|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
<html>
|
|
Packit |
b00eeb |
<head>
|
|
Packit |
b00eeb |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|
|
Packit |
b00eeb |
<title>GcrCertificateChain: Gcr Library Reference Manual</title>
|
|
Packit |
b00eeb |
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
|
|
Packit |
b00eeb |
<link rel="home" href="index.html" title="Gcr Library Reference Manual">
|
|
Packit |
b00eeb |
<link rel="up" href="certificates.html" title="Part I. Certificates">
|
|
Packit |
b00eeb |
<link rel="prev" href="GcrPkcs11Certificate.html" title="GcrPkcs11Certificate">
|
|
Packit |
b00eeb |
<link rel="next" href="gcr-GcrCertificateRequest.html" title="GcrCertificateRequest">
|
|
Packit |
b00eeb |
<meta name="generator" content="GTK-Doc V1.27.1 (XML mode)">
|
|
Packit |
b00eeb |
<link rel="stylesheet" href="style.css" type="text/css">
|
|
Packit |
b00eeb |
</head>
|
|
Packit |
b00eeb |
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Top |
|
|
Packit |
b00eeb |
Description |
|
|
Packit |
b00eeb |
Object Hierarchy |
|
|
Packit |
b00eeb |
Properties
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificateChain
|
|
Packit |
b00eeb |
GcrCertificateChain — A certificate chain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Functions
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificateChain *
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_new ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_add ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificate *
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_certificate ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificateChainStatus
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_status ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificate *
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_anchor ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificate *
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_endpoint ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
guint
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_length ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_build ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_async ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_finish ()
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Properties
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
guint
|
|
Packit |
b00eeb |
length
|
|
Packit |
b00eeb |
Read
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GcrCertificateChainStatus
|
|
Packit |
b00eeb |
status
|
|
Packit |
b00eeb |
Read
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Types and Values
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
struct
|
|
Packit |
b00eeb |
GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
struct
|
|
Packit |
b00eeb |
GcrCertificateChainClass
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
enum
|
|
Packit |
b00eeb |
GcrCertificateChainStatus
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
enum
|
|
Packit |
b00eeb |
GcrCertificateChainFlags
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#define
|
|
Packit |
b00eeb |
GCR_TYPE_CERTIFICATE_CHAIN_FLAGS
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
#define
|
|
Packit |
b00eeb |
GCR_TYPE_CERTIFICATE_CHAIN_STATUS
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Object Hierarchy
|
|
Packit |
b00eeb |
GObject
|
|
Packit |
b00eeb |
╰── GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Description
|
|
Packit |
b00eeb |
GcrCertificateChain represents a chain of certificates, normally used to
|
|
Packit |
b00eeb |
validate the trust in a certificate. An X.509 certificate chain has one
|
|
Packit |
b00eeb |
endpoint certificate (the one for which trust is being verified) and then
|
|
Packit |
b00eeb |
in turn the certificate that issued each previous certificate in the chain.
|
|
Packit |
b00eeb |
This functionality is for building of certificate chains not for validating
|
|
Packit |
b00eeb |
them. Use your favorite crypto library to validate trust in a certificate
|
|
Packit |
b00eeb |
chain once its built.
|
|
Packit |
b00eeb |
The order of certificates in the chain should be first the endpoint
|
|
Packit |
b00eeb |
certificates and then the signing certificates.
|
|
Packit |
b00eeb |
Create a new certificate chain with gcr_certificate_chain_new() and then
|
|
Packit |
b00eeb |
add the certificates with gcr_certificate_chain_add() .
|
|
Packit |
b00eeb |
You can then use gcr_certificate_chain_build() to build the remainder of
|
|
Packit |
b00eeb |
the chain. This will lookup missing certificates in PKCS#11 modules and
|
|
Packit |
b00eeb |
also check that each certificate in the chain is the signer of the previous
|
|
Packit |
b00eeb |
one. If a trust anchor, pinned certificate, or self-signed certificate is
|
|
Packit |
b00eeb |
found, then the chain is considered built. Any extra certificates are
|
|
Packit |
b00eeb |
removed from the chain.
