diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..4362b49 --- /dev/null +++ b/COPYING @@ -0,0 +1,502 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + , 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it! diff --git a/LICENSE_EXCEPTION b/LICENSE_EXCEPTION new file mode 100644 index 0000000..dea39f5 --- /dev/null +++ b/LICENSE_EXCEPTION @@ -0,0 +1,14 @@ + + LICENSE EXCEPTION FOR OPENSSL + + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library, and distribute linked combinations + * including the two. + * You must obey the GNU Library General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..3a1c075 --- /dev/null +++ b/NEWS @@ -0,0 +1,771 @@ +2.56.1 - May 21, 2018 +===================== + +- Fix build with PKCS#11 backend disabled (#794292, Tom Schoonjans) +- Various meson build system fixes (#794358 and #794372) +- Tests are now compatible with GnuTLS 3.6 (#794286) + +2.56.0 - March 20, 2018 +======================= + +- Updated translations + +2.55.90 - February 12, 2018 +=========================== + +- Fix unit tests when SSLv3 is unavailable (#782853) +- Allow static linking (#791100, Xavier Claessens) +- Fix issues found by coverity (#792402, Philip Withnall) +- Remove TLS build option; it is now mandatory +- Try to ensure that GnuTLS is only initialized if TLS is actually used +- Update use of GObject to follow current best practices +- Use XDG_CURRENT_DESKTOP to determine which proxy module to load + +2.55.2 - December 13, 2017 +========================== + + * Fix glib-pacrunner.service installation directory + [#790367, Michael Catanzaro] + + * Updated translations: Hebrew, Indonesian, Spanish + +2.55.1 - November 13, 2017 +========================== + + * Implement DTLS support [#697908, Philip Withnall and Olivier Crête] + + * Fix using different client certs for different connections + [#781578, Martin Pitt] + + * Port to Meson build system [#786639, Iñigo Martínez] + + * Updated translations: Catalan (Valencian), Croatian, Czech, German, + Greek, Norwegian bokmål, Persian, Slovenian + +2.54.0 +====== + * New/updated translations: Basque, Belarusian, Brazilian + Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish, + Dutch, French, Galician, Hungarian, Italian, Korean, Latvian, + Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish, + Turkish + +2.53.90 +======= + * gnutls: Stop using %LATEST_RECORD_VERSION in priority string, + since that gives better compatibility with current gnutls / + current real world. [#782218, Michael Catanzaro] + + * gnutls: Provide a better error message when a TLS alert is + received. [#782218, Michael Catanzaro] + + * New/updated translations: Croatian, Czech, Esperanto, Friulian, + German, Indonesian, Italian, Kazakh, Slovenian, Spanish + +2.50.0 +====== + * New stable release. + + * Updated translations: British English, Polish + +2.49.90 +======= + * Ported to use upstream gettext rather than intltool/glib-gettext + [#768708, Javier Jardón] + + * Updated po files for future gettext versions [Piotr Drąg] + + * Fixed translation lookup on Windows [#765466, Chun-wei Fan] + + * Updated translations: Occitan + +2.48.2 +====== + * gnutls: Fixed an infinite loop if a server sent two identical + copies of its CA certificate [#765317, Carlos Garcia Campos] + + * New/updated translations: Occitan, Scottish Gaelic + +2.48.1 +====== + * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan] + + * Fixed bash-ism in configure [#765396, Patrick Welche] + + * Updated translations: Friulian + +2.48.0 +====== + * New stable release. (No changes since 2.47.90) + +2.47.90 +======= + * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate + validation code directly, rather than attempting to build a + certificate chain itself first. [#753260 and others, Dan Winship] + + * gnutls: Fixed a leak when closing a connection during an implicit + handshake [#736809, Philip Withnall] + + * gnutls: Fixed "make check" without PKCS#11 support [#728977, + Gilles Dartiguelongue] + + * gnutls: Various changes in preparation for DTLS support (but not + the actual DTLS support itself) [#697908, #735754, Philip + Withnall, Olivier Crête] + + * Updated translations: Occitan + +2.47.1 +====== + * Fixed a certificate chain validation problem that affected + Facebook in Epiphany. [#750457, Carlos Garcia Campos] + + * Added a systemd service file for glib-pacrunner [#755740, Simon + McVittie] + +2.46.0 +====== + * Various minor cleanups and small memory leak fixes + + * Added a new test case for client certificate chain handling + [#754129, Michael Catanzaro] + + * New/updated translations: + Japanese, Occitan, Portuguese + +2.45.1 +====== + * tls/gnutls: Implement g_tls_client_connection_copy_session_state(), + to allow implementing FTP-over-TLS in gvfs. (#745255, Ross + Lagerwall) + +2.44.0 +====== + * New stable release. (No changes since 2.43.92) + +2.43.92 +======= + * Fix TLS session caching when using session tickets (#745099, Ross + Lagerwall) + + * Updated translations: + Bosnian + +2.43.91 +======= + * tls/gnutls: Removed a workaround for connecting to servers with + weak DH parameters, which was apparently only needed because + gnutls was prioritizing DHE over RSA. (Michael Catanzaro) + (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8) + + * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1 + and 2.43.1 accidentally used a 3.x-only function, so we already + required it, we were just failing to declare that fact.) + + * tls/tests: Skip certain tests when running against old gnutls or + GLib releases. (glib-networking 2.43.91 itself does not require + GLib 2.43, but one of the test cases does.) + + * Updated translations: + Friulian + +2.43.1 +====== + + * The GTlsClientConnection "use-ssl3" property now falls back to TLS + 1.0 if SSL 3.0 has been disabled, rather than just failing. Also, + we now use the gnutls %LATEST_RECORD_VERSION option by default (to + allow connecting to certain servers that were incorrectly patched + for the POODLE attack), but also make sure to remove that option + in the fallback ("use-ssl3") mode (to allow connecting to other + servers that are differently broken). (#738633, #740087, Dan + Winship) + + * tls/gnutls: Miscellaneous warning, debugging, and leak fixes + (#736757, #736809, #737106, Philip Withnall) + + * New/updated translations: + Kazakh + +2.42.0 +====== + * New stable release. (No changes since 2.41.92) + +2.41.92 +======= + * tls/gnutls: Incorrectly-ordered certificate chains are now + accepted (#683266, Michael Catanzaro) + + * tls/gnutls: Closing an already-closed GTlsConnection now correctly + returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier + Crête) + +2.41.4 +====== + * tls/gnutls: certificates with IP address subject altnames are now + supported (#726596, Aleix Conchillo Flaqué) + + * tls/tests: added a script to re-generate the certificates, and + regenerated them (since the key for the existing CA certificate + had been lost, so it wasn't possible to add new test certificates, + eg, for IP SAN). (#733365, Aleix Conchillo Flaqué) + + * Updated translations: + Greek + +2.41.3 +====== + * tls/gnutls: g_tls_backend_get_default_database() should never + return %NULL; if glib-networking was built without a + ca-certificates file, then the default GTlsDatabase should just be + empty. (#727282, Olivier Crête) + + * tls/gnutls: If a server's certificate includes an issuer chain, we + now send the entire chain to the client. (#724708, Aleix Conchillo + Flaqué) + + * Updated translations: + Swedish + +2.40.0 +====== + * New stable release. (No changes since 2.39.90) + +2.39.90 +======= + * tls/gnutls: Avoid trying to update a destroyed GSource (#723774, + Philip Withnall) + + * tls/tests: Fix another flaky test (#722336) + + * tests: use the TAP driver + + * Updated translations: + Chinese, Czech + +2.39.3 +====== + * tls/tests: Fix one sporadic bug in the connection test (#720081) + and make it properly fail rather than hanging forever when another + sporadic bug happens (which I don't actually know the cause of) + (#719727) + + * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan + Lortie) + +2.39.1 +====== + * tls/gnutls: Use g_tls_interaction_invoke_request_certificate() + when processing a certificate request. (#637257, Stef Walter) + + * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection + correctly rather than reporting "The specified session has + been invalidated for some reason". (#710700, Aleix Concillo + Flaque) + + * tls/tests: Fix to previous installed-tests fix, which resulted + in some files getting installed even when installed tests weren't + enabled. (#710197) + + * tls/tests: add a test for a fix made in glib (#710691, Aleix + Conchillo Flaque). + +2.38.1 +====== + * glibpacrunner: Don't crash if there is an internal libproxy error. + (rhbz #866927) + + * tls/tests: Fix installed tests to not accidentally depend on + having the source tree still exist. (#709628) + + * Updated translations: + Tajik + +2.38.0 +====== + * New stable release. (No changes since 2.37.5) + +2.37.5 +====== + * gnutls: minimum version is now 2.12.8 (with 3.x preferred...) + + * glib-networking now supports the --enable-installed-tests flag, to + install its test programs to run at other times (ie, after + updating glib) + +2.37.4 +====== + * proxy/gnome: further improve GNOME session detection (#701377) + + * gnutls: don't crash if $G_TLS_GNUTS_PRIORITY is invalid (#701693) + +2.37.2 +====== + * proxy/gnome: Improve session-type detection to include + gnome-classic and anything else starting with "gnome" (#700607, + Giovanni Campagna) + + * proxy/libproxy: make SOCKS work when using the async API (#699359, + Dan) + + * proxy/tests: make the libproxy test program use the just-built + plugin rather than the installed one. Oops (#700286, Iain Lane) + + * proxy/tests: fix to not error out if neither proxy module is built + (#700628, Dan) + + * tls/tests: fix a sporadic crash (Dan) + +2.37.1 +====== + * gnutls: Fixed a bug that could cause hangs and/or bursts of CPU + usage in some cases. (#696881, Olivier Crête) + + * gnutls: Fixed CFLAGS when building with gnutls in a different + prefix. (#696519, Emmanuel Pacaud) + + * gnutls: Fixed a hang while rehandshaking with gnutls 3.x (#695062, + Dan) + + * gnutls: Fixed a handshaking crash in multithreaded use (#697754, + Olivier Crête) + + * proxy/gnome: Fix "automatic" mode, which was mistakenly being + treated as "none" (Dan) + + * proxy/gnome: Use this in Unity sessions as well as GNOME ones. + (#698936, Iain Lane) + + * New/Updated translations: + Friulian, Indonesian, Turkish + +2.36.0 +======= + * New/Updated translations: + Assamese, Basque, Belarusian, Catalan (Valencian), Catalan, + Danish, Finnish, Hindi, Korean, Latvian, Persian, Portuguese, + Russian, Slovak, Tadjik, Thai + +2.35.9 +====== + * Fixed one kind of handshake failure to return the correct error + code under gnutls 3.x (allowing libsoup to recognize the error and + do fallback to SSL 3.0). (#694812) + + * Updated translations: + Chinese (traditional), French, German, Punjabi, Uyghur, + Vietnamese + +2.35.8 +====== + * proxy/gnome: ported to new GSimpleProxyResolver, and added more + tests + + * gnutls: Fixed a small per-connection leak (#693718) + + * tls/tests: Fixed several race conditions that caused spurious + failures. (#693720) + + * Updated translations: + Malayalam + +2.35.6 +====== + * proxy/gnome: Fixed several bugs: + + * Multithreaded usage could result in crashes + + * In "automatic" mode, synchronous lookups would obey + ignore-hosts, but asynchronous lookups would not. (Now they + both do.) + + * lookup_async() would never notice if the proxy settings + switched from "automatic" to "manual" or "none" (and would + make a synchronous D-Bus call when switching in the other + direction). + + * If given an invalid URI, lookup_async() would return a + successful result (and leak the GError that it was supposed + to have returned), and lookup() would return both the error + and the proxy (leaking one or the other, depending on how + the caller behaved). + + * Updated translations: + Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur + +2.35.4 +====== + * proxy/gnome: The tests should now work correctly even if + run from a non-GNOME environment. (Robert Ancell) + + * Updated translations: + Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek, + Hungarian, Slovenian + +2.35.3 +====== + * build: The TLS tests are now not built if you are building without + gnutls support. (Saleem Abdulrasool) + + * gnutls: Several handshaking fixes: + + * Fix a hang when doing a synchronous close() immediately + after cancelling an asynchronous handshake() (which would + happen in libsoup if you cancelled a message at the right + time). (#688751, Dan) + + * Avoid an assertion when an implicit handshake fails + (#689274, Stef) + + * Fixed GTlsServerConnection:authentication-mode to work + again, and added a regression test for this. (#689259, Stef) + + * Return the appropriate error + (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails + because the server required a certificate but none was + provided, and added a test for this. (#689260, Stef) + + * Make g_io_stream_close() finish successfully after a failed + handshake (#689260, Stef) + + * Make g_io_stream_close() finish successfully before a + handshake (#689271, Stef) + + * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib + 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some + cases. (Previously this error showed up as just G_IO_ERROR_FAILED.) + (Dan) + + * proxy/gnome: This is now only used in GNOME login sessions (as, + essentially, a more efficient version of the libproxy GNOME + backend); in non-GNOME sessions, gio will now fall back to the + libproxy plugin, allowing environment variables or other libproxy + settings backends to be used. + + * New/Updated translations: + Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish + +2.35.1 +====== + * Update for glib 2.35.1; remove g_type_init() calls and port to + GTask. + + * Updated translations: + Estonian + +2.34.0 +====== + * Updated translations: + Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese + (Simplified), Hindi, Japanese, Thai + +2.33.14 +======= + * Updated translations: + Brazilian Portuguese, British English, Czech, Danish, Finnish, + French, German, Korean, Punjabi + +2.33.12 +======= + * gnutls: Revert the addition of the certificate-bytes and + private-key-bytes properties to GTlsCertificateGnutls, since they + were reverted in glib. (#682081, Stef) + + * Updated translations: + Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish, + Polish, Vietnamese + +2.33.10 +======= + * gnutls: Improved the certificate verifying code to deal with the + case of a CA being reissued with the same key but a different + signature algorithm. (#681299, Stef) + + * gnutls: Fixed an uninitialized variable in + g_tls_connection_gnutls_close(). (#681636) + + * Updated translations: + Assamese, Portuguese, Telugu + +2.33.8 +====== + * gnutls: If a GTlsConnection gets an error when handshaking, it + will now continue to return that error message on future I/O + attempts, rather than behaving in an undefined manner. + + * gnutls: You can now read from a GTlsConnection's input stream and + write to its output stream at the same time (either in different + threads, or asynchronously in a single thread). (#660252) + + * Updated translations: + Chinese (traditional), Galician, Greek, Hebrew, Lithuanian, + Norwegian bokmål, Russian, Serbian, Slovenian, Spanish + +2.33.3 +====== + * Updated autogen.sh (in particular to support automake 1.12) + (#675261) + + * gnutls: fix the use-system-certdb property on GTlsConnectionGnutls + (previously, setting it to FALSE was a no-op). + + * Updated translations: + Dutch, Greek, Indonesian + +2.33.2 +====== + * gnutls: simplify using new glib pollable stream methods + + * proxy/gnome: fix a bug that made it impossible to use SOCKS + without also having a separate http proxy. + +2.32.1 +====== + * gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check + for to use as the default CA list. (This is what openSUSE uses.) + (#673944, Federico Mena Quintero) + + * Updated translations: + Catalan (Valencian), Marathi, Odia, Persian + +2.32.0 +====== + * New/updated translations: + Hindi, Japanese, Khmer, Latvian, Malayalam + +2.31.22 +======= + * Updated translations: + British English, Catalan, Finnish, Lithuanian, Portuguese, + Telugu + +2.31.20 +======= + * gnutls: Fixed a linking problem on some platforms when PKCS#11 is + enabled. (#670956, Kalev Lember) + + * Updated translations: + Assamese, Basque, Belarusian, Brazilian Portuguese, Danish, + Estonian, French, German, Hungarian, Italian, Korean, Polish, + Russian, Serbian + +2.31.16 +======= + * gnutls: Fixed a TLS handshaking bug that in particular caused lots + of crashes in epiphany. (#658771) + + * tls/tests: Fixed a bug in the pkcs11-pin test that could cause it + to spuriously fail + + * Updated translations: + Bulgarian, Chinese (traditional), Czech, Japanese, + Norwegian bokmål, Turkish, Vietnamese + +2.31.6 +====== + * gnutls + * Support gnutls built against nettle instead of gcrypt + (#657306) + + * Implement TLS session caching for GTlsServerConnection + (#636574) + + * tls/tests: Explicitly request the memory GSettings backend, to + avoid warnings in partial jhbuild environments + + * proxy/gnome: Update to use GInetAddressMask + + * Updated translations: + Chinese (simplified), Hebrew, Norwegian bokmål, Slovenian, + Swedish, Ukranian + +2.31.2 +====== + * gnutls + * Added gnutls-pkcs11 backend, which uses gnutls 2.12.8 and + p11-kit (a new optional dependency) to provide access to + PKCS#11 tokens. At the moment, this is only enabled if you + set GIO_USE_TLS=gnutls-pkcs11 in the environment. (Stef, + #656361) + + * GTlsCertificateGnutls can now read unencrypted PKCS#8 keys + (which show "BEGIN PRIVATE KEY" in PEM form) in addition to + the previously-supported PKCS#1 keys ("BEGIN RSA PRIVATE + KEY"). + + * Updated translations: + Galician, German, Lithuanian, Norwegian bokmål, Spanish, + Turkish + +2.31.0 +====== + * gnutls + * Bumped required GNUTLS version to 2.11.0 and updated + code for that (Stef, #656903) + + * Fixed a crash when passing a NULL GCancellable to + g_tls_connection_close_async() (Dan, #659786) or a NULL + GError to g_tls_file_database_new(). + + * Fixed handling of self-signed CA certificates in + GTlsDatabaseGnutls (Dan, #660508) + + * Added another G_TLS_ERROR_NOT_TLS (aka "dumb server, try + falling back from TLS to SSLv3") case, when the handshake + completes but then packets after that don't decrypt + correctly. (Dan, #662104) + + * Made sure that GTlsConnection:peer-certificate and + :peer-certificate-errors get set even when the peer + certificate is rejected. (Dan) + + * proxy/gnome + * Fixed ignore_hosts handling (Dan, #655581) + + * Fixed configure check so that "--without-gnome-proxy" works. + (Alexandre Rostovtsev, #662203) + + * Fixed tests to only build the gnome proxy test if we're + building the gnome proxy. (Kalev Lember, #662085) + + * New translations: + Telugu + +2.30.0 +====== + * Updated translation: + Thai + +2.29.92 +======= + * New/updated translations: + Belarusian, Tamil, Japanese + + * gnutls: Fixed a problem when linking against GNUTLS 3.0, where + connections would sometimes return the error "The TLS connection + was non-properly terminated". (Dan Winship, #659233) + + * gnutls: Plugged a few memory leaks (Dan Winship) + +2.29.18 +======= + * gnutls: fixed two rehandshaking bugs; one in which a client + would erroneously report an error after successfully rehandshaking + (Igor Makarov, #653645), and one where initiating an asynchronous + rehandshake on the server side would send illegal packets and + cause the client to disconnect (Dan Winship). + + * gnutls: made GTlsDatabaseGnutls and GTlsFileDatabaseGnutls + properly cancellable (Stef Walter) + + * gnutls: fixed the client-side session cache to not share session + IDs between different virtual hosts on the same IP address, which + caused problems with some servers. (Dan Winship, #581342) + + * tls: Fixed up the tls test program so it can be run from "make + check" (Stef Walter) + + * New translations: + Persian + +2.29.15 +======= + * gnutls: implement GTlsDatabase (Stef Walter, #636572) + + * gnutls: override minimum key length, to allow connecting to HTTP + servers with very small keys (eg, on some embedded devices). (Dan + Winship, #652284). + + * gnutls: use %COMPAT mode, which makes GNUTLS behave more like + OpenSSL/NSS/Windows in a few ways, making it work with certain + broken HTTP servers. (Dan Winship, part of #581342) + + * gnutls: fixed a crash when passed a NULL GError (Dan Winship) + +2.29.9 +====== + * Optimized GDBus usage in PACRunner (davidz) + + * Fixed a race condition in GProxyResolverGnome (davidz) + + * Changed configure to --enable-maintainer-mode by default, + to match glib + + * New translations: + Belarusian, Catalan (Valencian), Esperanto, Finnish, + Lithuanian + +2.28.6 +====== + * Fixed some leaks in the gnutls backend + + * New translations: + Turkish + +2.28.5 +====== + * New/updated translations: + Basque, Brazilian Portuguese, Chinese (Traditional), Danish, + Hindi, Kannada, Marathi, Uyghur + +2.28.4 +====== + * Added a new proxy backend, GProxyResolverGnome, that uses + GSettings and the network proxy schemas from + gsettings-desktop-schemas to provide proxy information (and using + a new D-Bus service provided by the libproxy backend to provide + PAC/WPAD support). + + If you are building glib-networking in a GNOME 3.0 environment, + you should make sure that gsettings-desktop-schemas.pc is + available when building, so that this backend gets built. + + * New translations: + Assamese, Latvian, Oriya, Serbian + +2.28.0 +====== + * Fixed broken libtool check in autogen.sh that failed for libtool + 2.4 (Dan Williams) + + * New/updated translations: + Bengali (India), Catalan, Chinese (Simplified), Chinese + (Traditional), Czech, Dutch, Estonian, Galician, German, + Greek, Gujarati, Hebrew, Indonesian, Italian, Korean, + Norwegian (Bokmål), Polish, Punjabi, Slovenian, Spanish, + Swedish, Uyghur, Ukranian + +2.27.90 +======= + * Fixed configure script to actually error out if installed glib + version is too old (Emilio Pozuelo Monfort) + + * gnutls: updated GTlsClientConnectionGnutls for :accepted-cas type + change (Stef Walter) + * gnutls: fixed an uninitialized variable (Dan Winship) + +2.27.5 +====== + * gnutls: finish implementing GTlsRehandshakeMode, which was present + but non-functional in 2.27.4 + * gnutls: updates for glib TLS API changes + * gnutls: fix some async bugs that caused the main loop to spin + * gnutls: implement a client-side session cache, to speed up + handshakes + + * Compile with gcc warnings by default + +2.27.4 +====== + * GNUTLS-based implementation of GTlsBackend + +2.26.0 +====== + + * No changes, just a version bump + +2.25.0 +====== + + * Initial release, with libproxy-based GProxyResolver diff --git a/README b/README new file mode 100644 index 0000000..c586dbc --- /dev/null +++ b/README @@ -0,0 +1,4 @@ +Network-related giomodules for glib. + +File bugs against +http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network diff --git a/find-ca-certificates b/find-ca-certificates new file mode 100755 index 0000000..4c5fd8f --- /dev/null +++ b/find-ca-certificates @@ -0,0 +1,20 @@ +#!/usr/bin/env python3 + +import errno +import os +import sys + +locations = [ '/etc/pki/tls/certs/ca-bundle.crt', + '/etc/ssl/certs/ca-certificates.crt', + '/etc/ssl/ca-bundle.pem' +] + +if len(sys.argv) > 1: + locations.insert(0, sys.argv[1]) + +for location in locations: + if os.path.isfile(location): + sys.stdout.write(location) + sys.exit(0) + +sys.exit(errno.ENOENT) diff --git a/glib-networking.doap b/glib-networking.doap new file mode 100644 index 0000000..e552b8b --- /dev/null +++ b/glib-networking.doap @@ -0,0 +1,25 @@ + + + glib-networking + Network extensions for GLib + glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies. + +Currently it contains a GNUTLS-based implementation of GTlsBackend, a libproxy-based implementation of GProxyResolver, and a GNOME GProxyResolver that uses the proxy information from the GSettings schemas in gsettings-desktop-schemas. + + + + + C + + + + Michael Catanzaro + + mcatanzaro + + + diff --git a/glib-networking.map b/glib-networking.map new file mode 100644 index 0000000..2418609 --- /dev/null +++ b/glib-networking.map @@ -0,0 +1,9 @@ +{ +global: + g_io_*_load; + g_io_*_unload; + g_io_*_query; + _gnutls_global_init_skip; +local: + *; +}; diff --git a/meson.build b/meson.build new file mode 100644 index 0000000..1e6b29e --- /dev/null +++ b/meson.build @@ -0,0 +1,130 @@ +project( + 'glib-networking', 'c', + version: '2.56.1', + license: 'LGPL2.1+', + meson_version: '>= 0.43.0', + default_options: ['c_std=c11'] +) + +prefix = get_option('prefix') +datadir = join_paths(prefix, get_option('datadir')) +libdir = join_paths(prefix, get_option('libdir')) +libexecdir = join_paths(prefix, get_option('libexecdir')) +localedir = join_paths(prefix, get_option('localedir')) + +installed_tests_metadir = join_paths(datadir, 'installed-tests', meson.project_name()) +installed_tests_execdir = join_paths(libexecdir, 'installed-tests', meson.project_name()) + +cc = meson.get_compiler('c') + +config_h = configuration_data() + +config_h.set_quoted('GETTEXT_PACKAGE', meson.project_name()) + +# compiler flags +common_flags = [ + '-DHAVE_CONFIG_H', + '-DG_LOG_DOMAIN="GLib-Net"', + '-DLOCALE_DIR="@0@"'.format(localedir), + '-DG_DISABLE_DEPRECATED', + '-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_56' +] + +add_project_arguments(common_flags, language: 'c') + +symbol_map = join_paths(meson.current_source_dir(), meson.project_name() + '.map') + +module_ldflags = [] + +if host_machine.system().contains('linux') + test_ldflag = '-Wl,--version-script,' + symbol_map + + module_ldflags += cc.get_supported_arguments(test_ldflag) +endif + +# *** Check GLib GIO *** +glib_dep = dependency('glib-2.0', version: '>= 2.55.1') +gio_dep = dependency('gio-2.0') + +gio_module_dir = gio_dep.get_pkgconfig_variable('giomoduledir', + define_variable: ['libdir', libdir]) +assert(gio_module_dir != '', 'GIO_MODULE_DIR is missing from gio-2.0.pc') + +# *** Checks for LibProxy *** +enable_libproxy_support = get_option('libproxy_support') +if enable_libproxy_support + libproxy_dep = dependency('libproxy-1.0', version: '>= 0.3.1', required: true) +endif + +# *** Checks for GNOME *** +enable_gnome_proxy_support = get_option('gnome_proxy_support') +if enable_gnome_proxy_support + gsettings_desktop_schemas_dep = dependency('gsettings-desktop-schemas', required: true) +endif + +# *** Checks for GnuTLS *** +gnutls_dep = dependency('gnutls', version: '>= 3.3.5', required: true) + +msg = 'location of system Certificate Authority list: ' +res = run_command(join_paths(meson.source_root(), 'find-ca-certificates'), get_option('ca_certificates_path')) +assert(res.returncode() == 0, msg + ' could not find any CA certificate store. Use -Dca_certificates_path=PATH to set') +ca_certificates_path = res.stdout().strip() +message(msg + ca_certificates_path) +config_h.set_quoted('GTLS_SYSTEM_CA_FILE', ca_certificates_path, description: 'The system CA list') + +# *** Checks for p11-kit *** +enable_pkcs11_support = get_option('pkcs11_support') +if enable_pkcs11_support + pkcs11_dep = dependency('p11-kit-1', version: '>= 0.20', required: true) + + config_h.set('HAVE_PKCS11', enable_pkcs11_support, + description: 'Building with PKCS#11 support') +endif + +configure_file( + output: 'config.h', + configuration: config_h +) + +gnome = import('gnome') +i18n = import('i18n') +pkg = import('pkgconfig') + +po_dir = join_paths(meson.source_root(), 'po') + +top_inc = include_directories('.') +tls_inc = include_directories('tls') + +subdir('po') + +enable_installed_tests = get_option('installed_tests') +test_template = files('template.test.in') + +if enable_libproxy_support or enable_gnome_proxy_support + proxy_test_programs = [] + + if enable_libproxy_support + subdir('proxy/libproxy') + endif + + if enable_gnome_proxy_support + subdir('proxy/gnome') + endif + + subdir('proxy/tests') +endif + +if enable_pkcs11_support + subdir('tls/pkcs11') +endif + +subdir('tls/gnutls') +subdir('tls/tests') + +meson.add_install_script('meson_post_install.py', gio_module_dir) + +output = '\n\n libproxy support: ' + enable_libproxy_support.to_string() + '\n' +output += ' GNOME proxy support: ' + enable_gnome_proxy_support.to_string() + '\n' +output += ' PKCS#11 support: ' + enable_pkcs11_support.to_string() + '\n' +output += ' TLS CA file: ' + ca_certificates_path + '\n' +message(output) diff --git a/meson_options.txt b/meson_options.txt new file mode 100644 index 0000000..8cf58ed --- /dev/null +++ b/meson_options.txt @@ -0,0 +1,6 @@ +option('libproxy_support', type: 'boolean', value: true, description: 'support for libproxy proxy configration') +option('gnome_proxy_support', type: 'boolean', value: true, description: 'support for GNOME desktop proxy configuration') +option('ca_certificates_path', type: 'string', value: '', description: 'path to system Certificate Authority list') +option('pkcs11_support', type: 'boolean', value: true, description: 'support for PKCS#11 using p11-kit') +option('installed_tests', type: 'boolean', value: false, description: 'enable installed tests') +option('static_modules', type: 'boolean', value: false, description: 'build static modules') diff --git a/meson_post_install.py b/meson_post_install.py new file mode 100644 index 0000000..3082d42 --- /dev/null +++ b/meson_post_install.py @@ -0,0 +1,9 @@ +#!/usr/bin/env python3 + +import os +import subprocess +import sys + +if not os.environ.get('DESTDIR'): + print('GIO module cache creation...') + subprocess.call(['gio-querymodules', sys.argv[1]]) diff --git a/po/LINGUAS b/po/LINGUAS new file mode 100644 index 0000000..ef3f952 --- /dev/null +++ b/po/LINGUAS @@ -0,0 +1,68 @@ +an +ar +as +be +bg +bn_IN +bs +ca +ca@valencia +cs +da +de +el +en_CA +en_GB +eo +es +et +eu +fa +fi +fr +fur +gd +gl +gu +he +hi +hr +hu +id +it +ja +kk +km +kn +ko +lv +lt +ml +mr +nb +ne +nl +oc +or +pa +pl +pt +pt_BR +ro +ru +sk +sl +sr +sr@latin +sv +ta +te +tg +th +tr +ug +uk +vi +zh_CN +zh_HK +zh_TW diff --git a/po/POTFILES.in b/po/POTFILES.in new file mode 100644 index 0000000..4323e7f --- /dev/null +++ b/po/POTFILES.in @@ -0,0 +1,7 @@ +proxy/libproxy/glibproxyresolver.c +tls/gnutls/gtlscertificate-gnutls.c +tls/gnutls/gtlsclientconnection-gnutls.c +tls/gnutls/gtlsconnection-gnutls.c +tls/gnutls/gtlsserverconnection-gnutls.c +tls/pkcs11/gpkcs11pin.c +tls/pkcs11/gpkcs11slot.c diff --git a/po/an.po b/po/an.po new file mode 100644 index 0000000..ea2051b --- /dev/null +++ b/po/an.po @@ -0,0 +1,145 @@ +# Aragonese translation for glib-networking. +# Copyright (C) 2013 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2013-02-19 13:01+0000\n" +"PO-Revision-Date: 2013-02-20 01:19+0100\n" +"Last-Translator: Daniel Martinez \n" +"Language-Team: Aragonese \n" +"Language: an\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "Error interna d'o proxy." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "No se podió analisar o certificau DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "No se podió analisar o certificau PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "No se podió analisar a clau privada DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "No se podió analisar a clau privada PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "No s'han proporcionau datos d'o certificau" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "O servidor requiere un certificau TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:258 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "No se podió creyar a connexión TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:520 +msgid "Connection is closed" +msgstr "A connexión ye zarrada" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:582 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1419 +msgid "Operation would block" +msgstr "A operación se blocará" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:712 +msgid "Peer failed to perform TLS handshake" +msgstr "O par falló en realizar a negociación TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:729 +msgid "Peer requested illegal TLS rehandshake" +msgstr "O par solicitó una renegociación TLS ilegal" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:755 +msgid "TLS connection closed unexpectedly" +msgstr "A connexión TLS se zarró inasperadament" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:765 +msgid "TLS connection peer did not send a certificate" +msgstr "O par d'a connexión TLS no ninvió un certificau" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1146 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1165 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Error en realizar a negociación TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1175 +msgid "Server did not return a valid TLS certificate" +msgstr "O servidor no devolvió un certificau TLS valido" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1250 +msgid "Unacceptable TLS certificate" +msgstr "Certificau TLS inacceptable" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1442 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Error en leyer datos d'o socket TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1471 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Error en escribir datos en o socket TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1515 +msgid "Connection is already closed" +msgstr "A connexión ya ye zarrada" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1525 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Error en zarrar o TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "O certificau no tiene clau privada" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "This is the last chance to enter the PIN correctly before the token is locked." +msgstr "Ista ye a zaguera oportunidat ta introducir o PIN correctament antes que se bloque o \"token\"." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures." +msgstr "Quantos intentos d'introducir o PIN han estau incorrectos y o \"token\" se blocará dimpués de mas fallos." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "O PIN introduciu ye incorrecto." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Modulo" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "Puntero d'o modulo PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "ID d'a ranura" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificador d'a ranura de PKCS#11" + diff --git a/po/ar.po b/po/ar.po new file mode 100644 index 0000000..1f8c2fb --- /dev/null +++ b/po/ar.po @@ -0,0 +1,153 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# IBRAHIM , 2011 +# Mohammad Alhargan , 2012. +# Khaled Hosny , 2012. +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2012-09-20 07:26+0200\n" +"PO-Revision-Date: 2012-09-20 07:26+0200\n" +"Last-Translator: Khaled Hosny \n" +"Language-Team: Arabic \n" +"Language: ar\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " +"&& n%100<=10 ? 3 : n%100>=11 ? 4 : 5;\n" +"X-Generator: Virtaal 0.7.0\n" +"X-Project-Style: gnome\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "خطأ داخلي تحليل الوكيل." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "تعذر تحليل شهادة DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "تعذر تحليل شهادة PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "تعذر تحليل المفتاح الخاص DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "تعذر تحليل المفتاح الخاص PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "لم يتم تقديم بيانات الشهادة" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "يتطلب الخادوم شهادة TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "لا يمكن إنشاء اتصال TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "الاتصال مغلق" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:574 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1377 +msgid "Operation would block" +msgstr "العملية قد تغلق" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:701 +msgid "Peer failed to perform TLS handshake" +msgstr "فشل إجراء تعارف نظير TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:718 +msgid "Peer requested illegal TLS rehandshake" +msgstr "طلب النظير تعارف TLS غير شرعي" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:744 +msgid "TLS connection closed unexpectedly" +msgstr "تم إغلاق اتصال TLS بشكل غير متوقع" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1055 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1074 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "خطأ في تعارف TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1210 +msgid "Unacceptable TLS certificate" +msgstr "شهادة TLS غير مقبولة" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1221 +msgid "Server did not return a valid TLS certificate" +msgstr "لم يُرجع الخادوم شهادة TLS سليمة" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1400 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "حدث خطأ أثناء قراءة البيانات من مأخذ توصيل TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1429 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "حدث خطأ أثناء كتابة البيانات من مأخذ توصيل TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1473 +msgid "Connection is already closed" +msgstr "الاتصال مغلق من قبل" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1483 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "خطأ في إغلاق TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "لا يوجد مفتاح خاص للشهادة" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"هذه هي الفرصة الأخيرة لإدخال رقم التعريف الشخصي بشكل صحيح قبل تأمين الرمز " +"المميز." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"عدة محاولات إدخال رقم التعريف الشخصي غير صحيحة، سيتم تأمين الرمز المميز بعد " +"المزيد من الفشل." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "رقم التعريف الشخصي الذي أدخلته غير صحيح." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "وحدة نمطية" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "مؤشر الوحدة النمطية PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "معرف المدخل" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "معرف مدخل PKCS#11" diff --git a/po/as.po b/po/as.po new file mode 100644 index 0000000..623cc32 --- /dev/null +++ b/po/as.po @@ -0,0 +1,153 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Nilamdyuti Goswami , 2011, 2012, 2013. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-11-29 22:09+0000\n" +"PO-Revision-Date: 2013-03-12 18:28+0530\n" +"Last-Translator: Nilamdyuti Goswami \n" +"Language-Team: Assamese \n" +"Language: as\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "প্ৰক্সি সংশোধক অভ্যন্তৰীয় ত্ৰুটি।" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER প্ৰমাণপত্ৰক বিশ্লেষণ কৰোতে অক্ষম: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM প্ৰমাণপত্ৰক বিশ্লেষণ কৰোতে অক্ষম: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER ব্যক্তিগত চাবিক বিশ্লেষণ কৰোতে অক্ষম: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM ব্যক্তিগত চাবিক বিশ্লেষণ কৰোতে অক্ষম: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "কোনো প্ৰমাণপত্ৰ তথ্য যোগান দিয়া হোৱা নাই" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "চাৰ্ভাৰৰ TLS প্ৰমাণপত্ৰৰ প্ৰয়োজন আছিল" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS সংযোগ সৃষ্টি কৰিব পৰা নগল: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "সংযোগ বন্ধ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1382 +msgid "Operation would block" +msgstr "কাৰ্য্য প্ৰতিৰোধ কৰিব" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:703 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS হেন্ডশেক কৰিবলে সমনীয়া ব্যৰ্থ হল" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:720 +msgid "Peer requested illegal TLS rehandshake" +msgstr "সমনীয়ায় অবৈধ পুনৰ হেন্ডশেকৰ অনুৰোধ কৰিছিল" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:746 +msgid "TLS connection closed unexpectedly" +msgstr "TLS সংযোগ অপ্ৰত্যাশিতভাৱে বন্ধ হৈ গল" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:756 +#| msgid "Server did not return a valid TLS certificate" +msgid "TLS connection peer did not send a certificate" +msgstr "TLS সংযোগ সমনীয়ায়ে এটা প্ৰমাণপত্ৰ প্ৰেৰণ নকৰিলে" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1064 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1083 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS হেন্ডশেক কৰোতে ত্ৰুটি: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1228 +msgid "Unacceptable TLS certificate" +msgstr "অগ্ৰহণযোগ্য TLS প্ৰমাণপত্ৰ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1239 +msgid "Server did not return a valid TLS certificate" +msgstr "চাৰ্ভাৰে এটা বৈধ TLS প্ৰমাণপত্ৰ ঘুৰাই নিদিলে" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1405 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS চকেটৰ পৰা তথ্য পঢোতে ত্ৰুটি: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1434 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS চকেটলে তথ্য লিখোতে ত্ৰুটি: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1478 +msgid "Connection is already closed" +msgstr "সংযোগ ইতিমধ্যে বন্ধ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1488 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS বন্ধ কৰোতে ত্ৰুটি: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "প্ৰমাণপত্ৰৰ কোনো ব্যক্তিগত চাবি নাই" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "টকেন লক হোৱাৰ আগত PIN সঠিকভাৱে সুমুৱাৰ এইটো শেষ সুযোগ।" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"কেইবাটাও PIN চেষ্টা ভুল হৈছে, আৰু ততোধিক ব্যৰ্থতাৰ পিছত টকেন লক কৰা হব।" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "সুমুৱা PIN ভুল।" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "মডিউল" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 মডিউল পোইন্টাৰ" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "স্লট ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 স্লট চিনাক্তক" + diff --git a/po/be.po b/po/be.po new file mode 100644 index 0000000..45e2283 --- /dev/null +++ b/po/be.po @@ -0,0 +1,158 @@ +# Ihar Hrachyshka , 2011. +# Kasia Bondarava , 2012. +# Yuras Shumovich , 2017. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-05-23 15:17+0000\n" +"PO-Revision-Date: 2017-09-01 18:35+0300\n" +"Last-Translator: Yuras Shumovich \n" +"Language-Team: Belarusian \n" +"Language: be\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" +"X-Generator: Poedit 1.8.11\n" +"X-Project-Style: gnome\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Унутраная памылка распазнавальніка проксі-сервера." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Не ўдалося разабраць DER-сертыфікат: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Не ўдалося разабраць PEM-сертыфікат: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Не ўдалося разабраць прыватны DER-ключ: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Не ўдалося разабраць прыватны PEM-ключ: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Даныя сертыфіката не пададзеныя" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Сервер запатрабаваў TLS-сертыфікат" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Не ўдалося стварыць TLS-злучэнне: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "Злучэнне закрыта" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "Аперацыя будзе заблакіравана" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "Суразмоўцу не ўдалося выканаць вітанне TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Суразмоўца запытаў забароненае паўторнае вітанне TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-злучэнне нечакана закрылася" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "Партнёр па TLS-злучэнні не паслаў сертыфікат" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Суразмоўца паведамляе пра памылку TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Памылка выканання вітання TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "Сервер не вярнуў правільнага TLS-сертыфіката" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "Непрымальны TLS-сертыфікат" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Памылка чытання даных з TLS-сокета: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Памылка запісу даных у TLS-сокет: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Памылка закрыцця TLS-злучэння: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Сертыфікат не мае закрытага ключа" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Гэта апошні шанец увесці правільны PIN-код да блакіравання доступу." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Вы некалькі разоў уводзілі хібны PIN-код, і калі вы працягнеце ўводзіць " +"хібны PIN-код, дык будзеце заблакіраваны." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Уведзены няправільны PIN-код." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Модуль" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "Паказальнік модуля PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Ідэнтыфікатар слота" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "Ідэнтыфікатар слота PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "Злучэнне ўжо закрыта" diff --git a/po/bg.po b/po/bg.po new file mode 100644 index 0000000..ffeba15 --- /dev/null +++ b/po/bg.po @@ -0,0 +1,156 @@ +# Bulgarian translation of glib-networking po-file. +# Copyright (C) 2011, 2012, 2013, 2017 Free Software Foundation +# This file is distributed under the same license as the glib-networking package. +# Alexander Shopov , 2011, 2012, 2013, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-09-02 09:31+0300\n" +"PO-Revision-Date: 2017-08-25 10:54+0200\n" +"Last-Translator: Alexander Shopov \n" +"Language-Team: Bulgarian \n" +"Language: bg\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Вътрешна грешка при откриването на сървъра-посредник." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Сертификатът във формат DER не може да бъде анализиран: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Сертификатът във формат PEM не може да бъде анализиран: %s<" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Частният ключ във формат DER не може да бъде анализиран: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Частният ключ във формат PEM не може да бъде анализиран: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Липсват данни за сертификат" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Сървърът изисква сертификат за TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Не може да се създаде връзка по TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "Връзката е прекъсната" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:645 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "Операцията ще блокира" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:792 +#: ../tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "Отсрещната страна не осъществи ръкостискане по TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Отсрещната страна изиска неправилно ново ръкостискане по TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "Връзката по TLS неочаквано прекъсна" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "Отсрещната страна за TLS не върна сертификат" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Отсрещната страна изпрати фатално съобщение за TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1241 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Грешка при ръкостискане по TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "Сървърът върна неправилен сертификат за TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "Неприемлив сертификат за TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Грешка при четене на данни по TLS от гнездо: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Грешка при запис на данни по TLS към гнездо: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Грешка при прекъсване на TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Сертификатът е без частен ключ" + +#: ../tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Това е последният ви шанс да въведете правилен ПИН. При грешка устройството " +"ще бъде заключено." + +#: ../tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Няколко последователно въведени ПИН-а са били грешни. При поредна грешка " +"устройството ще бъде заключено." + +#: ../tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Неправилен ПИН." + +#: ../tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Модул" + +#: ../tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "Указател към модул за PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Идентификатор на гнездо" + +#: ../tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "Идентификатор на гнездо за PKCS#11" diff --git a/po/bn_IN.po b/po/bn_IN.po new file mode 100644 index 0000000..720d479 --- /dev/null +++ b/po/bn_IN.po @@ -0,0 +1,95 @@ +# Bengali (India) translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# , 2011. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug." +"cgi?product=glib&component=network\n" +"POT-Creation-Date: 2011-02-08 17:25+0000\n" +"PO-Revision-Date: 2011-02-11 13:52+0530\n" +"Last-Translator: \n" +"Language-Team: Bengali (India) \n" +"Language: bn_IN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.1\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#: ../proxy/libproxy/glibproxyresolver.c:142 +msgid "Proxy resolver internal error." +msgstr "প্রক্সি মীমাংসাকারীর অভ্যন্তরীণ ত্রুটি।" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER সার্টিফিকেট পার্স করতে ব্যর্থ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM সার্টিফিকেট পার্স করতে ব্যর্থ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:214 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER গোপনীয়-কি পার্স করতে ব্যর্থ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM গোপনীয়-কি পার্স করতে ব্যর্থ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:275 +msgid "No certificate data provided" +msgstr "সার্টিফিকেটের কোনো তথ্য উপলব্ধ করা হয়নি" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:356 +msgid "Server required TLS certificate" +msgstr "সার্ভারের ক্ষেত্রে TLS সার্টিফিকেট আবশ্যক" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:241 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS সংযোগ তৈরি করতে ব্যর্থ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:479 +msgid "Peer failed to perform TLS handshake" +msgstr "সমকক্ষ দ্বারা TLS হ্যান্ড-শেক করা সম্ভব হয়নি" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:497 +msgid "Peer requested illegal TLS rehandshake" +msgstr "সমকক্ষ দ্বারা TLS-র জন্য পুনরায় হ্যান্ড-শেক করার অবৈধ অনুরোধ করা হয়েছে" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:511 +msgid "TLS connection closed unexpectedly" +msgstr "TLS সংযোগ অপ্রত্যাশিতভাবে বন্ধ হয়ে গেছে" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:799 +#: ../tls/gnutls/gtlsconnection-gnutls.c:825 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS হ্যান্ড-শেক করার সময় ত্রুটি দেখা দিয়েছে: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:876 +msgid "Unacceptable TLS certificate" +msgstr "অগ্রহণযোগ্য TLS সার্টিফিকেট" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1023 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS সকেট থেকে তথ্য পড়তে ত্রুটি: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1049 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS সকেটে তথ্য লিখতে ত্রুটি: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1095 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS বন্ধ করতে ত্রুটি: %s" + diff --git a/po/bs.po b/po/bs.po new file mode 100644 index 0000000..30d4d18 --- /dev/null +++ b/po/bs.po @@ -0,0 +1,146 @@ +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2015-02-27 06:51+0000\n" +"PO-Revision-Date: 2015-02-04 14:27+0000\n" +"Last-Translator: Samir Ribić \n" +"Language-Team: Bosnian \n" +"Language: bs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Launchpad-Export-Date: 2015-02-05 07:01+0000\n" +"X-Generator: Launchpad (build 17331)\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Interna greška bliskog razrješivača." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Ne mogu analizirati DER certifikate: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Ne mogu analizirati PEM certifikate:: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Ne mogu analizirati DER privatni ključ:: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Ne mogu analizirati PEM privatni ključ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Nema datih certifikacijskih podataka" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324 +msgid "Server required TLS certificate" +msgstr "Server zahtijeva TLS certifikat" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:305 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Ne mogu kreirati TLS vezu: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "Veza je zatvorena" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:635 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1504 +msgid "Operation would block" +msgstr "Operacija bi se blokirala" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:774 +#: ../tls/gnutls/gtlsconnection-gnutls.c:813 +msgid "Peer failed to perform TLS handshake" +msgstr "Saradnik neuspio da obavi TLS usaglašavanje" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:792 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Saradnik zahtijevao neispravno TLS ponovno usaglašavanje" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:819 +msgid "TLS connection closed unexpectedly" +msgstr "TLS veza neočekivano zatvorena" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:829 +msgid "TLS connection peer did not send a certificate" +msgstr "Saradnik u TLS konekciji nije poslao certifikat" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1212 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1245 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Greška u TLS usaglašavanju: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1255 +msgid "Server did not return a valid TLS certificate" +msgstr "Server nije vratio važeći TLS certifikat" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1330 +msgid "Unacceptable TLS certificate" +msgstr "Neprihvatljiv TLS certifikat" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1538 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Greška u čitanju podataka iz TLS soketa: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1567 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Greška u pisnju podataka u TLS soket: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1619 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Greška u obavljanju TLS zatvaranja: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Certifikat nema privatnog ključa" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ovo je zadnja šansa da pravilno unesete PIN prije nego se token zaključa." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Nekoliko PIN pokušaja je bilo netačni, a token će biti zaključan nakon " +"daljih grešaka." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "Uneseni PIN je neispravan." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Modul" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 Module Pointer" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "IB slota" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 Identifikator slota" diff --git a/po/ca.po b/po/ca.po new file mode 100644 index 0000000..05524fb --- /dev/null +++ b/po/ca.po @@ -0,0 +1,164 @@ +# Catalan translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# David Planella , 2011, 2012. +# Gil Forcada , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-08-27 20:41+0000\n" +"PO-Revision-Date: 2017-09-01 14:11+0200\n" +"Last-Translator: Gil Forcada \n" +"Language-Team: Catalan \n" +"Language: ca\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Poedit 1.8.11\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "" +"S'ha produït un error intern al sistema de resolució del servidor " +"intermediari." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "No s'ha pogut analitzar el certificat DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "No s'ha pogut analitzar el certificat PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "No s'ha pogut analitzar la clau privada DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "No s'ha pogut analitzar la clau privada PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "No s'ha proporcionat cap dada per al certificat" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "El servidor requereix un certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "No s'ha pogut crear una connexió TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "La connexió està tancada" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "L'operació bloquejaria" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "" +"L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "La connexió TLS s'ha tancat de manera inesperada" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "L'altre extrem de la connexió ha enviat una alerta fatal TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "El servidor no ha retornat un certificat TLS vàlid" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "No es pot acceptar el certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "S'ha produït un error en realitzar el tancament TLS: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "El certificat no té cap clau privada" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Aquesta és la darrera oportunitat per introduir el PIN de manera correcta " +"abans de bloquejar el testimoni." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"S'ha intentat introduir el PIN de manera incorrecta diverses vegades, i es " +"bloquejarà el testimoni si es torna a fallar." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "S'ha introduït un PIN incorrecte." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Mòdul" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "Punter del mòdul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Identificador de ranura" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificador de la ranura PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "La connexió ja està tancada" diff --git a/po/ca@valencia.po b/po/ca@valencia.po new file mode 100644 index 0000000..627b9c5 --- /dev/null +++ b/po/ca@valencia.po @@ -0,0 +1,164 @@ +# Catalan translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# David Planella , 2011, 2012. +# Gil Forcada , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-09-09 14:14+0000\n" +"PO-Revision-Date: 2017-09-01 14:11+0200\n" +"Last-Translator: Xavi Ivars \n" +"Language-Team: Catalan \n" +"Language: ca-valencia\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Poedit 1.8.11\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "" +"S'ha produït un error intern al sistema de resolució del servidor " +"intermediari." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "No s'ha pogut analitzar el certificat DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "No s'ha pogut analitzar el certificat PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "No s'ha pogut analitzar la clau privada DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "No s'ha pogut analitzar la clau privada PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "No s'ha proporcionat cap dada per al certificat" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "El servidor requereix un certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "No s'ha pogut crear una connexió TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "La connexió està tancada" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "L'operació bloquejaria" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "" +"L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "La connexió TLS s'ha tancat de manera inesperada" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "L'altre extrem de la connexió ha enviat una alerta fatal TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "El servidor no ha retornat un certificat TLS vàlid" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "No es pot acceptar el certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "S'ha produït un error en realitzar el tancament TLS: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "El certificat no té cap clau privada" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Esta és la darrera oportunitat per introduir el PIN de manera correcta " +"abans de bloquejar el testimoni." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"S'ha intentat introduir el PIN de manera incorrecta diverses vegades, i es " +"bloquejarà el testimoni si es torna a fallar." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "S'ha introduït un PIN incorrecte." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Mòdul" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "Punter del mòdul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Identificador de ranura" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificador de la ranura PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "La connexió ja està tancada" diff --git a/po/cs.po b/po/cs.po new file mode 100644 index 0000000..c82b087 --- /dev/null +++ b/po/cs.po @@ -0,0 +1,201 @@ +# Czech translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Marek Černocký , 2011, 2012, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2017-11-05 17:31+0100\n" +"Last-Translator: Marek Černocký \n" +"Language-Team: čeština \n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +"X-Generator: Gtranslator 2.91.7\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Interní chyba zjišťování adres přes proxy." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nelze zpracovat certifikát DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nelze zpracovat certifikát PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nelze zpracovat soukromý klíč DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nelze zpracovat soukromý klíč PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Nebyla poskytnuta žádná data certifikátu" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Server požaduje certifikát TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nelze vytvořit připojení TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "Připojení je uzavřeno" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Operace by blokovala" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Vypršel časový limit V/V operace soketu" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Protějšek selhal při navazování spojení TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Protějšek požadoval neplatné znovunavázání spojení TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "Připojení TLS bylo neočekávaně zavřeno" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Protějšek připojení TLS neposlal certifikát" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Protějšek zaslal kritické varování TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Zpráva je příliš velká pro připojení DTLS; maximum je %u bajt" +msgstr[1] "Zpráva je příliš velká pro připojení DTLS; maximum jsou %u bajty" +msgstr[2] "Zpráva je příliš velká pro připojení DTLS; maximum je %u bajtů" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Vypršel časový limit operace" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Chyba při vyjednávání spojení TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Server nevrátil platný certifikát TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Nepřijatelný certifikát TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Chyba při čtení dat ze soketu TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Příznaky příjmu nejsou podporované" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Chyba při zápisu dat do soketu TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Zpráva o velikosti %lu bajt je příliš velká pro připojení DTLS" +msgstr[1] "Zpráva o velikosti %lu bajty je příliš velká pro připojení DTLS" +msgstr[2] "Zpráva o velikosti %lu bajtů je příliš velká pro připojení DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maximum je %u bajt)" +msgstr[1] "(maximum jsou %u bajty)" +msgstr[2] "(maximum je %u bajtů)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Příznaky odesílání nejsou podporované" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Chyba při zavírání TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Certifikát nemá soukromý klíč" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Máte poslední pokus zadat PIN správně, pak bude tiket zablokován." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude tiket " +"zablokován." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Zadaný PIN je nesprávný." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Ukazatel na modul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID slotu" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identifikátor slotu PKCS#11" + +#, fuzzy +#~ msgid "Connection is already closed" +#~ msgstr "Připojení je uzavřeno" diff --git a/po/da.po b/po/da.po new file mode 100644 index 0000000..63c7537 --- /dev/null +++ b/po/da.po @@ -0,0 +1,201 @@ +# Danish translation for glib-networking. +# Copyright (C) 2018 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# Kris Thomsen , 2011. +# Ask Hjorth Larsen , 2012-2013, 2017. +# Joe Hansen (joedalton2@yahoo.dk), 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-03-03 23:02+0200\n" +"Last-Translator: Joe Hansen (joedalton2@yahoo.dk)\n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Intern fejl i proxy-opløser." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Kunne ikke fortolke DER-certifikat: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Kunne ikke fortolke PEM-certifikat: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Kunne ikke fortolke privat nøgle for DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Kunne ikke fortolke privat nøgle for PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Ingen certifikatdata angivet" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Server kræver et TLS-certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Kunne ikke oprette TLS-forbindelse: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Forbindelsen er lukket" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Forbindelsen ville blokere" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Sokkel-I/O fik tidsudløb" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Modpart mislykkedes i at udføre TLS-forhandling" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Modpart forspurgte illegalt TLS-genforhandling" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-forbindelse lukkede uventet ned" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS-modpart sendte ikke noget certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Peer sendte fatal TLS-alarm: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Beskeden er for stor til en DTLS-forbindelse; maksimum er %u byte" +msgstr[1] "Beskeden er for stor til en DTLS-forbindelse; maksimum er %u byte" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Operationen fik tidsudløb" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Der opstod en fejl under udførsel af TLS-forhandling" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Serveren returnerede ikke et gyldigt TLS-certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Uacceptabelt TLS-certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Der opstod en fejl under læsning af data fra TLS-sokkel" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Modtageflag er ikke understøttet" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Der opstod en fejl under skrivning af data til TLS-sokkel" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "En besked med størrelsen %lu byte er for stor til en DTLS-forbindelse" +msgstr[1] "En besked med størrelsen %lu byte er for stor til en DTLS-forbindelse" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maksimum er %u byte)" +msgstr[1] "(maksimum er %u byte)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Sendflag er ikke understøttet" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Der opstod en fejl under nedlukning af TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Certifikatet har ingen privat nøgle" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Dette er sidste chance for at indtaste PIN korrekt, før det kryptografiske " +"tegn (token) låses." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Der er indtastet adskillige forkerte PIN, og det kryptografiske tegn (token) " +"vil blive låst hvis der sker flere fejl." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Den indtastede PIN er forkert." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11-modulpointer" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Plads-id" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 plads-identifikation" + +#~ msgid "Connection is already closed" +#~ msgstr "Forbindelsen er allerede lukket" diff --git a/po/de.po b/po/de.po new file mode 100644 index 0000000..9fb656e --- /dev/null +++ b/po/de.po @@ -0,0 +1,199 @@ +# German translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Mario Blättermann , 2011-2013, 2017. +# Christian Kirbach , 2011, 2012. +# Wolfgang Stöggl , 2011, 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2017-11-06 11:36+0100\n" +"Last-Translator: Mario Blättermann \n" +"Language-Team: Deutsch \n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 2.0.3\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Interner Fehler in der Auflösung des Proxys." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER-Zertifikat konnte nicht verarbeitet werden: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM-Zertifikat konnte nicht verarbeitet werden: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Geheimer DER-Schlüssel konnte nicht verarbeitet werden: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Geheimer PEM-Schlüssel konnte nicht verarbeitet werden: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Keine Zertifikatdaten bereitgestellt" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Server benötigt ein TLS-Zertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS-Verbindung konnte nicht erstellt werden: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "Verbindung ist geschlossen" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Vorgang würde blockieren" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Zeitüberschreitung bei Ein-/Ausgabeoperation des Sockets" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Gegenstelle scheiterte bei Ausführung der TLS-Begrüßung" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Gegenstelle fragte illegale erneute Begrüßung an" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-Verbindung wurde unerwartet geschlossen" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Gegenstelle der TLS-Verbindung gab kein gültiges Zertifikat zurück" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Gegenstelle sendete schwerwiegende TLS-Warnung: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Nachricht ist für DTLS-Verbindung zu groß; Maximum ist %u Byte" +msgstr[1] "Nachricht ist für DTLS-Verbindung zu groß; Maximum ist %u Bytes" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Zeitüberschreitung des Vorgangs" + +# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Fehler bei der Ausführung des TLS-Handshake" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Server gab kein gültiges TLS-Zertifikat zurück" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Nicht akzeptables TLS-Zertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Empfangen von Flags wird nicht unterstützt" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Fehler beim Schreiben der Daten in den TLS-Socket" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Nachricht der Größe %lu Byte ist für DTLS-Verbindung zu groß" +msgstr[1] "Nachricht der Größe %lu Byte ist für DTLS-Verbindung zu groß" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(Maximum ist %u Byte)" +msgstr[1] "(Maximum ist %u Bytes)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Senden von Flags wird nicht unterstützt" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Fehler beim Schließen der TLS-Verbindung" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Das Zertifikat hat keinen geheimen Schlüssel" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Dies ist die letzte Möglichkeit, die PIN korrekt einzugeben, bevor das Token " +"gesperrt wird." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Mehrere Versuche der PIN-Eingabe waren nicht korrekt. Das Token wird nach " +"weiteren Fehlversuchen gesperrt." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Die eingegebene PIN ist nicht korrekt." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11-Modulzeiger" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "Slot-ID" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11-Slotkennung" diff --git a/po/el.po b/po/el.po new file mode 100644 index 0000000..ebd5706 --- /dev/null +++ b/po/el.po @@ -0,0 +1,162 @@ +# Greek translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Michael Kotsarinis , 2011. +# Kostas Papadimas , 2012. +# Dimitris Spingos (Δημήτρης Σπίγγος) , 2012. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-05-23 15:17+0000\n" +"PO-Revision-Date: 2017-09-09 10:31+0200\n" +"Last-Translator: Efstathios Iosifidis \n" +"Language-Team: team@gnome.gr\n" +"Language: el\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 1.5.7\n" +"X-Project-Style: gnome\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Εσωτερικό σφάλμα επίλυσης διαμεσολαβητή." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Αδυναμία ανάλυσης πιστοποιητικού DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Αδυναμία ανάλυσης πιστοποιητικού PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Αδυναμία ανάλυσης ιδιωτικού κλειδιού DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Αδυναμία ανάλυσης ιδιωτικού κλειδιού PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Δεν παρέχονται δεδομένα πιστοποιητικού" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Ο διακομιστής απαίτησε πιστοποιητικό TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Αδύνατη η δημιουργία σύνδεσης TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "Η σύνδεση έκλεισε" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "Η λειτουργία θα μπλοκαριστεί" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "Ο ομότιμος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Ο ομότιμος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "Η σύνδεση TLS τερματίστηκε απρόσμενα" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "Η ομότιμη σύνδεση TLS δεν έστειλε πιστοποιητικό" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Το ομότιμο έστειλε ειδοποίηση μοιραίου σφάλματος TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Σφάλμα κατά τη «χειραψία» TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "Ο διακομιστής δεν επέστρεψε ένα έγκυρο πιστοποιητικό TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "Μη αποδεκτό πιστοποιητικό TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Σφάλμα κατά την ανάγνωση δεδομένων από την υποδοχή TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Σφάλμα κατά την εγγραφή δεδομένων στην υποδοχή TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Σφάλμα κατά το κλείσιμο TLS: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Το πιστοποιητικό δεν έχει ιδιωτικό κλειδί" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Αυτή είναι η τελευταία σας ευκαιρία να πληκτρολογήσετε σωστά το PIN πριν να " +"κλειδωθεί το διακριτικό." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το διακριτικό θα κλειδωθεί μετά " +"από περαιτέρω αποτυχίες." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Δεν είναι έγκυρο το PIN που πληκτρολογήσατε." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Άρθρωμα" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "Δείκτης αρθρώματος PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Αναγνωριστικό υποδοχής" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "Αναγνωριστικό θέσης PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "Η σύνδεση έχει ήδη κλείσει" diff --git a/po/en_CA.po b/po/en_CA.po new file mode 100644 index 0000000..d0e5d47 --- /dev/null +++ b/po/en_CA.po @@ -0,0 +1,22 @@ +# English/Canada translation of glib-networking. +# Copyright (C) 2010 Collabora Ltd. +# This file is distributed under the same license as the glib-networking package. +# Nicolas Dufresne , 2010. +# +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-08-13 16:59-0400\n" +"PO-Revision-Date: 2010-08-13 17:42-0400\n" +"Last-Translator: Nicolas Dufresne \n" +"Language-Team: Canadian English \n" +"Language: en_CA\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../proxy/libproxy/glibproxyresolver.c:142 +msgid "Proxy resolver internal error." +msgstr "Proxy resolver internal error." diff --git a/po/en_GB.po b/po/en_GB.po new file mode 100644 index 0000000..ccd2580 --- /dev/null +++ b/po/en_GB.po @@ -0,0 +1,154 @@ +# British English translation of glib-networking. +# Copyright (C) 2011 glib-networking'S COPYRIGHT HOLDER +# This file is distributed under the same licence as the glib-networking package. +# Bruce Cowan , 2011, 2012. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2016-08-15 21:53+0000\n" +"PO-Revision-Date: 2016-09-18 12:18+0200\n" +"Last-Translator: David King \n" +"Language-Team: British English \n" +"Language: en_GB\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Proxy resolver internal error." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Could not parse DER certificate: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Could not parse PEM certificate: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Could not parse DER private key: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Could not parse PEM private key: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "No certificate data provided" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Server required TLS certificate" + +#: tls/gnutls/gtlsconnection-gnutls.c:323 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Could not create TLS connection: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:585 +msgid "Connection is closed" +msgstr "Connection is closed" + +#: tls/gnutls/gtlsconnection-gnutls.c:658 +#: tls/gnutls/gtlsconnection-gnutls.c:1537 +msgid "Operation would block" +msgstr "Operation would block" + +#: tls/gnutls/gtlsconnection-gnutls.c:808 +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "Peer failed to perform TLS handshake" +msgstr "Peer failed to perform TLS handshake" + +#: tls/gnutls/gtlsconnection-gnutls.c:826 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Peer requested illegal TLS rehandshake" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +msgid "TLS connection closed unexpectedly" +msgstr "TLS connection closed unexpectedly" + +#: tls/gnutls/gtlsconnection-gnutls.c:863 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS connection peer did not send a certificate" + +#: tls/gnutls/gtlsconnection-gnutls.c:1250 +#: tls/gnutls/gtlsconnection-gnutls.c:1283 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Error performing TLS handshake: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1293 +msgid "Server did not return a valid TLS certificate" +msgstr "Server did not return a valid TLS certificate" + +#: tls/gnutls/gtlsconnection-gnutls.c:1363 +msgid "Unacceptable TLS certificate" +msgstr "Unacceptable TLS certificate" + +#: tls/gnutls/gtlsconnection-gnutls.c:1571 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Error reading data from TLS socket: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1600 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Error writing data to TLS socket: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1664 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Error performing TLS close: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Certificate has no private key" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "The PIN entered is incorrect." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Module" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 Module Pointer" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Slot ID" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 Slot Identifier" + +#~ msgid "Connection is already closed" +#~ msgstr "Connection is already closed" diff --git a/po/eo.po b/po/eo.po new file mode 100644 index 0000000..e53c718 --- /dev/null +++ b/po/eo.po @@ -0,0 +1,160 @@ +# Esperanto translation for glib-networking. +# Copyright (C) 2011 Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# Kristjan SCHMIDT , 2011, 2017. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&k" +"eywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-05-23 15:17+0000\n" +"PO-Revision-Date: 2017-06-11 02:22+0200\n" +"Last-Translator: Kristjan SCHMIDT \n" +"Language-Team: Esperanto \n" +"Language: eo\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" +"X-Project-Style: gnome\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Interna eraro en la solvilo de la prokurilo." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Ne eblis analizi la DER-atestilon: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Ne eblis analizi la PEM-atestilon: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Ne eblis analizi la privatan DER-ŝlosilon: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Ne eblis analizi la privatan PEM-ŝlosilon: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Neniu atestilo etas provizita" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Servilo bezonas TLS-atestilon" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Ne eblis krei TLS-konekton: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "La konekto estas fermita" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +#, fuzzy +msgid "Operation would block" +msgstr "La operacio estus haltigota" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "Samtavolano malsukcesis efektivigi TLS-kvitancon" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Samtavolano petis kontraŭleĝan TLS-kvitancon" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-konekto fermiĝis senatendite" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +#, fuzzy +#| msgid "TLS connection closed unexpectedly" +msgid "TLS connection peer did not send a certificate" +msgstr "TLS-konekto ne sendis atestilon" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "" + +# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Eraro dum efektivigi TLS-kvitancon: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +#| msgid "Server required TLS certificate" +msgid "Server did not return a valid TLS certificate" +msgstr "Servilo ne redonis validan TLS-atestilon" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "Neakceptebla TLS-atestilo" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Eraro dum legi datumojn el la TLS-ingo: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Eraro dum skribi datumojn al la TLS-ingo: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Eraro dum fermi la TLS-konekto: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Atestilo ne havas privatan ŝlosilon" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ĉi tiu estas la lasta ebleco enigi la pasvorton ĝuste antaŭ ol via aliro " +"estos ŝlosita." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "La pasvorto enigita ne estas korekta." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Modulo" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "" diff --git a/po/es.po b/po/es.po new file mode 100644 index 0000000..3c946d7 --- /dev/null +++ b/po/es.po @@ -0,0 +1,208 @@ +# Spanish translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Jorge González , 2011. +# Daniel Mustieles , 2011, 2012, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2017-11-16 18:25+0100\n" +"Last-Translator: Daniel Mustieles \n" +"Language-Team: es \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Gtranslator 2.91.6\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Error interno del proxy." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "No se pudo analizar el certificado DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "No se pudo analizar el certificado PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "No se pudo analizar la clave privada DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "No se pudo analizar la clave privada PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "No se han proporcionado datos del certificado" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "El servidor requiere un certificado TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "No se pudo crear la conexión TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "La conexión está cerrada" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "La operación de bloqueará" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Expiró la E/S del socket" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "EL par falló al realizar la negociación TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "El par solicitó una renegociación TLS ilegal" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "La conexión TLS se cerró inesperadamente" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "El par de la conexión TLS no envió un certificado" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "El par ha enviado una alerta fatal de TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"El mensaje es demasiado largo para una conexión DTLS; el máximo es %u byte" +msgstr[1] "" +"El mensaje es demasiado largo para una conexión DTLS; el máximo es %u bytes" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "La operación ha agotado su tiempo" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +#| msgid "Error performing TLS handshake: %s" +msgid "Error performing TLS handshake" +msgstr "Error al realizar la negociación TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "El servidor no devolvió un certificado TLS válido" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Certificado TLS inaceptable" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +#| msgid "Error reading data from TLS socket: %s" +msgid "Error reading data from TLS socket" +msgstr "Error al leer datos del socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "No se soporta recibir opciones" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +#| msgid "Error writing data to TLS socket: %s" +msgid "Error writing data to TLS socket" +msgstr "Error al escribir datos en el socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +"El mensaje de tamaño %lu byte es demasiado largo para una conexión DTLS" +msgstr[1] "" +"El mensaje de tamaño %lu bytes es demasiado largo para una conexión DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(el máximo es %u byte)" +msgstr[1] "(el máximo es %u bytes)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "No se soporta enviar opciones" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +#| msgid "Error performing TLS close: %s" +msgid "Error performing TLS close" +msgstr "Error al cerrar el TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "El certificado no tiene clave privada" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Esta es la última oportunidad para introducir el PIN correctamente antes de " +"que se bloquee el «token»." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Varios intentos de introducir el PIN han sido incorrectos y el «token» se " +"bloqueará después de más fallos." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "El PIN introducido es incorrecto." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Módulo" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Puntero del módulo PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID de la ranura" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificador de la ranura de PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "La conexión ya está cerrada" diff --git a/po/et.po b/po/et.po new file mode 100644 index 0000000..15e8f91 --- /dev/null +++ b/po/et.po @@ -0,0 +1,124 @@ +# GLibi võrgunduse eesti tõlge. +# Estonian translation of GLib Networking. +# +# Copyright (C) 2011 The GNOME Project. +# This file is distributed under the same license as the GLib package. +# +# Ivar Smolin , 2011. +# Mattias Põldaru , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-12-18 07:45+0000\n" +"PO-Revision-Date: 2012-12-18 14:36+0300\n" +"Last-Translator: Mattias Põldaru \n" +"Language-Team: Estonian <>\n" +"Language: et\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n!=1);\n" + +msgid "Proxy resolver internal error." +msgstr "Proksilahendaja sisemine viga." + +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER-sertifikaati pole võimalik analüüsida: %s" + +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM-sertifikaati pole võimalik analüüsida: %s" + +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER-vormingus salajast võtit pole võimalik analüüsida: %s" + +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM-vormingus salajast võtit pole võimalik analüüsida: %s" + +msgid "No certificate data provided" +msgstr "Sertifikaadi andmed puuduvad" + +msgid "Server required TLS certificate" +msgstr "Server nõudis TLS-sertifikaati" + +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS-ühendust pole võimalik luua: %s" + +msgid "Connection is closed" +msgstr "Ühendus on suletud" + +msgid "Operation would block" +msgstr "Operatsioon blokeeriks" + +msgid "Peer failed to perform TLS handshake" +msgstr "Partneril ei õnnestunud TLS-kätlust läbi viia" + +msgid "Peer requested illegal TLS rehandshake" +msgstr "Partneri nõudis lubamatut TLS-kätlust" + +msgid "TLS connection closed unexpectedly" +msgstr "TLS-ühendus suleti ootamatult" + +msgid "TLS connection peer did not send a certificate" +msgstr "TLS ühenduse osapool ei tagastanud sertifikaati" + +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Viga TLS-kätluse läbiviimisel: %s" + +msgid "Server did not return a valid TLS certificate" +msgstr "Server ei tagastanud kehtivat TLS-sertifikaati" + +msgid "Unacceptable TLS certificate" +msgstr "Lubamatu TLS-sertifikaat" + +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Viga TLS-soklist andmete lugemisel: %s" + +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Viga TLS-soklisse andmete kirjutamisel: %s" + +msgid "Connection is already closed" +msgstr "Ühendus on juba suletud" + +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Viga TLS-i sulgemisel: %s" + +msgid "Certificate has no private key" +msgstr "Sertifikaadil puudub privaatvõti" + +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "See on viimane võimalus õige PIN sisestada, enne kui seade lukustub." + +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Mitu korda on sisestatud vale PIN, järgmisel ebaõnnestumisel seade lukustub." + +msgid "The PIN entered is incorrect." +msgstr "Sisestatud PIN oli vale." + +msgid "Module" +msgstr "Moodul" + +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 mooduli viit" + +msgid "Slot ID" +msgstr "Pesa ID" + +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 pesa identifikaator" diff --git a/po/eu.po b/po/eu.po new file mode 100644 index 0000000..0ce3822 --- /dev/null +++ b/po/eu.po @@ -0,0 +1,160 @@ +# translation of eu.po to Basque +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Iñaki Larrañaga Murgoitio , 2011, 2012. +# Iñaki Larrañaga Murgoitio , 2013, 2017. +msgid "" +msgstr "" +"Project-Id-Version: eu\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-05-23 15:17+0000\n" +"PO-Revision-Date: 2017-08-27 12:22+0200\n" +"Last-Translator: Iñaki Larrañaga Murgoitio \n" +"Language-Team: Basque \n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Proxyen ebaztailearen barneko errorea." