/** * g_tls_database_verify_chain: * @self: a #GTlsDatabase * @chain: a #GTlsCertificate chain * @purpose: the purpose that this certificate chain will be used for. * @identity: (allow-none): the expected peer identity * @interaction: (allow-none): used to interact with the user if necessary * @flags: additional verify flags * @cancellable: (allow-none): a #GCancellable, or %NULL * @error: (allow-none): a #GError, or %NULL * * Verify's a certificate chain after looking up and adding any missing * certificates to the chain. * * @chain is a chain of #GTlsCertificate objects each pointing to the next * certificate in the chain by its %issuer property. The chain may initially * consist of one or more certificates. After the verification process is * complete, @chain may be modified by adding missing certificates, or removing * extra certificates. If a certificate anchor was found, then it is added to * the @chain. * * @purpose describes the purpose (or usage) for which the certificate * is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER * which means that the certificate is being used to authenticate a server * (and we are acting as the client). * * The @identity is used to check for pinned certificates (trust exceptions) * in the database. These will override the normal verification process on a * host by host basis. * * Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be * used. * * This function can block, use g_tls_database_verify_chain_async() to perform * the verification operation asynchronously. * * Return value: the appropriate #GTlsCertificateFlags which represents the * result of verification. * * Since: 2.30 */ GTlsCertificateFlags g_tls_database_verify_chain (GTlsDatabase *self, GTlsCertificate *chain, const gchar *purpose, GSocketConnectable *identity, GTlsInteraction *interaction, GTlsDatabaseVerifyFlags flags, GCancellable *cancellable, GError **error) { g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain, G_TLS_CERTIFICATE_GENERIC_ERROR); return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self, chain, purpose, identity, interaction, flags, cancellable, error); }
/** * g_tls_database_verify_chain_async: * @self: a #GTlsDatabase * @chain: a #GTlsCertificate chain * @purpose: the purpose that this certificate chain will be used for. * @identity: (allow-none): the expected peer identity * @interaction: (allow-none): used to interact with the user if necessary * @flags: additional verify flags * @cancellable: (allow-none): a #GCancellable, or %NULL * @callback: callback to call when the operation completes * @user_data: the data to pass to the callback function * * Asynchronously verify's a certificate chain after looking up and adding * any missing certificates to the chain. See g_tls_database_verify_chain() * for more information. * * Since: 2.30 */ void g_tls_database_verify_chain_async (GTlsDatabase *self, GTlsCertificate *chain, const gchar *purpose, GSocketConnectable *identity, GTlsInteraction *interaction, GTlsDatabaseVerifyFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data) { g_return_if_fail (G_IS_TLS_DATABASE (self)); g_return_if_fail (G_IS_TLS_CERTIFICATE (chain)); g_return_if_fail (purpose != NULL); g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction)); g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity)); g_return_if_fail (callback != NULL); g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async); G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self, chain, purpose, identity, interaction, flags, cancellable, callback, user_data); }
/** * g_tls_database_create_certificate_handle: * @self: a #GTlsDatabase * @certificate: certificate for which to create a handle. * * Create a handle string for the certificate. The database will only be able * to create a handle for certificates that originate from the database. In * cases where the database cannot create a handle for a certificate, %NULL * will be returned. * * This handle should be stable across various instances of the application, * and between applications. If a certificate is modified in the database, * then it is not guaranteed that this handle will continue to point to it. * * Returns: (allow-none): a newly allocated string containing the handle. * Since: 2.30 */ gchar* g_tls_database_create_certificate_handle (GTlsDatabase *self, GTlsCertificate *certificate) { g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL); g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL); g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle, NULL); return G_TLS_DATABASE_GET_CLASS (self)->create_certificate_handle (self, certificate); }
/** * g_dtls_connection_set_database: * @conn: a #GDtlsConnection * @database: a #GTlsDatabase * * Sets the certificate database that is used to verify peer certificates. * This is set to the default database by default. See * g_dtls_backend_get_default_database(). If set to %NULL, then * peer certificate validation will always set the * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning * #GDtlsConnection::accept-certificate will always be emitted on * client-side connections, unless that bit is not set in * #GDtlsClientConnection:validation-flags). * * Since: 2.48 */ void g_dtls_connection_set_database (GDtlsConnection *conn, GTlsDatabase *database) { g_return_if_fail (G_IS_DTLS_CONNECTION (conn)); g_return_if_fail (database == NULL || G_IS_TLS_DATABASE (database)); g_object_set (G_OBJECT (conn), "database", database, NULL); }
/** * g_tls_database_lookup_certificates_issued_by_finish: * @self: a #GTlsDatabase * @result: a #GAsyncResult. * @error: a #GError pointer, or %NULL * * Finish an asynchronous lookup of certificates. See * g_tls_database_lookup_certificates_issued_by() for more information. * * Return value: (transfer full): a newly allocated list of #GTlsCertificate objects. * Use g_object_unref() on each certificate, and g_list_free() on the release the list. * * Since: 2.30 */ GList* g_tls_database_lookup_certificates_issued_by_finish (GTlsDatabase *self, GAsyncResult *result, GError **error) { g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL); g_return_val_if_fail (G_IS_ASYNC_RESULT (result), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish, NULL); return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_finish (self, result, error); }