|
|
Packit |
b00eeb |
Once the certificate chain has been built, you can access its status
|
|
Packit |
b00eeb |
through gcr_certificate_chain_get_status() . The status signifies whether
|
|
Packit |
b00eeb |
the chain is anchored on a trust root, self-signed, incomplete etc. See
|
|
Packit |
b00eeb |
GcrCertificateChainStatus for information on the various statuses.
|
|
Packit |
b00eeb |
It's important to understand that the building of a certificate chain is
|
|
Packit |
b00eeb |
merely the first step towards verifying trust in a certificate.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Functions
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_new ()
|
|
Packit |
b00eeb |
GcrCertificateChain *
|
|
Packit |
b00eeb |
gcr_certificate_chain_new (void );
|
|
Packit |
b00eeb |
Create a new GcrCertificateChain.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
a newly allocated certificate chain.
|
|
Packit |
b00eeb |
[transfer full]
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_add ()
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_certificate_chain_add (GcrCertificateChain *self ,
|
|
Packit |
b00eeb |
GcrCertificate *certificate );
|
|
Packit |
b00eeb |
Add certificate
|
|
Packit |
b00eeb |
to the chain. The order of certificates in the chain are
|
|
Packit |
b00eeb |
important. The first certificate should be the endpoint certificate, and
|
|
Packit |
b00eeb |
then come the signers (certificate authorities) each in turn. If a root
|
|
Packit |
b00eeb |
certificate authority is present, it should come last.
|
|
Packit |
b00eeb |
Adding a certificate an already built chain (see
|
|
Packit |
b00eeb |
gcr_certificate_chain_build() ) resets the type of the certificate chain
|
|
Packit |
b00eeb |
to GCR_CERTIFICATE_CHAIN_UNKNOWN
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
certificate
|
|
Packit |
b00eeb |
a GcrCertificate to add to the chain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_certificate ()
|
|
Packit |
b00eeb |
GcrCertificate *
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_certificate (GcrCertificateChain *self ,
|
|
Packit |
b00eeb |
guint index );
|
|
Packit |
b00eeb |
Get a certificate in the chain. It is an error to call this function
|
|
Packit |
b00eeb |
with an invalid index.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
index
|
|
Packit |
b00eeb |
index of the certificate to get
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
the certificate.
|
|
Packit |
b00eeb |
[transfer none]
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_status ()
|
|
Packit |
b00eeb |
GcrCertificateChainStatus
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_status (GcrCertificateChain *self );
|
|
Packit |
b00eeb |
Get the status of a certificate chain. If the certificate chain has not
|
|
Packit |
b00eeb |
been built, then the status will be GCR_CERTIFICATE_CHAIN_UNKNOWN .
|
|
Packit |
b00eeb |
A status of GCR_CERTIFICATE_CHAIN_ANCHORED does not mean that the
|
|
Packit |
b00eeb |
certificate chain has been verified, but merely that an anchor has been
|
|
Packit |
b00eeb |
found.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
the status of the certificate chain.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_anchor ()
|
|
Packit |
b00eeb |
GcrCertificate *
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_anchor (GcrCertificateChain *self );
|
|
Packit |
b00eeb |
If the certificate chain has been built and is of status
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_ANCHORED , then this will return the anchor
|
|
Packit |
b00eeb |
certificate that was found. This is not necessarily a root certificate
|
|
Packit |
b00eeb |
authority. If an intermediate certificate authority in the chain was
|
|
Packit |
b00eeb |
found to be anchored, then that certificate will be returned.
|
|
Packit |
b00eeb |
If an anchor is returned it does not mean that the certificate chain has
|
|
Packit |
b00eeb |
been verified, but merely that an anchor has been found.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
the anchor certificate, or NULL if not anchored.