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Ezin izan da DER ziurtagiria analizatu: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Ezin izan da PEM ziurtagiria analizatu: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Ezin izan da DER gako pribatua analizatu: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Ezin izan da PEM gako pribatua analizatu: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Ez da ziurtagiriaren daturik eman" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Zerbitzariak TLS ziurtagiria behar du" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Ezin izan da TLS konexioa sortu: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "Konexioa itxi egin da" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "Eragiketa blokea daiteke" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "Parekoak huts egin du TLS diosala lantzean" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Parekoak TLSren diosala ilegala eskatu du" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "TLS konexioa ustekabean itxi da" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS konexioaren parekoak ez du ziurtagiria bidali" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Parekoak TLS abisu larria bidali du: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Errorea TLS diosala lantzean: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "Zerbitzariak ez du baliozko TLS ziurtagiria itzuli" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "Onartu gabeko TLS ziurtagiria" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Errorea TLS socketetik datuak irakurtzean: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Errorea TLS socketean datuak idaztean: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Errorea TLSren itxiera lantzean: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Ziurtagiriak ez dauka gako pribaturik" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Hau azken aukera da PINa ongi sartzeko, tokena blokeatu aurretik." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Sartu diren hainbat PIN ez dira zuzenak, eta tokena blokeatu egin da " +"hutsegite gehiagoren ondoren." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Sartutako PINa okerrekoa da." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Modulua" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 moduluaren erakuslea" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "Erretenaren IDa" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 erretenaren identifikatzailea" + +#~ msgid "Connection is already closed" +#~ msgstr "Konexioa jadanik itxita dago" diff --git a/po/fa.po b/po/fa.po new file mode 100644 index 0000000..e58014b --- /dev/null +++ b/po/fa.po @@ -0,0 +1,158 @@ +# Persian translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Arash Mousavi , 2011, 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-05-23 15:17+0000\n" +"PO-Revision-Date: 2017-09-30 00:38+0330\n" +"Last-Translator: Arash Mousavi \n" +"Language-Team: Persian\n" +"Language: fa\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-SourceCharset: utf-8\n" +"X-Generator: Poedit 2.0.4\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "خطای داخلی تحلیل‌گر پیشکار." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "تجزیه گواهینامه DER امکان‌پذیر نبود: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "تجزیه گواهینامه PEM امکان‌پذیر نبود: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "تجزیه کلید خصوصی DER امکان‌پذیر نبود: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "تجزیه کلید خصوصی PEM امکان‌پذیر نبود: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "هیچ اطلاعات گواهینامه‌ای ارائه نشده" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "کارگزار به گواهینامه TLS احتیاج دارد" + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "نمی‌توان اتصال TLS ایجاد کرد: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "اتصال بسته شده است" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "عملیات می‌تواند بلوکه شود" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "برقراری TLS handshake توسط همتا شکست خورد" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "همتا درخواست یک TLS rehandshake غیرقانونی کرده است" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "اتصال TLS بطور غیر منتظره‌ای شکست خورد" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "همتا اتصال TLS گواهینامه‌ای ارسال نکرد" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "همتا یک هشدارِ جدی TLS ارسال کرد: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "خطا در هنگام انجام TLS handshake. خطا: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "کارگزار گواهینامه TLS معتبری ارسال نکرد" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "گواهینامه TLS غیر قابل پذیرش" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "خطا در هنگام هواندن اطلاعات از طریق سوکت TLS. خط: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "خطا در هنگام نوشتن اطلاعات در سوکت TLS. خطا: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "خطا در هنگام انجام بستن TLS. خطا: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "گواهینامه هیچ کلید خصوصی‌ای ندارد" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "آخرین شانس برای صحیح وارد کردن PIN قبل از قفل شدن رمز است." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"تعدادی از تلاش‌های برای وارد کردن PIN شکست خورده است، و رمز پس از شکست‌های " +"بعدی قفل خواهد شد." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "عبارت PIN وارد شده نادرست است." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "ماژول" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "نشانگر ماژول PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "شناسه‌ی جایگاه" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "شناساگر جایگاه PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "اتصال از قبل بسته شده است" diff --git a/po/fi.po b/po/fi.po new file mode 100644 index 0000000..792afb8 --- /dev/null +++ b/po/fi.po @@ -0,0 +1,161 @@ +# Finnish messages for glib-networking +# Copyright (C) 2011 Tommi Vainikainen +# This file is distributed under the same license as the glib-networking. +# +# Gnome 2012-03 Finnish translation sprint participants: +# Jiri Grönroos +# Tommi Vainikainen , 2011. +# Jiri Grönroos , 2012, 2013. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-11-29 22:09+0000\n" +"PO-Revision-Date: 2013-03-20 23:44+0200\n" +"Last-Translator: Jiri Grönroos \n" +"Language-Team: Finnish \n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-POT-Import-Date: 2012-02-19 15:16:01+0000\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "Väliselvityspalvelimen sisäinen virhe." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER-varmennetta ei voitu jäsentää: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM-varmennetta ei voitu jäsentää: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER-yksityisavainta ei voitu jäsentää: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM-yksityisavainta ei voitu jäsentää: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Varmennetietoja ei tarjottu" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "Palvelin vaatii TLS-varmenteen" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Ei voitu luoda TLS-yhteyttä: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "Yhteys on suljettu" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1382 +msgid "Operation would block" +msgstr "" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:703 +msgid "Peer failed to perform TLS handshake" +msgstr "Vastapuoli ei kyennyt suoriutumaan TLS-kättelystä" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:720 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Vastapuoli pyysi laitonta TLS-uusintakättelyä" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:746 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-yhteys katkesi yllättäen" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:756 +#| msgid "Server did not return a valid TLS certificate" +msgid "TLS connection peer did not send a certificate" +msgstr "TLS-yhteyden vertainen ei lähettänyt varmennetta" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1064 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1083 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Virhe suoritettaessa TLS-kättelyä: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1228 +msgid "Unacceptable TLS certificate" +msgstr "TLS-varmenne ei ole hyväksyttävä" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1239 +msgid "Server did not return a valid TLS certificate" +msgstr "Palvelin ei palauttanut kelvollista TLS-varmennetta" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1405 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Virhe luettaessa tietoa TLS-pistokkeesta: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1434 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1478 +msgid "Connection is already closed" +msgstr "Yhteys on jo suljettu" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1488 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Virhe suoritettaessa TLS-sulkemista: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Varmenteella ei ole yksityistä avainta" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Tämä on viimeinen mahdollisuus antaa oikea PIN, ennen kuin valtuus " +"lukitaan." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Useat PIN-yritykset ovat epäonnistuneet, ja valtuus lukitaan seuraavien " +"epäonnistumisten myötä." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "Syötetty PIN-koodi on virheellinen." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Moduuli" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "Paikan tunniste" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11-paikan tunniste" + diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..1fab595 --- /dev/null +++ b/po/fr.po @@ -0,0 +1,197 @@ +# French translation for glib-networking. +# Copyright (C) 2011-2018 Listed translators +# This file is distributed under the same license as the glib-networking package. +# Claude Paroz , 2011-2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2018-02-23 22:11+0100\n" +"Last-Translator: Claude Paroz \n" +"Language-Team: GNOME French Team \n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Erreur interne du résolveur de serveur mandataire." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Impossible d'analyser le certificat DER : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Impossible d'analyser le certificat PEM : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Impossible d'analyser la clé privée DER : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Impossible d'analyser la clé privée PEM : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Aucune donnée de certificat fournie" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Le serveur requiert un certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Impossible de créer une connexion TLS : %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "La connexion est fermée" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "L'opération serait bloquée" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Les entrées/sorties du connecteur ont expiré" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "La négociation TLS avec le serveur pair a échoué" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Le serveur pair a demandé une renégociation TLS non autorisée" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "La connexion TLS a été fermée de manière inattendue" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Le pair TLS n'a pas envoyé de certificat" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Le pair a envoyé une alerte TLS fatale : %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Le message est trop grand pour la connexion DTLS ; le maximum est de %u octet" +msgstr[1] "" +"Le message est trop grand pour la connexion DTLS ; le maximum est de %u octets" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "L’opération a expiré" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Erreur lors de la négociation TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Le serveur n'a pas renvoyé un certificat TLS valide" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Certificat TLS inacceptable" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Erreur lors de la lecture de données du connecteur TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Les drapeaux de réception ne sont pas pris en charge" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Erreur lors de l'écriture de données sur le connecteur TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Un message de %lu octet est trop grand pour la connexion DTLS" +msgstr[1] "Un message de %lu octets est trop grand pour la connexion DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(le maximum est de %u octet)" +msgstr[1] "(le maximum est de %u octets)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Les drapeaux d'envoi ne sont pas pris en charge" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Erreur lors de la fermeture TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Le certificat n'a pas de clé privée" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"C'est la dernière chance d'entrer le PIN correct avant que la carte à puce " +"soit verrouillée." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Plusieurs PIN incorrects ont été saisis, toute nouvelle erreur provoquera le " +"verrouillage de la carte à puce." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Le PIN saisi n'est pas correct." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Module" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Pointeur de module PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID d'emplacement" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identifiant d'emplacement PKCS#11" diff --git a/po/fur.po b/po/fur.po new file mode 100644 index 0000000..2ab80cc --- /dev/null +++ b/po/fur.po @@ -0,0 +1,201 @@ +# Friulian translation for glib-networking. +# Copyright (C) 2013 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2018-01-08 18:50+0100\n" +"Last-Translator: Fabio Tomat \n" +"Language-Team: Friulian \n" +"Language: fur\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Erôr interni dal resolver proxy." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Impussibil analizâ il certificât DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Impussibil analizâ il certificât PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Impussibil analizâ la clâf privade DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Impussibil analizâ la clâf privade PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Nissun dât di certificât dât" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Il server al domande un certificât TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Impussibil creâ la conession TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "La conession e je sierade" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Le operazion e podarès blocâsi" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "I/O dal socket scjadût" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Il pâr nol è rivât a eseguî il handshake TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Il pâr al à domandât un rehandshake TLS no lecit" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "Sieradure inspietade de conession TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Il pâr di conession TLS nol à inviât un certificât" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Il pâr al à inviât l'avîs TLS fatâl: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Il messaç al è masse grant pe conession DTLS; il massim al è di %u byte" +msgstr[1] "" +"Il messaç al è masse grant pe conession DTLS; il massim al è di %u byte" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "La operazion e je scjadude" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Erôr tal eseguî il handshake TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Il server nol à tornât un certificât TLS valit" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Certificât TLS no acetabil" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Erôr tal lei dâts dal socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Lis opzions di ricezion no son supuartadis" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Erôr tal scrivi dâts al socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Il messaç di dimension %lu byte al è masse grant pe conession DTLS" +msgstr[1] "Il messaç di dimension %lu byte al è masse grant pe conession DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(il massim al è %u byte)" +msgstr[1] "(il massim al è %u bytes)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Lis opzions par inviâ no son supuartadis" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Erôr tal sierâ TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Il certificât nol à une clâf privade" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Cheste e je la ultime pussibilitât par inserî il PIN coret prime che al " +"vegni blocât il token." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"A son stâts fats une vore di tentatîfs par meti il PIN, il token al sarà " +"blocât dopo altris faliments." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Il PIN dât nol è coret." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Pontadôr modul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID dal slot" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificadôr Slot PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "La conession a je za sierade" diff --git a/po/gd.po b/po/gd.po new file mode 100644 index 0000000..a1ed032 --- /dev/null +++ b/po/gd.po @@ -0,0 +1,153 @@ +# Scottish Gaelic translation for glib-networking. +# Copyright (C) 2016 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# GunChleoc , 2016. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k" +"eywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2016-04-28 06:59+0000\n" +"PO-Revision-Date: 2016-04-28 15:01+0100\n" +"Last-Translator: GunChleoc \n" +"Language-Team: Fòram na Gàidhlig\n" +"Language: gd\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=4; plural=(n==1 || n==11) ? 0 : (n==2 || n==12) ? 1 : " +"(n > 2 && n < 20) ? 2 : 3;\n" +"X-Generator: Virtaal 0.7.1\n" +"X-Project-Style: gnome\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Mearachd taobh a-stagh an fhuasglaiche progsaidh." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Cha deach leinn teisteanas DER a pharsadh: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Cha deach leinn teisteanas PEM a pharsadh: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Cha deach leinn iuchair phrìobhaideach DER a pharsadh: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Cha deach leinn iuchair phrìobhaideach PEM a pharsadh: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Cha deach dàta teisteanais a thoirt seachad" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "Dh'iarr am frithealaiche teisteanas TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:323 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Cha b' urrainn dhuinn ceangal TLS a chruthachadh: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:585 +msgid "Connection is closed" +msgstr "Chaidh an ceangal a dhùnadh" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:658 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1537 +msgid "Operation would block" +msgstr "Dhèanadh an t-obrachadh bacadh" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:808 +#: ../tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "Peer failed to perform TLS handshake" +msgstr "Cha do rinn an seise crathadh-làimhe TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:826 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Dh'iarr an seise ath-chrathadh-làimhe TLS mì-dhligheach" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:853 +msgid "TLS connection closed unexpectedly" +msgstr "Chaidh an ceangal TLS a dhùnadh gun dùil" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:863 +msgid "TLS connection peer did not send a certificate" +msgstr "Cha do chuir seise a' cheangail TLS teisteanas" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1250 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1283 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Mearachd le crathadh-làimhe TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1293 +msgid "Server did not return a valid TLS certificate" +msgstr "Cha do thill am frithealaiche teisteanas TLS dligheach" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1363 +msgid "Unacceptable TLS certificate" +msgstr "Teisteanas TLS ris nach gabhar" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1571 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Mearachd a' leughadh dàta on t-socaid TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1600 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Mearachd a' sgrìobhadh dàta dhan t-socaid TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1664 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Mearachd le dùnadh TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "Chan eil iuchair phrìobhaideach aig an teisteanas" + +#: ../tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Seo an cothrom mu dheireadh gus am PIN a chur a-steach mar bu chòir mus dèid " +"an tòcan a ghlasadh." + +#: ../tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Chaidh iomadh oidhirp air a' PIN gu cearr agus thèid an tòcan a ghlasadh ma " +"bhios e cearr a-rithist." + +#: ../tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Chan eil am PIN a chaidh a chur a-steach mar bu chòir." + +#: ../tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "Mòideal" + +#: ../tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "Tomhaire mòideil PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "ID an t-slota" + +#: ../tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "Aithnichear an t-slota PKCS#11" diff --git a/po/gl.po b/po/gl.po new file mode 100644 index 0000000..a2f2e20 --- /dev/null +++ b/po/gl.po @@ -0,0 +1,206 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Copyright © 2011 Leandro Regueiro. +# Leandro Regueiro , 2011. +# Proxecto Trasno - Adaptación do software libre á lingua galega: Se desexas +# colaborar connosco, podes atopar máis información en +# Fran Diéguez , 2011. +# Fran Dieguez , 2011, 2012, 2017, 2018. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2018-02-10 20:13+0100\n" +"PO-Revision-Date: 2018-02-10 20:13+0200\n" +"Last-Translator: Fran Dieguez \n" +"Language-Team: Galician\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" +"X-Project-Style: gnome\n" + +#: ../proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Erro interno do resolvedor de proxy." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Non foi posíbel analizar o certificado DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Non foi posíbel analizar o certificado PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Non foi posíbel analizar a chave privada DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Non foi posíbel analizar a chave privada PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Non se forneceu ningún dato do certificado" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "O servidor require un certificado TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Non foi posíbel crear a conexión TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "A conexión está pechada" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:772 +#: ../tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "A operación bloquearase" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:813 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Tempo de espera do Socket de E/S superado" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:952 +#: ../tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "O par fallou ao realizar a negociación TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "O par solicitou unha renegociación TLS inaceptábel" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "A conexión TLS pechouse de forma inesperada" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "O par da conexión TLS non enviou un certificado" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "O par envióu unha alerta TLS fatal: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"O mensaxe é demasiado largo para a conexión DTLS; o máximo é %u byte" +msgstr[1] "" +"O mensaxe é demasiado largo para a conexión DTLS; o máximo é %u bytes" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "A operación superou o tempo máximo permitido" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1808 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Produciuse un erro ao realizar a negociación TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "O servidor non devolveu un certificado TLS válido" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Certificado TLS inaceptábel" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2218 +#: ../tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Produciuse un erro ao ler datos do socket TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "As bandeiras de recepción non se admiten" + +#. flags +#: ../tls/gnutls/gtlsconnection-gnutls.c:2417 +#: ../tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Produciuse un erro ao escribir datos no socket TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +"O mensaxe de %lu byte de tamaño é demasiado largo para a conexión DTLS" +msgstr[1] "" +"O mensaxe de %lu bytes de tamaño é demasiado largo para a conexión DTLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(o máximo é %u byte)" +msgstr[1] "(o máximo é %u bytes)" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "As bandeiras de envío non se admiten" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Produciuse un erro ao pechar o TLS" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "O certificado no ten unha chave privada" + +#: ../tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Esta é a última oportunidade para escribir o PIN correctamente antes de que " +"o token está bloqueado." + +#: ../tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Varios intentos de introducir o PIN foron incorrectos e o «token» " +"bloquearase despois de máis fallos." + +#: ../tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "O PIN escrito é incorrecto." + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Módulo" + +#: ../tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Punteiro do módulo PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "ID da ranura" + +#: ../tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificador da ranura PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "A conexión está pechada" diff --git a/po/gu.po b/po/gu.po new file mode 100644 index 0000000..dac5f09 --- /dev/null +++ b/po/gu.po @@ -0,0 +1,95 @@ +# translation of gu.po to Gujarati +# Gujarati translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# Sweta Kothari , 2011. +msgid "" +msgstr "" +"Project-Id-Version: gu\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network\n" +"POT-Creation-Date: 2011-02-08 03:51+0000\n" +"PO-Revision-Date: 2011-02-08 12:18+0530\n" +"Last-Translator: Sweta Kothari \n" +"Language-Team: Gujarati\n" +"Language: gu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n!=1);\n" + +#: ../proxy/libproxy/glibproxyresolver.c:142 +msgid "Proxy resolver internal error." +msgstr "પ્રોક્સી રિઝૉલ્વર આંતરિક ભૂલ." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER પ્રમાણપત્રનું પદચ્છેદન કરી શક્યા નહિં: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM પ્રમાણપત્રનું પદચ્છેદન કરી શક્યા નહિં: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:214 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER ખાનગી કીનું પદચ્છેદન કરી શક્યા નહિં: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM ખાનગી કીનું પદચ્છેદન કરી શક્યા નહિં: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:275 +msgid "No certificate data provided" +msgstr "પ્રમાણપત્ર માહિતીને પૂરી પાડેલ નથી" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:356 +msgid "Server required TLS certificate" +msgstr "સર્વરને TLS પ્રમાણપત્રની જરૂરિયાત છે" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:241 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS જોડાણને બનાવી શક્યા નહિં: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:479 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS handshake ને ચલાવવામાં Peer નિષ્ફળ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:497 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Peer ને બિનકાયદેસર TLS rehandshake માટે સૂચિત કરેલ છે" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:511 +msgid "TLS connection closed unexpectedly" +msgstr "TLS જોડાણ અચાનક બંધ થઇ ગયુ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:799 +#: ../tls/gnutls/gtlsconnection-gnutls.c:825 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS handshake ને ચલાવી રહ્યા હોય ત્યારે ભૂલ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:876 +msgid "Unacceptable TLS certificate" +msgstr "અસ્વીકાર્ય TLS પ્રમાણપત્ર" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1023 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS સોકેટમાંથી માહિતીને વાંચી રહ્યા હોય ત્યારે ભૂલ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1049 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS સોકેટમાં માહિતીને લખી રહ્યા હોય ત્યારે ભૂલ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1095 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS બંધ ને ચલાવી રહ્યા હોય ત્યારે ભૂલ: %s" + diff --git a/po/he.po b/po/he.po new file mode 100644 index 0000000..45fdb35 --- /dev/null +++ b/po/he.po @@ -0,0 +1,198 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-11-26 16:17+0200\n" +"PO-Revision-Date: 2017-11-26 16:22+0200\n" +"Last-Translator: Yosef Or Boczko \n" +"Language-Team: Hebrew \n" +"Language: he\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural= (n !=1 );\n" +"X-Poedit-Language: Hebrew\n" +"X-Poedit-Country: ISRAEL\n" +"X-Poedit-SourceCharset: UTF-8\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "שגיאה פנימית בפתרון המתווך." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "לא ניתן לפענח את אישור ה־DER:‏ %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "לא ניתן לפענח את אישור ה־PEM:‏ %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "לא ניתן לפענח את מפתח ה־DER הפרטי: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "לא ניתן לפענח את מפתח ה־PEM הפרטי: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "לא סופקו נתוני אישור" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "השרת דורש תעודת TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "לא ניתן ליצור חיבור TLS:‏ %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "החיבור סגור" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:752 +#: ../tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "הפעולה תיחסם" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:793 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "אזל הזמן שהוקצב לקריאה/כתיבה לשקע" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:927 +#: ../tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "העמית נכשל בלחיצת היד מסוג TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "העמית ביקש לחיצת יד חוזרת מסוג TLS בלתי חוקית" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "החיבור ל־TLS נסגר באופן בלתי צפוי" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "הצד השני בחיבור ה־TLS לא החזיר תעודה" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +msgstr[1] "" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "זמן הפעולה אזל." + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1780 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "שגיאה בביצוע לחיצת יד מסוג TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "השרת לא החזיר תעודת TLS תקפה" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "אישור ה־TLS אינו מקובל" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2185 +#: ../tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "שגיאה בקריאת הנתונים משקע ה־TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "קבלת דגלים לא נתמכת" + +#. flags +#: ../tls/gnutls/gtlsconnection-gnutls.c:2382 +#: ../tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "שגיאה בכתיבת נתונים אל שקע ה־TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +msgstr[1] "" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "" +msgstr[1] "" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "שליחת דגלים אינה נתמכת" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "שגיאה בביצוע סגירת TLS" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "לאישור אין מפתח פרטי" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "זוהי ההזדמנות האחרונה להזין את ה־PIN הנכון לפני שהאסימון ננעל." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"חלק מניסיונות הזנת ה־PIN עלו בתוהו והאסימון יינעל לאחר ניסיונות כושלים " +"נוספים." + +#: ../tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "ה־PIN שהוזן שגוי." + +#: ../tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "מודול" + +#: ../tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "מצביע מודול PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "מזהה חריץ" + +#: ../tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "מזהה חריץ PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "החיבור כבר סגור" diff --git a/po/hi.po b/po/hi.po new file mode 100644 index 0000000..9ac799b --- /dev/null +++ b/po/hi.po @@ -0,0 +1,157 @@ +# translation of glib-networking.po.master.hi.po to Hindi +# Hindi translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Rajesh Ranjan , 2011. +# chandankumar(ciypro) , 2012, 2013. +# rajesh , 2012. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking.po.master.hi\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-11-29 22:09+0000\n" +"PO-Revision-Date: 2013-03-25 13:35+0000\n" +"Last-Translator: chandankumar \n" +"Language-Team: Hindi \n" +"Language: hi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 1.5\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "प्रॉक्सी समाधानकर्ता आंतरिक त्रुटि." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER प्रमाणपत्र नहीं विश्लेषित कर सकता है: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM प्रमाणपत्र नहीं विश्लेषित कर सकता है: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER निजी कुंजी नहीं विश्लेषित कर सकता है: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM निजी कुंजी नहीं विश्लेषित कर सकता है: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "कोई प्रमाणपत्र आँकड़ा नहीं दिया गया" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "सर्वर के लिए TLS प्रमाणपत्र चाहिए" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "टीएलएस कनेक्शन नहीं बना सका: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "कनेक्शन बंद है" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1382 +msgid "Operation would block" +msgstr "कार्य रोक दिया जाएगा" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:703 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS हैंडशेक करने में पीयर विफल रहा" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:720 +msgid "Peer requested illegal TLS rehandshake" +msgstr "पीयर ने TLS फिर हैंडशेक के लिए आग्रह किया" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:746 +msgid "TLS connection closed unexpectedly" +msgstr "TLS अप्रत्याशित रूप से बंद हो गया" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:756 +#| msgid "Server did not return a valid TLS certificate" +msgid "TLS connection peer did not send a certificate" +msgstr "TLS कनेक्शन सहकर्मी एक प्रमाण पत्र नहीं भेजा" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1064 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1083 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS हैंडशेक करने में त्रुटि: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1228 +msgid "Unacceptable TLS certificate" +msgstr "अस्वीकार्य TLS प्रमाणपत्र" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1239 +msgid "Server did not return a valid TLS certificate" +msgstr "सर्वर ने वैध TLS प्रमाणपत्र नहीं दिया है" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1405 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS सॉकेट से आँकड़ा पढ़ने में त्रुटि: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1434 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS सॉकेट से आँकड़ा लिखने में त्रुटि: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1478 +msgid "Connection is already closed" +msgstr "कनेक्शन पहले से बंद है" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1488 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS बंद करने में त्रुटि: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "प्रमाणपत्र में कोई निजी कुंजी नहीं है" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "टोकन बंद होने से पहले पिन सही तरीके से दर्ज करने का यह आखिरी मौका है." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"कई पिन प्रयास को गलत कर दिया गया है, और आगे विफलताओं के बाद टोकन बंद कर दिया " +"जाएगा." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "दर्ज किया गया पिन गलत है." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "मॉडयूल" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 मॉडयूल पाइंटर" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "स्लॉट ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 स्लॉट पहचानकर्ता" + diff --git a/po/hr.po b/po/hr.po new file mode 100644 index 0000000..5b38f4c --- /dev/null +++ b/po/hr.po @@ -0,0 +1,201 @@ +# Croatian translation for glib-networking +# Copyright (c) 2015 Rosetta Contributors and Canonical Ltd 2015 +# This file is distributed under the same license as the glib-networking package. +# FIRST AUTHOR , 2015. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2017-11-09 16:36+0100\n" +"Last-Translator: gogo \n" +"Language-Team: Croatian \n" +"Language: hr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Launchpad-Export-Date: 2017-04-10 14:16+0000\n" +"X-Generator: Poedit 2.0.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Unutrašnja greška proxy razrješitelja." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nemoguća analiza DER vjerodajnica: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nemoguća analiza PEM vjerodajnica: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nemoguća analiza DER privatnog ključa: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nemoguća analiza PEM privatnog ključa: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Nema pruženih podataka vjerodajnica" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Poslužitelj zahtijeva TLS vjerodajnicu" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nemoguće stvaranje TLS povezivanja: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "Povezivanje je zatvoreno" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Radnja će blokirati" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Istek vremena U/I priključnice" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Čvor je odbio izvesti TLS rukovanje" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Čvor zahtjeva ilegalno TLS ponovno rukovanje" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "TLS povezivanje je neočekivano zatvoreno" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS čvor povezivanja nije poslao vjerodajnicu" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Kobno slanje točke TLS upozorenje: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajt" +msgstr[1] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta" +msgstr[2] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Istek vremena radnje" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Greška izvođenja TLS rukovanja" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Poslužitelj nije vratio valjanu TLS vjerodajnicu" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Neprihvatljiva TLS vjerodajnica" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Greška čitanja podataka iz TLS priključnice" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Primanje oznaka nije podržano" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Greška zapisivanja podataka u TLS priključnicu" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje" +msgstr[1] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje" +msgstr[2] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(najviše je %u bajt)" +msgstr[1] "(najviše je %u bajta)" +msgstr[2] "(najviše je %u bajta)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Slanje oznaka nije podržano" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Greška izvođenja TLS zatvaranja" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Vjerodajnica nema privatni ključ" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ovo je posljednja šansa za upis PIN-a ispravno prije nego što se token " +"zaključa." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Nekoliko PIN-ova je neispravno, i token će biti zaključan nakon budućih " +"neuspjeha." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Upisani PIN je neispravan." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 pokazivač modula" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID utora" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 identifikator utora" diff --git a/po/hu.po b/po/hu.po new file mode 100644 index 0000000..394c3ef --- /dev/null +++ b/po/hu.po @@ -0,0 +1,202 @@ +# Hungarian translation for glib-networking. +# Copyright (C) 2011, 2012, 2017, 2018. Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# +# Gabor Kelemen , 2011, 2012. +# Balázs Úr , 2012, 2017, 2018. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2018-01-21 22:02+0100\n" +"Last-Translator: Balázs Úr \n" +"Language-Team: Hungarian \n" +"Language: hu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Proxyfeloldó belső hiba." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "A DER tanúsítvány nem dolgozható fel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "A PEM tanúsítvány nem dolgozható fel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "A DER személyes kulcs nem dolgozható fel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "A PEM személyes kulcs nem dolgozható fel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Nincsenek megadva tanúsítványadatok" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "A kiszolgáló TLS-tanúsítványt kért" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nem sikerült létrehozni TLS-kapcsolatot: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "A kapcsolat lezárva" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "A művelet blokkoló lenne" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "A foglalat túllépte az I/O időkorlátot" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "A partner nem tudta végrehajtani a TLS-kézfogást" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "A partner illegális ismételt TLS-kézfogást kért" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "A TLS-kapcsolat váratlanul befejeződött" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "A TLS kapcsolat partner nem küldött tanúsítványt" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "A partner végzetes TLS riasztást küldött: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Az üzenet túl nagy a DTLS kapcsolathoz; legfeljebb %u bájt lehet" +msgstr[1] "Az üzenet túl nagy a DTLS kapcsolathoz; legfeljebb %u bájt lehet" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "A művelet túllépte az időkorlátot" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +#| msgid "Error performing TLS handshake: %s" +msgid "Error performing TLS handshake" +msgstr "Hiba a TLS-kézfogás végrehajtásakor" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "A kiszolgáló nem adott vissza érvényes TLS-tanúsítványt" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Elfogadhatatlan TLS-tanúsítvány" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +#| msgid "Error reading data from TLS socket: %s" +msgid "Error reading data from TLS socket" +msgstr "Hiba az adatok olvasásakor a TLS-foglalatból" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "A fogadási jelzők nem támogatottak" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +#| msgid "Error writing data to TLS socket: %s" +msgid "Error writing data to TLS socket" +msgstr "Hiba az adatok TLS-foglalatba írásakor" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "A(z) %lu bájt méretű üzenet túl nagy a DTLS kapcsolathoz" +msgstr[1] "A(z) %lu bájt méretű üzenet túl nagy a DTLS kapcsolathoz" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(legfeljebb %u bájt)" +msgstr[1] "(legfeljebb %u bájt)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "A küldési jelzők nem támogatottak" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +#| msgid "Error performing TLS close: %s" +msgid "Error performing TLS close" +msgstr "Hiba a TLS-lezárás végrehajtásakor" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "A tanúsítványnak nincs személyes kulcsa" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ez az utolsó lehetősége a helyes PIN megadására, mielőtt a jelsor zárolásra " +"kerül." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Több PiN-megadás sikertelen volt, és a további sikertelen próbálkozások után " +"a jelsor zárolásra kerül." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "A megadott PIN helytelen." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 modulmutató" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "Nyílásazonosító" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 nyílásazonosító" + diff --git a/po/id.po b/po/id.po new file mode 100644 index 0000000..5423323 --- /dev/null +++ b/po/id.po @@ -0,0 +1,196 @@ +# Indonesian translation of glib-networking +# Copyright (C) 2011 THE glib-networking'S COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# Andika Triwidada , 2011, 2012, 2013. +# Dirgita , 2012. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2017-11-06 14:49+0700\n" +"Last-Translator: Kukuh Syafaat \n" +"Language-Team: Indonesian \n" +"Language: id\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Poedit 2.0.3\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Galat internal resolver proksi." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Tak bisa mengurai sertifikat DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Tak bisa mengurai sertifikat PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Tak bisa mengurai kunci privat DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Tak bisa mengurai kunci privat PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Data sertifikat tak disediakan" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Server memerlukan sertifikat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Tak bisa membuat koneksi TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "Koneksi ditutup" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Operasi akan memblokir" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "I/O soket kehabisan waktu" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Peer gagal melakukan jabat tangan TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Peer meminta jabat tangan ulang TLS yang ilegal" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "Koneksi TLS tertutup tak disangka-sangka" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Pasangan koneksi TLS tak mengembalikan sertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Peer mengirim peringatan TLS yang fatal: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Pesan terlalu besar untuk koneksi DTLS; maksimum adalah %u byte" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Waktu operasi habis" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Galat melakukan jabat tangan TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Server tak mengembalikan sertifikat TLS yang valid" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Sertifikat TLS tak dapat diterima" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Galat saat membaca data dari soket TLS:" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Menerima tanda tidak didukung" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Galat saat menulis data ke soket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Pesan ukuran %lu byte terlalu besar untuk koneksi DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maksimum adalah %u byte)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Mengirim tanda tidak didukung" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Galat melaksanakan penutupan TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Sertifikatnya tidak memiliki kunci privat" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ini kesempatan terakhir memasukkan PIN yang benar sebelum token dikunci." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Sudah beberapa kali PIN yang dimasukkan salah, token akan dikunci jika " +"terulang." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "PIN yang dimasukkan salah." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Pointer Modul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID Slot" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identifair Slot PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "Koneksi telah ditutup" diff --git a/po/it.po b/po/it.po new file mode 100644 index 0000000..171d686 --- /dev/null +++ b/po/it.po @@ -0,0 +1,200 @@ +# glib-networking Italian translation +# Copyright (C) 2011, 2012, 2013, 2016, 2017, 2018 Free Software Foundation, Inc +# This file is distributed under the same license as the glib-networking package. +# Luca Ferretti , 2011, 2012. +# Milo Casagrande , 2013, 2017, 2018. +# Gianvito Cavasoli , 2016. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2018-02-09 16:33+0100\n" +"Last-Translator: Milo Casagrande \n" +"Language-Team: Italiano \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 2.0.4\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Errore interno del resolver proxy." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Impossibile analizzare il certificato DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Impossibile analizzare il certificato PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Impossibile analizzare la chiave privata DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Impossibile analizzare la chiave privata PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Nessun dato di certificato fornito" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Il server richiede un certificato TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Impossibile creare la connessione TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "La connessione è chiusa" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "L'operazione potrebbe bloccarsi" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "I/O sul socket scaduto" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Il nodo non è stato in grado di eseguire l'handshake TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Il nodo ha richesto un re-handshake non lecito" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "La connessione TLS si è chiusa in modo inatteso" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Il nodo di connessione TLS non ha inviato un certificato" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Il nodo ha inviato un avviso TLS fatale: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Il messaggio è troppo grande per una connessione DTLS (massimo %u byte)" +msgstr[1] "" +"Il messaggio è troppo grande per una connessione DTLS (massimo %u byte)" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Tempo esaurito per l'operazione" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Errore nell'eseguire l'handshake TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Il server non ha restituito un certificato TLS valido" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Certificato TLS inammissibile" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Errore nel leggere dati dal socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "I flag di ricezione non sono supportati" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Errore nello scrivere dati sul socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Un messaggio di %lu byte è troppo grande per la connessione DTLS" +msgstr[1] "Un messaggio di %lu byte è troppo grande per la connessione DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(massimo %u byte)" +msgstr[1] "(massimo %u byte)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "I flag di invio non sono supportati" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Errore nell'eseguire la chiusura TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Il certificato non presenta chiave privata" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Questa è l'ultima opportunità di inserire il PIN corretto prima che venga " +"bloccato il token." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"È stato inserito diverse volte un PIN non corretto, altri tentativi errati e " +"il token verrà bloccato." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Il PIN inserito non è corretto." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modulo" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Puntatore modulo PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "ID dello slot" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificatore slot PKCS#11" diff --git a/po/ja.po b/po/ja.po new file mode 100644 index 0000000..301d7c4 --- /dev/null +++ b/po/ja.po @@ -0,0 +1,145 @@ +# Japanese translation of glib-networking message catalog. +# Copyright (C) 2011-2012 Free Software Foundation, Inc. +# This file is distributed under the same license as glib-networking package. +# Takayuki KUSANO , 2011-2012. +# Hideki Yamane , 2011-2012. +# Yoji TOYODA , 2012. +# Jiro Matsuzawa , 2015. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2015-09-14 06:04+0000\n" +"PO-Revision-Date: 2015-09-15 01:29+0900\n" +"Last-Translator: Jiro Matsuzawa \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "プロキシリゾルバーでの内部エラー。" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER 形式の証明書を解析できませんでした: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM 形式の証明書を解析できませんでした: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER 形式の秘密鍵を解析できませんでした: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM 形式の秘密鍵を解析できませんでした: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "証明書のデータが与えられていません" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:340 +msgid "Server required TLS certificate" +msgstr "サーバーが TLS 証明書を要求しました" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:311 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS コネクションを確立できませんでした: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:578 +msgid "Connection is closed" +msgstr "コネクションが切断されています" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:641 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1505 +msgid "Operation would block" +msgstr "操作がブロックされます" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:780 +#: ../tls/gnutls/gtlsconnection-gnutls.c:819 +msgid "Peer failed to perform TLS handshake" +msgstr "通信相手が TLS ハンドシェイクの実行に失敗しました" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:798 +msgid "Peer requested illegal TLS rehandshake" +msgstr "通信相手が不当な TLS の再ハンドシェイクを要求しました" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:825 +msgid "TLS connection closed unexpectedly" +msgstr "TLS コネクションが突然閉じられました" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:835 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS の通信相手が証明書を送信しませんでした。" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1218 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1251 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS ハンドシェイク実行中のエラー: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1261 +msgid "Server did not return a valid TLS certificate" +msgstr "サーバーが有効な TLS 証明書を返しませんでした。" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1331 +msgid "Unacceptable TLS certificate" +msgstr "受け付けられない TLS 証明書です" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1539 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS ソケットからのデータ読み込み中のエラー: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1568 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS ソケットへのデータ書き出し中のエラー: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1620 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS クローズ実行中のエラー: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:106 +msgid "Certificate has no private key" +msgstr "証明書に秘密鍵がありません" + +#: ../tls/pkcs11/gpkcs11pin.c:111 +msgid "This is the last chance to enter the PIN correctly before the token is locked." +msgstr "これがトークンがロックされる前に正しく PIN コードを入力する最後のチャンスです。" + +#: ../tls/pkcs11/gpkcs11pin.c:113 +msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures." +msgstr "正しくない PIN コードの入力が複数回行われたので、さらに失敗するとトークンはロックされます。" + +#: ../tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "入力された PIN コードが正しくありません。" + +#: ../tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "モジュール" + +#: ../tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 モジュールポインター" + +#: ../tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "スロット ID" + +#: ../tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 スロット ID" diff --git a/po/kk.po b/po/kk.po new file mode 100644 index 0000000..b5cd30c --- /dev/null +++ b/po/kk.po @@ -0,0 +1,191 @@ +# Kazakh translation for glib-networking. +# Copyright (C) 2014 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Baurzhan Muftakhidinov , 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-02-28 18:28+0500\n" +"Last-Translator: Baurzhan Muftakhidinov \n" +"Language-Team: Kazakh \n" +"Language: kk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.6\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Прокси шешушісінің ішкі қатесі." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER сертификатын талдау қатесі: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM сертификатын талдау қатесі: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER жеке кілтін талдау қатесі: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM жеке кілтін талдау қатесі: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Сертификат ұсынылмады" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Сервер TLS сертификатын талап етеді" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Байланыс жабылды" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Әрекет блоктайды" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Сокет Е/Ш әрекетінің күту мерзімі біткен" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS байланысты күтпегенде жабылды" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS байланысының торабы сертификатты жібермеген" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Торап қатаң TLS ескертуін жіберді: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Хабарлама DTLS байланысы үшін тым үлкен; макс. шамасы %u байт" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Әрекетті күту мерзімі біткен" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "TLS байланысты орнату сәлемдемесін орындау қатемен аяқталды" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Сервер жарамды TLS сертификатын қайтармады" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Жарамсыз TLS сертификаты" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "TLS сокетінен деректерді оқу қатемен аяқталды" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Қабылдау жалаушаларға қолдау жоқ" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "TLS сокетіне деректерді жазу қатемен аяқталды" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Өлшемі %lu байт хабарлама DTLS байланысы үшін тым үлкен" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(макс. шамасы %u байт)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Жіберу жалаушаларға қолдау жоқ" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "TLS жабу әрекетін орындау қатемен аяқталды" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Сертификатта жеке кілт жоқ" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз енгізілерде " +"блокталатын болады." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Енгізілген PIN коды дұрыс емес." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Модуль" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 модулі көрсеткіші" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Слот ID-і" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 слот идентификаторы" diff --git a/po/km.po b/po/km.po new file mode 100644 index 0000000..13cbf2b --- /dev/null +++ b/po/km.po @@ -0,0 +1,135 @@ +# translation of glib-networking.master.po to Khmer +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Khoem Sokhem , 2012. +# Seng Sutha , 2012. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking.master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-01-08 09:01+0000\n" +"PO-Revision-Date: 2012-02-20 09:22+0700\n" +"Last-Translator: Seng Sutha \n" +"Language-Team: Khmer \n" +"Language: km\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: WordForge 0.8 RC1\n" +"X-Language: km-KH\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "កំហុស​ខាងក្នុង​របស់​កម្មវិធី​ដោះស្រាយ​ប្រូកស៊ី ។" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "មិន​អាច​ញែក​វិញ្ញាបនបត្រ​របស់​ DER បាន​ទេ ៖ %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "មិន​អាច​ញែក​វិញ្ញាបនបត្រ​របស់ PEM បាន​ទេ %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "មិន​អាច​ញែក​កូនសោ​ឯកជន​របស់ DER បាន​ទេ ៖ %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "មិន​អាច​ញែក​កូនសោ​ឯកជន​របស់ PEM បាន​ទេ ៖ %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "គ្មាន​ទិន្នន័យ​វិញ្ញាបនបត្រ​បាន​ផ្ដល់​ឡើយ" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:349 +msgid "Server required TLS certificate" +msgstr "ម៉ាស៊ីន​បម្រើ​បាន​ទាមទារ​វិញ្ញាបនបត្រ​របស់ TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:202 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "មិន​អាច​ធ្វើ​ការ​តភ្ជាប់​ TLS បាន​ទេ ៖ %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:481 +msgid "Peer failed to perform TLS handshake" +msgstr "បាន​បរាជ័យ​ម៉ាស៊ីន​ក្នុង​ការ​ប្រតិបត្តិ TLS handshake" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:501 +msgid "Peer requested illegal TLS rehandshake" +msgstr "ម៉ាស៊ីន​បាន​ស្នើ TLS rehandshake ដែល​មិន​ត្រឹមត្រូវ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:519 +msgid "TLS connection closed unexpectedly" +msgstr "ការ​តភ្ជាប់​របស់ TLS បាន​បិទ​ដោយ​មិន​រំពឹង" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:814 +#: ../tls/gnutls/gtlsconnection-gnutls.c:840 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "កំហុស​ក្នុង​ការ​ប្រតិបត្តិ TLS handshake ៖ %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:888 +msgid "Unacceptable TLS certificate" +msgstr "វិញ្ញាបនបត្រ​របស់ TLS ដែល​មិន​អាច​ទទួល​យក​បាន" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1025 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "កំហុស​ក្នុង​ការ​អាន​ទិន្នន័យ​ពី​រន្ធ​របស់ TLS ៖ %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1051 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "កំហុស​ក្នុង​ការ​សរសេរ​ទិន្នន័យ​អំពី​រន្ធ​របស់ TLS ៖ %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1097 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "កំហុស​ក្នុង​ការ​បិទ​ TLS ៖ %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "វិញ្ញាបនបត្រ​គ្មាន​កូនសោ​ឯកជន​ឡើយ" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"វា​ជា​ឱកាស​ចុង​ក្រោយ​ក្នុង​ការ​បញ្ចូល PIN ដោយ​ត្រឹមត្រូវ " +"មុន​ពេល​ថូខឹង​ត្រូវ​បាន​ជាប់សោ ។" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"ការ​ប៉ុនប៉ង​របស់ PIN មួយ​ចំនួន​មិន​ត្រឹមត្រូវ " +"ហើយ​ថូខឹង​នឹង​ត្រូវ​បាន​ជាប់​សោ ក្រោយ​ពី​ភាព​បរាជ័យ ។" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "PIN បាន​បញ្ចូល​មិន​ត្រឹមត្រូវ​ ។" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "ម៉ូឌុល​" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "ទ្រនិច​ម៉ូឌុល PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "លេខ​សម្គាល់​រន្ធ" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "ឧបករណ៍​សម្គាល់​រន្ធ​របស់ PKCS#11" + diff --git a/po/kn.po b/po/kn.po new file mode 100644 index 0000000..3059c58 --- /dev/null +++ b/po/kn.po @@ -0,0 +1,95 @@ +# Kannada translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# Shankar Prasad , 2011. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug." +"cgi?product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2011-03-29 21:52+0000\n" +"PO-Revision-Date: 2011-03-31 22:40+0530\n" +"Last-Translator: Shankar Prasad \n" +"Language-Team: Kannada \n" +"Language: kn\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.1\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#: ../proxy/libproxy/glibproxyresolver.c:151 +msgid "Proxy resolver internal error." +msgstr "ಪ್ರಾಕ್ಸಿ ಪರಿಚಾರಕದ ಆಂತರಿಕ ದೋಷ." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER ಪ್ರಮಾಣಪತ್ರವನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM ಪ್ರಮಾಣಪತ್ರವನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:214 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER ಖಾಸಗಿ ಕೀಲಿಯನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM ಖಾಸಗಿ ಕೀಲಿಯನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:275 +msgid "No certificate data provided" +msgstr "ಯಾವುದೆ ಪ್ರಮಾಣಪತ್ರ ದತ್ತಾಂಶವನ್ನು ಒದಗಿಸಲಾಗಿಲ್ಲ" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:356 +msgid "Server required TLS certificate" +msgstr " ಪರಿಚಾರಕಕ್ಕೆ TSL ಪ್ರಮಾಣಪತ್ರದ ಅಗತ್ಯವಿದೆ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:241 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS ಸಂಪರ್ಕವನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:479 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS ಹ್ಯಾಂಡ್‌ಶೇಕ್ ಅನ್ನು ನಿರ್ವಹಿಸಲು ಪೀರ್-ನಿಂದ ಸಾಧ್ಯವಾಗಿಲ್ಲ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:497 +msgid "Peer requested illegal TLS rehandshake" +msgstr "ಪೀರ್ ಒಂದು ಅನಧೀಕೃತವಾದ TLS ಮರುಹ್ಯಾಂಡ್‌ಶೇಕ್‌" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:511 +msgid "TLS connection closed unexpectedly" +msgstr "TLS ಸಂಪರ್ಕವು ಅನಿರೀಕ್ಷಿತವಾಗಿ ನಿರ್ಗಮಿಸಿದೆ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:799 +#: ../tls/gnutls/gtlsconnection-gnutls.c:825 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS ಹ್ಯಾಂಡ್‌ಶೇಕ್ ನಿರ್ವಹಿಸುವಾಗ ದೋಷ ಉಂಟಾಗಿದೆ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:876 +msgid "Unacceptable TLS certificate" +msgstr "TLS ಪ್ರಮಾಣಪತ್ರವನ್ನು ಒಪ್ಪಿಕೊಳ್ಳಲು ಸಾಧ್ಯವಿಲ್ಲ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1023 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS ಸಾಕೆಟ್‌ನಿಂದ ದತ್ತಾಂಶವನ್ನು ಓದುವಲ್ಲಿ ದೋಷ ಉಂಟಾಗಿದೆ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1049 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS ಸಾಕೆಟ್‌ಗೆ ದತ್ತಾಂಶವನ್ನು ಬರೆಯುವಲ್ಲಿ ದೋಷ ಉಂಟಾಗಿದೆ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1095 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS ಮುಚ್ಚುವಿಕೆಯನ್ನು ನಿರ್ವಹಿಸುವಲ್ಲಿ ದೋಷ ಉಂಟಾಗಿದೆ: %s" + diff --git a/po/ko.po b/po/ko.po new file mode 100644 index 0000000..997f810 --- /dev/null +++ b/po/ko.po @@ -0,0 +1,194 @@ +# Korean translation for glib-networking. +# This file is distributed under the same license as the glib-networking package. +# +# Changwoo Ryu , 2011-2013, 2017-2018. +# +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-02-25 10:00+0900\n" +"Last-Translator: Changwoo Ryu \n" +"Language-Team: Korean \n" +"Language: ko\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "프록시 리졸버 내부 오류." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER 인증서를 파싱할 수 없습니다: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM 인증서를 파싱할 수 없습니다: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER 개인 키를 파싱할 수 없습니다: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM 개인 키를 파싱할 수 없습니다: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "인증서 데이터를 제공하지 않았습니다" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "서버에 TLS 인증서가 필요합니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS 연결을 만들 수 없습니다: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "연결이 닫혔습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "동작이 중단됩니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "소켓 입출력 제한 시간이 넘었습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "상대편이 TLS 핸드셰이킹에 실패했습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "상대편이 잘못된 TLS 핸드셰이킹을 요청했습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS 연결이 예상치 못하게 닫혔습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS 연결 상대가 인증서를 보내지 않았습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "상대가 치명적인 TLS 알림을 보냈습니다: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "DTLS 연결에 사용하기에는 메시지 크기가 너무 큽니다: 최대는 %u바이트입니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "작업이 제한 시간을 넘었습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "TLS 핸드셰이킹에 오류가 발생했습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "서버에서 올바른 TLS 인증서를 반환하지 않았습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "TLS 핸드셰이킹을 받아들일 수 없습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "받기 플래그를 지원하지 않습니다" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "크기가 %lu바이트인 메시지는 DTLS 연결에 사용하기에는 너무 큽니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(최대는 %u바이트입니다)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "보내기 플래그를 지원하지 않습니다" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "TLS 닫기에 오류가 발생했습니다" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "인증서에 개인 키가 없습니다" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "PIN 입력 마지막 기회입니다. 한 번 더 실패하면 토큰을 잠급니다." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"여러 번의 PIN 시도가 모두 틀렸으므로, 앞으로 더 실패하면 해당 토큰을 잠급니" +"다." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "입력한 PIN이 올바르지 않습니다." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "모듈" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 모듈 포인터" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "슬롯 아이디" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 슬롯 아이디" + +#~ msgid "Connection is already closed" +#~ msgstr "연결이 이미 닫혔습니다" diff --git a/po/lt.po b/po/lt.po new file mode 100644 index 0000000..f5038fc --- /dev/null +++ b/po/lt.po @@ -0,0 +1,202 @@ +# Lithuanian translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Algimantas Margevičius , 2011. +# Aurimas Černius , 2011, 2017, 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-28 13:29+0000\n" +"PO-Revision-Date: 2018-03-03 13:26+0200\n" +"Last-Translator: Aurimas Černius \n" +"Language-Team: Lietuvių \n" +"Language: lt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" +"%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Gtranslator 2.91.7\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Tarpininkų nustatytojo vidinė klaida." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nepavyko perskaityti DER liudijimo: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nepavyko perskaityti PEM liudijimo: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nepavyko perskaityti DER privataus rakto: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nepavyko perskaityti PEM privataus rakto: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Nėra pateiktų liudijimo duomenų" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Serveris reikalauja TLS liudijimo" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nepavyko užmegsti TLS ryšio: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Ryšys užvertas" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Veiksmas blokuosis" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Baigėsi lizdo I/O skirtas laikas" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Kita pusė neatliko TLS išankstinio suderinimo" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Kita pusė paprašė neteisingo pakartotinio TLS išankstinio suderinimo" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS ryšys netikėtai užsivėrė" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS ryšio porininkas neatsiuntė liudijimo" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Porininkas atsiuntė kritinį TLS perspėjimą: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitas" +msgstr[1] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitai" +msgstr[2] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitų" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Baigėsi operacijai skirtas laikas" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Klaida atliekant TLS išankstinį suderinimą" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Serveris negrąžino teisingo TLS liudijimo" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Nepriimtinas TLS liudijimas" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Klaida skaitant duomenis iš TLS lizdo" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Požymių gavimas nėra palaikomas" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Klaida rašant duomenis į TLS lizdą" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Žinutė, kurios dydis %lu baitas, yra per didelė DTLS ryšiui" +msgstr[1] "Žinutė, kurios dydis %lu baitai, yra per didelė DTLS ryšiui" +msgstr[2] "Žinutė, kurios dydis %lu baitų, yra per didelė DTLS ryšiui" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(didžiausia yra %u baitas)" +msgstr[1] "(didžiausia yra %u baitai)" +msgstr[2] "(didžiausia yra %u baitų)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Požymių siuntimas nėra palaikomas" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Klaida atliekant TLS užvėrimą" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Liudijimas neturi privataus rakto" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Tai yra paskutinis šansas įvesti teisingą PIN, kitaip jūsų prieiga bus " +"užrakinta." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "Keli PIN bandymai buvo neteisingi, jei taip ir toliau, bus užrakinta." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Įvestas PIN yra neteisingas." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modulis" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 modulio rodyklė" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Lizdo ID" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 lizdo identifikatorius" + +#~ msgid "Connection is already closed" +#~ msgstr "Ryšys jau užvertas" diff --git a/po/lv.po b/po/lv.po new file mode 100644 index 0000000..a8691c5 --- /dev/null +++ b/po/lv.po @@ -0,0 +1,208 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Rūdolfs Mazurs , 2012, 2013, 2017, 2018. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib" +"&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-03-09 21:02+0200\n" +"Last-Translator: Rūdolfs Mazurs \n" +"Language-Team: Latvian \n" +"Language: lv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 2.0\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 :" +" 2);\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Starpnieka risinātāja iekšēja kļūda." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nevarēju noparsēt DER sertifikātu — %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nevarēju noparsēt PEM sertifikātu — %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nevarēju noparsēt DER privāto atslēgu — %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nevarēju noparsēt PEM privāto atslēgu — %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Nav norādīti sertifikāta dati" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Serveris pieprasa TLS sertifikātu" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Neizdevās izveidot TLS savienojumu — %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Savienojums ir aizvērts" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Darbība bloķēs" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Ligzdai I/O iestājās noildze" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Dalībniekam neizdevās veikt TLS izaicinājumrokspiedienu" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Dalībnieks pieprasīja neatļautu TLS izaicinājumrokspiedienu" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS savienojums aizvērās negaidīti" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS savienojuma dalībnieks neatsūtīja sertifikātu" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Biedrs nosūtīja fatālu TLS brīdinājumu: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baits" +msgstr[1] "" +"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baiti" +msgstr[2] "" +"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baitu" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Darbībai iestājās noildze" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +#| msgid "Error performing TLS handshake: %s" +msgid "Error performing TLS handshake" +msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Serveris neatgrieza derīgu TLS sertifikātu" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Nepieņemams TLS sertifikāts" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +#| msgid "Error reading data from TLS socket: %s" +msgid "Error reading data from TLS socket" +msgstr "Kļūda, lasot datus no TLS ligzdas" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Saņemšanas slēdži nav atbalstīti" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +#| msgid "Error writing data to TLS socket: %s" +msgid "Error writing data to TLS socket" +msgstr "Kļūda, rakstot datus TLS ligzdā" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Ziņojums ar izmēru %lu baits ir pārāk garš DTLS savienojumam" +msgstr[1] "Ziņojums ar izmēru %lu baiti ir pārāk garš DTLS savienojumam" +msgstr[2] "Ziņojums ar izmēru %lu baiti ir pārāk garš DTLS savienojumam" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maksimums ir %u baits)" +msgstr[1] "(maksimums ir %u baiti)" +msgstr[2] "(maksimums ir %u baitu)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Sūtīšanas slēdži nav atbalstīti" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +#| msgid "Error performing TLS close: %s" +msgid "Error performing TLS close" +msgstr "Kļūda, veicot TLS aizvēršanu" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Sertifikātam nav privātās atslēgas" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Šī ir pēdējā iespēja ievadīt pareizu PIN, pirms marķierierīce tiek noslēgta." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Vairāki ievadītie PIN kodi ir bijuši nepareizi, un marķierierīce tiks " +"noslēgta pēc turpmākām neveiksmēm." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Ievadītais PIN kods ir nepareizs." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modulis" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 moduļa rādītājs" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Ligzdas ID" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 ligzdas identifikators" + +#~ msgid "Connection is already closed" +#~ msgstr "Savienojums jau ir aizvērts" diff --git a/po/meson.build b/po/meson.build new file mode 100644 index 0000000..e9b77d7 --- /dev/null +++ b/po/meson.build @@ -0,0 +1 @@ +i18n.gettext(meson.project_name(), preset: 'glib') diff --git a/po/ml.po b/po/ml.po new file mode 100644 index 0000000..6208fed --- /dev/null +++ b/po/ml.po @@ -0,0 +1,160 @@ +# Malayalam translation for glib-networking. +# Copyright (C) 2012 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Manoj K , 2012. +# Balasankar Chelamattath , 2012 +# Anish A , 2013. +# Anish Sheela , 2017. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&k" +"eywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-05-23 15:17+0000\n" +"PO-Revision-Date: 2017-08-08 13:00+0530\n" +"Last-Translator: Anish Sheela \n" +"Language-Team: Swatantra Malayalam Computing \n" +"Language: ml\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" +"X-Project-Style: gnome\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "പ്രോക്സി റിസോള്‍വറിന്റെ ആന്തരിക പിഴവ്." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "%s :DER സാക്ഷ്യപത്രം പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല." + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "%s :PEM സാക്ഷ്യപത്രം പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല." + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "%s :DER രഹസ്യ കീ പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല." + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "%s :PEM രഹസ്യ കീ പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല." + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "സാക്ഷ്യപത്രവിവരങ്ങള്‍ ലഭ്യമല്ല" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "സെര്‍വ്വരിന് TLS സാക്ഷ്യപത്രം ആവശ്യമാണ്. " + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "%s :TLS കണക്ഷന്‍ നിര്‍മ്മിക്കാന്‍ സാധിച്ചില്ല" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "ബന്ധം വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "പ്രക്രിയ തടസ്സപ്പെടും" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS ഹാന്‍ഡ്ഷെയ്ക്ക് കാരണം പിയര്‍ പ്രകടനം പരാജയപ്പെട്ടു" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "പിയര്‍ നിയമാനുസൃതമല്ലാത്ത TLS ഹസ്തദാനം ആവശ്യപ്പെട്ടിരിക്കുന്നു" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "TLS ബന്ധം അപ്രതീക്ഷിതമായി വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS ബന്ധത്തിന്റെ പീയര്‍ സാക്ഷ്യപത്രം അയ്ച്ചില്ല" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "പിയര്‍ ഗുരുതരമായ TLS അറിയിപ്പ് അയച്ചു: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "%s: TLS ഹസ്തദാനം നടപ്പിലാക്കുന്നതില്‍ പിഴവ്" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "സെര്‍വ്വര്‍ സാധുവായ TLS സാക്ഷ്യപത്രം തന്നില്ല." + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "സ്വീകരിക്കാന്‍ പറ്റാത TLS സാക്ഷ്യപത്രം" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "%s: TLS സോക്കറ്റില്‍ നിന്നും ഡാറ്റ വായിക്കുന്നതില്‍ പിഴവ് " + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "%s: TLS സോക്കറ്റിലേക്ക് ഡാറ്റ എഴുതുന്നതില്‍ പിഴവ്" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "%s: TLS അടയ്ക്കുന്നതില്‍ പരാജയപ്പെട്ടിരിക്കുന്നു" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "സാക്ഷ്യപത്രത്തിന്് സ്വകാര്യ താക്കോല്‍ ഇല്ല " + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "ഇത് ടോക്കണ്‍ പൂട്ടുന്നതിന് മുന്പായി PIN ശരിയായി കയറ്റാനുള്ള അവസാന അവസരമാണ്" + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"ഒട്ടേറെ PIN ശ്രമങ്ങള്‍ പരാജയപ്പെട്ടു, അതിനാല് ഇനിയുള്ള പരാജയങ്ങള്ക്ക് ശേഷം ടോക്കണ്‍ പൂട്ടുന്നു" + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "നല്‍കിയ അടയാളനമ്പര്‍ തെറ്റാണ്." + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "മൊഡ്യൂള്‍" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 മൊഡ്യൂള്‍ പോയിന്റര്‍" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "സ്ലോട്ട് ഐഡി" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 സ്ലോട്ട് ഐഡന്റിഫയര്‍" + +#~ msgid "Connection is already closed" +#~ msgstr "ബന്ധം ഇതിനകം തന്നെ വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു" diff --git a/po/mr.po b/po/mr.po new file mode 100644 index 0000000..b4809df --- /dev/null +++ b/po/mr.po @@ -0,0 +1,134 @@ +# translation of mr.po to Marathi +# Marathi translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# Sandeep Shedmake , 2011, 2012. +msgid "" +msgstr "" +"Project-Id-Version: mr\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2011-11-19 01:32+0000\n" +"PO-Revision-Date: 2012-03-28 10:00+0530\n" +"Last-Translator: Sandeep Shedmake \n" +"Language-Team: Marathi \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=2; plural=(n!=1);\n" +"Language: mr\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "प्रॉक्सी रिजॉलव्हर आंतरिक त्रुटी." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "वाचणे अशक्य DER प्रमाणपत्र: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "वाचणे अशक्य PEM प्रमाणपत्र: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "वाचणे अशक्य DER व्यक्तिगत कि: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "वाचणे अशक्य PEM व्यक्तिगत कि: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "प्रमाणपत्र डाटा पुरवले नाही" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:385 +msgid "Server required TLS certificate" +msgstr "सर्व्हरला TLS प्रमाणपत्र आवश्यक आहे" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:279 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS जोडणी निर्माण करणे अशक्य: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:558 +msgid "Peer failed to perform TLS handshake" +msgstr "पीअर TLS हँडशेक करण्यास अपयशी" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +msgid "Peer requested illegal TLS rehandshake" +msgstr "पीअरने बेकायदेशीर TLS पुनः हँडशेककरीता विनंती केली" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:594 +msgid "TLS connection closed unexpectedly" +msgstr "TLS जोडणी अनपेक्षीतरित्या बंद झाले" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:888 +#: ../tls/gnutls/gtlsconnection-gnutls.c:914 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS हँडशेकवेळी त्रुटी आढळली: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:962 +msgid "Unacceptable TLS certificate" +msgstr "अस्वीकार्य TLS प्रमाणपत्र" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1099 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS सॉकेटपासून डाटा वाचतेवेळी त्रुटी: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1125 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS सॉकेटकरीता डाटा लिहतेवेळी त्रुटी: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1171 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS बंद करतेवेळी त्रुटी: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:138 +msgid "Certificate has no private key" +msgstr "प्रमामपत्रात प्राइव्हेट कि आढळली नाही" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"टोकन कुलूपबंद करण्यापूर्वी PIN योग्यरित्या देण्याचा हा शेवटचा पर्याय आहे." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"बरेच दिलेले PIN अयोग्य आहेत, व पुढील अपयशनंतर तुमचे टोकन कुलूपबंद केले जाईल." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "दिलेले PIN अयोग्य आहे." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "मॉड्युल" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 मॉड्युल पॉइंटर" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "स्लॉट ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 स्लॉट आइडेंटिफायर" + diff --git a/po/nb.po b/po/nb.po new file mode 100644 index 0000000..3b2f711 --- /dev/null +++ b/po/nb.po @@ -0,0 +1,192 @@ +# Norwegian bokmål translation of glib-networking. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Kjartan Maraas , 2011-2017. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking 2.35.x\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-09 15:37+0000\n" +"PO-Revision-Date: 2017-11-11 17:21+0100\n" +"Last-Translator: Kjartan Maraas \n" +"Language-Team: Norwegian bokmål \n" +"Language: nb\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Intern feil i proxy-navneoppslag." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Kunne ikke lese DER-sertifikat: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Kunne ikke lese PEM-sertifikat: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Kunne ikke lese privat DER-nøkkel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Kunne ikke lese privat PEM-nøkkel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Ingen sertifikatdata oppgitt" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Tjener krever TLS-sertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Kunne ikke lage TLS-tilkobling: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "Tilkoblingen er lukket" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Operasjonen ville blokkere" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Tidsavbrudd for I/O på plugg" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Likemann feilet å utføre TLS-håndtrykk" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Likemann ba om ugyldig nytt TLS-håndtrykk" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-tilkobling ble lukket uventet" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Sidemann for TLS-tilkobling sendte ikke et sertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +msgstr[1] "" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Tidsavbrudd for operasjonen" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Feil under utføring av TLS-håndtrykk" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Tjener returnerte ikke et gyldig TLS-sertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Uakseptabelt TLS-sertifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Feil under lesing av data fra TLS-plugg" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Feil under skriving av data til TLS-plugg" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +msgstr[1] "" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maksimum er %u byte)" +msgstr[1] "(maksimum er %u bytes)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Send-flagg er ikke støttet" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Feil under utføring av lukking av TLS-tilkobling" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Sertifikatet har ingen privat nøkkel" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Dette er siste sjanse til å oppgi korrekt PIN-kode før tokenet låses." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Flere feilede forsøk med PIN oppdaget. Token vil bli låst ved flere feilede " +"forsøk." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Oppgitt PIN er feil." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11-modulpeker" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "Plassidentifikator" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 plassidentifikator" diff --git a/po/ne.po b/po/ne.po new file mode 100644 index 0000000..bc0ea5b --- /dev/null +++ b/po/ne.po @@ -0,0 +1,153 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: Gnome Nepali Translation Project\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-08-09 22:34+0000\n" +"PO-Revision-Date: 2017-08-21 12:59+0545\n" +"Language-Team: Nepali Translation Team \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.3\n" +"Last-Translator: Pawan Chitrakar \n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"Language: ne\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "प्रोक्सी हलकर्ता आन्तरिक त्रुटि।" + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER प्रमाणपत्र पार्स गर्न सकेन:% s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM प्रमाणपत्र पार्स गर्न सकेन:% s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER निजी कुञ्जी पार्स गर्न सकेन:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "प्रमाणपत्र डाटा उपलब्ध छैन" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:375 +msgid "Server required TLS certificate" +msgstr "सर्भर TLS प्रमाणपत्र आवश्यक " + +#: tls/gnutls/gtlsconnection-gnutls.c:310 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS जडान सिर्जना गर्न सकेन: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "जडान बन्द भयो" + +#: tls/gnutls/gtlsconnection-gnutls.c:645 +#: tls/gnutls/gtlsconnection-gnutls.c:1528 +msgid "Operation would block" +msgstr "सञ्चालन ब्लक थियो" + +#: tls/gnutls/gtlsconnection-gnutls.c:792 +#: tls/gnutls/gtlsconnection-gnutls.c:831 +msgid "Peer failed to perform TLS handshake" +msgstr "समान TLS ह्यान्डशेक गर्न असफल भयो" + +#: tls/gnutls/gtlsconnection-gnutls.c:810 +msgid "Peer requested illegal TLS rehandshake" +msgstr "" + +#: tls/gnutls/gtlsconnection-gnutls.c:837 +msgid "TLS connection closed unexpectedly" +msgstr "TLS जडान अकस्मात बन्द भयो" + +#: tls/gnutls/gtlsconnection-gnutls.c:847 +msgid "TLS connection peer did not send a certificate" +msgstr "समान TLS जडानले प्रमाणपत्र पठाएनन्" + +#: tls/gnutls/gtlsconnection-gnutls.c:853 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "" + +#: tls/gnutls/gtlsconnection-gnutls.c:1241 +#: tls/gnutls/gtlsconnection-gnutls.c:1274 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS ह्यान्डशेक गर्दा त्रुटि: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1284 +msgid "Server did not return a valid TLS certificate" +msgstr "सर्भरले वैध TLS प्रमाणपत्र फर्काउन सकेन" + +#: tls/gnutls/gtlsconnection-gnutls.c:1354 +msgid "Unacceptable TLS certificate" +msgstr "अमान्य TLS प्रमाणपत्र" + +#: tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS सकेटबाट डाटा पढ्दा त्रुटि: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1591 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS सकेटमा डाटा लेख्दा त्रुटि: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1655 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS बन्द गर्दा त्रुटि: %s" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:107 +msgid "Certificate has no private key" +msgstr "प्रमाणपत्रमा निजी कुञ्जी छैन" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "टोकन बन्द हुन यो पिन प्रविष्ट गर्न अन्तिम मौका हो।" + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "धेरै पिन प्रयास गलत छ, र अर्को असफलता पछि टोकन बन्द गरिनेछ।" + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "प्रविष्ट पिन मिलेन" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "Module" +msgstr "मोड्युल" + +#: tls/pkcs11/gpkcs11slot.c:450 +msgid "PKCS#11 Module Pointer" +msgstr "" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "Slot ID" +msgstr "स्लटआईडी" + +#: tls/pkcs11/gpkcs11slot.c:458 +msgid "PKCS#11 Slot Identifier" +msgstr "" diff --git a/po/nl.po b/po/nl.po new file mode 100644 index 0000000..74c3296 --- /dev/null +++ b/po/nl.po @@ -0,0 +1,199 @@ +# Dutch translation for glib-networking +# This file is distributed under the same license as the glib-networking package. +# +# Wouter Bolsterlee , 2011–2013 +# Rachid , 2012. +# Nathan Follens , 2017. +# +# Peer - andere kant van de verbinding (heel vrij vertaald) +msgid "" +msgstr "" +"Project-Id-Version: gconf\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-08 06:15+0000\n" +"PO-Revision-Date: 2017-12-20 14:38+0100\n" +"Last-Translator: Nathan Follens \n" +"Language-Team: Dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Poedit 2.0.5\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Interne fout in proxy-resolver." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Kon DER-certificaat niet parseren: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Kon PEM-certificaat niet parseren: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Kon DER-privésleutel niet parseren: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Kon PEM-privésleutel niet parseren: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Geen certificaatgegevens opgegeven" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Server vereiste een TLS-certificaat" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Kon geen TLS-verbinding maken: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Verbinding is gesloten" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Bewerking zou blokkeren" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Time-out bij socket-I/O" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Andere kant van de verbinding gaf geen TLS-handshake" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-verbinding onverwachts afgebroken" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS-verbinding van andere kant stuurde geen certificaat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Andere kant van de verbinding stuurde fatale TLS-waarschuwing: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Bericht is te groot voor DTLS-verbinding; maximaal %u byte" +msgstr[1] "Bericht is te groot voor DTLS-verbinding, maximaal %u bytes" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Time-out bij bewerking" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Fout bij uitvoeren van TLS-handshake" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Server gaf geen geldig TLS-certificaat weer" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Onacceptabel TLS-certificaat" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Fout bij het lezen van de TLS-socket" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Ontvangstvlaggen worden niet ondersteund" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Fout bij het schrijven naar de TLS-socket" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Bericht van grootte %lu byte is te groot voor DTLS-verbinding" +msgstr[1] "Bericht van grootte %lu bytes is te groot voor DTLS-verbinding" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maximaal %u byte)" +msgstr[1] "(maximaal %u bytes)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Verstuurvlaggen worden niet ondersteund" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Fout bij sluiten van TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Certificaat heeft geen privésleutel" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Dit is de laatste kans om de pincode correct in te voeren voordat de token " +"ongeldig wordt." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"U heeft meerdere malen een onjuiste pincode ingevoerd. Na verdere mislukte " +"pogingen wordt de token ongeldig." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "De ingevoerde pincode is onjuist." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Module" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 Module Pointer" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Slot ID" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 Slot Identifier" diff --git a/po/oc.po b/po/oc.po new file mode 100644 index 0000000..fee7d00 --- /dev/null +++ b/po/oc.po @@ -0,0 +1,208 @@ +# Occitan translation for glib-networking. +# Copyright (C) 2011-2012 Listed translators +# This file is distributed under the same license as the glib-networking package. +# Cédric Valmary , 2015. +# Cédric Valmary (Tot en òc) , 2015. +# Cédric Valmary (totenoc.eu) , 2016, 2018. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&k" +"eywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-02-26 14:05+0200\n" +"Last-Translator: Cédric Valmary (totenoc.eu) \n" +"Language-Team: Tot En Òc\n" +"Language: oc\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Virtaal 0.7.1\n" +"X-Launchpad-Export-Date: 2015-05-21 17:44+0000\n" +"X-Project-Style: gnome\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Error intèrna del resolvedor de servidor mandatari." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Impossible d'analisar lo certificat DER : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Impossible d'analisar lo certificat PEM : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Impossible d'analisar la clau privada DER : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Impossible d'analisar la clau privada PEM : %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Cap de donada de certificat pas provesida" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Lo servidor requerís un certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Impossible de crear una connexion TLS : %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "La connexion es tampada" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "L'operacion se poiriá blocar" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Las entradas/sortidas del connectador an expirat" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "La negociacion TLS amb lo servidor par a fracassat" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Lo servidor par a demandat una renegociacion TLS pas autorizada" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "La connexion TLS es estada tampada d'un biais imprevist" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Lo par TLS a pas mandat cap de certificat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Lo par a mandat una alèrta TLS fatala : %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Lo messatge es tròp grand per la connexion DTLS ; lo maximum es de %u octet" +msgstr[1] "" +"Lo messatge es tròp grand per la connexion DTLS ; lo maximum es de %u octets" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "L’operacion a expirat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +#| msgid "Error performing TLS handshake: %s" +msgid "Error performing TLS handshake" +msgstr "Error al moment de la negociacion TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Lo servidor a pas renviat cap de certificat TLS valid" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Certificat TLS inacceptable" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +#| msgid "Error reading data from TLS socket: %s" +msgid "Error reading data from TLS socket" +msgstr "Error al moment de la lectura de donadas del connectador TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Las bandièras de recepcion son pas presas en carga" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +#| msgid "Error writing data to TLS socket: %s" +msgid "Error writing data to TLS socket" +msgstr "Error al moment de l'escritura de donadas sul connectador TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Un messatge de %lu octet es tròp grand per la connexion DTLS" +msgstr[1] "Un messatge de %lu octets es tròp grand per la connexion DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(lo maximum es de %u octet)" +msgstr[1] "(lo maximum es de %u octets)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Las bandièras de mandadís son pas presas en carga" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +#| msgid "Error performing TLS close: %s" +msgid "Error performing TLS close" +msgstr "Error al moment de la tampadura TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Lo certificat a pas cap de clau privada" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de piuse " +"siá verrolhada." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo " +"verrolhatge de la carta de piuse." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Lo PIN picat es incorrècte." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Puntador de modul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "ID del connectador" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificant d'emplaçament PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "La connexion es ja tampada" diff --git a/po/or.po b/po/or.po new file mode 100644 index 0000000..b0242db --- /dev/null +++ b/po/or.po @@ -0,0 +1,134 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Manoj Kumar Giri , 2011, 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2011-11-19 01:32+0000\n" +"PO-Revision-Date: 2012-04-05 17:32+0530\n" +"Last-Translator: Manoj Kumar Giri \n" +"Language-Team: Oriya \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"Language: or\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "ପ୍ରକ୍ସି ସମାଧାନକାରୀ ଆଭ୍ଯନ୍ତରୀଣ ତୃଟି।" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER ପ୍ରମାଣପତ୍ରକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM ପ୍ରମାଣପତ୍ରକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER ବ୍ୟକ୍ତିଗତ କିକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM ବ୍ୟକ୍ତିଗତ କିକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "କୌଣସି ପ୍ରମାଣପତ୍ର ତଥ୍ୟ ପ୍ରଦାନ କରାଯାଇନାହିଁ" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:385 +msgid "Server required TLS certificate" +msgstr "ସର୍ଭର TLS ପ୍ରମାଣପତ୍ର ଆବଶ୍ୟକ କରିଥାଏ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:279 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS ସଂଯୋଗକୁ ନିର୍ମାଣ କରିପାରିଲା ନାହିଁ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:558 +msgid "Peer failed to perform TLS handshake" +msgstr "ସହଯୋଗୀଟି TLS ହ୍ୟାଣ୍ଡସେକ କରିବାରେ ବିଫଳ ହେଲା" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +msgid "Peer requested illegal TLS rehandshake" +msgstr "ସହଯୋଗୀଟି ଅବୈଧ TLS ରିହ୍ୟାଣ୍ଡସେକକୁ ଅନୁରୋଧ କରିଛି" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:594 +msgid "TLS connection closed unexpectedly" +msgstr "TLS ସଂଯୋଗ ଅପ୍ରତ୍ୟାଶିତ ଭାବରେ ବନ୍ଦ ହୋଇଛି" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:888 +#: ../tls/gnutls/gtlsconnection-gnutls.c:914 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS ହ୍ୟାଣ୍ଡସେକ କରିବା ସମୟରେ ତ୍ରୁଟି: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:962 +msgid "Unacceptable TLS certificate" +msgstr "ଅଗ୍ରହଣୀୟ TLS ପ୍ରମାଣପତ୍ର" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1099 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS ସକେଟରୁ ତଥ୍ଯ ପଢିବାରେ ତୃଟି: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1125 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS ସକେଟରେ ତଥ୍ୟ ଲେଖିବାରେ ତୃଟି: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1171 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS ବନ୍ଦ କରିବା ସମୟରେ ତ୍ରୁଟି: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:138 +msgid "Certificate has no private key" +msgstr "ପ୍ରମାଣପତ୍ରରେ କୌଣସି ବ୍ୟକ୍ତିଗତ କି ନାହିଁ" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"ସଠିକ ଭାବରେ PIN ଭରଣ କରିବାର ଏହା ଅନ୍ତିମ ସୁଯୋଗ। ଏହା ପରେ ଟକେନଟି " +"ଅପରିବର୍ତ୍ତନୀୟ ହୋଇଯିବ।" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"ଅନେକ PIN ଭୁଲ ଭାବରେ ଭରଣ କରାଯାଇଛି, ଏବଂ ଅନେକ ବିଫଳତା ହେତୁ ଟକେନଟିକୁ " +"ଅପରିବର୍ତ୍ତନୀୟ କରାଯାଇଛି।" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "ଭରଣ କରାଯାଇଥିବା PIN ଟି ଭୁଲ ଅଟେ।" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "ମୋଡ୍ଯୁଲ" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 ମୋଡ୍ୟୁଲ ସୂଚକ" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "ସ୍ଲଟ ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 ସ୍ଲଟ ପରିଚାୟକ" + diff --git a/po/pa.po b/po/pa.po new file mode 100644 index 0000000..b894476 --- /dev/null +++ b/po/pa.po @@ -0,0 +1,155 @@ +# Punjabi translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# A S Alam , 2011, 2012, 2013. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-11-29 22:09+0000\n" +"PO-Revision-Date: 2013-02-26 07:18+0530\n" +"Last-Translator: A S Alam \n" +"Language-Team: Punjabi/Panjabi \n" +"Language: pa\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Lokalize 1.5\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "ਪਰਾਕਸੀ ਹੱਲਕਰਤਾ ਅੰਦਰੂਨੀ ਗਲਤੀ ਹੈ।" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER ਸਰਟੀਫਿਕੇਟ ਪਾਰਸ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਿਆ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM ਸਰਟੀਫਿਕੇਟ ਪਾਰਸ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਿਆ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER ਪ੍ਰਾਈਵੇਟ ਕੁੰਜੀ ਪਾਰਸ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM ਪ੍ਰਾਈਵੇਟ ਕੁੰਜੀ ਪਾਰਸ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "ਕੋਈ ਸਰਟੀਫਿਕੇਟ ਡਾਟਾ ਨਹੀਂ ਦਿੱਤਾ ਗਿਆ" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "ਸਰਵਰ ਨੂੰ TLS ਸਰਟੀਫਿਕੇਤ ਚਾਹੀਦਾ ਹੈ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਬਣਾਇਆ ਨਹੀਂ ਜਾ ਸਕਿਆ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "ਕੁਨੈਕਸ਼ਨ ਬੰਦ ਕੀਤਾ ਗਿਆ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1382 +msgid "Operation would block" +msgstr "ਕਾਰਵਾਈ ਰੋਕੀ ਜਾ ਸਕਦੀ ਹੈ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:703 +msgid "Peer failed to perform TLS handshake" +msgstr "ਪੀਅਰ TLS ਹੈਂਡਸੇਕ ਕਰਨ ਲਈ ਫੇਲ੍ਹ ਹੈ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:720 +msgid "Peer requested illegal TLS rehandshake" +msgstr "ਪੀਅਰ ਨੇ ਗਲਤ TLS ਮੁੜ-ਹੈਂਡਸੇਕ ਲਈ ਮੰਗ ਕੀਤੀ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:746 +msgid "TLS connection closed unexpectedly" +msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਅਚਾਨਕ ਬੰਦ ਹੋ ਗਿਆ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:756 +#| msgid "Server did not return a valid TLS certificate" +msgid "TLS connection peer did not send a certificate" +msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਪੀਅਰ ਨੇ ਸਰਟੀਫਿਕੇਟ ਵਾਪਸ ਨਹੀਂ ਭੇਜਿਆ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1064 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1083 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS ਹੈਂਡਸੇਕ ਕਰਨ ਦੌਰਾਨ ਗਲਤੀ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1228 +msgid "Unacceptable TLS certificate" +msgstr "ਨਾ-ਮਨਜ਼ੂਰ TLS ਸਰਟੀਫਿਕੇਟ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1239 +msgid "Server did not return a valid TLS certificate" +msgstr "ਸਰਵਰ ਨੇ ਠੀਕ TLS ਸਰਟੀਫਿਕੇਟ ਵਾਪਸ ਨਹੀਂ ਕੀਤਾ ਹੈ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1405 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS ਸਾਕਟ ਤੋਂ ਡਾਟਾ ਪੜ੍ਹਨ ਲਈ ਫੇਲ੍ਹ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1434 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS ਸਾਕਟ ਲਈ ਡਾਟਾ ਪੜ੍ਹਨ ਦੌਰਾਨ ਗਲਤੀ: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1478 +msgid "Connection is already closed" +msgstr "ਕੁਨੈਕਸ਼ਨ ਪਹਿਲਾਂ ਹੀ ਬੰਦ ਹੈ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1488 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS ਬੰਦ ਕਰਨ ਗਲਤੀ: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "ਸਰਟੀਫਿਕੇਟ ਲਈ ਕੋਈ ਪ੍ਰਾਈਵੇਟ ਕੁੰਜੀ ਨਹੀਂ ਹੈ" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "ਟੋਕਨ ਦੇ ਲਾਕ ਹੋਣ ਤੋਂ ਪਹਿਲਾਂ ਠੀਕ ਪਿੰਨ ਭਰਨ ਦਾ ਇਹ ਆਖਰੀ ਮੌਕਾ ਹੈ।" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"ਪਿੰਨ ਭਰਨ ਦੀਆਂ ਕਈ ਕੋਸ਼ਿਸ਼ ਗਲਤ ਹੋਈਆਂ ਹਨ ਅਤੇ ਫੇਰ ਟੋਕਨ ਹੋਰ ਫੇਲ੍ਹ ਦੇ ਬਾਅਦ ਲਾਕ ਹੋ " +"ਜਾਵੇਗਾ।" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "ਦਿੱਤਾ ਗਿਆ ਪਿੰਨ ਗਲਤ ਹੈ।" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "ਮੋਡੀਊਲ" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 ਮੋਡੀਊਲ ਪੁਆਇੰਟਰ" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "ਸਲਾਟ ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 ਸਲਾਟ ਪਛਾਣਕਰਤਾ" + diff --git a/po/pl.po b/po/pl.po new file mode 100644 index 0000000..fb41269 --- /dev/null +++ b/po/pl.po @@ -0,0 +1,200 @@ +# Polish translation for glib-networking. +# Copyright © 2011-2018 the glib-networking authors. +# This file is distributed under the same license as the glib-networking package. +# Piotr Drąg , 2011-2018. +# Aviary.pl , 2011-2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2017-11-03 18:26+0000\n" +"PO-Revision-Date: 2018-02-04 23:58+0100\n" +"Last-Translator: Piotr Drąg \n" +"Language-Team: Polish \n" +"Language: pl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#: proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Wewnętrzny błąd rozwiązywania pośrednika." + +#: tls/gnutls/gtlscertificate-gnutls.c:176 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nie można przetworzyć certyfikatu DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:197 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nie można przetworzyć certyfikatu PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:228 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nie można przetworzyć klucza prywatnego DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:259 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nie można przetworzyć klucza prywatnego PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:299 +msgid "No certificate data provided" +msgstr "Nie podano danych certyfikatu" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:396 +msgid "Server required TLS certificate" +msgstr "Serwer wymaga certyfikatu TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:382 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nie można utworzyć połączenia TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:677 +msgid "Connection is closed" +msgstr "Połączenie jest zamknięte" + +#: tls/gnutls/gtlsconnection-gnutls.c:752 +#: tls/gnutls/gtlsconnection-gnutls.c:2152 +msgid "Operation would block" +msgstr "Działanie zablokowałoby" + +#: tls/gnutls/gtlsconnection-gnutls.c:793 +#: tls/gnutls/gtlsconnection-gnutls.c:1374 +msgid "Socket I/O timed out" +msgstr "Wejście/wyjście gniazda przekroczyło czas oczekiwania" + +#: tls/gnutls/gtlsconnection-gnutls.c:927 +#: tls/gnutls/gtlsconnection-gnutls.c:966 +msgid "Peer failed to perform TLS handshake" +msgstr "Wykonanie powitania TLS przez partnera się nie powiodło" + +#: tls/gnutls/gtlsconnection-gnutls.c:945 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Partner zażądał niedozwolonego ponownego powitania TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:972 +msgid "TLS connection closed unexpectedly" +msgstr "Połączenie TLS zostało nieoczekiwanie zamknięte" + +#: tls/gnutls/gtlsconnection-gnutls.c:982 +msgid "TLS connection peer did not send a certificate" +msgstr "Partner połączenia TLS nie wysłał certyfikatu" + +#: tls/gnutls/gtlsconnection-gnutls.c:988 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Partner wysłał krytyczny alarm TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:996 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajt" +msgstr[1] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajty" +msgstr[2] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajtów" + +#: tls/gnutls/gtlsconnection-gnutls.c:1003 +msgid "The operation timed out" +msgstr "Działanie przekroczyło czas oczekiwania" + +#: tls/gnutls/gtlsconnection-gnutls.c:1780 +#: tls/gnutls/gtlsconnection-gnutls.c:1831 +msgid "Error performing TLS handshake" +msgstr "Błąd podczas wykonywania powitania TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1841 +msgid "Server did not return a valid TLS certificate" +msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1917 +msgid "Unacceptable TLS certificate" +msgstr "Nieakceptowalny certyfikat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2185 +#: tls/gnutls/gtlsconnection-gnutls.c:2276 +msgid "Error reading data from TLS socket" +msgstr "Błąd podczas odczytywania danych z gniazda TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2306 +#, c-format +msgid "Receive flags are not supported" +msgstr "Flagi odbioru są nieobsługiwane" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2382 +#: tls/gnutls/gtlsconnection-gnutls.c:2453 +msgid "Error writing data to TLS socket" +msgstr "Błąd podczas zapisywania danych do gniazda TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2423 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Komunikat o %lu bajcie jest za duży dla połączenia DTLS" +msgstr[1] "Komunikat o %lu bajtach jest za duży dla połączenia DTLS" +msgstr[2] "Komunikat o %lu bajtach jest za duży dla połączenia DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2425 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maksimum to %u bajt)" +msgstr[1] "(maksimum to %u bajty)" +msgstr[2] "(maksimum to %u bajtów)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2484 +#, c-format +msgid "Send flags are not supported" +msgstr "Flagi wysyłki są nieobsługiwane" + +#: tls/gnutls/gtlsconnection-gnutls.c:2584 +msgid "Error performing TLS close" +msgstr "Błąd podczas wykonywania zamknięcia TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:109 +msgid "Certificate has no private key" +msgstr "Certyfikat nie ma klucza prywatnego" + +#: tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"To jest ostatnia szansa na poprawne wpisanie kodu PIN przed zablokowaniem " +"tokena." + +#: tls/pkcs11/gpkcs11pin.c:112 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Przeprowadzono kilka niepoprawnych prób wpisania kodu PIN. Token zostanie " +"zablokowany po dalszych niepowodzeniach." + +#: tls/pkcs11/gpkcs11pin.c:114 +msgid "The PIN entered is incorrect." +msgstr "Wpisany kod PIN jest niepoprawny." + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "Module" +msgstr "Moduł" + +#: tls/pkcs11/gpkcs11slot.c:449 +msgid "PKCS#11 Module Pointer" +msgstr "Wskaźnik modułu PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "Slot ID" +msgstr "Identyfikator gniazda" + +#: tls/pkcs11/gpkcs11slot.c:457 +msgid "PKCS#11 Slot Identifier" +msgstr "Identyfikator gniazda PKCS#11" diff --git a/po/pt.po b/po/pt.po new file mode 100644 index 0000000..3773e03 --- /dev/null +++ b/po/pt.po @@ -0,0 +1,157 @@ +# Portuguese translation for glib-networking. +# Copyright © 2011, 2012, 2013 glib-networking +# This file is distributed under the same license as the glib-networking package. +# Duarte Loreto , 2011, 2012, 2013. +# +# Pedro Albuquerque , 2015. +# +msgid "" +msgstr "" +"Project-Id-Version: 3.8\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2015-06-07 17:56+0000\n" +"PO-Revision-Date: 2015-06-24 09:24+0100\n" +"Last-Translator: Pedro Albuquerque \n" +"Language-Team: Português \n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Gtranslator 2.91.6\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Erro interno do solucionador de proxies." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Impossível processar o certificado DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Impossível processar o certificado PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Impossível processar a chave privada DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Impossível processar a chave privada PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Não foram indicados quaisquer dados de certificado" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:337 +msgid "Server required TLS certificate" +msgstr "O servidor requer um certificado TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:305 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Impossível criar uma ligação TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:572 +msgid "Connection is closed" +msgstr "A ligação está fechada" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:635 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1504 +msgid "Operation would block" +msgstr "Operação iria bloquear" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:774 +#: ../tls/gnutls/gtlsconnection-gnutls.c:813 +msgid "Peer failed to perform TLS handshake" +msgstr "O destino falhou ao estabelecer a ligação (handshake) TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:792 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Destino requereu novo handshake TLS ilegal" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:819 +msgid "TLS connection closed unexpectedly" +msgstr "Ligação TLS terminada inesperadamente" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:829 +msgid "TLS connection peer did not send a certificate" +msgstr "O parceiro de ligação TLS não enviou um certificado" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1212 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1245 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Erro ao estabelecer a ligação TLS (handshake): %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1255 +msgid "Server did not return a valid TLS certificate" +msgstr "O servidor não devolveu um certificado TLS válido" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1330 +msgid "Unacceptable TLS certificate" +msgstr "Certificado TLS inaceitável" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1538 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Erro ao ler dados do socket TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1567 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Erro ao escrever dados no socket TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1619 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Erro ao terminar a ligação TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Certificado não tem chave privada" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Esta é a última oportunidade para introduzir corretamente o PIN antes de que " +"o símbolo seja trancado." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Foram introduzidos vários PINs incorretos e o símbolo será trancado caso " +"ocorram mais falhas." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "O PIN introduzido está incorreto." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Módulo" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "Ponteiro de módulo PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "ID de slot" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificador de slot PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "A ligação já está fechada" diff --git a/po/pt_BR.po b/po/pt_BR.po new file mode 100644 index 0000000..1547c5f --- /dev/null +++ b/po/pt_BR.po @@ -0,0 +1,204 @@ +# Brazilian Portuguese translation of glib-networking. +# Copyright (C) 2017 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# André Gondim , 2011. +# Djavan Fagundes , 2011. +# Jonh Wendell , 2012. +# Rafael Fontenelle , 2012, 2017, 2018. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-08 06:15+0000\n" +"PO-Revision-Date: 2018-02-01 05:19-0200\n" +"Last-Translator: Rafael Fontenelle \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Virtaal 1.0.0-beta1\n" +"X-Project-Style: gnome\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Erro interno do resolvedor de proxy." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Não foi possível analisar certificado DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Não foi possível analisar certificado PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Não foi possível analisar chave privada DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Não foi possível analisar chave privada PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Nenhum dado de certificado fornecido" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "O servidor requer certificado TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Não foi possível criar conexão TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "A conexão está encerrada" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "A operação bloquearia" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Tempo de E/S do soquete foi esgotado" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Peer falhou ao realizar negociação TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "O peer requisitou uma negociação TLS ilegal" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "Conexão TLS fechou inesperadamente" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Conexão TLS não enviou um certificado" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "O peer enviou alerta TLS fatal: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "A mensagem é grande demais para conexão DTLS; máximo é %u byte" +msgstr[1] "A mensagem é grande demais para conexão DTLS; máximo é %u bytes" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Tempo da operação foi esgotado" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Erro executando negociação TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Servidor não retornou certificado TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Certificado TLS inaceitável" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Erro ao ler dados do socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Não há suporte a recebimento de sinalizadores" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Erro ao gravar dados do socket TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +"Uma mensagem de tamanho %lu byte é grande demais para uma conexão DTLS" +msgstr[1] "" +"Uma mensagem de tamanho %lu bytes é grande demais para uma conexão DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(máximo é %u byte)" +msgstr[1] "(máximo é %u bytes)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Não há suporte a envio de sinalizadores" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Erro ao executar fechamento TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "O certificado não contém nenhuma chave privada" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Esta é a última chance de digitar o PIN corretamente antes que o token seja " +"bloqueado." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"O PIN foi digitado várias vezes incorretamente, por isso o token será " +"bloqueado agora." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "O PIN digitado está incorreto." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Módulo" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 Module Pointer" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Slot ID" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 Slot Identifier" + +#~ msgid "Connection is already closed" +#~ msgstr "A conexão já está encerrada" diff --git a/po/ro.po b/po/ro.po new file mode 100644 index 0000000..ea0b4be --- /dev/null +++ b/po/ro.po @@ -0,0 +1,205 @@ +# Romanian translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Lucian Adrian Grijincu , 2011. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-04-14 20:07+0300\n" +"Last-Translator: Florentina Mușat \n" +"Language-Team: Romanian Gnome Team \n" +"Language: ro\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " +"20)) ? 1 : 2);\n" +"X-Generator: Poedit 2.0.6\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Eroare internă în rezolvantul proxy." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nu s-a putut parsa certificatul DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nu s-a putut parsa certificatul PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nu s-a putut parsa cheia privată DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nu s-a putut parsa cheia privată PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Nu s-au furnizat date de certificat" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Serverul necesită certificat TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nu s-a putut crea conexiunea TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Conexiunea este închisă" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Operația ar bloca" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "I/O de soclu a depășit limita de timp" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Celălalt capăt al conexiunii nu a reușit să efectueze handshake-ul TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "" +"Celălalt capăt al conexiunii a solicitat ilegal reefectuarea handshake-ului " +"TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "Conexiunea TLS a fost închisă în mod neașteptat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Partenerul conexiunii TLS nu a trimis un certificat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Partenerul a trimis o alertă TLS fatală: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Mesajul este prea mare pentru conexiunea DTLS; maxim este %u octet" +msgstr[1] "Mesajul este prea mare pentru conexiunea DTLS; maxim este %u octeți" +msgstr[2] "" +"Mesajul este prea mare pentru conexiunea DTLS; maxim este %u de octeți" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Operația a depășit limita de timp" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Eroare la executarea handshake-ului TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Serverul nu a întors un certificat TLS valid" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Certificat TLS inacceptabil" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Eroare la citirea datelor de la soclul TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Fanioanele de primire nu sunt suportate" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Eroare la scrierea datelor la soclul TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +"Mesajul de dimensiunea %lu octet este prea mare pentru conexiunea DTLS" +msgstr[1] "" +"Mesajul de dimensiunea %lu octeți este prea mare pentru conexiunea DTLS" +msgstr[2] "" +"Mesajul de dimensiunea %lu de octeți este prea mare pentru conexiunea DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maxim este %u octet)" +msgstr[1] "(maxim este %u octeți)" +msgstr[2] "(maxim este %u de octeți)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Trimite fanioanele care nu sunt suportate" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Eroare la executarea închiderii TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Certificatul nu are nicio cheie privată" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Aceasta este ultima șansă de a introduce PIN-ul corect înainte ca jetonul să " +"fie blocat." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Mai multe încercări de introducere a PIN-ului au fost incorecte, și jetonul " +"va fi blocat după alte eșecuri." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "PIN-ul introdus nu este corect." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Pointer de modul PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "ID slot" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Identificator de slot PKCS#11" diff --git a/po/ru.po b/po/ru.po new file mode 100644 index 0000000..dbe36ac --- /dev/null +++ b/po/ru.po @@ -0,0 +1,205 @@ +# Russian translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Pavel Dmitriev , 2011. +# Yuri Myasoedov , 2012. +# Stas Solovey , 2016, 2017, 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-03-13 19:11+0300\n" +"Last-Translator: Stas Solovey \n" +"Language-Team: русский \n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Poedit 2.0.6\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Внутренняя ошибка распознавателя прокси." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Не удалось обработать сертификат DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Не удалось обработать сертификат PER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Не удалось обработать личный ключ DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Не удалось обработать личный ключ PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Данные сертификата не предоставлены" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Сервер требует сертификат TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Не удалось создать соединение TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Соединение закрыто" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Действие будет заблокировано" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Превышено время ожидания ввода-вывода сокета" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Узлу не удалось квитировать выполнение связи TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Узел запросил недопустимое повторное квитирование связи TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "Соединение TLS неожиданно закрылось" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Узел, с которым производится TLS-соединение, не предоставил сертификат" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Узел отправил фатальное предупреждение TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Слишком большое сообщение для соединения DTLS; максимум %u байт" +msgstr[1] "Слишком большое сообщение для соединения DTLS; максимум %u байта" +msgstr[2] "Слишком большое сообщение для соединения DTLS; максимум %u байт" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Превышено время ожидания операции" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Ошибка выполнения квитирования связи TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Сертификат TLS, возвращённый сервером, не является подлинным" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Недопустимый сертификат TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Ошибка чтения данных из сокета TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Флаги приема не поддерживаются" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Ошибка записи данных в сокет TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Сообщение размером %lu байт слишком велико для соединения DTLS" +msgstr[1] "Сообщение размером %lu байта слишком велико для соединения DTLS" +msgstr[2] "Сообщение размером %lu байт слишком велико для соединения DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(максимум %u байт)" +msgstr[1] "(максимум %u байта)" +msgstr[2] "(максимум %u байт)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Флаги отправки не поддерживаются" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Ошибка закрытия TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "У сертификата нет секретного ключа" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Это — последняя возможность ввести корректный PIN перед тем, как токен будет " +"заблокирован." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"PIN был несколько раз введён неправильно, токен будет заблокирован после " +"последующих неудачных попыток." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Введён неверный PIN." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Модуль" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Указатель модуля PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "ID слота" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Идентификатор слота PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "Соединение было закрыто ранее" diff --git a/po/sk.po b/po/sk.po new file mode 100644 index 0000000..6b2b507 --- /dev/null +++ b/po/sk.po @@ -0,0 +1,208 @@ +# Slovak translation for glib-networking. +# Copyright (C) 2012 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Richard Stanislavský , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-02-24 18:00+0100\n" +"Last-Translator: Dušan Kazik \n" +"Language-Team: Slovak \n" +"Language: sk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 1 : (n>=2 && n<=4) ? 2 : 0;\n" +"X-Generator: Poedit 2.0.6\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Vnútorná chyba sprostredkovateľa." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Nepodarilo sa analyzovať certifikát v kodovaní DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Nepodarilo sa analyzovať certifikát v kodovaní PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní DER: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní PEM: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Nie sú dostupné údaje certifikátu" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Server požaduje certifikát pre TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Nepodarilo sa vytvoriť pripojenie s použitím TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Pripojenie je ukončené" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Operácia by blokovala" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Čas vstupno/výstupného soketu vypršal" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Partner zlyhal pri vzájomnom spoznaní pomocou TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Partner žiadal nelegálne opätovné vzájomné spoznanie pomocou TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "Pripojenie pomocou TLS bolo nečakane ukončené" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Partner neposlal certifikát pre pripojenie TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Partner odoslal závažnú výstrahu TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajtov." +msgstr[1] "" +"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajt." +msgstr[2] "" +"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum sú %u bajty." + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Čas operácie vypršal" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Chyba vzájomného spoznania s použitím TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Server nevrátil platný certifikát pre TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Neprijateľný certifikát pre TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Chyba pri čítaní údajov zo soketu s použitím TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Prijímanie značiek nie je podporované" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Chyba pri zapisovaní údajov do soketu s použitím TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "" +"Správa o veľkosti %lu bajtov je príliš veľká pre pripojenie s použitím DTLS" +msgstr[1] "" +"Správa o veľkosti %lu bajt je príliš veľká pre pripojenie s použitím DTLS" +msgstr[2] "" +"Správa o veľkosti %lu bajty je príliš veľká pre pripojenie s použitím DTLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maximum je %u bajtov)" +msgstr[1] "(maximum je %u bajt)" +msgstr[2] "(maximum sú %u bajty)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Odosielanie značiek nie je podporované" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Chyba pri uzatváraní spojenia s použitím TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Certifikát nemá súkromný kľúč" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Toto je posledná možnosť na vloženie správneho kódu PIN predtým, ako bude " +"token uzamknutý." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Niekoľko pokusov zadať kód PIN bolo nesprávnych, po niekoľkých ďalších " +"nesprávnych pokusoch bude token uzamknutý." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Vložený kód PIN je nesprávny." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Ukazovateľ na modul štandardu PKCS č.11" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Identifikátor slotu" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Idntifikátor slotu štandardu PKCS č.11" + +#~ msgid "Connection is already closed" +#~ msgstr "Pripojenie je už ukončené" diff --git a/po/sl.po b/po/sl.po new file mode 100644 index 0000000..8daf9e0 --- /dev/null +++ b/po/sl.po @@ -0,0 +1,214 @@ +# Slovenian translation for glib-networking. +# Copyright (C) 2011 Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# +# Klemen Košir , 2011. +# Matej Urbančič , + 2017–2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-03-23 16:23+0000\n" +"PO-Revision-Date: 2018-03-27 22:06+0200\n" +"Last-Translator: Matej Urbančič \n" +"Language-Team: Slovenian GNOME Translation Team \n" +"Language: sl_SI\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n" +"%100==4 ? 3 : 0);\n" +"X-Poedit-SourceCharset: utf-8\n" +"X-Generator: Poedit 2.0.6\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Notranja napaka razreševalnika posredniškega strežnika." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Potrdila DER ni mogoče razčleniti: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Potrdila PEM ni mogoče razčleniti: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Zasebnega ključa DER ni mogoče razčleniti: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Zasebnega ključa PEM ni mogoče razčleniti: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Podatki potrdila niso podani" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Strežnik zahteva potrdilo TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Povezave TLS ni mogoče ustvariti: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Povezava je zaprta" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Opravilo bi zaustavilo delovanje" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Vtič V/I naprave je časovno potekel" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Soležniku ni uspelo izvesti izmenjave signalov TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Soležnik je zahteval nedovoljeno ponovno izmenjavo signalov TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "Povezava TLS se je nepričakovano zaprla" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Povezani soležnik ni vrnil veljavnega potrdila TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Soležnik vrača usodno opozorilo TLS: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "" +"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u " +"bajtov." +msgstr[1] "" +"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajt." +msgstr[2] "" +"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajta." +msgstr[3] "" +"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajti." + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Opravilo je časovno poteklo" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Napaka med izvajanjem izmenjave signalov TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Strežnik ni vrnil veljavnega potrdila TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Nesprejemljivo potrdilo TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Napaka med branjem podatkov iz vtiča TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Prejemanje zastavic ni podprto" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Napaka med zapisovanjem podatkov v vtič TLS" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS." +msgstr[1] "Sporočilo velikosti %lu bajta je preveliko za povezavo DTLS." +msgstr[2] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS." +msgstr[3] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS." + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(največ %u bajtov)" +msgstr[1] "(največ %u bajt)" +msgstr[2] "(največ %u bajta)" +msgstr[3] "(največ %u bajti)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Pošiljanje zastavic ni podprto" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Napaka med izvajanjem zapiranja TLS" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Potrdilo nima določenega zasebnega ključa" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"To je zadnja priložnost za pravilen vnos gesla PIN, preden se dostop " +"popolnoma zaklene." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Izvedenih je bilo več neuspešnih poskusov vnosa gesla PIN! Možnost vnosa bo " +"ob ponovni napaki popolnoma onemogočena." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Vneseno geslo PIN ni pravilno." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Kazalnik odkodirnika PKCS#11" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "ID odkodirnika" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Določilo odkodirnika PKCS#11" + +#~ msgid "Connection is already closed" +#~ msgstr "Povezava je že zaprta" diff --git a/po/sr.po b/po/sr.po new file mode 100644 index 0000000..f77fc1d --- /dev/null +++ b/po/sr.po @@ -0,0 +1,206 @@ +# Serbian translation of glib-networking +# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2017. +# This file is distributed under the same license as the glib-networking package. +# Мирослав Николић , 2011—2017. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-02-21 21:47+0100\n" +"Last-Translator: Марко М. Костић \n" +"Language-Team: српски \n" +"Language: sr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n" +"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" +"X-Project-Style: gnome\n" +"X-Generator: Poedit 2.0.6\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Унутрашња грешка решавача посредника." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Не могу да обрадим ДЕР уверење: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Не могу да обрадим ПЕМ уверење: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Не могу да обрадим приватни ДЕР кључ: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Не могу да обрадим приватни ПЕМ кључ: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Нису обезбеђени подаци уверења" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "ТЛС уверење које захтева сервер" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Не могу да направим ТЛС везу: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Веза је затворена" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Поступак би блокирао" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Истекло време У/И утичнице" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Парњак није успео да изврши ТЛС руковање" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Парњак је затражио илегално ТЛС поновно руковање" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "ТЛС веза је неочекивано затворена" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Парњак ТЛС везе није послао уверење" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Парњак је послао кобно ТЛС упозорење: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Порука је предугачка за ДТЛС везу, највише је дозвољен %u бајт" +msgstr[1] "Порука је предугачка за ДТЛС везу, највише је дозвољено %u бајта" +msgstr[2] "Порука је предугачка за ДТЛС везу, највише је дозвољено %u бајтова" +msgstr[3] "Порука је предугачка за ДТЛС везу, највише је дозвољен један бајт" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Време извршавања радње је истекло" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Грешка у извршавању ТЛС руковања" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Сервер није вратио исправно ТЛС уверење" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Неприхватљиво ТЛС уверење" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Грешка приликом читања података са ТЛС прикључка" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Пријемне заставице нису подржане" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Грешка приликом уписивања података у ТЛС прикључак" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Порука од %lu бајт је предугачка за ДТЛС везу" +msgstr[1] "Порука од %lu бајта је предугачка за ДТЛС везу" +msgstr[2] "Порука од %lu бајтова је предугачка за ДТЛС везу" +msgstr[3] "Порука од једног бајта је предугачка за ДТЛС везу" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(највише %u бајт)" +msgstr[1] "(највише %u бајта)" +msgstr[2] "(највише %u бајтова)" +msgstr[3] "(највише један бајт)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Отпремне заставице нису подржане" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Грешка у извршавању ТЛС затварања" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Уверење нема приватни кључ" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ово је последња прилика да исправно унесете ПИН пре него што карика буде " +"закључана." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Неколико унешених ПИН-ова је било неисправно, и зато ће карика бити " +"закључана након будућих неуспеха." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Унешени ПИН је погрешан." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Модул" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Указивач ПКЦС#11 модула" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "ИБ слота" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Одредник ПКЦС#11 слота" + +#~ msgid "Connection is already closed" +#~ msgstr "Веза је већ затворена" diff --git a/po/sr@latin.po b/po/sr@latin.po new file mode 100644 index 0000000..37b865d --- /dev/null +++ b/po/sr@latin.po @@ -0,0 +1,206 @@ +# Serbian translation of glib-networking +# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2017. +# This file is distributed under the same license as the glib-networking package. +# Miroslav Nikolić , 2011—2017. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-16 16:43+0000\n" +"PO-Revision-Date: 2018-02-21 21:47+0100\n" +"Last-Translator: Marko M. Kostić \n" +"Language-Team: srpski \n" +"Language: sr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n" +"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" +"X-Project-Style: gnome\n" +"X-Generator: Poedit 2.0.6\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Unutrašnja greška rešavača posrednika." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Ne mogu da obradim DER uverenje: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Ne mogu da obradim PEM uverenje: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Ne mogu da obradim privatni DER ključ: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Ne mogu da obradim privatni PEM ključ: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Nisu obezbeđeni podaci uverenja" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "TLS uverenje koje zahteva server" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Ne mogu da napravim TLS vezu: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Veza je zatvorena" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Postupak bi blokirao" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Isteklo vreme U/I utičnice" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Parnjak nije uspeo da izvrši TLS rukovanje" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Parnjak je zatražio ilegalno TLS ponovno rukovanje" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS veza je neočekivano zatvorena" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "Parnjak TLS veze nije poslao uverenje" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Parnjak je poslao kobno TLS upozorenje: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Poruka je predugačka za DTLS vezu, najviše je dozvoljen %u bajt" +msgstr[1] "Poruka je predugačka za DTLS vezu, najviše je dozvoljeno %u bajta" +msgstr[2] "Poruka je predugačka za DTLS vezu, najviše je dozvoljeno %u bajtova" +msgstr[3] "Poruka je predugačka za DTLS vezu, najviše je dozvoljen jedan bajt" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Vreme izvršavanja radnje je isteklo" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Greška u izvršavanju TLS rukovanja" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Server nije vratio ispravno TLS uverenje" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Neprihvatljivo TLS uverenje" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Greška prilikom čitanja podataka sa TLS priključka" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Prijemne zastavice nisu podržane" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Greška prilikom upisivanja podataka u TLS priključak" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Poruka od %lu bajt je predugačka za DTLS vezu" +msgstr[1] "Poruka od %lu bajta je predugačka za DTLS vezu" +msgstr[2] "Poruka od %lu bajtova je predugačka za DTLS vezu" +msgstr[3] "Poruka od jednog bajta je predugačka za DTLS vezu" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(najviše %u bajt)" +msgstr[1] "(najviše %u bajta)" +msgstr[2] "(najviše %u bajtova)" +msgstr[3] "(najviše jedan bajt)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Otpremne zastavice nisu podržane" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Greška u izvršavanju TLS zatvaranja" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Uverenje nema privatni ključ" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ovo je poslednja prilika da ispravno unesete PIN pre nego što karika bude " +"zaključana." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Nekoliko unešenih PIN-ova je bilo neispravno, i zato će karika biti " +"zaključana nakon budućih neuspeha." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Unešeni PIN je pogrešan." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "Ukazivač PKCS#11 modula" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "IB slota" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "Odrednik PKCS#11 slota" + +#~ msgid "Connection is already closed" +#~ msgstr "Veza je već zatvorena" diff --git a/po/sv.po b/po/sv.po new file mode 100644 index 0000000..ba8fd9c --- /dev/null +++ b/po/sv.po @@ -0,0 +1,198 @@ +# Swedish translation for glib-networking. +# Copyright © 2011, 2014, 2017, 2018 Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# Daniel Nylander , 2011. +# Anders Jonsson , 2014, 2017, 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-03-10 20:07+0000\n" +"PO-Revision-Date: 2018-03-12 01:18+0100\n" +"Last-Translator: Anders Jonsson \n" +"Language-Team: Swedish \n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.6\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Internt fel i proxyuppslag." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Kunde inte tolka DER-certifikat: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Kunde inte tolka PEM-certifikat: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Kunde inte tolka privat DER-nyckel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Kunde inte tolka privat PEM-nyckel: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Inget certifikatdata tillhandahölls" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Servern krävde TLS-certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Kunde inte skapa TLS-anslutning: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Anslutningen är stängd" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Operationen skulle blockera" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "Tidsgräns för in/ut på uttaget överskreds" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Motparten misslyckades med att genomföra TLS-handskakning" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Motparten begärde otillåten TLS-återhandskakning" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS-anslutningen stängdes oväntat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS-anslutningens motpart sände inte ett certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Motparten sände ödesdiger TLS-varning: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "Meddelandet är för stort för DTLS-anslutning, max är %u byte" +msgstr[1] "Meddelandet är för stort för DTLS-anslutning, max är %u byte" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "Åtgärdens tidsgräns överskreds" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "Fel vid genomförande av TLS-handskakning" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Servern returnerade inte ett giltigt TLS-certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Ej acceptabelt TLS-certifikat" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "Fel vid läsning av data från TLS-uttag" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Mottagningsflaggor stöds inte" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "Fel vid skrivning av data till TLS-uttag" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "Meddelande med storleken %lu byte är för stort för DTLS-anslutning" +msgstr[1] "Meddelande med storleken %lu byte är för stort för DTLS-anslutning" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(maximum är %u byte)" +msgstr[1] "(maximum är %u byte)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Sändflaggor stöds inte" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "Fel vid genomförande av TLS-stängning" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Certifikatet har ingen privat nyckel" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Detta är sista försöket att ange PIN-koden korrekt innan kortet låses." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid " +"ytterligare felaktiga försök." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Angiven PIN-kod är felaktig." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modul" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11-modulpekare" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Plats-id" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11-platsidentifierare" + +#~ msgid "Connection is already closed" +#~ msgstr "Anslutningen är redan stängd" diff --git a/po/ta.po b/po/ta.po new file mode 100644 index 0000000..f263cd7 --- /dev/null +++ b/po/ta.po @@ -0,0 +1,95 @@ +# Tamil translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# +# I Felix , 2011. +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2011-09-04 15:53+0000\n" +"PO-Revision-Date: 2011-09-09 12:18+0530\n" +"Last-Translator: I Felix \n" +"Language-Team: Tamil \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ta\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#: ../proxy/libproxy/glibproxyresolver.c:151 +msgid "Proxy resolver internal error." +msgstr "ப்ராக்ஸி ரிசால்வர் உள்ளார்ந்த பிழை." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER சான்றிதழை பிரிக்க முடியவில்லை: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM சான்றிதழை பிரிக்க முடியவில்லை: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:214 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER தனிபட்ட விசையை பிரிக்க முடியவில்லை: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM தனிபட்ட விசையை பிரிக்க முடியவில்லை:% s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:275 +msgid "No certificate data provided" +msgstr "சான்றிதழ் தரவு எதுவும் வழங்கப்படவில்லை" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:386 +msgid "Server required TLS certificate" +msgstr "சேவையகத்திற்கு TLS சான்றிதழ் தேவைப்படுகிறது" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:251 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS இணைப்பை உருவாக்க முடியவில்லை: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:526 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS கைகுலுக்கலில் பீரால் செயற்படுத்த முடியவில்லை" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:544 +msgid "Peer requested illegal TLS rehandshake" +msgstr "பீரானது சட்ட விரோதமான TLS மீண்டும் கைகுலுக்கலை கோருகிறது" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:558 +msgid "TLS connection closed unexpectedly" +msgstr "எதிர்பாராதவிதமாக TLS இணைப்பு மூடப்பட்டது" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:851 +#: ../tls/gnutls/gtlsconnection-gnutls.c:877 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS கைக்குலுக்கலில் பிழையை செயற்படுத்துகிறது: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:916 +msgid "Unacceptable TLS certificate" +msgstr "ஏற்றுக்கொள்ள முடியாத TLS சான்றிதழ்" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1063 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS சாக்கெட்டிலிருந்து பிழை வாசிக்கும் தரவு: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1089 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS சாக்கெட்டிற்கு பிழை எழுதும் தரவு: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1135 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS மூடுவதில் பிழையை செயற்படுத்துகிறது: %s" + diff --git a/po/te.po b/po/te.po new file mode 100644 index 0000000..2ad3550 --- /dev/null +++ b/po/te.po @@ -0,0 +1,152 @@ +# Copyright (C) 2011, 2012 Swecha Telugu Localisation team +# This file is distributed under the same license as the PACKAGE package. +# +# Hari Krishna , 2011. +# Bhuvan Krishna , 2012. +# Krishnababu Krothapalli , 2012. +msgid "" +msgstr "" +"Project-Id-Version: glib-network.master.te\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-07-18 21:47+0000\n" +"PO-Revision-Date: 2012-08-14 13:48+0530\n" +"Last-Translator: Krishnababu Krothapalli \n" +"Language-Team: Telugu \n" +"Language: te\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n!=1);\n" +"X-Generator: Lokalize 1.4\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "అంతర్గత ప్రాతినిధ్య పరిష్కారములో దోషం " + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER ధృవీకరణపత్రము పార్స్ చేయుట కుదరుటలేదు: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM ధృవీకరణపత్రము పార్స్ చేయుట కుదరుటలేదు: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER స్వంతతాళం పార్స్ చేయుట కుదరుటలేదు: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM స్వంతతాళం పార్స్ చేయుట కుదరుటలేదు: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "ధృవీకరణపత్ర దత్తాశం అమర్చబడలేదు " + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "TLS ధృవీకరణపత్రము సేవికకు అవసరం " + +#: ../tls/gnutls/gtlsconnection-gnutls.c:248 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS అనుసంధానం సృష్టించడం కుదరుటలేదు: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:508 +msgid "Connection is closed" +msgstr "అనుసంధానం మూసివేయబడింది" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:568 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1371 +msgid "Operation would block" +msgstr "ఆపరేషన్ నిరోధించబడును" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:695 +msgid "Peer failed to perform TLS handshake" +msgstr "TLS హాండ్ షేక్ నెరవేర్చటకు పీర్ విఫలం " + +#: ../tls/gnutls/gtlsconnection-gnutls.c:712 +msgid "Peer requested illegal TLS rehandshake" +msgstr "న్యాయవిరోధమైన TLS తిరిగి హాండ్ షేక్ పీర్ అడిగినది " + +#: ../tls/gnutls/gtlsconnection-gnutls.c:738 +msgid "TLS connection closed unexpectedly" +msgstr "TLS బంధం ఊహించని విధంగా రద్దైపోయినది " + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1049 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1068 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS హాండ్ షేక్ నెరవేర్చటలో విఫలం: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1204 +msgid "Unacceptable TLS certificate" +msgstr "అంగీకరించని TLS ధృవీకరణపత్రము " + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1215 +#| msgid "Server required TLS certificate" +msgid "Server did not return a valid TLS certificate" +msgstr "సేవిక చెల్లునటువంటి TLS ధృవీకరణపత్రం తిప్పియీయలేదు" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1394 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS తొర్ర లో దత్తంశం పఠించుటలో దొషం: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1423 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS తొర్ర లో దత్తంశం లిఖించుట లో దొషం: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1467 +msgid "Connection is already closed" +msgstr "అనుసంధానం యిప్పటికే మూయబడెను" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1477 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS మూయడంలో దోషం: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "సర్టిఫికేట్ కు స్వంతతాళం లెదు" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "టోకెన్ తాళం వెసె ముందు సరైన PIN ను నమోదు చివరి అవకాశం" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"మీరు చేసిన అనేక PIN ప్రయత్నాలు సరైనవి కాదు, అందువల్ల తదుపరి తప్పిదాలు " +"జరగకుండా టోకెన్ లాక్ చేయబడినది" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "నమోదు చేసిన PIN సరైనది కాదు" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "అధిభాగం" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 అధిభాగం సూచిక" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "జాబితా ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 జాబితా గుర్తింపుచిహ్నం" + diff --git a/po/tg.po b/po/tg.po new file mode 100644 index 0000000..3107433 --- /dev/null +++ b/po/tg.po @@ -0,0 +1,155 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Victor Ibragimov , 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: Tajik Gnome\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2013-07-22 13:02+0000\n" +"PO-Revision-Date: 2013-10-09 14:52+0500\n" +"Last-Translator: Victor Ibragimov \n" +"Language-Team: \n" +"Language: tg\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.7\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Хатои дарунии ислоҳкунандаи Proxy." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Гувоҳиномаи DER таҷзия карда нашуд: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Гувоҳиномаи PEM таҷзия карда нашуд: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Калиди шахсии DER таҷзия карда нашуд: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Калиди шахсии PEM таҷзия карда нашуд: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Ягон иттилооти гувоҳинома таъмин нашудааст" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "Сервер гувоҳиномаи TLS-ро дархост кардааст" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:266 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Пайвасти TLS эҷод карда нашуд: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:530 +msgid "Connection is closed" +msgstr "Пайваст пӯшонида шудааст" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:593 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1445 +msgid "Operation would block" +msgstr "Амалиёт баста мешавад" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:723 +#: ../tls/gnutls/gtlsconnection-gnutls.c:761 +msgid "Peer failed to perform TLS handshake" +msgstr "Ҳамсон даъвати TLS-ро иҷро карда натавонист" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:740 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Ҳамсон даъвати дастнораси TLS-ро дархост кард" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:767 +msgid "TLS connection closed unexpectedly" +msgstr "Пайвасти TLS ногаҳон пӯшида шудааст" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:777 +msgid "TLS connection peer did not send a certificate" +msgstr "Ҳамсони пайвати TLS гувоҳиномаро фиристода накард" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1158 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1191 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Даъвати TLS бо хато иҷро карда шуд: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1201 +msgid "Server did not return a valid TLS certificate" +msgstr "Сервер бо гувоҳиномаи TLS-и боэътибор ҷавоб надод" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1276 +msgid "Unacceptable TLS certificate" +msgstr "Гувоҳиномаи TLS-и нораво" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1479 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Хатои хониши маълумот аз бастагоҳи TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1508 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Хатои навишти маълумот ба бастагоҳи TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1552 +msgid "Connection is already closed" +msgstr "Пайваст аллакай пӯшида шудааст" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1562 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Пӯшидани TLS бо хато иҷро карда шудааст: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Гувоҳинома калиди шахсӣ надрад" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Ин маротибаи охирин барои вориди рамзи PIN-и дуруст пеш аз қулфи вуруд " +"мебошад." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Баъзе кӯшишҳои вориди PIN бо хато иҷро шудаанд ва вуруд баъд аз кӯшишҳои " +"нокомии навбатӣ қулф мешавад." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "Рамзи PIN-и воридшуда нодуруст аст." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Модул" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "Нишондиҳандаи модули PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "Ковокии рамзи ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "Идентификатори ковокии PKCS#11" diff --git a/po/th.po b/po/th.po new file mode 100644 index 0000000..85fe5e7 --- /dev/null +++ b/po/th.po @@ -0,0 +1,151 @@ +# Thai translation for glib-networking. +# Copyright (C) 2011-2013 Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# Unticha Pramgoed , 2011-2012. +# Theppitak Karoonboonyanan , 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-11-29 22:09+0000\n" +"PO-Revision-Date: 2013-03-09 11:45+0700\n" +"Last-Translator: Theppitak Karoonboonyanan \n" +"Language-Team: Thai \n" +"Language: th\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: UTF-8\n" +"\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "เกิดข้อผิดพลาดภายในของบริการเปิดหาพร็อกซี" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "ไม่สามารถแจงใบรับรอง DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "ไม่สามารถแจงใบรับรอง PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "ไม่สามารถแจงกุญแจส่วนตัว DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "ไม่สามารถแจงกุญแจส่วนตัว PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "ไม่มีข้อมูลใบรับรอง" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "เซิร์ฟเวอร์ต้องการใบรับรอง TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "ไม่สามารถสร้างการเชื่อมต่อ TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "การเชื่อมต่อถูกปิดไปแล้ว" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1382 +msgid "Operation would block" +msgstr "ปฏิบัติการจะบล็อค" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:703 +msgid "Peer failed to perform TLS handshake" +msgstr "อีกฝ่ายหนึ่งดำเนินการ TLS handshake ไม่สำเร็จ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:720 +msgid "Peer requested illegal TLS rehandshake" +msgstr "อีกฝ่ายหนึ่งร้องขอ TLS rehandshake ไม่ถูกต้อง" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:746 +msgid "TLS connection closed unexpectedly" +msgstr "การเชื่อมต่อ TLS ปิดอย่างกะทันหัน" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:756 +msgid "TLS connection peer did not send a certificate" +msgstr "คู่สายการเชื่อมต่อ TLS ไม่ส่งใบรับรองมา" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1064 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1083 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "เกิดข้อผิดพลาดขณะดำเนินการ TLS handshake: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1228 +msgid "Unacceptable TLS certificate" +msgstr "ใบรับรอง TLS ไม่เป็นที่ยอมรับ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1239 +msgid "Server did not return a valid TLS certificate" +msgstr "เซิร์ฟเวอร์ไม่คืนใบรับรอง TLS ที่ถูกต้อง" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1405 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "เกิดข้อผิดพลาดขณะอ่านข้อมูลจากซ็อกเก็ต TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1434 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "เกิดข้อผิดพลาดขณะเขียนข้อมูลลงซ็อกเก็ต TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1478 +msgid "Connection is already closed" +msgstr "การเชื่อมต่อถูกปิดไปเรียบร้อยแล้ว" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1488 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "เกิดข้อผิดพลาดขณะดำเนินการปิด TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "ใบรับรองไม่มีกุญแจส่วนตัว" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "นี่เป็นโอกาสสุดท้ายที่จะป้อน PIN ให้ถูกต้อง ก่อนโทเค็นจะถูกล็อค" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "ป้อน PIN ผิดมาแล้วหลายครั้ง และโทเค็นจะถูกล็อคถ้ายังป้อนผิดอีก" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "PIN ที่ป้อนไม่ถูกต้อง" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "มอดูล" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "ตัวชี้มอดูล PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "หมายเลข Slot" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "ตัวระบุ Slot PKCS#11" diff --git a/po/tr.po b/po/tr.po new file mode 100644 index 0000000..7e8999a --- /dev/null +++ b/po/tr.po @@ -0,0 +1,203 @@ +# Turkish translation for glib-networking. +# Copyright (C) 2011 the Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# +# Muhammed Eken , 2011. +# Ozan Çağlayan , 2013. +# Muhammet Kara , 2011, 2012, 2013. +# Furkan Tokaç , 2017. +# Emin Tufan Çetin , 2017, 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-02-25 15:53+0300\n" +"Last-Translator: Emin Tufan Çetin \n" +"Language-Team: Türkçe \n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Gtranslator 2.91.7\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "Vekil çözücü iç hatası." + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER sertifikası ayrıştırılamadı: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM sertifikası ayrıştırılamadı: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER özel anahtarı ayrıştırılamadı: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM özel anahtarı ayrıştırılamadı: %s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "Sertifika verisi sağlanmadı" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "Sunucu, TLS sertifikası istedi" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS bağlantısı oluşturulamadı: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "Bağlantı kapalı" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "Bloke eden işlem" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "G/Ç soketi zaman aşımına uğradı" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "Eş, TLS el sıkışmasını başaramadı" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Eş, kural dışı bir TLS yeniden el sıkışması istedi" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS bağlantısı beklenmedik biçimde sonlandı" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS bağlantısı eşi sertifika göndermedi" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "Eş, ölümcül TLS uyarısı gönderdi: %s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "İleti, DTLS bağlantısı için çok büyük; azami %u bayt" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "İşlem zaman aşımına uğradı" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +#| msgid "Error performing TLS handshake: %s" +msgid "Error performing TLS handshake" +msgstr "TLS el sıkışması sırasında hata" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "Sunucu geçerli bir TLS sertifikası döndürmedi" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "Kabul edilemez bir TLS sertifikası" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +#| msgid "Error reading data from TLS socket: %s" +msgid "Error reading data from TLS socket" +msgstr "TLS soketinden veri okurken hata" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "Bayrak alma desteklenmiyor" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +#| msgid "Error writing data to TLS socket: %s" +msgid "Error writing data to TLS socket" +msgstr "TLS soketine veri yazarken hata" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "%lu bayt ileti boyutu DTLS bağlantısı için çok büyük" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(azami %u bayt)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "Bayrak gönderme desteklenmiyor" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +#| msgid "Error performing TLS close: %s" +msgid "Error performing TLS close" +msgstr "TLS kapatma işleminde hata" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "Sertifikanın özel anahtarı yok" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Bu, simge (token) kilitlenmeden önce PIN kodunu doğru girmeniz için son " +"şanstır." + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "PIN daha çok yanlış girilirse simge (token) kilitlenecektir." + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "Girilen PIN hatalı." + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "Modül" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 Modül İşaretçisi" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "Yuva Kimliği (Slot ID)" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 Yuva Tanımlayıcısı" + +#~ msgid "Connection is already closed" +#~ msgstr "Bağlantı zaten kapalı" diff --git a/po/ug.po b/po/ug.po new file mode 100644 index 0000000..81112a6 --- /dev/null +++ b/po/ug.po @@ -0,0 +1,148 @@ +# Uyghur translation for glib-networking. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Gheyret Kenji , 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2013-01-20 10:45+0000\n" +"PO-Revision-Date: 2013-02-22 22:21+0900\n" +"Last-Translator: Gheyret Kenji \n" +"Language-Team: Uyghur Computer Science Association \n" +"Language: ug\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "ۋاكالەتچى ھەل قىلغۇچ ئىچكى خاتالىقى." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER ئىسپاتنامىسىنى يېشەلمىدى: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM ئىسپاتنامىسىنى يېشەلمىدى: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER شەخسىي ئاچقۇچىنى يېشەلمىدى: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM شەخسىي ئاچقۇچىنى يېشەلمىدى: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "ئىسپاتنامە سانلىق-مەلۇماتلىرى تەمىنلەنمىگەن" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "مۇلازىمېتىر TLS ئىسپاتنامىسى تەلەپ قىلىدۇ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:257 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "TLS باغلىنىشى قۇرالمىدى:%s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:518 +msgid "Connection is closed" +msgstr "باغلىنىش تاقالدى" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:580 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1417 +msgid "Operation would block" +msgstr "مەشغۇلات توسۇلىدۇ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:710 +msgid "Peer failed to perform TLS handshake" +msgstr "قارىشى تەرەپ TLS سالىمىدا مەغلۇپ بولدى" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:727 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Peer(باشقىلار) TLS قايتا سالىمىدا ناتوغرا سالام قىلدى" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:753 +msgid "TLS connection closed unexpectedly" +msgstr "قارىشى تەرەپ توغرا بولمىغان TLS سالىمىنى تەلەپ قىلدى" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:763 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS باغلىنىشىدىكى قارىشى تەرەپ گۇۋاھنامىنى ئەۋەتمىدى" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1144 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1163 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS بىلەن سالاملىشىشتا خاتالىق كۆرۈلدى: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1173 +msgid "Server did not return a valid TLS certificate" +msgstr "مۇلازىمېتىر ئىناۋەتلىك TLS گۇۋاھنامىسىنى قايتۇرمىدى" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1248 +msgid "Unacceptable TLS certificate" +msgstr "قوبۇل قىلىنمايدىغان ئىسپاتنامە" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1440 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS سوكېتىدىن سانلىق-مەلۇمات ئوقۇشتا خاتالىق كۆرۈلدى: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1469 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS سوكېتىغا سانلىق-مەلۇمات يېزىشتا خاتالىق كۆرۈلدى: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1513 +msgid "Connection is already closed" +msgstr "باغلىنىش ئاللىقاچان تاقالغان" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1523 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS تاقاش مەشغۇلاتىدا خاتالىق كۆرۈلدى: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "گۇۋاھنامىنىڭ شەخسىي ئاچقۇچى يوق ئىكەن" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "بۇ سىزنىڭ ئەڭ ئاخىرقى پۇرسىتىڭىز. يەنە خاتالاشسىڭىز قۇلۇپلىنىپ قالىدۇ." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "بىر قانچە قېتىم خاتالاشتىڭىز. يەنە خاتالاشسىڭىز قۇلۇپلىنىپ قالىدۇ." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "كىرگۈزگەن PIN توغرا ئەمەس." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "بۆلەك" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 بۆلەك كۆرسەتكۈچى" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "ئوقۇر ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 ئوقۇر كىملىكى" diff --git a/po/uk.po b/po/uk.po new file mode 100644 index 0000000..6437084 --- /dev/null +++ b/po/uk.po @@ -0,0 +1,135 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Korostil Daniel , 2011. +# Alexandr Toorchyn , 2011. +msgid "" +msgstr "" +"Project-Id-Version: 1.0\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2011-12-11 14:49+0200\n" +"PO-Revision-Date: 2011-12-11 14:59+0300\n" +"Last-Translator: Korostil Daniel \n" +"Language-Team: translation@linux.org.ua\n" +"Language: uk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%" +"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Virtaal 0.6.1\n" +"X-Project-Style: gnome\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "Внутрішня помилка розв'язника проксі." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Неможливо проаналізувати сертифікат DER: %s " + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Неможливо проаналізувати сертифікат PEM: %s " + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Неможливо проаналізувати закритий ключ DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Неможливо проаналізувати закритий ключ PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Не надано даних сертифіката" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:349 +msgid "Server required TLS certificate" +msgstr "Сервер потребує сертифікат TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:202 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Неможливо створити з'єднання TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:481 +msgid "Peer failed to perform TLS handshake" +msgstr "Не вдалось виконати з'єднання TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:501 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Вузол потребує нелегального перез'єднання TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:519 +msgid "TLS connection closed unexpectedly" +msgstr "Раптово закрито з'єднання TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:814 +#: ../tls/gnutls/gtlsconnection-gnutls.c:840 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Помилка виконання з'єднання TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:888 +msgid "Unacceptable TLS certificate" +msgstr "Неприпустимий сертифікат TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1025 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Помилка зчитування даних з гнізда TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1051 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Помилка запису даних у гніздо TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1097 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Помилка закриття TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Сертифікат не має закритого ключа" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "" +"Це останній шанс, щоб ввести код PIN правильно, перш ніж розпізнавальний " +"знак заблокується." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Кілька спроб вводу коду PIN були неправильними, і розпізнавальний знак буде " +"заблокований після подальших невдач." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "Код PIN уведено неправильно." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Модуль" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "Модуль покажчика PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "Ідентифікатор слоту" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "Ідентифікатор слоту PKCS#11" diff --git a/po/vi.po b/po/vi.po new file mode 100644 index 0000000..fbaa936 --- /dev/null +++ b/po/vi.po @@ -0,0 +1,150 @@ +# Vietnamese translation for glib-networking. +# Copyright (C) 2011 glib-networking's Free Software Foundation, Inc. +# This file is distributed under the same license as the glib-networking package. +# Nguyễn Thái Ngọc Duy , 2011-2013. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2012-11-29 22:09+0000\n" +"PO-Revision-Date: 2013-03-02 20:35+0700\n" +"Last-Translator: Nguyễn Thái Ngọc Duy \n" +"Language-Team: Vietnamese \n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "Lỗi nội bộ trình uỷ nhiệm phân giải tên." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "Không thể phân tích chứng nhận DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "Không thể phân tích chứng nhận PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "Không thể phân tích khoá riêng DER: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "Không thể phân tích khoá riêng PEM: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Chưa cung cấp thông tin chứng nhận" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "Máy chủ yêu cầu chứng nhận TLS" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:254 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Không thể tạo kết nối TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:514 +msgid "Connection is closed" +msgstr "Kết nối đã đóng" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:576 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1382 +msgid "Operation would block" +msgstr "Thao tác có thể ngăn các thao tác khác" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:703 +msgid "Peer failed to perform TLS handshake" +msgstr "Bên kia không thực hiện bắt tay TLS được" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:720 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Bên kia yêu cầu bắt tay TLS lại không hợp lệ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:746 +msgid "TLS connection closed unexpectedly" +msgstr "Kết nối TLS kết thúc bất ngờ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:756 +msgid "TLS connection peer did not send a certificate" +msgstr "Phía bên kia kết nối TLS không gửi chứng nhận" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1064 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1083 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "Lỗi thực hiện bắt tay TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1228 +msgid "Unacceptable TLS certificate" +msgstr "Chứng nhận TLS không thể chấp nhận" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1239 +msgid "Server did not return a valid TLS certificate" +msgstr "Máy chủ không trả về chứng nhận TLS hợp lệ" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1405 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "Lỗi đọc dữ liệu từ kết nối TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1434 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "Lỗi đọc dữ liệu vào kết nối TLS: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1478 +msgid "Connection is already closed" +msgstr "Kết nối đã đóng rồi" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1488 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "Lỗi đóng kết nối TLS: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Chứng nhận không có khoá riêng" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Đây là cơ hội cuối cùng để nhập đúng PIN trước khi token bị khoá." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "PIN bị nhập sai đã vài lần, token sẽ bị khoá để tránh lỗi tiếp theo." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "PIN nhập không đúng." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Mô-đun" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "Con trỏ mô đun PKCS#11" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "ID khe" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "Định danh khe PKCS#11" diff --git a/po/zh_CN.po b/po/zh_CN.po new file mode 100644 index 0000000..8a1c8f8 --- /dev/null +++ b/po/zh_CN.po @@ -0,0 +1,195 @@ +# Chinese (China) translation for glib-networking. +# Copyright (C) 2011-2018 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Funda Wang , 2011 +# YunQiang Su , 2012. +# Mingcong Bai , 2017. +# Dingzhong Chen , 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking 2.56\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-28 13:29+0000\n" +"PO-Revision-Date: 2018-03-03 17:04+0800\n" +"Last-Translator: Dingzhong Chen \n" +"Language-Team: Chinese (China) \n" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Gtranslator 2.91.7\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "代理服务器解析器内部错误。" + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "无法分析 DER 证书:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "无法分析 PEM 证书:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "无法分析 DER 私钥:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "无法分析 PEM 私钥:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "没有提供证书数据" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "服务器需要 TLS 证书" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "无法创建 TLS 连接:%s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "连接被关闭" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "操作被阻塞" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "套接字 I/O 超时" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "执行 TLS 握手失败" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "请求了无效的 TLS 再握手" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS 连接被异常关闭" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS 连接的对方未发送证书" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "对方发送了致命 TLS 警报:%s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "消息对于 DTLS 连接太长;最大为 %u 字节" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "操作超时" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "执行 TLS 握手时出错" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "服务器未返回有效的 TLS 证书" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "无法接受的 TLS 证书" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "从 TLS 套接字读取数据时出错" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "不支持接收标志" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "向 TLS 套接字写入数据时出错" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "%lu 字节大小的消息对于 DTLS 连接太大了" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(最大为 %u 字节)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "不支持发送标志" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "执行 TLS 关闭时出错" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "证书没有私钥" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "这是最后一次输入正确 PIN 的机会,之后令牌会锁定。" + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "几次 PIN 尝试都不正确,如果再出错令牌将会锁定。" + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "输入的 PIN 不正确。" + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "模块" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 模块指针" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "槽 ID" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 槽标识符" + +#~ msgid "Connection is already closed" +#~ msgstr "连接已经关闭" diff --git a/po/zh_HK.po b/po/zh_HK.po new file mode 100644 index 0000000..b8d29ac --- /dev/null +++ b/po/zh_HK.po @@ -0,0 +1,149 @@ +# Chinese (Hong Kong) translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Chao-Hsiung Liao , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking 2.31.6\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2013-03-01 22:24+0800\n" +"PO-Revision-Date: 2013-03-01 22:24+0800\n" +"Last-Translator: Chao-Hsiung Liao \n" +"Language-Team: Chinese (Hong Kong) \n" +"Language: zh_HK\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" + +#: ../proxy/libproxy/glibproxyresolver.c:150 +msgid "Proxy resolver internal error." +msgstr "代理伺服器解析器內部錯誤。" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "無法解析 DER 編碼的證書:%s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "無法解析 PEM 編碼的證書:%s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "無法解析 DER 編碼的私人密碼匙:%s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "無法解析 PEM 編碼的私人密碼匙:%s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "沒有提供證書資料" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309 +msgid "Server required TLS certificate" +msgstr "伺服器要求的 TLS 證書" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:258 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "無法建立 TLS 連線:%s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:520 +msgid "Connection is closed" +msgstr "連線已關閉" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:582 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1419 +msgid "Operation would block" +msgstr "操作會阻擋" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:712 +msgid "Peer failed to perform TLS handshake" +msgstr "執行 TLS 交握對等失敗" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:729 +msgid "Peer requested illegal TLS rehandshake" +msgstr "對等要求了不合法的 TLS 重交握" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:755 +msgid "TLS connection closed unexpectedly" +msgstr "TLS 連線無預警的關閉了" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:765 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS 連線對等點沒有傳回證書" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1146 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1165 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "執行 TLS 交握時發生錯誤:%s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1175 +msgid "Server did not return a valid TLS certificate" +msgstr "伺服器沒有回傳有效的 TLS 證書" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1250 +msgid "Unacceptable TLS certificate" +msgstr "不接受的 TLS 證書" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1442 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "從 TLS socket 讀取資料時發生錯誤:%s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1471 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "當寫入資料到 TLS socket 時發生錯誤:%s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1515 +msgid "Connection is already closed" +msgstr "連線已經關閉" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1525 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "執行 TLS 關閉時發生錯誤:%s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "證書沒有私人密碼匙" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "這是在你的智慧卡被鎖定之前最後輸入正確 PIN 的機會。" + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "發生多次 PIN 嘗試錯誤,智慧卡會在下次錯誤時被鎖定。" + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "輸入的 PIN 是不正確的。" + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "模組" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 模組指標" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "插槽 ID" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 插槽識別符" diff --git a/po/zh_TW.po b/po/zh_TW.po new file mode 100644 index 0000000..ead01ff --- /dev/null +++ b/po/zh_TW.po @@ -0,0 +1,192 @@ +# Chinese (Taiwan) translation for glib-networking. +# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Chao-Hsiung Liao , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking 2.31.6\n" +"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?" +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2018-02-13 03:00+0000\n" +"PO-Revision-Date: 2018-03-03 16:05+0800\n" +"Last-Translator: Cheng-Chia Tseng \n" +"Language-Team: Chinese (Taiwan) \n" +"Language: zh_TW\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 2.0.6\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: proxy/libproxy/glibproxyresolver.c:159 +msgid "Proxy resolver internal error." +msgstr "代理伺服器解析器內部錯誤。" + +#: tls/gnutls/gtlscertificate-gnutls.c:182 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "無法解析 DER 編碼的憑證:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:203 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "無法解析 PEM 編碼的憑證:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:234 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "無法解析 DER 編碼的私鑰:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:265 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "無法解析 PEM 編碼的私鑰:%s" + +#: tls/gnutls/gtlscertificate-gnutls.c:304 +msgid "No certificate data provided" +msgstr "沒有提供憑證資料" + +#: tls/gnutls/gtlsclientconnection-gnutls.c:398 +msgid "Server required TLS certificate" +msgstr "伺服器要求的 TLS 憑證" + +#: tls/gnutls/gtlsconnection-gnutls.c:392 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "無法建立 TLS 連線:%s" + +#: tls/gnutls/gtlsconnection-gnutls.c:697 +msgid "Connection is closed" +msgstr "連線已關閉" + +#: tls/gnutls/gtlsconnection-gnutls.c:772 +#: tls/gnutls/gtlsconnection-gnutls.c:2184 +msgid "Operation would block" +msgstr "操作會阻擋" + +#: tls/gnutls/gtlsconnection-gnutls.c:813 +#: tls/gnutls/gtlsconnection-gnutls.c:1400 +msgid "Socket I/O timed out" +msgstr "I/O 接口逾時" + +#: tls/gnutls/gtlsconnection-gnutls.c:952 +#: tls/gnutls/gtlsconnection-gnutls.c:985 +msgid "Peer failed to perform TLS handshake" +msgstr "對等執行 TLS 交握對等失敗" + +#: tls/gnutls/gtlsconnection-gnutls.c:970 +msgid "Peer requested illegal TLS rehandshake" +msgstr "對等要求了不合法的 TLS 重交握" + +#: tls/gnutls/gtlsconnection-gnutls.c:991 +msgid "TLS connection closed unexpectedly" +msgstr "TLS 連線無預警的關閉了" + +#: tls/gnutls/gtlsconnection-gnutls.c:1001 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS 連線對等點沒有傳回憑證" + +#: tls/gnutls/gtlsconnection-gnutls.c:1007 +#, c-format +msgid "Peer sent fatal TLS alert: %s" +msgstr "對等送出了重大 TLS 警告:%s" + +#: tls/gnutls/gtlsconnection-gnutls.c:1015 +#, c-format +msgid "Message is too large for DTLS connection; maximum is %u byte" +msgid_plural "Message is too large for DTLS connection; maximum is %u bytes" +msgstr[0] "對於 DTLS 來說,訊息太大;最大值為 %u 位元組" + +#: tls/gnutls/gtlsconnection-gnutls.c:1022 +msgid "The operation timed out" +msgstr "動作逾時" + +#: tls/gnutls/gtlsconnection-gnutls.c:1808 +#: tls/gnutls/gtlsconnection-gnutls.c:1859 +msgid "Error performing TLS handshake" +msgstr "執行 TLS 交握時發生錯誤" + +#: tls/gnutls/gtlsconnection-gnutls.c:1869 +msgid "Server did not return a valid TLS certificate" +msgstr "伺服器沒有回傳有效的 TLS 憑證" + +#: tls/gnutls/gtlsconnection-gnutls.c:1946 +msgid "Unacceptable TLS certificate" +msgstr "不接受的 TLS 憑證" + +#: tls/gnutls/gtlsconnection-gnutls.c:2218 +#: tls/gnutls/gtlsconnection-gnutls.c:2310 +msgid "Error reading data from TLS socket" +msgstr "從 TLS socket 讀取資料時發生錯誤" + +#: tls/gnutls/gtlsconnection-gnutls.c:2340 +#, c-format +msgid "Receive flags are not supported" +msgstr "接收旗標不被支援" + +#. flags +#: tls/gnutls/gtlsconnection-gnutls.c:2417 +#: tls/gnutls/gtlsconnection-gnutls.c:2489 +msgid "Error writing data to TLS socket" +msgstr "寫入資料到 TLS socket 時發生錯誤" + +#: tls/gnutls/gtlsconnection-gnutls.c:2459 +#, c-format +msgid "Message of size %lu byte is too large for DTLS connection" +msgid_plural "Message of size %lu bytes is too large for DTLS connection" +msgstr[0] "訊息大小 %lu 位元組對於 DTLS 連線來說太大" + +#: tls/gnutls/gtlsconnection-gnutls.c:2461 +#, c-format +msgid "(maximum is %u byte)" +msgid_plural "(maximum is %u bytes)" +msgstr[0] "(最大值為 %u 位元組)" + +#: tls/gnutls/gtlsconnection-gnutls.c:2520 +#, c-format +msgid "Send flags are not supported" +msgstr "傳送旗標不被支援" + +#: tls/gnutls/gtlsconnection-gnutls.c:2623 +msgid "Error performing TLS close" +msgstr "執行 TLS 關閉時發生錯誤" + +#: tls/gnutls/gtlsserverconnection-gnutls.c:111 +msgid "Certificate has no private key" +msgstr "憑證沒有私鑰" + +#: tls/pkcs11/gpkcs11pin.c:111 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "這是在您的智慧卡被鎖定之前最後輸入正確 PIN 的機會。" + +#: tls/pkcs11/gpkcs11pin.c:113 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "發生多次 PIN 嘗試錯誤,智慧卡會在下次錯誤時被鎖定。" + +#: tls/pkcs11/gpkcs11pin.c:115 +msgid "The PIN entered is incorrect." +msgstr "輸入的 PIN 是不正確的。" + +#: tls/pkcs11/gpkcs11slot.c:447 +msgid "Module" +msgstr "模組" + +#: tls/pkcs11/gpkcs11slot.c:448 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 模組指標" + +#: tls/pkcs11/gpkcs11slot.c:455 +msgid "Slot ID" +msgstr "插槽 ID" + +#: tls/pkcs11/gpkcs11slot.c:456 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 插槽識別符" + +#~ msgid "Connection is already closed" +#~ msgstr "連線已經關閉" diff --git a/proxy/gnome/gnome-proxy-module.c b/proxy/gnome/gnome-proxy-module.c new file mode 100644 index 0000000..497a740 --- /dev/null +++ b/proxy/gnome/gnome-proxy-module.c @@ -0,0 +1,65 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#include "config.h" + +#include + +#include "gproxyresolvergnome.h" + + +void +g_io_gnomeproxy_load (GIOModule *module) +{ + gchar *locale_dir; +#ifdef G_OS_WIN32 + gchar *base_dir; +#endif + + g_proxy_resolver_gnome_register (module); + +#ifdef G_OS_WIN32 + base_dir = g_win32_get_package_installation_directory_of_module (NULL); + locale_dir = g_build_filename (base_dir, "share", "locale", NULL); + g_free (base_dir); +#else + locale_dir = g_strdup (LOCALE_DIR); +#endif + + bindtextdomain (GETTEXT_PACKAGE, locale_dir); + bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); + g_free (locale_dir); +} + +void +g_io_gnomeproxy_unload (GIOModule *module) +{ +} + +gchar ** +g_io_gnomeproxy_query (void) +{ + gchar *eps[] = { + G_PROXY_RESOLVER_EXTENSION_POINT_NAME, + NULL + }; + return g_strdupv (eps); +} diff --git a/proxy/gnome/gproxyresolvergnome.c b/proxy/gnome/gproxyresolvergnome.c new file mode 100644 index 0000000..0b58452 --- /dev/null +++ b/proxy/gnome/gproxyresolvergnome.c @@ -0,0 +1,548 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#include "config.h" + +#include + +#include "gproxyresolvergnome.h" + +#include +#include + +#define GNOME_PROXY_SETTINGS_SCHEMA "org.gnome.system.proxy" +#define GNOME_PROXY_MODE_KEY "mode" +#define GNOME_PROXY_AUTOCONFIG_URL_KEY "autoconfig-url" +#define GNOME_PROXY_IGNORE_HOSTS_KEY "ignore-hosts" +#define GNOME_PROXY_USE_SAME_PROXY_KEY "use-same-proxy" + +#define GNOME_PROXY_HTTP_CHILD_SCHEMA "http" +#define GNOME_PROXY_HTTP_HOST_KEY "host" +#define GNOME_PROXY_HTTP_PORT_KEY "port" +#define GNOME_PROXY_HTTP_USE_AUTH_KEY "use-authentication" +#define GNOME_PROXY_HTTP_USER_KEY "authentication-user" +#define GNOME_PROXY_HTTP_PASSWORD_KEY "authentication-password" + +#define GNOME_PROXY_HTTPS_CHILD_SCHEMA "https" +#define GNOME_PROXY_HTTPS_HOST_KEY "host" +#define GNOME_PROXY_HTTPS_PORT_KEY "port" + +#define GNOME_PROXY_FTP_CHILD_SCHEMA "ftp" +#define GNOME_PROXY_FTP_HOST_KEY "host" +#define GNOME_PROXY_FTP_PORT_KEY "port" + +#define GNOME_PROXY_SOCKS_CHILD_SCHEMA "socks" +#define GNOME_PROXY_SOCKS_HOST_KEY "host" +#define GNOME_PROXY_SOCKS_PORT_KEY "port" + +/* We have to has-a GSimpleProxyResolver rather than is-a one, + * because a dynamic type cannot reimplement an interface that + * its parent also implements... for some reason. + */ + +struct _GProxyResolverGnome { + GObject parent_instance; + + GProxyResolver *base_resolver; + + GSettings *proxy_settings; + GSettings *http_settings; + GSettings *https_settings; + GSettings *ftp_settings; + GSettings *socks_settings; + gboolean need_update; + + GDesktopProxyMode mode; + gchar *autoconfig_url; + gboolean use_same_proxy; + + GDBusProxy *pacrunner; + + GMutex lock; +}; + +static GProxyResolverInterface *g_proxy_resolver_gnome_parent_iface; + +static void g_proxy_resolver_gnome_iface_init (GProxyResolverInterface *iface); + +G_DEFINE_DYNAMIC_TYPE_EXTENDED (GProxyResolverGnome, + g_proxy_resolver_gnome, + G_TYPE_OBJECT, 0, + G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_PROXY_RESOLVER, + g_proxy_resolver_gnome_iface_init)) + +static void +g_proxy_resolver_gnome_class_finalize (GProxyResolverGnomeClass *klass) +{ +} + +static void +gsettings_changed (GSettings *settings, + const gchar *key, + gpointer user_data) +{ + GProxyResolverGnome *resolver = user_data; + + g_mutex_lock (&resolver->lock); + resolver->need_update = TRUE; + g_mutex_unlock (&resolver->lock); +} + +static void +g_proxy_resolver_gnome_finalize (GObject *object) +{ + GProxyResolverGnome *resolver = G_PROXY_RESOLVER_GNOME (object); + + if (resolver->proxy_settings) + { + g_signal_handlers_disconnect_by_func (resolver->proxy_settings, + (gpointer)gsettings_changed, + resolver); + g_object_unref (resolver->proxy_settings); + + g_signal_handlers_disconnect_by_func (resolver->http_settings, + (gpointer)gsettings_changed, + resolver); + g_object_unref (resolver->http_settings); + + g_signal_handlers_disconnect_by_func (resolver->https_settings, + (gpointer)gsettings_changed, + resolver); + g_object_unref (resolver->https_settings); + + g_signal_handlers_disconnect_by_func (resolver->ftp_settings, + (gpointer)gsettings_changed, + resolver); + g_object_unref (resolver->ftp_settings); + + g_signal_handlers_disconnect_by_func (resolver->socks_settings, + (gpointer)gsettings_changed, + resolver); + g_object_unref (resolver->socks_settings); + } + + g_clear_object (&resolver->base_resolver); + g_clear_object (&resolver->pacrunner); + + g_free (resolver->autoconfig_url); + + g_mutex_clear (&resolver->lock); + + G_OBJECT_CLASS (g_proxy_resolver_gnome_parent_class)->finalize (object); +} + +static void +g_proxy_resolver_gnome_init (GProxyResolverGnome *resolver) +{ + g_mutex_init (&resolver->lock); + + resolver->base_resolver = g_simple_proxy_resolver_new (NULL, NULL); + + resolver->proxy_settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA); + g_signal_connect (resolver->proxy_settings, "changed", + G_CALLBACK (gsettings_changed), resolver); + resolver->http_settings = g_settings_get_child (resolver->proxy_settings, + GNOME_PROXY_HTTP_CHILD_SCHEMA); + g_signal_connect (resolver->http_settings, "changed", + G_CALLBACK (gsettings_changed), resolver); + resolver->https_settings = g_settings_get_child (resolver->proxy_settings, + GNOME_PROXY_HTTPS_CHILD_SCHEMA); + g_signal_connect (resolver->https_settings, "changed", + G_CALLBACK (gsettings_changed), resolver); + resolver->ftp_settings = g_settings_get_child (resolver->proxy_settings, + GNOME_PROXY_FTP_CHILD_SCHEMA); + g_signal_connect (resolver->ftp_settings, "changed", + G_CALLBACK (gsettings_changed), resolver); + resolver->socks_settings = g_settings_get_child (resolver->proxy_settings, + GNOME_PROXY_SOCKS_CHILD_SCHEMA); + g_signal_connect (resolver->socks_settings, "changed", + G_CALLBACK (gsettings_changed), resolver); + + resolver->need_update = TRUE; +} + +/* called with lock held */ +static void +update_settings (GProxyResolverGnome *resolver) +{ + GSimpleProxyResolver *simple = G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver); + gchar **ignore_hosts; + gchar *host, *http_proxy, *proxy; + guint port; + + resolver->need_update = FALSE; + + g_free (resolver->autoconfig_url); + g_simple_proxy_resolver_set_default_proxy (simple, NULL); + g_simple_proxy_resolver_set_ignore_hosts (simple, NULL); + g_simple_proxy_resolver_set_uri_proxy (simple, "http", NULL); + g_simple_proxy_resolver_set_uri_proxy (simple, "https", NULL); + g_simple_proxy_resolver_set_uri_proxy (simple, "ftp", NULL); + + resolver->mode = + g_settings_get_enum (resolver->proxy_settings, GNOME_PROXY_MODE_KEY); + resolver->autoconfig_url = + g_settings_get_string (resolver->proxy_settings, GNOME_PROXY_AUTOCONFIG_URL_KEY); + + if (resolver->mode == G_DESKTOP_PROXY_MODE_AUTO && !resolver->pacrunner) + { + GError *error = NULL; + resolver->pacrunner = + g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SESSION, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, + "org.gtk.GLib.PACRunner", + "/org/gtk/GLib/PACRunner", + "org.gtk.GLib.PACRunner", + NULL, &error); + if (error) + { + g_warning ("Could not start proxy autoconfiguration helper:" + "\n %s\nProxy autoconfiguration will not work", + error->message); + } + } + else if (resolver->mode != G_DESKTOP_PROXY_MODE_AUTO && resolver->pacrunner) + { + g_object_unref (resolver->pacrunner); + resolver->pacrunner = NULL; + } + + ignore_hosts = + g_settings_get_strv (resolver->proxy_settings, GNOME_PROXY_IGNORE_HOSTS_KEY); + g_simple_proxy_resolver_set_ignore_hosts (simple, ignore_hosts); + g_strfreev (ignore_hosts); + + if (resolver->mode == G_DESKTOP_PROXY_MODE_AUTO) + { + /* We use the base_resolver to handle ignore_hosts in the AUTO case, + * so we have to set a non-"direct://" default proxy so we can distinguish + * the two cases. + */ + g_simple_proxy_resolver_set_default_proxy (simple, "use-proxy:"); + } + + if (resolver->mode != G_DESKTOP_PROXY_MODE_MANUAL) + return; + + host = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_HOST_KEY); + port = g_settings_get_int (resolver->http_settings, GNOME_PROXY_HTTP_PORT_KEY); + if (host && *host) + { + if (g_settings_get_boolean (resolver->http_settings, GNOME_PROXY_HTTP_USE_AUTH_KEY)) + { + gchar *user, *password; + gchar *enc_user, *enc_password; + + user = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_USER_KEY); + enc_user = g_uri_escape_string (user, NULL, TRUE); + g_free (user); + password = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_PASSWORD_KEY); + enc_password = g_uri_escape_string (password, NULL, TRUE); + g_free (password); + + http_proxy = g_strdup_printf ("http://%s:%s@%s:%u", + enc_user, enc_password, + host, port); + g_free (enc_user); + g_free (enc_password); + } + else + http_proxy = g_strdup_printf ("http://%s:%u", host, port); + + g_simple_proxy_resolver_set_uri_proxy (simple, "http", http_proxy); + if (g_settings_get_boolean (resolver->proxy_settings, GNOME_PROXY_USE_SAME_PROXY_KEY)) + g_simple_proxy_resolver_set_default_proxy (simple, http_proxy); + } + else + http_proxy = NULL; + g_free (host); + + host = g_settings_get_string (resolver->https_settings, GNOME_PROXY_HTTPS_HOST_KEY); + port = g_settings_get_int (resolver->https_settings, GNOME_PROXY_HTTPS_PORT_KEY); + if (host && *host) + { + proxy = g_strdup_printf ("http://%s:%u", host, port); + g_simple_proxy_resolver_set_uri_proxy (simple, "https", proxy); + g_free (proxy); + } + else if (http_proxy) + g_simple_proxy_resolver_set_uri_proxy (simple, "https", http_proxy); + g_free (host); + + host = g_settings_get_string (resolver->socks_settings, GNOME_PROXY_SOCKS_HOST_KEY); + port = g_settings_get_int (resolver->socks_settings, GNOME_PROXY_SOCKS_PORT_KEY); + if (host && *host) + { + proxy = g_strdup_printf ("socks://%s:%u", host, port); + g_simple_proxy_resolver_set_default_proxy (simple, proxy); + g_free (proxy); + } + g_free (host); + + g_free (http_proxy); + + host = g_settings_get_string (resolver->ftp_settings, GNOME_PROXY_FTP_HOST_KEY); + port = g_settings_get_int (resolver->ftp_settings, GNOME_PROXY_FTP_PORT_KEY); + if (host && *host) + { + proxy = g_strdup_printf ("ftp://%s:%u", host, port); + g_simple_proxy_resolver_set_uri_proxy (simple, "ftp", proxy); + g_free (proxy); + } + g_free (host); +} + +static gboolean +g_proxy_resolver_gnome_is_supported (GProxyResolver *object) +{ + const char *desktop; + + desktop = g_getenv ("XDG_CURRENT_DESKTOP"); + if (desktop == NULL) + return FALSE; + + /* Remember that XDG_CURRENT_DESKTOP is a list of strings. Desktops that + * pretend to be GNOME and want to use our proxy settings will list + * themselves alongside GNOME. That's fine; they'll get our proxy settings. + */ + return strstr (desktop, "GNOME") != NULL; +} + +static inline gchar ** +make_proxies (const gchar *proxy) +{ + gchar **proxies; + + proxies = g_new (gchar *, 2); + proxies[0] = g_strdup (proxy); + proxies[1] = NULL; + + return proxies; +} + +/* Threadsafely determines what to do with @uri; returns %FALSE if an + * error occurs, %TRUE and an array of proxies if the mode is NONE or + * MANUAL, or if @uri is covered by ignore-hosts, or %TRUE and a + * (transfer-full) pacrunner and autoconfig url if the mode is AUTOMATIC. + */ +static gboolean +g_proxy_resolver_gnome_lookup_internal (GProxyResolverGnome *resolver, + const gchar *uri, + gchar ***out_proxies, + GDBusProxy **out_pacrunner, + gchar **out_autoconfig_url, + GCancellable *cancellable, + GError **error) +{ + gchar **proxies = NULL; + + *out_proxies = NULL; + *out_pacrunner = NULL; + *out_autoconfig_url = NULL; + + g_mutex_lock (&resolver->lock); + if (resolver->need_update) + update_settings (resolver); + + proxies = g_proxy_resolver_lookup (resolver->base_resolver, + uri, cancellable, error); + if (!proxies) + goto done; + + /* Parent class does ignore-host handling */ + if (!strcmp (proxies[0], "direct://") && !proxies[1]) + goto done; + + if (resolver->pacrunner) + { + g_clear_pointer (&proxies, g_strfreev); + *out_pacrunner = g_object_ref (resolver->pacrunner); + *out_autoconfig_url = g_strdup (resolver->autoconfig_url); + goto done; + } + + done: + g_mutex_unlock (&resolver->lock); + + if (proxies) + { + *out_proxies = proxies; + return TRUE; + } + else if (*out_pacrunner) + return TRUE; + else + return FALSE; +} + +static gchar ** +g_proxy_resolver_gnome_lookup (GProxyResolver *proxy_resolver, + const gchar *uri, + GCancellable *cancellable, + GError **error) +{ + GProxyResolverGnome *resolver = G_PROXY_RESOLVER_GNOME (proxy_resolver); + GDBusProxy *pacrunner; + gchar **proxies, *autoconfig_url; + + if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri, + &proxies, &pacrunner, &autoconfig_url, + cancellable, error)) + return NULL; + + if (pacrunner) + { + GVariant *vproxies; + + vproxies = g_dbus_proxy_call_sync (pacrunner, + "Lookup", + g_variant_new ("(ss)", + autoconfig_url, + uri), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, error); + if (vproxies) + { + g_variant_get (vproxies, "(^as)", &proxies); + g_variant_unref (vproxies); + } + else + proxies = NULL; + + g_object_unref (pacrunner); + g_free (autoconfig_url); + } + + return proxies; +} + +static void +got_autoconfig_proxies (GObject *source, + GAsyncResult *result, + gpointer user_data) +{ + GTask *task = user_data; + GVariant *vproxies; + char **proxies; + GError *error = NULL; + + vproxies = g_dbus_proxy_call_finish (G_DBUS_PROXY (source), + result, &error); + if (vproxies) + { + g_variant_get (vproxies, "(^as)", &proxies); + g_task_return_pointer (task, proxies, (GDestroyNotify)g_strfreev); + g_variant_unref (vproxies); + } + else + g_task_return_error (task, error); + g_object_unref (task); +} + +static void +g_proxy_resolver_gnome_lookup_async (GProxyResolver *proxy_resolver, + const gchar *uri, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GProxyResolverGnome *resolver = G_PROXY_RESOLVER_GNOME (proxy_resolver); + GTask *task; + char **proxies, *autoconfig_url; + GDBusProxy *pacrunner; + GError *error = NULL; + + task = g_task_new (resolver, cancellable, callback, user_data); + g_task_set_source_tag (task, g_proxy_resolver_gnome_lookup_async); + + if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri, + &proxies, &pacrunner, &autoconfig_url, + cancellable, &error)) + { + g_task_return_error (task, error); + g_object_unref (task); + return; + } + else if (proxies) + { + g_task_return_pointer (task, proxies, (GDestroyNotify)g_strfreev); + g_object_unref (task); + return; + } + + g_dbus_proxy_call (pacrunner, + "Lookup", + g_variant_new ("(ss)", + autoconfig_url, + uri), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + got_autoconfig_proxies, + task); + g_object_unref (pacrunner); + g_free (autoconfig_url); +} + +static gchar ** +g_proxy_resolver_gnome_lookup_finish (GProxyResolver *resolver, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, resolver), NULL); + + return g_task_propagate_pointer (G_TASK (result), error); +} + +static void +g_proxy_resolver_gnome_class_init (GProxyResolverGnomeClass *resolver_class) +{ + GObjectClass *object_class; + + object_class = G_OBJECT_CLASS (resolver_class); + object_class->finalize = g_proxy_resolver_gnome_finalize; +} + +static void +g_proxy_resolver_gnome_iface_init (GProxyResolverInterface *iface) +{ + g_proxy_resolver_gnome_parent_iface = g_type_interface_peek_parent (iface); + + iface->is_supported = g_proxy_resolver_gnome_is_supported; + iface->lookup = g_proxy_resolver_gnome_lookup; + iface->lookup_async = g_proxy_resolver_gnome_lookup_async; + iface->lookup_finish = g_proxy_resolver_gnome_lookup_finish; +} + +void +g_proxy_resolver_gnome_register (GIOModule *module) +{ + g_proxy_resolver_gnome_register_type (G_TYPE_MODULE (module)); + if (module == NULL) + g_io_extension_point_register (G_PROXY_RESOLVER_EXTENSION_POINT_NAME); + g_io_extension_point_implement (G_PROXY_RESOLVER_EXTENSION_POINT_NAME, + g_proxy_resolver_gnome_get_type(), + "gnome", + 80); +} diff --git a/proxy/gnome/gproxyresolvergnome.h b/proxy/gnome/gproxyresolvergnome.h new file mode 100644 index 0000000..415d679 --- /dev/null +++ b/proxy/gnome/gproxyresolvergnome.h @@ -0,0 +1,38 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#ifndef __G_PROXY_RESOLVER_GNOME_H__ +#define __G_PROXY_RESOLVER_GNOME_H__ + +#include +#include + +G_BEGIN_DECLS + +#define G_TYPE_PROXY_RESOLVER_GNOME (g_proxy_resolver_gnome_get_type ()) + +G_DECLARE_FINAL_TYPE (GProxyResolverGnome, g_proxy_resolver_gnome, G, PROXY_RESOLVER_GNOME, GObject) + +void g_proxy_resolver_gnome_register (GIOModule *module); + +G_END_DECLS + +#endif /* __G_PROXY_RESOLVER_GNOME_H__ */ diff --git a/proxy/gnome/meson.build b/proxy/gnome/meson.build new file mode 100644 index 0000000..069a459 --- /dev/null +++ b/proxy/gnome/meson.build @@ -0,0 +1,31 @@ +sources = files( + 'gproxyresolvergnome.c', + 'gnome-proxy-module.c' +) + +deps = [ + gio_dep, + glib_dep, + gsettings_desktop_schemas_dep +] + +module = shared_module( + 'giognomeproxy', + sources: sources, + include_directories: top_inc, + dependencies: deps, + link_args: module_ldflags, + link_depends: symbol_map, + install: true, + install_dir: gio_module_dir +) + +if get_option('static_modules') + static_library('giognomeproxy', + objects: module.extract_all_objects(), + install: true, + install_dir: gio_module_dir + ) +endif + +proxy_test_programs += [['gnome', deps]] diff --git a/proxy/libproxy/glib-pacrunner.service.in b/proxy/libproxy/glib-pacrunner.service.in new file mode 100644 index 0000000..0f289de --- /dev/null +++ b/proxy/libproxy/glib-pacrunner.service.in @@ -0,0 +1,7 @@ +[Unit] +Description=GLib proxy auto-configuration service + +[Service] +Type=dbus +BusName=org.gtk.GLib.PACRunner +ExecStart=@libexecdir@/glib-pacrunner diff --git a/proxy/libproxy/glibpacrunner.c b/proxy/libproxy/glibpacrunner.c new file mode 100644 index 0000000..c72304f --- /dev/null +++ b/proxy/libproxy/glibpacrunner.c @@ -0,0 +1,173 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2011 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#include "config.h" + +#include + +#include +#include "glibproxyresolver.h" + +static const gchar introspection_xml[] = + "" + " " + " " + " " + " " + " " + " " + " " + ""; + +static GProxyResolver *resolver; +static GMainLoop *loop; + +static void +got_proxies (GObject *source, + GAsyncResult *result, + gpointer user_data) +{ + GDBusMethodInvocation *invocation = user_data; + gchar **proxies; + GError *error = NULL; + + proxies = g_proxy_resolver_lookup_finish (resolver, result, &error); + if (error) + g_dbus_method_invocation_take_error (invocation, error); + else + { + g_dbus_method_invocation_return_value (invocation, + g_variant_new ("(^as)", proxies)); + g_strfreev (proxies); + } +} + +static void +handle_method_call (GDBusConnection *connection, + const gchar *sender, + const gchar *object_path, + const gchar *interface_name, + const gchar *method_name, + GVariant *parameters, + GDBusMethodInvocation *invocation, + gpointer user_data) +{ + const gchar *pac_url, *lookup_url; + + g_variant_get (parameters, "(&s&s)", &pac_url, &lookup_url); + + if (!g_ascii_strncasecmp (pac_url, "http", 4) || + !g_ascii_strncasecmp (pac_url, "file:", 5)) + { + gchar *libproxy_url = g_strdup_printf ("pac+%s", pac_url); + g_setenv ("http_proxy", libproxy_url, TRUE); + g_free (libproxy_url); + } + else + g_setenv ("http_proxy", "wpad://", TRUE); + + g_proxy_resolver_lookup_async (resolver, lookup_url, + NULL, got_proxies, invocation); +} + +static const GDBusInterfaceVTable interface_vtable = + { + handle_method_call, + NULL, + NULL + }; + +static void +on_bus_acquired (GDBusConnection *connection, + const gchar *name, + gpointer user_data) +{ + GDBusNodeInfo *introspection_data; + GError *error = NULL; + + introspection_data = g_dbus_node_info_new_for_xml (introspection_xml, NULL); + g_dbus_connection_register_object (connection, + "/org/gtk/GLib/PACRunner", + introspection_data->interfaces[0], + &interface_vtable, + NULL, + NULL, + &error); + if (error) + g_error ("Could not register server: %s", error->message); +} + +static void +on_name_acquired (GDBusConnection *connection, + const gchar *name, + gpointer user_data) +{ +} + +static void +on_name_lost (GDBusConnection *connection, + const gchar *name, + gpointer user_data) +{ + g_main_loop_quit (loop); +} + +int +main (int argc, char *argv[]) +{ + int owner_id; + + /* Unset variables that would make libproxy try to use gconf or ksettings */ + g_unsetenv ("GNOME_DESKTOP_SESSION_ID"); + g_unsetenv ("DESKTOP_SESSION"); + g_unsetenv ("KDE_FULL_SESSION"); + + /* Unset variables that libproxy would look at if it were smarter, and which + * it might possibly look at in the future. Just covering our bases. */ + g_unsetenv ("XDG_CURRENT_DESKTOP"); + + /* Unset static proxy settings */ + g_unsetenv ("http_proxy"); + g_unsetenv ("HTTP_PROXY"); + g_unsetenv ("https_proxy"); + g_unsetenv ("HTTPS_PROXY"); + g_unsetenv ("ftp_proxy"); + g_unsetenv ("FTP_PROXY"); + g_unsetenv ("no_proxy"); + g_unsetenv ("NO_PROXY"); + + resolver = g_object_new (G_TYPE_LIBPROXY_RESOLVER, NULL); + + owner_id = g_bus_own_name (G_BUS_TYPE_SESSION, + "org.gtk.GLib.PACRunner", + G_BUS_NAME_OWNER_FLAGS_NONE, + on_bus_acquired, + on_name_acquired, + on_name_lost, + NULL, + NULL); + + loop = g_main_loop_new (NULL, FALSE); + g_main_loop_run (loop); + + g_bus_unown_name (owner_id); + return 0; +} diff --git a/proxy/libproxy/glibproxyresolver.c b/proxy/libproxy/glibproxyresolver.c new file mode 100644 index 0000000..bc1379b --- /dev/null +++ b/proxy/libproxy/glibproxyresolver.c @@ -0,0 +1,243 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * Author: Nicolas Dufresne + */ + +#include "config.h" + +#include +#include +#include + +#include "glibproxyresolver.h" + +#include +#include + +struct _GLibProxyResolver { + GObject parent_instance; + pxProxyFactory *factory; +}; + +static void g_libproxy_resolver_iface_init (GProxyResolverInterface *iface); + +#ifdef GLIBPROXY_MODULE +static void +g_libproxy_resolver_class_finalize (GLibProxyResolverClass *klass) +{ +} + +G_DEFINE_DYNAMIC_TYPE_EXTENDED (GLibProxyResolver, + g_libproxy_resolver, + G_TYPE_OBJECT, 0, + G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_PROXY_RESOLVER, + g_libproxy_resolver_iface_init)) +#else +G_DEFINE_TYPE_EXTENDED (GLibProxyResolver, + g_libproxy_resolver, + G_TYPE_OBJECT, 0, + G_IMPLEMENT_INTERFACE (G_TYPE_PROXY_RESOLVER, + g_libproxy_resolver_iface_init)) +#endif + +static void +g_libproxy_resolver_finalize (GObject *object) +{ + GLibProxyResolver *resolver = G_LIBPROXY_RESOLVER (object); + + if (resolver->factory) + { + px_proxy_factory_free (resolver->factory); + resolver->factory = NULL; + } + + /* must chain up */ + G_OBJECT_CLASS (g_libproxy_resolver_parent_class)->finalize (object); +} + +static void +g_libproxy_resolver_init (GLibProxyResolver *resolver) +{ + resolver->factory = px_proxy_factory_new (); +} + +static gboolean +g_libproxy_resolver_is_supported (GProxyResolver *object) +{ + GLibProxyResolver *resolver = G_LIBPROXY_RESOLVER (object); + return resolver->factory != NULL; +} + +static gchar ** +copy_proxies (gchar **proxies) +{ + gchar **copy; + int len = 0; + int i, j; + + for (i = 0; proxies[i]; i++) + { + if (!strncmp ("socks://", proxies[i], 8)) + len += 3; + else + len++; + } + + copy = g_new (gchar *, len + 1); + for (i = j = 0; proxies[i]; i++, j++) + { + if (!strncmp ("socks://", proxies[i], 8)) + { + copy[j++] = g_strdup_printf ("socks5://%s", proxies[i] + 8); + copy[j++] = g_strdup_printf ("socks4a://%s", proxies[i] + 8); + copy[j] = g_strdup_printf ("socks4://%s", proxies[i] + 8); + } + else + { + copy[j] = g_strdup (proxies[i]); + } + } + copy[j] = NULL; + + return copy; +} + +static void +free_libproxy_proxies (gchar **proxies) +{ + int i; + + for (i = 0; proxies[i]; i++) + free (proxies[i]); + free (proxies); +} + +static void +get_libproxy_proxies (GTask *task, + gpointer source_object, + gpointer task_data, + GCancellable *cancellable) +{ + GLibProxyResolver *resolver = source_object; + const gchar *uri = task_data; + GError *error = NULL; + gchar **proxies; + + if (g_task_return_error_if_cancelled (task)) + return; + + proxies = px_proxy_factory_get_proxies (resolver->factory, uri); + if (proxies) + { + /* We always copy to be able to translate "socks" entry into + * three entries ("socks5", "socks4a", "socks4"). + */ + g_task_return_pointer (task, copy_proxies (proxies), (GDestroyNotify) g_strfreev); + free_libproxy_proxies (proxies); + } + else + { + g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED, + _("Proxy resolver internal error.")); + g_task_return_error (task, error); + } +} + +static gchar ** +g_libproxy_resolver_lookup (GProxyResolver *iresolver, + const gchar *uri, + GCancellable *cancellable, + GError **error) +{ + GLibProxyResolver *resolver = G_LIBPROXY_RESOLVER (iresolver); + GTask *task; + gchar **proxies; + + task = g_task_new (resolver, cancellable, NULL, NULL); + g_task_set_source_tag (task, g_libproxy_resolver_lookup); + g_task_set_task_data (task, g_strdup (uri), g_free); + g_task_set_return_on_cancel (task, TRUE); + + g_task_run_in_thread_sync (task, get_libproxy_proxies); + proxies = g_task_propagate_pointer (task, error); + g_object_unref (task); + + return proxies; +} + +static void +g_libproxy_resolver_lookup_async (GProxyResolver *resolver, + const gchar *uri, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GTask *task; + + task = g_task_new (resolver, cancellable, callback, user_data); + g_task_set_source_tag (task, g_libproxy_resolver_lookup_async); + g_task_set_task_data (task, g_strdup (uri), g_free); + g_task_set_return_on_cancel (task, TRUE); + g_task_run_in_thread (task, get_libproxy_proxies); + g_object_unref (task); +} + +static gchar ** +g_libproxy_resolver_lookup_finish (GProxyResolver *resolver, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, resolver), NULL); + + return g_task_propagate_pointer (G_TASK (result), error); +} + +static void +g_libproxy_resolver_class_init (GLibProxyResolverClass *resolver_class) +{ + GObjectClass *object_class; + + object_class = G_OBJECT_CLASS (resolver_class); + object_class->finalize = g_libproxy_resolver_finalize; +} + +static void +g_libproxy_resolver_iface_init (GProxyResolverInterface *iface) +{ + iface->is_supported = g_libproxy_resolver_is_supported; + iface->lookup = g_libproxy_resolver_lookup; + iface->lookup_async = g_libproxy_resolver_lookup_async; + iface->lookup_finish = g_libproxy_resolver_lookup_finish; +} + +#ifdef GLIBPROXY_MODULE +void +g_libproxy_resolver_register (GIOModule *module) +{ + g_libproxy_resolver_register_type (G_TYPE_MODULE (module)); + if (module == NULL) + g_io_extension_point_register (G_PROXY_RESOLVER_EXTENSION_POINT_NAME); + g_io_extension_point_implement (G_PROXY_RESOLVER_EXTENSION_POINT_NAME, + g_libproxy_resolver_get_type(), + "libproxy", + 0); +} +#endif diff --git a/proxy/libproxy/glibproxyresolver.h b/proxy/libproxy/glibproxyresolver.h new file mode 100644 index 0000000..3a2e361 --- /dev/null +++ b/proxy/libproxy/glibproxyresolver.h @@ -0,0 +1,40 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * Author: Nicolas Dufresne + */ + +#ifndef __G_LIBPROXY_RESOLVER_H__ +#define __G_LIBPROXY_RESOLVER_H__ + +#include +#include + +G_BEGIN_DECLS + +#define G_TYPE_LIBPROXY_RESOLVER (g_libproxy_resolver_get_type ()) + +G_DECLARE_FINAL_TYPE (GLibProxyResolver, g_libproxy_resolver, G, LIBPROXY_RESOLVER, GObject) + +void g_libproxy_resolver_register (GIOModule *module); + +G_END_DECLS + +#endif /* __G_LIBPROXY_RESOLVER_H__ */ diff --git a/proxy/libproxy/libproxy-module.c b/proxy/libproxy/libproxy-module.c new file mode 100644 index 0000000..8fcaf9e --- /dev/null +++ b/proxy/libproxy/libproxy-module.c @@ -0,0 +1,67 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * Author: Nicolas Dufresne + */ + +#include "config.h" + +#include + +#include "glibproxyresolver.h" + + +void +g_io_libproxy_load (GIOModule *module) +{ + gchar *locale_dir; +#ifdef G_OS_WIN32 + gchar *base_dir; +#endif + + g_libproxy_resolver_register (module); + +#ifdef G_OS_WIN32 + base_dir = g_win32_get_package_installation_directory_of_module (NULL); + locale_dir = g_build_filename (base_dir, "share", "locale", NULL); + g_free (base_dir); +#else + locale_dir = g_strdup (LOCALE_DIR); +#endif + + bindtextdomain (GETTEXT_PACKAGE, locale_dir); + bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); + g_free (locale_dir); +} + +void +g_io_libproxy_unload (GIOModule *module) +{ +} + +gchar ** +g_io_libproxy_query (void) +{ + gchar *eps[] = { + G_PROXY_RESOLVER_EXTENSION_POINT_NAME, + NULL + }; + return g_strdupv (eps); +} diff --git a/proxy/libproxy/meson.build b/proxy/libproxy/meson.build new file mode 100644 index 0000000..baa7ab7 --- /dev/null +++ b/proxy/libproxy/meson.build @@ -0,0 +1,70 @@ +service_conf = configuration_data() +service_conf.set('libexecdir', libexecdir) + +service = 'org.gtk.GLib.PACRunner.service' + +configure_file( + input: service + '.in', + output: service, + install: true, + install_dir: join_paths(datadir, 'dbus-1', 'services'), + configuration: service_conf +) + +service = 'glib-pacrunner.service' + +configure_file( + input: service + '.in', + output: service, + install: true, + install_dir: join_paths('lib', 'systemd', 'user'), + configuration: service_conf +) + +sources = files( + 'glibproxyresolver.c', + 'libproxy-module.c' +) + +deps = [ + gio_dep, + glib_dep, + libproxy_dep +] + +module = shared_module( + 'giolibproxy', + sources: sources, + include_directories: top_inc, + dependencies: deps, + c_args: '-DGLIBPROXY_MODULE', + link_args: module_ldflags, + link_depends: symbol_map, + install: true, + install_dir: gio_module_dir +) + +if get_option('static_modules') + static_library('giolibproxy', + objects: module.extract_all_objects(), + install: true, + install_dir: gio_module_dir + ) +endif + +sources = files( + 'glibproxyresolver.c', + 'glibpacrunner.c' +) + +executable( + 'glib-pacrunner', + sources, + include_directories: top_inc, + dependencies: deps, + c_args: '-DGLIBPROXY_PACRUNNER', + install: true, + install_dir: libexecdir +) + +proxy_test_programs += [['libproxy', deps]] diff --git a/proxy/libproxy/org.gtk.GLib.PACRunner.service.in b/proxy/libproxy/org.gtk.GLib.PACRunner.service.in new file mode 100644 index 0000000..f1bd699 --- /dev/null +++ b/proxy/libproxy/org.gtk.GLib.PACRunner.service.in @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.gtk.GLib.PACRunner +Exec=@libexecdir@/glib-pacrunner +SystemdService=glib-pacrunner.service diff --git a/proxy/tests/common.c b/proxy/tests/common.c new file mode 100644 index 0000000..cbeface --- /dev/null +++ b/proxy/tests/common.c @@ -0,0 +1,194 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GProxyResolver tests + * + * Copyright 2011-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#include + +static void +test_proxy_uri_common (void) +{ + GProxyResolver *resolver; + gchar **proxies; + GError *error = NULL; + + resolver = g_proxy_resolver_get_default (); + + proxies = g_proxy_resolver_lookup (resolver, "http://one.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 1); + g_assert_cmpstr (proxies[0], ==, "http://proxy.example.com:8080"); + g_strfreev (proxies); + + proxies = g_proxy_resolver_lookup (resolver, "HTTPS://uppercase.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 1); + g_assert_cmpstr (proxies[0], ==, "http://proxy-s.example.com:7070"); + g_strfreev (proxies); + + /* Unknown protocols will use the http proxy by default in this configuration. */ + proxies = g_proxy_resolver_lookup (resolver, "htt://missing-letter.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 1); + g_assert_cmpstr (proxies[0], ==, "http://proxy.example.com:8080"); + g_strfreev (proxies); + + proxies = g_proxy_resolver_lookup (resolver, "ftps://extra-letter.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 1); + g_assert_cmpstr (proxies[0], ==, "http://proxy.example.com:8080"); + g_strfreev (proxies); + + proxies = g_proxy_resolver_lookup (resolver, "ftp://five.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 1); + g_assert_cmpstr (proxies[0], ==, "ftp://proxy-f.example.com:6060"); + g_strfreev (proxies); +} + +static void +test_proxy_socks_common (void) +{ + GProxyResolver *resolver; + gchar **proxies; + GError *error = NULL; + + resolver = g_proxy_resolver_get_default (); + + proxies = g_proxy_resolver_lookup (resolver, "http://one.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 3); + g_assert_cmpstr (proxies[0], ==, "socks5://proxy.example.com:1234"); + g_assert_cmpstr (proxies[1], ==, "socks4a://proxy.example.com:1234"); + g_assert_cmpstr (proxies[2], ==, "socks4://proxy.example.com:1234"); + g_strfreev (proxies); + + proxies = g_proxy_resolver_lookup (resolver, "wednesday://two.example.com/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 3); + g_assert_cmpstr (proxies[0], ==, "socks5://proxy.example.com:1234"); + g_assert_cmpstr (proxies[1], ==, "socks4a://proxy.example.com:1234"); + g_assert_cmpstr (proxies[2], ==, "socks4://proxy.example.com:1234"); + g_strfreev (proxies); + + proxies = g_proxy_resolver_lookup (resolver, "http://127.0.0.1/", + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (g_strv_length (proxies), ==, 1); + g_assert_cmpstr (proxies[0], ==, "direct://"); + g_strfreev (proxies); +} + +static const char *ignore_hosts[] = { + ".bbb.xx", + "*.ccc.xx", + "ddd.xx", + "*.eee.xx:8000", + "127.0.0.0/24", + "10.0.0.1:8000", + "::1", + "fe80::/10", + NULL +}; +static const int n_ignore_hosts = G_N_ELEMENTS (ignore_hosts) - 1; + +static const struct { + const char *uri; + const char *proxy; + gboolean libproxy_fails; +} ignore_tests[] = { + { "http://aaa.xx/", "http://localhost:8080" }, + { "http://aaa.xx:8000/", "http://localhost:8080" }, + { "http://www.aaa.xx/", "http://localhost:8080" }, + { "http://www.aaa.xx:8000/", "http://localhost:8080" }, + { "https://aaa.xx/", "http://localhost:8080" }, + { "http://bbb.xx/", "direct://", TRUE }, + { "http://www.bbb.xx/", "direct://" }, + { "http://bbb.xx:8000/", "direct://", TRUE }, + { "http://www.bbb.xx:8000/", "direct://" }, + { "https://bbb.xx/", "direct://", TRUE }, + { "http://nobbb.xx/", "http://localhost:8080" }, + { "http://www.nobbb.xx/", "http://localhost:8080" }, + { "http://nobbb.xx:8000/", "http://localhost:8080" }, + { "http://www.nobbb.xx:8000/", "http://localhost:8080" }, + { "https://nobbb.xx/", "http://localhost:8080" }, + { "http://ccc.xx/", "direct://", TRUE }, + { "http://www.ccc.xx/", "direct://" }, + { "http://ccc.xx:8000/", "direct://", TRUE }, + { "http://www.ccc.xx:8000/", "direct://" }, + { "https://ccc.xx/", "direct://", TRUE }, + { "http://ddd.xx/", "direct://" }, + { "http://ddd.xx:8000/", "direct://" }, + { "http://www.ddd.xx/", "direct://", TRUE }, + { "http://www.ddd.xx:8000/", "direct://", TRUE }, + { "https://ddd.xx/", "direct://" }, + { "http://eee.xx/", "http://localhost:8080", TRUE }, + { "http://eee.xx:8000/", "direct://", TRUE }, + { "http://www.eee.xx/", "http://localhost:8080" }, + { "http://www.eee.xx:8000/", "direct://" }, + { "https://eee.xx/", "http://localhost:8080", TRUE }, + { "http://1.2.3.4/", "http://localhost:8080" }, + { "http://127.0.0.1/", "direct://" }, + { "http://127.0.0.2/", "direct://" }, + { "http://127.0.0.255/", "direct://" }, + { "http://127.0.1.0/", "http://localhost:8080" }, + { "http://10.0.0.1/", "http://localhost:8080" }, + { "http://10.0.0.1:8000/", "direct://" }, + { "http://[::1]/", "direct://", TRUE }, + { "http://[::1]:80/", "direct://", TRUE }, + { "http://[::1:1]/", "http://localhost:8080" }, + { "http://[::1:1]:80/", "http://localhost:8080" }, + { "http://[fe80::1]/", "direct://", TRUE }, + { "http://[fe80::1]:80/", "direct://", TRUE }, + { "http://[fec0::1]/", "http://localhost:8080" }, + { "http://[fec0::1]:80/", "http://localhost:8080" } +}; +static const int n_ignore_tests = G_N_ELEMENTS (ignore_tests); + +static void +test_proxy_ignore_common (gboolean is_libproxy) +{ + GProxyResolver *resolver; + GError *error = NULL; + char **proxies; + int i; + + resolver = g_proxy_resolver_get_default (); + + for (i = 0; i < n_ignore_tests; i++) + { + proxies = g_proxy_resolver_lookup (resolver, ignore_tests[i].uri, + NULL, &error); + g_assert_no_error (error); + + if (is_libproxy && ignore_tests[i].libproxy_fails) + g_assert_cmpstr (proxies[0], ==, "http://localhost:8080"); + else + g_assert_cmpstr (proxies[0], ==, ignore_tests[i].proxy); + + g_strfreev (proxies); + } +} diff --git a/proxy/tests/gnome.c b/proxy/tests/gnome.c new file mode 100644 index 0000000..6603db3 --- /dev/null +++ b/proxy/tests/gnome.c @@ -0,0 +1,176 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GProxyResolverGnome tests + * + * Copyright 2011 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#include +#include + +#include "common.c" + +#define GNOME_PROXY_SETTINGS_SCHEMA "org.gnome.system.proxy" +#define GNOME_PROXY_MODE_KEY "mode" +#define GNOME_PROXY_AUTOCONFIG_URL_KEY "autoconfig-url" +#define GNOME_PROXY_IGNORE_HOSTS_KEY "ignore-hosts" +#define GNOME_PROXY_USE_SAME_PROXY_KEY "use-same-proxy" + +#define GNOME_PROXY_HTTP_CHILD_SCHEMA "http" +#define GNOME_PROXY_HTTP_HOST_KEY "host" +#define GNOME_PROXY_HTTP_PORT_KEY "port" +#define GNOME_PROXY_HTTP_USE_AUTH_KEY "use-authentication" +#define GNOME_PROXY_HTTP_USER_KEY "authentication-user" +#define GNOME_PROXY_HTTP_PASSWORD_KEY "authentication-password" + +#define GNOME_PROXY_HTTPS_CHILD_SCHEMA "https" +#define GNOME_PROXY_HTTPS_HOST_KEY "host" +#define GNOME_PROXY_HTTPS_PORT_KEY "port" + +#define GNOME_PROXY_FTP_CHILD_SCHEMA "ftp" +#define GNOME_PROXY_FTP_HOST_KEY "host" +#define GNOME_PROXY_FTP_PORT_KEY "port" + +#define GNOME_PROXY_SOCKS_CHILD_SCHEMA "socks" +#define GNOME_PROXY_SOCKS_HOST_KEY "host" +#define GNOME_PROXY_SOCKS_PORT_KEY "port" + +static void +reset_proxy_settings (gpointer fixture, + gconstpointer user_data) +{ + GSettings *settings, *child; + + settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA); + g_settings_reset (settings, GNOME_PROXY_MODE_KEY); + g_settings_reset (settings, GNOME_PROXY_USE_SAME_PROXY_KEY); + + child = g_settings_get_child (settings, GNOME_PROXY_HTTP_CHILD_SCHEMA); + g_settings_reset (child, GNOME_PROXY_HTTP_HOST_KEY); + g_settings_reset (child, GNOME_PROXY_HTTP_PORT_KEY); + g_object_unref (child); + + child = g_settings_get_child (settings, GNOME_PROXY_HTTPS_CHILD_SCHEMA); + g_settings_reset (child, GNOME_PROXY_HTTPS_HOST_KEY); + g_settings_reset (child, GNOME_PROXY_HTTPS_PORT_KEY); + g_object_unref (child); + + child = g_settings_get_child (settings, GNOME_PROXY_FTP_CHILD_SCHEMA); + g_settings_reset (child, GNOME_PROXY_FTP_HOST_KEY); + g_settings_reset (child, GNOME_PROXY_FTP_PORT_KEY); + g_object_unref (child); + + child = g_settings_get_child (settings, GNOME_PROXY_SOCKS_CHILD_SCHEMA); + g_settings_reset (child, GNOME_PROXY_SOCKS_HOST_KEY); + g_settings_reset (child, GNOME_PROXY_SOCKS_PORT_KEY); + g_object_unref (child); + + g_object_unref (settings); +} + +static void +test_proxy_uri (gpointer fixture, + gconstpointer user_data) +{ + GSettings *settings, *child; + + settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA); + g_settings_set_enum (settings, GNOME_PROXY_MODE_KEY, G_DESKTOP_PROXY_MODE_MANUAL); + g_settings_set_boolean (settings, GNOME_PROXY_USE_SAME_PROXY_KEY, TRUE); + + child = g_settings_get_child (settings, GNOME_PROXY_HTTP_CHILD_SCHEMA); + g_settings_set_string (child, GNOME_PROXY_HTTP_HOST_KEY, "proxy.example.com"); + g_settings_set_int (child, GNOME_PROXY_HTTP_PORT_KEY, 8080); + g_object_unref (child); + + child = g_settings_get_child (settings, GNOME_PROXY_HTTPS_CHILD_SCHEMA); + g_settings_set_string (child, GNOME_PROXY_HTTPS_HOST_KEY, "proxy-s.example.com"); + g_settings_set_int (child, GNOME_PROXY_HTTPS_PORT_KEY, 7070); + g_object_unref (child); + + child = g_settings_get_child (settings, GNOME_PROXY_FTP_CHILD_SCHEMA); + g_settings_set_string (child, GNOME_PROXY_FTP_HOST_KEY, "proxy-f.example.com"); + g_settings_set_int (child, GNOME_PROXY_FTP_PORT_KEY, 6060); + g_object_unref (child); + + g_object_unref (settings); + + test_proxy_uri_common (); +} + +static void +test_proxy_socks (gpointer fixture, + gconstpointer user_data) +{ + GSettings *settings, *child; + const gchar *ignore_hosts[2] = { "127.0.0.1", NULL }; + + settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA); + g_settings_set_enum (settings, GNOME_PROXY_MODE_KEY, G_DESKTOP_PROXY_MODE_MANUAL); + g_settings_set (settings, GNOME_PROXY_IGNORE_HOSTS_KEY, + "@as", g_variant_new_strv (ignore_hosts, -1)); + + child = g_settings_get_child (settings, GNOME_PROXY_SOCKS_CHILD_SCHEMA); + g_settings_set_string (child, GNOME_PROXY_SOCKS_HOST_KEY, "proxy.example.com"); + g_settings_set_int (child, GNOME_PROXY_SOCKS_PORT_KEY, 1234); + g_object_unref (child); + g_object_unref (settings); + + test_proxy_socks_common (); +} + +static void +test_proxy_ignore (gpointer fixture, + gconstpointer user_data) +{ + GSettings *settings, *http; + + settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA); + g_settings_set_enum (settings, GNOME_PROXY_MODE_KEY, G_DESKTOP_PROXY_MODE_MANUAL); + g_settings_set (settings, GNOME_PROXY_IGNORE_HOSTS_KEY, + "@as", g_variant_new_strv (ignore_hosts, n_ignore_hosts)); + + http = g_settings_get_child (settings, GNOME_PROXY_HTTP_CHILD_SCHEMA); + g_settings_set_string (http, GNOME_PROXY_HTTP_HOST_KEY, "localhost"); + g_settings_set_int (http, GNOME_PROXY_HTTP_PORT_KEY, 8080); + + g_object_unref (http); + g_object_unref (settings); + + test_proxy_ignore_common (FALSE); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/proxy/gnome/.libs", TRUE); + g_setenv ("GIO_USE_PROXY_RESOLVER", "gnome", TRUE); + g_setenv ("GSETTINGS_BACKEND", "memory", TRUE); + g_setenv ("XDG_CURRENT_DESKTOP", "GNOME", TRUE); + + g_test_add_vtable ("/proxy/gnome/uri", 0, NULL, + reset_proxy_settings, test_proxy_uri, NULL); + g_test_add_vtable ("/proxy/gnome/socks", 0, NULL, + reset_proxy_settings, test_proxy_socks, NULL); + g_test_add_vtable ("/proxy/gnome/ignore", 0, NULL, + reset_proxy_settings, test_proxy_ignore, NULL); + + return g_test_run(); +} diff --git a/proxy/tests/libproxy.c b/proxy/tests/libproxy.c new file mode 100644 index 0000000..c2594c5 --- /dev/null +++ b/proxy/tests/libproxy.c @@ -0,0 +1,96 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GLibProxyResolver tests + * + * Copyright 2011-2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + */ + +#include + +#include "common.c" + +static void +reset_proxy_settings (gpointer fixture, + gconstpointer user_data) +{ + g_unsetenv ("http_proxy"); + g_unsetenv ("HTTP_PROXY"); + g_unsetenv ("https_proxy"); + g_unsetenv ("HTTPS_PROXY"); + g_unsetenv ("ftp_proxy"); + g_unsetenv ("FTP_PROXY"); + g_unsetenv ("no_proxy"); + g_unsetenv ("NO_PROXY"); +} + +static void +test_proxy_uri (gpointer fixture, + gconstpointer user_data) +{ + g_setenv ("http_proxy", "http://proxy.example.com:8080", TRUE); + g_setenv ("https_proxy", "http://proxy-s.example.com:7070", TRUE); + g_setenv ("ftp_proxy", "ftp://proxy-f.example.com:6060", TRUE); + + test_proxy_uri_common (); +} + +static void +test_proxy_socks (gpointer fixture, + gconstpointer user_data) +{ + g_setenv ("http_proxy", "socks://proxy.example.com:1234", TRUE); + g_setenv ("no_proxy", "127.0.0.1", TRUE); + + test_proxy_socks_common (); +} + +static void +test_proxy_ignore (gpointer fixture, + gconstpointer user_data) +{ + gchar *no_proxy = g_strjoinv (",", (gchar **) ignore_hosts); + + g_setenv ("http_proxy", "http://localhost:8080", TRUE); + g_setenv ("no_proxy", no_proxy, TRUE); + g_free (no_proxy); + + test_proxy_ignore_common (TRUE); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + /* Unset variables that would make libproxy try to use gconf or ksettings */ + g_unsetenv ("GNOME_DESKTOP_SESSION_ID"); + g_unsetenv ("DESKTOP_SESSION"); + g_unsetenv ("KDE_FULL_SESSION"); + + /* Use the just-built libproxy module */ + g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/proxy/libproxy/.libs", TRUE); + + g_test_add_vtable ("/proxy/libproxy/uri", 0, NULL, + reset_proxy_settings, test_proxy_uri, NULL); + g_test_add_vtable ("/proxy/libproxy/socks", 0, NULL, + reset_proxy_settings, test_proxy_socks, NULL); + g_test_add_vtable ("/proxy/libproxy/ignore", 0, NULL, + reset_proxy_settings, test_proxy_ignore, NULL); + + return g_test_run(); +} diff --git a/proxy/tests/meson.build b/proxy/tests/meson.build new file mode 100644 index 0000000..4e0079f --- /dev/null +++ b/proxy/tests/meson.build @@ -0,0 +1,41 @@ +cflags = [ + '-DSRCDIR="@0@"'.format(meson.current_source_dir()), + '-DTOP_BUILDDIR="@0@"'.format(meson.build_root()) +] + +foreach program: proxy_test_programs + test_conf = configuration_data() + test_conf.set('installed_tests_dir', installed_tests_execdir) + test_conf.set('program', program[0]) + + if enable_installed_tests + configure_file( + input: test_template, + output: program[0] + '.test', + install_dir: installed_tests_metadir, + configuration: test_conf + ) + endif + + exe = executable( + program[0], + program[0] + '.c', + include_directories: top_inc, + dependencies: program[1], + c_args: cflags, + install: enable_installed_tests, + install_dir: installed_tests_execdir + ) + + envs = [ + 'G_TEST_SRCDIR=' + meson.current_source_dir(), + 'G_TEST_BUILDDIR=' + meson.current_build_dir(), + 'GIO_MODULE_DIR=' + join_paths(meson.build_root(), 'proxy', program[0]) + ] + + test( + program[0], + exe, + env: envs + ) +endforeach diff --git a/template.test.in b/template.test.in new file mode 100644 index 0000000..f701627 --- /dev/null +++ b/template.test.in @@ -0,0 +1,3 @@ +[Test] +Type=session +Exec=@installed_tests_dir@/@program@ diff --git a/tls/gnutls/gnutls-module.c b/tls/gnutls/gnutls-module.c new file mode 100644 index 0000000..3ebf0d4 --- /dev/null +++ b/tls/gnutls/gnutls-module.c @@ -0,0 +1,73 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" + +#include +#include + +#include "gtlsbackend-gnutls.h" +#include "gtlsbackend-gnutls-pkcs11.h" + + +void +g_io_gnutls_load (GIOModule *module) +{ + gchar *locale_dir; +#ifdef G_OS_WIN32 + gchar *base_dir; +#endif + + g_tls_backend_gnutls_register (module); +#ifdef HAVE_PKCS11 + g_tls_backend_gnutls_pkcs11_register (module); +#endif + +#ifdef G_OS_WIN32 + base_dir = g_win32_get_package_installation_directory_of_module (NULL); + locale_dir = g_build_filename (base_dir, "share", "locale", NULL); + g_free (base_dir); +#else + locale_dir = g_strdup (LOCALE_DIR); +#endif + + bindtextdomain (GETTEXT_PACKAGE, locale_dir); + bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); + g_free (locale_dir); +} + +void +g_io_gnutls_unload (GIOModule *module) +{ +} + +gchar ** +g_io_gnutls_query (void) +{ + gchar *eps[] = { + G_TLS_BACKEND_EXTENSION_POINT_NAME, + NULL + }; + return g_strdupv (eps); +} diff --git a/tls/gnutls/gtlsbackend-gnutls-pkcs11.c b/tls/gnutls/gtlsbackend-gnutls-pkcs11.c new file mode 100644 index 0000000..eb073ae --- /dev/null +++ b/tls/gnutls/gtlsbackend-gnutls-pkcs11.c @@ -0,0 +1,74 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright © 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "glib.h" + +#include "gtlsbackend-gnutls-pkcs11.h" +#include "gtlsdatabase-gnutls-pkcs11.h" + +struct _GTlsBackendGnutlsPkcs11 +{ + GTlsBackendGnutls parent_instance; +}; + +G_DEFINE_DYNAMIC_TYPE (GTlsBackendGnutlsPkcs11, g_tls_backend_gnutls_pkcs11, G_TYPE_TLS_BACKEND_GNUTLS); + +static void +g_tls_backend_gnutls_pkcs11_init (GTlsBackendGnutlsPkcs11 *backend) +{ + +} + +static GTlsDatabase* +g_tls_backend_gnutls_pkcs11_create_database (GTlsBackendGnutls *backend, + GError **error) +{ + return g_tls_database_gnutls_pkcs11_new (error); +} + +static void +g_tls_backend_gnutls_pkcs11_class_init (GTlsBackendGnutlsPkcs11Class *backend_class) +{ + GTlsBackendGnutlsClass *gnutls_class = G_TLS_BACKEND_GNUTLS_CLASS (backend_class); + gnutls_class->create_database = g_tls_backend_gnutls_pkcs11_create_database; +} + +static void +g_tls_backend_gnutls_pkcs11_class_finalize (GTlsBackendGnutlsPkcs11Class *backend_class) +{ + +} + +void +g_tls_backend_gnutls_pkcs11_register (GIOModule *module) +{ + g_tls_backend_gnutls_pkcs11_register_type (G_TYPE_MODULE (module)); + g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME, + g_tls_backend_gnutls_pkcs11_get_type(), + "gnutls-pkcs11", + -5); +} diff --git a/tls/gnutls/gtlsbackend-gnutls-pkcs11.h b/tls/gnutls/gtlsbackend-gnutls-pkcs11.h new file mode 100644 index 0000000..44f4c03 --- /dev/null +++ b/tls/gnutls/gtlsbackend-gnutls-pkcs11.h @@ -0,0 +1,45 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Backend, Output and Gnutlsing Library + * + * Copyright © 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_TLS_BACKEND_GNUTLS_PKCS11_H__ +#define __G_TLS_BACKEND_GNUTLS_PKCS11_H__ + +#include +#include + +#include "gtlsbackend-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_BACKEND_GNUTLS_PKCS11 (g_tls_backend_gnutls_pkcs11get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsBackendGnutlsPkcs11, g_tls_backend_gnutls_pkcs11, G, TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutls) + +void g_tls_backend_gnutls_pkcs11_register (GIOModule *module); + +G_END_DECLS + +#endif /* __G_TLS_BACKEND_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c new file mode 100644 index 0000000..0a6b5d4 --- /dev/null +++ b/tls/gnutls/gtlsbackend-gnutls.c @@ -0,0 +1,332 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" +#include "glib.h" + +#include +#include + +#include + +#include "gtlsbackend-gnutls.h" +#include "gtlscertificate-gnutls.h" +#include "gtlsclientconnection-gnutls.h" +#include "gtlsfiledatabase-gnutls.h" +#include "gtlsserverconnection-gnutls.h" + +typedef struct +{ + GMutex mutex; + GTlsDatabase *default_database; +} GTlsBackendGnutlsPrivate; + +static void g_tls_backend_gnutls_interface_init (GTlsBackendInterface *iface); + +G_DEFINE_DYNAMIC_TYPE_EXTENDED (GTlsBackendGnutls, g_tls_backend_gnutls, G_TYPE_OBJECT, 0, + G_ADD_PRIVATE_DYNAMIC (GTlsBackendGnutls); + G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND, + g_tls_backend_gnutls_interface_init);) + +#ifdef GTLS_GNUTLS_DEBUG +static void +gtls_log_func (int level, const char *msg) +{ + g_print ("GTLS: %s", msg); +} +#endif + +static gpointer +gtls_gnutls_init (gpointer data) +{ + GTypePlugin *plugin; + + gnutls_global_init (); + +#ifdef GTLS_GNUTLS_DEBUG + gnutls_global_set_log_function (gtls_log_func); + gnutls_global_set_log_level (9); +#endif + + /* Leak the module to keep it from being unloaded. */ + plugin = g_type_get_plugin (G_TYPE_TLS_BACKEND_GNUTLS); + if (plugin != NULL) + g_type_plugin_use (plugin); + return NULL; +} + +GNUTLS_SKIP_GLOBAL_INIT + +static GOnce gnutls_inited = G_ONCE_INIT; + +static void +g_tls_backend_gnutls_init (GTlsBackendGnutls *backend) +{ + GTlsBackendGnutlsPrivate *priv = g_tls_backend_gnutls_get_instance_private (backend); + + /* Once we call gtls_gnutls_init(), we can't allow the module to be + * unloaded (since if gnutls gets unloaded but gcrypt doesn't, then + * gcrypt will have dangling pointers to gnutls's mutex functions). + * So we initialize it from here rather than at class init time so + * that it doesn't happen unless the app is actually using TLS (as + * opposed to just calling g_io_modules_scan_all_in_directory()). + */ + g_once (&gnutls_inited, gtls_gnutls_init, NULL); + + g_mutex_init (&priv->mutex); +} + +static void +g_tls_backend_gnutls_finalize (GObject *object) +{ + GTlsBackendGnutls *backend = G_TLS_BACKEND_GNUTLS (object); + GTlsBackendGnutlsPrivate *priv = g_tls_backend_gnutls_get_instance_private (backend); + + if (priv->default_database) + g_object_unref (priv->default_database); + g_mutex_clear (&priv->mutex); + + G_OBJECT_CLASS (g_tls_backend_gnutls_parent_class)->finalize (object); +} + +static GTlsDatabase* +g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls *self, + GError **error) +{ + const gchar *anchor_file = NULL; +#ifdef GTLS_SYSTEM_CA_FILE + anchor_file = GTLS_SYSTEM_CA_FILE; +#endif + return g_tls_file_database_new (anchor_file, error); +} + +static void +g_tls_backend_gnutls_class_init (GTlsBackendGnutlsClass *backend_class) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (backend_class); + gobject_class->finalize = g_tls_backend_gnutls_finalize; + backend_class->create_database = g_tls_backend_gnutls_real_create_database; +} + +static void +g_tls_backend_gnutls_class_finalize (GTlsBackendGnutlsClass *backend_class) +{ +} + +static GTlsDatabase* +g_tls_backend_gnutls_get_default_database (GTlsBackend *backend) +{ + GTlsBackendGnutls *self = G_TLS_BACKEND_GNUTLS (backend); + GTlsBackendGnutlsPrivate *priv = g_tls_backend_gnutls_get_instance_private (self); + GTlsDatabase *result; + GError *error = NULL; + + g_mutex_lock (&priv->mutex); + + if (priv->default_database) + { + result = g_object_ref (priv->default_database); + } + else + { + g_assert (G_TLS_BACKEND_GNUTLS_GET_CLASS (self)->create_database); + result = G_TLS_BACKEND_GNUTLS_GET_CLASS (self)->create_database (self, &error); + if (error) + { + g_warning ("couldn't load TLS file database: %s", + error->message); + g_clear_error (&error); + } + else + { + g_assert (result); + priv->default_database = g_object_ref (result); + } + } + + g_mutex_unlock (&priv->mutex); + + return result; +} + +static void +g_tls_backend_gnutls_interface_init (GTlsBackendInterface *iface) +{ + iface->get_certificate_type = g_tls_certificate_gnutls_get_type; + iface->get_client_connection_type = g_tls_client_connection_gnutls_get_type; + iface->get_server_connection_type = g_tls_server_connection_gnutls_get_type; + iface->get_file_database_type = g_tls_file_database_gnutls_get_type; + iface->get_default_database = g_tls_backend_gnutls_get_default_database; + iface->get_dtls_client_connection_type = g_tls_client_connection_gnutls_get_type; + iface->get_dtls_server_connection_type = g_tls_server_connection_gnutls_get_type; +} + +/* Session cache support; all the details are sort of arbitrary. Note + * that having session_cache_cleanup() be a little bit slow isn't the + * end of the world, since it will still be faster than the network + * is. (NSS uses a linked list for its cache...) + */ + +G_LOCK_DEFINE_STATIC (session_cache_lock); +GHashTable *client_session_cache, *server_session_cache; + +#define SESSION_CACHE_MAX_SIZE 50 +#define SESSION_CACHE_MAX_AGE (60 * 60) /* one hour */ + +typedef struct { + GBytes *session_id; + GBytes *session_data; + time_t last_used; +} GTlsBackendGnutlsCacheData; + +static void +session_cache_cleanup (GHashTable *cache) +{ + GHashTableIter iter; + gpointer key, value; + GTlsBackendGnutlsCacheData *cache_data; + time_t expired = time (NULL) - SESSION_CACHE_MAX_AGE; + + g_hash_table_iter_init (&iter, cache); + while (g_hash_table_iter_next (&iter, &key, &value)) + { + cache_data = value; + if (cache_data->last_used < expired) + g_hash_table_iter_remove (&iter); + } +} + +static void +cache_data_free (gpointer data) +{ + GTlsBackendGnutlsCacheData *cache_data = data; + + g_bytes_unref (cache_data->session_id); + g_bytes_unref (cache_data->session_data); + g_slice_free (GTlsBackendGnutlsCacheData, cache_data); +} + +static GHashTable * +get_session_cache (unsigned int type, + gboolean create) +{ + GHashTable **cache_p; + + cache_p = (type == GNUTLS_CLIENT) ? &client_session_cache : &server_session_cache; + if (!*cache_p && create) + { + *cache_p = g_hash_table_new_full (g_bytes_hash, g_bytes_equal, + NULL, cache_data_free); + } + return *cache_p; +} + +void +g_tls_backend_gnutls_store_session (unsigned int type, + GBytes *session_id, + GBytes *session_data) +{ + GTlsBackendGnutlsCacheData *cache_data; + GHashTable *cache; + + G_LOCK (session_cache_lock); + + cache = get_session_cache (type, TRUE); + cache_data = g_hash_table_lookup (cache, session_id); + if (cache_data) + { + if (!g_bytes_equal (cache_data->session_data, session_data)) + { + g_bytes_unref (cache_data->session_data); + cache_data->session_data = g_bytes_ref (session_data); + } + } + else + { + if (g_hash_table_size (cache) >= SESSION_CACHE_MAX_SIZE) + session_cache_cleanup (cache); + + cache_data = g_slice_new (GTlsBackendGnutlsCacheData); + cache_data->session_id = g_bytes_ref (session_id); + cache_data->session_data = g_bytes_ref (session_data); + + g_hash_table_insert (cache, cache_data->session_id, cache_data); + } + cache_data->last_used = time (NULL); + + G_UNLOCK (session_cache_lock); +} + +void +g_tls_backend_gnutls_remove_session (unsigned int type, + GBytes *session_id) +{ + GHashTable *cache; + + G_LOCK (session_cache_lock); + + cache = get_session_cache (type, FALSE); + if (cache) + g_hash_table_remove (cache, session_id); + + G_UNLOCK (session_cache_lock); +} + +GBytes * +g_tls_backend_gnutls_lookup_session (unsigned int type, + GBytes *session_id) +{ + GTlsBackendGnutlsCacheData *cache_data; + GBytes *session_data = NULL; + GHashTable *cache; + + G_LOCK (session_cache_lock); + + cache = get_session_cache (type, FALSE); + if (cache) + { + cache_data = g_hash_table_lookup (cache, session_id); + if (cache_data) + { + cache_data->last_used = time (NULL); + session_data = g_bytes_ref (cache_data->session_data); + } + } + + G_UNLOCK (session_cache_lock); + + return session_data; +} + +void +g_tls_backend_gnutls_register (GIOModule *module) +{ + g_tls_backend_gnutls_register_type (G_TYPE_MODULE (module)); + if (module == NULL) + g_io_extension_point_register (G_TLS_BACKEND_EXTENSION_POINT_NAME); + g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME, + g_tls_backend_gnutls_get_type(), + "gnutls", + 0); +} diff --git a/tls/gnutls/gtlsbackend-gnutls.h b/tls/gnutls/gtlsbackend-gnutls.h new file mode 100644 index 0000000..09e8511 --- /dev/null +++ b/tls/gnutls/gtlsbackend-gnutls.h @@ -0,0 +1,57 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_BACKEND_GNUTLS_H__ +#define __G_TLS_BACKEND_GNUTLS_H__ + +#include +#include + +G_BEGIN_DECLS + +#define G_TYPE_TLS_BACKEND_GNUTLS (g_tls_backend_gnutls_get_type ()) + +G_DECLARE_DERIVABLE_TYPE (GTlsBackendGnutls, g_tls_backend_gnutls, G, TLS_BACKEND_GNUTLS, GObject) + +struct _GTlsBackendGnutlsClass +{ + GObjectClass parent_class; + + GTlsDatabase* (*create_database) (GTlsBackendGnutls *self, + GError **error); +}; + +void g_tls_backend_gnutls_register (GIOModule *module); + +void g_tls_backend_gnutls_store_session (unsigned int type, + GBytes *session_id, + GBytes *session_data); +void g_tls_backend_gnutls_remove_session (unsigned int type, + GBytes *session_id); +GBytes *g_tls_backend_gnutls_lookup_session (unsigned int type, + GBytes *session_id); + +G_END_DECLS + +#endif /* __G_TLS_BACKEND_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlscertificate-gnutls-pkcs11.c b/tls/gnutls/gtlscertificate-gnutls-pkcs11.c new file mode 100644 index 0000000..ae02982 --- /dev/null +++ b/tls/gnutls/gtlscertificate-gnutls-pkcs11.c @@ -0,0 +1,220 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright © 2011 Collabora Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include + +#include "gtlscertificate-gnutls.h" +#include "gtlscertificate-gnutls-pkcs11.h" + +enum +{ + PROP_0, + + PROP_CERTIFICATE_URI, + PROP_PRIVATE_KEY_URI +}; + +struct _GTlsCertificateGnutlsPkcs11 +{ + GTlsCertificateGnutls parent_instance; + + gchar *certificate_uri; + gchar *private_key_uri; +}; + +G_DEFINE_TYPE (GTlsCertificateGnutlsPkcs11, g_tls_certificate_gnutls_pkcs11, + G_TYPE_TLS_CERTIFICATE_GNUTLS); + +static void +g_tls_certificate_gnutls_pkcs11_finalize (GObject *object) +{ + GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object); + + g_free (self->certificate_uri); + g_free (self->private_key_uri); + + G_OBJECT_CLASS (g_tls_certificate_gnutls_pkcs11_parent_class)->finalize (object); +} + +static void +g_tls_certificate_gnutls_pkcs11_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object); + + switch (prop_id) + { + case PROP_CERTIFICATE_URI: + g_value_set_string (value, self->certificate_uri); + break; + case PROP_PRIVATE_KEY_URI: + g_value_set_string (value, self->private_key_uri); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_certificate_gnutls_pkcs11_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object); + + switch (prop_id) + { + case PROP_CERTIFICATE_URI: + g_free (self->certificate_uri); + self->certificate_uri = g_value_dup_string (value); + break; + case PROP_PRIVATE_KEY_URI: + g_free (self->private_key_uri); + self->private_key_uri = g_value_dup_string (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_certificate_gnutls_pkcs11_init (GTlsCertificateGnutlsPkcs11 *self) +{ +} + +static void +g_tls_certificate_gnutls_pkcs11_copy (GTlsCertificateGnutls *gnutls, + const gchar *interaction_id, + gnutls_retr2_st *st) +{ + GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (gnutls); + gchar *uri; + + st->key.x509 = NULL; + + /* Let the base class copy certificate in */ + G_TLS_CERTIFICATE_GNUTLS_CLASS (g_tls_certificate_gnutls_pkcs11_parent_class)->copy (gnutls, + interaction_id, + st); + + /* This is the allocation behavior we expect from base class */ + g_assert (st->deinit_all); + + /* If the base class somehow put a key in, then respect that */ + if (st->key.x509 == NULL) + { + uri = g_tls_certificate_gnutls_pkcs11_build_private_key_uri (self, interaction_id); + if (uri != NULL) + { + gnutls_pkcs11_privkey_init (&st->key.pkcs11); + gnutls_pkcs11_privkey_import_url (st->key.pkcs11, uri, GNUTLS_PKCS11_URL_GENERIC); + st->key_type = GNUTLS_PRIVKEY_PKCS11; + g_free (uri); + } + } +} + +static void +g_tls_certificate_gnutls_pkcs11_class_init (GTlsCertificateGnutlsPkcs11Class *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsCertificateGnutlsClass *gnutls_class = G_TLS_CERTIFICATE_GNUTLS_CLASS (klass); + + gobject_class->get_property = g_tls_certificate_gnutls_pkcs11_get_property; + gobject_class->set_property = g_tls_certificate_gnutls_pkcs11_set_property; + gobject_class->finalize = g_tls_certificate_gnutls_pkcs11_finalize; + + gnutls_class->copy = g_tls_certificate_gnutls_pkcs11_copy; + + g_object_class_install_property (gobject_class, PROP_CERTIFICATE_URI, + g_param_spec_string ("certificate-uri", "Certificate URI", + "PKCS#11 URI of Certificate", NULL, + G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property (gobject_class, PROP_PRIVATE_KEY_URI, + g_param_spec_string ("private-key-uri", "Private Key URI", + "PKCS#11 URI of Private Key", NULL, + G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); +} + +GTlsCertificate * +g_tls_certificate_gnutls_pkcs11_new (gpointer certificate_data, + gsize certificate_data_length, + const gchar *certificate_uri, + const gchar *private_key_uri, + GTlsCertificate *issuer) +{ + GTlsCertificate *certificate; + gnutls_datum_t datum; + + g_return_val_if_fail (certificate_data, NULL); + g_return_val_if_fail (certificate_uri, NULL); + + datum.data = certificate_data; + datum.size = certificate_data_length; + + certificate = g_object_new (G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, + "issuer", issuer, + "certificate-uri", certificate_uri, + "private-key-uri", private_key_uri, + NULL); + + g_tls_certificate_gnutls_set_data (G_TLS_CERTIFICATE_GNUTLS (certificate), &datum); + + return certificate; +} + +gchar * +g_tls_certificate_gnutls_pkcs11_build_certificate_uri (GTlsCertificateGnutlsPkcs11 *self, + const gchar *interaction_id) +{ + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11 (self), NULL); + if (self->certificate_uri == NULL) + return NULL; + else if (interaction_id) + return g_strdup_printf ("%s;pinfile=%s", self->certificate_uri, interaction_id); + else + return g_strdup (self->certificate_uri); +} + +gchar * +g_tls_certificate_gnutls_pkcs11_build_private_key_uri (GTlsCertificateGnutlsPkcs11 *self, + const gchar *interaction_id) +{ + if (self->private_key_uri == NULL) + return NULL; + else if (interaction_id) + return g_strdup_printf ("%s;pinfile=%s", self->private_key_uri, interaction_id); + else + return g_strdup (self->private_key_uri); +} diff --git a/tls/gnutls/gtlscertificate-gnutls-pkcs11.h b/tls/gnutls/gtlscertificate-gnutls-pkcs11.h new file mode 100644 index 0000000..f19b18e --- /dev/null +++ b/tls/gnutls/gtlscertificate-gnutls-pkcs11.h @@ -0,0 +1,55 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Certificate, Output and Gnutlsing Library + * + * Copyright © 2011 Collabora Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_TLS_CERTIFICATE_GNUTLS_PKCS11_H__ +#define __G_TLS_CERTIFICATE_GNUTLS_PKCS11_H__ + +#include +#include + +#include "gtlscertificate-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11 (g_tls_certificate_gnutls_pkcs11_get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsCertificateGnutlsPkcs11, g_tls_certificate_gnutls_pkcs11, G, TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutls) + +GTlsCertificate * g_tls_certificate_gnutls_pkcs11_new (gpointer certificate_der, + gsize certificate_der_length, + const gchar *certificate_uri, + const gchar *private_key_uri, + GTlsCertificate *issuer); + +gchar * g_tls_certificate_gnutls_pkcs11_build_certificate_uri (GTlsCertificateGnutlsPkcs11 *self, + const gchar *interaction_id); + +gchar * g_tls_certificate_gnutls_pkcs11_build_private_key_uri (GTlsCertificateGnutlsPkcs11 *self, + const gchar *interaction_id); + +G_END_DECLS + +#endif /* __G_TLS_CERTIFICATE_GNUTLS_PKCS11_H___ */ diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c new file mode 100644 index 0000000..b4263c8 --- /dev/null +++ b/tls/gnutls/gtlscertificate-gnutls.c @@ -0,0 +1,792 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2009 Red Hat, Inc + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" + +#include +#include +#include + +#include "gtlscertificate-gnutls.h" +#include + +enum +{ + PROP_0, + + PROP_CERTIFICATE, + PROP_CERTIFICATE_PEM, + PROP_PRIVATE_KEY, + PROP_PRIVATE_KEY_PEM, + PROP_ISSUER +}; + +typedef struct +{ + gnutls_x509_crt_t cert; + gnutls_x509_privkey_t key; + + GTlsCertificateGnutls *issuer; + + GError *construct_error; + + guint have_cert : 1; + guint have_key : 1; +} GTlsCertificateGnutlsPrivate; + +static void g_tls_certificate_gnutls_initable_iface_init (GInitableIface *iface); + +G_DEFINE_TYPE_WITH_CODE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G_TYPE_TLS_CERTIFICATE, + G_ADD_PRIVATE (GTlsCertificateGnutls); + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, + g_tls_certificate_gnutls_initable_iface_init);) + +static void +g_tls_certificate_gnutls_finalize (GObject *object) +{ + GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object); + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + gnutls_x509_crt_deinit (priv->cert); + if (priv->key) + gnutls_x509_privkey_deinit (priv->key); + + if (priv->issuer) + g_object_unref (priv->issuer); + + g_clear_error (&priv->construct_error); + + G_OBJECT_CLASS (g_tls_certificate_gnutls_parent_class)->finalize (object); +} + +static void +g_tls_certificate_gnutls_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object); + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + GByteArray *certificate; + char *certificate_pem; + int status; + size_t size; + + switch (prop_id) + { + case PROP_CERTIFICATE: + size = 0; + status = gnutls_x509_crt_export (priv->cert, + GNUTLS_X509_FMT_DER, + NULL, &size); + if (status != GNUTLS_E_SHORT_MEMORY_BUFFER) + certificate = NULL; + else + { + certificate = g_byte_array_sized_new (size); + certificate->len = size; + status = gnutls_x509_crt_export (priv->cert, + GNUTLS_X509_FMT_DER, + certificate->data, &size); + if (status != 0) + { + g_byte_array_free (certificate, TRUE); + certificate = NULL; + } + } + g_value_take_boxed (value, certificate); + break; + + case PROP_CERTIFICATE_PEM: + size = 0; + status = gnutls_x509_crt_export (priv->cert, + GNUTLS_X509_FMT_PEM, + NULL, &size); + if (status != GNUTLS_E_SHORT_MEMORY_BUFFER) + certificate_pem = NULL; + else + { + certificate_pem = g_malloc (size); + status = gnutls_x509_crt_export (priv->cert, + GNUTLS_X509_FMT_PEM, + certificate_pem, &size); + if (status != 0) + { + g_free (certificate_pem); + certificate_pem = NULL; + } + } + g_value_take_string (value, certificate_pem); + break; + + case PROP_ISSUER: + g_value_set_object (value, priv->issuer); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_certificate_gnutls_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object); + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + GByteArray *bytes; + const char *string; + gnutls_datum_t data; + int status; + + switch (prop_id) + { + case PROP_CERTIFICATE: + bytes = g_value_get_boxed (value); + if (!bytes) + break; + g_return_if_fail (priv->have_cert == FALSE); + data.data = bytes->data; + data.size = bytes->len; + status = gnutls_x509_crt_import (priv->cert, &data, + GNUTLS_X509_FMT_DER); + if (status == 0) + priv->have_cert = TRUE; + else if (!priv->construct_error) + { + priv->construct_error = + g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Could not parse DER certificate: %s"), + gnutls_strerror (status)); + } + + break; + + case PROP_CERTIFICATE_PEM: + string = g_value_get_string (value); + if (!string) + break; + g_return_if_fail (priv->have_cert == FALSE); + data.data = (void *)string; + data.size = strlen (string); + status = gnutls_x509_crt_import (priv->cert, &data, + GNUTLS_X509_FMT_PEM); + if (status == 0) + priv->have_cert = TRUE; + else if (!priv->construct_error) + { + priv->construct_error = + g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Could not parse PEM certificate: %s"), + gnutls_strerror (status)); + } + break; + + case PROP_PRIVATE_KEY: + bytes = g_value_get_boxed (value); + if (!bytes) + break; + g_return_if_fail (priv->have_key == FALSE); + data.data = bytes->data; + data.size = bytes->len; + if (!priv->key) + gnutls_x509_privkey_init (&priv->key); + status = gnutls_x509_privkey_import (priv->key, &data, + GNUTLS_X509_FMT_DER); + if (status != 0) + { + int pkcs8_status = + gnutls_x509_privkey_import_pkcs8 (priv->key, &data, + GNUTLS_X509_FMT_DER, NULL, + GNUTLS_PKCS_PLAIN); + if (pkcs8_status == 0) + status = 0; + } + if (status == 0) + priv->have_key = TRUE; + else if (!priv->construct_error) + { + priv->construct_error = + g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Could not parse DER private key: %s"), + gnutls_strerror (status)); + } + break; + + case PROP_PRIVATE_KEY_PEM: + string = g_value_get_string (value); + if (!string) + break; + g_return_if_fail (priv->have_key == FALSE); + data.data = (void *)string; + data.size = strlen (string); + if (!priv->key) + gnutls_x509_privkey_init (&priv->key); + status = gnutls_x509_privkey_import (priv->key, &data, + GNUTLS_X509_FMT_PEM); + if (status != 0) + { + int pkcs8_status = + gnutls_x509_privkey_import_pkcs8 (priv->key, &data, + GNUTLS_X509_FMT_PEM, NULL, + GNUTLS_PKCS_PLAIN); + if (pkcs8_status == 0) + status = 0; + } + if (status == 0) + priv->have_key = TRUE; + else if (!priv->construct_error) + { + priv->construct_error = + g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Could not parse PEM private key: %s"), + gnutls_strerror (status)); + } + break; + + case PROP_ISSUER: + priv->issuer = g_value_dup_object (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_certificate_gnutls_init (GTlsCertificateGnutls *gnutls) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + gnutls_x509_crt_init (&priv->cert); +} + +static gboolean +g_tls_certificate_gnutls_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (initable); + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + if (priv->construct_error) + { + g_propagate_error (error, priv->construct_error); + priv->construct_error = NULL; + return FALSE; + } + else if (!priv->have_cert) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("No certificate data provided")); + return FALSE; + } + else + return TRUE; +} + +static GTlsCertificateFlags +g_tls_certificate_gnutls_verify (GTlsCertificate *cert, + GSocketConnectable *identity, + GTlsCertificate *trusted_ca) +{ + GTlsCertificateGnutls *cert_gnutls; + guint num_certs, i; + gnutls_x509_crt_t *chain; + GTlsCertificateFlags gtls_flags; + time_t t, now; + + cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert); + num_certs = 0; + do + { + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (cert_gnutls); + cert_gnutls = priv->issuer; + num_certs++; + } + while (cert_gnutls); + + chain = g_new (gnutls_x509_crt_t, num_certs); + cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert); + for (i = 0; i < num_certs; i++) + { + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (cert_gnutls); + chain[i] = priv->cert; + cert_gnutls = priv->issuer; + } + g_assert (!cert_gnutls); + + if (trusted_ca) + { + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (G_TLS_CERTIFICATE_GNUTLS (trusted_ca)); + gnutls_x509_crt_t ca; + guint gnutls_flags; + int status; + + ca = priv->cert; + status = gnutls_x509_crt_list_verify (chain, num_certs, + &ca, 1, + NULL, 0, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, + &gnutls_flags); + if (status != 0) + { + g_free (chain); + return G_TLS_CERTIFICATE_GENERIC_ERROR; + } + + gtls_flags = g_tls_certificate_gnutls_convert_flags (gnutls_flags); + } + else + gtls_flags = 0; + + /* We have to check these ourselves since gnutls_x509_crt_list_verify + * won't bother if it gets an UNKNOWN_CA. + */ + now = time (NULL); + for (i = 0; i < num_certs; i++) + { + t = gnutls_x509_crt_get_activation_time (chain[i]); + if (t == (time_t) -1 || t > now) + gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED; + + t = gnutls_x509_crt_get_expiration_time (chain[i]); + if (t == (time_t) -1 || t < now) + gtls_flags |= G_TLS_CERTIFICATE_EXPIRED; + } + + g_free (chain); + + if (identity) + gtls_flags |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (cert), identity); + + return gtls_flags; +} + +static void +g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls *gnutls, + const gchar *interaction_id, + gnutls_retr2_st *st) +{ + GTlsCertificateGnutls *chain; + gnutls_x509_crt_t cert; + gnutls_datum_t data; + guint num_certs = 0; + size_t size = 0; + int status; + + /* We will do this loop twice. It's probably more efficient than + * re-allocating memory. + */ + chain = gnutls; + while (chain != NULL) + { + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (chain); + num_certs++; + chain = priv->issuer; + } + + st->ncerts = 0; + st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t) * num_certs); + + /* Now do the actual copy of the whole chain. */ + chain = gnutls; + while (chain != NULL) + { + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (chain); + + gnutls_x509_crt_export (priv->cert, GNUTLS_X509_FMT_DER, + NULL, &size); + data.data = g_malloc (size); + data.size = size; + gnutls_x509_crt_export (priv->cert, GNUTLS_X509_FMT_DER, + data.data, &size); + + gnutls_x509_crt_init (&cert); + status = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER); + g_warn_if_fail (status == 0); + g_free (data.data); + + st->cert.x509[st->ncerts] = cert; + st->ncerts++; + + chain = priv->issuer; + } + + { + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + if (priv->key != NULL) + { + gnutls_x509_privkey_init (&st->key.x509); + gnutls_x509_privkey_cpy (st->key.x509, priv->key); + st->key_type = GNUTLS_PRIVKEY_X509; + } + } + + st->deinit_all = TRUE; +} + +static void +g_tls_certificate_gnutls_class_init (GTlsCertificateGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsCertificateClass *certificate_class = G_TLS_CERTIFICATE_CLASS (klass); + + gobject_class->get_property = g_tls_certificate_gnutls_get_property; + gobject_class->set_property = g_tls_certificate_gnutls_set_property; + gobject_class->finalize = g_tls_certificate_gnutls_finalize; + + certificate_class->verify = g_tls_certificate_gnutls_verify; + + klass->copy = g_tls_certificate_gnutls_real_copy; + + g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate"); + g_object_class_override_property (gobject_class, PROP_CERTIFICATE_PEM, "certificate-pem"); + g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key"); + g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem"); + g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer"); +} + +static void +g_tls_certificate_gnutls_initable_iface_init (GInitableIface *iface) +{ + iface->init = g_tls_certificate_gnutls_initable_init; +} + +GTlsCertificate * +g_tls_certificate_gnutls_new (const gnutls_datum_t *datum, + GTlsCertificate *issuer) +{ + GTlsCertificateGnutls *gnutls; + + gnutls = g_object_new (G_TYPE_TLS_CERTIFICATE_GNUTLS, + "issuer", issuer, + NULL); + g_tls_certificate_gnutls_set_data (gnutls, datum); + + return G_TLS_CERTIFICATE (gnutls); +} + +void +g_tls_certificate_gnutls_set_data (GTlsCertificateGnutls *gnutls, + const gnutls_datum_t *datum) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls)); + g_return_if_fail (!priv->have_cert); + + if (gnutls_x509_crt_import (priv->cert, datum, + GNUTLS_X509_FMT_DER) == 0) + priv->have_cert = TRUE; +} + +const gnutls_x509_crt_t +g_tls_certificate_gnutls_get_cert (GTlsCertificateGnutls *gnutls) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + return priv->cert; +} + +gboolean +g_tls_certificate_gnutls_has_key (GTlsCertificateGnutls *gnutls) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + return priv->have_key; +} + +void +g_tls_certificate_gnutls_copy (GTlsCertificateGnutls *gnutls, + const gchar *interaction_id, + gnutls_retr2_st *st) +{ + g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls)); + g_return_if_fail (st != NULL); + g_return_if_fail (G_TLS_CERTIFICATE_GNUTLS_GET_CLASS (gnutls)->copy); + G_TLS_CERTIFICATE_GNUTLS_GET_CLASS (gnutls)->copy (gnutls, interaction_id, st); +} + +static const struct { + int gnutls_flag; + GTlsCertificateFlags gtls_flag; +} flags_map[] = { + { GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_SIGNER_NOT_CA, G_TLS_CERTIFICATE_UNKNOWN_CA }, + { GNUTLS_CERT_NOT_ACTIVATED, G_TLS_CERTIFICATE_NOT_ACTIVATED }, + { GNUTLS_CERT_EXPIRED, G_TLS_CERTIFICATE_EXPIRED }, + { GNUTLS_CERT_REVOKED, G_TLS_CERTIFICATE_REVOKED }, + { GNUTLS_CERT_INSECURE_ALGORITHM, G_TLS_CERTIFICATE_INSECURE }, + { GNUTLS_CERT_UNEXPECTED_OWNER, G_TLS_CERTIFICATE_BAD_IDENTITY } +}; +static const int flags_map_size = G_N_ELEMENTS (flags_map); + +GTlsCertificateFlags +g_tls_certificate_gnutls_convert_flags (guint gnutls_flags) +{ + int i; + GTlsCertificateFlags gtls_flags; + + /* Convert GNUTLS status to GTlsCertificateFlags. GNUTLS sets + * GNUTLS_CERT_INVALID if it sets any other flag, so we want to + * strip that out unless it's the only flag set. Then we convert + * specific flags we recognize, and if there are any flags left over + * at the end, we add G_TLS_CERTIFICATE_GENERIC_ERROR. + */ + gtls_flags = 0; + + if (gnutls_flags != GNUTLS_CERT_INVALID) + gnutls_flags = gnutls_flags & ~GNUTLS_CERT_INVALID; + for (i = 0; i < flags_map_size && gnutls_flags != 0; i++) + { + if (gnutls_flags & flags_map[i].gnutls_flag) + { + gnutls_flags &= ~flags_map[i].gnutls_flag; + gtls_flags |= flags_map[i].gtls_flag; + } + } + if (gnutls_flags) + gtls_flags |= G_TLS_CERTIFICATE_GENERIC_ERROR; + + return gtls_flags; +} + +static gboolean +verify_identity_hostname (GTlsCertificateGnutls *gnutls, + GSocketConnectable *identity) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + const char *hostname; + + if (G_IS_NETWORK_ADDRESS (identity)) + hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity)); + else if (G_IS_NETWORK_SERVICE (identity)) + hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity)); + else + return FALSE; + + return gnutls_x509_crt_check_hostname (priv->cert, hostname); +} + +static gboolean +verify_identity_ip (GTlsCertificateGnutls *gnutls, + GSocketConnectable *identity) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + GInetAddress *addr; + int i, ret = 0; + gsize addr_size; + const guint8 *addr_bytes; + + if (G_IS_INET_SOCKET_ADDRESS (identity)) + addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity))); + else { + const char *hostname; + + if (G_IS_NETWORK_ADDRESS (identity)) + hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity)); + else if (G_IS_NETWORK_SERVICE (identity)) + hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity)); + else + return FALSE; + + addr = g_inet_address_new_from_string (hostname); + if (!addr) + return FALSE; + } + + addr_bytes = g_inet_address_to_bytes (addr); + addr_size = g_inet_address_get_native_size (addr); + + for (i = 0; ret >= 0; i++) + { + char san[500]; + size_t san_size; + + san_size = sizeof (san); + ret = gnutls_x509_crt_get_subject_alt_name (priv->cert, i, + san, &san_size, NULL); + + if ((ret == GNUTLS_SAN_IPADDRESS) && (addr_size == san_size)) + { + if (memcmp (addr_bytes, san, addr_size) == 0) + { + g_object_unref (addr); + return TRUE; + } + } + } + + g_object_unref (addr); + return FALSE; +} + +GTlsCertificateFlags +g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls, + GSocketConnectable *identity) +{ + if (verify_identity_hostname (gnutls, identity)) + return 0; + else if (verify_identity_ip (gnutls, identity)) + return 0; + + /* FIXME: check sRVName and uniformResourceIdentifier + * subjectAltNames, if appropriate for @identity. + */ + + return G_TLS_CERTIFICATE_BAD_IDENTITY; +} + +void +g_tls_certificate_gnutls_set_issuer (GTlsCertificateGnutls *gnutls, + GTlsCertificateGnutls *issuer) +{ + GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls); + + g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls)); + g_return_if_fail (!issuer || G_IS_TLS_CERTIFICATE_GNUTLS (issuer)); + + if (issuer) + g_object_ref (issuer); + if (priv->issuer) + g_object_unref (priv->issuer); + priv->issuer = issuer; + g_object_notify (G_OBJECT (gnutls), "issuer"); +} + +GBytes * +g_tls_certificate_gnutls_get_bytes (GTlsCertificateGnutls *gnutls) +{ + GByteArray *array; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls), NULL); + + g_object_get (gnutls, "certificate", &array, NULL); + return g_byte_array_free_to_bytes (array); +} + +static gnutls_x509_crt_t * +convert_data_to_gnutls_certs (const gnutls_datum_t *certs, + guint num_certs, + gnutls_x509_crt_fmt_t format) +{ + gnutls_x509_crt_t *gnutls_certs; + guint i; + + gnutls_certs = g_new (gnutls_x509_crt_t, num_certs); + + for (i = 0; i < num_certs; i++) + { + if (gnutls_x509_crt_init (&gnutls_certs[i]) < 0) + { + i--; + goto error; + } + } + + for (i = 0; i < num_certs; i++) + { + if (gnutls_x509_crt_import (gnutls_certs[i], &certs[i], format) < 0) + { + i = num_certs - 1; + goto error; + } + } + + return gnutls_certs; + +error: + for (; i != G_MAXUINT; i--) + gnutls_x509_crt_deinit (gnutls_certs[i]); + g_free (gnutls_certs); + return NULL; +} + +GTlsCertificateGnutls * +g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs, + guint num_certs, + gnutls_x509_crt_fmt_t format) +{ + GPtrArray *glib_certs; + gnutls_x509_crt_t *gnutls_certs; + GTlsCertificateGnutls *issuer; + GTlsCertificateGnutls *result; + guint i, j; + + g_return_val_if_fail (certs, NULL); + + gnutls_certs = convert_data_to_gnutls_certs (certs, num_certs, format); + if (!gnutls_certs) + return NULL; + + glib_certs = g_ptr_array_new_full (num_certs, g_object_unref); + for (i = 0; i < num_certs; i++) + g_ptr_array_add (glib_certs, g_tls_certificate_gnutls_new (&certs[i], NULL)); + + /* Some servers send certs out of order, or will send duplicate + * certs, so we need to be careful when assigning the issuer of + * our new GTlsCertificateGnutls. + */ + for (i = 0; i < num_certs; i++) + { + issuer = NULL; + + /* Check if the cert issued itself */ + if (gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i])) + continue; + + if (i < num_certs - 1 && + gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i + 1])) + { + issuer = glib_certs->pdata[i + 1]; + } + else + { + for (j = 0; j < num_certs; j++) + { + if (j != i && + gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[j])) + { + issuer = glib_certs->pdata[j]; + break; + } + } + } + + if (issuer) + g_tls_certificate_gnutls_set_issuer (glib_certs->pdata[i], issuer); + } + + result = g_object_ref (glib_certs->pdata[0]); + g_ptr_array_unref (glib_certs); + + for (i = 0; i < num_certs; i++) + gnutls_x509_crt_deinit (gnutls_certs[i]); + g_free (gnutls_certs); + + return result; +} diff --git a/tls/gnutls/gtlscertificate-gnutls.h b/tls/gnutls/gtlscertificate-gnutls.h new file mode 100644 index 0000000..a6450ec --- /dev/null +++ b/tls/gnutls/gtlscertificate-gnutls.h @@ -0,0 +1,77 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_CERTIFICATE_GNUTLS_H__ +#define __G_TLS_CERTIFICATE_GNUTLS_H__ + +#include +#include + +G_BEGIN_DECLS + +#define G_TYPE_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_gnutls_get_type ()) + +G_DECLARE_DERIVABLE_TYPE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G, TLS_CERTIFICATE_GNUTLS, GTlsCertificate) + +struct _GTlsCertificateGnutlsClass +{ + GTlsCertificateClass parent_class; + + void (*copy) (GTlsCertificateGnutls *gnutls, + const gchar *interaction_id, + gnutls_retr2_st *st); +}; + +GTlsCertificate * g_tls_certificate_gnutls_new (const gnutls_datum_t *datum, + GTlsCertificate *issuer); + +GBytes * g_tls_certificate_gnutls_get_bytes (GTlsCertificateGnutls *gnutls); + +void g_tls_certificate_gnutls_set_data (GTlsCertificateGnutls *gnutls, + const gnutls_datum_t *datum); + +const gnutls_x509_crt_t g_tls_certificate_gnutls_get_cert (GTlsCertificateGnutls *gnutls); +gboolean g_tls_certificate_gnutls_has_key (GTlsCertificateGnutls *gnutls); + +void g_tls_certificate_gnutls_copy (GTlsCertificateGnutls *gnutls, + const gchar *interaction_id, + gnutls_retr2_st *st); + +GTlsCertificateFlags g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls, + GSocketConnectable *identity); + +GTlsCertificateFlags g_tls_certificate_gnutls_convert_flags (guint gnutls_flags); + +void g_tls_certificate_gnutls_set_issuer (GTlsCertificateGnutls *gnutls, + GTlsCertificateGnutls *issuer); + +GTlsCertificateGnutls* g_tls_certificate_gnutls_steal_issuer (GTlsCertificateGnutls *gnutls); + +GTlsCertificateGnutls* g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs, + guint num_certs, + gnutls_x509_crt_fmt_t format); + +G_END_DECLS + +#endif /* __G_TLS_CERTIFICATE_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c new file mode 100644 index 0000000..97cb821 --- /dev/null +++ b/tls/gnutls/gtlsclientconnection-gnutls.c @@ -0,0 +1,489 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" +#include "glib.h" + +#include +#include +#include +#include + +#include "gtlsclientconnection-gnutls.h" +#include "gtlsbackend-gnutls.h" +#include "gtlscertificate-gnutls.h" +#include + +enum +{ + PROP_0, + PROP_VALIDATION_FLAGS, + PROP_SERVER_IDENTITY, + PROP_USE_SSL3, + PROP_ACCEPTED_CAS +}; + +struct _GTlsClientConnectionGnutls +{ + GTlsConnectionGnutls parent_instance; + + GTlsCertificateFlags validation_flags; + GSocketConnectable *server_identity; + gboolean use_ssl3; + gboolean session_data_override; + + GBytes *session_id; + GBytes *session_data; + + gboolean cert_requested; + GError *cert_error; + GPtrArray *accepted_cas; +}; + +static void g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface); + +static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface); +static void g_tls_client_connection_gnutls_dtls_client_connection_interface_init (GDtlsClientConnectionInterface *iface); + +static int g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_retr2_st *st); + +static GInitableIface *g_tls_client_connection_gnutls_parent_initable_iface; + +G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS, + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, + g_tls_client_connection_gnutls_initable_interface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION, + g_tls_client_connection_gnutls_client_connection_interface_init); + G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CLIENT_CONNECTION, + g_tls_client_connection_gnutls_dtls_client_connection_interface_init)); + + +static void +g_tls_client_connection_gnutls_init (GTlsClientConnectionGnutls *gnutls) +{ + gnutls_certificate_credentials_t creds; + + creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls)); + gnutls_certificate_set_retrieve_function (creds, g_tls_client_connection_gnutls_retrieve_function); +} + +static const gchar * +get_server_identity (GTlsClientConnectionGnutls *gnutls) +{ + if (G_IS_NETWORK_ADDRESS (gnutls->server_identity)) + return g_network_address_get_hostname (G_NETWORK_ADDRESS (gnutls->server_identity)); + else if (G_IS_NETWORK_SERVICE (gnutls->server_identity)) + return g_network_service_get_domain (G_NETWORK_SERVICE (gnutls->server_identity)); + else + return NULL; +} + +static void +g_tls_client_connection_gnutls_compute_session_id (GTlsClientConnectionGnutls *gnutls) +{ + GSocketConnection *base_conn; + GSocketAddress *remote_addr; + GInetAddress *iaddr; + guint port; + + /* Create a TLS session ID. We base it on the IP address since + * different hosts serving the same hostname/service will probably + * not share the same session cache. We base it on the + * server-identity because at least some servers will fail (rather + * than just failing to resume the session) if we don't. + * (https://bugs.launchpad.net/bugs/823325) + */ + g_object_get (G_OBJECT (gnutls), "base-io-stream", &base_conn, NULL); + if (G_IS_SOCKET_CONNECTION (base_conn)) + { + remote_addr = g_socket_connection_get_remote_address (base_conn, NULL); + if (G_IS_INET_SOCKET_ADDRESS (remote_addr)) + { + GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr); + const gchar *server_hostname; + gchar *addrstr, *session_id; + GTlsCertificate *cert = NULL; + gchar *cert_hash = NULL; + + iaddr = g_inet_socket_address_get_address (isaddr); + port = g_inet_socket_address_get_port (isaddr); + + addrstr = g_inet_address_to_string (iaddr); + server_hostname = get_server_identity (gnutls); + + /* If we have a certificate, make its hash part of the session ID, so + * that different connections to the same server can use different + * certificates. */ + g_object_get (G_OBJECT (gnutls), "certificate", &cert, NULL); + if (cert) + { + GByteArray *der = NULL; + g_object_get (G_OBJECT (cert), "certificate", &der, NULL); + if (der) + { + cert_hash = g_compute_checksum_for_data (G_CHECKSUM_SHA256, der->data, der->len); + g_byte_array_unref (der); + } + g_object_unref (cert); + } + session_id = g_strdup_printf ("%s/%s/%d/%s", addrstr, + server_hostname ? server_hostname : "", + port, + cert_hash ?: ""); + gnutls->session_id = g_bytes_new_take (session_id, strlen (session_id)); + g_free (addrstr); + g_free (cert_hash); + } + g_object_unref (remote_addr); + } + g_clear_object (&base_conn); +} + +static void +g_tls_client_connection_gnutls_finalize (GObject *object) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object); + + g_clear_object (&gnutls->server_identity); + g_clear_pointer (&gnutls->accepted_cas, g_ptr_array_unref); + g_clear_pointer (&gnutls->session_id, g_bytes_unref); + g_clear_pointer (&gnutls->session_data, g_bytes_unref); + g_clear_error (&gnutls->cert_error); + + G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->finalize (object); +} + +static gboolean +g_tls_client_connection_gnutls_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable); + gnutls_session_t session; + const gchar *hostname; + + if (!g_tls_client_connection_gnutls_parent_initable_iface-> + init (initable, cancellable, error)) + return FALSE; + + session = g_tls_connection_gnutls_get_session (gnutls); + hostname = get_server_identity (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls)); + if (hostname) + { + gnutls_server_name_set (session, GNUTLS_NAME_DNS, + hostname, strlen (hostname)); + } + + return TRUE; +} + +static void +g_tls_client_connection_gnutls_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object); + GList *accepted_cas; + gint i; + + switch (prop_id) + { + case PROP_VALIDATION_FLAGS: + g_value_set_flags (value, gnutls->validation_flags); + break; + + case PROP_SERVER_IDENTITY: + g_value_set_object (value, gnutls->server_identity); + break; + + case PROP_USE_SSL3: + g_value_set_boolean (value, gnutls->use_ssl3); + break; + + case PROP_ACCEPTED_CAS: + accepted_cas = NULL; + if (gnutls->accepted_cas) + { + for (i = 0; i < gnutls->accepted_cas->len; ++i) + { + accepted_cas = g_list_prepend (accepted_cas, g_byte_array_ref ( + gnutls->accepted_cas->pdata[i])); + } + accepted_cas = g_list_reverse (accepted_cas); + } + g_value_set_pointer (value, accepted_cas); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_client_connection_gnutls_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object); + const char *hostname; + + switch (prop_id) + { + case PROP_VALIDATION_FLAGS: + gnutls->validation_flags = g_value_get_flags (value); + break; + + case PROP_SERVER_IDENTITY: + if (gnutls->server_identity) + g_object_unref (gnutls->server_identity); + gnutls->server_identity = g_value_dup_object (value); + + hostname = get_server_identity (gnutls); + if (hostname) + { + gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls)); + + /* This will only be triggered if the identity is set after + * initialization */ + if (session) + { + gnutls_server_name_set (session, GNUTLS_NAME_DNS, + hostname, strlen (hostname)); + } + } + break; + + case PROP_USE_SSL3: + gnutls->use_ssl3 = g_value_get_boolean (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static int +g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_retr2_st *st) +{ + GTlsClientConnectionGnutls *gnutls = gnutls_transport_get_ptr (session); + GTlsConnectionGnutls *conn = G_TLS_CONNECTION_GNUTLS (gnutls); + GPtrArray *accepted_cas; + GByteArray *dn; + int i; + + gnutls->cert_requested = TRUE; + + accepted_cas = g_ptr_array_new_with_free_func ((GDestroyNotify)g_byte_array_unref); + for (i = 0; i < nreqs; i++) + { + dn = g_byte_array_new (); + g_byte_array_append (dn, req_ca_rdn[i].data, req_ca_rdn[i].size); + g_ptr_array_add (accepted_cas, dn); + } + + if (gnutls->accepted_cas) + g_ptr_array_unref (gnutls->accepted_cas); + gnutls->accepted_cas = accepted_cas; + g_object_notify (G_OBJECT (gnutls), "accepted-cas"); + + g_tls_connection_gnutls_get_certificate (conn, st); + + if (st->ncerts == 0) + { + g_clear_error (&gnutls->cert_error); + if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->cert_error)) + g_tls_connection_gnutls_get_certificate (conn, st); + } + + return 0; +} + +static void +g_tls_client_connection_gnutls_failed (GTlsConnectionGnutls *conn) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn); + + gnutls->session_data_override = FALSE; + g_clear_pointer (&gnutls->session_data, g_bytes_unref); + if (gnutls->session_id) + g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id); +} + +static void +g_tls_client_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn); + + g_tls_client_connection_gnutls_compute_session_id (gnutls); + + /* Try to get a cached session */ + if (gnutls->session_data_override) + { + gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn), + g_bytes_get_data (gnutls->session_data, NULL), + g_bytes_get_size (gnutls->session_data)); + } + else if (gnutls->session_id) + { + GBytes *session_data; + + session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_CLIENT, gnutls->session_id); + if (session_data) + { + gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn), + g_bytes_get_data (session_data, NULL), + g_bytes_get_size (session_data)); + g_clear_pointer (&gnutls->session_data, g_bytes_unref); + gnutls->session_data = session_data; + } + } + + gnutls->cert_requested = FALSE; +} + +static void +g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls *conn, + GError **inout_error) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn); + int resumed; + + g_assert (inout_error != NULL); + + if (g_error_matches (*inout_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS) && + gnutls->cert_requested) + { + g_clear_error (inout_error); + if (gnutls->cert_error) + { + *inout_error = gnutls->cert_error; + gnutls->cert_error = NULL; + } + else + { + g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, + _("Server required TLS certificate")); + } + } + + resumed = gnutls_session_is_resumed (g_tls_connection_gnutls_get_session (conn)); + if (*inout_error || !resumed) + { + /* Clear session data since the server did not accept what we provided. */ + gnutls->session_data_override = FALSE; + g_clear_pointer (&gnutls->session_data, g_bytes_unref); + if (gnutls->session_id) + g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id); + } + + if (!*inout_error && !resumed) + { + gnutls_datum_t session_datum; + + if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn), + &session_datum) == 0) + { + gnutls->session_data = g_bytes_new_with_free_func (session_datum.data, + session_datum.size, + (GDestroyNotify)gnutls_free, + session_datum.data); + + if (gnutls->session_id) + g_tls_backend_gnutls_store_session (GNUTLS_CLIENT, + gnutls->session_id, + gnutls->session_data); + } + } +} + +static void +g_tls_client_connection_gnutls_copy_session_state (GTlsClientConnection *conn, + GTlsClientConnection *source) +{ + GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn); + GTlsClientConnectionGnutls *gnutls_source = G_TLS_CLIENT_CONNECTION_GNUTLS (source); + + if (gnutls_source->session_data) + { + gnutls->session_data_override = TRUE; + gnutls->session_data = g_bytes_ref (gnutls_source->session_data); + + if (gnutls->session_id) + g_tls_backend_gnutls_store_session (GNUTLS_CLIENT, + gnutls->session_id, + gnutls->session_data); + } +} + +static void +g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass); + + gobject_class->get_property = g_tls_client_connection_gnutls_get_property; + gobject_class->set_property = g_tls_client_connection_gnutls_set_property; + gobject_class->finalize = g_tls_client_connection_gnutls_finalize; + + connection_gnutls_class->failed = g_tls_client_connection_gnutls_failed; + connection_gnutls_class->begin_handshake = g_tls_client_connection_gnutls_begin_handshake; + connection_gnutls_class->finish_handshake = g_tls_client_connection_gnutls_finish_handshake; + + g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags"); + g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity"); + g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3"); + g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas"); +} + +static void +g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface) +{ + iface->copy_session_state = g_tls_client_connection_gnutls_copy_session_state; +} + +static void +g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface) +{ + g_tls_client_connection_gnutls_parent_initable_iface = g_type_interface_peek_parent (iface); + + iface->init = g_tls_client_connection_gnutls_initable_init; +} + +static void +g_tls_client_connection_gnutls_dtls_client_connection_interface_init (GDtlsClientConnectionInterface *iface) +{ + /* Nothing here. */ +} diff --git a/tls/gnutls/gtlsclientconnection-gnutls.h b/tls/gnutls/gtlsclientconnection-gnutls.h new file mode 100644 index 0000000..87b88fc --- /dev/null +++ b/tls/gnutls/gtlsclientconnection-gnutls.h @@ -0,0 +1,38 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_CLIENT_CONNECTION_GNUTLS_H__ +#define __G_TLS_CLIENT_CONNECTION_GNUTLS_H__ + +#include "gtlsconnection-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS (g_tls_client_connection_gnutls_get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G, TLS_CLIENT_CONNECTION_GNUTLS, GTlsConnectionGnutls) + +G_END_DECLS + +#endif /* __G_TLS_CLIENT_CONNECTION_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c new file mode 100644 index 0000000..5c061f7 --- /dev/null +++ b/tls/gnutls/gtlsconnection-gnutls.c @@ -0,0 +1,2936 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2009 Red Hat, Inc + * Copyright 2015, 2016 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" +#include "glib.h" + +#include +#include +#include +#include +#include + +#include "gtlsconnection-gnutls.h" +#include "gtlsbackend-gnutls.h" +#include "gtlscertificate-gnutls.h" +#include "gtlsclientconnection-gnutls.h" +#include "gtlsinputstream-gnutls.h" +#include "gtlsoutputstream-gnutls.h" +#include "gtlsserverconnection-gnutls.h" + +#ifdef HAVE_PKCS11 +#include +#include "pkcs11/gpkcs11pin.h" +#endif + +#ifdef G_OS_WIN32 +#include +#include + +/* It isn’t clear whether MinGW always defines EMSGSIZE. */ +#ifndef EMSGSIZE +#define EMSGSIZE WSAEMSGSIZE +#endif +#endif + +#include + +/* + * GTlsConnectionGnutls is the base abstract implementation of TLS and DTLS + * support, for both the client and server side of a connection. The choice + * between TLS and DTLS is made by setting the base-io-stream or + * base-socket properties — exactly one of them must be set at + * construction time. + * + * Client and server specific code is in the GTlsClientConnectionGnutls and + * GTlsServerConnectionGnutls concrete subclasses, although the line about where + * code is put is a little blurry, and there are various places in + * GTlsConnectionGnutls which check G_IS_TLS_CLIENT_CONNECTION(self) to switch + * to a client-only code path. + * + * This abstract class implements a lot of interfaces: + * • Derived from GTlsConnection (itself from GIOStream), for TLS and streaming + * communications. + * • Implements GDtlsConnection and GDatagramBased, for DTLS and datagram + * communications. + * • Implements GInitable for failable GnuTLS initialisation. + * + * The GTlsClientConnectionGnutls and GTlsServerConnectionGnutls subclasses are + * both derived from GTlsConnectionGnutls (and hence GIOStream), and both + * implement the relevant TLS and DTLS interfaces: + * • GTlsClientConnection + * • GDtlsClientConnection + * • GTlsServerConnection + * • GDtlsServerConnection + */ + +static ssize_t g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t transport_data, + const void *buf, + size_t buflen); +static ssize_t g_tls_connection_gnutls_vec_push_func (gnutls_transport_ptr_t transport_data, + const giovec_t *iov, + int iovcnt); +static ssize_t g_tls_connection_gnutls_pull_func (gnutls_transport_ptr_t transport_data, + void *buf, + size_t buflen); + +static int g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data, + unsigned int ms); + + +static void g_tls_connection_gnutls_initable_iface_init (GInitableIface *iface); +static gboolean g_tls_connection_gnutls_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error); +static void g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface); +static void g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *iface); + +#ifdef HAVE_PKCS11 +static P11KitPin* on_pin_prompt_callback (const char *pinfile, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data); +#endif + +static void g_tls_connection_gnutls_init_priorities (void); + +static gboolean do_implicit_handshake (GTlsConnectionGnutls *gnutls, + gint64 timeout, + GCancellable *cancellable, + GError **error); +static gboolean finish_handshake (GTlsConnectionGnutls *gnutls, + GTask *thread_task, + GError **error); + +enum +{ + PROP_0, + /* For this class: */ + PROP_BASE_IO_STREAM, + PROP_BASE_SOCKET, + /* For GTlsConnection and GDtlsConnection: */ + PROP_REQUIRE_CLOSE_NOTIFY, + PROP_REHANDSHAKE_MODE, + PROP_USE_SYSTEM_CERTDB, + PROP_DATABASE, + PROP_CERTIFICATE, + PROP_INTERACTION, + PROP_PEER_CERTIFICATE, + PROP_PEER_CERTIFICATE_ERRORS, +}; + +typedef struct +{ + /* When operating in stream mode. + * Mutually exclusive with base_socket. + */ + GIOStream *base_io_stream; + GPollableInputStream *base_istream; + GPollableOutputStream *base_ostream; + + /* When operating in stream mode; when operating in datagram mode, the + * GTlsConnectionGnutls itself is the DTLS GDatagramBased (and uses + * base_socket for its underlying I/O): + */ + GInputStream *tls_istream; + GOutputStream *tls_ostream; + + /* When operating in datagram mode. + * Mutually exclusive with base_io_stream. + */ + GDatagramBased *base_socket; + + gnutls_certificate_credentials_t creds; + gnutls_session_t session; + + GTlsCertificate *certificate, *peer_certificate; + GTlsCertificateFlags peer_certificate_errors; + GTlsCertificate *peer_certificate_tmp; + GTlsCertificateFlags peer_certificate_errors_tmp; + + gboolean require_close_notify; + GTlsRehandshakeMode rehandshake_mode; + gboolean is_system_certdb; + GTlsDatabase *database; + gboolean database_is_unset; + + /* need_handshake means the next claim_op() will get diverted into + * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*). + * need_finish_handshake means the next claim_op() will get diverted + * into finish_handshake() (unless it's an OP_CLOSE*). + * + * handshaking is TRUE as soon as a handshake thread is queued. For + * a sync handshake it becomes FALSE after finish_handshake() + * completes in the calling thread, but for an async implicit + * handshake, it becomes FALSE (and need_finish_handshake becomes + * TRUE) at the end of the handshaking thread (and then the next + * non-close op will call finish_handshake()). We can't just wait + * for handshake_thread_completed() to run, because it's possible + * that its main loop is being blocked by a synchronous op which is + * waiting for handshaking to become FALSE... + * + * started_handshake indicates that the current handshake attempt + * got at least as far as calling gnutls_handshake() (and so any + * error should be copied to handshake_error and returned on all + * future operations). ever_handshaked indicates that TLS has + * been successfully negotiated at some point. + */ + gboolean need_handshake, need_finish_handshake; + gboolean started_handshake, handshaking, ever_handshaked; + GTask *implicit_handshake; + GError *handshake_error; + GByteArray *app_data_buf; + + /* read_closed means the read direction has closed; write_closed similarly. + * If (and only if) both are set, the entire GTlsConnection is closed. */ + gboolean read_closing, read_closed; + gboolean write_closing, write_closed; + + GTlsInteraction *interaction; + gchar *interaction_id; + + GMutex op_mutex; + GCancellable *waiting_for_op; + + gboolean reading; + gint64 read_timeout; + GError *read_error; + GCancellable *read_cancellable; + + gboolean writing; + gint64 write_timeout; + GError *write_error; + GCancellable *write_cancellable; +} GTlsConnectionGnutlsPrivate; + +G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION, + G_ADD_PRIVATE (GTlsConnectionGnutls); + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, + g_tls_connection_gnutls_initable_iface_init); + G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED, + g_tls_connection_gnutls_datagram_based_iface_init); + G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION, + g_tls_connection_gnutls_dtls_connection_iface_init); + g_tls_connection_gnutls_init_priorities (); + ); + +static gint unique_interaction_id = 0; + +static void +g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gint unique_id; + + gnutls_certificate_allocate_credentials (&priv->creds); + gnutls_certificate_set_verify_flags (priv->creds, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + + priv->need_handshake = TRUE; + + priv->database_is_unset = TRUE; + priv->is_system_certdb = TRUE; + + unique_id = g_atomic_int_add (&unique_interaction_id, 1); + priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id); + +#ifdef HAVE_PKCS11 + p11_kit_pin_register_callback (priv->interaction_id, + on_pin_prompt_callback, gnutls, NULL); +#endif + + priv->waiting_for_op = g_cancellable_new (); + g_cancellable_cancel (priv->waiting_for_op); + g_mutex_init (&priv->op_mutex); +} + +/* First field is "fallback", second is "allow unsafe rehandshaking" */ +static gnutls_priority_t priorities[2][2]; + +#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT" + +static void +g_tls_connection_gnutls_init_priorities (void) +{ + const gchar *base_priority; + gchar *fallback_priority, *unsafe_rehandshake_priority, *fallback_unsafe_rehandshake_priority; + const guint *protos; + int ret, i, nprotos, fallback_proto; + + base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY"); + if (!base_priority) + base_priority = DEFAULT_BASE_PRIORITY; + ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); + if (ret == GNUTLS_E_INVALID_REQUEST) + { + g_warning ("G_TLS_GNUTLS_PRIORITY is invalid; ignoring!"); + base_priority = DEFAULT_BASE_PRIORITY; + ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); + g_warn_if_fail (ret == 0); + } + + unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", base_priority); + ret = gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL); + g_warn_if_fail (ret == 0); + g_free (unsafe_rehandshake_priority); + + /* Figure out the lowest SSl/TLS version supported by base_priority */ + nprotos = gnutls_priority_protocol_list (priorities[FALSE][FALSE], &protos); + fallback_proto = G_MAXUINT; + for (i = 0; i < nprotos; i++) + { + if (protos[i] < fallback_proto) + fallback_proto = protos[i]; + } + if (fallback_proto == G_MAXUINT) + { + g_warning ("All GNUTLS protocol versions disabled?"); + fallback_priority = g_strdup (base_priority); + } + else + { + /* %COMPAT is intentionally duplicated here, to ensure it gets added for + * the fallback even if the default priority has been changed. */ + fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s", + DEFAULT_BASE_PRIORITY, + gnutls_protocol_get_name (fallback_proto)); + } + fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", + fallback_priority); + + ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL); + g_warn_if_fail (ret == 0); + ret = gnutls_priority_init (&priorities[TRUE][TRUE], fallback_unsafe_rehandshake_priority, NULL); + g_warn_if_fail (ret == 0); + g_free (fallback_priority); + g_free (fallback_unsafe_rehandshake_priority); +} + +static void +g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gboolean fallback, unsafe_rehandshake; + + if (G_IS_TLS_CLIENT_CONNECTION (gnutls)) + { +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls)); +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#endif + } + else + fallback = FALSE; + unsafe_rehandshake = (priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY); + gnutls_priority_set (priv->session, + priorities[fallback][unsafe_rehandshake]); +} + +static gboolean +g_tls_connection_gnutls_is_dtls (GTlsConnectionGnutls *gnutls) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + return (priv->base_socket != NULL); +} + +static gboolean +g_tls_connection_gnutls_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls); + guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER; + int status; + + g_return_val_if_fail ((priv->base_istream == NULL) == + (priv->base_ostream == NULL), FALSE); + g_return_val_if_fail ((priv->base_socket == NULL) != + (priv->base_istream == NULL), FALSE); + + /* Check whether to use DTLS or TLS. */ + if (g_tls_connection_gnutls_is_dtls (gnutls)) + flags |= GNUTLS_DATAGRAM; + + gnutls_init (&priv->session, flags); + + status = gnutls_credentials_set (priv->session, + GNUTLS_CRD_CERTIFICATE, + priv->creds); + if (status != 0) + { + g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, + _("Could not create TLS connection: %s"), + gnutls_strerror (status)); + return FALSE; + } + + gnutls_transport_set_push_function (priv->session, + g_tls_connection_gnutls_push_func); + gnutls_transport_set_pull_function (priv->session, + g_tls_connection_gnutls_pull_func); + gnutls_transport_set_pull_timeout_function (priv->session, + g_tls_connection_gnutls_pull_timeout_func); + gnutls_transport_set_ptr (priv->session, gnutls); + + /* GDatagramBased supports vectored I/O; GPollableOutputStream does not. */ + if (priv->base_socket != NULL) + { + gnutls_transport_set_vec_push_function (priv->session, + g_tls_connection_gnutls_vec_push_func); + } + + /* Set reasonable MTU */ + if (flags & GNUTLS_DATAGRAM) + gnutls_dtls_set_mtu (priv->session, 1400); + + /* Create output streams if operating in streaming mode. */ + if (!(flags & GNUTLS_DATAGRAM)) + { + priv->tls_istream = g_tls_input_stream_gnutls_new (gnutls); + priv->tls_ostream = g_tls_output_stream_gnutls_new (gnutls); + } + + return TRUE; +} + +static void +g_tls_connection_gnutls_finalize (GObject *object) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + g_clear_object (&priv->base_io_stream); + g_clear_object (&priv->base_socket); + + g_clear_object (&priv->tls_istream); + g_clear_object (&priv->tls_ostream); + + if (priv->session) + gnutls_deinit (priv->session); + if (priv->creds) + gnutls_certificate_free_credentials (priv->creds); + + g_clear_object (&priv->database); + g_clear_object (&priv->certificate); + g_clear_object (&priv->peer_certificate); + g_clear_object (&priv->peer_certificate_tmp); + + g_clear_pointer (&priv->app_data_buf, g_byte_array_unref); + +#ifdef HAVE_PKCS11 + p11_kit_pin_unregister_callback (priv->interaction_id, + on_pin_prompt_callback, gnutls); +#endif + g_free (priv->interaction_id); + g_clear_object (&priv->interaction); + + g_clear_error (&priv->handshake_error); + g_clear_error (&priv->read_error); + g_clear_error (&priv->write_error); + + /* This must always be NULL at this, as it holds a referehce to @gnutls as + * its source object. However, we clear it anyway just in case this changes + * in future. */ + g_clear_object (&priv->implicit_handshake); + + g_clear_object (&priv->read_cancellable); + g_clear_object (&priv->write_cancellable); + + g_clear_object (&priv->waiting_for_op); + g_mutex_clear (&priv->op_mutex); + + G_OBJECT_CLASS (g_tls_connection_gnutls_parent_class)->finalize (object); +} + +static void +g_tls_connection_gnutls_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GTlsBackend *backend; + + switch (prop_id) + { + case PROP_BASE_IO_STREAM: + g_value_set_object (value, priv->base_io_stream); + break; + + case PROP_BASE_SOCKET: + g_value_set_object (value, priv->base_socket); + break; + + case PROP_REQUIRE_CLOSE_NOTIFY: + g_value_set_boolean (value, priv->require_close_notify); + break; + + case PROP_REHANDSHAKE_MODE: + g_value_set_enum (value, priv->rehandshake_mode); + break; + + case PROP_USE_SYSTEM_CERTDB: + g_value_set_boolean (value, priv->is_system_certdb); + break; + + case PROP_DATABASE: + if (priv->database_is_unset) + { + backend = g_tls_backend_get_default (); + priv->database = g_tls_backend_get_default_database (backend); + priv->database_is_unset = FALSE; + } + g_value_set_object (value, priv->database); + break; + + case PROP_CERTIFICATE: + g_value_set_object (value, priv->certificate); + break; + + case PROP_INTERACTION: + g_value_set_object (value, priv->interaction); + break; + + case PROP_PEER_CERTIFICATE: + g_value_set_object (value, priv->peer_certificate); + break; + + case PROP_PEER_CERTIFICATE_ERRORS: + g_value_set_flags (value, priv->peer_certificate_errors); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_connection_gnutls_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GInputStream *istream; + GOutputStream *ostream; + gboolean system_certdb; + GTlsBackend *backend; + + switch (prop_id) + { + case PROP_BASE_IO_STREAM: + g_assert (g_value_get_object (value) == NULL || + priv->base_socket == NULL); + + if (priv->base_io_stream) + { + g_object_unref (priv->base_io_stream); + priv->base_istream = NULL; + priv->base_ostream = NULL; + } + priv->base_io_stream = g_value_dup_object (value); + if (!priv->base_io_stream) + return; + + istream = g_io_stream_get_input_stream (priv->base_io_stream); + ostream = g_io_stream_get_output_stream (priv->base_io_stream); + + if (G_IS_POLLABLE_INPUT_STREAM (istream) && + g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream))) + priv->base_istream = G_POLLABLE_INPUT_STREAM (istream); + if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) && + g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream))) + priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream); + break; + + case PROP_BASE_SOCKET: + g_assert (g_value_get_object (value) == NULL || + priv->base_io_stream == NULL); + + g_clear_object (&priv->base_socket); + priv->base_socket = g_value_dup_object (value); + break; + + case PROP_REQUIRE_CLOSE_NOTIFY: + priv->require_close_notify = g_value_get_boolean (value); + break; + + case PROP_REHANDSHAKE_MODE: + priv->rehandshake_mode = g_value_get_enum (value); + break; + + case PROP_USE_SYSTEM_CERTDB: + system_certdb = g_value_get_boolean (value); + if (system_certdb != priv->is_system_certdb) + { + g_clear_object (&priv->database); + if (system_certdb) + { + backend = g_tls_backend_get_default (); + priv->database = g_tls_backend_get_default_database (backend); + } + priv->is_system_certdb = system_certdb; + priv->database_is_unset = FALSE; + } + break; + + case PROP_DATABASE: + g_clear_object (&priv->database); + priv->database = g_value_dup_object (value); + priv->is_system_certdb = FALSE; + priv->database_is_unset = FALSE; + break; + + case PROP_CERTIFICATE: + if (priv->certificate) + g_object_unref (priv->certificate); + priv->certificate = g_value_dup_object (value); + break; + + case PROP_INTERACTION: + g_clear_object (&priv->interaction); + priv->interaction = g_value_dup_object (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +gnutls_certificate_credentials_t +g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *gnutls) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + return priv->creds; +} + +gnutls_session_t +g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *gnutls) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + return priv->session; +} + +void +g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls, + gnutls_retr2_st *st) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GTlsCertificate *cert; + + cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (gnutls)); + + st->cert_type = GNUTLS_CRT_X509; + st->ncerts = 0; + + if (cert) + g_tls_certificate_gnutls_copy (G_TLS_CERTIFICATE_GNUTLS (cert), + priv->interaction_id, st); +} + +typedef enum { + G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE, + G_TLS_CONNECTION_GNUTLS_OP_READ, + G_TLS_CONNECTION_GNUTLS_OP_WRITE, + G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ, + G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE, + G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH, +} GTlsConnectionGnutlsOp; + +static gboolean +claim_op (GTlsConnectionGnutls *gnutls, + GTlsConnectionGnutlsOp op, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + try_again: + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return FALSE; + + g_mutex_lock (&priv->op_mutex); + + if (((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE || + op == G_TLS_CONNECTION_GNUTLS_OP_READ) && + (priv->read_closing || priv->read_closed)) || + ((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE || + op == G_TLS_CONNECTION_GNUTLS_OP_WRITE) && + (priv->write_closing || priv->write_closed))) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED, + _("Connection is closed")); + g_mutex_unlock (&priv->op_mutex); + return FALSE; + } + + if (priv->handshake_error && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE) + { + if (error) + *error = g_error_copy (priv->handshake_error); + g_mutex_unlock (&priv->op_mutex); + return FALSE; + } + + if (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE) + { + if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE && + priv->need_handshake) + { + priv->need_handshake = FALSE; + priv->handshaking = TRUE; + if (!do_implicit_handshake (gnutls, timeout, cancellable, error)) + { + g_mutex_unlock (&priv->op_mutex); + return FALSE; + } + } + + if (priv->need_finish_handshake && + priv->implicit_handshake) + { + GError *my_error = NULL; + gboolean success; + + priv->need_finish_handshake = FALSE; + + g_mutex_unlock (&priv->op_mutex); + success = finish_handshake (gnutls, priv->implicit_handshake, &my_error); + g_clear_object (&priv->implicit_handshake); + g_mutex_lock (&priv->op_mutex); + + if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ && + op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE && + (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error))) + { + g_propagate_error (error, my_error); + g_mutex_unlock (&priv->op_mutex); + return FALSE; + } + + g_clear_error (&my_error); + } + } + + if ((op != G_TLS_CONNECTION_GNUTLS_OP_WRITE && priv->reading) || + (op != G_TLS_CONNECTION_GNUTLS_OP_READ && priv->writing) || + (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE && priv->handshaking)) + { + GPollFD fds[2]; + int nfds; + gint64 start_time; + gint result = 1; /* if the loop is never entered, it’s as if we cancelled early */ + + g_cancellable_reset (priv->waiting_for_op); + + g_mutex_unlock (&priv->op_mutex); + + if (timeout == 0) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, + _("Operation would block")); + return FALSE; + } + + g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]); + if (g_cancellable_make_pollfd (cancellable, &fds[1])) + nfds = 2; + else + nfds = 1; + + /* Convert from microseconds to milliseconds. */ + if (timeout != -1) + timeout = timeout / 1000; + + /* Poll until cancellation or the timeout is reached. */ + start_time = g_get_monotonic_time (); + + while (!g_cancellable_is_cancelled (priv->waiting_for_op) && + !g_cancellable_is_cancelled (cancellable)) + { + result = g_poll (fds, nfds, timeout); + + if (result == 0) + break; + if (result != -1 || errno != EINTR) + continue; + + if (timeout != -1) + { + timeout -= (g_get_monotonic_time () - start_time) / 1000; + if (timeout < 0) + timeout = 0; + } + } + + if (nfds > 1) + g_cancellable_release_fd (cancellable); + + if (result == 0) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT, + _("Socket I/O timed out")); + return FALSE; + } + + goto try_again; + } + + if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE) + { + priv->handshaking = TRUE; + priv->need_handshake = FALSE; + } + if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH || + op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ) + priv->read_closing = TRUE; + if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH || + op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE) + priv->write_closing = TRUE; + + if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE) + priv->reading = TRUE; + if (op != G_TLS_CONNECTION_GNUTLS_OP_READ) + priv->writing = TRUE; + + g_mutex_unlock (&priv->op_mutex); + return TRUE; +} + +static void +yield_op (GTlsConnectionGnutls *gnutls, + GTlsConnectionGnutlsOp op) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + g_mutex_lock (&priv->op_mutex); + + if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE) + priv->handshaking = FALSE; + if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH || + op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ) + priv->read_closing = FALSE; + if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH || + op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE) + priv->write_closing = FALSE; + + if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE) + priv->reading = FALSE; + if (op != G_TLS_CONNECTION_GNUTLS_OP_READ) + priv->writing = FALSE; + + g_cancellable_cancel (priv->waiting_for_op); + g_mutex_unlock (&priv->op_mutex); +} + +static void +begin_gnutls_io (GTlsConnectionGnutls *gnutls, + GIOCondition direction, + gint64 timeout, + GCancellable *cancellable) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + g_assert (direction & (G_IO_IN | G_IO_OUT)); + + if (direction & G_IO_IN) + { + priv->read_timeout = timeout; + priv->read_cancellable = cancellable; + g_clear_error (&priv->read_error); + } + + if (direction & G_IO_OUT) + { + priv->write_timeout = timeout; + priv->write_cancellable = cancellable; + g_clear_error (&priv->write_error); + } +} + +static int +end_gnutls_io (GTlsConnectionGnutls *gnutls, + GIOCondition direction, + int status, + GError **error, + const char *err_prefix); + +static int +end_gnutls_io (GTlsConnectionGnutls *gnutls, + GIOCondition direction, + int status, + GError **error, + const char *err_prefix) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GError *my_error = NULL; + + g_assert (direction & (G_IO_IN | G_IO_OUT)); + g_assert (!error || !*error); + + if (status == GNUTLS_E_AGAIN || + status == GNUTLS_E_WARNING_ALERT_RECEIVED) + return GNUTLS_E_AGAIN; + + if (direction & G_IO_IN) + { + priv->read_cancellable = NULL; + if (status < 0) + { + my_error = priv->read_error; + priv->read_error = NULL; + } + else + g_clear_error (&priv->read_error); + } + if (direction & G_IO_OUT) + { + priv->write_cancellable = NULL; + if (status < 0 && !my_error) + { + my_error = priv->write_error; + priv->write_error = NULL; + } + else + g_clear_error (&priv->write_error); + } + + if (status >= 0) + return status; + + if (priv->handshaking && !priv->ever_handshaked) + { + if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_FAILED) || + g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) || + status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH || + status == GNUTLS_E_DECRYPTION_FAILED || + status == GNUTLS_E_UNSUPPORTED_VERSION_PACKET) + { + g_clear_error (&my_error); + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, + _("Peer failed to perform TLS handshake")); + return GNUTLS_E_PULL_ERROR; + } + } + + if (my_error) + { + if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) && + !g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT)) + G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls); + g_propagate_error (error, my_error); + return status; + } + else if (status == GNUTLS_E_REHANDSHAKE) + { + if (priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC, + _("Peer requested illegal TLS rehandshake")); + return GNUTLS_E_PULL_ERROR; + } + + g_mutex_lock (&priv->op_mutex); + if (!priv->handshaking) + priv->need_handshake = TRUE; + g_mutex_unlock (&priv->op_mutex); + return status; + } + else if (status == GNUTLS_E_PREMATURE_TERMINATION) + { + if (priv->handshaking && !priv->ever_handshaked) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, + _("Peer failed to perform TLS handshake")); + return GNUTLS_E_PULL_ERROR; + } + else if (priv->require_close_notify) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF, + _("TLS connection closed unexpectedly")); + G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls); + return status; + } + else + return 0; + } + else if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, + _("TLS connection peer did not send a certificate")); + return status; + } + else if (status == GNUTLS_E_FATAL_ALERT_RECEIVED) + { + g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, + _("Peer sent fatal TLS alert: %s"), + gnutls_alert_get_name (gnutls_alert_get (priv->session))); + return status; + } + else if (status == GNUTLS_E_LARGE_PACKET) + { + guint mtu = gnutls_dtls_get_data_mtu (priv->session); + g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE, + ngettext ("Message is too large for DTLS connection; maximum is %u byte", + "Message is too large for DTLS connection; maximum is %u bytes", mtu), mtu); + return status; + } + else if (status == GNUTLS_E_TIMEDOUT) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT, + _("The operation timed out")); + return status; + } + + if (error) + { + *error = g_error_new (G_TLS_ERROR, G_TLS_ERROR_MISC, "%s: %s", + err_prefix, gnutls_strerror (status)); + } + return status; +} + +#define BEGIN_GNUTLS_IO(gnutls, direction, timeout, cancellable) \ + begin_gnutls_io (gnutls, direction, timeout, cancellable); \ + do { + +#define END_GNUTLS_IO(gnutls, direction, ret, errmsg, err) \ + } while ((ret = end_gnutls_io (gnutls, direction, ret, err, errmsg)) == GNUTLS_E_AGAIN); + +/* Checks whether the underlying base stream or GDatagramBased meets + * @condition. */ +static gboolean +g_tls_connection_gnutls_base_check (GTlsConnectionGnutls *gnutls, + GIOCondition condition) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + if (g_tls_connection_gnutls_is_dtls (gnutls)) + return g_datagram_based_condition_check (priv->base_socket, + condition); + else if (condition & G_IO_IN) + return g_pollable_input_stream_is_readable (priv->base_istream); + else if (condition & G_IO_OUT) + return g_pollable_output_stream_is_writable (priv->base_ostream); + else + g_assert_not_reached (); +} + +/* Checks whether the (D)TLS stream meets @condition; not the underlying base + * stream or GDatagramBased. */ +gboolean +g_tls_connection_gnutls_check (GTlsConnectionGnutls *gnutls, + GIOCondition condition) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + /* Racy, but worst case is that we just get WOULD_BLOCK back */ + if (priv->need_finish_handshake) + return TRUE; + + /* If a handshake or close is in progress, then tls_istream and + * tls_ostream are blocked, regardless of the base stream status. + */ + if (priv->handshaking) + return FALSE; + + if (((condition & G_IO_IN) && priv->read_closing) || + ((condition & G_IO_OUT) && priv->write_closing)) + return FALSE; + + /* Defer to the base stream or GDatagramBased. */ + return g_tls_connection_gnutls_base_check (gnutls, condition); +} + +typedef struct { + GSource source; + + GTlsConnectionGnutls *gnutls; + /* Either a GDatagramBased (datagram mode), or a GPollableInputStream or + * GPollableOutputStream (streaming mode): + */ + GObject *base; + + GSource *child_source; + GIOCondition condition; + + gboolean io_waiting; + gboolean op_waiting; +} GTlsConnectionGnutlsSource; + +static gboolean +gnutls_source_prepare (GSource *source, + gint *timeout) +{ + *timeout = -1; + return FALSE; +} + +static gboolean +gnutls_source_check (GSource *source) +{ + return FALSE; +} + +/* Use a custom dummy callback instead of g_source_set_dummy_callback(), as that + * uses a GClosure and is slow. (The GClosure is necessary to deal with any + * function prototype.) */ +static gboolean +dummy_callback (gpointer data) +{ + return G_SOURCE_CONTINUE; +} + +static void +gnutls_source_sync (GTlsConnectionGnutlsSource *gnutls_source) +{ + GTlsConnectionGnutls *gnutls = gnutls_source->gnutls; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gboolean io_waiting, op_waiting; + + /* Was the source destroyed earlier in this main context iteration? */ + if (g_source_is_destroyed ((GSource *) gnutls_source)) + return; + + g_mutex_lock (&priv->op_mutex); + if (((gnutls_source->condition & G_IO_IN) && priv->reading) || + ((gnutls_source->condition & G_IO_OUT) && priv->writing) || + (priv->handshaking && !priv->need_finish_handshake)) + op_waiting = TRUE; + else + op_waiting = FALSE; + + if (!op_waiting && !priv->need_handshake && + !priv->need_finish_handshake) + io_waiting = TRUE; + else + io_waiting = FALSE; + g_mutex_unlock (&priv->op_mutex); + + if (op_waiting == gnutls_source->op_waiting && + io_waiting == gnutls_source->io_waiting) + return; + gnutls_source->op_waiting = op_waiting; + gnutls_source->io_waiting = io_waiting; + + if (gnutls_source->child_source) + { + g_source_remove_child_source ((GSource *)gnutls_source, + gnutls_source->child_source); + g_source_unref (gnutls_source->child_source); + } + + if (op_waiting) + gnutls_source->child_source = g_cancellable_source_new (priv->waiting_for_op); + else if (io_waiting && G_IS_DATAGRAM_BASED (gnutls_source->base)) + gnutls_source->child_source = g_datagram_based_create_source (priv->base_socket, gnutls_source->condition, NULL); + else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (gnutls_source->base)) + gnutls_source->child_source = g_pollable_input_stream_create_source (priv->base_istream, NULL); + else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (gnutls_source->base)) + gnutls_source->child_source = g_pollable_output_stream_create_source (priv->base_ostream, NULL); + else + gnutls_source->child_source = g_timeout_source_new (0); + + g_source_set_callback (gnutls_source->child_source, dummy_callback, NULL, NULL); + g_source_add_child_source ((GSource *)gnutls_source, gnutls_source->child_source); +} + +static gboolean +gnutls_source_dispatch (GSource *source, + GSourceFunc callback, + gpointer user_data) +{ + GDatagramBasedSourceFunc datagram_based_func = (GDatagramBasedSourceFunc) callback; + GPollableSourceFunc pollable_func = (GPollableSourceFunc) callback; + GTlsConnectionGnutlsSource *gnutls_source = (GTlsConnectionGnutlsSource *) source; + gboolean ret; + + if (G_IS_DATAGRAM_BASED (gnutls_source->base)) + ret = (*datagram_based_func) (G_DATAGRAM_BASED (gnutls_source->base), + gnutls_source->condition, user_data); + else + ret = (*pollable_func) (gnutls_source->base, user_data); + + if (ret) + gnutls_source_sync (gnutls_source); + + return ret; +} + +static void +gnutls_source_finalize (GSource *source) +{ + GTlsConnectionGnutlsSource *gnutls_source = (GTlsConnectionGnutlsSource *)source; + + g_object_unref (gnutls_source->gnutls); + g_source_unref (gnutls_source->child_source); +} + +static gboolean +g_tls_connection_gnutls_source_closure_callback (GObject *stream, + gpointer data) +{ + GClosure *closure = data; + + GValue param = { 0, }; + GValue result_value = { 0, }; + gboolean result; + + g_value_init (&result_value, G_TYPE_BOOLEAN); + + g_value_init (¶m, G_TYPE_OBJECT); + g_value_set_object (¶m, stream); + + g_closure_invoke (closure, &result_value, 1, ¶m, NULL); + + result = g_value_get_boolean (&result_value); + g_value_unset (&result_value); + g_value_unset (¶m); + + return result; +} + +static gboolean +g_tls_connection_gnutls_source_dtls_closure_callback (GObject *stream, + GIOCondition condition, + gpointer data) +{ + GClosure *closure = data; + + GValue param[2] = { G_VALUE_INIT, G_VALUE_INIT }; + GValue result_value = G_VALUE_INIT; + gboolean result; + + g_value_init (&result_value, G_TYPE_BOOLEAN); + + g_value_init (¶m[0], G_TYPE_DATAGRAM_BASED); + g_value_set_object (¶m[0], stream); + g_value_init (¶m[1], G_TYPE_IO_CONDITION); + g_value_set_flags (¶m[1], condition); + + g_closure_invoke (closure, &result_value, 2, param, NULL); + + result = g_value_get_boolean (&result_value); + g_value_unset (&result_value); + g_value_unset (¶m[0]); + g_value_unset (¶m[1]); + + return result; +} + +static GSourceFuncs gnutls_tls_source_funcs = +{ + gnutls_source_prepare, + gnutls_source_check, + gnutls_source_dispatch, + gnutls_source_finalize, + (GSourceFunc)g_tls_connection_gnutls_source_closure_callback, + (GSourceDummyMarshal)g_cclosure_marshal_generic +}; + +static GSourceFuncs gnutls_dtls_source_funcs = +{ + gnutls_source_prepare, + gnutls_source_check, + gnutls_source_dispatch, + gnutls_source_finalize, + (GSourceFunc)g_tls_connection_gnutls_source_dtls_closure_callback, + (GSourceDummyMarshal)g_cclosure_marshal_generic +}; + +GSource * +g_tls_connection_gnutls_create_source (GTlsConnectionGnutls *gnutls, + GIOCondition condition, + GCancellable *cancellable) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GSource *source, *cancellable_source; + GTlsConnectionGnutlsSource *gnutls_source; + + if (g_tls_connection_gnutls_is_dtls (gnutls)) + { + source = g_source_new (&gnutls_dtls_source_funcs, + sizeof (GTlsConnectionGnutlsSource)); + } + else + { + source = g_source_new (&gnutls_tls_source_funcs, + sizeof (GTlsConnectionGnutlsSource)); + } + g_source_set_name (source, "GTlsConnectionGnutlsSource"); + gnutls_source = (GTlsConnectionGnutlsSource *)source; + gnutls_source->gnutls = g_object_ref (gnutls); + gnutls_source->condition = condition; + if (g_tls_connection_gnutls_is_dtls (gnutls)) + gnutls_source->base = G_OBJECT (gnutls); + else if (priv->tls_istream != NULL && condition & G_IO_IN) + gnutls_source->base = G_OBJECT (priv->tls_istream); + else if (priv->tls_ostream != NULL && condition & G_IO_OUT) + gnutls_source->base = G_OBJECT (priv->tls_ostream); + else + g_assert_not_reached (); + + gnutls_source->op_waiting = (gboolean) -1; + gnutls_source->io_waiting = (gboolean) -1; + gnutls_source_sync (gnutls_source); + + if (cancellable) + { + cancellable_source = g_cancellable_source_new (cancellable); + g_source_set_dummy_callback (cancellable_source); + g_source_add_child_source (source, cancellable_source); + g_source_unref (cancellable_source); + } + + return source; +} + +static GSource * +g_tls_connection_gnutls_dtls_create_source (GDatagramBased *datagram_based, + GIOCondition condition, + GCancellable *cancellable) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based); + + return g_tls_connection_gnutls_create_source (gnutls, condition, cancellable); +} + +static GIOCondition +g_tls_connection_gnutls_condition_check (GDatagramBased *datagram_based, + GIOCondition condition) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based); + + return (g_tls_connection_gnutls_check (gnutls, condition)) ? condition : 0; +} + +static gboolean +g_tls_connection_gnutls_condition_wait (GDatagramBased *datagram_based, + GIOCondition condition, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GPollFD fds[2]; + guint n_fds; + gint result = 1; /* if the loop is never entered, it’s as if we cancelled early */ + gint64 start_time; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return FALSE; + + /* Convert from microseconds to milliseconds. */ + if (timeout != -1) + timeout = timeout / 1000; + + start_time = g_get_monotonic_time (); + + g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]); + n_fds = 1; + + if (g_cancellable_make_pollfd (cancellable, &fds[1])) + n_fds++; + + while (!g_tls_connection_gnutls_condition_check (datagram_based, condition) && + !g_cancellable_is_cancelled (cancellable)) + { + result = g_poll (fds, n_fds, timeout); + if (result == 0) + break; + if (result != -1 || errno != EINTR) + continue; + + if (timeout != -1) + { + timeout -= (g_get_monotonic_time () - start_time) / 1000; + if (timeout < 0) + timeout = 0; + } + } + + if (n_fds > 1) + g_cancellable_release_fd (cancellable); + + if (result == 0) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT, + _("Socket I/O timed out")); + return FALSE; + } + + return !g_cancellable_set_error_if_cancelled (cancellable, error); +} + +static void +set_gnutls_error (GTlsConnectionGnutls *gnutls, + GError *error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + /* We set EINTR rather than EAGAIN for G_IO_ERROR_WOULD_BLOCK so + * that GNUTLS_E_AGAIN only gets returned for gnutls-internal + * reasons, not for actual socket EAGAINs (and we have access + * to @error at the higher levels, so we can distinguish them + * that way later). + */ + + if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) + gnutls_transport_set_errno (priv->session, EINTR); + else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)) + { + /* Return EAGAIN while handshaking so that GnuTLS handles retries for us + * internally in its handshaking code. */ + if (priv->base_socket && priv->handshaking) + gnutls_transport_set_errno (priv->session, EAGAIN); + else + gnutls_transport_set_errno (priv->session, EINTR); + } + else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT)) + gnutls_transport_set_errno (priv->session, EINTR); + else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE)) + gnutls_transport_set_errno (priv->session, EMSGSIZE); + else + gnutls_transport_set_errno (priv->session, EIO); +} + +static ssize_t +g_tls_connection_gnutls_pull_func (gnutls_transport_ptr_t transport_data, + void *buf, + size_t buflen) +{ + GTlsConnectionGnutls *gnutls = transport_data; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + ssize_t ret; + + /* If priv->read_error is non-%NULL when we're called, it means + * that an error previously occurred, but gnutls decided not to + * propagate it. So it's correct for us to just clear it. (Usually + * this means it ignored an EAGAIN after a short read, and now + * we'll return EAGAIN again, which it will obey this time.) + */ + g_clear_error (&priv->read_error); + + if (g_tls_connection_gnutls_is_dtls (gnutls)) + { + GInputVector vector = { buf, buflen }; + GInputMessage message = { NULL, &vector, 1, 0, 0, NULL, NULL }; + + ret = g_datagram_based_receive_messages (priv->base_socket, + &message, 1, 0, + priv->handshaking ? 0 : priv->read_timeout, + priv->read_cancellable, + &priv->read_error); + + if (ret > 0) + ret = message.bytes_received; + } + else + { + ret = g_pollable_stream_read (G_INPUT_STREAM (priv->base_istream), + buf, buflen, + (priv->read_timeout != 0), + priv->read_cancellable, + &priv->read_error); + } + + if (ret < 0) + set_gnutls_error (gnutls, priv->read_error); + + return ret; +} + +static ssize_t +g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t transport_data, + const void *buf, + size_t buflen) +{ + GTlsConnectionGnutls *gnutls = transport_data; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + ssize_t ret; + + /* See comment in pull_func. */ + g_clear_error (&priv->write_error); + + if (g_tls_connection_gnutls_is_dtls (gnutls)) + { + GOutputVector vector = { buf, buflen }; + GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 }; + + ret = g_datagram_based_send_messages (priv->base_socket, + &message, 1, 0, + priv->write_timeout, + priv->write_cancellable, + &priv->write_error); + + if (ret > 0) + ret = message.bytes_sent; + } + else + { + ret = g_pollable_stream_write (G_OUTPUT_STREAM (priv->base_ostream), + buf, buflen, + (priv->write_timeout != 0), + priv->write_cancellable, + &priv->write_error); + } + + if (ret < 0) + set_gnutls_error (gnutls, priv->write_error); + + return ret; +} + +static ssize_t +g_tls_connection_gnutls_vec_push_func (gnutls_transport_ptr_t transport_data, + const giovec_t *iov, + int iovcnt) +{ + GTlsConnectionGnutls *gnutls = transport_data; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + ssize_t ret; + GOutputMessage message = { NULL, }; + GOutputVector *vectors; + + /* This function should only be set if we’re using base_socket. */ + g_assert (priv->base_socket != NULL); + + /* See comment in pull_func. */ + g_clear_error (&priv->write_error); + + /* this entire expression will be evaluated at compile time */ + if (sizeof *iov == sizeof *vectors && + sizeof iov->iov_base == sizeof vectors->buffer && + G_STRUCT_OFFSET (giovec_t, iov_base) == + G_STRUCT_OFFSET (GOutputVector, buffer) && + sizeof iov->iov_len == sizeof vectors->size && + G_STRUCT_OFFSET (giovec_t, iov_len) == + G_STRUCT_OFFSET (GOutputVector, size)) + /* ABI is compatible */ + { + message.vectors = (GOutputVector *) iov; + message.num_vectors = iovcnt; + } + else + /* ABI is incompatible */ + { + gint i; + + message.vectors = g_newa (GOutputVector, iovcnt); + for (i = 0; i < iovcnt; i++) + { + message.vectors[i].buffer = (void *) iov[i].iov_base; + message.vectors[i].size = iov[i].iov_len; + } + message.num_vectors = iovcnt; + } + + ret = g_datagram_based_send_messages (priv->base_socket, + &message, 1, 0, + priv->write_timeout, + priv->write_cancellable, + &priv->write_error); + + if (ret > 0) + ret = message.bytes_sent; + else if (ret < 0) + set_gnutls_error (gnutls, priv->write_error); + + return ret; +} + +static gboolean +read_pollable_cb (GPollableInputStream *istream, + gpointer user_data) +{ + gboolean *read_done = user_data; + + *read_done = TRUE; + + return G_SOURCE_CONTINUE; +} + +static gboolean +read_datagram_based_cb (GDatagramBased *datagram_based, + GIOCondition condition, + gpointer user_data) +{ + gboolean *read_done = user_data; + + *read_done = TRUE; + + return G_SOURCE_CONTINUE; +} + +static gboolean +read_timeout_cb (gpointer user_data) +{ + gboolean *timed_out = user_data; + + *timed_out = TRUE; + + return G_SOURCE_REMOVE; +} + +static int +g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data, + unsigned int ms) +{ + GTlsConnectionGnutls *gnutls = transport_data; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + /* Fast path. */ + if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) || + g_cancellable_is_cancelled (priv->read_cancellable)) + return 1; + + /* If @ms is 0, GnuTLS wants an instant response, so there’s no need to + * construct and query a #GSource. */ + if (ms > 0) + { + GMainContext *ctx = NULL; + GSource *read_source = NULL, *timeout_source = NULL; + gboolean read_done = FALSE, timed_out = FALSE; + + ctx = g_main_context_new (); + + /* Create a timeout source. */ + timeout_source = g_timeout_source_new (ms); + g_source_set_callback (timeout_source, (GSourceFunc) read_timeout_cb, + &timed_out, NULL); + + /* Create a read source. We cannot use g_source_set_ready_time() on this + * to combine it with the @timeout_source, as that could mess with the + * internals of the #GDatagramBased’s #GSource implementation. */ + if (g_tls_connection_gnutls_is_dtls (gnutls)) + { + read_source = g_datagram_based_create_source (priv->base_socket, G_IO_IN, NULL); + g_source_set_callback (read_source, (GSourceFunc) read_datagram_based_cb, + &read_done, NULL); + } + else + { + read_source = g_pollable_input_stream_create_source (priv->base_istream, NULL); + g_source_set_callback (read_source, (GSourceFunc) read_pollable_cb, + &read_done, NULL); + } + + g_source_attach (read_source, ctx); + g_source_attach (timeout_source, ctx); + + while (!read_done && !timed_out) + g_main_context_iteration (ctx, TRUE); + + g_source_destroy (read_source); + g_source_destroy (timeout_source); + + g_main_context_unref (ctx); + g_source_unref (read_source); + g_source_unref (timeout_source); + + /* If @read_source was dispatched due to cancellation, the resulting error + * will be handled in g_tls_connection_gnutls_pull_func(). */ + if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) || + g_cancellable_is_cancelled (priv->read_cancellable)) + return 1; + } + + return 0; +} + +static GTlsCertificate * +get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + const gnutls_datum_t *certs; + GTlsCertificateGnutls *chain; + unsigned int num_certs; + + certs = gnutls_certificate_get_peers (priv->session, &num_certs); + if (!certs || !num_certs) + return NULL; + + chain = g_tls_certificate_gnutls_build_chain (certs, num_certs, GNUTLS_X509_FMT_DER); + if (!chain) + return NULL; + + return G_TLS_CERTIFICATE (chain); +} + +static GTlsCertificateFlags +verify_peer_certificate (GTlsConnectionGnutls *gnutls, + GTlsCertificate *peer_certificate) +{ + GTlsConnection *conn = G_TLS_CONNECTION (gnutls); + GSocketConnectable *peer_identity; + GTlsDatabase *database; + GTlsCertificateFlags errors; + gboolean is_client; + + is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls); + + if (!is_client) + peer_identity = NULL; + else if (!g_tls_connection_gnutls_is_dtls (gnutls)) + peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (gnutls)); + else + peer_identity = g_dtls_client_connection_get_server_identity (G_DTLS_CLIENT_CONNECTION (gnutls)); + + errors = 0; + + database = g_tls_connection_get_database (conn); + if (database == NULL) + { + errors |= G_TLS_CERTIFICATE_UNKNOWN_CA; + errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL); + } + else + { + GError *error = NULL; + + errors |= g_tls_database_verify_chain (database, peer_certificate, + is_client ? + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER : + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT, + peer_identity, + g_tls_connection_get_interaction (conn), + G_TLS_DATABASE_VERIFY_NONE, + NULL, &error); + if (error) + { + g_warning ("failure verifying certificate chain: %s", + error->message); + g_assert (errors != 0); + g_clear_error (&error); + } + } + + return errors; +} + +static void +handshake_thread (GTask *task, + gpointer object, + gpointer task_data, + GCancellable *cancellable) +{ + GTlsConnectionGnutls *gnutls = object; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gboolean is_client; + GError *error = NULL; + int ret; + gint64 start_time; + gint64 timeout; + + /* A timeout, in microseconds, must be provided as a gint64* task_data. */ + g_assert (task_data != NULL); + + timeout = *((gint64 *) task_data); + start_time = g_get_monotonic_time (); + priv->started_handshake = FALSE; + + if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE, + timeout, cancellable, &error)) + { + g_task_return_error (task, error); + return; + } + + g_clear_error (&priv->handshake_error); + + is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls); + + if (!is_client && priv->ever_handshaked && !priv->implicit_handshake) + { + /* Adjust the timeout for the next operation in the sequence. */ + if (timeout > 0) + { + unsigned int timeout_ms; + + timeout -= (g_get_monotonic_time () - start_time); + if (timeout <= 0) + timeout = 1; + + /* Convert from microseconds to milliseconds, but ensure the timeout + * remains positive. */ + timeout_ms = (timeout + 999) / 1000; + + gnutls_handshake_set_timeout (priv->session, timeout_ms); + gnutls_dtls_set_timeouts (priv->session, 1000 /* default */, + timeout_ms); + } + + BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable); + ret = gnutls_rehandshake (priv->session); + END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret, + _("Error performing TLS handshake"), &error); + + if (error) + { + g_task_return_error (task, error); + return; + } + } + + priv->started_handshake = TRUE; + + g_clear_object (&priv->peer_certificate); + priv->peer_certificate_errors = 0; + + g_tls_connection_gnutls_set_handshake_priority (gnutls); + + /* Adjust the timeout for the next operation in the sequence. */ + if (timeout > 0) + { + unsigned int timeout_ms; + + timeout -= (g_get_monotonic_time () - start_time); + if (timeout <= 0) + timeout = 1; + + /* Convert from microseconds to milliseconds, but ensure the timeout + * remains positive. */ + timeout_ms = (timeout + 999) / 1000; + + gnutls_handshake_set_timeout (priv->session, timeout_ms); + gnutls_dtls_set_timeouts (priv->session, 1000 /* default */, + timeout_ms); + } + + BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable); + ret = gnutls_handshake (priv->session); + if (ret == GNUTLS_E_GOT_APPLICATION_DATA) + { + guint8 buf[1024]; + + /* Got app data while waiting for rehandshake; buffer it and try again */ + ret = gnutls_record_recv (priv->session, buf, sizeof (buf)); + if (ret > -1) + { + if (!priv->app_data_buf) + priv->app_data_buf = g_byte_array_new (); + g_byte_array_append (priv->app_data_buf, buf, ret); + ret = GNUTLS_E_AGAIN; + } + } + END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret, + _("Error performing TLS handshake"), &error); + + if (ret == 0 && gnutls_certificate_type_get (priv->session) == GNUTLS_CRT_X509) + { + priv->peer_certificate_tmp = get_peer_certificate_from_session (gnutls); + if (priv->peer_certificate_tmp) + priv->peer_certificate_errors_tmp = verify_peer_certificate (gnutls, priv->peer_certificate_tmp); + else if (G_IS_TLS_CLIENT_CONNECTION (gnutls)) + { + g_set_error_literal (&error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Server did not return a valid TLS certificate")); + } + } + + G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, &error); + + if (error) + { + g_task_return_error (task, error); + } + else + { + priv->ever_handshaked = TRUE; + g_task_return_boolean (task, TRUE); + } +} + +static gboolean +accept_peer_certificate (GTlsConnectionGnutls *gnutls, + GTlsCertificate *peer_certificate, + GTlsCertificateFlags peer_certificate_errors) +{ + gboolean accepted = FALSE; + + if (G_IS_TLS_CLIENT_CONNECTION (gnutls)) + { + GTlsCertificateFlags validation_flags; + + if (!g_tls_connection_gnutls_is_dtls (gnutls)) + validation_flags = + g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (gnutls)); + else + validation_flags = + g_dtls_client_connection_get_validation_flags (G_DTLS_CLIENT_CONNECTION (gnutls)); + + if ((peer_certificate_errors & validation_flags) == 0) + accepted = TRUE; + } + + if (!accepted) + { + accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls), + peer_certificate, + peer_certificate_errors); + } + + return accepted; +} + +static void +begin_handshake (GTlsConnectionGnutls *gnutls) +{ + G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->begin_handshake (gnutls); +} + +static gboolean +finish_handshake (GTlsConnectionGnutls *gnutls, + GTask *task, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GTlsCertificate *peer_certificate; + GTlsCertificateFlags peer_certificate_errors; + + g_assert (error != NULL); + + peer_certificate = priv->peer_certificate_tmp; + priv->peer_certificate_tmp = NULL; + peer_certificate_errors = priv->peer_certificate_errors_tmp; + priv->peer_certificate_errors_tmp = 0; + + if (g_task_propagate_boolean (task, error) && peer_certificate) + { + if (!accept_peer_certificate (gnutls, peer_certificate, + peer_certificate_errors)) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Unacceptable TLS certificate")); + } + + priv->peer_certificate = peer_certificate; + priv->peer_certificate_errors = peer_certificate_errors; + g_object_notify (G_OBJECT (gnutls), "peer-certificate"); + g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors"); + } + + if (*error && priv->started_handshake) + priv->handshake_error = g_error_copy (*error); + + return (*error == NULL); +} + +static gboolean +g_tls_connection_gnutls_handshake (GTlsConnection *conn, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (conn); + GTask *task; + gboolean success; + gint64 *timeout = NULL; + GError *my_error = NULL; + + task = g_task_new (conn, cancellable, NULL, NULL); + g_task_set_source_tag (task, g_tls_connection_gnutls_handshake); + + timeout = g_new0 (gint64, 1); + *timeout = -1; /* blocking */ + g_task_set_task_data (task, timeout, g_free); + + begin_handshake (gnutls); + g_task_run_in_thread_sync (task, handshake_thread); + success = finish_handshake (gnutls, task, &my_error); + g_object_unref (task); + + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE); + + if (my_error) + g_propagate_error (error, my_error); + return success; +} + +static gboolean +g_tls_connection_gnutls_dtls_handshake (GDtlsConnection *conn, + GCancellable *cancellable, + GError **error) +{ + return g_tls_connection_gnutls_handshake (G_TLS_CONNECTION (conn), + cancellable, error); +} + +/* In the async version we use two GTasks; one to run handshake_thread() and + * then call handshake_thread_completed(), and a second to call the caller's + * original callback after we call finish_handshake(). + */ + +static void +handshake_thread_completed (GObject *object, + GAsyncResult *result, + gpointer user_data) +{ + GTask *caller_task = user_data; + GTlsConnectionGnutls *gnutls = g_task_get_source_object (caller_task); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GError *error = NULL; + gboolean need_finish_handshake, success; + + g_mutex_lock (&priv->op_mutex); + if (priv->need_finish_handshake) + { + need_finish_handshake = TRUE; + priv->need_finish_handshake = FALSE; + } + else + need_finish_handshake = FALSE; + g_mutex_unlock (&priv->op_mutex); + + if (need_finish_handshake) + { + success = finish_handshake (gnutls, G_TASK (result), &error); + if (success) + g_task_return_boolean (caller_task, TRUE); + else + g_task_return_error (caller_task, error); + } + else if (priv->handshake_error) + g_task_return_error (caller_task, g_error_copy (priv->handshake_error)); + else + g_task_return_boolean (caller_task, TRUE); + + g_object_unref (caller_task); +} + +static void +async_handshake_thread (GTask *task, + gpointer object, + gpointer task_data, + GCancellable *cancellable) +{ + GTlsConnectionGnutls *gnutls = object; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + handshake_thread (task, object, task_data, cancellable); + + g_mutex_lock (&priv->op_mutex); + priv->need_finish_handshake = TRUE; + /* yield_op will clear handshaking too, but we don't want the + * connection to be briefly "handshaking && need_finish_handshake" + * after we unlock the mutex. + */ + priv->handshaking = FALSE; + g_mutex_unlock (&priv->op_mutex); + + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE); +} + +static void +g_tls_connection_gnutls_handshake_async (GTlsConnection *conn, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GTask *thread_task, *caller_task; + gint64 *timeout = NULL; + + caller_task = g_task_new (conn, cancellable, callback, user_data); + g_task_set_source_tag (caller_task, g_tls_connection_gnutls_handshake_async); + g_task_set_priority (caller_task, io_priority); + + begin_handshake (G_TLS_CONNECTION_GNUTLS (conn)); + + thread_task = g_task_new (conn, cancellable, + handshake_thread_completed, caller_task); + g_task_set_source_tag (thread_task, g_tls_connection_gnutls_handshake_async); + g_task_set_priority (thread_task, io_priority); + + timeout = g_new0 (gint64, 1); + *timeout = -1; /* blocking */ + g_task_set_task_data (thread_task, timeout, g_free); + + g_task_run_in_thread (thread_task, async_handshake_thread); + g_object_unref (thread_task); +} + +static gboolean +g_tls_connection_gnutls_handshake_finish (GTlsConnection *conn, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, conn), FALSE); + + return g_task_propagate_boolean (G_TASK (result), error); +} + +static void +g_tls_connection_gnutls_dtls_handshake_async (GDtlsConnection *conn, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_tls_connection_gnutls_handshake_async (G_TLS_CONNECTION (conn), io_priority, + cancellable, callback, user_data); +} + +static gboolean +g_tls_connection_gnutls_dtls_handshake_finish (GDtlsConnection *conn, + GAsyncResult *result, + GError **error) +{ + return g_tls_connection_gnutls_handshake_finish (G_TLS_CONNECTION (conn), + result, error); +} + +static gboolean +do_implicit_handshake (GTlsConnectionGnutls *gnutls, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gint64 *thread_timeout = NULL; + + /* We have op_mutex */ + + g_assert (priv->implicit_handshake == NULL); + priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL); + g_task_set_source_tag (priv->implicit_handshake, + do_implicit_handshake); + + thread_timeout = g_new0 (gint64, 1); + g_task_set_task_data (priv->implicit_handshake, + thread_timeout, g_free); + + begin_handshake (gnutls); + + if (timeout != 0) + { + GError *my_error = NULL; + gboolean success; + + /* In the blocking case, run the handshake operation synchronously in + * another thread, and delegate handling the timeout to that thread; it + * should return G_IO_ERROR_TIMED_OUT iff (timeout > 0) and the operation + * times out. If (timeout < 0) it should block indefinitely until the + * operation is complete or errors. */ + *thread_timeout = timeout; + + g_mutex_unlock (&priv->op_mutex); + g_task_run_in_thread_sync (priv->implicit_handshake, + handshake_thread); + success = finish_handshake (gnutls, + priv->implicit_handshake, + &my_error); + g_clear_object (&priv->implicit_handshake); + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE); + g_mutex_lock (&priv->op_mutex); + + if (my_error) + g_propagate_error (error, my_error); + return success; + } + else + { + /* In the non-blocking case, start the asynchronous handshake operation + * and return EWOULDBLOCK to the caller, who will handle polling for + * completion of the handshake and whatever operation they actually cared + * about. Run the actual operation as blocking in its thread. */ + *thread_timeout = -1; /* blocking */ + + g_task_run_in_thread (priv->implicit_handshake, + async_handshake_thread); + + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, + _("Operation would block")); + return FALSE; + } +} + +gssize +g_tls_connection_gnutls_read (GTlsConnectionGnutls *gnutls, + void *buffer, + gsize count, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gssize ret; + + if (priv->app_data_buf && !priv->handshaking) + { + ret = MIN (count, priv->app_data_buf->len); + memcpy (buffer, priv->app_data_buf->data, ret); + if (ret == priv->app_data_buf->len) + g_clear_pointer (&priv->app_data_buf, g_byte_array_unref); + else + g_byte_array_remove_range (priv->app_data_buf, 0, ret); + return ret; + } + + again: + if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ, + timeout, cancellable, error)) + return -1; + + BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable); + ret = gnutls_record_recv (priv->session, buffer, count); + END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error); + + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ); + + if (ret >= 0) + return ret; + else if (ret == GNUTLS_E_REHANDSHAKE) + goto again; + else + return -1; +} + +static gsize +input_vectors_from_gnutls_datum_t (GInputVector *vectors, + guint num_vectors, + const gnutls_datum_t *datum) +{ + guint i; + gsize total = 0; + + /* Copy into the receive vectors. */ + for (i = 0; i < num_vectors && total < datum->size; i++) + { + gsize count; + GInputVector *vec = &vectors[i]; + + count = MIN (vec->size, datum->size - total); + + memcpy (vec->buffer, datum->data + total, count); + total += count; + } + + g_assert (total <= datum->size); + + return total; +} + +static gssize +g_tls_connection_gnutls_read_message (GTlsConnectionGnutls *gnutls, + GInputVector *vectors, + guint num_vectors, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + guint i; + gssize ret; + gnutls_packet_t packet = { 0, }; + + /* Copy data out of the app data buffer first. */ + if (priv->app_data_buf && !priv->handshaking) + { + ret = 0; + + for (i = 0; i < num_vectors; i++) + { + gsize count; + GInputVector *vec = &vectors[i]; + + count = MIN (vec->size, priv->app_data_buf->len); + ret += count; + + memcpy (vec->buffer, priv->app_data_buf->data, count); + if (count == priv->app_data_buf->len) + g_clear_pointer (&priv->app_data_buf, g_byte_array_unref); + else + g_byte_array_remove_range (priv->app_data_buf, 0, count); + } + + return ret; + } + + again: + if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ, + timeout, cancellable, error)) + return -1; + + BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable); + + /* Receive the entire datagram (zero-copy). */ + ret = gnutls_record_recv_packet (priv->session, &packet); + + if (ret > 0) + { + gnutls_datum_t data = { 0, }; + + gnutls_packet_get (packet, &data, NULL); + ret = input_vectors_from_gnutls_datum_t (vectors, num_vectors, &data); + gnutls_packet_deinit (packet); + } + + END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error); + + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ); + + if (ret >= 0) + return ret; + else if (ret == GNUTLS_E_REHANDSHAKE) + goto again; + else + return -1; +} + +static gint +g_tls_connection_gnutls_receive_messages (GDatagramBased *datagram_based, + GInputMessage *messages, + guint num_messages, + gint flags, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls; + guint i; + GError *child_error = NULL; + + gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based); + + if (flags != G_SOCKET_MSG_NONE) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, + _("Receive flags are not supported")); + return -1; + } + + for (i = 0; i < num_messages && child_error == NULL; i++) + { + GInputMessage *message = &messages[i]; + gssize n_bytes_read; + + n_bytes_read = g_tls_connection_gnutls_read_message (gnutls, + message->vectors, + message->num_vectors, + timeout, + cancellable, + &child_error); + + if (message->address != NULL) + *message->address = NULL; + message->flags = G_SOCKET_MSG_NONE; + if (message->control_messages != NULL) + *message->control_messages = NULL; + message->num_control_messages = 0; + + if (n_bytes_read > 0) + { + message->bytes_received = n_bytes_read; + } + else if (n_bytes_read == 0) + { + /* EOS. */ + break; + } + else if (i > 0 && + (g_error_matches (child_error, + G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) || + g_error_matches (child_error, + G_IO_ERROR, G_IO_ERROR_TIMED_OUT))) + { + /* Blocked or timed out after receiving some messages successfully. */ + g_clear_error (&child_error); + break; + } + else + { + /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT on + * the first message; or G_IO_ERROR_CANCELLED at any time. */ + break; + } + } + + if (child_error != NULL) + { + g_propagate_error (error, child_error); + return -1; + } + + return i; +} + +gssize +g_tls_connection_gnutls_write (GTlsConnectionGnutls *gnutls, + const void *buffer, + gsize count, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gssize ret; + + again: + if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE, + timeout, cancellable, error)) + return -1; + + BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable); + ret = gnutls_record_send (priv->session, buffer, count); + END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error); + + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE); + + if (ret >= 0) + return ret; + else if (ret == GNUTLS_E_REHANDSHAKE) + goto again; + else + return -1; +} + +static gssize +g_tls_connection_gnutls_write_message (GTlsConnectionGnutls *gnutls, + GOutputVector *vectors, + guint num_vectors, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + gssize ret; + guint i; + gsize total_message_size; + + again: + if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE, + timeout, cancellable, error)) + return -1; + + /* Calculate the total message size and check it’s not too big. */ + for (i = 0, total_message_size = 0; i < num_vectors; i++) + total_message_size += vectors[i].size; + + if (priv->base_socket != NULL && + gnutls_dtls_get_data_mtu (priv->session) < total_message_size) + { + char *message; + guint mtu = gnutls_dtls_get_data_mtu (priv->session); + + ret = GNUTLS_E_LARGE_PACKET; + message = g_strdup_printf("%s %s", + ngettext ("Message of size %lu byte is too large for DTLS connection", + "Message of size %lu bytes is too large for DTLS connection", total_message_size), + ngettext ("(maximum is %u byte)", "(maximum is %u bytes)", mtu)); + g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE, + message, + total_message_size, + mtu); + g_free (message); + + goto done; + } + + /* Queue up the data from all the vectors. */ + gnutls_record_cork (priv->session); + + for (i = 0; i < num_vectors; i++) + { + ret = gnutls_record_send (priv->session, + vectors[i].buffer, vectors[i].size); + + if (ret < 0 || ret < vectors[i].size) + { + /* Uncork to restore state, then bail. The peer will receive a + * truncated datagram. */ + break; + } + } + + BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable); + ret = gnutls_record_uncork (priv->session, 0 /* flags */); + END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error); + + done: + yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE); + + if (ret >= 0) + return ret; + else if (ret == GNUTLS_E_REHANDSHAKE) + goto again; + else + return -1; +} + +static gint +g_tls_connection_gnutls_send_messages (GDatagramBased *datagram_based, + GOutputMessage *messages, + guint num_messages, + gint flags, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls; + guint i; + GError *child_error = NULL; + + gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based); + + if (flags != G_SOCKET_MSG_NONE) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, + _("Send flags are not supported")); + return -1; + } + + for (i = 0; i < num_messages && child_error == NULL; i++) + { + GOutputMessage *message = &messages[i]; + gssize n_bytes_sent; + + n_bytes_sent = g_tls_connection_gnutls_write_message (gnutls, + message->vectors, + message->num_vectors, + timeout, + cancellable, + &child_error); + + if (n_bytes_sent >= 0) + { + message->bytes_sent = n_bytes_sent; + } + else if (i > 0 && + (g_error_matches (child_error, + G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) || + g_error_matches (child_error, + G_IO_ERROR, G_IO_ERROR_TIMED_OUT))) + { + /* Blocked or timed out after sending some messages successfully. */ + g_clear_error (&child_error); + break; + } + else + { + /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT + * on the first message; or G_IO_ERROR_CANCELLED at any time. */ + break; + } + } + + if (child_error != NULL) + { + g_propagate_error (error, child_error); + return -1; + } + + return i; +} + +static GInputStream * +g_tls_connection_gnutls_get_input_stream (GIOStream *stream) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + return priv->tls_istream; +} + +static GOutputStream * +g_tls_connection_gnutls_get_output_stream (GIOStream *stream) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + + return priv->tls_ostream; +} + +gboolean +g_tls_connection_gnutls_close_internal (GIOStream *stream, + GTlsDirection direction, + gint64 timeout, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GTlsConnectionGnutlsOp op; + gboolean success = TRUE; + int ret = 0; + GError *gnutls_error = NULL, *stream_error = NULL; + + /* This can be called from g_io_stream_close(), g_input_stream_close(), + * g_output_stream_close() or g_tls_connection_close(). In all cases, we only + * do the gnutls_bye() for writing. The difference is how we set the flags on + * this class and how the underlying stream is closed. + */ + + g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE); + + if (direction == G_TLS_DIRECTION_BOTH) + op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH; + else if (direction == G_TLS_DIRECTION_READ) + op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ; + else + op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE; + + if (!claim_op (gnutls, op, timeout, cancellable, error)) + return FALSE; + + if (priv->ever_handshaked && !priv->write_closed && + direction & G_TLS_DIRECTION_WRITE) + { + BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable); + ret = gnutls_bye (priv->session, GNUTLS_SHUT_WR); + END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret, + _("Error performing TLS close"), &gnutls_error); + + priv->write_closed = TRUE; + } + + if (!priv->read_closed && direction & G_TLS_DIRECTION_READ) + priv->read_closed = TRUE; + + /* Close the underlying streams. Do this even if the gnutls_bye() call failed, + * as the parent GIOStream will have set its internal closed flag and hence + * this implementation will never be called again. */ + if (priv->base_io_stream != NULL) + { + if (direction == G_TLS_DIRECTION_BOTH) + success = g_io_stream_close (priv->base_io_stream, + cancellable, &stream_error); + else if (direction & G_TLS_DIRECTION_READ) + success = g_input_stream_close (g_io_stream_get_input_stream (priv->base_io_stream), + cancellable, &stream_error); + else if (direction & G_TLS_DIRECTION_WRITE) + success = g_output_stream_close (g_io_stream_get_output_stream (priv->base_io_stream), + cancellable, &stream_error); + } + else if (g_tls_connection_gnutls_is_dtls (gnutls)) + { + /* We do not close underlying #GDatagramBaseds. There is no + * g_datagram_based_close() method since different datagram-based + * protocols vary wildly in how they close. */ + success = TRUE; + } + else + { + g_assert_not_reached (); + } + + yield_op (gnutls, op); + + /* Propagate errors. */ + if (ret != 0) + { + g_propagate_error (error, gnutls_error); + g_clear_error (&stream_error); + } + else if (!success) + { + g_propagate_error (error, stream_error); + g_clear_error (&gnutls_error); + } + + return success && (ret == 0); +} + +static gboolean +g_tls_connection_gnutls_close (GIOStream *stream, + GCancellable *cancellable, + GError **error) +{ + return g_tls_connection_gnutls_close_internal (stream, + G_TLS_DIRECTION_BOTH, + -1, /* blocking */ + cancellable, error); +} + +static gboolean +g_tls_connection_gnutls_dtls_shutdown (GDtlsConnection *conn, + gboolean shutdown_read, + gboolean shutdown_write, + GCancellable *cancellable, + GError **error) +{ + GTlsDirection direction = G_TLS_DIRECTION_NONE; + + if (shutdown_read) + direction |= G_TLS_DIRECTION_READ; + if (shutdown_write) + direction |= G_TLS_DIRECTION_WRITE; + + return g_tls_connection_gnutls_close_internal (G_IO_STREAM (conn), + direction, + -1, /* blocking */ + cancellable, error); +} + +/* We do async close as synchronous-in-a-thread so we don't need to + * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case + * (since handshakes are also done synchronously now). + */ +static void +close_thread (GTask *task, + gpointer object, + gpointer task_data, + GCancellable *cancellable) +{ + GIOStream *stream = object; + GTlsDirection direction; + GError *error = NULL; + + direction = GPOINTER_TO_INT (g_task_get_task_data (task)); + + if (!g_tls_connection_gnutls_close_internal (stream, direction, + -1, /* blocking */ + cancellable, &error)) + g_task_return_error (task, error); + else + g_task_return_boolean (task, TRUE); +} + +static void +g_tls_connection_gnutls_close_internal_async (GIOStream *stream, + GTlsDirection direction, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GTask *task; + + task = g_task_new (stream, cancellable, callback, user_data); + g_task_set_source_tag (task, g_tls_connection_gnutls_close_internal_async); + g_task_set_priority (task, io_priority); + g_task_set_task_data (task, GINT_TO_POINTER (direction), NULL); + g_task_run_in_thread (task, close_thread); + g_object_unref (task); +} + +static void +g_tls_connection_gnutls_close_async (GIOStream *stream, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_tls_connection_gnutls_close_internal_async (stream, G_TLS_DIRECTION_BOTH, + io_priority, cancellable, + callback, user_data); +} + +static gboolean +g_tls_connection_gnutls_close_finish (GIOStream *stream, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, stream), FALSE); + + return g_task_propagate_boolean (G_TASK (result), error); +} + +static void +g_tls_connection_gnutls_dtls_shutdown_async (GDtlsConnection *conn, + gboolean shutdown_read, + gboolean shutdown_write, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GTlsDirection direction = G_TLS_DIRECTION_NONE; + + if (shutdown_read) + direction |= G_TLS_DIRECTION_READ; + if (shutdown_write) + direction |= G_TLS_DIRECTION_WRITE; + + g_tls_connection_gnutls_close_internal_async (G_IO_STREAM (conn), direction, + io_priority, cancellable, + callback, user_data); +} + +static gboolean +g_tls_connection_gnutls_dtls_shutdown_finish (GDtlsConnection *conn, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, conn), FALSE); + + return g_task_propagate_boolean (G_TASK (result), error); +} + +#ifdef HAVE_PKCS11 + +static P11KitPin* +on_pin_prompt_callback (const char *pinfile, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (callback_data); + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GTlsInteractionResult result; + GTlsPasswordFlags flags = 0; + GTlsPassword *password; + P11KitPin *pin = NULL; + GError *error = NULL; + + if (!priv->interaction) + return NULL; + + if (pin_flags & P11_KIT_PIN_FLAGS_RETRY) + flags |= G_TLS_PASSWORD_RETRY; + if (pin_flags & P11_KIT_PIN_FLAGS_MANY_TRIES) + flags |= G_TLS_PASSWORD_MANY_TRIES; + if (pin_flags & P11_KIT_PIN_FLAGS_FINAL_TRY) + flags |= G_TLS_PASSWORD_FINAL_TRY; + + password = g_pkcs11_pin_new (flags, pin_description); + + result = g_tls_interaction_ask_password (priv->interaction, password, + g_cancellable_get_current (), &error); + + switch (result) + { + case G_TLS_INTERACTION_FAILED: + if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) + g_warning ("couldn't ask for password: %s", error->message); + pin = NULL; + break; + case G_TLS_INTERACTION_UNHANDLED: + default: + pin = NULL; + break; + case G_TLS_INTERACTION_HANDLED: + pin = g_pkcs11_pin_steal_internal (G_PKCS11_PIN (password)); + break; + } + + g_object_unref (password); + return pin; +} + +#endif /* HAVE_PKCS11 */ + +static void +g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsConnectionClass *connection_class = G_TLS_CONNECTION_CLASS (klass); + GIOStreamClass *iostream_class = G_IO_STREAM_CLASS (klass); + + gobject_class->get_property = g_tls_connection_gnutls_get_property; + gobject_class->set_property = g_tls_connection_gnutls_set_property; + gobject_class->finalize = g_tls_connection_gnutls_finalize; + + connection_class->handshake = g_tls_connection_gnutls_handshake; + connection_class->handshake_async = g_tls_connection_gnutls_handshake_async; + connection_class->handshake_finish = g_tls_connection_gnutls_handshake_finish; + + iostream_class->get_input_stream = g_tls_connection_gnutls_get_input_stream; + iostream_class->get_output_stream = g_tls_connection_gnutls_get_output_stream; + iostream_class->close_fn = g_tls_connection_gnutls_close; + iostream_class->close_async = g_tls_connection_gnutls_close_async; + iostream_class->close_finish = g_tls_connection_gnutls_close_finish; + + /* For GTlsConnection and GDtlsConnection: */ + g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream"); + g_object_class_override_property (gobject_class, PROP_BASE_SOCKET, "base-socket"); + g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify"); + g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode"); + g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb"); + g_object_class_override_property (gobject_class, PROP_DATABASE, "database"); + g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate"); + g_object_class_override_property (gobject_class, PROP_INTERACTION, "interaction"); + g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE, "peer-certificate"); + g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors"); +} + +static void +g_tls_connection_gnutls_initable_iface_init (GInitableIface *iface) +{ + iface->init = g_tls_connection_gnutls_initable_init; +} + +static void +g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface) +{ + iface->handshake = g_tls_connection_gnutls_dtls_handshake; + iface->handshake_async = g_tls_connection_gnutls_dtls_handshake_async; + iface->handshake_finish = g_tls_connection_gnutls_dtls_handshake_finish; + iface->shutdown = g_tls_connection_gnutls_dtls_shutdown; + iface->shutdown_async = g_tls_connection_gnutls_dtls_shutdown_async; + iface->shutdown_finish = g_tls_connection_gnutls_dtls_shutdown_finish; +} + +static void +g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *iface) +{ + iface->receive_messages = g_tls_connection_gnutls_receive_messages; + iface->send_messages = g_tls_connection_gnutls_send_messages; + iface->create_source = g_tls_connection_gnutls_dtls_create_source; + iface->condition_check = g_tls_connection_gnutls_condition_check; + iface->condition_wait = g_tls_connection_gnutls_condition_wait; +} + +gboolean +g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *gnutls, + GError **error) +{ + GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED; + GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls); + GTlsInteraction *interaction; + GTlsConnection *conn; + + g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (gnutls), FALSE); + + conn = G_TLS_CONNECTION (gnutls); + + interaction = g_tls_connection_get_interaction (conn); + if (!interaction) + return FALSE; + + res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0, + priv->read_cancellable, error); + return res != G_TLS_INTERACTION_FAILED; +} diff --git a/tls/gnutls/gtlsconnection-gnutls.h b/tls/gnutls/gtlsconnection-gnutls.h new file mode 100644 index 0000000..4c623c2 --- /dev/null +++ b/tls/gnutls/gtlsconnection-gnutls.h @@ -0,0 +1,92 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_CONNECTION_GNUTLS_H__ +#define __G_TLS_CONNECTION_GNUTLS_H__ + +#include +#include + +G_BEGIN_DECLS + +#define G_TYPE_TLS_CONNECTION_GNUTLS (g_tls_connection_gnutls_get_type ()) + +G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_CONNECTION_GNUTLS, GTlsConnection) + +struct _GTlsConnectionGnutlsClass +{ + GTlsConnectionClass parent_class; + + void (*failed) (GTlsConnectionGnutls *gnutls); + + void (*begin_handshake) (GTlsConnectionGnutls *gnutls); + void (*finish_handshake) (GTlsConnectionGnutls *gnutls, + GError **inout_error); +}; + +gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection); +gnutls_session_t g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *connection); + +void g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls, + gnutls_retr2_st *st); + +gboolean g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *gnutls, + GError **error); + +gssize g_tls_connection_gnutls_read (GTlsConnectionGnutls *gnutls, + void *buffer, + gsize size, + gint64 timeout, + GCancellable *cancellable, + GError **error); +gssize g_tls_connection_gnutls_write (GTlsConnectionGnutls *gnutls, + const void *buffer, + gsize size, + gint64 timeout, + GCancellable *cancellable, + GError **error); + +gboolean g_tls_connection_gnutls_check (GTlsConnectionGnutls *gnutls, + GIOCondition condition); +GSource *g_tls_connection_gnutls_create_source (GTlsConnectionGnutls *gnutls, + GIOCondition condition, + GCancellable *cancellable); + +typedef enum { + G_TLS_DIRECTION_NONE = 0, + G_TLS_DIRECTION_READ = 1 << 0, + G_TLS_DIRECTION_WRITE = 1 << 1, +} GTlsDirection; + +#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE) + +gboolean g_tls_connection_gnutls_close_internal (GIOStream *stream, + GTlsDirection direction, + gint64 timeout, + GCancellable *cancellable, + GError **error); + +G_END_DECLS + +#endif /* __G_TLS_CONNECTION_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c new file mode 100644 index 0000000..118e7d2 --- /dev/null +++ b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c @@ -0,0 +1,1140 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2011 Collabora, Ltd + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "gtlsdatabase-gnutls-pkcs11.h" +#include "gtlscertificate-gnutls-pkcs11.h" + +#include +#include +#include + +#include +#include + +#include "pkcs11/gpkcs11pin.h" +#include "pkcs11/gpkcs11slot.h" +#include "pkcs11/gpkcs11util.h" +#include "pkcs11/pkcs11-trust-assertions.h" + +static const CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = { + CKA_ID, CKA_LABEL, CKA_CLASS, CKA_VALUE +}; + +static const CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = { + CKA_ID, CKA_LABEL, CKA_CLASS, CKA_KEY_TYPE +}; + +static void g_tls_database_gnutls_pkcs11_initable_iface_init (GInitableIface *iface); + +struct _GTlsDatabaseGnutlsPkcs11 +{ + GTlsDatabaseGnutls parent_instance; + + /* no changes after construction */ + CK_FUNCTION_LIST **modules; + GList *pkcs11_slots; + GList *trust_uris; +}; + +G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11, + G_TYPE_TLS_DATABASE_GNUTLS, + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, + g_tls_database_gnutls_pkcs11_initable_iface_init)); + +static gboolean +discover_module_slots_and_options (GTlsDatabaseGnutlsPkcs11 *self, + CK_FUNCTION_LIST_PTR module, + GError **error) +{ + CK_ULONG i, count = 0; + CK_SLOT_ID *list; + GPkcs11Slot *slot; + P11KitUri *uri; + char *string; + guint uri_type; + int ret; + CK_RV rv; + + /* + * Ask module for the number of slots. We include slots without tokens + * since we want to be able to use them if the user inserts a token + * later. + */ + + rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count); + if (rv != CKR_OK) + { + g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, + "Couldn't load list of slots in PKCS#11 module: %s", + p11_kit_strerror (rv)); + return FALSE; + } + + if (count == 0) + return TRUE; + + /* Actually retrieve the slot ids */ + list = g_new0 (CK_SLOT_ID, count); + rv = (module->C_GetSlotList) (CK_FALSE, list, &count); + if (rv != CKR_OK) + { + g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, + "Couldn't load list of slots in PKCS#11 module: %s", + p11_kit_strerror (rv)); + g_free (list); + return FALSE; + } + + for (i = 0; i < count; ++i) + { + slot = g_object_new (G_TYPE_PKCS11_SLOT, + "slot-id", list[i], + "module", module, + NULL); + self->pkcs11_slots = g_list_append (self->pkcs11_slots, slot); + } + + /* + * Load up relevant options. We use the x-trust-lookup option to determine + * which slots we can use for looking up trust assertionts. + */ + + string = p11_kit_config_option (module, "x-trust-lookup"); + if (string != NULL) + { + uri = p11_kit_uri_new (); + uri_type = P11_KIT_URI_FOR_TOKEN | P11_KIT_URI_FOR_MODULE_WITH_VERSION; + ret = p11_kit_uri_parse (string, uri_type, uri); + + if (ret < 0) + { + g_message ("couldn't parse configured uri for trust lookups: %s: %s", + string, p11_kit_uri_message (ret)); + p11_kit_uri_free (uri); + } + else + { + self->trust_uris = g_list_append (self->trust_uris, uri); + } + + free (string); + } + + return TRUE; +} + +static GTlsCertificate * +create_database_pkcs11_certificate (GPkcs11Slot *slot, + GPkcs11Array *certificate_attrs, + GPkcs11Array *private_key_attrs) +{ + GTlsCertificate *certificate; + gchar *certificate_uri = NULL; + gchar *private_key_uri = NULL; + const CK_ATTRIBUTE *value_attr; + P11KitUri *uri; + int ret; + + value_attr = g_pkcs11_array_find (certificate_attrs, CKA_VALUE); + if (value_attr == NULL) + return NULL; + + uri = p11_kit_uri_new (); + + /* + * The PKCS#11 URIs we create for certificates and keys are not bound to + * the module. They are bound to the token. + * + * For example the user could have keys on a smart card token. He could insert + * this smart card into a different slot, or perhaps change the driver + * (through an OS upgrade). So the key and certificate should still be + * referenceable through the URI. + * + * We also set a 'pinfile' prompting id, so that users of p11-kit like + * gnutls can call our callback. + */ + + if (!g_pkcs11_slot_get_token_info (slot, p11_kit_uri_get_token_info (uri))) + g_return_val_if_reached (NULL); + + ret = p11_kit_uri_set_attributes (uri, certificate_attrs->attrs, + certificate_attrs->count); + g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, &certificate_uri); + g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL); + + if (private_key_attrs != NULL) + { + + /* The URI will keep the token info above, so we just change attributes */ + + ret = p11_kit_uri_set_attributes (uri, private_key_attrs->attrs, + private_key_attrs->count); + g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, &private_key_uri); + g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL); + } + + certificate = g_tls_certificate_gnutls_pkcs11_new (value_attr->pValue, + value_attr->ulValueLen, + certificate_uri, + private_key_uri, + NULL); + + p11_kit_uri_free (uri); + g_free (certificate_uri); + g_free (private_key_uri); + + return certificate; +} + +static const gchar * +calculate_peer_for_identity (GSocketConnectable *identity) +{ + const char *peer; + + if (G_IS_NETWORK_ADDRESS (identity)) + peer = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity)); + else if (G_IS_NETWORK_SERVICE (identity)) + peer = g_network_service_get_domain (G_NETWORK_SERVICE (identity)); + else + peer = NULL; + + return peer; +} + +static void +g_tls_database_gnutls_pkcs11_finalize (GObject *object) +{ + GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (object); + GList *l; + + for (l = self->pkcs11_slots; l; l = g_list_next (l)) + g_object_unref (l->data); + g_list_free (self->pkcs11_slots); + + for (l = self->trust_uris; l; l = g_list_next (l)) + p11_kit_uri_free (l->data); + g_list_free (self->trust_uris); + + if (self->modules) + p11_kit_modules_release (self->modules); + + G_OBJECT_CLASS (g_tls_database_gnutls_pkcs11_parent_class)->finalize (object); +} + +static void +g_tls_database_gnutls_pkcs11_init (GTlsDatabaseGnutlsPkcs11 *self) +{ +} + +static gboolean +accumulate_stop (gpointer result, + gpointer user_data) +{ + return FALSE; /* stop enumeration */ +} + +static gboolean +accumulate_exists (gpointer result, + gpointer user_data) +{ + gboolean *exists = (gboolean *)user_data; + *exists = TRUE; + return FALSE; /* stop enumeration */ +} + +static gboolean +accumulate_first_attributes (gpointer result, + gpointer user_data) +{ + GPkcs11Array **attributes = (GPkcs11Array **)user_data; + g_assert (attributes); + *attributes = g_pkcs11_array_ref (result); + return FALSE; /* stop enumeration */ +} + +static gboolean +accumulate_list_attributes (gpointer result, + gpointer user_data) +{ + GList **results = (GList **)user_data; + g_assert (results); + *results = g_list_append (*results, g_pkcs11_array_ref (result)); + return TRUE; /* continue enumeration */ +} + +static gboolean +accumulate_first_object (gpointer result, + gpointer user_data) +{ + GObject **object = (GObject **)user_data; + g_assert (object); + *object = g_object_ref (result); + return FALSE; /* stop enumeration */ +} + +static gboolean +accumulate_list_objects (gpointer result, + gpointer user_data) +{ + GList **results = (GList **)user_data; + g_assert (results); + *results = g_list_append (*results, g_object_ref (result)); + return TRUE; /* continue enumeration */ +} + +static GPkcs11EnumerateState +enumerate_call_accumulator (GPkcs11Accumulator accumulator, + gpointer result, + gpointer user_data) +{ + g_assert (accumulator); + + if (!(accumulator) (result, user_data)) + return G_PKCS11_ENUMERATE_STOP; + + return G_PKCS11_ENUMERATE_CONTINUE; +} + +static GPkcs11EnumerateState +enumerate_assertion_exists_in_slot (GPkcs11Slot *slot, + GTlsInteraction *interaction, + GPkcs11Array *match, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + GPkcs11EnumerateState state; + + state = g_pkcs11_slot_enumerate (slot, interaction, match->attrs, match->count, + FALSE, NULL, 0, accumulate_stop, NULL, + cancellable, error); + + /* A stop means that something matched */ + if (state == G_PKCS11_ENUMERATE_STOP) + return enumerate_call_accumulator (accumulator, NULL, user_data); + + return state; +} + +static GPkcs11EnumerateState +enumerate_assertion_exists_in_database (GTlsDatabaseGnutlsPkcs11 *self, + GTlsInteraction *interaction, + GPkcs11Array *match, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE; + gboolean slot_matched; + GPkcs11Slot *slot; + GList *l, *t; + + for (l = self->pkcs11_slots; l != NULL; l = g_list_next (l)) + { + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_PKCS11_ENUMERATE_FAILED; + + slot = l->data; + + /* We only search for assertions on slots that match the trust-lookup uris */ + slot_matched = FALSE; + for (t = self->trust_uris; !slot_matched && t != NULL; t = g_list_next (t)) + slot_matched = g_pkcs11_slot_matches_uri (slot, t->data); + if (!slot_matched) + continue; + + state = enumerate_assertion_exists_in_slot (slot, interaction, match, accumulator, + user_data, cancellable, error); + if (state != G_PKCS11_ENUMERATE_CONTINUE) + break; + } + + return state; +} + +static gboolean +g_tls_database_gnutls_pkcs11_lookup_assertion (GTlsDatabaseGnutlsPkcs11 *self, + GTlsCertificateGnutls *certificate, + GTlsDatabaseGnutlsAssertion assertion, + const gchar *purpose, + GSocketConnectable *identity, + GCancellable *cancellable, + GError **error) +{ + GByteArray *der = NULL; + gboolean found, ready; + GPkcs11Array *match; + const gchar *peer; + + ready = FALSE; + found = FALSE; + match = g_pkcs11_array_new (); + + if (assertion == G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE || + assertion == G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE) + { + g_object_get (certificate, "certificate", &der, NULL); + g_return_val_if_fail (der, FALSE); + g_pkcs11_array_add_value (match, CKA_X_CERTIFICATE_VALUE, der->data, der->len); + g_byte_array_unref (der); + + g_pkcs11_array_add_value (match, CKA_X_PURPOSE, purpose, -1); + + if (assertion == G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE) + { + g_pkcs11_array_add_ulong (match, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE); + ready = TRUE; + } + else if (assertion == G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE) + { + g_pkcs11_array_add_ulong (match, CKA_X_ASSERTION_TYPE, CKT_X_PINNED_CERTIFICATE); + peer = calculate_peer_for_identity (identity); + if (peer) + { + g_pkcs11_array_add_value (match, CKA_X_PEER, peer, -1); + ready = TRUE; + } + } + } + + if (ready == TRUE) + enumerate_assertion_exists_in_database (self, NULL, match, accumulate_exists, + &found, cancellable, error); + + g_pkcs11_array_unref (match); + return found; +} + +static GPkcs11EnumerateState +enumerate_keypair_for_certificate (GPkcs11Slot *slot, + GTlsInteraction *interaction, + GPkcs11Array *match_certificate, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; + GPkcs11Array *private_key_attrs = NULL; + const CK_ATTRIBUTE *id_attribute; + CK_ATTRIBUTE match[2]; + GTlsCertificate *certificate; + GPkcs11EnumerateState state; + + /* + * We need to find a private key that matches the certificate. + * + * The PKCS#11 standard strongly suggests the norm that matching certificates + * and keys have the same CKA_ID. This is how we lookup the key that matches + * a certificate. + */ + + id_attribute = g_pkcs11_array_find (match_certificate, CKA_ID); + if (id_attribute == NULL) + return TRUE; + + match[0].type = CKA_ID; + match[0].pValue = id_attribute->pValue; + match[0].ulValueLen = id_attribute->ulValueLen; + match[1].type = CKA_CLASS; + match[1].pValue = &key_class; + match[1].ulValueLen = sizeof (key_class); + + g_assert (private_key_attrs == NULL); + state = g_pkcs11_slot_enumerate (slot, interaction, match, G_N_ELEMENTS (match), TRUE, + KEY_ATTRIBUTE_TYPES, G_N_ELEMENTS (KEY_ATTRIBUTE_TYPES), + accumulate_first_attributes, &private_key_attrs, + cancellable, error); + + if (state == G_PKCS11_ENUMERATE_FAILED) + return state; + + state = G_PKCS11_ENUMERATE_CONTINUE; + if (private_key_attrs) + { + /* We searched for public key (see above) so change attributes to look like private */ + g_pkcs11_array_set_ulong (private_key_attrs, CKA_CLASS, CKO_PRIVATE_KEY); + certificate = create_database_pkcs11_certificate (slot, match_certificate, + private_key_attrs); + g_pkcs11_array_unref (private_key_attrs); + + if (certificate) + { + state = enumerate_call_accumulator (accumulator, certificate, user_data); + g_object_unref (certificate); + } + } + + return state; +} + +static GPkcs11EnumerateState +enumerate_keypairs_in_slot (GPkcs11Slot *slot, + GTlsInteraction *interaction, + CK_ATTRIBUTE_PTR match, + CK_ULONG match_count, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + GPkcs11EnumerateState state; + GList *results = NULL; + GList *l; + + /* + * Find all the certificates that match for this slot, and then below + * we lookup to see if there's a private key for any of them. + * + * Note that we shouldn't be doing two find operations at once, because + * this may use too many sessions on smart cards and fragile drivers. So + * that's why we list all certificates, complete that find operation, and + * then do more find ops looking for private keys. + */ + + state = g_pkcs11_slot_enumerate (slot, interaction, match, match_count, FALSE, + CERTIFICATE_ATTRIBUTE_TYPES, + G_N_ELEMENTS (CERTIFICATE_ATTRIBUTE_TYPES), + accumulate_list_attributes, &results, + cancellable, error); + if (state == G_PKCS11_ENUMERATE_CONTINUE) + { + for (l = results; l != NULL; l = g_list_next (l)) + { + state = enumerate_keypair_for_certificate (slot, interaction, l->data, accumulator, + user_data, cancellable, error); + if (state != G_PKCS11_ENUMERATE_CONTINUE) + break; + } + } + + for (l = results; l != NULL; l = g_list_next (l)) + g_pkcs11_array_unref (l->data); + g_list_free (results); + + return state; +} + +typedef struct { + GPkcs11Accumulator accumulator; + gpointer user_data; + GPkcs11Slot *slot; +} enumerate_certificates_closure; + +static gboolean +accumulate_wrap_into_certificate (gpointer result, + gpointer user_data) +{ + GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE; + enumerate_certificates_closure *closure = user_data; + GTlsCertificate *certificate; + + certificate = create_database_pkcs11_certificate (closure->slot, + result, NULL); + if (certificate) + { + state = enumerate_call_accumulator (closure->accumulator, certificate, + closure->user_data); + g_object_unref (certificate); + } + + return (state == G_PKCS11_ENUMERATE_CONTINUE); +} + +static GPkcs11EnumerateState +enumerate_certificates_in_slot (GPkcs11Slot *slot, + GTlsInteraction *interaction, + CK_ATTRIBUTE_PTR match, + CK_ULONG match_count, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + enumerate_certificates_closure closure = { accumulator, user_data, slot }; + + /* + * We create the certificates inline, so we can stop the enumeration early + * if only one certificate is necessary, but a whole bunch match. We provide + * our own accumulator here, turning the attributes into certificates and + * then calling the original accumulator. + */ + + return g_pkcs11_slot_enumerate (slot, interaction, match, match_count, FALSE, + CERTIFICATE_ATTRIBUTE_TYPES, + G_N_ELEMENTS (CERTIFICATE_ATTRIBUTE_TYPES), + accumulate_wrap_into_certificate, + &closure, cancellable, error); +} + +static GPkcs11EnumerateState +enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11 *self, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + CK_ATTRIBUTE_PTR match, + CK_ULONG match_count, + P11KitUri *match_slot_to_uri, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE; + GPkcs11Slot *slot; + GList *l; + + /* These are the flags we support */ + if (flags & ~(G_TLS_DATABASE_LOOKUP_KEYPAIR)) + return G_PKCS11_ENUMERATE_CONTINUE; + + for (l = self->pkcs11_slots; l; l = g_list_next (l)) + { + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_PKCS11_ENUMERATE_FAILED; + + slot = l->data; + + /* If the slot doesn't match the URI (when one is present) nothing matches */ + if (match_slot_to_uri && !g_pkcs11_slot_matches_uri (slot, match_slot_to_uri)) + continue; + + if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR) + { + state = enumerate_keypairs_in_slot (slot, interaction, match, + match_count, accumulator, user_data, + cancellable, error); + + } + else + { + state = enumerate_certificates_in_slot (slot, interaction, match, + match_count, accumulator, + user_data, cancellable, error); + } + + if (state != G_PKCS11_ENUMERATE_CONTINUE) + break; + } + + return state; +} + +static GTlsCertificate * +g_tls_database_gnutls_pkcs11_lookup_certificate_issuer (GTlsDatabase *database, + GTlsCertificate *certificate, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database); + GTlsCertificate *result = NULL; + GPkcs11Array *match = NULL; + gnutls_x509_crt_t cert; + gnutls_datum_t dn; + int gerr; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), NULL); + + /* Dig out the issuer of this certificate */ + cert = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (certificate)); + gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn); + if (gerr < 0) + { + g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr)); + return NULL; + } + + match = g_pkcs11_array_new (); + g_pkcs11_array_add_ulong (match, CKA_CLASS, CKO_CERTIFICATE); + g_pkcs11_array_add_ulong (match, CKA_CERTIFICATE_TYPE, CKC_X_509); + g_pkcs11_array_add_value (match, CKA_SUBJECT, dn.data, dn.size); + gnutls_free (dn.data); + + enumerate_certificates_in_database (self, interaction, flags, match->attrs, + match->count, NULL, accumulate_first_object, + &result, cancellable, error); + g_pkcs11_array_unref (match); + return result; +} + +static GList * +g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by (GTlsDatabase *database, + GByteArray *issuer_subject, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database); + GList *l, *results = NULL; + GPkcs11Array *match = NULL; + GPkcs11EnumerateState state; + + g_return_val_if_fail (issuer_subject, NULL); + + match = g_pkcs11_array_new (); + g_pkcs11_array_add_ulong (match, CKA_CLASS, CKO_CERTIFICATE); + g_pkcs11_array_add_ulong (match, CKA_CERTIFICATE_TYPE, CKC_X_509); + g_pkcs11_array_add_value (match, CKA_ISSUER, issuer_subject->data, issuer_subject->len); + + state = enumerate_certificates_in_database (self, interaction, flags, match->attrs, + match->count, NULL, accumulate_list_objects, + &results, cancellable, error); + + /* Could have had partial success, don't leak memory */ + if (state == G_PKCS11_ENUMERATE_FAILED) + { + for (l = results; l != NULL; l = g_list_next (l)) + g_object_unref (l->data); + g_list_free (results); + results = NULL; + } + + g_pkcs11_array_unref (match); + return results; +} + +static gchar * +g_tls_database_gnutls_pkcs11_create_certificate_handle (GTlsDatabase *database, + GTlsCertificate *certificate) +{ + GTlsCertificateGnutlsPkcs11 *pkcs11_cert; + + if (!G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11 (certificate)) + return NULL; + + pkcs11_cert = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (certificate); + return g_tls_certificate_gnutls_pkcs11_build_certificate_uri (pkcs11_cert, NULL); +} + +static GTlsCertificate * +g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle (GTlsDatabase *database, + const gchar *handle, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database); + GTlsCertificate *result = NULL; + P11KitUri *uri; + CK_ATTRIBUTE_PTR match; + CK_ULONG match_count; + int ret; + + /* The handle is a PKCS#11 URI */ + + /* These are the flags we support */ + if (flags & ~(G_TLS_DATABASE_LOOKUP_KEYPAIR)) + return NULL; + + uri = p11_kit_uri_new (); + if (uri == NULL) + g_error ("out of memory in p11_kit_uri_new()"); + + ret = p11_kit_uri_parse (handle, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE | + P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + if (ret == P11_KIT_URI_NO_MEMORY) + { + g_error ("out of memory in p11_kit_uri_parse()"); + } + else if (ret != P11_KIT_URI_OK) + { + p11_kit_uri_free (uri); + g_set_error (error, G_PKCS11_ERROR, G_PKCS11_ERROR_BAD_URI, + "Invalid PKCS#11 URI: %s", handle); + return NULL; + } + + match = p11_kit_uri_get_attributes (uri, &match_count); + enumerate_certificates_in_database (self, interaction, flags, match, match_count, + uri, accumulate_first_object, &result, + cancellable, error); + + p11_kit_uri_free (uri); + return result; +} + +#define BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT 10 + +enum { + STATUS_FAILURE, + STATUS_INCOMPLETE, + STATUS_SELFSIGNED, + STATUS_ANCHORED, + STATUS_RECURSION_LIMIT_REACHED +}; + +static gboolean +is_self_signed (GTlsCertificateGnutls *certificate) +{ + const gnutls_x509_crt_t cert = g_tls_certificate_gnutls_get_cert (certificate); + return (gnutls_x509_crt_check_issuer (cert, cert) > 0); +} + +static gint +build_certificate_chain (GTlsDatabaseGnutlsPkcs11 *self, + GTlsCertificateGnutls *certificate, + GTlsCertificateGnutls *previous, + gboolean certificate_is_from_db, + guint recursion_depth, + const gchar *purpose, + GSocketConnectable *identity, + GTlsInteraction *interaction, + GCancellable *cancellable, + GTlsCertificateGnutls **anchor, + GError **error) +{ + GTlsCertificate *issuer; + gint status; + + if (recursion_depth++ > BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT) + return STATUS_RECURSION_LIMIT_REACHED; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return STATUS_FAILURE; + + /* Look up whether this certificate is an anchor */ + if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate, + G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE, + purpose, identity, cancellable, error)) + { + g_tls_certificate_gnutls_set_issuer (certificate, NULL); + *anchor = certificate; + return STATUS_ANCHORED; + } + else if (*error) + { + return STATUS_FAILURE; + } + + /* Is it self-signed? */ + if (is_self_signed (certificate)) + { + /* + * Since at this point we would fail with 'self-signed', can we replace + * this certificate with one from the database and do better? + */ + if (previous && !certificate_is_from_db) + { + issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self), + G_TLS_CERTIFICATE (previous), + interaction, + G_TLS_DATABASE_LOOKUP_NONE, + cancellable, error); + if (*error) + { + return STATUS_FAILURE; + } + else if (issuer) + { + /* Replaced with certificate in the db, restart step again with this certificate */ + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE); + certificate = G_TLS_CERTIFICATE_GNUTLS (issuer); + g_tls_certificate_gnutls_set_issuer (previous, certificate); + g_object_unref (issuer); + + return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth, + purpose, identity, interaction, cancellable, anchor, error); + } + } + + g_tls_certificate_gnutls_set_issuer (certificate, NULL); + return STATUS_SELFSIGNED; + } + + previous = certificate; + + /* Bring over the next certificate in the chain */ + issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate)); + if (issuer) + { + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE); + certificate = G_TLS_CERTIFICATE_GNUTLS (issuer); + + status = build_certificate_chain (self, certificate, previous, FALSE, recursion_depth, + purpose, identity, interaction, cancellable, anchor, error); + if (status != STATUS_INCOMPLETE) + { + return status; + } + } + + /* Search for the next certificate in chain */ + issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self), + G_TLS_CERTIFICATE (certificate), + interaction, + G_TLS_DATABASE_LOOKUP_NONE, + cancellable, error); + if (*error) + return STATUS_FAILURE; + + if (!issuer) + return STATUS_INCOMPLETE; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE); + g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer)); + certificate = G_TLS_CERTIFICATE_GNUTLS (issuer); + g_object_unref (issuer); + + return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth, + purpose, identity, interaction, cancellable, anchor, error); +} + +static GTlsCertificateFlags +double_check_before_after_dates (GTlsCertificateGnutls *chain) +{ + GTlsCertificateFlags gtls_flags = 0; + gnutls_x509_crt_t cert; + time_t t, now; + + now = time (NULL); + while (chain) + { + cert = g_tls_certificate_gnutls_get_cert (chain); + t = gnutls_x509_crt_get_activation_time (cert); + if (t == (time_t) -1 || t > now) + gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED; + + t = gnutls_x509_crt_get_expiration_time (cert); + if (t == (time_t) -1 || t < now) + gtls_flags |= G_TLS_CERTIFICATE_EXPIRED; + + chain = G_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_get_issuer + (G_TLS_CERTIFICATE (chain))); + } + + return gtls_flags; +} + +static void +convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain, + gnutls_x509_crt_t **gnutls_chain, + guint *gnutls_chain_length) +{ + GTlsCertificate *cert; + guint i; + + g_assert (gnutls_chain); + g_assert (gnutls_chain_length); + + for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain); + cert; cert = g_tls_certificate_get_issuer (cert)) + ++(*gnutls_chain_length); + + *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length); + + for (i = 0, cert = G_TLS_CERTIFICATE (chain); + cert; cert = g_tls_certificate_get_issuer (cert), ++i) + (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert)); + + g_assert (i == *gnutls_chain_length); +} + +static GTlsCertificateFlags +g_tls_database_gnutls_pkcs11_verify_chain (GTlsDatabase *database, + GTlsCertificate *chain, + const gchar *purpose, + GSocketConnectable *identity, + GTlsInteraction *interaction, + GTlsDatabaseVerifyFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsDatabaseGnutlsPkcs11 *self; + GTlsCertificateFlags result; + GTlsCertificateGnutls *certificate; + GError *err = NULL; + GTlsCertificateGnutls *anchor; + guint gnutls_result; + gnutls_x509_crt_t *certs, *anchors; + guint certs_length, anchors_length; + gint status, gerr; + guint recursion_depth = 0; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain), + G_TLS_CERTIFICATE_GENERIC_ERROR); + g_assert (purpose); + + self = G_TLS_DATABASE_GNUTLS_PKCS11 (database); + certificate = G_TLS_CERTIFICATE_GNUTLS (chain); + + /* First check for pinned certificate */ + if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate, + G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE, + purpose, identity, cancellable, &err)) + { + /* + * A pinned certificate is verified on its own, without any further + * verification. + */ + g_tls_certificate_gnutls_set_issuer (certificate, NULL); + return 0; + } + + if (err) + { + g_propagate_error (error, err); + return G_TLS_CERTIFICATE_GENERIC_ERROR; + } + + anchor = NULL; + status = build_certificate_chain (self, certificate, NULL, FALSE, recursion_depth, + purpose, identity, interaction, cancellable, &anchor, &err); + if (status == STATUS_FAILURE) + { + g_propagate_error (error, err); + return G_TLS_CERTIFICATE_GENERIC_ERROR; + } + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_TLS_CERTIFICATE_GENERIC_ERROR; + + convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain), + &certs, &certs_length); + + if (anchor) + { + g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL); + convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (anchor), + &anchors, &anchors_length); + } + else + { + anchors = NULL; + anchors_length = 0; + } + + gerr = gnutls_x509_crt_list_verify (certs, certs_length, + anchors, anchors_length, + NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, + &gnutls_result); + + g_free (certs); + g_free (anchors); + + if (gerr != 0) + return G_TLS_CERTIFICATE_GENERIC_ERROR; + else if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_TLS_CERTIFICATE_GENERIC_ERROR; + + result = g_tls_certificate_gnutls_convert_flags (gnutls_result); + + /* + * We have to check these ourselves since gnutls_x509_crt_list_verify + * won't bother if it gets an UNKNOWN_CA. + */ + result |= double_check_before_after_dates (G_TLS_CERTIFICATE_GNUTLS (chain)); + + if (identity) + result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain), + identity); + + return result; +} + +static void +g_tls_database_gnutls_pkcs11_class_init (GTlsDatabaseGnutlsPkcs11Class *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass); + + gobject_class->finalize = g_tls_database_gnutls_pkcs11_finalize; + + database_class->create_certificate_handle = g_tls_database_gnutls_pkcs11_create_certificate_handle; + database_class->lookup_certificate_issuer = g_tls_database_gnutls_pkcs11_lookup_certificate_issuer; + database_class->lookup_certificates_issued_by = g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by; + database_class->lookup_certificate_for_handle = g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle; + database_class->verify_chain = g_tls_database_gnutls_pkcs11_verify_chain; +} + +static gboolean +g_tls_database_gnutls_pkcs11_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (initable); + GError *err = NULL; + gboolean any_success = FALSE; + gboolean any_failure = FALSE; + guint i; + + g_return_val_if_fail (!self->modules, FALSE); + + self->modules = p11_kit_modules_load (NULL, 0); + if (self->modules == NULL) { + g_set_error_literal (error, G_PKCS11_ERROR, CKR_FUNCTION_FAILED, p11_kit_message ()); + return FALSE; + } + + for (i = 0; self->modules[i] != NULL; i++) + { + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + { + any_failure = TRUE; + any_success = FALSE; + break; + } + + if (discover_module_slots_and_options (self, self->modules[i], &err)) + { + /* A module was setup correctly */ + any_success = TRUE; + g_clear_error (error); + } + else + { + /* No module success, first module failure */ + if (!any_success && !any_failure) + g_propagate_error (error, err); + any_failure = TRUE; + } + } + + return (any_failure && !any_success) ? FALSE : TRUE; +} + +static void +g_tls_database_gnutls_pkcs11_initable_iface_init (GInitableIface *iface) +{ + iface->init = g_tls_database_gnutls_pkcs11_initable_init; +} + +GTlsDatabase * +g_tls_database_gnutls_pkcs11_new (GError **error) +{ + g_return_val_if_fail (!error || !*error, NULL); + return g_initable_new (G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, NULL, error, NULL); +} diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h new file mode 100644 index 0000000..7ae710b --- /dev/null +++ b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h @@ -0,0 +1,44 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Certificate, Output and Gnutlsing Library + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_TLS_DATABASE_GNUTLS_PKCS11_H__ +#define __G_TLS_DATABASE_GNUTLS_PKCS11_H__ + +#include + +#include "gtlsdatabase-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_DATABASE_GNUTLS_PKCS11 (g_tls_database_gnutls_pkcs11_get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11, G, TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutls) + +GTlsDatabase* g_tls_database_gnutls_pkcs11_new (GError **error); + +G_END_DECLS + +#endif /* __G_TLS_DATABASE_GNUTLS_PKCS11_H___ */ diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c new file mode 100644 index 0000000..4d11af7 --- /dev/null +++ b/tls/gnutls/gtlsdatabase-gnutls.c @@ -0,0 +1,41 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "gtlsdatabase-gnutls.h" + +G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G_TYPE_TLS_DATABASE); + +static void +g_tls_database_gnutls_init (GTlsDatabaseGnutls *self) +{ +} + +static void +g_tls_database_gnutls_class_init (GTlsDatabaseGnutlsClass *klass) +{ +} diff --git a/tls/gnutls/gtlsdatabase-gnutls.h b/tls/gnutls/gtlsdatabase-gnutls.h new file mode 100644 index 0000000..0fc6afb --- /dev/null +++ b/tls/gnutls/gtlsdatabase-gnutls.h @@ -0,0 +1,52 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_TLS_DATABASE_GNUTLS_H__ +#define __G_TLS_DATABASE_GNUTLS_H__ + +#include + +#include "gtlscertificate-gnutls.h" + +G_BEGIN_DECLS + +typedef enum { + G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE = 1, + G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE = 2, +} GTlsDatabaseGnutlsAssertion; + +#define G_TYPE_TLS_DATABASE_GNUTLS (g_tls_database_gnutls_get_type ()) + +G_DECLARE_DERIVABLE_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G, TLS_DATABASE_GNUTLS, GTlsDatabase) + +struct _GTlsDatabaseGnutlsClass +{ + GTlsDatabaseClass parent_class; +}; + +G_END_DECLS + +#endif /* __G_TLS_DATABASE_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.c b/tls/gnutls/gtlsfiledatabase-gnutls.c new file mode 100644 index 0000000..5a5c965 --- /dev/null +++ b/tls/gnutls/gtlsfiledatabase-gnutls.c @@ -0,0 +1,699 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "gtlsfiledatabase-gnutls.h" + +#include +#include +#include + +#include "gtlscertificate-gnutls.h" + +enum +{ + PROP_0, + PROP_ANCHORS, +}; + +struct _GTlsFileDatabaseGnutls +{ + GTlsDatabaseGnutls parent_instance; + + /* read-only after construct */ + gchar *anchor_filename; + gnutls_x509_trust_list_t trust_list; + + /* protected by mutex */ + GMutex mutex; + + /* + * These are hash tables of GBytes -> GPtrArray. The values of + * the ptr array are full DER encoded certificate values. The keys are byte + * arrays containing either subject DNs, issuer DNs, or full DER encoded certs + */ + GHashTable *subjects; + GHashTable *issuers; + + /* + * This is a table of GBytes -> GBytes. The values and keys are + * DER encoded certificate values. + */ + GHashTable *complete; + + /* + * This is a table of gchar * -> GPtrArray. The values of + * the ptr array are full DER encoded certificate values. The keys are the + * string handles. This array is populated on demand. + */ + GHashTable *handles; +}; + +static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface); + +static void g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface); + +G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G_TYPE_TLS_DATABASE_GNUTLS, + G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE, + g_tls_file_database_gnutls_file_database_interface_init); + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, + g_tls_file_database_gnutls_initable_interface_init); + ); + +static GHashTable * +bytes_multi_table_new (void) +{ + return g_hash_table_new_full (g_bytes_hash, g_bytes_equal, + (GDestroyNotify)g_bytes_unref, + (GDestroyNotify)g_ptr_array_unref); +} + +static void +bytes_multi_table_insert (GHashTable *table, + GBytes *key, + GBytes *value) +{ + GPtrArray *multi; + + multi = g_hash_table_lookup (table, key); + if (multi == NULL) + { + multi = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref); + g_hash_table_insert (table, g_bytes_ref (key), multi); + } + g_ptr_array_add (multi, g_bytes_ref (value)); +} + +static GBytes * +bytes_multi_table_lookup_ref_one (GHashTable *table, + GBytes *key) +{ + GPtrArray *multi; + + multi = g_hash_table_lookup (table, key); + if (multi == NULL) + return NULL; + + g_assert (multi->len > 0); + return g_bytes_ref (multi->pdata[0]); +} + +static GList * +bytes_multi_table_lookup_ref_all (GHashTable *table, + GBytes *key) +{ + GPtrArray *multi; + GList *list = NULL; + guint i; + + multi = g_hash_table_lookup (table, key); + if (multi == NULL) + return NULL; + + for (i = 0; i < multi->len; i++) + list = g_list_prepend (list, g_bytes_ref (multi->pdata[i])); + + return g_list_reverse (list); +} + +static gchar * +create_handle_for_certificate (const gchar *filename, + GBytes *der) +{ + gchar *bookmark; + gchar *uri_part; + gchar *uri; + + /* + * Here we create a URI that looks like: + * file:///etc/ssl/certs/ca-certificates.crt#11b2641821252596420e468c275771f5e51022c121a17bd7a89a2f37b6336c8f + */ + + uri_part = g_filename_to_uri (filename, NULL, NULL); + if (!uri_part) + return NULL; + + bookmark = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, der); + uri = g_strconcat (uri_part, "#", bookmark, NULL); + + g_free (bookmark); + g_free (uri_part); + + return uri; +} + +static GHashTable * +create_handles_array_unlocked (const gchar *filename, + GHashTable *complete) +{ + GHashTable *handles; + GHashTableIter iter; + GBytes *der; + gchar *handle; + + handles = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, + (GDestroyNotify)g_bytes_unref); + + g_hash_table_iter_init (&iter, complete); + while (g_hash_table_iter_next (&iter, NULL, (gpointer *)&der)) + { + handle = create_handle_for_certificate (filename, der); + if (handle != NULL) + g_hash_table_insert (handles, handle, g_bytes_ref (der)); + } + + return handles; +} + +static gboolean +load_anchor_file (const gchar *filename, + GHashTable *subjects, + GHashTable *issuers, + GHashTable *complete, + GError **error) +{ + GList *list, *l; + gnutls_x509_crt_t cert; + gnutls_datum_t dn; + GBytes *der; + GBytes *subject; + GBytes *issuer; + gint gerr; + GError *my_error = NULL; + + list = g_tls_certificate_list_new_from_file (filename, &my_error); + if (my_error) + { + g_propagate_error (error, my_error); + return FALSE; + } + + for (l = list; l; l = l->next) + { + cert = g_tls_certificate_gnutls_get_cert (l->data); + gerr = gnutls_x509_crt_get_raw_dn (cert, &dn); + if (gerr < 0) + { + g_warning ("failed to get subject of anchor certificate: %s", + gnutls_strerror (gerr)); + continue; + } + + subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data); + + gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn); + if (gerr < 0) + { + g_warning ("failed to get issuer of anchor certificate: %s", + gnutls_strerror (gerr)); + continue; + } + + issuer = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data); + + der = g_tls_certificate_gnutls_get_bytes (l->data); + g_return_val_if_fail (der != NULL, FALSE); + + /* Three different ways of looking up same certificate */ + bytes_multi_table_insert (subjects, subject, der); + bytes_multi_table_insert (issuers, issuer, der); + + g_hash_table_insert (complete, g_bytes_ref (der), + g_bytes_ref (der)); + + g_bytes_unref (der); + g_bytes_unref (subject); + g_bytes_unref (issuer); + + g_object_unref (l->data); + } + g_list_free (list); + + return TRUE; +} + + + +static void +g_tls_file_database_gnutls_finalize (GObject *object) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object); + + g_clear_pointer (&self->subjects, g_hash_table_destroy); + g_clear_pointer (&self->issuers, g_hash_table_destroy); + g_clear_pointer (&self->complete, g_hash_table_destroy); + g_clear_pointer (&self->handles, g_hash_table_destroy); + if (self->anchor_filename) + { + g_free (self->anchor_filename); + gnutls_x509_trust_list_deinit (self->trust_list, 1); + } + g_mutex_clear (&self->mutex); + + G_OBJECT_CLASS (g_tls_file_database_gnutls_parent_class)->finalize (object); +} + +static void +g_tls_file_database_gnutls_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object); + + switch (prop_id) + { + case PROP_ANCHORS: + g_value_set_string (value, self->anchor_filename); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_file_database_gnutls_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object); + const char *anchor_path; + + switch (prop_id) + { + case PROP_ANCHORS: + anchor_path = g_value_get_string (value); + if (anchor_path && !g_path_is_absolute (anchor_path)) + { + g_warning ("The anchor file name used with a GTlsFileDatabase " + "must be an absolute path, and not relative: %s", anchor_path); + return; + } + + if (self->anchor_filename) + { + g_free (self->anchor_filename); + gnutls_x509_trust_list_deinit (self->trust_list, 1); + } + self->anchor_filename = g_strdup (anchor_path); + gnutls_x509_trust_list_init (&self->trust_list, 0); + gnutls_x509_trust_list_add_trust_file (self->trust_list, + anchor_path, NULL, + GNUTLS_X509_FMT_PEM, 0, 0); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_file_database_gnutls_init (GTlsFileDatabaseGnutls *self) +{ + g_mutex_init (&self->mutex); +} + +static gchar * +g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase *database, + GTlsCertificate *certificate) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database); + GBytes *der; + gboolean contains; + gchar *handle = NULL; + + der = g_tls_certificate_gnutls_get_bytes (G_TLS_CERTIFICATE_GNUTLS (certificate)); + g_return_val_if_fail (der != NULL, FALSE); + + g_mutex_lock (&self->mutex); + + /* At the same time look up whether this certificate is in list */ + contains = g_hash_table_lookup (self->complete, der) ? TRUE : FALSE; + + g_mutex_unlock (&self->mutex); + + /* Certificate is in the database */ + if (contains) + handle = create_handle_for_certificate (self->anchor_filename, der); + + g_bytes_unref (der); + return handle; +} + +static GTlsCertificate * +g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase *database, + const gchar *handle, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database); + GTlsCertificate *cert; + GBytes *der; + gnutls_datum_t datum; + gsize length; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return NULL; + + if (!handle) + return NULL; + + g_mutex_lock (&self->mutex); + + /* Create the handles table if not already done */ + if (!self->handles) + self->handles = create_handles_array_unlocked (self->anchor_filename, + self->complete); + + der = g_hash_table_lookup (self->handles, handle); + if (der != NULL) + g_bytes_ref (der); + + g_mutex_unlock (&self->mutex); + + if (der == NULL) + return NULL; + + datum.data = (unsigned char *)g_bytes_get_data (der, &length); + datum.size = length; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + cert = NULL; + else + cert = g_tls_certificate_gnutls_new (&datum, NULL); + + g_bytes_unref (der); + return cert; +} + +static GTlsCertificate * +g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase *database, + GTlsCertificate *certificate, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database); + gnutls_datum_t dn = { NULL, 0 }; + GBytes *subject, *der; + gnutls_datum_t datum; + GTlsCertificate *issuer = NULL; + gnutls_x509_crt_t cert; + gsize length; + int gerr; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), NULL); + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return NULL; + + if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR) + return NULL; + + /* Dig out the issuer of this certificate */ + cert = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (certificate)); + gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn); + if (gerr < 0) + { + g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr)); + return NULL; + } + + subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data); + + /* Find the full DER value of the certificate */ + g_mutex_lock (&self->mutex); + der = bytes_multi_table_lookup_ref_one (self->subjects, subject); + g_mutex_unlock (&self->mutex); + + g_bytes_unref (subject); + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + { + issuer = NULL; + } + else if (der != NULL) + { + datum.data = (unsigned char *)g_bytes_get_data (der, &length); + datum.size = length; + issuer = g_tls_certificate_gnutls_new (&datum, NULL); + } + + if (der != NULL) + g_bytes_unref (der); + return issuer; +} + +static GList * +g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase *database, + GByteArray *issuer_raw_dn, + GTlsInteraction *interaction, + GTlsDatabaseLookupFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database); + GBytes *issuer; + gnutls_datum_t datum; + GList *issued = NULL; + GList *ders; + gsize length; + GList *l; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return NULL; + + /* We don't have any private keys here */ + if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR) + return NULL; + + issuer = g_bytes_new_static (issuer_raw_dn->data, issuer_raw_dn->len); + + /* Find the full DER value of the certificate */ + g_mutex_lock (&self->mutex); + ders = bytes_multi_table_lookup_ref_all (self->issuers, issuer); + g_mutex_unlock (&self->mutex); + + g_bytes_unref (issuer); + + for (l = ders; l != NULL; l = g_list_next (l)) + { + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + { + g_list_free_full (issued, g_object_unref); + issued = NULL; + break; + } + + datum.data = (unsigned char *)g_bytes_get_data (l->data, &length); + datum.size = length; + issued = g_list_prepend (issued, g_tls_certificate_gnutls_new (&datum, NULL)); + } + + g_list_free_full (ders, (GDestroyNotify)g_bytes_unref); + return issued; +} + +static void +convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain, + gnutls_x509_crt_t **gnutls_chain, + guint *gnutls_chain_length) +{ + GTlsCertificate *cert; + guint i; + + g_assert (gnutls_chain); + g_assert (gnutls_chain_length); + + for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain); + cert; cert = g_tls_certificate_get_issuer (cert)) + ++(*gnutls_chain_length); + + *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length); + + for (i = 0, cert = G_TLS_CERTIFICATE (chain); + cert; cert = g_tls_certificate_get_issuer (cert), ++i) + (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert)); + + g_assert (i == *gnutls_chain_length); +} + +static GTlsCertificateFlags +g_tls_file_database_gnutls_verify_chain (GTlsDatabase *database, + GTlsCertificate *chain, + const gchar *purpose, + GSocketConnectable *identity, + GTlsInteraction *interaction, + GTlsDatabaseVerifyFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsFileDatabaseGnutls *self; + GTlsCertificateFlags result; + guint gnutls_result; + gnutls_x509_crt_t *certs; + guint certs_length; + const char *hostname = NULL; + char *free_hostname = NULL; + int gerr; + + g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain), + G_TLS_CERTIFICATE_GENERIC_ERROR); + g_assert (purpose); + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_TLS_CERTIFICATE_GENERIC_ERROR; + + self = G_TLS_FILE_DATABASE_GNUTLS (database); + + convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain), + &certs, &certs_length); + gerr = gnutls_x509_trust_list_verify_crt (self->trust_list, + certs, certs_length, + 0, &gnutls_result, NULL); + + if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error)) + { + g_free (certs); + return G_TLS_CERTIFICATE_GENERIC_ERROR; + } + + result = g_tls_certificate_gnutls_convert_flags (gnutls_result); + + if (G_IS_NETWORK_ADDRESS (identity)) + hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity)); + else if (G_IS_NETWORK_SERVICE (identity)) + hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity)); + else if (G_IS_INET_SOCKET_ADDRESS (identity)) + { + GInetAddress *addr; + + addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)); + hostname = free_hostname = g_inet_address_to_string (addr); + } + if (hostname) + { + if (!gnutls_x509_crt_check_hostname (certs[0], hostname)) + result |= G_TLS_CERTIFICATE_BAD_IDENTITY; + g_free (free_hostname); + } + + g_free (certs); + return result; +} + +static void +g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass); + + gobject_class->get_property = g_tls_file_database_gnutls_get_property; + gobject_class->set_property = g_tls_file_database_gnutls_set_property; + gobject_class->finalize = g_tls_file_database_gnutls_finalize; + + database_class->create_certificate_handle = g_tls_file_database_gnutls_create_certificate_handle; + database_class->lookup_certificate_for_handle = g_tls_file_database_gnutls_lookup_certificate_for_handle; + database_class->lookup_certificate_issuer = g_tls_file_database_gnutls_lookup_certificate_issuer; + database_class->lookup_certificates_issued_by = g_tls_file_database_gnutls_lookup_certificates_issued_by; + database_class->verify_chain = g_tls_file_database_gnutls_verify_chain; + + g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors"); +} + +static void +g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface) +{ + +} + +static gboolean +g_tls_file_database_gnutls_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (initable); + GHashTable *subjects, *issuers, *complete; + gboolean result; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return FALSE; + + subjects = bytes_multi_table_new (); + issuers = bytes_multi_table_new (); + + complete = g_hash_table_new_full (g_bytes_hash, g_bytes_equal, + (GDestroyNotify)g_bytes_unref, + (GDestroyNotify)g_bytes_unref); + + if (self->anchor_filename) + result = load_anchor_file (self->anchor_filename, subjects, issuers, + complete, error); + else + result = TRUE; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + result = FALSE; + + if (result) + { + g_mutex_lock (&self->mutex); + if (!self->subjects) + { + self->subjects = subjects; + subjects = NULL; + } + if (!self->issuers) + { + self->issuers = issuers; + issuers = NULL; + } + if (!self->complete) + { + self->complete = complete; + complete = NULL; + } + g_mutex_unlock (&self->mutex); + } + + if (subjects != NULL) + g_hash_table_unref (subjects); + if (issuers != NULL) + g_hash_table_unref (issuers); + if (complete != NULL) + g_hash_table_unref (complete); + return result; +} + +static void +g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface) +{ + iface->init = g_tls_file_database_gnutls_initable_init; +} diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.h b/tls/gnutls/gtlsfiledatabase-gnutls.h new file mode 100644 index 0000000..9feccc3 --- /dev/null +++ b/tls/gnutls/gtlsfiledatabase-gnutls.h @@ -0,0 +1,44 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_TLS_FILE_DATABASE_GNUTLS_H__ +#define __G_TLS_FILE_DATABASE_GNUTLS_H__ + +#include + +#include "gtlsdatabase-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_FILE_DATABASE_GNUTLS (g_tls_file_database_gnutls_get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G, TLS_FILE_DATABASE_GNUTLS, GTlsDatabaseGnutls) + +GTlsDatabase* g_tls_file_database_gnutls_new (const gchar *anchor_file); + +G_END_DECLS + +#endif /* __G_TLS_FILE_DATABASE_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsinputstream-gnutls.c b/tls/gnutls/gtlsinputstream-gnutls.c new file mode 100644 index 0000000..65ca3cb --- /dev/null +++ b/tls/gnutls/gtlsinputstream-gnutls.c @@ -0,0 +1,253 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" +#include "gtlsinputstream-gnutls.h" + +struct _GTlsInputStreamGnutls +{ + GInputStream parent_instance; + + GWeakRef weak_conn; +}; + +static void g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G_TYPE_INPUT_STREAM, + G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_gnutls_pollable_iface_init) + ) + +static void +g_tls_input_stream_gnutls_dispose (GObject *object) +{ + GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object); + + g_weak_ref_set (&stream->weak_conn, NULL); + + G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->dispose (object); +} + +static void +g_tls_input_stream_gnutls_finalize (GObject *object) +{ + GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object); + + g_weak_ref_clear (&stream->weak_conn); + + G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->finalize (object); +} + +static gssize +g_tls_input_stream_gnutls_read (GInputStream *stream, + void *buffer, + gsize count, + GCancellable *cancellable, + GError **error) +{ + GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream); + GTlsConnectionGnutls *conn; + gssize ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, -1); + + ret = g_tls_connection_gnutls_read (conn, + buffer, count, -1 /* blocking */, + cancellable, error); + g_object_unref (conn); + return ret; +} + +static gboolean +g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable) +{ + GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable); + GTlsConnectionGnutls *conn; + gboolean ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, FALSE); + + ret = g_tls_connection_gnutls_check (conn, G_IO_IN); + + g_object_unref (conn); + return ret; +} + +static GSource * +g_tls_input_stream_gnutls_pollable_create_source (GPollableInputStream *pollable, + GCancellable *cancellable) +{ + GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable); + GTlsConnectionGnutls *conn; + GSource *ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, NULL); + + ret = g_tls_connection_gnutls_create_source (conn, G_IO_IN, cancellable); + g_object_unref (conn); + return ret; +} + +static gssize +g_tls_input_stream_gnutls_pollable_read_nonblocking (GPollableInputStream *pollable, + void *buffer, + gsize size, + GError **error) +{ + GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable); + GTlsConnectionGnutls *conn; + gssize ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, -1); + + ret = g_tls_connection_gnutls_read (conn, buffer, size, + 0 /* non-blocking */, NULL, error); + + g_object_unref (conn); + return ret; +} + +static gboolean +g_tls_input_stream_gnutls_close (GInputStream *stream, + GCancellable *cancellable, + GError **error) +{ + GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream); + GIOStream *conn; + gboolean ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + + /* Special case here because this is called by the finalize + * of the main GTlsConnection object. + */ + if (conn == NULL) + return TRUE; + + ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_READ, + -1, /* blocking */ + cancellable, error); + + g_object_unref (conn); + return ret; +} + +/* We do async close as synchronous-in-a-thread so we don't need to + * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case + * (since handshakes are also done synchronously now). + */ +static void +close_thread (GTask *task, + gpointer object, + gpointer task_data, + GCancellable *cancellable) +{ + GTlsInputStreamGnutls *tls_stream = object; + GError *error = NULL; + GIOStream *conn; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + + if (conn && !g_tls_connection_gnutls_close_internal (conn, + G_TLS_DIRECTION_READ, + -1, /* blocking */ + cancellable, &error)) + g_task_return_error (task, error); + else + g_task_return_boolean (task, TRUE); + + if (conn) + g_object_unref (conn); +} + + +static void +g_tls_input_stream_gnutls_close_async (GInputStream *stream, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GTask *task; + + task = g_task_new (stream, cancellable, callback, user_data); + g_task_set_source_tag (task, g_tls_input_stream_gnutls_close_async); + g_task_set_priority (task, io_priority); + g_task_run_in_thread (task, close_thread); + g_object_unref (task); +} + +static gboolean +g_tls_input_stream_gnutls_close_finish (GInputStream *stream, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, stream), FALSE); + g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == + g_tls_input_stream_gnutls_close_async, FALSE); + + return g_task_propagate_boolean (G_TASK (result), error); +} + +static void +g_tls_input_stream_gnutls_class_init (GTlsInputStreamGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass); + + gobject_class->dispose = g_tls_input_stream_gnutls_dispose; + gobject_class->finalize = g_tls_input_stream_gnutls_finalize; + + input_stream_class->read_fn = g_tls_input_stream_gnutls_read; + input_stream_class->close_fn = g_tls_input_stream_gnutls_close; + input_stream_class->close_async = g_tls_input_stream_gnutls_close_async; + input_stream_class->close_finish = g_tls_input_stream_gnutls_close_finish; +} + +static void +g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface) +{ + iface->is_readable = g_tls_input_stream_gnutls_pollable_is_readable; + iface->create_source = g_tls_input_stream_gnutls_pollable_create_source; + iface->read_nonblocking = g_tls_input_stream_gnutls_pollable_read_nonblocking; +} + +static void +g_tls_input_stream_gnutls_init (GTlsInputStreamGnutls *stream) +{ +} + +GInputStream * +g_tls_input_stream_gnutls_new (GTlsConnectionGnutls *conn) +{ + GTlsInputStreamGnutls *tls_stream; + + tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_GNUTLS, NULL); + g_weak_ref_init (&tls_stream->weak_conn, conn); + + return G_INPUT_STREAM (tls_stream); +} diff --git a/tls/gnutls/gtlsinputstream-gnutls.h b/tls/gnutls/gtlsinputstream-gnutls.h new file mode 100644 index 0000000..ecafa07 --- /dev/null +++ b/tls/gnutls/gtlsinputstream-gnutls.h @@ -0,0 +1,41 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_INPUT_STREAM_GNUTLS_H__ +#define __G_TLS_INPUT_STREAM_GNUTLS_H__ + +#include +#include "gtlsconnection-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_INPUT_STREAM_GNUTLS (g_tls_input_stream_gnutls_get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G, TLS_INPUT_STREAM_GNUTLS, GInputStream) + +GInputStream *g_tls_input_stream_gnutls_new (GTlsConnectionGnutls *conn); + +G_END_DECLS + +#endif /* __G_TLS_INPUT_STREAM_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsoutputstream-gnutls.c b/tls/gnutls/gtlsoutputstream-gnutls.c new file mode 100644 index 0000000..44b10f7 --- /dev/null +++ b/tls/gnutls/gtlsoutputstream-gnutls.c @@ -0,0 +1,255 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" +#include "gtlsoutputstream-gnutls.h" + +struct _GTlsOutputStreamGnutls +{ + GOutputStream parent_instance; + + GWeakRef weak_conn; +}; + +static void g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G_TYPE_OUTPUT_STREAM, + G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_gnutls_pollable_iface_init) + ) + +static void +g_tls_output_stream_gnutls_dispose (GObject *object) +{ + GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object); + + g_weak_ref_set (&stream->weak_conn, NULL); + + G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->dispose (object); +} + +static void +g_tls_output_stream_gnutls_finalize (GObject *object) +{ + GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object); + + g_weak_ref_clear (&stream->weak_conn); + + G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->finalize (object); +} + +static gssize +g_tls_output_stream_gnutls_write (GOutputStream *stream, + const void *buffer, + gsize count, + GCancellable *cancellable, + GError **error) +{ + GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream); + GTlsConnectionGnutls *conn; + gssize ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, -1); + + ret = g_tls_connection_gnutls_write (conn, buffer, count, -1 /* blocking */, + cancellable, error); + g_object_unref (conn); + return ret; +} + +static gboolean +g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable) +{ + GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable); + GTlsConnectionGnutls *conn; + gboolean ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, FALSE); + + ret = g_tls_connection_gnutls_check (conn, G_IO_OUT); + + g_object_unref (conn); + + return ret; +} + +static GSource * +g_tls_output_stream_gnutls_pollable_create_source (GPollableOutputStream *pollable, + GCancellable *cancellable) +{ + GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable); + GTlsConnectionGnutls *conn; + GSource *ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, NULL); + + ret = g_tls_connection_gnutls_create_source (conn, + G_IO_OUT, + cancellable); + g_object_unref (conn); + return ret; +} + +static gssize +g_tls_output_stream_gnutls_pollable_write_nonblocking (GPollableOutputStream *pollable, + const void *buffer, + gsize size, + GError **error) +{ + GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable); + GTlsConnectionGnutls *conn; + gssize ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + g_return_val_if_fail (conn != NULL, -1); + + ret = g_tls_connection_gnutls_write (conn, buffer, size, + 0 /* non-blocking */, NULL, error); + + g_object_unref (conn); + return ret; +} + +static gboolean +g_tls_output_stream_gnutls_close (GOutputStream *stream, + GCancellable *cancellable, + GError **error) +{ + GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream); + GIOStream *conn; + gboolean ret; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + + /* Special case here because this is called by the finalize + * of the main GTlsConnection object. + */ + if (conn == NULL) + return TRUE; + + ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_WRITE, + -1, /* blocking */ + cancellable, error); + + g_object_unref (conn); + return ret; +} + +/* We do async close as synchronous-in-a-thread so we don't need to + * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case + * (since handshakes are also done synchronously now). + */ +static void +close_thread (GTask *task, + gpointer object, + gpointer task_data, + GCancellable *cancellable) +{ + GTlsOutputStreamGnutls *tls_stream = object; + GError *error = NULL; + GIOStream *conn; + + conn = g_weak_ref_get (&tls_stream->weak_conn); + + if (conn && !g_tls_connection_gnutls_close_internal (conn, + G_TLS_DIRECTION_WRITE, + -1, /* blocking */ + cancellable, &error)) + g_task_return_error (task, error); + else + g_task_return_boolean (task, TRUE); + + if (conn) + g_object_unref (conn); +} + + +static void +g_tls_output_stream_gnutls_close_async (GOutputStream *stream, + int io_priority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GTask *task; + + task = g_task_new (stream, cancellable, callback, user_data); + g_task_set_source_tag (task, g_tls_output_stream_gnutls_close_async); + g_task_set_priority (task, io_priority); + g_task_run_in_thread (task, close_thread); + g_object_unref (task); +} + +static gboolean +g_tls_output_stream_gnutls_close_finish (GOutputStream *stream, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, stream), FALSE); + g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == + g_tls_output_stream_gnutls_close_async, FALSE); + + return g_task_propagate_boolean (G_TASK (result), error); +} + +static void +g_tls_output_stream_gnutls_class_init (GTlsOutputStreamGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass); + + gobject_class->dispose = g_tls_output_stream_gnutls_dispose; + gobject_class->finalize = g_tls_output_stream_gnutls_finalize; + + output_stream_class->write_fn = g_tls_output_stream_gnutls_write; + output_stream_class->close_fn = g_tls_output_stream_gnutls_close; + output_stream_class->close_async = g_tls_output_stream_gnutls_close_async; + output_stream_class->close_finish = g_tls_output_stream_gnutls_close_finish; +} + +static void +g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface) +{ + iface->is_writable = g_tls_output_stream_gnutls_pollable_is_writable; + iface->create_source = g_tls_output_stream_gnutls_pollable_create_source; + iface->write_nonblocking = g_tls_output_stream_gnutls_pollable_write_nonblocking; +} + +static void +g_tls_output_stream_gnutls_init (GTlsOutputStreamGnutls *stream) +{ +} + +GOutputStream * +g_tls_output_stream_gnutls_new (GTlsConnectionGnutls *conn) +{ + GTlsOutputStreamGnutls *tls_stream; + + tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, NULL); + g_weak_ref_init (&tls_stream->weak_conn, conn); + + return G_OUTPUT_STREAM (tls_stream); +} diff --git a/tls/gnutls/gtlsoutputstream-gnutls.h b/tls/gnutls/gtlsoutputstream-gnutls.h new file mode 100644 index 0000000..e7f40d6 --- /dev/null +++ b/tls/gnutls/gtlsoutputstream-gnutls.h @@ -0,0 +1,41 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_OUTPUT_STREAM_GNUTLS_H__ +#define __G_TLS_OUTPUT_STREAM_GNUTLS_H__ + +#include +#include "gtlsconnection-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_OUTPUT_STREAM_GNUTLS (g_tls_output_stream_gnutls_get_type ()) + +G_DECLARE_FINAL_TYPE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G, TLS_OUTPUT_STREAM_GNUTLS, GOutputStream) + +GOutputStream *g_tls_output_stream_gnutls_new (GTlsConnectionGnutls *conn); + +G_END_DECLS + +#endif /* __G_TLS_OUTPUT_STREAM_GNUTLS_H___ */ diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c new file mode 100644 index 0000000..8e323b3 --- /dev/null +++ b/tls/gnutls/gtlsserverconnection-gnutls.c @@ -0,0 +1,290 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" +#include "glib.h" + +#include +#include +#include + +#include "gtlsserverconnection-gnutls.h" +#include "gtlsbackend-gnutls.h" +#include "gtlscertificate-gnutls.h" +#include + +enum +{ + PROP_0, + PROP_AUTHENTICATION_MODE +}; + +struct _GTlsServerConnectionGnutls +{ + GTlsConnectionGnutls parent_instance; + + GTlsAuthenticationMode authentication_mode; +}; + +static void g_tls_server_connection_gnutls_initable_interface_init (GInitableIface *iface); + +static void g_tls_server_connection_gnutls_server_connection_interface_init (GTlsServerConnectionInterface *iface); + +static int g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_retr2_st *st); + +static int g_tls_server_connection_gnutls_db_store (void *user_data, + gnutls_datum_t key, + gnutls_datum_t data); +static int g_tls_server_connection_gnutls_db_remove (void *user_data, + gnutls_datum_t key); +static gnutls_datum_t g_tls_server_connection_gnutls_db_retrieve (void *user_data, + gnutls_datum_t key); + +static GInitableIface *g_tls_server_connection_gnutls_parent_initable_iface; + +G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionGnutls, g_tls_server_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS, + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, + g_tls_server_connection_gnutls_initable_interface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION, + g_tls_server_connection_gnutls_server_connection_interface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_SERVER_CONNECTION, + NULL) +) + +static void +g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls) +{ + gnutls_certificate_credentials_t creds; + + creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls)); + gnutls_certificate_set_retrieve_function (creds, g_tls_server_connection_gnutls_retrieve_function); +} + +static gboolean +g_tls_server_connection_gnutls_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable); + GTlsCertificate *cert; + gnutls_session_t session; + + if (!g_tls_server_connection_gnutls_parent_initable_iface-> + init (initable, cancellable, error)) + return FALSE; + + session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls)); + gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve); + gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store); + gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove); + + cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable)); + if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert))) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, + _("Certificate has no private key")); + return FALSE; + } + + return TRUE; +} + +static void +g_tls_server_connection_gnutls_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (object); + + switch (prop_id) + { + case PROP_AUTHENTICATION_MODE: + g_value_set_enum (value, gnutls->authentication_mode); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_tls_server_connection_gnutls_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (object); + + switch (prop_id) + { + case PROP_AUTHENTICATION_MODE: + gnutls->authentication_mode = g_value_get_enum (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static int +g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_retr2_st *st) +{ + g_tls_connection_gnutls_get_certificate (gnutls_transport_get_ptr (session), st); + return 0; +} + +static void +g_tls_server_connection_gnutls_failed (GTlsConnectionGnutls *conn) +{ + gnutls_db_remove_session (g_tls_connection_gnutls_get_session (conn)); +} + +static void +g_tls_server_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn) +{ + GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (conn); + gnutls_session_t session; + gnutls_certificate_request_t req_mode; + + switch (gnutls->authentication_mode) + { + case G_TLS_AUTHENTICATION_REQUESTED: + req_mode = GNUTLS_CERT_REQUEST; + break; + case G_TLS_AUTHENTICATION_REQUIRED: + req_mode = GNUTLS_CERT_REQUIRE; + break; + case G_TLS_AUTHENTICATION_NONE: + default: + req_mode = GNUTLS_CERT_IGNORE; + break; + } + + session = g_tls_connection_gnutls_get_session (conn); + gnutls_certificate_server_set_request (session, req_mode); +} + +static void +g_tls_server_connection_gnutls_finish_handshake (GTlsConnectionGnutls *gnutls, + GError **inout_error) +{ +} + +/* Session cache management */ + +static int +g_tls_server_connection_gnutls_db_store (void *user_data, + gnutls_datum_t key, + gnutls_datum_t data) +{ + GBytes *session_id, *session_data; + + session_id = g_bytes_new (key.data, key.size); + session_data = g_bytes_new (data.data, data.size); + g_tls_backend_gnutls_store_session (GNUTLS_SERVER, session_id, session_data); + g_bytes_unref (session_id); + g_bytes_unref (session_data); + + return 0; +} + +static int +g_tls_server_connection_gnutls_db_remove (void *user_data, + gnutls_datum_t key) +{ + GBytes *session_id; + + session_id = g_bytes_new (key.data, key.size); + g_tls_backend_gnutls_remove_session (GNUTLS_SERVER, session_id); + g_bytes_unref (session_id); + + return 0; +} + +static gnutls_datum_t +g_tls_server_connection_gnutls_db_retrieve (void *user_data, + gnutls_datum_t key) +{ + GBytes *session_id, *session_data; + gnutls_datum_t data; + + session_id = g_bytes_new (key.data, key.size); + session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_SERVER, session_id); + g_bytes_unref (session_id); + + if (session_data) + { + data.size = g_bytes_get_size (session_data); + data.data = gnutls_malloc (data.size); + memcpy (data.data, g_bytes_get_data (session_data, NULL), data.size); + g_bytes_unref (session_data); + } + else + { + data.size = 0; + data.data = NULL; + } + + return data; +} + +static void +g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass); + + gobject_class->get_property = g_tls_server_connection_gnutls_get_property; + gobject_class->set_property = g_tls_server_connection_gnutls_set_property; + + connection_gnutls_class->failed = g_tls_server_connection_gnutls_failed; + connection_gnutls_class->begin_handshake = g_tls_server_connection_gnutls_begin_handshake; + connection_gnutls_class->finish_handshake = g_tls_server_connection_gnutls_finish_handshake; + + g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode"); +} + +static void +g_tls_server_connection_gnutls_server_connection_interface_init (GTlsServerConnectionInterface *iface) +{ +} + +static void +g_tls_server_connection_gnutls_initable_interface_init (GInitableIface *iface) +{ + g_tls_server_connection_gnutls_parent_initable_iface = g_type_interface_peek_parent (iface); + + iface->init = g_tls_server_connection_gnutls_initable_init; +} diff --git a/tls/gnutls/gtlsserverconnection-gnutls.h b/tls/gnutls/gtlsserverconnection-gnutls.h new file mode 100644 index 0000000..288dab4 --- /dev/null +++ b/tls/gnutls/gtlsserverconnection-gnutls.h @@ -0,0 +1,39 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#ifndef __G_TLS_SERVER_CONNECTION_GNUTLS_H__ +#define __G_TLS_SERVER_CONNECTION_GNUTLS_H__ + +#include +#include "gtlsconnection-gnutls.h" + +G_BEGIN_DECLS + +#define G_TYPE_TLS_SERVER_CONNECTION_GNUTLS (g_tls_server_connection_gnutls_get_type ()) + +G_DECLARE_FINAL_TYPE(GTlsServerConnectionGnutls, g_tls_server_connection_gnutls, G, TLS_SERVER_CONNECTION_GNUTLS, GTlsConnectionGnutls) + +G_END_DECLS + +#endif /* __G_TLS_SERVER_CONNECTION_GNUTLS_H___ */ diff --git a/tls/gnutls/meson.build b/tls/gnutls/meson.build new file mode 100644 index 0000000..98bbb73 --- /dev/null +++ b/tls/gnutls/meson.build @@ -0,0 +1,51 @@ +sources = files( + 'gnutls-module.c', + 'gtlsbackend-gnutls.c', + 'gtlscertificate-gnutls.c', + 'gtlsclientconnection-gnutls.c', + 'gtlsconnection-gnutls.c', + 'gtlsdatabase-gnutls.c', + 'gtlsfiledatabase-gnutls.c', + 'gtlsinputstream-gnutls.c', + 'gtlsoutputstream-gnutls.c', + 'gtlsserverconnection-gnutls.c' +) + +incs = [top_inc] + +deps = [ + gio_dep, + glib_dep, + gnutls_dep +] + +if enable_pkcs11_support + sources += files( + 'gtlsbackend-gnutls-pkcs11.c', + 'gtlscertificate-gnutls-pkcs11.c', + 'gtlsdatabase-gnutls-pkcs11.c' + ) + + incs += tls_inc + + deps += libgiopkcs11_dep +endif + +module = shared_module( + 'giognutls', + sources: sources, + include_directories: incs, + dependencies: deps, + link_args: module_ldflags, + link_depends: symbol_map, + install: true, + install_dir: gio_module_dir +) + +if get_option('static_modules') + static_library('giognutls', + objects: module.extract_all_objects(), + install: true, + install_dir: gio_module_dir + ) +endif diff --git a/tls/pkcs11/gpkcs11array.c b/tls/pkcs11/gpkcs11array.c new file mode 100644 index 0000000..00d4bda --- /dev/null +++ b/tls/pkcs11/gpkcs11array.c @@ -0,0 +1,282 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - Small GLib wrapper of PKCS#11 for use in GTls + * + * Copyright 2011 Collabora, Ltd + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "gpkcs11array.h" + +#include + +G_DEFINE_BOXED_TYPE (GPkcs11Array, g_pkcs11_array, g_pkcs11_array_ref, g_pkcs11_array_unref); + +typedef struct _GRealPkcs11Array +{ + CK_ATTRIBUTE *attrs; + CK_ULONG len; + volatile gint ref_count; +} GRealPkcs11Array; + +GPkcs11Array* +g_pkcs11_array_new (void) +{ + GRealPkcs11Array *array = g_slice_new (GRealPkcs11Array); + + array->attrs = NULL; + array->len = 0; + array->ref_count = 1; + + return (GPkcs11Array*) array; +} + +void +g_pkcs11_array_add (GPkcs11Array *array, + CK_ATTRIBUTE *attr) +{ + GRealPkcs11Array *rarray = (GRealPkcs11Array*)array; + + g_return_if_fail (array); + g_return_if_fail (attr); + g_return_if_fail (attr->ulValueLen != (CK_ATTRIBUTE_TYPE)-1 || !attr->pValue); + g_return_if_fail (attr->pValue || !attr->ulValueLen); + + rarray->attrs = g_renew (CK_ATTRIBUTE, rarray->attrs, rarray->len + 1); + memcpy (rarray->attrs + rarray->len, attr, sizeof (CK_ATTRIBUTE)); + if (attr->pValue) + rarray->attrs[rarray->len].pValue = g_memdup (attr->pValue, attr->ulValueLen); + rarray->len++; +} + +void +g_pkcs11_array_add_value (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gconstpointer value, + gssize length) +{ + CK_ATTRIBUTE attr; + + g_return_if_fail (array); + + if (length < 0) + length = strlen (value); + + attr.type = type; + attr.pValue = (gpointer)value; + attr.ulValueLen = length; + g_pkcs11_array_add (array, &attr); +} + +void +g_pkcs11_array_add_boolean (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE attr_type, + gboolean value) +{ + CK_ATTRIBUTE attr; + CK_BBOOL bval; + + g_return_if_fail (array); + + bval = value ? CK_TRUE : CK_FALSE; + attr.type = attr_type; + attr.pValue = &bval; + attr.ulValueLen = sizeof (bval); + g_pkcs11_array_add (array, &attr); +} + +void +g_pkcs11_array_add_ulong (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gulong value) +{ + CK_ATTRIBUTE attr; + CK_ULONG uval; + + g_return_if_fail (array); + + uval = value; + attr.type = type; + attr.pValue = &uval; + attr.ulValueLen = sizeof (uval); + g_pkcs11_array_add (array, &attr); +} + +void +g_pkcs11_array_set (GPkcs11Array *array, + CK_ATTRIBUTE *attr) +{ + CK_ATTRIBUTE *previous; + + g_return_if_fail (array); + g_return_if_fail (attr); + g_return_if_fail (attr->ulValueLen != (CK_ATTRIBUTE_TYPE)-1 || !attr->pValue); + g_return_if_fail (attr->pValue || !attr->ulValueLen); + + previous = (CK_ATTRIBUTE*)g_pkcs11_array_find (array, attr->type); + if (previous == NULL) + { + g_pkcs11_array_add (array, attr); + } + else + { + g_free (previous->pValue); + previous->pValue = g_memdup (attr->pValue, attr->ulValueLen); + previous->ulValueLen = attr->ulValueLen; + } +} + +void +g_pkcs11_array_set_value (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gconstpointer value, + gssize length) +{ + CK_ATTRIBUTE attr; + + g_return_if_fail (array); + + if (length < 0) + length = strlen (value); + + attr.type = type; + attr.pValue = (gpointer)value; + attr.ulValueLen = length; + g_pkcs11_array_set (array, &attr); +} + +void +g_pkcs11_array_set_boolean (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE attr_type, + gboolean value) +{ + CK_ATTRIBUTE attr; + CK_BBOOL bval; + + g_return_if_fail (array); + + bval = value ? CK_TRUE : CK_FALSE; + attr.type = attr_type; + attr.pValue = &bval; + attr.ulValueLen = sizeof (bval); + g_pkcs11_array_set (array, &attr); +} + +void +g_pkcs11_array_set_ulong (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gulong value) +{ + CK_ATTRIBUTE attr; + CK_ULONG uval; + + g_return_if_fail (array); + + uval = value; + attr.type = type; + attr.pValue = &uval; + attr.ulValueLen = sizeof (uval); + g_pkcs11_array_set (array, &attr); +} + + +const CK_ATTRIBUTE* +g_pkcs11_array_find (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type) +{ + const CK_ATTRIBUTE* attr; + guint i; + + g_return_val_if_fail (array, NULL); + + for (i = 0; i < array->count; ++i) + { + attr = &g_pkcs11_array_index (array, i); + if (attr->type == type) + return attr; + } + + return NULL; +} + +gboolean +g_pkcs11_array_find_boolean (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gboolean *value) +{ + const CK_ATTRIBUTE* attr; + + g_return_val_if_fail (array, FALSE); + g_return_val_if_fail (value, FALSE); + + attr = g_pkcs11_array_find (array, type); + if (!attr || !attr->pValue || attr->ulValueLen != sizeof (CK_BBOOL)) + return FALSE; + *value = *((CK_BBOOL*)attr->pValue) ? TRUE : FALSE; + return TRUE; +} + +gboolean +g_pkcs11_array_find_ulong (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gulong *value) +{ + const CK_ATTRIBUTE* attr; + + g_return_val_if_fail (array, FALSE); + g_return_val_if_fail (value, FALSE); + + attr = g_pkcs11_array_find (array, type); + if (!attr || !attr->pValue || attr->ulValueLen != sizeof (CK_ULONG)) + return FALSE; + *value = *((CK_ULONG*)attr->pValue); + return TRUE; +} + +GPkcs11Array* +g_pkcs11_array_ref (GPkcs11Array *array) +{ + GRealPkcs11Array *rarray = (GRealPkcs11Array*) array; + + g_return_val_if_fail (array, NULL); + g_return_val_if_fail (g_atomic_int_get (&rarray->ref_count) > 0, array); + g_atomic_int_inc (&rarray->ref_count); + return array; +} + +void +g_pkcs11_array_unref (GPkcs11Array *array) +{ + GRealPkcs11Array *rarray = (GRealPkcs11Array*) array; + CK_ULONG i; + + g_return_if_fail (array); + g_return_if_fail (g_atomic_int_get (&rarray->ref_count) > 0); + if (g_atomic_int_dec_and_test (&rarray->ref_count)) + { + for (i = 0; i < rarray->len; ++i) + g_free (rarray->attrs[i].pValue); + g_free (rarray->attrs); + g_slice_free1 (sizeof (GRealPkcs11Array), array); + } +} diff --git a/tls/pkcs11/gpkcs11array.h b/tls/pkcs11/gpkcs11array.h new file mode 100644 index 0000000..04d1a66 --- /dev/null +++ b/tls/pkcs11/gpkcs11array.h @@ -0,0 +1,107 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - Small GLib wrapper of PKCS#11 for use in GTls + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_PKCS11_ARRAY_H__ +#define __G_PKCS11_ARRAY_H__ + +#include +#include + +#include + +#include + +G_BEGIN_DECLS + +typedef struct _GPkcs11Array GPkcs11Array; + +struct _GPkcs11Array +{ + CK_ATTRIBUTE *attrs; + CK_ULONG count; +}; + +#define G_TYPE_PKCS11_ARRAY (g_pkcs11_array_get_type ()) + +GType g_pkcs11_array_get_type (void) G_GNUC_CONST; + +GPkcs11Array* g_pkcs11_array_new (void); + +#define g_pkcs11_array_index(array,index_) ((array)->attrs)[index_] + +void g_pkcs11_array_add (GPkcs11Array *array, + CK_ATTRIBUTE *attr); + +void g_pkcs11_array_add_value (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gconstpointer value, + gssize length); + +void g_pkcs11_array_add_boolean (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gboolean value); + +void g_pkcs11_array_add_ulong (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gulong value); + +void g_pkcs11_array_set (GPkcs11Array *array, + CK_ATTRIBUTE *attr); + +void g_pkcs11_array_set_value (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gconstpointer value, + gssize length); + +void g_pkcs11_array_set_boolean (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gboolean value); + +void g_pkcs11_array_set_ulong (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gulong value); + +const CK_ATTRIBUTE* g_pkcs11_array_find (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type); + +const CK_ATTRIBUTE* g_pkcs11_array_find_valid (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type); + +gboolean g_pkcs11_array_find_boolean (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gboolean *value); + +gboolean g_pkcs11_array_find_ulong (GPkcs11Array *array, + CK_ATTRIBUTE_TYPE type, + gulong *value); + +GPkcs11Array* g_pkcs11_array_ref (GPkcs11Array *array); + +void g_pkcs11_array_unref (GPkcs11Array *array); + +G_END_DECLS + +#endif /* __G_PKCS11_ARRAY_H___ */ diff --git a/tls/pkcs11/gpkcs11pin.c b/tls/pkcs11/gpkcs11pin.c new file mode 100644 index 0000000..8bcb4c0 --- /dev/null +++ b/tls/pkcs11/gpkcs11pin.c @@ -0,0 +1,159 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Input, Output and Streaming Library + * + * Copyright © 2011 Collabora Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include + +#include "gpkcs11pin.h" +#include + +enum +{ + PROP_0, + + PROP_FLAGS, + PROP_DESCRIPTION +}; + +struct _GPkcs11Pin +{ + GTlsPassword parent_instance; + + P11KitPin *pin; +}; + +G_DEFINE_TYPE (GPkcs11Pin, g_pkcs11_pin, G_TYPE_TLS_PASSWORD); + +static void +g_pkcs11_pin_init (GPkcs11Pin *self) +{ +} + +static void +g_pkcs11_pin_finalize (GObject *object) +{ + GPkcs11Pin *self = G_PKCS11_PIN (object); + + if (self->pin) + p11_kit_pin_unref (self->pin); + + G_OBJECT_CLASS (g_pkcs11_pin_parent_class)->finalize (object); +} + +static const guchar * +g_pkcs11_pin_get_value (GTlsPassword *password, + gsize *length) +{ + GPkcs11Pin *self = G_PKCS11_PIN (password); + + if (!self->pin) + { + if (length) + *length = 0; + return NULL; + } + + return p11_kit_pin_get_value (self->pin, length); +} + +static void +g_pkcs11_pin_set_value (GTlsPassword *password, + guchar *value, + gssize length, + GDestroyNotify destroy) +{ + GPkcs11Pin *self = G_PKCS11_PIN (password); + + if (self->pin) + { + p11_kit_pin_unref (self->pin); + self->pin = NULL; + } + + if (length < 0) + length = strlen ((gchar *) value); + + self->pin = p11_kit_pin_new_for_buffer (value, length, destroy); +} + +static const gchar * +g_pkcs11_pin_get_default_warning (GTlsPassword *password) +{ + GTlsPasswordFlags flags; + + flags = g_tls_password_get_flags (password); + + if (flags & G_TLS_PASSWORD_FINAL_TRY) + return _("This is the last chance to enter the PIN correctly before the token is locked."); + if (flags & G_TLS_PASSWORD_MANY_TRIES) + return _("Several PIN attempts have been incorrect, and the token will be locked after further failures."); + if (flags & G_TLS_PASSWORD_RETRY) + return _("The PIN entered is incorrect."); + + return NULL; +} + + +static void +g_pkcs11_pin_class_init (GPkcs11PinClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + GTlsPasswordClass *password_class = G_TLS_PASSWORD_CLASS (klass); + + password_class->get_value = g_pkcs11_pin_get_value; + password_class->set_value = g_pkcs11_pin_set_value; + password_class->get_default_warning = g_pkcs11_pin_get_default_warning; + + gobject_class->finalize = g_pkcs11_pin_finalize; +} + +GTlsPassword * +g_pkcs11_pin_new (GTlsPasswordFlags flags, + const gchar *description) +{ + GPkcs11Pin *self; + + self = g_object_new (G_TYPE_PKCS11_PIN, + "flags", flags, + "description", description, + NULL); + + return G_TLS_PASSWORD (self); +} + + +P11KitPin * +g_pkcs11_pin_steal_internal (GPkcs11Pin *self) +{ + P11KitPin *pin; + + g_return_val_if_fail (G_IS_PKCS11_PIN (self), NULL); + + pin = self->pin; + self->pin = NULL; + return pin; +} diff --git a/tls/pkcs11/gpkcs11pin.h b/tls/pkcs11/gpkcs11pin.h new file mode 100644 index 0000000..5fbb662 --- /dev/null +++ b/tls/pkcs11/gpkcs11pin.h @@ -0,0 +1,46 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - GLib Pin, Output and Pkcs11ing Library + * + * Copyright © 2011 Collabora Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_PKCS11_PIN_H__ +#define __G_PKCS11_PIN_H__ + +#include +#include + +G_BEGIN_DECLS + +#define G_TYPE_PKCS11_PIN (g_pkcs11_pin_get_type ()) + +G_DECLARE_FINAL_TYPE (GPkcs11Pin, g_pkcs11_pin, G, PKCS11_PIN, GTlsPassword) + +GTlsPassword * g_pkcs11_pin_new (GTlsPasswordFlags flags, + const gchar *description); + +P11KitPin * g_pkcs11_pin_steal_internal (GPkcs11Pin *self); + +G_END_DECLS + +#endif /* __G_PKCS11_PIN_H___ */ diff --git a/tls/pkcs11/gpkcs11slot.c b/tls/pkcs11/gpkcs11slot.c new file mode 100644 index 0000000..9b24dc0 --- /dev/null +++ b/tls/pkcs11/gpkcs11slot.c @@ -0,0 +1,618 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - Small GLib wrapper of PKCS#11 for use in GTls + * + * Copyright 2011 Collabora, Ltd + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "gpkcs11slot.h" + +#include "gpkcs11array.h" +#include "gpkcs11pin.h" +#include "gpkcs11util.h" + +#include + +#include +#include + +#include + +enum { + PROP_0, + PROP_MODULE, + PROP_SLOT_ID +}; + +struct _GPkcs11Slot +{ + GObject parent_instance; + + /* read-only after construct */ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot_id; + + /* protected by mutex */ + GMutex mutex; + CK_SESSION_HANDLE last_session; +}; + +G_DEFINE_TYPE (GPkcs11Slot, g_pkcs11_slot, G_TYPE_OBJECT); + +static gboolean +check_if_session_logged_in (GPkcs11Slot *self, + CK_SESSION_HANDLE session) +{ + CK_SESSION_INFO session_info; + CK_RV rv; + + rv = (self->module->C_GetSessionInfo) (session, &session_info); + if (rv != CKR_OK) + return FALSE; + + /* Already logged in */ + if (session_info.state == CKS_RO_USER_FUNCTIONS || + session_info.state == CKS_RW_USER_FUNCTIONS) + return TRUE; + + return FALSE; +} + +static gboolean +session_login_protected_auth_path (GPkcs11Slot *self, + CK_SESSION_HANDLE session, + GError **error) +{ + CK_RV rv; + + rv = (self->module->C_Login) (session, CKU_USER, NULL, 0); + if (rv == CKR_USER_ALREADY_LOGGED_IN) + rv = CKR_OK; + if (g_pkcs11_propagate_error (error, rv)) + return FALSE; + return TRUE; +} + +static gboolean +session_login_with_pin (GPkcs11Slot *self, + GTlsInteraction *interaction, + CK_SESSION_HANDLE session, + CK_TOKEN_INFO *token_info, + GTlsPasswordFlags flags, + GCancellable *cancellable, + GError **error) +{ + GTlsInteractionResult result = G_TLS_INTERACTION_UNHANDLED; + GTlsPassword *password = NULL; + const guchar *value; + gsize length; + CK_RV rv; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return FALSE; + + else if (interaction != NULL) + { + gchar *description = p11_kit_space_strdup (token_info->label, + sizeof (token_info->label)); + password = g_tls_password_new (flags, description); + free (description); + + result = g_tls_interaction_ask_password (interaction, password, cancellable, error); + } + + switch (result) + { + case G_TLS_INTERACTION_UNHANDLED: + g_clear_object (&password); + g_message ("no pin is available to log in, or the user cancelled pin entry"); + return TRUE; + case G_TLS_INTERACTION_FAILED: + g_clear_object (&password); + return FALSE; + case G_TLS_INTERACTION_HANDLED: + break; + } + + g_assert (interaction != NULL && password != NULL); + value = g_tls_password_get_value (password, &length); + rv = (self->module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)value, length); + g_object_unref (password); + + if (rv == CKR_USER_ALREADY_LOGGED_IN) + rv = CKR_OK; + if (g_pkcs11_propagate_error (error, rv)) + return FALSE; + return TRUE; +} + +static gboolean +session_login_if_necessary (GPkcs11Slot *self, + GTlsInteraction *interaction, + CK_SESSION_HANDLE session, + GCancellable *cancellable, + GError **error) +{ + CK_TOKEN_INFO token_info; + GTlsPasswordFlags flags = 0; + GError *err = NULL; + CK_RV rv; + + for (;;) + { + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return FALSE; + + /* Do we actually need to login? */ + if (check_if_session_logged_in (self, session)) + return TRUE; + + /* Get the token information, this can change between login attempts */ + rv = (self->module->C_GetTokenInfo) (self->slot_id, &token_info); + if (g_pkcs11_propagate_error (error, rv)) + return FALSE; + + if (!