing = g_signal_connect (self->client, "closing", G_CALLBACK (on_web_socket_closing), self);
self->sig_close = g_signal_connect (self->client, "close", G_CALLBACK (on_web_socket_close), self);
self->sig_error = g_signal_connect (self->client, "error", G_CALLBACK (on_web_socket_error), self);
problem = NULL;
out:
g_clear_error (&error);
g_strfreev (protocols);
if (io)
g_object_unref (io);
g_list_free (names);
}
static gboolean
make_connection (const char *argument,
GTlsCertificate *certificate,
GCancellable *cancellable,
GSocket **socket,
GSocketAddress **address,
GIOStream **connection,
GInputStream **istream,
GOutputStream **ostream,
GError **error)
{
GSocketType socket_type;
GSocketFamily socket_family;
GSocketAddressEnumerator *enumerator;
GSocketConnectable *connectable;
GSocketAddress *src_address;
GTlsInteraction *interaction;
GError *err = NULL;
if (use_udp)
socket_type = G_SOCKET_TYPE_DATAGRAM;
else
socket_type = G_SOCKET_TYPE_STREAM;
if (unix_socket)
socket_family = G_SOCKET_FAMILY_UNIX;
else
socket_family = G_SOCKET_FAMILY_IPV4;
*socket = g_socket_new (socket_family, socket_type, 0, error);
if (*socket == NULL)
return FALSE;
if (read_timeout)
g_socket_set_timeout (*socket, read_timeout);
if (unix_socket)
{
GSocketAddress *addr;
addr = socket_address_from_string (argument);
if (addr == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Could not parse '%s' as unix socket name", argument);
return FALSE;
}
connectable = G_SOCKET_CONNECTABLE (addr);
}
else
{
connectable = g_network_address_parse (argument, 7777, error);
if (connectable == NULL)
return FALSE;
}
enumerator = g_socket_connectable_enumerate (connectable);
while (TRUE)
{
*address = g_socket_address_enumerator_next (enumerator, cancellable, error);
if (*address == NULL)
{
if (error != NULL && *error == NULL)
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"No more addresses to try");
return FALSE;
}
if (g_socket_connect (*socket, *address, cancellable, &err))
break;
g_message ("Connection to %s failed: %s, trying next", socket_address_to_string (*address), err->message);
g_clear_error (&err);
g_object_unref (*address);
}
g_object_unref (enumerator);
g_print ("Connected to %s\n",
socket_address_to_string (*address));
src_address = g_socket_get_local_address (*socket, error);
if (!src_address)
{
g_prefix_error (error, "Error getting local address: ");
return FALSE;
}
g_print ("local address: %s\n",
socket_address_to_string (src_address));
g_object_unref (src_address);
if (use_udp)
{
*connection = NULL;
*istream = NULL;
*ostream = NULL;
}
else
*connection = G_IO_STREAM (g_socket_connection_factory_create_connection (*socket));
if (tls)
{
GIOStream *tls_conn;
tls_conn = g_tls_client_connection_new (*connection, connectable, error);
if (!tls_conn)
{
g_prefix_error (error, "Could not create TLS connection: ");
return FALSE;
}
g_signal_connect (tls_conn, "accept-certificate",
G_CALLBACK (accept_certificate), NULL);
interaction = g_tls_console_interaction_new ();
g_tls_connection_set_interaction (G_TLS_CONNECTION (tls_conn), interaction);
g_object_unref (interaction);
if (certificate)
g_tls_connection_set_certificate (G_TLS_CONNECTION (tls_conn), certificate);
g_object_unref (*connection);
*connection = G_IO_STREAM (tls_conn);
if (!g_tls_connection_handshake (G_TLS_CONNECTION (tls_conn),
cancellable, error))
{
g_prefix_error (error, "Error during TLS handshake: ");
return FALSE;
}
}
g_object_unref (connectable);
if (*connection)
{
*istream = g_io_stream_get_input_stream (*connection);
*ostream = g_io_stream_get_output_stream (*connection);
}
return TRUE;
}