|
|
Packit |
b00eeb |
[transfer none]
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_endpoint ()
|
|
Packit |
b00eeb |
GcrCertificate *
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_endpoint (GcrCertificateChain *self );
|
|
Packit |
b00eeb |
Get the endpoint certificate in the chain. This is always the first
|
|
Packit |
b00eeb |
certificate in the chain. The endpoint certificate cannot be anchored.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
the endpoint certificate, or NULL if the chain
|
|
Packit |
b00eeb |
is empty.
|
|
Packit |
b00eeb |
[transfer none]
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_length ()
|
|
Packit |
b00eeb |
guint
|
|
Packit |
b00eeb |
gcr_certificate_chain_get_length (GcrCertificateChain *self );
|
|
Packit |
b00eeb |
Get the length of the certificate chain.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
the length of the certificate chain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_build ()
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
gcr_certificate_chain_build (GcrCertificateChain *self ,
|
|
Packit |
b00eeb |
const gchar *purpose ,
|
|
Packit |
b00eeb |
const gchar *peer ,
|
|
Packit |
b00eeb |
GcrCertificateChainFlags flags ,
|
|
Packit |
b00eeb |
GCancellable *cancellable ,
|
|
Packit |
b00eeb |
GError **error );
|
|
Packit |
b00eeb |
Complete a certificate chain. Once a certificate chain has been built
|
|
Packit |
b00eeb |
its status can be examined.
|
|
Packit |
b00eeb |
This operation will lookup missing certificates in PKCS#11
|
|
Packit |
b00eeb |
modules and also that each certificate in the chain is the signer of the
|
|
Packit |
b00eeb |
previous one. If a trust anchor, pinned certificate, or self-signed certificate
|
|
Packit |
b00eeb |
is found, then the chain is considered built. Any extra certificates are
|
|
Packit |
b00eeb |
removed from the chain.
|
|
Packit |
b00eeb |
It's important to understand that building of a certificate chain does not
|
|
Packit |
b00eeb |
constitute verifying that chain. This is merely the first step towards
|
|
Packit |
b00eeb |
trust verification.
|
|
Packit |
b00eeb |
The purpose
|
|
Packit |
b00eeb |
is a string like GCR_PURPOSE_CLIENT_AUTH and is the purpose
|
|
Packit |
b00eeb |
for which the certificate chain will be used. Trust anchors are looked up
|
|
Packit |
b00eeb |
for this purpose. This argument is required.
|
|
Packit |
b00eeb |
The peer
|
|
Packit |
b00eeb |
is usually the host name of the peer whith which this certificate
|
|
Packit |
b00eeb |
chain is being used. It is used to look up pinned certificates that have
|
|
Packit |
b00eeb |
been stored for this peer. If NULL then no pinned certificates will
|
|
Packit |
b00eeb |
be considered.
|
|
Packit |
b00eeb |
If the GCR_CERTIFICATE_CHAIN_NO_LOOKUPS flag is specified then no
|
|
Packit |
b00eeb |
lookups for anchors or pinned certificates are done, and the resulting chain
|
|
Packit |
b00eeb |
will be neither anchored or pinned. Additionally no missing certificate
|
|
Packit |
b00eeb |
authorities are looked up in PKCS#11
|
|
Packit |
b00eeb |
This call will block, see gcr_certificate_chain_build_async() for the
|
|
Packit |
b00eeb |
asynchronous version.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
purpose
|
|
Packit |
b00eeb |
the purpose the certificate chain will be used for
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
peer
|
|
Packit |
b00eeb |
the peer the certificate chain will be used with, or NULL .