(token_info.flags & CKF_LOGIN_REQUIRED)) + return TRUE; + + /* Login is not initialized on token, don't try to login */ + if (!(token_info.flags & CKF_USER_PIN_INITIALIZED)) + return TRUE; + + /* Protected auth path, only call login once, and let token prompt user */ + if (token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + return session_login_protected_auth_path (self, session, error); + + /* Normal authentication path, ask p11-kit to call any callbacks */ + else + { + + if (token_info.flags & CKF_SO_PIN_COUNT_LOW) + flags |= G_TLS_PASSWORD_MANY_TRIES; + if (token_info.flags & CKF_SO_PIN_FINAL_TRY) + flags |= G_TLS_PASSWORD_FINAL_TRY; + + if (session_login_with_pin (self, interaction, session, &token_info, + flags, cancellable, &err)) + return TRUE; + + /* User cancelled, don't try to log in */ + if (err == NULL) + return TRUE; + + if (!g_error_matches (err, G_PKCS11_ERROR, CKR_PIN_INCORRECT)) + { + g_propagate_error (error, err); + return FALSE; + } + + /* Try again */ + g_clear_error (&err); + flags |= G_TLS_PASSWORD_RETRY; + } + } +} + +static CK_SESSION_HANDLE +session_checkout_or_open (GPkcs11Slot *self, + GTlsInteraction *interaction, + gboolean login, + GCancellable *cancellable, + GError **error) +{ + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return 0; + + g_mutex_lock (&self->mutex); + + if (self->last_session) + { + session = self->last_session; + self->last_session = 0; + } + + g_mutex_unlock (&self->mutex); + + if (!session) + { + rv = (self->module->C_OpenSession) (self->slot_id, CKF_SERIAL_SESSION, + NULL, NULL, &session); + if (g_pkcs11_propagate_error (error, rv)) + return 0; + } + + if (login) + { + if (!session_login_if_necessary (self, interaction, session, cancellable, error)) + { + (self->module->C_CloseSession) (session); + return 0; + } + } + + return session; +} + +static void +session_close (GPkcs11Slot *self, + CK_SESSION_HANDLE session) +{ + CK_RV rv; + + g_assert (session != 0); + + rv = (self->module->C_CloseSession) (session); + if (rv != CKR_OK) + g_warning ("couldn't close pkcs11 session: %s", + p11_kit_strerror (rv)); +} + +static void +session_checkin_or_close (GPkcs11Slot *self, + CK_SESSION_HANDLE session) +{ + g_assert (session != 0); + + g_mutex_lock (&self->mutex); + + if (self->last_session == 0) + { + self->last_session = session; + session = 0; + } + + g_mutex_unlock (&self->mutex); + + if (session != 0) + session_close (self, session); +} + +static GPkcs11Array* +retrieve_object_attributes (GPkcs11Slot *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + const CK_ATTRIBUTE_TYPE *attr_types, + guint attr_types_length, + GError **error) +{ + GPkcs11Array *result; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE blank; + CK_RV rv; + guint i; + + result = g_pkcs11_array_new (); + memset (&blank, 0, sizeof (blank)); + for (i = 0; i < attr_types_length; ++i) + { + blank.type = attr_types[i]; + g_pkcs11_array_add (result, &blank); + } + + /* Get all the required buffer sizes */ + rv = (self->module->C_GetAttributeValue) (session, object, + result->attrs, result->count); + if (rv == CKR_ATTRIBUTE_SENSITIVE || + rv == CKR_ATTRIBUTE_TYPE_INVALID) + rv = CKR_OK; + if (g_pkcs11_propagate_error (error, rv)) + { + g_pkcs11_array_unref (result); + return NULL; + } + + /* Now allocate memory for them all */ + for (i = 0; i < attr_types_length; ++i) + { + attr = &g_pkcs11_array_index (result, i); + if (attr->ulValueLen != (CK_ULONG)-1 && attr->ulValueLen) + attr->pValue = g_malloc0 (attr->ulValueLen); + } + + /* And finally get all the values */ + rv = (self->module->C_GetAttributeValue) (session, object, + result->attrs, result->count); + if (rv == CKR_ATTRIBUTE_SENSITIVE || + rv == CKR_ATTRIBUTE_TYPE_INVALID || + rv == CKR_BUFFER_TOO_SMALL) + rv = CKR_OK; + if (g_pkcs11_propagate_error (error, rv)) + { + g_pkcs11_array_unref (result); + return NULL; + } + + return result; +} + +static void +g_pkcs11_slot_init (GPkcs11Slot *self) +{ + g_mutex_init (&self->mutex); +} + +static void +g_pkcs11_slot_dispose (GObject *object) +{ + GPkcs11Slot *self = G_PKCS11_SLOT (object); + CK_SESSION_HANDLE session = 0; + + g_mutex_lock (&self->mutex); + + session = self->last_session; + self->last_session = 0; + + g_mutex_unlock (&self->mutex); + + if (session) + session_close (self, session); + + G_OBJECT_CLASS (g_pkcs11_slot_parent_class)->dispose (object); +} + +static void +g_pkcs11_slot_finalize (GObject *object) +{ + GPkcs11Slot *self = G_PKCS11_SLOT (object); + + g_assert (self->last_session == 0); + g_mutex_clear (&self->mutex); + + G_OBJECT_CLASS (g_pkcs11_slot_parent_class)->finalize (object); +} + +static void +g_pkcs11_slot_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + GPkcs11Slot *self = G_PKCS11_SLOT (object); + + switch (prop_id) + { + case PROP_MODULE: + g_value_set_pointer (value, self->module); + break; + + case PROP_SLOT_ID: + g_value_set_ulong (value, self->slot_id); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_pkcs11_slot_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + GPkcs11Slot *self = G_PKCS11_SLOT (object); + + switch (prop_id) + { + case PROP_MODULE: + self->module = g_value_get_pointer (value); + g_assert (self->module); + break; + + case PROP_SLOT_ID: + self->slot_id = g_value_get_ulong (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + } +} + +static void +g_pkcs11_slot_class_init (GPkcs11SlotClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = g_pkcs11_slot_get_property; + gobject_class->set_property = g_pkcs11_slot_set_property; + gobject_class->dispose = g_pkcs11_slot_dispose; + gobject_class->finalize = g_pkcs11_slot_finalize; + + g_object_class_install_property (gobject_class, PROP_MODULE, + g_param_spec_pointer ("module", + N_("Module"), + N_("PKCS#11 Module Pointer"), + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property (gobject_class, PROP_SLOT_ID, + g_param_spec_ulong ("slot-id", + N_("Slot ID"), + N_("PKCS#11 Slot Identifier"), + 0, + G_MAXULONG, + G_MAXULONG, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + G_PARAM_STATIC_STRINGS)); +} + +GPkcs11EnumerateState +g_pkcs11_slot_enumerate (GPkcs11Slot *self, + GTlsInteraction *interaction, + CK_ATTRIBUTE_PTR match, + CK_ULONG match_count, + gboolean match_private, + const CK_ATTRIBUTE_TYPE *attr_types, + guint attr_types_length, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error) +{ + GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE; + CK_OBJECT_HANDLE objects[256]; + CK_SESSION_HANDLE session; + GPkcs11Array *attrs; + GError *err = NULL; + CK_ULONG count, i; + CK_RV rv; + + g_return_val_if_fail (G_IS_PKCS11_SLOT (self), FALSE); + g_return_val_if_fail (accumulator, FALSE); + g_return_val_if_fail (!error || !*error, FALSE); + + session = session_checkout_or_open (self, interaction, match_private, + cancellable, &err); + if (err != NULL) + { + /* If the slot isn't present, then nothing to match :) */ + if (g_error_matches (err, G_PKCS11_ERROR, CKR_TOKEN_NOT_PRESENT)) + { + g_clear_error (&err); + return G_PKCS11_ENUMERATE_CONTINUE; + } + + g_propagate_error (error, err); + return G_PKCS11_ENUMERATE_FAILED; + } + + rv = (self->module->C_FindObjectsInit) (session, match, match_count); + + while (state == G_PKCS11_ENUMERATE_CONTINUE && rv == CKR_OK && + !g_cancellable_is_cancelled (cancellable)) + { + count = 0; + rv = (self->module->C_FindObjects) (session, objects, + G_N_ELEMENTS (objects), &count); + if (rv == CKR_OK) + { + if (count == 0) + break; + + for (i = 0; state == G_PKCS11_ENUMERATE_CONTINUE && i < count; ++i) + { + if (attr_types_length) + { + attrs = retrieve_object_attributes (self, session, objects[i], + attr_types, attr_types_length, error); + if (attrs == NULL) + state = G_PKCS11_ENUMERATE_FAILED; + } + else + { + attrs = NULL; + } + + if (state == G_PKCS11_ENUMERATE_CONTINUE) + { + if (!(accumulator) (attrs, user_data)) + state = G_PKCS11_ENUMERATE_STOP; + } + + if (attrs) + g_pkcs11_array_unref (attrs); + + if (g_cancellable_is_cancelled (cancellable)) + break; + } + } + } + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + { + state = G_PKCS11_ENUMERATE_FAILED; + } + else if (rv != CKR_OK && rv != CKR_TOKEN_NOT_PRESENT) + { + g_pkcs11_propagate_error (error, rv); + state = G_PKCS11_ENUMERATE_FAILED; + } + + rv = (self->module->C_FindObjectsFinal) (session); + if (rv == CKR_OK) + session_checkin_or_close (self, session); + else + session_close (self, session); + + return state; +} + +gboolean +g_pkcs11_slot_get_token_info (GPkcs11Slot *self, + CK_TOKEN_INFO_PTR token_info) +{ + CK_RV rv; + + g_return_val_if_fail (G_IS_PKCS11_SLOT (self), FALSE); + g_return_val_if_fail (token_info, FALSE); + + memset (token_info, 0, sizeof (CK_TOKEN_INFO)); + rv = (self->module->C_GetTokenInfo) (self->slot_id, token_info); + if (rv == CKR_TOKEN_NOT_PRESENT) + return FALSE; + + if (rv != CKR_OK) + { + g_warning ("call to C_GetTokenInfo on PKCS#11 module failed: %s", + p11_kit_strerror (rv)); + return FALSE; + } + + return TRUE; +} + +gboolean +g_pkcs11_slot_matches_uri (GPkcs11Slot *self, + P11KitUri *uri) +{ + CK_INFO library; + CK_TOKEN_INFO token; + CK_RV rv; + + g_return_val_if_fail (G_IS_PKCS11_SLOT (self), FALSE); + g_return_val_if_fail (uri, FALSE); + + memset (&library, 0, sizeof (library)); + rv = (self->module->C_GetInfo) (&library); + if (rv != CKR_OK) + { + g_warning ("call to C_GetInfo on PKCS#11 module failed: %s", + p11_kit_strerror (rv)); + return FALSE; + } + + if (!p11_kit_uri_match_module_info (uri, &library)) + return FALSE; + + memset (&token, 0, sizeof (token)); + if (!g_pkcs11_slot_get_token_info (self, &token)) + return FALSE; + + return p11_kit_uri_match_token_info (uri, &token); +} diff --git a/tls/pkcs11/gpkcs11slot.h b/tls/pkcs11/gpkcs11slot.h new file mode 100644 index 0000000..a57c2a6 --- /dev/null +++ b/tls/pkcs11/gpkcs11slot.h @@ -0,0 +1,73 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - Small GLib wrapper of PKCS#11 for use in GTls + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_PKCS11_SLOT_H__ +#define __G_PKCS11_SLOT_H__ + +#include + +#include "gpkcs11array.h" + +#include +#include + +G_BEGIN_DECLS + +typedef enum +{ + G_PKCS11_ENUMERATE_FAILED, + G_PKCS11_ENUMERATE_STOP, + G_PKCS11_ENUMERATE_CONTINUE +} GPkcs11EnumerateState; + +#define G_TYPE_PKCS11_SLOT (g_pkcs11_slot_get_type ()) + +G_DECLARE_FINAL_TYPE (GPkcs11Slot, g_pkcs11_slot, G, PKCS11_SLOT, GObject) + +typedef gboolean (*GPkcs11Accumulator) (gpointer result, + gpointer user_data); + +GPkcs11EnumerateState g_pkcs11_slot_enumerate (GPkcs11Slot *self, + GTlsInteraction *interaction, + CK_ATTRIBUTE_PTR match, + CK_ULONG match_count, + gboolean match_private, + const CK_ATTRIBUTE_TYPE *attr_types, + guint attr_types_length, + GPkcs11Accumulator accumulator, + gpointer user_data, + GCancellable *cancellable, + GError **error); + +gboolean g_pkcs11_slot_get_token_info (GPkcs11Slot *self, + CK_TOKEN_INFO_PTR token_info); + +gboolean g_pkcs11_slot_matches_uri (GPkcs11Slot *self, + P11KitUri *uri); + +G_END_DECLS + +#endif /* __G_PKCS11_SLOT_H___ */ diff --git a/tls/pkcs11/gpkcs11util.c b/tls/pkcs11/gpkcs11util.c new file mode 100644 index 0000000..6ffe18f --- /dev/null +++ b/tls/pkcs11/gpkcs11util.c @@ -0,0 +1,63 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - Small GLib wrapper of PKCS#11 for use in GTls + * + * Copyright 2011 Collabora, Ltd + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "gpkcs11util.h" + +#include +#include + +#include + +GQuark +g_pkcs11_get_error_domain (void) +{ + static GQuark domain = 0; + static volatile gsize quark_inited = 0; + + if (g_once_init_enter (&quark_inited)) + { + domain = g_quark_from_static_string ("g-pkcs11-error"); + g_once_init_leave (&quark_inited, 1); + } + + return domain; +} + +gboolean +g_pkcs11_propagate_error (GError **error, CK_RV rv) +{ + if (rv == CKR_OK) + return FALSE; + if (rv == CKR_CANCEL) + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CANCELLED, + p11_kit_strerror (rv)); + else + g_set_error_literal (error, G_PKCS11_ERROR, (gint)rv, + p11_kit_strerror (rv)); + return TRUE; +} diff --git a/tls/pkcs11/gpkcs11util.h b/tls/pkcs11/gpkcs11util.h new file mode 100644 index 0000000..9368a78 --- /dev/null +++ b/tls/pkcs11/gpkcs11util.h @@ -0,0 +1,51 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO - Small GLib wrapper of PKCS#11 for use in GTls + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#ifndef __G_PKCS11_UTIL_H__ +#define __G_PKCS11_UTIL_H__ + +#include + +#include + +G_BEGIN_DECLS + +#define G_PKCS11_VENDOR_CODE 0x47000000 /* G000 */ + +enum { + G_PKCS11_ERROR_BAD_URI = (CKR_VENDOR_DEFINED | (G_PKCS11_VENDOR_CODE + 1)), +}; + +#define G_PKCS11_ERROR (g_pkcs11_get_error_domain ()) + +GQuark g_pkcs11_get_error_domain (void) G_GNUC_CONST; + +gboolean g_pkcs11_propagate_error (GError **error, + CK_RV rv); + +G_END_DECLS + +#endif /* __G_PKCS11_UTIL_H___ */ diff --git a/tls/pkcs11/meson.build b/tls/pkcs11/meson.build new file mode 100644 index 0000000..5a9523a --- /dev/null +++ b/tls/pkcs11/meson.build @@ -0,0 +1,25 @@ +sources = files( + 'gpkcs11array.c', + 'gpkcs11pin.c', + 'gpkcs11slot.c', + 'gpkcs11util.c' +) + +deps = [ + glib_dep, + pkcs11_dep +] + +libgiopkcs11 = static_library( + 'giopkcs11', + sources: sources, + include_directories: top_inc, + dependencies: deps, + install: get_option('static_modules') +) + +libgiopkcs11_dep = declare_dependency( + link_with: libgiopkcs11, + include_directories: include_directories('.'), + dependencies: deps +) diff --git a/tls/pkcs11/pkcs11-trust-assertions.h b/tls/pkcs11/pkcs11-trust-assertions.h new file mode 100644 index 0000000..cfc916b --- /dev/null +++ b/tls/pkcs11/pkcs11-trust-assertions.h @@ -0,0 +1,59 @@ +/* + * pkcs11x.h + * Copyright 2010 Collabora, Ltd + * + * This file is free software; as a special exception the author gives + * unlimited permission to copy and/or distribute it, with or without + * modifications, as long as this notice is preserved. + * + * This file is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY, to the extent permitted by law; without even + * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + * PURPOSE. + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +/* + * The latest version of this file is at: + * + * git://thewalter.net/git/pkcs11-trust-assertions + * + * or viewable on the web at: + * + * http://thewalter.net/git/cgit.cgi/pkcs11-trust-assertions/tree/pkcs11-trust-assertions.h + * + */ + +#ifndef PKCS11_TRUST_ASSERTIONS_H +#define PKCS11_TRUST_ASSERTIONS_H + +#include + +#define CKA_XDG (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ ) +#define CKO_XDG (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ ) + +/* ------------------------------------------------------------------- + * TRUST ASSERTIONS + */ + +#define CKO_X_TRUST_ASSERTION (CKO_XDG + 100) + +#define CKA_X_ASSERTION_TYPE (CKA_XDG + 1) + +#define CKA_X_CERTIFICATE_VALUE (CKA_XDG + 2) + +#define CKA_X_PURPOSE (CKA_XDG + 3) + +#define CKA_X_PEER (CKA_XDG + 4) + +typedef CK_ULONG CK_X_ASSERTION_TYPE; + +#define CKT_X_UNTRUSTED_CERTIFICATE 1UL + +#define CKT_X_PINNED_CERTIFICATE 2UL + +#define CKT_X_ANCHORED_CERTIFICATE 3UL + +#endif /* PKCS11_TRUST_ASSERTIONS_H */ diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c new file mode 100644 index 0000000..8adec40 --- /dev/null +++ b/tls/tests/certificate.c @@ -0,0 +1,584 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include + +#include +#include + +static const gchar * +tls_test_file_path (const char *name) +{ + const gchar *const_path; + gchar *path; + + path = g_test_build_filename (G_TEST_DIST, "files", name, NULL); + if (!g_path_is_absolute (path)) + { + gchar *cwd, *abs; + + cwd = g_get_current_dir (); + abs = g_build_filename (cwd, path, NULL); + g_free (cwd); + g_free (path); + path = abs; + } + + const_path = g_intern_string (path); + g_free (path); + return const_path; +} + +typedef struct { + GTlsBackend *backend; + GType cert_gtype; + gchar *cert_pem; + gsize cert_pem_length; + GByteArray *cert_der; + gchar *key_pem; + gsize key_pem_length; + GByteArray *key_der; +} TestCertificate; + +static void +setup_certificate (TestCertificate *test, gconstpointer data) +{ + GError *error = NULL; + gchar *contents; + gsize length; + + test->backend = g_tls_backend_get_default (); + test->cert_gtype = g_tls_backend_get_certificate_type (test->backend); + + g_file_get_contents (tls_test_file_path ("server.pem"), &test->cert_pem, + &test->cert_pem_length, &error); + g_assert_no_error (error); + + g_file_get_contents (tls_test_file_path ("server.der"), + &contents, &length, &error); + g_assert_no_error (error); + + test->cert_der = g_byte_array_new (); + g_byte_array_append (test->cert_der, (guint8 *)contents, length); + g_free (contents); + + g_file_get_contents (tls_test_file_path ("server-key.pem"), &test->key_pem, + &test->key_pem_length, &error); + g_assert_no_error (error); + + g_file_get_contents (tls_test_file_path ("server-key.der"), + &contents, &length, &error); + g_assert_no_error (error); + + test->key_der = g_byte_array_new (); + g_byte_array_append (test->key_der, (guint8 *)contents, length); + g_free (contents); +} + +static void +teardown_certificate (TestCertificate *test, + gconstpointer data) +{ + g_free (test->cert_pem); + g_byte_array_free (test->cert_der, TRUE); + + g_free (test->key_pem); + g_byte_array_free (test->key_der, TRUE); +} + +static void +test_create_pem (TestCertificate *test, + gconstpointer data) +{ + GTlsCertificate *cert; + gchar *pem = NULL; + GError *error = NULL; + + cert = g_tls_certificate_new_from_pem (test->cert_pem, test->cert_pem_length, &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + g_object_get (cert, "certificate-pem", &pem, NULL); + g_assert_cmpstr (pem, ==, test->cert_pem); + g_free (pem); + + g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert); + g_object_unref (cert); + g_assert (cert == NULL); +} + +static void +test_create_with_key_pem (TestCertificate *test, + gconstpointer data) +{ + GTlsCertificate *cert; + GError *error = NULL; + + cert = g_initable_new (test->cert_gtype, NULL, &error, + "certificate-pem", test->cert_pem, + "private-key-pem", test->key_pem, + NULL); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert); + g_object_unref (cert); + g_assert (cert == NULL); +} + +static void +test_create_der (TestCertificate *test, + gconstpointer data) +{ + GTlsCertificate *cert; + GByteArray *der = NULL; + GError *error = NULL; + + cert = g_initable_new (test->cert_gtype, NULL, &error, + "certificate", test->cert_der, + NULL); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + g_object_get (cert, "certificate", &der, NULL); + g_assert (der); + g_assert_cmpuint (der->len, ==, test->cert_der->len); + g_assert (memcmp (der->data, test->cert_der->data, der->len) == 0); + + g_byte_array_unref (der); + + g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert); + g_object_unref (cert); + g_assert (cert == NULL); +} + +static void +test_create_with_key_der (TestCertificate *test, + gconstpointer data) +{ + GTlsCertificate *cert; + GError *error = NULL; + + cert = g_initable_new (test->cert_gtype, NULL, &error, + "certificate", test->cert_der, + "private-key", test->key_der, + NULL); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert); + g_object_unref (cert); + g_assert (cert == NULL); +} + +static void +test_create_certificate_with_issuer (TestCertificate *test, + gconstpointer data) +{ + GTlsCertificate *cert, *issuer, *check; + GError *error = NULL; + + issuer = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (issuer)); + + cert = g_initable_new (test->cert_gtype, NULL, &error, + "certificate-pem", test->cert_pem, + "issuer", issuer, + NULL); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + g_object_add_weak_pointer (G_OBJECT (issuer), (gpointer *)&issuer); + g_object_unref (issuer); + g_assert (issuer != NULL); + + check = g_tls_certificate_get_issuer (cert); + g_assert (check == issuer); + + g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert); + g_object_unref (cert); + g_assert (cert == NULL); + g_assert (issuer == NULL); +} + +static void +test_create_certificate_chain (void) +{ + GTlsCertificate *cert, *intermediate, *root; + GError *error = NULL; + + if (glib_check_version (2, 43, 0)) + { + g_test_skip ("This test requires glib 2.43"); + return; + } + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + intermediate = g_tls_certificate_get_issuer (cert); + g_assert (G_IS_TLS_CERTIFICATE (intermediate)); + + root = g_tls_certificate_get_issuer (intermediate); + g_assert (G_IS_TLS_CERTIFICATE (root)); + + g_assert (g_tls_certificate_get_issuer (root) == NULL); + + g_object_unref (cert); +} + +static void +test_create_certificate_no_chain (void) +{ + GTlsCertificate *cert, *issuer; + GError *error = NULL; + gchar *cert_pem; + gsize cert_pem_length; + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + issuer = g_tls_certificate_get_issuer (cert); + g_assert (issuer == NULL); + g_object_unref (cert); + + /* Truncate a valid chain certificate file. We should only get the + * first certificate. + */ + g_file_get_contents (tls_test_file_path ("chain.pem"), &cert_pem, + &cert_pem_length, &error); + g_assert_no_error (error); + + cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error); + g_free (cert_pem); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + issuer = g_tls_certificate_get_issuer (cert); + g_assert (issuer == NULL); + g_object_unref (cert); +} + +static void +test_create_list (void) +{ + GList *list; + GError *error = NULL; + + list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); + g_assert_cmpint (g_list_length (list), ==, 8); + + g_list_free_full (list, g_object_unref); +} + +static void +test_create_list_bad (void) +{ + GList *list; + GError *error = NULL; + + list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots-bad.pem"), &error); + g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + g_assert_null (list); + g_error_free (error); +} + +/* ----------------------------------------------------------------------------- + * CERTIFICATE VERIFY + */ + +typedef struct { + GTlsCertificate *cert; + GTlsCertificate *anchor; + GSocketConnectable *identity; + GTlsDatabase *database; +} TestVerify; + +static void +setup_verify (TestVerify *test, + gconstpointer data) +{ + GError *error = NULL; + + test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (test->cert)); + + test->identity = g_network_address_new ("server.example.com", 80); + + test->anchor = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (test->anchor)); + test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_DATABASE (test->database)); +} + +static void +teardown_verify (TestVerify *test, + gconstpointer data) +{ + g_assert (G_IS_TLS_CERTIFICATE (test->cert)); + g_object_add_weak_pointer (G_OBJECT (test->cert), + (gpointer *)&test->cert); + g_object_unref (test->cert); + g_assert (test->cert == NULL); + + g_assert (G_IS_TLS_CERTIFICATE (test->anchor)); + g_object_add_weak_pointer (G_OBJECT (test->anchor), + (gpointer *)&test->anchor); + g_object_unref (test->anchor); + g_assert (test->anchor == NULL); + + g_assert (G_IS_TLS_DATABASE (test->database)); + g_object_add_weak_pointer (G_OBJECT (test->database), + (gpointer *)&test->database); + g_object_unref (test->database); + g_assert (test->database == NULL); + + g_object_add_weak_pointer (G_OBJECT (test->identity), + (gpointer *)&test->identity); + g_object_unref (test->identity); + g_assert (test->identity == NULL); +} + +static void +test_verify_certificate_good (TestVerify *test, + gconstpointer data) +{ + GSocketConnectable *identity; + GSocketAddress *addr; + GTlsCertificateFlags errors; + + errors = g_tls_certificate_verify (test->cert, test->identity, test->anchor); + g_assert_cmpuint (errors, ==, 0); + + errors = g_tls_certificate_verify (test->cert, NULL, test->anchor); + g_assert_cmpuint (errors, ==, 0); + + identity = g_network_address_new ("192.168.1.10", 80); + errors = g_tls_certificate_verify (test->cert, identity, test->anchor); + g_assert_cmpuint (errors, ==, 0); + g_object_unref (identity); + + addr = g_inet_socket_address_new_from_string ("192.168.1.10", 80); + errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor); + g_assert_cmpuint (errors, ==, 0); + g_object_unref (addr); +} + +static void +test_verify_certificate_bad_identity (TestVerify *test, + gconstpointer data) +{ + GSocketConnectable *identity; + GTlsCertificateFlags errors; + GSocketAddress *addr; + + identity = g_network_address_new ("other.example.com", 80); + errors = g_tls_certificate_verify (test->cert, identity, test->anchor); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY); + g_object_unref (identity); + + identity = g_network_address_new ("127.0.0.1", 80); + errors = g_tls_certificate_verify (test->cert, identity, test->anchor); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY); + g_object_unref (identity); + + addr = g_inet_socket_address_new_from_string ("127.0.0.1", 80); + errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY); + g_object_unref (addr); +} + +static void +test_verify_certificate_bad_ca (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GTlsCertificate *cert; + GError *error = NULL; + + /* Use a client certificate as the CA, which is wrong */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + errors = g_tls_certificate_verify (test->cert, test->identity, cert); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA); + + g_object_unref (cert); +} + +static void +test_verify_certificate_bad_before (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GTlsCertificate *cert; + GError *error = NULL; + + /* This is a certificate in the future */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + errors = g_tls_certificate_verify (cert, NULL, test->anchor); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_NOT_ACTIVATED); + + g_object_unref (cert); +} + +static void +test_verify_certificate_bad_expired (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GTlsCertificate *cert; + GError *error = NULL; + + /* This is a certificate in the future */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + errors = g_tls_certificate_verify (cert, NULL, test->anchor); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_EXPIRED); + + g_object_unref (cert); +} + +static void +test_verify_certificate_bad_combo (TestVerify *test, + gconstpointer data) +{ + GTlsCertificate *cert; + GTlsCertificate *cacert; + GSocketConnectable *identity; + GTlsCertificateFlags errors; + GError *error = NULL; + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + /* Unrelated cert used as certificate authority */ + cacert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cacert)); + + /* + * - Use unrelated cert as CA + * - Use wrong identity. + * - Use expired certificate. + */ + + identity = g_network_address_new ("other.example.com", 80); + + errors = g_tls_certificate_verify (cert, identity, cacert); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA | + G_TLS_CERTIFICATE_BAD_IDENTITY | G_TLS_CERTIFICATE_EXPIRED); + + g_object_unref (cert); + g_object_unref (cacert); + g_object_unref (identity); +} + +static void +test_certificate_is_same (void) +{ + GTlsCertificate *one; + GTlsCertificate *two; + GTlsCertificate *three; + GError *error = NULL; + + one = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error); + g_assert_no_error (error); + + two = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error); + g_assert_no_error (error); + + three = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error); + g_assert_no_error (error); + + g_assert (g_tls_certificate_is_same (one, two) == TRUE); + g_assert (g_tls_certificate_is_same (two, one) == TRUE); + g_assert (g_tls_certificate_is_same (three, one) == FALSE); + g_assert (g_tls_certificate_is_same (one, three) == FALSE); + g_assert (g_tls_certificate_is_same (two, three) == FALSE); + g_assert (g_tls_certificate_is_same (three, two) == FALSE); + + g_object_unref (one); + g_object_unref (two); + g_object_unref (three); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_setenv ("GSETTINGS_BACKEND", "memory", TRUE); + g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE); + g_setenv ("GIO_USE_TLS", "gnutls", TRUE); + + g_test_add ("/tls/certificate/create-pem", TestCertificate, NULL, + setup_certificate, test_create_pem, teardown_certificate); + g_test_add ("/tls/certificate/create-der", TestCertificate, NULL, + setup_certificate, test_create_der, teardown_certificate); + g_test_add ("/tls/certificate/create-with-key-pem", TestCertificate, NULL, + setup_certificate, test_create_with_key_pem, teardown_certificate); + g_test_add ("/tls/certificate/create-with-key-der", TestCertificate, NULL, + setup_certificate, test_create_with_key_der, teardown_certificate); + g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL, + setup_certificate, test_create_certificate_with_issuer, teardown_certificate); + g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain); + g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain); + g_test_add_func ("/tls/certificate/create-list", test_create_list); + g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad); + + g_test_add ("/tls/certificate/verify-good", TestVerify, NULL, + setup_verify, test_verify_certificate_good, teardown_verify); + g_test_add ("/tls/certificate/verify-bad-identity", TestVerify, NULL, + setup_verify, test_verify_certificate_bad_identity, teardown_verify); + g_test_add ("/tls/certificate/verify-bad-ca", TestVerify, NULL, + setup_verify, test_verify_certificate_bad_ca, teardown_verify); + g_test_add ("/tls/certificate/verify-bad-before", TestVerify, NULL, + setup_verify, test_verify_certificate_bad_before, teardown_verify); + g_test_add ("/tls/certificate/verify-bad-expired", TestVerify, NULL, + setup_verify, test_verify_certificate_bad_expired, teardown_verify); + g_test_add ("/tls/certificate/verify-bad-combo", TestVerify, NULL, + setup_verify, test_verify_certificate_bad_combo, teardown_verify); + + g_test_add_func ("/tls/certificate/is-same", test_certificate_is_same); + + return g_test_run(); +} diff --git a/tls/tests/connection.c b/tls/tests/connection.c new file mode 100644 index 0000000..20cbc4b --- /dev/null +++ b/tls/tests/connection.c @@ -0,0 +1,2121 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "mock-interaction.h" + +#include +#include + +#include +#include + +static const gchar * +tls_test_file_path (const char *name) +{ + const gchar *const_path; + gchar *path; + + path = g_test_build_filename (G_TEST_DIST, "files", name, NULL); + if (!g_path_is_absolute (path)) + { + gchar *cwd, *abs; + + cwd = g_get_current_dir (); + abs = g_build_filename (cwd, path, NULL); + g_free (cwd); + g_free (path); + path = abs; + } + + const_path = g_intern_string (path); + g_free (path); + return const_path; +} + +#define TEST_DATA "You win again, gravity!\n" +#define TEST_DATA_LENGTH 24 + +typedef struct { + GMainContext *context; + GMainLoop *loop; + GSocketService *service; + GTlsDatabase *database; + GIOStream *server_connection; + GIOStream *client_connection; + GSocketConnectable *identity; + GSocketAddress *address; + GTlsAuthenticationMode auth_mode; + gboolean rehandshake; + GTlsCertificateFlags accept_flags; + GError *read_error; + gboolean expect_server_error; + GError *server_error; + gboolean server_should_close; + gboolean server_running; + GTlsCertificate *server_certificate; + + char buf[128]; + gssize nread, nwrote; +} TestConnection; + +static void +setup_connection (TestConnection *test, gconstpointer data) +{ + test->context = g_main_context_default (); + test->loop = g_main_loop_new (test->context, FALSE); + test->auth_mode = G_TLS_AUTHENTICATION_NONE; +} + +/* Waits about 10 seconds for @var to be NULL/FALSE */ +#define WAIT_UNTIL_UNSET(var) \ + if (var) \ + { \ + int i; \ + \ + for (i = 0; i < 13 && (var); i++) \ + { \ + g_usleep (1000 * (1 << i)); \ + g_main_context_iteration (NULL, FALSE); \ + } \ + \ + g_assert (!(var)); \ + } + +static void +teardown_connection (TestConnection *test, gconstpointer data) +{ + if (test->service) + { + g_socket_service_stop (test->service); + /* The outstanding accept_async will hold a ref on test->service, + * which we want to wait for it to release if we're valgrinding. + */ + g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)&test->service); + g_object_unref (test->service); + WAIT_UNTIL_UNSET (test->service); + } + + if (test->server_connection) + { + WAIT_UNTIL_UNSET (test->server_running); + + g_object_add_weak_pointer (G_OBJECT (test->server_connection), + (gpointer *)&test->server_connection); + g_object_unref (test->server_connection); + WAIT_UNTIL_UNSET (test->server_connection); + } + + if (test->client_connection) + { + g_object_add_weak_pointer (G_OBJECT (test->client_connection), + (gpointer *)&test->client_connection); + g_object_unref (test->client_connection); + WAIT_UNTIL_UNSET (test->client_connection); + } + + if (test->database) + { + g_object_add_weak_pointer (G_OBJECT (test->database), + (gpointer *)&test->database); + g_object_unref (test->database); + WAIT_UNTIL_UNSET (test->database); + } + + g_clear_object (&test->address); + g_clear_object (&test->identity); + g_clear_object (&test->server_certificate); + g_main_loop_unref (test->loop); + g_clear_error (&test->read_error); + g_clear_error (&test->server_error); +} + +static void +start_server (TestConnection *test) +{ + GInetAddress *inet; + GSocketAddress *addr; + GInetSocketAddress *iaddr; + GError *error = NULL; + + inet = g_inet_address_new_from_string ("127.0.0.1"); + addr = g_inet_socket_address_new (inet, 0); + g_object_unref (inet); + + g_socket_listener_add_address (G_SOCKET_LISTENER (test->service), addr, + G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP, + NULL, &test->address, &error); + g_assert_no_error (error); + + g_object_unref (addr); + + /* The hostname in test->identity matches the server certificate. */ + iaddr = G_INET_SOCKET_ADDRESS (test->address); + test->identity = g_network_address_new ("server.example.com", + g_inet_socket_address_get_port (iaddr)); + + test->server_running = TRUE; +} + +static gboolean +on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert, + GTlsCertificateFlags errors, gpointer user_data) +{ + TestConnection *test = user_data; + return errors == test->accept_flags; +} + +static void on_output_write_finish (GObject *object, + GAsyncResult *res, + gpointer user_data); + +static void +on_rehandshake_finish (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + GOutputStream *stream; + + g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), res, &error); + g_assert_no_error (error); + + stream = g_io_stream_get_output_stream (test->server_connection); + g_output_stream_write_async (stream, TEST_DATA + TEST_DATA_LENGTH / 2, + TEST_DATA_LENGTH / 2, + G_PRIORITY_DEFAULT, NULL, + on_output_write_finish, test); +} + +static void +on_server_close_finish (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + + g_io_stream_close_finish (G_IO_STREAM (object), res, &error); + if (test->expect_server_error) + g_assert (error != NULL); + else + g_assert_no_error (error); + test->server_running = FALSE; +} + +static void +close_server_connection (TestConnection *test) +{ + g_io_stream_close_async (test->server_connection, G_PRIORITY_DEFAULT, NULL, + on_server_close_finish, test); +} + +static void +on_output_write_finish (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + + g_assert (test->server_error == NULL); + g_output_stream_write_finish (G_OUTPUT_STREAM (object), res, &test->server_error); + + if (!test->server_error && test->rehandshake) + { + test->rehandshake = FALSE; + g_tls_connection_handshake_async (G_TLS_CONNECTION (test->server_connection), + G_PRIORITY_DEFAULT, NULL, + on_rehandshake_finish, test); + return; + } + + if (test->server_should_close) + close_server_connection (test); +} + +static gboolean +on_incoming_connection (GSocketService *service, + GSocketConnection *connection, + GObject *source_object, + gpointer user_data) +{ + TestConnection *test = user_data; + GOutputStream *stream; + GTlsCertificate *cert; + GError *error = NULL; + + if (test->server_certificate) + { + cert = g_object_ref (test->server_certificate); + } + else + { + cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error); + g_assert_no_error (error); + } + + test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection), + cert, &error); + g_assert_no_error (error); + g_object_unref (cert); + + g_object_set (test->server_connection, "authentication-mode", test->auth_mode, NULL); + g_signal_connect (test->server_connection, "accept-certificate", + G_CALLBACK (on_accept_certificate), test); + + if (test->database) + g_tls_connection_set_database (G_TLS_CONNECTION (test->server_connection), test->database); + + stream = g_io_stream_get_output_stream (test->server_connection); + + g_output_stream_write_async (stream, TEST_DATA, + test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH, + G_PRIORITY_DEFAULT, NULL, + on_output_write_finish, test); + return FALSE; +} + +static void +start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode, + gboolean should_close) +{ + test->service = g_socket_service_new (); + start_server (test); + + test->auth_mode = auth_mode; + g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test); + + test->server_should_close = should_close; +} + +static GIOStream * +start_async_server_and_connect_to_it (TestConnection *test, + GTlsAuthenticationMode auth_mode, + gboolean should_close) +{ + GSocketClient *client; + GError *error = NULL; + GSocketConnection *connection; + + start_async_server_service (test, auth_mode, should_close); + + client = g_socket_client_new (); + connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address), + NULL, &error); + g_assert_no_error (error); + g_object_unref (client); + + return G_IO_STREAM (connection); +} + +static void +run_echo_server (GThreadedSocketService *service, + GSocketConnection *connection, + GObject *source_object, + gpointer user_data) +{ + TestConnection *test = user_data; + GTlsConnection *tlsconn; + GTlsCertificate *cert; + GError *error = NULL; + GInputStream *istream; + GOutputStream *ostream; + gssize nread, nwrote, total; + gchar buf[128]; + + if (test->server_certificate) + { + cert = g_object_ref (test->server_certificate); + } + else + { + cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error); + g_assert_no_error (error); + } + + test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection), + cert, &error); + g_assert_no_error (error); + g_object_unref (cert); + + tlsconn = G_TLS_CONNECTION (test->server_connection); + g_tls_connection_handshake (tlsconn, NULL, &error); + g_assert_no_error (error); + + istream = g_io_stream_get_input_stream (test->server_connection); + ostream = g_io_stream_get_output_stream (test->server_connection); + + while (TRUE) + { + nread = g_input_stream_read (istream, buf, sizeof (buf), NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (nread, >=, 0); + + if (nread == 0) + break; + + for (total = 0; total < nread; total += nwrote) + { + nwrote = g_output_stream_write (ostream, buf + total, nread - total, NULL, &error); + g_assert_no_error (error); + } + + if (test->rehandshake) + { + test->rehandshake = FALSE; + g_tls_connection_handshake (tlsconn, NULL, &error); + g_assert_no_error (error); + } + } + + g_io_stream_close (test->server_connection, NULL, &error); + g_assert_no_error (error); + test->server_running = FALSE; +} + +static void +start_echo_server_service (TestConnection *test) +{ + test->service = g_threaded_socket_service_new (5); + start_server (test); + + g_signal_connect (test->service, "run", G_CALLBACK (run_echo_server), test); +} + +static GIOStream * +start_echo_server_and_connect_to_it (TestConnection *test) +{ + GSocketClient *client; + GError *error = NULL; + GSocketConnection *connection; + + start_echo_server_service (test); + + client = g_socket_client_new (); + connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address), + NULL, &error); + g_assert_no_error (error); + g_object_unref (client); + + return G_IO_STREAM (connection); +} + +static void +on_client_connection_close_finish (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + + g_io_stream_close_finish (G_IO_STREAM (object), res, &error); + g_assert_no_error (error); + + g_main_loop_quit (test->loop); +} + +static void +on_input_read_finish (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + gchar *line, *check; + + line = g_data_input_stream_read_line_finish (G_DATA_INPUT_STREAM (object), res, + NULL, &test->read_error); + if (!test->read_error) + { + g_assert (line); + + check = g_strdup (TEST_DATA); + g_strstrip (check); + g_assert_cmpstr (line, ==, check); + g_free (check); + g_free (line); + } + + g_io_stream_close_async (test->client_connection, G_PRIORITY_DEFAULT, + NULL, on_client_connection_close_finish, test); +} + +static void +read_test_data_async (TestConnection *test) +{ + GDataInputStream *stream; + + stream = g_data_input_stream_new (g_io_stream_get_input_stream (test->client_connection)); + g_assert (stream); + + g_data_input_stream_read_line_async (stream, G_PRIORITY_DEFAULT, NULL, + on_input_read_finish, test); + g_object_unref (stream); +} + +static void +test_basic_connection (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + /* No validation at all in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + 0); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); +} + +static void +test_verified_connection (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + + test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); + g_assert (test->database); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); +} + +static void +test_verified_chain (TestConnection *test, + gconstpointer data) +{ + GTlsBackend *backend; + GTlsCertificate *server_cert; + GTlsCertificate *intermediate_cert; + char *cert_data = NULL; + char *key_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* Prepare the intermediate cert. */ + intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error); + g_assert_no_error (error); + g_assert (intermediate_cert); + + /* Prepare the server cert. */ + g_clear_pointer (&cert_data, g_free); + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"), + &key_data, NULL, &error); + g_assert_no_error (error); + g_assert (key_data); + + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", intermediate_cert, + "certificate-pem", cert_data, + "private-key-pem", key_data, + NULL); + g_assert_no_error (error); + g_assert (server_cert); + + g_object_unref (intermediate_cert); + g_free (cert_data); + g_free (key_data); + + test->server_certificate = server_cert; + test_verified_connection (test, data); +} + +static void +test_verified_chain_with_redundant_root_cert (TestConnection *test, + gconstpointer data) +{ + GTlsBackend *backend; + GTlsCertificate *server_cert; + GTlsCertificate *intermediate_cert; + GTlsCertificate *root_cert; + char *cert_data = NULL; + char *key_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* The root is redundant. It should not hurt anything. */ + root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + g_assert (root_cert); + + /* Prepare the intermediate cert. */ + g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", root_cert, + "certificate-pem", cert_data, + NULL); + g_assert_no_error (error); + g_assert (intermediate_cert); + + /* Prepare the server cert. */ + g_clear_pointer (&cert_data, g_free); + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"), + &key_data, NULL, &error); + g_assert_no_error (error); + g_assert (key_data); + + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", intermediate_cert, + "certificate-pem", cert_data, + "private-key-pem", key_data, + NULL); + g_assert_no_error (error); + g_assert (server_cert); + + g_object_unref (intermediate_cert); + g_object_unref (root_cert); + g_free (cert_data); + g_free (key_data); + + test->server_certificate = server_cert; + test_verified_connection (test, data); +} + +static void +test_verified_chain_with_duplicate_server_cert (TestConnection *test, + gconstpointer data) +{ + /* This is another common server misconfiguration. Apache reads certificates + * from two configuration files: one for the server cert, and one for the rest + * of the chain. If the server cert is pasted into both files, it will be sent + * twice. We should be tolerant of this. */ + + GTlsBackend *backend; + GTlsCertificate *server_cert; + GTlsCertificate *extra_server_cert; + GTlsCertificate *intermediate_cert; + char *cert_data = NULL; + char *key_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* Prepare the intermediate cert. */ + intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error); + g_assert_no_error (error); + g_assert (intermediate_cert); + + /* Prepare the server cert. */ + g_clear_pointer (&cert_data, g_free); + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"), + &key_data, NULL, &error); + g_assert_no_error (error); + g_assert (key_data); + + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", intermediate_cert, + "certificate-pem", cert_data, + NULL); + g_assert_no_error (error); + g_assert (server_cert); + + /* Prepare the server cert... again. Private key must go on this one. */ + extra_server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", server_cert, + "certificate-pem", cert_data, + "private-key-pem", key_data, + NULL); + g_assert_no_error (error); + g_assert (extra_server_cert); + + g_object_unref (intermediate_cert); + g_object_unref (server_cert); + g_free (cert_data); + g_free (key_data); + + test->server_certificate = extra_server_cert; + test_verified_connection (test, data); +} + +static void +test_verified_unordered_chain (TestConnection *test, + gconstpointer data) +{ + GTlsBackend *backend; + GTlsCertificate *server_cert; + GTlsCertificate *intermediate_cert; + GTlsCertificate *root_cert; + char *cert_data = NULL; + char *key_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* Prepare the intermediate cert (to be sent last, out of order)! */ + intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), + &error); + g_assert_no_error (error); + g_assert (intermediate_cert); + + g_file_get_contents (tls_test_file_path ("ca.pem"), &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + /* Prepare the root cert (to be sent in the middle of the chain). */ + root_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", intermediate_cert, + "certificate-pem", cert_data, + NULL); + g_assert_no_error (error); + g_assert (root_cert); + + g_clear_pointer (&cert_data, g_free); + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"), + &key_data, NULL, &error); + g_assert_no_error (error); + g_assert (key_data); + + /* Prepare the server cert. */ + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", root_cert, + "certificate-pem", cert_data, + "private-key-pem", key_data, + NULL); + g_assert_no_error (error); + g_assert (server_cert); + + g_object_unref (intermediate_cert); + g_object_unref (root_cert); + g_free (cert_data); + g_free (key_data); + + test->server_certificate = server_cert; + test_verified_connection (test, data); +} + +static void +test_verified_chain_with_alternative_ca_cert (TestConnection *test, + gconstpointer data) +{ + GTlsBackend *backend; + GTlsCertificate *server_cert; + GTlsCertificate *intermediate_cert; + GTlsCertificate *root_cert; + char *cert_data = NULL; + char *key_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* This "root" cert is issued by a CA that is not in the trust store. So it's + * not really a root, but it has the same public key as a cert in the trust + * store. If the client insists on a traditional chain of trust, this will + * fail, since the issuer is untrusted. */ + root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error); + g_assert_no_error (error); + g_assert (root_cert); + + /* Prepare the intermediate cert. Modern TLS libraries are expected to notice + * that it is signed by the same public key as a certificate in the root + * store, and accept the certificate, ignoring the untrusted "root" sent next + * in the chain, which servers send for compatibility with clients that don't + * have the new CA cert in the trust store yet. (In this scenario, the old + * client still trusts the old CA cert.) */ + g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", root_cert, + "certificate-pem", cert_data, + NULL); + g_assert_no_error (error); + g_assert (intermediate_cert); + + /* Prepare the server cert. */ + g_clear_pointer (&cert_data, g_free); + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"), + &key_data, NULL, &error); + g_assert_no_error (error); + g_assert (key_data); + + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", intermediate_cert, + "certificate-pem", cert_data, + "private-key-pem", key_data, + NULL); + g_assert_no_error (error); + g_assert (server_cert); + + g_object_unref (intermediate_cert); + g_object_unref (root_cert); + g_free (cert_data); + g_free (key_data); + + test->server_certificate = server_cert; + test_verified_connection (test, data); +} + +static void +test_invalid_chain_with_alternative_ca_cert (TestConnection *test, + gconstpointer data) +{ + GTlsBackend *backend; + GTlsCertificate *server_cert; + GTlsCertificate *root_cert; + GIOStream *connection; + char *cert_data = NULL; + char *key_data = NULL; + GError *error = NULL; + + backend = g_tls_backend_get_default (); + + /* This certificate has the same public key as a certificate in the root store. */ + root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error); + g_assert_no_error (error); + g_assert (root_cert); + + /* The intermediate cert is not sent. The chain should be rejected, since without intermediate.pem + * there is no proof that ca-alternative.pem signed server-intermediate.pem. */ + g_file_get_contents (tls_test_file_path ("server-intermediate.pem"), + &cert_data, NULL, &error); + g_assert_no_error (error); + g_assert (cert_data); + + g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"), + &key_data, NULL, &error); + g_assert_no_error (error); + g_assert (key_data); + + server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend), + NULL, &error, + "issuer", root_cert, + "certificate-pem", cert_data, + "private-key-pem", key_data, + NULL); + g_assert_no_error (error); + g_assert (server_cert); + + g_object_unref (root_cert); + g_free (cert_data); + g_free (key_data); + + test->server_certificate = server_cert; + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + /* Make sure this test doesn't expire. */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + g_assert_no_error (test->server_error); +} + +static void +on_notify_accepted_cas (GObject *obj, + GParamSpec *spec, + gpointer user_data) +{ + gboolean *changed = user_data; + g_assert (*changed == FALSE); + *changed = TRUE; +} + +static void +test_client_auth_connection (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GTlsCertificate *cert; + GTlsCertificate *peer; + gboolean cas_changed; + GSocketClient *client; + + test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); + g_assert (test->database); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error); + g_assert_no_error (error); + + g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert); + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + cas_changed = FALSE; + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (on_notify_accepted_cas), &cas_changed); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); + + peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection)); + g_assert (peer != NULL); + g_assert (g_tls_certificate_is_same (peer, cert)); + g_assert (cas_changed == TRUE); + + g_object_unref (cert); + g_object_unref (test->database); + g_object_unref (test->client_connection); + + /* Now start a new connection to the same server with a different client cert */ + client = g_socket_client_new (); + connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address), + NULL, &error)); + g_assert_no_error (error); + g_object_unref (client); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_object_unref (connection); + + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + 0); + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client2-and-key.pem"), &error); + g_assert_no_error (error); + g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert); + g_object_unref (cert); + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); + + /* peer should see the second client cert */ + peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection)); + g_assert (peer != NULL); + g_assert (g_tls_certificate_is_same (peer, cert)); +} + +static void +test_client_auth_rehandshake (TestConnection *test, + gconstpointer data) +{ + test->rehandshake = TRUE; + test_client_auth_connection (test, data); +} + +static void +test_client_auth_failure (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + gboolean accepted_changed; + GSocketClient *client; + GTlsCertificate *cert; + GTlsCertificate *peer; + GTlsInteraction *interaction; + + test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); + g_assert (test->database); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + /* No Certificate set */ + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + accepted_changed = FALSE; + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (on_notify_accepted_cas), &accepted_changed); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED); + g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED); + + g_assert (accepted_changed == TRUE); + + g_object_unref (test->client_connection); + g_object_unref (test->database); + g_clear_error (&test->read_error); + g_clear_error (&test->server_error); + + /* Now start a new connection to the same server with a valid client cert; + * this should succeed, and not use the cached failed session from above */ + client = g_socket_client_new (); + connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address), + NULL, &error)); + g_assert_no_error (error); + g_object_unref (client); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + /* Have the interaction return a certificate */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error); + g_assert_no_error (error); + interaction = mock_interaction_new_static_certificate (cert); + g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction); + g_object_unref (interaction); + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + accepted_changed = FALSE; + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (on_notify_accepted_cas), &accepted_changed); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); + + peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection)); + g_assert (peer != NULL); + g_assert (g_tls_certificate_is_same (peer, cert)); + g_assert (accepted_changed == TRUE); + + g_object_unref (cert); +} + +static void +test_client_auth_request_cert (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GTlsCertificate *cert; + GTlsCertificate *peer; + GTlsInteraction *interaction; + gboolean cas_changed; + + test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); + g_assert (test->database); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + /* Have the interaction return a certificate */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error); + g_assert_no_error (error); + interaction = mock_interaction_new_static_certificate (cert); + g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction); + g_object_unref (interaction); + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + cas_changed = FALSE; + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (on_notify_accepted_cas), &cas_changed); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); + + peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection)); + g_assert (peer != NULL); + g_assert (g_tls_certificate_is_same (peer, cert)); + g_assert (cas_changed == TRUE); + + g_object_unref (cert); +} + +static void +test_client_auth_request_fail (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GTlsInteraction *interaction; + + test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); + g_assert (test->database); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database); + + /* Have the interaction return an error */ + interaction = mock_interaction_new_static_error (G_FILE_ERROR, G_FILE_ERROR_ACCES, "Request message"); + g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction); + g_object_unref (interaction); + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES); + + g_io_stream_close (test->server_connection, NULL, NULL); + g_io_stream_close (test->client_connection, NULL, NULL); +} + +static void +test_connection_no_database (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_assert (test->client_connection); + g_object_unref (connection); + + /* Overrides loading of the default database */ + g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), NULL); + + /* All validation in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + test->accept_flags = G_TLS_CERTIFICATE_UNKNOWN_CA; + g_signal_connect (test->client_connection, "accept-certificate", + G_CALLBACK (on_accept_certificate), test); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); +} + +static void +handshake_failed_cb (GObject *source, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + + g_tls_connection_handshake_finish (G_TLS_CONNECTION (test->client_connection), + result, &error); + g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + g_clear_error (&error); + + g_main_loop_quit (test->loop); +} + +static void +test_failed_connection (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GSocketConnectable *bad_addr; + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + + bad_addr = g_network_address_new ("wrong.example.com", 80); + test->client_connection = g_tls_client_connection_new (connection, bad_addr, &error); + g_object_unref (bad_addr); + g_assert_no_error (error); + g_object_unref (connection); + + g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection), + G_PRIORITY_DEFAULT, NULL, + handshake_failed_cb, test); + g_main_loop_run (test->loop); + + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + G_TLS_CERTIFICATE_VALIDATE_ALL); + + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + g_assert_no_error (test->server_error); +} + +static void +socket_client_connected (GObject *source, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + GSocketConnection *connection; + GError *error = NULL; + + connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source), + result, &error); + g_assert_no_error (error); + test->client_connection = G_IO_STREAM (connection); + + g_main_loop_quit (test->loop); +} + +static void +test_connection_socket_client (TestConnection *test, + gconstpointer data) +{ + GSocketClient *client; + GTlsCertificateFlags flags; + GSocketConnection *connection; + GIOStream *base; + GError *error = NULL; + + start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE); + client = g_socket_client_new (); + g_socket_client_set_tls (client, TRUE); + flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA; + /* test->address doesn't match the server's cert */ + flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY; + g_socket_client_set_tls_validation_flags (client, flags); + + g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address), + NULL, socket_client_connected, test); + g_main_loop_run (test->loop); + + connection = (GSocketConnection *)test->client_connection; + test->client_connection = NULL; + + g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection)); + base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection)); + g_assert (G_IS_TLS_CONNECTION (base)); + + g_io_stream_close (G_IO_STREAM (connection), NULL, &error); + g_assert_no_error (error); + g_object_unref (connection); + + g_object_unref (client); +} + +static void +socket_client_failed (GObject *source, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + + g_socket_client_connect_finish (G_SOCKET_CLIENT (source), + result, &error); + g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); + g_clear_error (&error); + + g_main_loop_quit (test->loop); +} + +static void +test_connection_socket_client_failed (TestConnection *test, + gconstpointer data) +{ + GSocketClient *client; + + start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE); + client = g_socket_client_new (); + g_socket_client_set_tls (client, TRUE); + /* this time we don't adjust the validation flags */ + + g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address), + NULL, socket_client_failed, test); + g_main_loop_run (test->loop); + + g_object_unref (client); +} + +static void +socket_client_timed_out_write (GObject *source, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + GSocketConnection *connection; + GInputStream *input_stream; + GOutputStream *output_stream; + GError *error = NULL; + gchar buffer[TEST_DATA_LENGTH]; + gssize size; + + connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source), + result, &error); + g_assert_no_error (error); + test->client_connection = G_IO_STREAM (connection); + + input_stream = g_io_stream_get_input_stream (test->client_connection); + output_stream = g_io_stream_get_output_stream (test->client_connection); + + /* read TEST_DATA_LENGTH once */ + size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH, + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (size, ==, TEST_DATA_LENGTH); + + /* read TEST_DATA_LENGTH again to cause the time out */ + size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH, + NULL, &error); + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT); + g_assert_cmpint (size, ==, -1); + g_clear_error (&error); + + /* write after a timeout, session should still be valid */ + size = g_output_stream_write (output_stream, TEST_DATA, TEST_DATA_LENGTH, + NULL, &error); + g_assert_no_error (error); + g_assert_cmpint (size, ==, TEST_DATA_LENGTH); + + g_main_loop_quit (test->loop); +} + +static void +test_connection_read_time_out_write (TestConnection *test, + gconstpointer data) +{ + GSocketClient *client; + GTlsCertificateFlags flags; + GSocketConnection *connection; + GIOStream *base; + GError *error = NULL; + + /* Don't close the server connection after writing TEST_DATA. */ + start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, FALSE); + client = g_socket_client_new (); + /* Set a 1 second time out on the socket */ + g_socket_client_set_timeout (client, 1); + g_socket_client_set_tls (client, TRUE); + flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA; + /* test->address doesn't match the server's cert */ + flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY; + g_socket_client_set_tls_validation_flags (client, flags); + + g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address), + NULL, socket_client_timed_out_write, test); + + g_main_loop_run (test->loop); + + /* Close the server now */ + close_server_connection (test); + + connection = (GSocketConnection *)test->client_connection; + test->client_connection = NULL; + + g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection)); + base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection)); + g_assert (G_IS_TLS_CONNECTION (base)); + + g_io_stream_close (G_IO_STREAM (connection), NULL, &error); + g_assert_no_error (error); + g_object_unref (connection); + + g_object_unref (client); +} + +static void +simul_async_read_complete (GObject *object, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + gssize nread; + GError *error = NULL; + + nread = g_input_stream_read_finish (G_INPUT_STREAM (object), + result, &error); + g_assert_no_error (error); + + test->nread += nread; + g_assert_cmpint (test->nread, <=, TEST_DATA_LENGTH); + + if (test->nread == TEST_DATA_LENGTH) + { + g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); + g_main_loop_quit (test->loop); + } + else + { + g_input_stream_read_async (G_INPUT_STREAM (object), + test->buf + test->nread, + TEST_DATA_LENGTH / 2, + G_PRIORITY_DEFAULT, NULL, + simul_async_read_complete, test); + } +} + +static void +simul_async_write_complete (GObject *object, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + gssize nwrote; + GError *error = NULL; + + nwrote = g_output_stream_write_finish (G_OUTPUT_STREAM (object), + result, &error); + g_assert_no_error (error); + + test->nwrote += nwrote; + if (test->nwrote < TEST_DATA_LENGTH) + { + g_output_stream_write_async (G_OUTPUT_STREAM (object), + TEST_DATA + test->nwrote, + TEST_DATA_LENGTH - test->nwrote, + G_PRIORITY_DEFAULT, NULL, + simul_async_write_complete, test); + } +} + +static void +test_simultaneous_async (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GTlsCertificateFlags flags; + GError *error = NULL; + + connection = start_echo_server_and_connect_to_it (test); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + flags = G_TLS_CERTIFICATE_VALIDATE_ALL & + ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY); + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + flags); + + memset (test->buf, 0, sizeof (test->buf)); + test->nread = test->nwrote = 0; + + g_input_stream_read_async (g_io_stream_get_input_stream (test->client_connection), + test->buf, TEST_DATA_LENGTH / 2, + G_PRIORITY_DEFAULT, NULL, + simul_async_read_complete, test); + g_output_stream_write_async (g_io_stream_get_output_stream (test->client_connection), + TEST_DATA, TEST_DATA_LENGTH / 2, + G_PRIORITY_DEFAULT, NULL, + simul_async_write_complete, test); + + g_main_loop_run (test->loop); + + g_assert_cmpint (test->nread, ==, TEST_DATA_LENGTH); + g_assert_cmpint (test->nwrote, ==, TEST_DATA_LENGTH); + g_assert_cmpstr (test->buf, ==, TEST_DATA); +} + +static gboolean +check_gnutls_has_rehandshaking_bug (void) +{ + const char *version = gnutls_check_version (NULL); + + return (!strcmp (version, "3.1.27") || + !strcmp (version, "3.1.28") || + !strcmp (version, "3.2.19") || + !strcmp (version, "3.3.8") || + !strcmp (version, "3.3.9") || + !strcmp (version, "3.3.10") || + !strcmp (version, "3.6.1") || + !strcmp (version, "3.6.2")); +} + +static void +test_simultaneous_async_rehandshake (TestConnection *test, + gconstpointer data) +{ + if (check_gnutls_has_rehandshaking_bug ()) + { + g_test_skip ("test would fail due to https://bugzilla.gnome.org/show_bug.cgi?id=794286#c13"); + return; + } + + test->rehandshake = TRUE; + test_simultaneous_async (test, data); +} + +static gpointer +simul_read_thread (gpointer user_data) +{ + TestConnection *test = user_data; + GInputStream *istream = g_io_stream_get_input_stream (test->client_connection); + GError *error = NULL; + gssize nread; + + while (test->nread < TEST_DATA_LENGTH) + { + nread = g_input_stream_read (istream, + test->buf + test->nread, + MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nread), + NULL, &error); + g_assert_no_error (error); + + test->nread += nread; + } + + return NULL; +} + +static gpointer +simul_write_thread (gpointer user_data) +{ + TestConnection *test = user_data; + GOutputStream *ostream = g_io_stream_get_output_stream (test->client_connection); + GError *error = NULL; + gssize nwrote; + + while (test->nwrote < TEST_DATA_LENGTH) + { + nwrote = g_output_stream_write (ostream, + TEST_DATA + test->nwrote, + MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nwrote), + NULL, &error); + g_assert_no_error (error); + + test->nwrote += nwrote; + } + + return NULL; +} + +static void +test_simultaneous_sync (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GTlsCertificateFlags flags; + GError *error = NULL; + GThread *read_thread, *write_thread; + + connection = start_echo_server_and_connect_to_it (test); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + flags = G_TLS_CERTIFICATE_VALIDATE_ALL & + ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY); + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + flags); + + memset (test->buf, 0, sizeof (test->buf)); + test->nread = test->nwrote = 0; + + read_thread = g_thread_new ("reader", simul_read_thread, test); + write_thread = g_thread_new ("writer", simul_write_thread, test); + + /* We need to run the main loop to get the GThreadedSocketService to + * receive the connection and spawn the server thread. + */ + while (!test->server_connection) + g_main_context_iteration (NULL, FALSE); + + g_thread_join (write_thread); + g_thread_join (read_thread); + + g_assert_cmpint (test->nread, ==, TEST_DATA_LENGTH); + g_assert_cmpint (test->nwrote, ==, TEST_DATA_LENGTH); + g_assert_cmpstr (test->buf, ==, TEST_DATA); + + g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); +} + +static void +test_simultaneous_sync_rehandshake (TestConnection *test, + gconstpointer data) +{ + if (check_gnutls_has_rehandshaking_bug ()) + { + g_test_skip ("test would fail due to https://bugzilla.gnome.org/show_bug.cgi?id=794286#c13"); + return; + } + + test->rehandshake = TRUE; + test_simultaneous_sync (test, data); +} + +static void +test_close_immediately (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + /* + * At this point the server won't get a chance to run. But regardless + * closing should not wait on the server, trying to handshake or something. + */ + g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); +} + +static void +quit_loop_on_notify (GObject *obj, + GParamSpec *spec, + gpointer user_data) +{ + GMainLoop *loop = user_data; + + g_main_loop_quit (loop); +} + +static void +handshake_completed (GObject *object, + GAsyncResult *result, + gpointer user_data) +{ + gboolean *complete = user_data; + + *complete = TRUE; + return; +} + +static void +test_close_during_handshake (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GMainContext *context; + GMainLoop *loop; + gboolean handshake_complete = FALSE; + + g_test_bug ("688751"); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE); + test->expect_server_error = TRUE; + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + loop = g_main_loop_new (NULL, FALSE); + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (quit_loop_on_notify), loop); + + context = g_main_context_new (); + g_main_context_push_thread_default (context); + g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection), + G_PRIORITY_DEFAULT, NULL, + handshake_completed, &handshake_complete); + g_main_context_pop_thread_default (context); + + /* Now run the (default GMainContext) loop, which is needed for + * the server side of things. The client-side handshake will run in + * a thread, but its callback will never be invoked because its + * context isn't running. + */ + g_main_loop_run (loop); + g_main_loop_unref (loop); + + /* At this point handshake_thread() has started (and maybe + * finished), but handshake_thread_completed() (and thus + * finish_handshake()) has not yet run. Make sure close doesn't + * block. + */ + g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); + + /* We have to let the handshake_async() call finish now, or + * teardown_connection() will assert. + */ + while (!handshake_complete) + g_main_context_iteration (context, TRUE); + g_main_context_unref (context); +} + +static void +test_output_stream_close_during_handshake (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GMainContext *context; + GMainLoop *loop; + gboolean handshake_complete = FALSE; + + g_test_bug ("688751"); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + loop = g_main_loop_new (NULL, FALSE); + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (quit_loop_on_notify), loop); + + context = g_main_context_new (); + g_main_context_push_thread_default (context); + g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection), + G_PRIORITY_DEFAULT, NULL, + handshake_completed, &handshake_complete); + g_main_context_pop_thread_default (context); + + /* Now run the (default GMainContext) loop, which is needed for + * the server side of things. The client-side handshake will run in + * a thread, but its callback will never be invoked because its + * context isn't running. + */ + g_main_loop_run (loop); + g_main_loop_unref (loop); + + /* At this point handshake_thread() has started (and maybe + * finished), but handshake_thread_completed() (and thus + * finish_handshake()) has not yet run. Make sure close doesn't + * block. + */ + g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), NULL, &error); + g_assert_no_error (error); + + /* We have to let the handshake_async() call finish now, or + * teardown_connection() will assert. + */ + while (!handshake_complete) + g_main_context_iteration (context, TRUE); + g_main_context_unref (context); +} + + +static void +test_write_during_handshake (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + GMainContext *context; + GMainLoop *loop; + GOutputStream *ostream; + gboolean handshake_complete = FALSE; + + g_test_bug ("697754"); + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + loop = g_main_loop_new (NULL, FALSE); + g_signal_connect (test->client_connection, "notify::accepted-cas", + G_CALLBACK (quit_loop_on_notify), loop); + + context = g_main_context_new (); + g_main_context_push_thread_default (context); + g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection), + G_PRIORITY_DEFAULT, NULL, + handshake_completed, &handshake_complete); + g_main_context_pop_thread_default (context); + + /* Now run the (default GMainContext) loop, which is needed for + * the server side of things. The client-side handshake will run in + * a thread, but its callback will never be invoked because its + * context isn't running. + */ + g_main_loop_run (loop); + g_main_loop_unref (loop); + + /* At this point handshake_thread() has started (and maybe + * finished), but handshake_thread_completed() (and thus + * finish_handshake()) has not yet run. Make sure close doesn't + * block. + */ + + ostream = g_io_stream_get_output_stream (test->client_connection); + g_output_stream_write (ostream, TEST_DATA, TEST_DATA_LENGTH, + G_PRIORITY_DEFAULT, &error); + g_assert_no_error (error); + + /* We have to let the handshake_async() call finish now, or + * teardown_connection() will assert. + */ + while (!handshake_complete) + g_main_context_iteration (context, TRUE); + g_main_context_unref (context); +} + +static gboolean +async_implicit_handshake_dispatch (GPollableInputStream *stream, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + gchar buffer[TEST_DATA_LENGTH]; + gssize size; + gboolean keep_running; + + size = g_pollable_input_stream_read_nonblocking (stream, buffer, + TEST_DATA_LENGTH, + NULL, &error); + + keep_running = (-1 == size); + + if (keep_running) + { + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK); + g_error_free (error); + } + else + { + g_assert_no_error (error); + g_assert_cmpint (size, ==, TEST_DATA_LENGTH); + g_main_loop_quit (test->loop); + } + + return keep_running; +} + +static void +test_async_implicit_handshake (TestConnection *test, gconstpointer data) +{ + GTlsCertificateFlags flags; + GIOStream *stream; + GInputStream *input_stream; + GSource *input_source; + GError *error = NULL; + + g_test_bug ("710691"); + + stream = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (stream, test->identity, &error); + g_assert_no_error (error); + g_object_unref (stream); + + flags = G_TLS_CERTIFICATE_VALIDATE_ALL & + ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY); + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + flags); + + /** + * Create a source from the client's input stream. The dispatch + * callback will be called a first time, which will perform a + * non-blocking read triggering the asynchronous implicit + * handshaking. + */ + input_stream = g_io_stream_get_input_stream (test->client_connection); + input_source = + g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (input_stream), + NULL); + + g_source_set_callback (input_source, + (GSourceFunc) async_implicit_handshake_dispatch, + test, NULL); + + g_source_attach (input_source, NULL); + + g_main_loop_run (test->loop); + + g_io_stream_close (G_IO_STREAM (test->client_connection), NULL, &error); + g_assert_no_error (error); + g_object_unref (test->client_connection); + test->client_connection = NULL; +} + +static void +quit_on_handshake_complete (GObject *object, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + + g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error); + g_assert_no_error (error); + + g_main_loop_quit (test->loop); + return; +} + +static void +test_fallback (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GTlsConnection *tlsconn; + GError *error = NULL; + + connection = start_echo_server_and_connect_to_it (test); + test->client_connection = g_tls_client_connection_new (connection, NULL, &error); + g_assert_no_error (error); + tlsconn = G_TLS_CONNECTION (test->client_connection); + g_object_unref (connection); + + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + 0); +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection), + TRUE); +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#endif + g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL, + quit_on_handshake_complete, test); + g_main_loop_run (test->loop); + + /* In 2.42 we don't have the API to test that the correct version was negotiated, + * so we merely test that the connection succeeded at all. + */ + + g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); +} + +static void +test_output_stream_close (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GError *error = NULL; + gboolean ret; + gboolean handshake_complete = FALSE; + gssize size; + + connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE); + test->client_connection = g_tls_client_connection_new (connection, test->identity, &error); + g_assert_no_error (error); + g_object_unref (connection); + + /* No validation at all in this test */ + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + 0); + + g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection), + G_PRIORITY_DEFAULT, NULL, + handshake_completed, &handshake_complete); + + while (!handshake_complete) + g_main_context_iteration (NULL, TRUE); + + ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), + NULL, &error); + g_assert_no_error (error); + g_assert (ret); + + + /* Verify that double close returns TRUE */ + ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), + NULL, &error); + g_assert_no_error (error); + g_assert (ret); + + size = g_output_stream_write (g_io_stream_get_output_stream (test->client_connection), + "data", 4, NULL, &error); + g_assert (size == -1); + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED); + g_clear_error (&error); + + /* We closed the output stream, but not the input stream, so receiving + * data should still work. + */ + read_test_data_async (test); + g_main_loop_run (test->loop); + + g_assert_no_error (test->read_error); + g_assert_no_error (test->server_error); + + ret = g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); + g_assert (ret); +} + +int +main (int argc, + char *argv[]) +{ + int ret; + + g_test_init (&argc, &argv, NULL); + g_test_bug_base ("http://bugzilla.gnome.org/"); + + g_setenv ("GSETTINGS_BACKEND", "memory", TRUE); + g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE); + g_setenv ("GIO_USE_TLS", "gnutls", TRUE); + + g_test_add ("/tls/connection/basic", TestConnection, NULL, + setup_connection, test_basic_connection, teardown_connection); + g_test_add ("/tls/connection/verified", TestConnection, NULL, + setup_connection, test_verified_connection, teardown_connection); + g_test_add ("/tls/connection/verified-chain", TestConnection, NULL, + setup_connection, test_verified_chain, teardown_connection); + g_test_add ("/tls/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL, + setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection); + g_test_add ("/tls/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL, + setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection); + g_test_add ("/tls/connection/verified-unordered-chain", TestConnection, NULL, + setup_connection, test_verified_unordered_chain, teardown_connection); + g_test_add ("/tls/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL, + setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection); + g_test_add ("/tls/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL, + setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection); + g_test_add ("/tls/connection/client-auth", TestConnection, NULL, + setup_connection, test_client_auth_connection, teardown_connection); + g_test_add ("/tls/connection/client-auth-rehandshake", TestConnection, NULL, + setup_connection, test_client_auth_rehandshake, teardown_connection); + g_test_add ("/tls/connection/client-auth-failure", TestConnection, NULL, + setup_connection, test_client_auth_failure, teardown_connection); + g_test_add ("/tls/connection/client-auth-request-cert", TestConnection, NULL, + setup_connection, test_client_auth_request_cert, teardown_connection); + g_test_add ("/tls/connection/client-auth-request-fail", TestConnection, NULL, + setup_connection, test_client_auth_request_fail, teardown_connection); + g_test_add ("/tls/connection/no-database", TestConnection, NULL, + setup_connection, test_connection_no_database, teardown_connection); + g_test_add ("/tls/connection/failed", TestConnection, NULL, + setup_connection, test_failed_connection, teardown_connection); + g_test_add ("/tls/connection/socket-client", TestConnection, NULL, + setup_connection, test_connection_socket_client, teardown_connection); + g_test_add ("/tls/connection/socket-client-failed", TestConnection, NULL, + setup_connection, test_connection_socket_client_failed, teardown_connection); + g_test_add ("/tls/connection/read-time-out-then-write", TestConnection, NULL, + setup_connection, test_connection_read_time_out_write, teardown_connection); + g_test_add ("/tls/connection/simultaneous-async", TestConnection, NULL, + setup_connection, test_simultaneous_async, teardown_connection); + g_test_add ("/tls/connection/simultaneous-sync", TestConnection, NULL, + setup_connection, test_simultaneous_sync, teardown_connection); + g_test_add ("/tls/connection/simultaneous-async-rehandshake", TestConnection, NULL, + setup_connection, test_simultaneous_async_rehandshake, teardown_connection); + g_test_add ("/tls/connection/simultaneous-sync-rehandshake", TestConnection, NULL, + setup_connection, test_simultaneous_sync_rehandshake, teardown_connection); + g_test_add ("/tls/connection/close-immediately", TestConnection, NULL, + setup_connection, test_close_immediately, teardown_connection); + g_test_add ("/tls/connection/close-during-handshake", TestConnection, NULL, + setup_connection, test_close_during_handshake, teardown_connection); + g_test_add ("/tls/connection/close-output-stream-during-handshake", TestConnection, NULL, + setup_connection, test_output_stream_close_during_handshake, teardown_connection); + g_test_add ("/tls/connection/write-during-handshake", TestConnection, NULL, + setup_connection, test_write_during_handshake, teardown_connection); + g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL, + setup_connection, test_async_implicit_handshake, teardown_connection); + g_test_add ("/tls/connection/output-stream-close", TestConnection, NULL, + setup_connection, test_output_stream_close, teardown_connection); + g_test_add ("/tls/connection/fallback", TestConnection, NULL, + setup_connection, test_fallback, teardown_connection); + + ret = g_test_run(); + + /* for valgrinding */ + g_main_context_unref (g_main_context_default ()); + + return ret; +} diff --git a/tls/tests/dtls-connection.c b/tls/tests/dtls-connection.c new file mode 100644 index 0000000..acd7fba --- /dev/null +++ b/tls/tests/dtls-connection.c @@ -0,0 +1,816 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright 2011, 2015, 2016 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + * Philip Withnall + */ + +#include "config.h" + +#include "mock-interaction.h" + +#include +#include + +#include +#include + +static const gchar * +tls_test_file_path (const char *name) +{ + const gchar *const_path; + gchar *path; + + path = g_test_build_filename (G_TEST_DIST, "files", name, NULL); + if (!g_path_is_absolute (path)) + { + gchar *cwd, *abs; + + cwd = g_get_current_dir (); + abs = g_build_filename (cwd, path, NULL); + g_free (cwd); + g_free (path); + path = abs; + } + + const_path = g_intern_string (path); + g_free (path); + return const_path; +} + +#define TEST_DATA "You win again, gravity!\n" +#define TEST_DATA_LENGTH 24 + +/* Static test parameters. */ +typedef struct { + gint64 server_timeout; /* microseconds */ + gint64 client_timeout; /* microseconds */ + gboolean server_should_disappear; /* whether the server should stop responding before sending a message */ + gboolean server_should_close; /* whether the server should close gracefully once it’s sent a message */ + GTlsAuthenticationMode auth_mode; +} TestData; + +typedef struct { + const TestData *test_data; + + GMainContext *client_context; + GMainContext *server_context; + gboolean loop_finished; + GSocket *server_socket; + GSource *server_source; + GTlsDatabase *database; + GDatagramBased *server_connection; + GDatagramBased *client_connection; + GSocketConnectable *identity; + GSocketAddress *address; + gboolean rehandshake; + GTlsCertificateFlags accept_flags; + GError *read_error; + gboolean expect_server_error; + GError *server_error; + gboolean server_running; + + char buf[128]; + gssize nread, nwrote; +} TestConnection; + +static void +setup_connection (TestConnection *test, gconstpointer data) +{ + test->test_data = data; + + test->client_context = g_main_context_default (); + test->loop_finished = FALSE; +} + +/* Waits about 10 seconds for @var to be NULL/FALSE */ +#define WAIT_UNTIL_UNSET(var) \ + if (var) \ + { \ + int i; \ + \ + for (i = 0; i < 13 && (var); i++) \ + { \ + g_usleep (1000 * (1 << i)); \ + g_main_context_iteration (NULL, FALSE); \ + } \ + \ + g_assert (!