/** * g_tls_database_verify_chain_finish: * @self: a #GTlsDatabase * @result: a #GAsyncResult. * @error: a #GError pointer, or %NULL * * Finish an asynchronous verify chain operation. See * g_tls_database_verify_chain() for more information. * * Return value: the appropriate #GTlsCertificateFlags which represents the * result of verification. * * Since: 2.30 */ GTlsCertificateFlags g_tls_database_verify_chain_finish (GTlsDatabase *self, GAsyncResult *result, GError **error) { g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (G_IS_ASYNC_RESULT (result), G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR); g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish, G_TLS_CERTIFICATE_GENERIC_ERROR); return G_TLS_DATABASE_GET_CLASS (self)->verify_chain_finish (self, result, error); }
/** * g_tls_database_lookup_certificates_issued_by: * @self: a #GTlsDatabase * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN. * @interaction: (allow-none): used to interact with the user if necessary * @flags: Flags which affect the lookup operation. * @cancellable: (allow-none): a #GCancellable, or %NULL * @error: (allow-none): a #GError, or %NULL * * Lookup certificates issued by this issuer in the database. * * This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform * the lookup operation asynchronously. * * Return value: (transfer full) (element-type GTlsCertificate): a newly allocated list of #GTlsCertificate * objects. Use g_object_unref() on each certificate, and g_list_free() on the release the list. * * Since: 2.30 */ GList* g_tls_database_lookup_certificates_issued_by (GTlsDatabase *self, GByteArray *issuer_raw_dn, GTlsInteraction *interaction, GTlsDatabaseLookupFlags flags, GCancellable *cancellable, GError **error) { g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL); g_return_val_if_fail (issuer_raw_dn, NULL); g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by, NULL); return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by (self, issuer_raw_dn, interaction, flags, cancellable, error); }
/** * g_tls_database_lookup_certificate_issuer: * @self: a #GTlsDatabase * @certificate: a #GTlsCertificate * @interaction: (allow-none): used to interact with the user if necessary * @flags: flags which affect the lookup operation * @cancellable: (allow-none): a #GCancellable, or %NULL * @error: (allow-none): a #GError, or %NULL * * Lookup the issuer of @certificate in the database. * * The %issuer property * of @certificate is not modified, and the two certificates are not hooked * into a chain. * * This function can block, use g_tls_database_lookup_certificate_issuer_async() to perform * the lookup operation asynchronously. * * Return value: (transfer full): a newly allocated issuer #GTlsCertificate, * or %NULL. Use g_object_unref() to release the certificate. * * Since: 2.30 */ GTlsCertificate* g_tls_database_lookup_certificate_issuer (GTlsDatabase *self, GTlsCertificate *certificate, GTlsInteraction *interaction, GTlsDatabaseLookupFlags flags, GCancellable *cancellable, GError **error) { g_return_val_if_fail (G_IS_TLS_DATABASE (self), NULL); g_return_val_if_fail (G_IS_TLS_CERTIFICATE (certificate), NULL); g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer, NULL); return G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_issuer (self, certificate, interaction, flags, cancellable, error); }
/** * g_tls_database_lookup_certificate_for_handle_async: * @self: a #GTlsDatabase * @handle: a certificate handle * @interaction: (allow-none): used to interact with the user if necessary * @flags: Flags which affect the lookup. * @cancellable: (allow-none): a #GCancellable, or %NULL * @callback: callback to call when the operation completes * @user_data: the data to pass to the callback function * * Asynchronously lookup a certificate by its handle in the database. See * g_tls_database_lookup_certificate_for_handle() for more information. * * Since: 2.30 */ void g_tls_database_lookup_certificate_for_handle_async (GTlsDatabase *self, const gchar *handle, GTlsInteraction *interaction, GTlsDatabaseLookupFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data) { g_return_if_fail (G_IS_TLS_DATABASE (self)); g_return_if_fail (handle != NULL); g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction)); g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async); G_TLS_DATABASE_GET_CLASS (self)->lookup_certificate_for_handle_async (self, handle, interaction, flags, cancellable, callback, user_data); }
/** * g_tls_database_lookup_certificates_issued_by_async: * @self: a #GTlsDatabase * @issuer_raw_dn: a #GByteArray which holds the DER encoded issuer DN. * @interaction: (allow-none): used to interact with the user if necessary * @flags: Flags which affect the lookup operation. * @cancellable: (allow-none): a #GCancellable, or %NULL * @callback: callback to call when the operation completes * @user_data: the data to pass to the callback function * * Asynchronously lookup certificates issued by this issuer in the database. See * g_tls_database_lookup_certificates_issued_by() for more information. * * The database may choose to hold a reference to the issuer byte array for the duration * of of this asynchronous operation. The byte array should not be modified during * this time. * * Since: 2.30 */ void g_tls_database_lookup_certificates_issued_by_async (GTlsDatabase *self, GByteArray *issuer_raw_dn, GTlsInteraction *interaction, GTlsDatabaseLookupFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data) { g_return_if_fail (G_IS_TLS_DATABASE (self)); g_return_if_fail (issuer_raw_dn != NULL); g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction)); g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); g_return_if_fail (callback != NULL); g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async); G_TLS_DATABASE_GET_CLASS (self)->lookup_certificates_issued_by_async (self, issuer_raw_dn, interaction, flags, cancellable, callback, user_data); }