|
|
Packit |
b00eeb |
[allow-none]
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
flags
|
|
Packit |
b00eeb |
chain completion flags
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
cancellable
|
|
Packit |
b00eeb |
a GCancellable or NULL
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
error
|
|
Packit |
b00eeb |
a GError or NULL
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
whether the operation completed successfully
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_async ()
|
|
Packit |
b00eeb |
void
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_async (GcrCertificateChain *self ,
|
|
Packit |
b00eeb |
const gchar *purpose ,
|
|
Packit |
b00eeb |
const gchar *peer ,
|
|
Packit |
b00eeb |
GcrCertificateChainFlags flags ,
|
|
Packit |
b00eeb |
GCancellable *cancellable ,
|
|
Packit |
b00eeb |
GAsyncReadyCallback callback ,
|
|
Packit |
b00eeb |
gpointer user_data );
|
|
Packit |
b00eeb |
Complete a certificate chain. Once a certificate chain has been built
|
|
Packit |
b00eeb |
its status can be examined.
|
|
Packit |
b00eeb |
This will lookup missing certificates in PKCS#11
|
|
Packit |
b00eeb |
modules and also that each certificate in the chain is the signer of the
|
|
Packit |
b00eeb |
previous one. If a trust anchor, pinned certificate, or self-signed certificate
|
|
Packit |
b00eeb |
is found, then the chain is considered built. Any extra certificates are
|
|
Packit |
b00eeb |
removed from the chain.
|
|
Packit |
b00eeb |
It's important to understand that building of a certificate chain does not
|
|
Packit |
b00eeb |
constitute verifying that chain. This is merely the first step towards
|
|
Packit |
b00eeb |
trust verification.
|
|
Packit |
b00eeb |
The purpose
|
|
Packit |
b00eeb |
is a string like GCR_PURPOSE_CLIENT_AUTH and is the purpose
|
|
Packit |
b00eeb |
for which the certificate chain will be used. Trust anchors are looked up
|
|
Packit |
b00eeb |
for this purpose. This argument is required.
|
|
Packit |
b00eeb |
The peer
|
|
Packit |
b00eeb |
is usually the host name of the peer whith which this certificate
|
|
Packit |
b00eeb |
chain is being used. It is used to look up pinned certificates that have
|
|
Packit |
b00eeb |
been stored for this peer. If NULL then no pinned certificates will
|
|
Packit |
b00eeb |
be considered.
|
|
Packit |
b00eeb |
If the GCR_CERTIFICATE_CHAIN_NO_LOOKUPS flag is specified then no
|
|
Packit |
b00eeb |
lookups for anchors or pinned certificates are done, and the resulting chain
|
|
Packit |
b00eeb |
will be neither anchored or pinned. Additionally no missing certificate
|
|
Packit |
b00eeb |
authorities are looked up in PKCS#11
|
|
Packit |
b00eeb |
When the operation is finished, callback
|
|
Packit |
b00eeb |
will be called. You can then call
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_finish() to get the result of the operation.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
purpose
|
|
Packit |
b00eeb |
the purpose the certificate chain will be used for
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
peer
|
|
Packit |
b00eeb |
the peer the certificate chain will be used with, or NULL .
|
|
Packit |
b00eeb |
[allow-none]
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
flags
|
|
Packit |
b00eeb |
chain completion flags
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
cancellable
|
|
Packit |
b00eeb |
a GCancellable or NULL
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
callback
|
|
Packit |
b00eeb |
this will be called when the operation completes.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
user_data
|
|
Packit |
b00eeb |
data to pass to the callback
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_finish ()
|
|
Packit |
b00eeb |
gboolean
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_finish (GcrCertificateChain *self ,
|
|
Packit |
b00eeb |
GAsyncResult *result ,
|
|
Packit |
b00eeb |
GError **error );
|
|
Packit |
b00eeb |
Finishes an asynchronous operation started by
|
|
Packit |
b00eeb |
gcr_certificate_chain_build_async() .
