/** * g_vfs_ftp_connection_enable_tls: * @conn: a connection without an active data connection * @server_identity: address of the server used to verify the certificate * @cb: callback called if there's a verification error * @user_data: user data passed to @cb * @cancellable: cancellable to interrupt wait * @error: %NULL or location to take a potential error * * Tries to enable TLS on the given @connection. If setting up TLS fails, * %FALSE will be returned and @error will be set. When this function fails, * you need to check if the connection is still usable. It might have been * closed. * * Returns: %TRUE on success, %FALSE otherwise. **/ gboolean g_vfs_ftp_connection_enable_tls (GVfsFtpConnection * conn, GSocketConnectable *server_identity, CertificateCallback cb, gpointer user_data, GCancellable * cancellable, GError ** error) { GIOStream *secure; g_return_val_if_fail (conn != NULL, FALSE); g_return_val_if_fail (conn->data == NULL, FALSE); g_return_val_if_fail (!conn->waiting_for_reply, FALSE); g_return_val_if_fail (g_buffered_input_stream_get_available (G_BUFFERED_INPUT_STREAM (conn->commands_in)) == 0, FALSE); secure = g_tls_client_connection_new (conn->commands, server_identity, error); if (secure == NULL) return FALSE; g_object_unref (conn->commands); conn->commands = secure; create_input_stream (conn); g_signal_connect (secure, "accept-certificate", G_CALLBACK (cb), user_data); if (!g_tls_connection_handshake (G_TLS_CONNECTION (secure), cancellable, error)) { /* Close here to be sure it won't get used anymore */ g_io_stream_close (secure, cancellable, NULL); return FALSE; } return TRUE; }
/** * g_vfs_ftp_connection_data_connection_enable_tls: * @conn: a connection with an active control connection * @server_identity: address of the server used to verify the certificate * @cb: callback called if there's a verification error * @user_data: user data passed to @cb * @cancellable: cancellable to interrupt wait * @error: %NULL or location to take a potential error * * Tries to enable TLS on the given @connection's data connection. If setting * up TLS fails, %FALSE will be returned and @error will be set. * * Returns: %TRUE on success, %FALSE otherwise. **/ gboolean g_vfs_ftp_connection_data_connection_enable_tls (GVfsFtpConnection *conn, GSocketConnectable *server_identity, CertificateCallback cb, gpointer user_data, GCancellable * cancellable, GError ** error) { GIOStream *secure; g_return_val_if_fail (conn != NULL, FALSE); g_return_val_if_fail (conn->commands != NULL, FALSE); secure = g_tls_client_connection_new (conn->data, server_identity, error); if (secure == NULL) return FALSE; g_object_unref (conn->data); conn->data = secure; g_tls_client_connection_copy_session_state (G_TLS_CLIENT_CONNECTION (secure), G_TLS_CLIENT_CONNECTION (conn->commands)); g_signal_connect (secure, "accept-certificate", G_CALLBACK (cb), user_data); if (!g_tls_connection_handshake (G_TLS_CONNECTION (secure), cancellable, error)) { /* Close here to be sure it won't get used anymore */ g_io_stream_close (secure, cancellable, NULL); return FALSE; } return TRUE; }
static void on_socket_connect (GObject *object, GAsyncResult *result, gpointer user_data) { CockpitStream *self = user_data; GError *error = NULL; g_socket_connection_connect_finish (G_SOCKET_CONNECTION (object), result, &error); if (!error && !self->priv->closed) { g_debug ("%s: connected", self->priv->name); if (self->priv->options && self->priv->options->tls_client) { self->priv->io = g_tls_client_connection_new (G_IO_STREAM (object), NULL, &error); if (self->priv->io) { g_debug ("%s: tls handshake", self->priv->name); g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (self->priv->io), self->priv->options->tls_client_flags); if (self->priv->options->tls_cert) { g_tls_connection_set_certificate (G_TLS_CONNECTION (self->priv->io), self->priv->options->tls_cert); } if (self->priv->options->tls_database) { g_tls_connection_set_database (G_TLS_CONNECTION (self->priv->io), self->priv->options->tls_database); } /* We track data end the same way we do for HTTP */ g_tls_connection_set_require_close_notify (G_TLS_CONNECTION (self->priv->io), FALSE); } } else { self->priv->io = g_object_ref (object); } } if (error) { g_debug ("%s: couldn't connect: %s", self->priv->name, error->message); g_clear_error (&self->priv->connect_error); self->priv->connect_error = error; g_socket_address_enumerator_next_async (self->priv->connecting, NULL, on_address_next, g_object_ref (self)); } else { initialize_io (self); } g_object_unref (object); g_object_unref (self); }
static gboolean make_connection (const char *argument, GTlsCertificate *certificate, GCancellable *cancellable, GSocket **socket, GSocketAddress **address, GIOStream **connection, GInputStream **istream, GOutputStream **ostream, GError **error) { GSocketType socket_type; GSocketFamily socket_family; GSocketAddressEnumerator *enumerator; GSocketConnectable *connectable; GSocketAddress *src_address; GTlsInteraction *interaction; GError *err = NULL; if (use_udp) socket_type = G_SOCKET_TYPE_DATAGRAM; else socket_type = G_SOCKET_TYPE_STREAM; if (unix_socket) socket_family = G_SOCKET_FAMILY_UNIX; else socket_family = G_SOCKET_FAMILY_IPV4; *socket = g_socket_new (socket_family, socket_type, 0, error); if (*socket == NULL) return FALSE; if (read_timeout) g_socket_set_timeout (*socket, read_timeout); if (unix_socket) { GSocketAddress *addr; addr = socket_address_from_string (argument); if (addr == NULL) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Could not parse '%s' as unix socket name", argument); return FALSE; } connectable = G_SOCKET_CONNECTABLE (addr); } else { connectable = g_network_address_parse (argument, 7777, error); if (connectable == NULL) return FALSE; } enumerator = g_socket_connectable_enumerate (connectable); while (TRUE) { *address = g_socket_address_enumerator_next (enumerator, cancellable, error); if (*address == NULL) { if (error != NULL && *error == NULL) g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, "No more addresses to try"); return FALSE; } if (g_socket_connect (*socket, *address, cancellable, &err)) break; g_message ("Connection to %s failed: %s, trying next", socket_address_to_string (*address), err->message); g_clear_error (&err); g_object_unref (*address); } g_object_unref (enumerator); g_print ("Connected to %s\n", socket_address_to_string (*address)); src_address = g_socket_get_local_address (*socket, error); if (!src_address) { g_prefix_error (error, "Error getting local address: "); return FALSE; } g_print ("local address: %s\n", socket_address_to_string (src_address)); g_object_unref (src_address); if (use_udp) { *connection = NULL; *istream = NULL; *ostream = NULL; } else *connection = G_IO_STREAM (g_socket_connection_factory_create_connection (*socket)); if (tls) { GIOStream *tls_conn; tls_conn = g_tls_client_connection_new (*connection, connectable, error); if (!tls_conn) { g_prefix_error (error, "Could not create TLS connection: "); return FALSE; } g_signal_connect (tls_conn, "accept-certificate", G_CALLBACK (accept_certificate), NULL); interaction = g_tls_console_interaction_new (); g_tls_connection_set_interaction (G_TLS_CONNECTION (tls_conn), interaction); g_object_unref (interaction); if (certificate) g_tls_connection_set_certificate (G_TLS_CONNECTION (tls_conn), certificate); g_object_unref (*connection); *connection = G_IO_STREAM (tls_conn); if (!g_tls_connection_handshake (G_TLS_CONNECTION (tls_conn), cancellable, error)) { g_prefix_error (error, "Error during TLS handshake: "); return FALSE; } } g_object_unref (connectable); if (*connection) { *istream = g_io_stream_get_input_stream (*connection); *ostream = g_io_stream_get_output_stream (*connection); } return TRUE; }