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Parameters
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
self
|
|
Packit |
b00eeb |
the GcrCertificateChain
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
result
|
|
Packit |
b00eeb |
the GAsyncResult passed to the callback
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
error
|
|
Packit |
b00eeb |
a GError, or NULL
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Returns
|
|
Packit |
b00eeb |
whether the operation succeeded
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Types and Values
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
struct GcrCertificateChain
|
|
Packit |
b00eeb |
struct GcrCertificateChain;
|
|
Packit |
b00eeb |
A chain of certificates.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
struct GcrCertificateChainClass
|
|
Packit |
b00eeb |
struct GcrCertificateChainClass {
|
|
Packit |
b00eeb |
GObjectClass parent_class;
|
|
Packit |
b00eeb |
};
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The class for GcrCertificateChain.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Members
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
enum GcrCertificateChainStatus
|
|
Packit |
b00eeb |
The status of a built certificate chain. Will be set to
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_UNKNOWN for certificate chains that have not been
|
|
Packit |
b00eeb |
built.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Members
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_UNKNOWN
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The certificate chain's status is unknown.
|
|
Packit |
b00eeb |
When a chain is not yet built it has this status. If a chain is modified after
|
|
Packit |
b00eeb |
being built, it has this status.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_INCOMPLETE
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
A full chain could not be loaded. The
|
|
Packit |
b00eeb |
chain does not end with a self-signed certificate, a trusted anchor, or a
|
|
Packit |
b00eeb |
pinned certificate.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_DISTRUSTED
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The certificate chain contains a revoked
|
|
Packit |
b00eeb |
or otherwise explicitly distrusted certificate. The entire chain should
|
|
Packit |
b00eeb |
be distrusted.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_SELFSIGNED
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The chain ends with a self-signed
|
|
Packit |
b00eeb |
certificate. No trust anchor was found.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_PINNED
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The chain represents a pinned certificate. A
|
|
Packit |
b00eeb |
pinned certificate is an exception which trusts a given certificate
|
|
Packit |
b00eeb |
explicitly for a purpose and communication with a certain peer.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_ANCHORED
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The chain ends with an anchored
|
|
Packit |
b00eeb |
certificate. The anchored certificate is not necessarily self-signed.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
enum GcrCertificateChainFlags
|
|
Packit |
b00eeb |
Flags to be used with the gcr_certificate_chain_build() operation.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Members
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_NONE
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
no flags
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_CERTIFICATE_CHAIN_NO_LOOKUPS
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
If this flag is specified then no
|
|
Packit |
b00eeb |
lookups for anchors or pinned certificates are done, and the resulting chain
|
|
Packit |
b00eeb |
will be neither anchored or pinned. Additionally no missing certificate
|
|
Packit |
b00eeb |
authorities are looked up in PKCS#11.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_TYPE_CERTIFICATE_CHAIN_FLAGS
|
|
Packit |
b00eeb |
#define GCR_TYPE_CERTIFICATE_CHAIN_FLAGS (gcr_certificate_chain_flags_get_type ())
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The flags GType for GcrCertificateChainFlags.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GCR_TYPE_CERTIFICATE_CHAIN_STATUS
|
|
Packit |
b00eeb |
#define GCR_TYPE_CERTIFICATE_CHAIN_STATUS (gcr_certificate_chain_status_get_type ())
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The enum GType for GcrCertificateChainStatus.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Property Details
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The “length” property
|
|
Packit |
b00eeb |
“length” guint
|
|
Packit |
b00eeb |
The length of the certificate chain.
|
|
Packit |
b00eeb |
Flags: Read
|
|
Packit |
b00eeb |
Default value: 0
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
The “status” property
|
|
Packit |
b00eeb |
“status” GcrCertificateChainStatus
|
|
Packit |
b00eeb |
The certificate chain status. See GcrCertificateChainStatus
|
|
Packit |
b00eeb |
Flags: Read
|
|
Packit |
b00eeb |
Default value: GCR_CERTIFICATE_CHAIN_UNKNOWN
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Generated by GTK-Doc V1.27.1
|
|
Packit |
b00eeb |
</body>
|
|
Packit |
b00eeb |
</html>
|