(var)); \ + } + +static void +teardown_connection (TestConnection *test, gconstpointer data) +{ + GError *error = NULL; + + if (test->server_source) + { + g_source_destroy (test->server_source); + g_source_unref (test->server_source); + test->server_source = NULL; + } + + if (test->server_connection) + { + WAIT_UNTIL_UNSET (test->server_running); + + g_object_add_weak_pointer (G_OBJECT (test->server_connection), + (gpointer *)&test->server_connection); + g_object_unref (test->server_connection); + WAIT_UNTIL_UNSET (test->server_connection); + } + + if (test->server_socket) + { + g_socket_close (test->server_socket, &error); + g_assert_no_error (error); + + /* The outstanding accept_async will hold a ref on test->server_socket, + * which we want to wait for it to release if we're valgrinding. + */ + g_object_add_weak_pointer (G_OBJECT (test->server_socket), (gpointer *)&test->server_socket); + g_object_unref (test->server_socket); + WAIT_UNTIL_UNSET (test->server_socket); + } + + if (test->client_connection) + { + g_object_add_weak_pointer (G_OBJECT (test->client_connection), + (gpointer *)&test->client_connection); + g_object_unref (test->client_connection); + WAIT_UNTIL_UNSET (test->client_connection); + } + + if (test->database) + { + g_object_add_weak_pointer (G_OBJECT (test->database), + (gpointer *)&test->database); + g_object_unref (test->database); + WAIT_UNTIL_UNSET (test->database); + } + + g_clear_object (&test->address); + g_clear_object (&test->identity); + g_clear_error (&test->read_error); + g_clear_error (&test->server_error); +} + +static void +start_server (TestConnection *test) +{ + GInetAddress *inet; + GSocketAddress *addr; + GInetSocketAddress *iaddr; + GSocket *socket = NULL; + GError *error = NULL; + + inet = g_inet_address_new_from_string ("127.0.0.1"); + addr = g_inet_socket_address_new (inet, 0); + g_object_unref (inet); + + socket = g_socket_new (G_SOCKET_FAMILY_IPV4, G_SOCKET_TYPE_DATAGRAM, + G_SOCKET_PROTOCOL_UDP, &error); + g_assert_no_error (error); + + g_socket_bind (socket, addr, FALSE, &error); + g_assert_no_error (error); + + test->address = g_socket_get_local_address (socket, &error); + g_assert_no_error (error); + + g_object_unref (addr); + + /* The hostname in test->identity matches the server certificate. */ + iaddr = G_INET_SOCKET_ADDRESS (test->address); + test->identity = g_network_address_new ("server.example.com", + g_inet_socket_address_get_port (iaddr)); + + test->server_socket = socket; + test->server_running = TRUE; +} + +static gboolean +on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert, + GTlsCertificateFlags errors, gpointer user_data) +{ + TestConnection *test = user_data; + return errors == test->accept_flags; +} + +static void close_server_connection (TestConnection *test, + gboolean graceful); + +static void +on_rehandshake_finish (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + GOutputVector vectors[2] = { + { TEST_DATA + TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH / 4 }, + { TEST_DATA + 3 * TEST_DATA_LENGTH / 4, TEST_DATA_LENGTH / 4}, + }; + GOutputMessage message = { NULL, vectors, G_N_ELEMENTS (vectors), 0, NULL, 0 }; + gint n_sent; + + g_dtls_connection_handshake_finish (G_DTLS_CONNECTION (object), res, &error); + g_assert_no_error (error); + + do + { + g_clear_error (&test->server_error); + n_sent = g_datagram_based_send_messages (test->server_connection, + &message, 1, + G_SOCKET_MSG_NONE, 0, NULL, + &test->server_error); + g_main_context_iteration (NULL, FALSE); + } + while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)); + + if (!test->server_error) + { + g_assert_cmpint (n_sent, ==, 1); + g_assert_cmpuint (message.bytes_sent, ==, TEST_DATA_LENGTH / 2); + } + + if (!test->server_error && test->rehandshake) + { + test->rehandshake = FALSE; + g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection), + G_PRIORITY_DEFAULT, NULL, + on_rehandshake_finish, test); + return; + } + + if (test->test_data->server_should_close) + close_server_connection (test, TRUE); +} + +static void +on_rehandshake_finish_threaded (GObject *object, + GAsyncResult *res, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + GOutputVector vectors[2] = { + { TEST_DATA + TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH / 4 }, + { TEST_DATA + 3 * TEST_DATA_LENGTH / 4, TEST_DATA_LENGTH / 4}, + }; + GOutputMessage message = { NULL, vectors, G_N_ELEMENTS (vectors), 0, NULL, 0 }; + gint n_sent; + + g_dtls_connection_handshake_finish (G_DTLS_CONNECTION (object), res, &error); + g_assert_no_error (error); + + do + { + g_clear_error (&test->server_error); + n_sent = g_datagram_based_send_messages (test->server_connection, + &message, 1, + G_SOCKET_MSG_NONE, 0, NULL, + &test->server_error); + g_main_context_iteration (NULL, FALSE); + } + while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)); + + if (!test->server_error) + { + g_assert_cmpint (n_sent, ==, 1); + g_assert_cmpuint (message.bytes_sent, ==, TEST_DATA_LENGTH / 2); + } + + if (!test->server_error && test->rehandshake) + { + test->rehandshake = FALSE; + g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection), + G_PRIORITY_DEFAULT, NULL, + on_rehandshake_finish_threaded, test); + return; + } + + if (test->test_data->server_should_close) + close_server_connection (test, TRUE); +} + +static void +close_server_connection (TestConnection *test, + gboolean graceful) +{ + GError *error = NULL; + + if (graceful) + g_dtls_connection_close (G_DTLS_CONNECTION (test->server_connection), + NULL, &error); + + /* Clear pending dispatches from the context. */ + while (g_main_context_iteration (test->server_context, FALSE)); + + if (graceful && test->expect_server_error) + g_assert (error != NULL); + else if (graceful) + g_assert_no_error (error); + + test->server_running = FALSE; +} + +static gboolean +on_incoming_connection (GSocket *socket, + GIOCondition condition, + gpointer user_data) +{ + TestConnection *test = user_data; + GTlsCertificate *cert; + GError *error = NULL; + GOutputVector vector = { + TEST_DATA, + test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH + }; + GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 }; + gint n_sent; + GSocketAddress *addr = NULL; /* owned */ + guint8 databuf[65536]; + GInputVector vec = {databuf, sizeof (databuf)}; + gint flags = G_SOCKET_MSG_PEEK; + gssize ret; + + /* Ignore this if the source has already been destroyed. */ + if (g_source_is_destroyed (test->server_source)) + return G_SOURCE_REMOVE; + + /* Remove the source as the first thing. */ + g_source_destroy (test->server_source); + g_source_unref (test->server_source); + test->server_source = NULL; + + /* Peek at the incoming packet to get the peer’s address. */ + ret = g_socket_receive_message (socket, &addr, &vec, 1, NULL, NULL, + &flags, NULL, NULL); + + if (ret <= 0) + return G_SOURCE_REMOVE; + + if (!g_socket_connect (socket, addr, NULL, NULL)) + { + g_object_unref (addr); + return G_SOURCE_CONTINUE; + } + + g_clear_object (&addr); + + /* Wrap the socket in a GDtlsServerConnection. */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error); + g_assert_no_error (error); + + test->server_connection = g_dtls_server_connection_new (G_DATAGRAM_BASED (socket), + cert, &error); + g_debug ("%s: Server connection %p on socket %p", G_STRFUNC, test->server_connection, socket); + g_assert_no_error (error); + g_object_unref (cert); + + g_object_set (test->server_connection, "authentication-mode", + test->test_data->auth_mode, NULL); + g_signal_connect (test->server_connection, "accept-certificate", + G_CALLBACK (on_accept_certificate), test); + + if (test->database) + g_dtls_connection_set_database (G_DTLS_CONNECTION (test->server_connection), test->database); + + if (test->test_data->server_should_disappear) + { + close_server_connection (test, FALSE); + return G_SOURCE_REMOVE; + } + + do + { + g_clear_error (&test->server_error); + n_sent = g_datagram_based_send_messages (test->server_connection, + &message, 1, + G_SOCKET_MSG_NONE, 0, NULL, + &test->server_error); + g_main_context_iteration (NULL, FALSE); + } + while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)); + + if (!test->server_error) + { + g_assert_cmpint (n_sent, ==, 1); + g_assert_cmpuint (message.bytes_sent, ==, vector.size); + } + + if (!test->server_error && test->rehandshake) + { + test->rehandshake = FALSE; + g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection), + G_PRIORITY_DEFAULT, NULL, + on_rehandshake_finish, test); + return G_SOURCE_REMOVE; + } + + if (test->test_data->server_should_close) + close_server_connection (test, TRUE); + + return G_SOURCE_REMOVE; +} + +static gboolean +on_incoming_connection_threaded (GSocket *socket, + GIOCondition condition, + gpointer user_data) +{ + TestConnection *test = user_data; + GTlsCertificate *cert; + GError *error = NULL; + GOutputVector vector = { + TEST_DATA, + test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH + }; + GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 }; + gint n_sent; + GSocketAddress *addr = NULL; /* owned */ + guint8 databuf[65536]; + GInputVector vec = {databuf, sizeof (databuf)}; + gint flags = G_SOCKET_MSG_PEEK; + gssize ret; + + /* Ignore this if the source has already been destroyed. */ + if (g_source_is_destroyed (test->server_source)) + return G_SOURCE_REMOVE; + + /* Remove the source as the first thing. */ + g_source_destroy (test->server_source); + g_source_unref (test->server_source); + test->server_source = NULL; + + /* Peek at the incoming packet to get the peer’s address. */ + ret = g_socket_receive_message (socket, &addr, &vec, 1, NULL, NULL, + &flags, NULL, NULL); + + if (ret <= 0) + return G_SOURCE_REMOVE; + + if (!g_socket_connect (socket, addr, NULL, NULL)) + { + g_object_unref (addr); + return G_SOURCE_CONTINUE; + } + + g_clear_object (&addr); + + /* Wrap the socket in a GDtlsServerConnection. */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error); + g_assert_no_error (error); + + test->server_connection = g_dtls_server_connection_new (G_DATAGRAM_BASED (socket), + cert, &error); + g_debug ("%s: Server connection %p on socket %p", G_STRFUNC, test->server_connection, socket); + g_assert_no_error (error); + g_object_unref (cert); + + g_object_set (test->server_connection, "authentication-mode", + test->test_data->auth_mode, NULL); + g_signal_connect (test->server_connection, "accept-certificate", + G_CALLBACK (on_accept_certificate), test); + + if (test->database) + g_dtls_connection_set_database (G_DTLS_CONNECTION (test->server_connection), test->database); + + if (test->test_data->server_should_disappear) + { + close_server_connection (test, FALSE); + return G_SOURCE_REMOVE; + } + + do + { + g_clear_error (&test->server_error); + n_sent = g_datagram_based_send_messages (test->server_connection, + &message, 1, + G_SOCKET_MSG_NONE, + test->test_data->server_timeout, NULL, + &test->server_error); + g_main_context_iteration (NULL, FALSE); + } + while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)); + + if (!test->server_error) + { + g_assert_cmpint (n_sent, ==, 1); + g_assert_cmpuint (message.bytes_sent, ==, vector.size); + } + + if (!test->server_error && test->rehandshake) + { + test->rehandshake = FALSE; + g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection), + G_PRIORITY_DEFAULT, NULL, + on_rehandshake_finish_threaded, test); + return G_SOURCE_REMOVE; + } + + if (test->test_data->server_should_close) + close_server_connection (test, TRUE); + + return G_SOURCE_REMOVE; +} + +static gpointer +server_service_cb (gpointer user_data) +{ + TestConnection *test = user_data; + + test->server_context = g_main_context_new (); + g_main_context_push_thread_default (test->server_context); + + test->server_source = g_socket_create_source (test->server_socket, G_IO_IN, + NULL); + g_source_set_callback (test->server_source, + (GSourceFunc) on_incoming_connection_threaded, test, NULL); + g_source_attach (test->server_source, test->server_context); + + /* Run the server until it should stop. */ + while (test->server_running) + g_main_context_iteration (test->server_context, TRUE); + + g_main_context_pop_thread_default (test->server_context); + + return NULL; +} + +static void +start_server_service (TestConnection *test, + gboolean threaded) +{ + start_server (test); + + if (threaded) + { + g_thread_new ("dtls-server", server_service_cb, test); + return; + } + + test->server_source = g_socket_create_source (test->server_socket, G_IO_IN, + NULL); + g_source_set_callback (test->server_source, + (GSourceFunc) on_incoming_connection, test, NULL); + g_source_attach (test->server_source, NULL); +} + +static GDatagramBased * +start_server_and_connect_to_it (TestConnection *test, + gboolean threaded) +{ + GError *error = NULL; + GSocket *socket; + + start_server_service (test, threaded); + + socket = g_socket_new (G_SOCKET_FAMILY_IPV4, G_SOCKET_TYPE_DATAGRAM, + G_SOCKET_PROTOCOL_UDP, &error); + g_assert_no_error (error); + + g_socket_connect (socket, test->address, NULL, &error); + g_assert_no_error (error); + + return G_DATAGRAM_BASED (socket); +} + +static void +read_test_data_async (TestConnection *test) +{ + gchar *check; + GError *error = NULL; + guint8 buf[TEST_DATA_LENGTH * 2]; + GInputVector vectors[2] = { + { buf, sizeof (buf) / 2 }, + { buf + sizeof (buf) / 2, sizeof (buf) / 2 }, + }; + GInputMessage message = { NULL, vectors, G_N_ELEMENTS (vectors), 0, 0, NULL, NULL }; + gint n_read; + + do + { + g_clear_error (&test->read_error); + n_read = g_datagram_based_receive_messages (test->client_connection, + &message, 1, + G_SOCKET_MSG_NONE, + test->test_data->client_timeout, + NULL, &test->read_error); + g_main_context_iteration (NULL, FALSE); + } + while (g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)); + + if (!test->read_error) + { + g_assert_cmpint (n_read, ==, 1); + + check = g_strdup (TEST_DATA); + g_assert_cmpuint (strlen (check), ==, message.bytes_received); + g_assert (strncmp (check, (const char *) buf, message.bytes_received) == 0); + g_free (check); + } + + g_dtls_connection_close (G_DTLS_CONNECTION (test->client_connection), + NULL, &error); + g_assert_no_error (error); + + test->loop_finished = TRUE; +} + +/* Test that connecting a client to a server, both using main contexts in the + * same thread, works; and that sending a message from the server to the client + * before shutting down gracefully works. */ +static void +test_basic_connection (TestConnection *test, + gconstpointer data) +{ + GDatagramBased *connection; + GError *error = NULL; + + connection = start_server_and_connect_to_it (test, FALSE); + test->client_connection = g_dtls_client_connection_new (connection, test->identity, &error); + g_debug ("%s: Client connection %p on socket %p", G_STRFUNC, test->client_connection, connection); + g_assert_no_error (error); + g_object_unref (connection); + + /* No validation at all in this test */ + g_dtls_client_connection_set_validation_flags (G_DTLS_CLIENT_CONNECTION (test->client_connection), + 0); + + read_test_data_async (test); + while (!test->loop_finished) + g_main_context_iteration (test->client_context, TRUE); + + g_assert_no_error (test->server_error); + g_assert_no_error (test->read_error); +} + +/* Test that connecting a client to a server, both using separate threads, + * works; and that sending a message from the server to the client before + * shutting down gracefully works. */ +static void +test_threaded_connection (TestConnection *test, + gconstpointer data) +{ + GDatagramBased *connection; + GError *error = NULL; + + connection = start_server_and_connect_to_it (test, TRUE); + test->client_connection = g_dtls_client_connection_new (connection, test->identity, &error); + g_debug ("%s: Client connection %p on socket %p", G_STRFUNC, test->client_connection, connection); + g_assert_no_error (error); + g_object_unref (connection); + + /* No validation at all in this test */ + g_dtls_client_connection_set_validation_flags (G_DTLS_CLIENT_CONNECTION (test->client_connection), + 0); + + read_test_data_async (test); + while (!test->loop_finished) + g_main_context_iteration (test->client_context, TRUE); + + g_assert_no_error (test->server_error); + g_assert_no_error (test->read_error); +} + +/* Test that a client can successfully connect to a server, then the server + * disappears, and when the client tries to read from it, the client hits a + * timeout error (rather than blocking indefinitely or returning another + * error). */ +static void +test_connection_timeouts_read (TestConnection *test, + gconstpointer data) +{ + GDatagramBased *connection; + GError *error = NULL; + + connection = start_server_and_connect_to_it (test, TRUE); + test->client_connection = g_dtls_client_connection_new (connection, + test->identity, &error); + g_debug ("%s: Client connection %p on socket %p", G_STRFUNC, + test->client_connection, connection); + g_assert_no_error (error); + g_object_unref (connection); + + /* No validation at all in this test */ + g_dtls_client_connection_set_validation_flags (G_DTLS_CLIENT_CONNECTION (test->client_connection), + 0); + + read_test_data_async (test); + while (!test->loop_finished) + g_main_context_iteration (test->client_context, TRUE); + + g_assert_no_error (test->server_error); + g_assert_error (test->read_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT); +} + +int +main (int argc, + char *argv[]) +{ + const TestData blocking = { + -1, /* server_timeout */ + 0, /* client_timeout */ + FALSE, /* server_should_disappear */ + TRUE, /* server_should_close */ + G_TLS_AUTHENTICATION_NONE, /* auth_mode */ + }; + const TestData server_timeout = { + 1000 * G_USEC_PER_SEC, /* server_timeout */ + 0, /* client_timeout */ + FALSE, /* server_should_disappear */ + TRUE, /* server_should_close */ + G_TLS_AUTHENTICATION_NONE, /* auth_mode */ + }; + const TestData nonblocking = { + 0, /* server_timeout */ + 0, /* client_timeout */ + FALSE, /* server_should_disappear */ + TRUE, /* server_should_close */ + G_TLS_AUTHENTICATION_NONE, /* auth_mode */ + }; + const TestData client_timeout = { + 0, /* server_timeout */ + 0.5 * G_USEC_PER_SEC, /* client_timeout */ + TRUE, /* server_should_disappear */ + TRUE, /* server_should_close */ + G_TLS_AUTHENTICATION_NONE, /* auth_mode */ + }; + int ret; + int i; + + /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY + * appropriately if so. + */ + for (i = 1; i < argc - 1; i++) + { + if (!strcmp (argv[i], "-p")) + { + const char *priority = argv[i + 1]; + + priority = strrchr (priority, '/'); + if (priority++ && + (g_str_has_prefix (priority, "NORMAL:") || + g_str_has_prefix (priority, "NONE:"))) + g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE); + break; + } + } + + g_test_init (&argc, &argv, NULL); + g_test_bug_base ("http://bugzilla.gnome.org/"); + + g_setenv ("GSETTINGS_BACKEND", "memory", TRUE); + g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE); + g_setenv ("GIO_USE_TLS", "gnutls", TRUE); + + g_test_add ("/dtls/connection/basic/blocking", TestConnection, &blocking, + setup_connection, test_basic_connection, teardown_connection); + g_test_add ("/dtls/connection/basic/timeout", TestConnection, &server_timeout, + setup_connection, test_basic_connection, teardown_connection); + g_test_add ("/dtls/connection/basic/nonblocking", + TestConnection, &nonblocking, + setup_connection, test_basic_connection, teardown_connection); + + g_test_add ("/dtls/connection/threaded/blocking", TestConnection, &blocking, + setup_connection, test_threaded_connection, teardown_connection); + g_test_add ("/dtls/connection/threaded/timeout", + TestConnection, &server_timeout, + setup_connection, test_threaded_connection, teardown_connection); + g_test_add ("/dtls/connection/threaded/nonblocking", + TestConnection, &nonblocking, + setup_connection, test_threaded_connection, teardown_connection); + + g_test_add ("/dtls/connection/timeouts/read", TestConnection, &client_timeout, + setup_connection, test_connection_timeouts_read, + teardown_connection); + + ret = g_test_run (); + + /* for valgrinding */ + g_main_context_unref (g_main_context_default ()); + + return ret; +} diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c new file mode 100644 index 0000000..b8c2cdb --- /dev/null +++ b/tls/tests/file-database.c @@ -0,0 +1,580 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include + +#include "gnutls/gtlscertificate-gnutls.h" + +#include +#include + +static const gchar * +tls_test_file_path (const char *name) +{ + const gchar *const_path; + gchar *path; + + path = g_test_build_filename (G_TEST_DIST, "files", name, NULL); + if (!g_path_is_absolute (path)) + { + gchar *cwd, *abs; + + cwd = g_get_current_dir (); + abs = g_build_filename (cwd, path, NULL); + g_free (cwd); + g_free (path); + path = abs; + } + + const_path = g_intern_string (path); + g_free (path); + return const_path; +} + +/* ----------------------------------------------------------------------------- + * CERTIFICATE VERIFY + */ + +typedef struct { + GTlsCertificate *cert; + GSocketConnectable *identity; + GTlsDatabase *database; +} TestVerify; + +static void +setup_verify (TestVerify *test, + gconstpointer data) +{ + GError *error = NULL; + + test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (test->cert)); + + test->identity = g_network_address_new ("server.example.com", 80); + + test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_DATABASE (test->database)); +} + +static void +teardown_verify (TestVerify *test, + gconstpointer data) +{ + g_assert (G_IS_TLS_CERTIFICATE (test->cert)); + g_object_add_weak_pointer (G_OBJECT (test->cert), + (gpointer *)&test->cert); + g_object_unref (test->cert); + g_assert (test->cert == NULL); + + g_assert (G_IS_TLS_DATABASE (test->database)); + g_object_add_weak_pointer (G_OBJECT (test->database), + (gpointer *)&test->database); + g_object_unref (test->database); + g_assert (test->database == NULL); + + g_object_add_weak_pointer (G_OBJECT (test->identity), + (gpointer *)&test->identity); + g_object_unref (test->identity); + g_assert (test->identity == NULL); +} + +static void +test_verify_database_good (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GError *error = NULL; + + errors = g_tls_database_verify_chain (test->database, test->cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + test->identity, NULL, 0, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (errors, ==, 0); + + errors = g_tls_database_verify_chain (test->database, test->cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + NULL, NULL, 0, NULL, &error); + g_assert_cmpuint (errors, ==, 0); +} + +static void +test_verify_database_bad_identity (TestVerify *test, + gconstpointer data) +{ + GSocketConnectable *identity; + GTlsCertificateFlags errors; + GError *error = NULL; + + identity = g_network_address_new ("other.example.com", 80); + + errors = g_tls_database_verify_chain (test->database, test->cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + identity, NULL, 0, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY); + + g_object_unref (identity); +} + +static void +test_verify_database_bad_ca (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GTlsCertificate *cert; + GError *error = NULL; + + /* Use another certificate which isn't in our CA list */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + errors = g_tls_database_verify_chain (test->database, cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + test->identity, NULL, 0, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA); + + g_object_unref (cert); +} + +static void +test_verify_database_bad_before (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GTlsCertificate *cert; + GError *error = NULL; + + /* This is a certificate in the future */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + errors = g_tls_database_verify_chain (test->database, cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + NULL, NULL, 0, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_NOT_ACTIVATED); + + g_object_unref (cert); +} + +static void +test_verify_database_bad_expired (TestVerify *test, + gconstpointer data) +{ + GTlsCertificateFlags errors; + GTlsCertificate *cert; + GError *error = NULL; + + /* This is a certificate in the future */ + cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + errors = g_tls_database_verify_chain (test->database, cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + NULL, NULL, 0, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_EXPIRED); + + g_object_unref (cert); +} + +static void +test_verify_database_bad_combo (TestVerify *test, + gconstpointer data) +{ + GTlsCertificate *cert; + GSocketConnectable *identity; + GTlsCertificateFlags errors; + GError *error = NULL; + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + /* + * - Use is self signed + * - Use wrong identity. + */ + + identity = g_network_address_new ("other.example.com", 80); + + errors = g_tls_database_verify_chain (test->database, cert, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + identity, NULL, 0, NULL, &error); + g_assert_no_error (error); + g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA | + G_TLS_CERTIFICATE_BAD_IDENTITY); + + g_object_unref (cert); + g_object_unref (identity); +} + +static GTlsCertificate * +load_certificate_chain (const char *filename, + GError **error) +{ + GList *certificates; + GTlsCertificate *chain = NULL, *prev_chain = NULL; + GTlsBackend *backend; + GByteArray *der; + GList *l; + + certificates = g_tls_certificate_list_new_from_file (filename, error); + if (certificates == NULL) + return NULL; + + backend = g_tls_backend_get_default (); + certificates = g_list_reverse (certificates); + for (l = certificates; l != NULL; l = g_list_next (l)) + { + prev_chain = chain; + g_object_get (l->data, "certificate", &der, NULL); + chain = g_object_new (g_tls_backend_get_certificate_type (backend), + "certificate", der, + "issuer", prev_chain, + NULL); + g_byte_array_unref (der); + g_clear_object (&prev_chain); + } + + g_list_free_full (certificates, g_object_unref); + return chain; +} + +static gboolean +is_certificate_in_chain (GTlsCertificate *chain, + GTlsCertificate *cert) +{ + while (chain != NULL) + { + if (g_tls_certificate_is_same (chain, cert)) + return TRUE; + chain = g_tls_certificate_get_issuer (chain); + } + + return FALSE; +} + +static void +test_verify_with_incorrect_root_in_chain (void) +{ + GTlsCertificate *ca_verisign_sha1; + GTlsDatabase *database; + GError *error = NULL; + GTlsCertificate *chain; + GSocketConnectable *identity; + GTlsCertificateFlags errors; + + /* + * This database contains a single anchor certificate of: + * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority + */ + database = g_tls_file_database_new (tls_test_file_path ("ca-verisign-sha1.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_DATABASE (database)); + + ca_verisign_sha1 = g_tls_certificate_new_from_file (tls_test_file_path ("ca-verisign-sha1.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1)); + + /* + * This certificate chain contains a root certificate with that same issuer, public key: + * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority + * + * But it is not the same certificate in our database. However our database should + * verify this chain as valid, since the issuer fields and signatures should chain up + * to the certificate in our database. + */ + chain = load_certificate_chain (tls_test_file_path ("chain-with-verisign-md2.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (chain)); + + g_assert (g_tls_certificate_get_issuer (chain) != NULL); + g_assert (g_tls_certificate_get_issuer (g_tls_certificate_get_issuer (chain)) != NULL); + g_assert (is_certificate_in_chain (chain, chain)); + g_assert (!is_certificate_in_chain (chain, ca_verisign_sha1)); + + + identity = g_network_address_new ("secure-test.streamline-esolutions.com", 443); + + errors = g_tls_database_verify_chain (database, chain, + G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER, + identity, NULL, 0, NULL, &error); + g_assert_no_error (error); + errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */ + errors &= ~G_TLS_CERTIFICATE_INSECURE; /* allow MD2 */ + g_assert_cmpuint (errors, ==, 0); + + g_object_unref (chain); + g_object_unref (ca_verisign_sha1); + g_object_unref (identity); + g_object_unref (database); +} + +/* ----------------------------------------------------------------------------- + * FILE DATABASE + */ + +typedef struct { + GTlsDatabase *database; + const gchar *path; +} TestFileDatabase; + +static void +setup_file_database (TestFileDatabase *test, + gconstpointer data) +{ + GError *error = NULL; + + test->path = tls_test_file_path ("ca-roots.pem"); + test->database = g_tls_file_database_new (test->path, &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_DATABASE (test->database)); +} + +static void +teardown_file_database (TestFileDatabase *test, + gconstpointer data) +{ + g_assert (G_IS_TLS_DATABASE (test->database)); + g_object_add_weak_pointer (G_OBJECT (test->database), + (gpointer *)&test->database); + g_object_unref (test->database); + g_assert (test->database == NULL); +} + +static void +test_file_database_handle (TestFileDatabase *test, + gconstpointer unused) +{ + GTlsCertificate *certificate; + GTlsCertificate *check; + GError *error = NULL; + gchar *handle; + + /* + * ca.pem is in the ca-roots.pem that the test->database represents. + * So it should be able to create a handle for it and treat it as if it + * is 'in' the database. + */ + + certificate = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (certificate)); + + handle = g_tls_database_create_certificate_handle (test->database, certificate); + g_assert (handle != NULL); + g_assert (g_str_has_prefix (handle, "file:///")); + + check = g_tls_database_lookup_certificate_for_handle (test->database, handle, + NULL, G_TLS_DATABASE_LOOKUP_NONE, + NULL, &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (check)); + + g_free (handle); + g_object_unref (check); + g_object_unref (certificate); +} + +static void +test_file_database_handle_invalid (TestFileDatabase *test, + gconstpointer unused) +{ + GTlsCertificate *certificate; + GError *error = NULL; + + certificate = g_tls_database_lookup_certificate_for_handle (test->database, "blah:blah", + NULL, G_TLS_DATABASE_LOOKUP_NONE, + NULL, &error); + g_assert_no_error (error); + g_assert (certificate == NULL); +} + +/* ----------------------------------------------------------------------------- + * DATABASE + */ + +static void +test_anchors_property (void) +{ + GTlsDatabase *database; + gchar *anchor_filename = NULL; + GError *error = NULL; + + database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error); + g_assert_no_error (error); + + g_object_get (database, "anchors", &anchor_filename, NULL); + g_assert_cmpstr (anchor_filename, ==, tls_test_file_path ("ca.pem")); + g_free (anchor_filename); + + g_object_unref (database); +} + +static gboolean +certificate_is_in_list (GList *certificates, + const gchar *filename) +{ + GTlsCertificate *cert; + GError *error = NULL; + GList *l; + + cert = g_tls_certificate_new_from_file (filename, &error); + g_assert_no_error (error); + + for (l = certificates; l != NULL; l = g_list_next (l)) + { + if (g_tls_certificate_is_same (l->data, cert)) + break; + } + + g_object_unref (cert); + + /* Had an early break from loop */ + return l != NULL; +} + +static void +test_lookup_certificates_issued_by (void) +{ + /* This data is generated from the frob-certificate test tool in gcr library. + * To regenerate (from e.g. a directory containing gcr and glib-networking): + * + * $ gcr/frob-certificate glib-networking/tls/tests/files/ca.pem + * + * Then copy the hex that is printed after "subject" (not "issuer"!) and add + * the missing 'x's. + */ + const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2" + "\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A" + "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41" + "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15" + "\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74" + "\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03" + "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F" + "\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09" + "\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63" + "\x6F\x6D"; + + GList *certificates; + GByteArray *issuer_dn; + GTlsDatabase *database; + GError *error = NULL; + + database = g_tls_file_database_new (tls_test_file_path ("non-ca.pem"), &error); + g_assert_no_error (error); + + issuer_dn = g_byte_array_new (); + /* The null terminator is in the array/string above */ + g_byte_array_append (issuer_dn, ISSUER, G_N_ELEMENTS (ISSUER) - 1); + + certificates = g_tls_database_lookup_certificates_issued_by (database, issuer_dn, NULL, + G_TLS_DATABASE_LOOKUP_NONE, + NULL, &error); + + g_byte_array_unref (issuer_dn); + + g_assert_cmpuint (g_list_length (certificates), ==, 4); + + g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client.pem"))); + g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem"))); + g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem"))); + g_assert (certificate_is_in_list (certificates, tls_test_file_path ("server.pem"))); + g_assert (!certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem"))); + + g_list_free_full (certificates, g_object_unref); + g_object_unref (database); +} + +static void +test_default_database_is_singleton (void) +{ + GTlsBackend *backend; + GTlsDatabase *database; + GTlsDatabase *check; + + backend = g_tls_backend_get_default (); + g_assert (G_IS_TLS_BACKEND (backend)); + + database = g_tls_backend_get_default_database (backend); + g_assert (G_IS_TLS_DATABASE (database)); + + check = g_tls_backend_get_default_database (backend); + g_assert (database == check); + + g_object_unref (database); + g_object_unref (check); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_setenv ("GSETTINGS_BACKEND", "memory", TRUE); + g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE); + g_setenv ("GIO_USE_TLS", "gnutls", TRUE); + + g_test_add_func ("/tls/backend/default-database-is-singleton", + test_default_database_is_singleton); + + g_test_add ("/tls/database/verify-good", TestVerify, NULL, + setup_verify, test_verify_database_good, teardown_verify); + g_test_add ("/tls/database/verify-bad-identity", TestVerify, NULL, + setup_verify, test_verify_database_bad_identity, teardown_verify); + g_test_add ("/tls/database/verify-bad-ca", TestVerify, NULL, + setup_verify, test_verify_database_bad_ca, teardown_verify); + g_test_add ("/tls/database/verify-bad-before", TestVerify, NULL, + setup_verify, test_verify_database_bad_before, teardown_verify); + g_test_add ("/tls/database/verify-bad-expired", TestVerify, NULL, + setup_verify, test_verify_database_bad_expired, teardown_verify); + g_test_add ("/tls/database/verify-bad-combo", TestVerify, NULL, + setup_verify, test_verify_database_bad_combo, teardown_verify); + g_test_add_func ("/tls/database/verify-with-incorrect-root-in-chain", + test_verify_with_incorrect_root_in_chain); + + g_test_add_func ("/tls/file-database/anchors-property", + test_anchors_property); + g_test_add_func ("/tls/file-database/lookup-certificates-issued-by", + test_lookup_certificates_issued_by); + + g_test_add ("/tls/file-database/test-handle", TestFileDatabase, NULL, + setup_file_database, test_file_database_handle, teardown_file_database); + g_test_add ("/tls/file-database/test-handle-invalid", TestFileDatabase, NULL, + setup_file_database, test_file_database_handle_invalid, teardown_file_database); + + return g_test_run(); +} diff --git a/tls/tests/files/ca-alternative.pem b/tls/tests/files/ca-alternative.pem new file mode 100644 index 0000000..a8d3b8e --- /dev/null +++ b/tls/tests/files/ca-alternative.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBV +bnRydXN0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndh +cy5hLmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNv +bTAeFw0xODA0MTUxNTA5MzFaFw00ODA0MDcxNTA5MzFaMIGGMRMwEQYKCZImiZPy +LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsG +CSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBALN4/lrWOYWOiJ7vaaVWFKxi2nWCtprsB52rwdIF/+PLRQLzK4c2w7cD +yTa9CEEP24TiCmFm+4NHaJ0Ki3zhQNfa1lP00r+3eWgSH44yxRV3i/JVOXMTsNG4 +O+BS54cZXwwk/Lg1sHZXu/zDjMZc19zNZzsYOacysvCX1YOg1HvRAgMBAAGjggFR +MIIBTTAdBgNVHQ4EFgQUURVAIyueSBto4VoQlEZQAg36h8MwgdQGA1UdIwSBzDCB +yYAU2uUI1KzpetoO4lmbqXXAnJeYn+mhgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ +FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50 +cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMu +YS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22C +CQDQKaq1tADC4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV +HREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNv +bTANBgkqhkiG9w0BAQsFAAOBgQDgX2HBiVtQtSJYmMta6M/Oy9SRALrp+XN+a1qU +4DBKWCk7Z6g2WvSBp5UDcdko8RYj5cTUIZaPq4hiVc6KAyl2lYcgknhgcdcaaCkr +B5O1QMeh5yjRNg8jP4VctBXFZ56jBgTgvRDm2UE/s1fCaZmF5VUUrWEK0SaxLR/L +uUaRdQ== +-----END CERTIFICATE----- diff --git a/tls/tests/files/ca-key.pem b/tls/tests/files/ca-key.pem new file mode 100644 index 0000000..2e8c535 --- /dev/null +++ b/tls/tests/files/ca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCzeP5a1jmFjoie72mlVhSsYtp1graa7Aedq8HSBf/jy0UC8yuH +NsO3A8k2vQhBD9uE4gphZvuDR2idCot84UDX2tZT9NK/t3loEh+OMsUVd4vyVTlz +E7DRuDvgUueHGV8MJPy4NbB2V7v8w4zGXNfczWc7GDmnMrLwl9WDoNR70QIDAQAB +AoGASNBU+cuiSMJcQYdGqHK1Ln9ovHZM2avbJygRGcGfYO8OT7USuugIHY9mqlOl +LqhdWptOtNfQQSHOmrA1iXPmFz9SzbpeaWkXmhh2XxAzX74jIkN5NjT8x+2Nn3XU +yeVOdpMgWGM1r5sJgcgWVjDYMLNCrsCqVBUBZlWcM0RM3eUCQQDbdWonFWUM+78Y +wpkVUQCQJEa4XonfG6MVLyqV/ebjX5nndnqRDRf21D9WiSbyxiO/WDf6gYQ0ZJCD +VLlERSEbAkEA0VslRkCk7o0mVxZtUM4iHkk2h6ZL+kGVLB5n98arRctDbsg+5igB +n+j5XUL0Cwb0Fvh0G4EJsAt3ftIGAKFRgwJACqYL3JGhMZwVjbIDk5E2ocfg1plf +vz+sDh8XxedoCKhe42hQUjF8dDGgUSaeiTEsEuDI9pLKQ3CNwpGd274u+QJAD5OE +dnGg087Up24XvAdaKn6v+++3f2sZuiqY+apiW9L/tWJYq68WT9t5kiLFHXzq9DqQ +COvU2LBBt8HQiIN4GQJAWvxWh8mgCoVNOOqcfexkS/T7tQpxQdbNuuzvW7lUroWk +ZEuDZM/S1Gwf4bPDbLZnnsvlYyOh4VH/D2NZDcflxA== +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/ca-roots-bad.pem b/tls/tests/files/ca-roots-bad.pem new file mode 100644 index 0000000..77ac9bf --- /dev/null +++ b/tls/tests/files/ca-roots-bad.pem @@ -0,0 +1,90 @@ +-----BEGIN CERTIFICATE----- +MIIDxjCCAy+gAwIBAgIJAO9IFDrg1P39MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK +CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE +CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv +bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwNDE1MTUwOTMx +WhcNNDgwNDA3MTUwOTMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS +JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0 +eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4 +YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzeP5a1jmFjoie +72mlVhSsYtp1graa7Aedq8HSBf/jy0UC8yuHNsO3A8k2vQhBD9uE4gphZvuDR2id +Cot84UDX2tZT9NK/t3loEh+OMsUVd4vyVTlzE7DRuDvgUueHGV8MJPy4NbB2V7v8 +w4zGXNfczWc7GDmnMrLwl9WDoNR70QIDAQABo4IBODCCATQwHQYDVR0OBBYEFFEV +QCMrnkgbaOFaEJRGUAIN+ofDMIG7BgNVHSMEgbMwgbCAFFEVQCMrnkgbaOFaEJRG +UAIN+ofDoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy +LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw +FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs +ZS5jb22CCQDvSBQ64NT9/TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQB6Dd44jsephAVWHtHIQT1zH+eKZrQG +3dYi694iQG11w45AapP47nSJPFVvsTEaflfIeX/KxmI9sMWun/Dk1iFMiNQD9St7 +1zAn7zFQ1c9yRmupPGjXVyrScqcFNfIIOchy4aFa52Z/BYvtgzuOGMXnSKsUURho +BSPQ5X/7Eqg1Yw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV diff --git a/tls/tests/files/ca-roots.pem b/tls/tests/files/ca-roots.pem new file mode 100644 index 0000000..9ae1635 --- /dev/null +++ b/tls/tests/files/ca-roots.pem @@ -0,0 +1,209 @@ +These are some CA certificates + +-----BEGIN CERTIFICATE----- +MIIDxjCCAy+gAwIBAgIJAO9IFDrg1P39MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK +CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE +CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv +bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwNDE1MTUwOTMx +WhcNNDgwNDA3MTUwOTMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS +JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0 +eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4 +YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzeP5a1jmFjoie +72mlVhSsYtp1graa7Aedq8HSBf/jy0UC8yuHNsO3A8k2vQhBD9uE4gphZvuDR2id +Cot84UDX2tZT9NK/t3loEh+OMsUVd4vyVTlzE7DRuDvgUueHGV8MJPy4NbB2V7v8 +w4zGXNfczWc7GDmnMrLwl9WDoNR70QIDAQABo4IBODCCATQwHQYDVR0OBBYEFFEV +QCMrnkgbaOFaEJRGUAIN+ofDMIG7BgNVHSMEgbMwgbCAFFEVQCMrnkgbaOFaEJRG +UAIN+ofDoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy +LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw +FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs +ZS5jb22CCQDvSBQ64NT9/TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQB6Dd44jsephAVWHtHIQT1zH+eKZrQG +3dYi694iQG11w45AapP47nSJPFVvsTEaflfIeX/KxmI9sMWun/Dk1iFMiNQD9St7 +1zAn7zFQ1c9yRmupPGjXVyrScqcFNfIIOchy4aFa52Z/BYvtgzuOGMXnSKsUURho +BSPQ5X/7Eqg1Yw== +-----END CERTIFICATE----- + +GLib shouldn't care about this comment + +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV +Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L +ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM +zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU +rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF +YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT +oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu +FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB +0m6lG5kngOcLqagA +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMC +WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du +MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBl +cnNvbmFsIEJhc2ljIENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNp +Y0B0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVow +gcsxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV +BAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAm +BgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xITAfBgNV +BAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBDQTEoMCYGCSqGSIb3DQEJARYZ +cGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53dXLdjUmbllegeNTK +P1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdKwPQIcOk8RHtQ +fmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7G1sY0b8j +kyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOB +gQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7 +c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95 +B21P9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMC +WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du +MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl +cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1m +cmVlbWFpbEB0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIz +NTk1OVowgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx +EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp +bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x +JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG +SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfYDFG26nKRsIRefS0N +j3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5ErHzmj+hND3Ef +QDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVquzgkCGqY +x7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP +MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgC +neSa/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr +5PjRzneigQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMC +WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du +MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBl +cnNvbmFsIFByZW1pdW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXBy +ZW1pdW1AdGhhd3RlLmNvbTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5 +NTlaMIHPMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIw +EAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n +MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSMw +IQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJlbWl1bSBDQTEqMCgGCSqGSIb3 +DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUuY29tMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0VsBd/eJxZRNkERbGw7 +7f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWIEt12TfIa/G8j +Hnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYDZicRFTuq +W/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH +b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVx +eTBhKXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1 +KzGJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMC +WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du +MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy +dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3Rl +IFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl +cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1 +OVowgc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ +BgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcg +Y2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x +ITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3 +DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhI +NTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPL +lyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/qgeN +9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI +hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZ +a4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcU +Qg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMC +WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du +MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy +dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3Rl +IFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0 +ZS5jb20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkG +A1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw +ZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE +CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQ +VGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRz +QHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I +/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC +6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCXL+eQbcAoQpnX +TEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzARMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWD +TSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e +QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdni +TCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc= +-----END CERTIFICATE----- + +Thank you for loading this list of CA certificates. diff --git a/tls/tests/files/ca-verisign-sha1.pem b/tls/tests/files/ca-verisign-sha1.pem new file mode 100644 index 0000000..7df0e49 --- /dev/null +++ b/tls/tests/files/ca-verisign-sha1.pem @@ -0,0 +1,48 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority + Validity + Not Before: Jan 29 00:00:00 1996 GMT + Not After : Aug 2 23:59:59 2028 GMT + Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40: + db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9: + 11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03: + 1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2: + 63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f: + 42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23: + 5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85: + e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2: + 71:64:4c:65:2e:81:68:45:a7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 10:72:52:a9:05:14:19:32:08:41:f0:c5:6b:0a:cc:7e:0f:21: + 19:cd:e4:67:dc:5f:a9:1b:e6:ca:e8:73:9d:22:d8:98:6e:73: + 03:61:91:c5:7c:b0:45:40:6e:44:9d:8d:b0:b1:96:74:61:2d: + 0d:a9:45:d2:a4:92:2a:d6:9a:75:97:6e:3f:53:fd:45:99:60: + 1d:a8:2b:4c:f9:5e:a7:09:d8:75:30:d7:d2:65:60:3d:67:d6: + 48:55:75:69:3f:91:f5:48:0b:47:69:22:69:82:96:be:c9:c8: + 38:86:4a:7a:2c:73:19:48:69:4e:6b:7c:65:bf:0f:fc:70:ce: + 88:90 +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE +BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is +I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i +2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ +2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ +-----END CERTIFICATE----- diff --git a/tls/tests/files/ca.pem b/tls/tests/files/ca.pem new file mode 100644 index 0000000..acac517 --- /dev/null +++ b/tls/tests/files/ca.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDxjCCAy+gAwIBAgIJAO9IFDrg1P39MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK +CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE +CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv +bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwNDE1MTUwOTMx +WhcNNDgwNDA3MTUwOTMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS +JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0 +eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4 +YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzeP5a1jmFjoie +72mlVhSsYtp1graa7Aedq8HSBf/jy0UC8yuHNsO3A8k2vQhBD9uE4gphZvuDR2id +Cot84UDX2tZT9NK/t3loEh+OMsUVd4vyVTlzE7DRuDvgUueHGV8MJPy4NbB2V7v8 +w4zGXNfczWc7GDmnMrLwl9WDoNR70QIDAQABo4IBODCCATQwHQYDVR0OBBYEFFEV +QCMrnkgbaOFaEJRGUAIN+ofDMIG7BgNVHSMEgbMwgbCAFFEVQCMrnkgbaOFaEJRG +UAIN+ofDoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy +LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw +FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs +ZS5jb22CCQDvSBQ64NT9/TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQB6Dd44jsephAVWHtHIQT1zH+eKZrQG +3dYi694iQG11w45AapP47nSJPFVvsTEaflfIeX/KxmI9sMWun/Dk1iFMiNQD9St7 +1zAn7zFQ1c9yRmupPGjXVyrScqcFNfIIOchy4aFa52Z/BYvtgzuOGMXnSKsUURho +BSPQ5X/7Eqg1Yw== +-----END CERTIFICATE----- diff --git a/tls/tests/files/chain-with-verisign-md2.pem b/tls/tests/files/chain-with-verisign-md2.pem new file mode 100644 index 0000000..88cbaf8 --- /dev/null +++ b/tls/tests/files/chain-with-verisign-md2.pem @@ -0,0 +1,81 @@ + 0 s:/C=GB/ST=Lothian/L=Edinburgh/O=The Royal Bank of Scotland Group Plc/OU=Business Standard/CN=secure-test.streamline-esolutions.com + i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 +-----BEGIN CERTIFICATE----- +MIIFhzCCBG+gAwIBAgIQG8SaOaLKoAlziyc01IKx1TANBgkqhkiG9w0BAQUFADCB +tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug +YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm +VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIwNjE1 +MDAwMDAwWhcNMTMwNjE2MjM1OTU5WjCBrjELMAkGA1UEBhMCR0IxEDAOBgNVBAgT +B0xvdGhpYW4xEjAQBgNVBAcUCUVkaW5idXJnaDEtMCsGA1UEChQkVGhlIFJveWFs +IEJhbmsgb2YgU2NvdGxhbmQgR3JvdXAgUGxjMRowGAYDVQQLFBFCdXNpbmVzcyBT +dGFuZGFyZDEuMCwGA1UEAxQlc2VjdXJlLXRlc3Quc3RyZWFtbGluZS1lc29sdXRp +b25zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj7qWBZQgxK +TngnAIYCrmNWv9OPUeOhHWx/aRUwWNTQI5LnTfFq+IzrruiS296KoaMF89Veg6Li +kIaR6GJ1LVNb5uWmNGo8zsXmSFeieqtREBfJHlu3G/1VcfpreqSiSi/8G6U/e6mZ +tEuVUau5kw2cM92mzYPKV4h23aasNxc7UvhFTSr6Y3D1ImuHJcKYLcXhDGB35To5 +BqlIv9M7vURDbiStlOFOHoEe/nZ/86J073Vk0gc9TQUQ6d1yB5vgw5ZIi2kDHQ7b +4yPYnD9j/RO6s6FimS/mM3m1c8GOLv3jtI0G/z30UIgGT4wXxqR8BY8dYULVO55M +kn904sjk+GMCAwEAAaOCAZYwggGSMDAGA1UdEQQpMCeCJXNlY3VyZS10ZXN0LnN0 +cmVhbWxpbmUtZXNvbHV0aW9ucy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC +BaAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVy +aXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB +BxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFA1EXBZT +RMGCfh0gqyX0AWPYvnmlMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0 +cDovL29jc3AudmVyaXNpZ24uY29tMEAGCCsGAQUFBzAChjRodHRwOi8vU1ZSU2Vj +dXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2VyMA0GCSqGSIb3 +DQEBBQUAA4IBAQCvnbqk/8I12vNKIU0lMQ3+1Q67cS+Tith067RjwRt29D1TYxGc +MV8GIDIXOjFc0BVrdXLniMuMP3ZfI7W2L7Gy8AfKNMseZ9r2tuF3fIHjXf9RChUA +lUZe3eGuwhh3H64xGA+RbbEoTM8AMgvk9wu9P9I2qHmqFZOBoYwL8UY3SYO5Rzl1 +ggCAgj02evm6zWCmRLvZHJSDO7oWRw9Ke85VgJULRsn7jvGyFmc3W1uvuLOILj5P +JhSKbb6eWVcWSqEKE+X1lLkUMd+8aBRjwkWHi5WVZX9NDscqBdl2DtYdmiVeFIqN +9nGMGwm846SvURK6c5ySrExIkPnxVCOYXhGz +-----END CERTIFICATE----- + 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 + i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority +-----BEGIN CERTIFICATE----- +MIIEpTCCBA6gAwIBAgIQfnbFd1jfGsI+zDL79hUa1TANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT +LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw +HhcNMTAwOTMwMDAwMDAwWhcNMTQwMTAxMjM1OTU5WjCBtTELMAkGA1UEBhMCVVMx +FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz +dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu +dmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3Mg +MyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG5btljkRPTc5v7QlK +1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8f0MmV1gzgzszChew +0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDKtpo9yus3nABINYYp +UHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAboGLSa6Dxugf3kzTU2 +s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RVM5l/JJs/U0V/hhrz +PPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggGFMIIBgTASBgNVHRMBAf8E +CDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAoBggrBgEFBQcC +ARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEFBQcCAjAeGhxo +dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMA4GA1UdDwEB/wQEAwIBBjBtBggr +BgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP +5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20v +dnNsb2dvLmdpZjAoBgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJ +LTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+HSCrJfQBY9i+eaUwMQYDVR0fBCowKDAm +oCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDQYJKoZIhvcN +AQEFBQADgYEALCbJk3A/lLYWx3aEmMiqkWjX3h00sBOmGUDc4wqwGR4aZdQ9ih8g +KYjzFNWfxAaVZB5dDyc6ojY4wh8OsP4GWDYZfeeaHWBoczew8mukbaVpqrE97dTQ +hRRcY4t+sIjMaXfRJi2w8dTeYSEMce6e3XVhijp5eJm8RlWXZJE9J0M= +-----END CERTIFICATE----- +# Note: this next certificate has: +# Signature Algorithm: md2WithRSAEncryption + 2 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority + i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE +BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is +I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G +CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do +lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc +AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k +-----END CERTIFICATE----- diff --git a/tls/tests/files/chain.pem b/tls/tests/files/chain.pem new file mode 100644 index 0000000..4c023ad --- /dev/null +++ b/tls/tests/files/chain.pem @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIICMTCCAdugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy +bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk +aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl +LWNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDk0MloXDTQzMDQwOTE1MDk0Mlow +SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx +GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA +MEgCQQC0DUZQx6TplAAFsmdaTla84gl4/LFcJbcR9DmbpBo6NYfiyHdZfrO8oEN/ +ixTqDG2FLOPAGakyQyXHTOGetCTVAgMBAAGjRzBFMAkGA1UdEwQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwIwYDVR0RBBwwGocEwKgBFoISc2VydmVyLmV4YW1wbGUu +Y29tMA0GCSqGSIb3DQEBCwUAA0EAS/Zgzq+lJ18rPyDmlqEz/qSLp11cqihwM27x +dM1o19qWWhmBRCuaQS8BBA3dbno4s2srzC2KJ7xnHCr8YGXkEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrjCCAxegAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp +ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq +hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDk0MloXDTQzMDQw +OTE1MDk0Mlowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ +FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0 +aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo +BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG +SIb3DQEBAQUAA0sAMEgCQQDRiX9UaA2dXPT1JcqoDBD7dbV2M94bPOjdRxC+QIYg +BO/p5frRpWp/TOaHTYf1pyDEj94SDrOcZxiKmyG89dYPAgMBAAGjggFFMIIBQTAd +BgNVHQ4EFgQUEFmoMa5Co+QD2qvOHzWLtq6zMjUwgbsGA1UdIwSBszCBsIAUURVA +IyueSBto4VoQlEZQAg36h8OhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x +FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB +Fg5jYUBleGFtcGxlLmNvbYIJAO9IFDrg1P39MA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl +LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOB +gQB8blehEbn5Nuu1/rSJBMq+NoNL5vjjZw9p28pxjvdx9hZ33TuHF2igRFEP3sag +pKPsRpYxJqq8PoGZAs/v8xcokl16HjEpuig9zOAAELammOOw5L71nNejtWb+UcPn +81gYY+9fmcBb3Ws2LOO0sy5khhrVTGk7zhQxmDpfiftI4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxjCCAy+gAwIBAgIJAO9IFDrg1P39MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK +CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE +CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv +bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwNDE1MTUwOTMx +WhcNNDgwNDA3MTUwOTMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS +JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0 +eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4 +YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzeP5a1jmFjoie +72mlVhSsYtp1graa7Aedq8HSBf/jy0UC8yuHNsO3A8k2vQhBD9uE4gphZvuDR2id +Cot84UDX2tZT9NK/t3loEh+OMsUVd4vyVTlzE7DRuDvgUueHGV8MJPy4NbB2V7v8 +w4zGXNfczWc7GDmnMrLwl9WDoNR70QIDAQABo4IBODCCATQwHQYDVR0OBBYEFFEV +QCMrnkgbaOFaEJRGUAIN+ofDMIG7BgNVHSMEgbMwgbCAFFEVQCMrnkgbaOFaEJRG +UAIN+ofDoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy +LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw +FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs +ZS5jb22CCQDvSBQ64NT9/TAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQB6Dd44jsephAVWHtHIQT1zH+eKZrQG +3dYi694iQG11w45AapP47nSJPFVvsTEaflfIeX/KxmI9sMWun/Dk1iFMiNQD9St7 +1zAn7zFQ1c9yRmupPGjXVyrScqcFNfIIOchy4aFa52Z/BYvtgzuOGMXnSKsUURho +BSPQ5X/7Eqg1Yw== +-----END CERTIFICATE----- diff --git a/tls/tests/files/client-and-key.pem b/tls/tests/files/client-and-key.pem new file mode 100644 index 0000000..1d63db4 --- /dev/null +++ b/tls/tests/files/client-and-key.pem @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA0MTUxNTA5MzFaFw00MzA0MDkxNTA5 +MzFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngoibfdSI0 +HIkls4Zm6oo/Uns9UlNdmXmmXRrxkjwIEQo+WGJuoaXijotEiPE3elKQ2DMZt7yg +7Nq/SHcP0QUL5601LLdB55kUYjRzFDXa6aaLu3jTXhO0KZfEfozQ1jdfEobI3g6z +/wX07AolEfx3I3LTtl6SVxnzzheQ6ad0WDoNeoTuPrUDquoxx9h5/LA9X5uJaqzX +UDGEL+2pKaRP1hXTMvn1h80heHeL9dvioUnESILe7n3jSYYYTZeA8LhXYOVK+Jx4 +k2e87/Zzq/o8B6JX8gGo8tXxOq/m4HcjwlcMpdsT8Yrng980n8ckGwVT8Jw1oxJ8 +p9nBK6o/G1MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQAEpEyF6G1FEjWmuYY/JwmX +7719WAjDnmEvoZUk4l9EyVhJoweson3Ib+dCQlhhBoEr93IbphYW3P8u9UNjGYF5 +goVIVQi2WpGsT3bowfVem8LGASgdlpvZoWTHggIUzFArYsc3aUtsiTU9szNNlD46 ++jo9p2Je9PCc57/ThVCYOQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAueCiJt91IjQciSWzhmbqij9Sez1SU12ZeaZdGvGSPAgRCj5Y +Ym6hpeKOi0SI8Td6UpDYMxm3vKDs2r9Idw/RBQvnrTUst0HnmRRiNHMUNdrppou7 +eNNeE7Qpl8R+jNDWN18ShsjeDrP/BfTsCiUR/HcjctO2XpJXGfPOF5Dpp3RYOg16 +hO4+tQOq6jHH2Hn8sD1fm4lqrNdQMYQv7akppE/WFdMy+fWHzSF4d4v12+KhScRI +gt7ufeNJhhhNl4DwuFdg5Ur4nHiTZ7zv9nOr+jwHolfyAajy1fE6r+bgdyPCVwyl +2xPxiueD3zSfxyQbBVPwnDWjEnyn2cErqj8bUwIDAQABAoIBAAhEgJHgEJKz5K0I ++0I4I6iAhoeqw5WnrSLnDm8bXZjD9xYQjdfa+d+qAxMYukqYYB16CdPEChMeyUo1 +heCd2Hsz+1sN6W5BRS7e5DtW/wgiM5BP2MfYBvAzbEIu4D4dL9oIpYdPOelHgkle +in0tBu7G0dHSruLn+W3TFVChBnOHOtDAQrxBEzcHyfpoH6Va1+uaUxduMCfrj6IL +Ds0on2rpEUwtHJKTDwqr+F2tI7JeYMJnHF94/iLgwQ4i21Woqx2caQoStREzFa5W +kYbzMcnwV+EcUTM0egEaLovw5feEEctq0l4k0v2vLW/odOV7cpL84JJq1sJJfnlw +HlmQjUECgYEA549WCCgxujQ4tNeXug40fjZPfm5DZ4s2BnsX0ek63+YgKOJPdMLX +Ez8amxsTHHpk+nMADmK4HBgCfqnBWDkTIlvGM4Xxr3lYaZuJYRfP0PxvZLLJhq0y +ulFW2yuIVfywpPa21va1TUK7uZAEp0Bfh/8BEea8Z2qGwkiv5y0mq+ECgYEAzX75 +iJ+sUTS9LCdRmK6Qjq8gqtY3u8+Kq1ExMGs7kHr1yKsA/6uD1cwHH/YHFl9J6d23 +P8hiwCR1611FAGOcMho3MNfGQo8LiSKCFRp4lRLdbSYqAwoxcCVjVvzSTEOlUko8 +4r4mgwpq7GBo5Xl6AkGmxzwRaZNjV+qX6qzKjbMCgYBFvVux1Tk01WmGva/Kr2CL +6puCfn76fmjlBsmjxNSgflSNO6umhM/10fmXYU4eM5aZ/2yy6HR+sZR+xW2fvoDO +xkkpV1v091zzYY68mUlTrdN2xon/b8Zpavn3xGKpUxN4e32RvHfaLxEO0Bs2rCKZ +eOm/lHiFxQWVGgMwYt7UwQKBgBeqBpxYHuTfGOXLxVa6y4TS4AUsVBC5rrNZzztP +LfXOYx1vq9bFbpIhQ7THhTtrT7yxvpeGwPB1gmrPO9H2ppcSc8aZIoippl9tbON3 +P+mS2ZLnMTFWbCkI9S6gQKttos0eJXLLCO5QNc3wsEO0wHsgCk+pOCwbP/Zw2nu4 +2D6HAoGABM69Cu1DDrcI116+A12XfL4T+oxwrqtjx/5CU/ZcXSfUkiytRbhzK+xm +7TNFd1oyYdkaZg1yythP2vk34s9Ktpufc7sKKOg8FtWGHZkQPTpAaqdl0ZtMGUbX +uFfRqoJtYcPc1K8i0p1ACjNTfVpnXMFK0KvFV6OYLT84NzRzQt0= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/client-future.pem b/tls/tests/files/client-future.pem new file mode 100644 index 0000000..2e84a2f --- /dev/null +++ b/tls/tests/files/client-future.pem @@ -0,0 +1,20 @@ +notBefore=Jul 18 00:00:00 2060 GMT +notAfter=Jul 18 00:00:00 2061 GMT +-----BEGIN CERTIFICATE----- +MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxODAwMDAwMFoYDzIwNjEwNzE4 +MDAwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH +RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA +ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54KIm +33UiNByJJbOGZuqKP1J7PVJTXZl5pl0a8ZI8CBEKPlhibqGl4o6LRIjxN3pSkNgz +Gbe8oOzav0h3D9EFC+etNSy3QeeZFGI0cxQ12ummi7t4014TtCmXxH6M0NY3XxKG +yN4Os/8F9OwKJRH8dyNy07ZeklcZ884XkOmndFg6DXqE7j61A6rqMcfYefywPV+b +iWqs11AxhC/tqSmkT9YV0zL59YfNIXh3i/Xb4qFJxEiC3u5940mGGE2XgPC4V2Dl +SviceJNnvO/2c6v6PAeiV/IBqPLV8Tqv5uB3I8JXDKXbE/GK54PfNJ/HJBsFU/Cc +NaMSfKfZwSuqPxtTAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAine6DzvYeBjRjTCX +fjatCEFHpf6zgQqHhp1XfSTYLnT27689jOvMp03S9/b3Twh5DS2kA05bPJ0d0kT1 +utsyC1MtR1VSrB0uxvDXgCeYBxRAtJZh0K7RXIfx7h4Aywo1A5IAZcMs1lDOCMB6 +7vq8+Ma/9ebQ9GrIfmYhaXGzx68= +-----END CERTIFICATE----- diff --git a/tls/tests/files/client-key.pem b/tls/tests/files/client-key.pem new file mode 100644 index 0000000..5fdbe36 --- /dev/null +++ b/tls/tests/files/client-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAueCiJt91IjQciSWzhmbqij9Sez1SU12ZeaZdGvGSPAgRCj5Y +Ym6hpeKOi0SI8Td6UpDYMxm3vKDs2r9Idw/RBQvnrTUst0HnmRRiNHMUNdrppou7 +eNNeE7Qpl8R+jNDWN18ShsjeDrP/BfTsCiUR/HcjctO2XpJXGfPOF5Dpp3RYOg16 +hO4+tQOq6jHH2Hn8sD1fm4lqrNdQMYQv7akppE/WFdMy+fWHzSF4d4v12+KhScRI +gt7ufeNJhhhNl4DwuFdg5Ur4nHiTZ7zv9nOr+jwHolfyAajy1fE6r+bgdyPCVwyl +2xPxiueD3zSfxyQbBVPwnDWjEnyn2cErqj8bUwIDAQABAoIBAAhEgJHgEJKz5K0I ++0I4I6iAhoeqw5WnrSLnDm8bXZjD9xYQjdfa+d+qAxMYukqYYB16CdPEChMeyUo1 +heCd2Hsz+1sN6W5BRS7e5DtW/wgiM5BP2MfYBvAzbEIu4D4dL9oIpYdPOelHgkle +in0tBu7G0dHSruLn+W3TFVChBnOHOtDAQrxBEzcHyfpoH6Va1+uaUxduMCfrj6IL +Ds0on2rpEUwtHJKTDwqr+F2tI7JeYMJnHF94/iLgwQ4i21Woqx2caQoStREzFa5W +kYbzMcnwV+EcUTM0egEaLovw5feEEctq0l4k0v2vLW/odOV7cpL84JJq1sJJfnlw +HlmQjUECgYEA549WCCgxujQ4tNeXug40fjZPfm5DZ4s2BnsX0ek63+YgKOJPdMLX +Ez8amxsTHHpk+nMADmK4HBgCfqnBWDkTIlvGM4Xxr3lYaZuJYRfP0PxvZLLJhq0y +ulFW2yuIVfywpPa21va1TUK7uZAEp0Bfh/8BEea8Z2qGwkiv5y0mq+ECgYEAzX75 +iJ+sUTS9LCdRmK6Qjq8gqtY3u8+Kq1ExMGs7kHr1yKsA/6uD1cwHH/YHFl9J6d23 +P8hiwCR1611FAGOcMho3MNfGQo8LiSKCFRp4lRLdbSYqAwoxcCVjVvzSTEOlUko8 +4r4mgwpq7GBo5Xl6AkGmxzwRaZNjV+qX6qzKjbMCgYBFvVux1Tk01WmGva/Kr2CL +6puCfn76fmjlBsmjxNSgflSNO6umhM/10fmXYU4eM5aZ/2yy6HR+sZR+xW2fvoDO +xkkpV1v091zzYY68mUlTrdN2xon/b8Zpavn3xGKpUxN4e32RvHfaLxEO0Bs2rCKZ +eOm/lHiFxQWVGgMwYt7UwQKBgBeqBpxYHuTfGOXLxVa6y4TS4AUsVBC5rrNZzztP +LfXOYx1vq9bFbpIhQ7THhTtrT7yxvpeGwPB1gmrPO9H2ppcSc8aZIoippl9tbON3 +P+mS2ZLnMTFWbCkI9S6gQKttos0eJXLLCO5QNc3wsEO0wHsgCk+pOCwbP/Zw2nu4 +2D6HAoGABM69Cu1DDrcI116+A12XfL4T+oxwrqtjx/5CU/ZcXSfUkiytRbhzK+xm +7TNFd1oyYdkaZg1yythP2vk34s9Ktpufc7sKKOg8FtWGHZkQPTpAaqdl0ZtMGUbX +uFfRqoJtYcPc1K8i0p1ACjNTfVpnXMFK0KvFV6OYLT84NzRzQt0= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/client-past.pem b/tls/tests/files/client-past.pem new file mode 100644 index 0000000..8ff6ca1 --- /dev/null +++ b/tls/tests/files/client-past.pem @@ -0,0 +1,20 @@ +notBefore=Jul 17 23:00:00 2000 GMT +notAfter=Jul 17 23:00:00 2001 GMT +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw +MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngoibfdSI0 +HIkls4Zm6oo/Uns9UlNdmXmmXRrxkjwIEQo+WGJuoaXijotEiPE3elKQ2DMZt7yg +7Nq/SHcP0QUL5601LLdB55kUYjRzFDXa6aaLu3jTXhO0KZfEfozQ1jdfEobI3g6z +/wX07AolEfx3I3LTtl6SVxnzzheQ6ad0WDoNeoTuPrUDquoxx9h5/LA9X5uJaqzX +UDGEL+2pKaRP1hXTMvn1h80heHeL9dvioUnESILe7n3jSYYYTZeA8LhXYOVK+Jx4 +k2e87/Zzq/o8B6JX8gGo8tXxOq/m4HcjwlcMpdsT8Yrng980n8ckGwVT8Jw1oxJ8 +p9nBK6o/G1MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBGHqa7mBWC67OXg74mqG44 +SM+dj2X4t8FlxriOH428V1KUVn/iPKZKaoacUWVkFKQdqQp4cnFb5ieif1/kVzjf +HIKBeYQIMFeGQS+2DDQGXDUbxO9Kkp0izFsv8xm8CnJUSsX51wx7cQ8QAC4BeWxn +yRVIoDjMhjGCPks8iwC5+w== +-----END CERTIFICATE----- diff --git a/tls/tests/files/client.pem b/tls/tests/files/client.pem new file mode 100644 index 0000000..dda0953 --- /dev/null +++ b/tls/tests/files/client.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA0MTUxNTA5MzFaFw00MzA0MDkxNTA5 +MzFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngoibfdSI0 +HIkls4Zm6oo/Uns9UlNdmXmmXRrxkjwIEQo+WGJuoaXijotEiPE3elKQ2DMZt7yg +7Nq/SHcP0QUL5601LLdB55kUYjRzFDXa6aaLu3jTXhO0KZfEfozQ1jdfEobI3g6z +/wX07AolEfx3I3LTtl6SVxnzzheQ6ad0WDoNeoTuPrUDquoxx9h5/LA9X5uJaqzX +UDGEL+2pKaRP1hXTMvn1h80heHeL9dvioUnESILe7n3jSYYYTZeA8LhXYOVK+Jx4 +k2e87/Zzq/o8B6JX8gGo8tXxOq/m4HcjwlcMpdsT8Yrng980n8ckGwVT8Jw1oxJ8 +p9nBK6o/G1MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQAEpEyF6G1FEjWmuYY/JwmX +7719WAjDnmEvoZUk4l9EyVhJoweson3Ib+dCQlhhBoEr93IbphYW3P8u9UNjGYF5 +goVIVQi2WpGsT3bowfVem8LGASgdlpvZoWTHggIUzFArYsc3aUtsiTU9szNNlD46 ++jo9p2Je9PCc57/ThVCYOQ== +-----END CERTIFICATE----- diff --git a/tls/tests/files/client2-and-key.pem b/tls/tests/files/client2-and-key.pem new file mode 100644 index 0000000..9704891 --- /dev/null +++ b/tls/tests/files/client2-and-key.pem @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA0MTUxNTA5NDJaFw00MzA0MDkxNTA5 +NDJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXv0Omjny/f +1gDHjEHAG+zbfS80lWpMQGN6h3p+ZhNpmDcTIiOgcfvUHioLGPSU6UQ3mRH/iv/B +HhD7L+Xvm+LCTzycOWWscrnazczR+79uO+lJomyAyOCAXk/B+TyTBiffN99FnxqZ +9IOc9/xVsDMVwrj3Xbv+95LWogflB+bOJHWzD3hG1msNlatN+orFCzsmVUdDc1Dn +hldS2UVWL2lUVqYN7k8dD7Roee3Fk6XQ56bkvx9nIZhm3ZBd1NFK6Zthlbq5OwAi +canbWwinsBSvD0lrIUIrDc6I7Pl8x8/vD1ORcCEjmnfdIM91zvwOtnPP6fDTFqlZ +S/Cb8e80lJ8CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCxBQocwq+1k1mnr9UaDgj0 +IfcWRHnbpWTn2Ra5qNUs6jTNyIdnQG/lSk/Cx8C+BoPYBViXNpRdg5D46mIYOCKn +poF8gNVF5naRZHDsUnG8y5wATKyXmOhHflaM7sCxOOwk2MYoT1lJuGmaU3bnxJPK +9zpZTSKmSdEAZHM7Ma0PwQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEApe/Q6aOfL9/WAMeMQcAb7Nt9LzSVakxAY3qHen5mE2mYNxMi +I6Bx+9QeKgsY9JTpRDeZEf+K/8EeEPsv5e+b4sJPPJw5ZaxyudrNzNH7v2476Umi +bIDI4IBeT8H5PJMGJ98330WfGpn0g5z3/FWwMxXCuPddu/73ktaiB+UH5s4kdbMP +eEbWaw2Vq036isULOyZVR0NzUOeGV1LZRVYvaVRWpg3uTx0PtGh57cWTpdDnpuS/ +H2chmGbdkF3U0Urpm2GVurk7ACJxqdtbCKewFK8PSWshQisNzojs+XzHz+8PU5Fw +ISOad90gz3XO/A62c8/p8NMWqVlL8Jvx7zSUnwIDAQABAoIBAFdiqMExorZiiV+V +tr41fj9JA27loT3+c/YvY8NVZ0oX1MpEMDlU2FIHTe9UMssy1HlRUjIRQlEXkU7e +CUZs3coYDARePTfXDf/kQ3b2qj4QvkpHtdqwI5le4Mvd2fRVdOtweQsCrhwjMYpS +EqJ3ObhdYFNqKZnEVvqkP2Yq7fNUiH0kB37yaYu3DBJwfltnLCOklEjzaXhKfhTX +AmgXj9IRXhfcHEQMNTxrKLkGDmYPhwIdR/+1IzPK1fLQ5+K+yjpw0sLZh3bU57aQ +LMdSruEZXYOn33Yt7s8OUoS4i0oRT+2YOa1SGl6XTJfTySo4V2M/qVFl3DrdRkL0 +O7hoYkECgYEA3ENv3G5FPZxnu3EFe2boRzUxaeG0WGSl5IAc9Rf3QfK9si3yVhhd +9D+Nbx6Lew/POcpqMKrjUPriewis8LTUQ+EuhZJAuprbUClKBqhzI+0u4IOm0Fzr +IS65e/Lf815B41QtuBCJwDmvwIakRZLnHURxd7XOv9PYGaXshN9oBX8CgYEAwNvw +9txy27/JRccZomk6EuMvgsbEfFqXhiYQsrtAvTFjpV9W2h37wCZeQbR7KL9w9LVZ +a/Lz140aGBc0rCf8OMjuI2TiUTPtMJBNEFiktp0YinmQZmuyQBBRYmQK/KwIaDap +3yTBhgjJ4GBQdwme+nu9NTqGrLzxDSSqu7CYQOECgYEArA0hO5YHD/E0Nf46wgHI +PpcWWharwMAdtTc9Z1WpFiJ+esfZG9c8zKU33SyG10GqJQIvoIRbu829S02jiQI3 +LC6hIET1us1rsloOMNUz20RR8Z3kl619HRZaXK+Cr59Y6DHA5J5Ge5iT6FdDyfTO +AtaLq26gaMcZbi9laQT5RBECgYAcuWVlTyYoRqNSqjnOL7//iijMYJBpORDyYP8B +r9QPmaiOu+lyqR6S2uQVAy2IvyKyv8PmyRO6WgC179bfgUEWsA6P5Pm0QHimUAe6 +VImLzVAXZ82zA31T/1ovvljIk1LZOrMIUjAkp3Bx48Z4RE2SXxWqNOJUHfwFCh4H +wGCc4QKBgQDA17Mo89D7jeaLHObkh/CT/aEjsiNTRwEwAdN+9C/vFTz0EBtJq7D3 +swjY1Z1IrgcwcmqJpDTntbtmgw/aUwJakMvat07Js+d6Lwgh0wf6CF2KVcS8EOZg +ODM7SUJRu6HiE12AVxie1yrt/xNRMCm3G+R+MXe9GI86Zf7G3+hUgA== +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/client2-key.pem b/tls/tests/files/client2-key.pem new file mode 100644 index 0000000..625efad --- /dev/null +++ b/tls/tests/files/client2-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEApe/Q6aOfL9/WAMeMQcAb7Nt9LzSVakxAY3qHen5mE2mYNxMi +I6Bx+9QeKgsY9JTpRDeZEf+K/8EeEPsv5e+b4sJPPJw5ZaxyudrNzNH7v2476Umi +bIDI4IBeT8H5PJMGJ98330WfGpn0g5z3/FWwMxXCuPddu/73ktaiB+UH5s4kdbMP +eEbWaw2Vq036isULOyZVR0NzUOeGV1LZRVYvaVRWpg3uTx0PtGh57cWTpdDnpuS/ +H2chmGbdkF3U0Urpm2GVurk7ACJxqdtbCKewFK8PSWshQisNzojs+XzHz+8PU5Fw +ISOad90gz3XO/A62c8/p8NMWqVlL8Jvx7zSUnwIDAQABAoIBAFdiqMExorZiiV+V +tr41fj9JA27loT3+c/YvY8NVZ0oX1MpEMDlU2FIHTe9UMssy1HlRUjIRQlEXkU7e +CUZs3coYDARePTfXDf/kQ3b2qj4QvkpHtdqwI5le4Mvd2fRVdOtweQsCrhwjMYpS +EqJ3ObhdYFNqKZnEVvqkP2Yq7fNUiH0kB37yaYu3DBJwfltnLCOklEjzaXhKfhTX +AmgXj9IRXhfcHEQMNTxrKLkGDmYPhwIdR/+1IzPK1fLQ5+K+yjpw0sLZh3bU57aQ +LMdSruEZXYOn33Yt7s8OUoS4i0oRT+2YOa1SGl6XTJfTySo4V2M/qVFl3DrdRkL0 +O7hoYkECgYEA3ENv3G5FPZxnu3EFe2boRzUxaeG0WGSl5IAc9Rf3QfK9si3yVhhd +9D+Nbx6Lew/POcpqMKrjUPriewis8LTUQ+EuhZJAuprbUClKBqhzI+0u4IOm0Fzr +IS65e/Lf815B41QtuBCJwDmvwIakRZLnHURxd7XOv9PYGaXshN9oBX8CgYEAwNvw +9txy27/JRccZomk6EuMvgsbEfFqXhiYQsrtAvTFjpV9W2h37wCZeQbR7KL9w9LVZ +a/Lz140aGBc0rCf8OMjuI2TiUTPtMJBNEFiktp0YinmQZmuyQBBRYmQK/KwIaDap +3yTBhgjJ4GBQdwme+nu9NTqGrLzxDSSqu7CYQOECgYEArA0hO5YHD/E0Nf46wgHI +PpcWWharwMAdtTc9Z1WpFiJ+esfZG9c8zKU33SyG10GqJQIvoIRbu829S02jiQI3 +LC6hIET1us1rsloOMNUz20RR8Z3kl619HRZaXK+Cr59Y6DHA5J5Ge5iT6FdDyfTO +AtaLq26gaMcZbi9laQT5RBECgYAcuWVlTyYoRqNSqjnOL7//iijMYJBpORDyYP8B +r9QPmaiOu+lyqR6S2uQVAy2IvyKyv8PmyRO6WgC179bfgUEWsA6P5Pm0QHimUAe6 +VImLzVAXZ82zA31T/1ovvljIk1LZOrMIUjAkp3Bx48Z4RE2SXxWqNOJUHfwFCh4H +wGCc4QKBgQDA17Mo89D7jeaLHObkh/CT/aEjsiNTRwEwAdN+9C/vFTz0EBtJq7D3 +swjY1Z1IrgcwcmqJpDTntbtmgw/aUwJakMvat07Js+d6Lwgh0wf6CF2KVcS8EOZg +ODM7SUJRu6HiE12AVxie1yrt/xNRMCm3G+R+MXe9GI86Zf7G3+hUgA== +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/client2.pem b/tls/tests/files/client2.pem new file mode 100644 index 0000000..94b5c1c --- /dev/null +++ b/tls/tests/files/client2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA0MTUxNTA5NDJaFw00MzA0MDkxNTA5 +NDJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXv0Omjny/f +1gDHjEHAG+zbfS80lWpMQGN6h3p+ZhNpmDcTIiOgcfvUHioLGPSU6UQ3mRH/iv/B +HhD7L+Xvm+LCTzycOWWscrnazczR+79uO+lJomyAyOCAXk/B+TyTBiffN99FnxqZ +9IOc9/xVsDMVwrj3Xbv+95LWogflB+bOJHWzD3hG1msNlatN+orFCzsmVUdDc1Dn +hldS2UVWL2lUVqYN7k8dD7Roee3Fk6XQ56bkvx9nIZhm3ZBd1NFK6Zthlbq5OwAi +canbWwinsBSvD0lrIUIrDc6I7Pl8x8/vD1ORcCEjmnfdIM91zvwOtnPP6fDTFqlZ +S/Cb8e80lJ8CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCxBQocwq+1k1mnr9UaDgj0 +IfcWRHnbpWTn2Ra5qNUs6jTNyIdnQG/lSk/Cx8C+BoPYBViXNpRdg5D46mIYOCKn +poF8gNVF5naRZHDsUnG8y5wATKyXmOhHflaM7sCxOOwk2MYoT1lJuGmaU3bnxJPK +9zpZTSKmSdEAZHM7Ma0PwQ== +-----END CERTIFICATE----- diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh new file mode 100755 index 0000000..a887562 --- /dev/null +++ b/tls/tests/files/create-files.sh @@ -0,0 +1,194 @@ +#!/bin/sh + +msg() { + echo + echo "* $1 ..." +} + +cd `dirname $0` + +echo +echo "This script re-generates all private keys and certificates" +echo "needed to run the Unit Test." +echo +echo " *** IMPORTANT ***" +echo +echo "This script will change the system date momentarily to generate" +echo "a couple of certificates (sudo password will be requested). This" +echo "is because it uses the OpenSSL x509 utility instead of the ca" +echo "utility which allows to set a starting date for the certificates." +echo +echo "A few manual changes need to be made. The first certificate" +echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by" +echo "the contents of ca.pem." +echo +echo "Also, file-database.c:test_lookup_certificates_issued_by has" +echo "an ISSUER variable that needs to be changed by the CA identifier" +echo "(read the comment in that function) if you modify this script." +echo +echo " *** IMPORTANT ***" +echo + +read -p "Press [Enter] key to continue..." key + +####################################################################### +### Obsolete/Untrusted Root CA +####################################################################### + +echo "00" > serial + +msg "Creating CA private key for obsolete/untrusted CA" +openssl genrsa -out old-ca-key.pem 1024 + +msg "Creating CA certificate for obsolete/untrusted CA" +openssl req -x509 -new -config ssl/old-ca.conf -days 10950 -key old-ca-key.pem -out old-ca.pem + +####################################################################### +### New Root CA +####################################################################### + +msg "Creating CA private key" +openssl genrsa -out ca-key.pem 1024 + +msg "Creating CA certificate" +openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem + +####################################################################### +### New Root CA, issued by Obsolete/Untrusted Root CA +####################################################################### + +msg "Creating CA certificate request" +openssl req -config ssl/ca.conf -key ca-key.pem -new -out root-ca-csr.pem + +msg "Creating alternative certificate with same keys as CA" +openssl x509 -req -in root-ca-csr.pem -days 10950 -CA old-ca.pem -CAkey old-ca-key.pem -CAserial serial -extfile ssl/ca.conf -extensions v3_req_ext -out ca-alternative.pem + +####################################################################### +### Server +####################################################################### + +msg "Creating server private key" +openssl genrsa -out server-key.pem 512 + +msg "Creating server certificate request" +openssl req -config ssl/server.conf -key server-key.pem -new -out server-csr.pem + +msg "Creating server certificate" +openssl x509 -req -in server-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/server.conf -extensions v3_req_ext -out server.pem + +msg "Concatenating server certificate and private key into a single file" +cat server.pem > server-and-key.pem +cat server-key.pem >> server-and-key.pem + +msg "Converting server certificate from PEM to DER" +openssl x509 -in server.pem -outform DER -out server.der + +msg "Converting server private key from PEM to DER" +openssl rsa -in server-key.pem -outform DER -out server-key.der + +####################################################################### +### Server (self-signed) +####################################################################### + +msg "Creating server self-signed certificate" +openssl x509 -req -days 9125 -in server-csr.pem -signkey server-key.pem -out server-self.pem + +####################################################################### +### Client +####################################################################### + +msg "Creating client private key" +openssl genrsa -out client-key.pem 2048 + +msg "Creating client certificate request" +openssl req -config ssl/client.conf -key client-key.pem -new -out client-csr.pem + +msg "Creating client certificate" +openssl x509 -req -in client-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client.pem + +msg "Concatenating client certificate and private key into a single file" +cat client.pem > client-and-key.pem +cat client-key.pem >> client-and-key.pem + +# It is not possible to specify the start and end date using the "x509" tool. +# It would be better to use the "ca" tool. Sorry! +msg "Creating client certificate (past)" +sudo date -s "17 JUL 2000 18:00:00" +openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-past.pem +sudo hwclock -s +touch client-past.pem + +msg "Creating client certificate (future)" +sudo date -s "17 JUL 2060 18:00:00" +openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-future.pem +sudo hwclock -s +touch client-future.pem + +msg "Creating second client key pair" +openssl genrsa -out client2-key.pem 2048 +openssl req -config ssl/client.conf -key client2-key.pem -new -out client2-csr.pem +openssl x509 -req -in client2-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client2.pem + +msg "Concatenating second client certificate and private key into a single file" +cat client2.pem client2-key.pem > client2-and-key.pem + +####################################################################### +### Concatenate all non-CA certificates +####################################################################### + +msg "Concatenating all non-CA certificates into a single file" +echo "client.pem:" > non-ca.pem +cat client.pem >> non-ca.pem +echo >> non-ca.pem +echo "client-future.pem:" >> non-ca.pem +cat client-future.pem >> non-ca.pem +echo >> non-ca.pem +echo "client-past.pem:" >> non-ca.pem +cat client-past.pem >> non-ca.pem +echo >> non-ca.pem +echo "server.pem:" >> non-ca.pem +cat server.pem >> non-ca.pem +echo >> non-ca.pem +echo "server-self.pem:" >> non-ca.pem +cat server-self.pem >> non-ca.pem + +####################################################################### +### Intermediate CA +####################################################################### + +echo "00" > intermediate-serial + +msg "Creating intermediate CA private key" +openssl genrsa -out intermediate-ca-key.pem 512 + +msg "Creating intermediate CA certificate request" +openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem + +msg "Creating intermediate CA certificate" +openssl x509 -req -in intermediate-ca-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/intermediate-ca.conf -extensions v3_req_ext -out intermediate-ca.pem + +####################################################################### +### Server (signed by Intermediate CA) +####################################################################### + +msg "Creating server (intermediate CA) private key" +openssl genrsa -out server-intermediate-key.pem 512 + +msg "Creating server (intermediate CA) certificate request" +openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out server-intermediate-csr.pem + +msg "Creating server (intermediate CA) certificate" +openssl x509 -req -in server-intermediate-csr.pem -days 9125 -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem -CAserial intermediate-serial -extfile ssl/server-intermediate.conf -extensions v3_req_ext -out server-intermediate.pem + +msg "Concatenating server (intermediate CA) chain into a file" +cat server-intermediate.pem > chain.pem +cat intermediate-ca.pem >> chain.pem +cat ca.pem >> chain.pem + +####################################################################### +### Cleanup +####################################################################### + +# We don't need the serial files anymore +rm -f serial +rm -f intermediate-serial diff --git a/tls/tests/files/intermediate-ca-csr.pem b/tls/tests/files/intermediate-ca-csr.pem new file mode 100644 index 0000000..8c138e1 --- /dev/null +++ b/tls/tests/files/intermediate-ca-csr.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBujCCAWQCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is +ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x +KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0G +CSqGSIb3DQEBAQUAA0sAMEgCQQDRiX9UaA2dXPT1JcqoDBD7dbV2M94bPOjdRxC+ +QIYgBO/p5frRpWp/TOaHTYf1pyDEj94SDrOcZxiKmyG89dYPAgMBAAGgUTBPBgkq +hkiG9w0BCQ4xQjBAMB0GA1UdDgQWBBQQWagxrkKj5APaq84fNYu2rrMyNTAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAANBAMRE +puvj7M7SJ9XmLoFdBEVCKA8pKiuQu5bbG9CDAF91YoW75UoI0MLDclnxlYNrRTXK +yuB6omXdqWEKOB0jMGk= +-----END CERTIFICATE REQUEST----- diff --git a/tls/tests/files/intermediate-ca-key.pem b/tls/tests/files/intermediate-ca-key.pem new file mode 100644 index 0000000..ac0f596 --- /dev/null +++ b/tls/tests/files/intermediate-ca-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBANGJf1RoDZ1c9PUlyqgMEPt1tXYz3hs86N1HEL5AhiAE7+nl+tGl +an9M5odNh/WnIMSP3hIOs5xnGIqbIbz11g8CAwEAAQJAUSOvXN4WN5Ohf7SsrzpM +8TL5m9Yl8eI6QkWcpC+UQJ01aUpkg0+uc22x1awpoHm2Z+6V2ZrfGEWTksGbITqf +sQIhAOxMup3leyEzi4ifcVKJO/goTiwXIW1JqOT9DLynxyBbAiEA4wGVBW0+Gbt7 +ls4ymttTtNmea+kgEXQLiJZHs/VZT10CIQC8z3p12/2Mw/EEU9JqzrkaSqpb1Iej +Ga5YelIJFE6p7QIhAKWRqddjbj/mdqXvjwlTnyHw95NNXY5dTWw57+JZuOIhAiEA +jCo2PBZjrkPjOtzPB+JUps/ZSZKZ0GLKnsFMsutw/ao= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/intermediate-ca.pem b/tls/tests/files/intermediate-ca.pem new file mode 100644 index 0000000..97988d2 --- /dev/null +++ b/tls/tests/files/intermediate-ca.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDrjCCAxegAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp +ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq +hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDk0MloXDTQzMDQw +OTE1MDk0Mlowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ +FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0 +aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo +BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG +SIb3DQEBAQUAA0sAMEgCQQDRiX9UaA2dXPT1JcqoDBD7dbV2M94bPOjdRxC+QIYg +BO/p5frRpWp/TOaHTYf1pyDEj94SDrOcZxiKmyG89dYPAgMBAAGjggFFMIIBQTAd +BgNVHQ4EFgQUEFmoMa5Co+QD2qvOHzWLtq6zMjUwgbsGA1UdIwSBszCBsIAUURVA +IyueSBto4VoQlEZQAg36h8OhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x +FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB +Fg5jYUBleGFtcGxlLmNvbYIJAO9IFDrg1P39MA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl +LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOB +gQB8blehEbn5Nuu1/rSJBMq+NoNL5vjjZw9p28pxjvdx9hZ33TuHF2igRFEP3sag +pKPsRpYxJqq8PoGZAs/v8xcokl16HjEpuig9zOAAELammOOw5L71nNejtWb+UcPn +81gYY+9fmcBb3Ws2LOO0sy5khhrVTGk7zhQxmDpfiftI4A== +-----END CERTIFICATE----- diff --git a/tls/tests/files/non-ca.pem b/tls/tests/files/non-ca.pem new file mode 100644 index 0000000..060d72c --- /dev/null +++ b/tls/tests/files/non-ca.pem @@ -0,0 +1,93 @@ +client.pem: +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA0MTUxNTA5MzFaFw00MzA0MDkxNTA5 +MzFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngoibfdSI0 +HIkls4Zm6oo/Uns9UlNdmXmmXRrxkjwIEQo+WGJuoaXijotEiPE3elKQ2DMZt7yg +7Nq/SHcP0QUL5601LLdB55kUYjRzFDXa6aaLu3jTXhO0KZfEfozQ1jdfEobI3g6z +/wX07AolEfx3I3LTtl6SVxnzzheQ6ad0WDoNeoTuPrUDquoxx9h5/LA9X5uJaqzX +UDGEL+2pKaRP1hXTMvn1h80heHeL9dvioUnESILe7n3jSYYYTZeA8LhXYOVK+Jx4 +k2e87/Zzq/o8B6JX8gGo8tXxOq/m4HcjwlcMpdsT8Yrng980n8ckGwVT8Jw1oxJ8 +p9nBK6o/G1MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQAEpEyF6G1FEjWmuYY/JwmX +7719WAjDnmEvoZUk4l9EyVhJoweson3Ib+dCQlhhBoEr93IbphYW3P8u9UNjGYF5 +goVIVQi2WpGsT3bowfVem8LGASgdlpvZoWTHggIUzFArYsc3aUtsiTU9szNNlD46 ++jo9p2Je9PCc57/ThVCYOQ== +-----END CERTIFICATE----- + +client-future.pem: +notBefore=Jul 18 00:00:00 2060 GMT +notAfter=Jul 18 00:00:00 2061 GMT +-----BEGIN CERTIFICATE----- +MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxODAwMDAwMFoYDzIwNjEwNzE4 +MDAwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH +RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA +ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54KIm +33UiNByJJbOGZuqKP1J7PVJTXZl5pl0a8ZI8CBEKPlhibqGl4o6LRIjxN3pSkNgz +Gbe8oOzav0h3D9EFC+etNSy3QeeZFGI0cxQ12ummi7t4014TtCmXxH6M0NY3XxKG +yN4Os/8F9OwKJRH8dyNy07ZeklcZ884XkOmndFg6DXqE7j61A6rqMcfYefywPV+b +iWqs11AxhC/tqSmkT9YV0zL59YfNIXh3i/Xb4qFJxEiC3u5940mGGE2XgPC4V2Dl +SviceJNnvO/2c6v6PAeiV/IBqPLV8Tqv5uB3I8JXDKXbE/GK54PfNJ/HJBsFU/Cc +NaMSfKfZwSuqPxtTAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAine6DzvYeBjRjTCX +fjatCEFHpf6zgQqHhp1XfSTYLnT27689jOvMp03S9/b3Twh5DS2kA05bPJ0d0kT1 +utsyC1MtR1VSrB0uxvDXgCeYBxRAtJZh0K7RXIfx7h4Aywo1A5IAZcMs1lDOCMB6 +7vq8+Ma/9ebQ9GrIfmYhaXGzx68= +-----END CERTIFICATE----- + +client-past.pem: +notBefore=Jul 17 23:00:00 2000 GMT +notAfter=Jul 17 23:00:00 2001 GMT +-----BEGIN CERTIFICATE----- +MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND +T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0 +ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN +AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw +MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN +UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt +cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngoibfdSI0 +HIkls4Zm6oo/Uns9UlNdmXmmXRrxkjwIEQo+WGJuoaXijotEiPE3elKQ2DMZt7yg +7Nq/SHcP0QUL5601LLdB55kUYjRzFDXa6aaLu3jTXhO0KZfEfozQ1jdfEobI3g6z +/wX07AolEfx3I3LTtl6SVxnzzheQ6ad0WDoNeoTuPrUDquoxx9h5/LA9X5uJaqzX +UDGEL+2pKaRP1hXTMvn1h80heHeL9dvioUnESILe7n3jSYYYTZeA8LhXYOVK+Jx4 +k2e87/Zzq/o8B6JX8gGo8tXxOq/m4HcjwlcMpdsT8Yrng980n8ckGwVT8Jw1oxJ8 +p9nBK6o/G1MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBGHqa7mBWC67OXg74mqG44 +SM+dj2X4t8FlxriOH428V1KUVn/iPKZKaoacUWVkFKQdqQp4cnFb5ieif1/kVzjf +HIKBeYQIMFeGQS+2DDQGXDUbxO9Kkp0izFsv8xm8CnJUSsX51wx7cQ8QAC4BeWxn +yRVIoDjMhjGCPks8iwC5+w== +-----END CERTIFICATE----- + +server.pem: +-----BEGIN CERTIFICATE----- +MIICSzCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp +ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq +hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDkzMVoXDTQzMDQw +OTE1MDkzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW +B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQCtuqYVuUH8iSQw4OEJKeYivQ3Vz8gqya7MoFAVM/oo9BVk +Ahiz3YiyfIraNrbcMOv7WeiWIHbt3eGnV9fbKeNHAgMBAAGjRzBFMAkGA1UdEwQC +MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIwYDVR0RBBwwGocEwKgBCoISc2VydmVy +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBALLKakcRqiJXYjLZP25/v+Tm +nMpjf5DV+4i46CGcN7TFX7tg6o6+kgeuUrGNlX/36cNoCR8lZ+N8VpSrSu69WYhH +jSb1gThzr/rE8Qxc3hx5WSwvRAKcmm6vUP4S12uygoznSIL1zuhJ4upP6ZKBTugp +e2RcHsnLV+7oBuDhzUOo +-----END CERTIFICATE----- + +server-self.pem: +-----BEGIN CERTIFICATE----- +MIIBiDCCATICCQDG/6CUMieoNTANBgkqhkiG9w0BAQsFADBLMRMwEQYKCZImiZPy +LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy +dmVyLmV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDkzMVoXDTQzMDQwOTE1MDkzMVow +SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx +GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA +MEgCQQCtuqYVuUH8iSQw4OEJKeYivQ3Vz8gqya7MoFAVM/oo9BVkAhiz3YiyfIra +NrbcMOv7WeiWIHbt3eGnV9fbKeNHAgMBAAEwDQYJKoZIhvcNAQELBQADQQBt0a9H +NaI47J0dW1IOsaxmAMrTEz2UAaUMhRC/02fbbzp1b5fp/UsICECFLvHh3G3xWcmi +6U0aifAZ0yGD2ecZ +-----END CERTIFICATE----- diff --git a/tls/tests/files/old-ca-key.pem b/tls/tests/files/old-ca-key.pem new file mode 100644 index 0000000..9c148ff --- /dev/null +++ b/tls/tests/files/old-ca-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDonwmetJ4h2lRx+dcwJ5dO2KO58hGFtKpxo7uvTTW5bkxR1uTE +t0qRUojS7PL6oWPZPXK18K2lcaBD86jF5ouloZ/cxuvOlTcyA9Ra/oUPofgI6Y5B +A+ogPok2UNRoVFa1MyUsZERSSB5/GsiH3Q4GEo7G0hKJUtaR4roz7md+ZQIDAQAB +AoGALgeKN8U1pS02mHb/hZ/P6OIlQ54KqZJeR65GbSGyB8czgt4q1mIOd0MFn/cS +/VUCFPJ7yFSfh6U8OTX1p3M/Hl6Q0AepGD4AGsp8L4UgzxyyswUVV5bNyFZ+kEKq +UhjU1ChpnzXCCK9hpDg4DLMsKV3Puh0eIS2lXqhRZ3mPJAECQQD165xzIzHkCKMW +K/8DKEziPbbhNSveFiWhyNtq6WTQM8xblxm8t526EDp/m+TJHRHG1MLSt9uawZlq +0USrbwFFAkEA8ifhuDQBJtSunt9HRHnkwKO+DyG3QdVCYn94uNuZzPZGjBwOj4Un +0FbX6l6aVArsM9un1I0XTD8NXEV76o8KoQJAS8xbZIGslwSyf9r/txFs4S70d2XU +J5fb8YnfV4yoriPJEVH5dNmDnB30afC7C+IR4J8jjZ9t6L1TdEEcUVrdoQJAAMPN +e7Z2VngPgSL1Z6r25QDfZc7WdFfHGOaMLBFNgA87E9A2348tHARaNDxOQnuyWUuV +UR+M9kmwshzqEkiXYQJBALW8s+qf9g33TMi6G3FHgjrojJ4W2l05/VBBvNbzGc5I +0LqeyEuZaIFaOjPK/Nv+2/IUYzdLvDpKyEgISDnXTqc= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/old-ca.pem b/tls/tests/files/old-ca.pem new file mode 100644 index 0000000..53c2724 --- /dev/null +++ b/tls/tests/files/old-ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEETCCA3qgAwIBAgIJANApqrW0AMLjMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK +CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UE +CwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMM +GW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4 +YW1wbGUuY29tMB4XDTE4MDQxNTE1MDkzMVoXDTQ4MDQwNzE1MDkzMVowgZ8xEzAR +BgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYD +VQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UE +AwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA +ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOifCZ60niHa +VHH51zAnl07Yo7nyEYW0qnGju69NNbluTFHW5MS3SpFSiNLs8vqhY9k9crXwraVx +oEPzqMXmi6Whn9zG686VNzID1Fr+hQ+h+AjpjkED6iA+iTZQ1GhUVrUzJSxkRFJI +Hn8ayIfdDgYSjsbSEolS1pHiujPuZ35lAgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU +2uUI1KzpetoO4lmbqXXAnJeYn+kwgdQGA1UdIwSBzDCByYAU2uUI1KzpetoO4lmb +qXXAnJeYn+mhgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ +k/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmlj +YXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNv +bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQDQKaq1tADC4zAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFt +cGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUF +AAOBgQCJjsk/D1hAmXecXQJhPIZgwaqnusKEG01v7mEpzyGr0wi6oBlNRoYR6xMK +4Zwrb9B+YPV7MdtZ9EyQZ6Z6BAbr7o5dD6N1N4beQtGjGn0Y3Q80IMPpOj+36DGV +0SAmjACK0cWoK1awfUNZ0xKp9bUoLrChi/Y2V+zxbr7Drka0RQ== +-----END CERTIFICATE----- diff --git a/tls/tests/files/root-ca-csr.pem b/tls/tests/files/root-ca-csr.pem new file mode 100644 index 0000000..199c4b3 --- /dev/null +++ b/tls/tests/files/root-ca-csr.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICGDCCAYECAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is +ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV +BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl +LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs3j+WtY5hY6Inu9ppVYU +rGLadYK2muwHnavB0gX/48tFAvMrhzbDtwPJNr0IQQ/bhOIKYWb7g0donQqLfOFA +19rWU/TSv7d5aBIfjjLFFXeL8lU5cxOw0bg74FLnhxlfDCT8uDWwdle7/MOMxlzX +3M1nOxg5pzKy8JfVg6DUe9ECAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O +BBYEFFEVQCMrnkgbaOFaEJRGUAIN+ofDMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAG5AmHVk1e5/th83Bawo2OZ3tyPh +IZ2jmgBAUaqowimnaP0gcybOEi41h3dWF2mhiPyOic+mvXKqIfxsj0j762dFBZSK +8KyIxH5CNyPdji8a7v17pFgtPT1XzboDMafIp/RNH8onDhNxxsx9K8Rm/+D1hXY+ +WAtaH8ckjxPXTLJ+ +-----END CERTIFICATE REQUEST----- diff --git a/tls/tests/files/server-and-key.pem b/tls/tests/files/server-and-key.pem new file mode 100644 index 0000000..5b2e067 --- /dev/null +++ b/tls/tests/files/server-and-key.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIICSzCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp +ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq +hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDkzMVoXDTQzMDQw +OTE1MDkzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW +B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQCtuqYVuUH8iSQw4OEJKeYivQ3Vz8gqya7MoFAVM/oo9BVk +Ahiz3YiyfIraNrbcMOv7WeiWIHbt3eGnV9fbKeNHAgMBAAGjRzBFMAkGA1UdEwQC +MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIwYDVR0RBBwwGocEwKgBCoISc2VydmVy +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBALLKakcRqiJXYjLZP25/v+Tm +nMpjf5DV+4i46CGcN7TFX7tg6o6+kgeuUrGNlX/36cNoCR8lZ+N8VpSrSu69WYhH +jSb1gThzr/rE8Qxc3hx5WSwvRAKcmm6vUP4S12uygoznSIL1zuhJ4upP6ZKBTugp +e2RcHsnLV+7oBuDhzUOo +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAK26phW5QfyJJDDg4Qkp5iK9DdXPyCrJrsygUBUz+ij0FWQCGLPd +iLJ8ito2ttww6/tZ6JYgdu3d4adX19sp40cCAwEAAQJBAI9utojg9xXktDiWsbS7 +HwI3TCDm98A721GeWf/ndfYwkdhr4rcsmzbQS7cvg+Bmnnd7aCEZTPqTLBcLbnXM +MwECIQDkLiWqdenSbUSueGBEKn/P0yj4pLPwtk8ruWVKICyg4QIhAMLo/3vpDqGR +rZAnfsW85xIiu1t9+VYSdqnE4drEzIEnAiEAxwZFTkBY+XTbYj6W4P4cy14IL5Ah +b0TlG2MzKQuVQaECIEeddMICj+2tqSgeWuYs0npHaK/lSYfmoNMgFBxd0wZhAiEA +sOGQq1lOnsMkvZ4OY24kdBRUI5CAaXC1LKx/2t7lQyA= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/server-intermediate-csr.pem b/tls/tests/files/server-intermediate-csr.pem new file mode 100644 index 0000000..6d3bdcc --- /dev/null +++ b/tls/tests/files/server-intermediate-csr.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBNjCB4QIBADBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB +GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFwwDQYJKoZI +hvcNAQEBBQADSwAwSAJBALQNRlDHpOmUAAWyZ1pOVrziCXj8sVwltxH0OZukGjo1 +h+LId1l+s7ygQ3+LFOoMbYUs48AZqTJDJcdM4Z60JNUCAwEAAaAxMC8GCSqGSIb3 +DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAANBAHdfDP1Yk0d9Xm/GF4t9VDEUqIyLTdWq7dy5HBuVFAbaieklLW4V +OMYdVmfHY/c+5OysAHvy9ku35sPtkTzNkJ0= +-----END CERTIFICATE REQUEST----- diff --git a/tls/tests/files/server-intermediate-key.pem b/tls/tests/files/server-intermediate-key.pem new file mode 100644 index 0000000..5e7fee8 --- /dev/null +++ b/tls/tests/files/server-intermediate-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBALQNRlDHpOmUAAWyZ1pOVrziCXj8sVwltxH0OZukGjo1h+LId1l+ +s7ygQ3+LFOoMbYUs48AZqTJDJcdM4Z60JNUCAwEAAQJAO9K5TTe4PH+XLk1jd6bV +vPZhbViQWWySkh2SUntI15PIrCEbF+Gv38Z17wbhSlDEOFJbeZfHb49qMKdbPdUB +tQIhAOX3/O/uVOfQskIZ0Oh+KC8ShuadPWZSPHOU6wKl9DznAiEAyG7M/vW6qg6h +mkxJw9IXTu335kInSqFmhu6ES6jEPOMCIFrXOvMMEj4AEmpKCFvOedEeYGt4cWiZ +04dUrAC/zVrBAiBH9lAvsjZE3F/1MDLD1eh8dEAvMc09pFlVVMm3CG78lQIgMeuJ +zS2AhfX5RgY1M2IMjxKDNXo1BKCNhk7gUzWNk5g= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/server-intermediate.pem b/tls/tests/files/server-intermediate.pem new file mode 100644 index 0000000..384b2c4 --- /dev/null +++ b/tls/tests/files/server-intermediate.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICMTCCAdugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy +bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk +aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl +LWNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDk0MloXDTQzMDQwOTE1MDk0Mlow +SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx +GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA +MEgCQQC0DUZQx6TplAAFsmdaTla84gl4/LFcJbcR9DmbpBo6NYfiyHdZfrO8oEN/ +ixTqDG2FLOPAGakyQyXHTOGetCTVAgMBAAGjRzBFMAkGA1UdEwQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwIwYDVR0RBBwwGocEwKgBFoISc2VydmVyLmV4YW1wbGUu +Y29tMA0GCSqGSIb3DQEBCwUAA0EAS/Zgzq+lJ18rPyDmlqEz/qSLp11cqihwM27x +dM1o19qWWhmBRCuaQS8BBA3dbno4s2srzC2KJ7xnHCr8YGXkEA== +-----END CERTIFICATE----- diff --git a/tls/tests/files/server-key.der b/tls/tests/files/server-key.der new file mode 100644 index 0000000..607cdba Binary files /dev/null and b/tls/tests/files/server-key.der differ diff --git a/tls/tests/files/server-key.pem b/tls/tests/files/server-key.pem new file mode 100644 index 0000000..bb073df --- /dev/null +++ b/tls/tests/files/server-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAK26phW5QfyJJDDg4Qkp5iK9DdXPyCrJrsygUBUz+ij0FWQCGLPd +iLJ8ito2ttww6/tZ6JYgdu3d4adX19sp40cCAwEAAQJBAI9utojg9xXktDiWsbS7 +HwI3TCDm98A721GeWf/ndfYwkdhr4rcsmzbQS7cvg+Bmnnd7aCEZTPqTLBcLbnXM +MwECIQDkLiWqdenSbUSueGBEKn/P0yj4pLPwtk8ruWVKICyg4QIhAMLo/3vpDqGR +rZAnfsW85xIiu1t9+VYSdqnE4drEzIEnAiEAxwZFTkBY+XTbYj6W4P4cy14IL5Ah +b0TlG2MzKQuVQaECIEeddMICj+2tqSgeWuYs0npHaK/lSYfmoNMgFBxd0wZhAiEA +sOGQq1lOnsMkvZ4OY24kdBRUI5CAaXC1LKx/2t7lQyA= +-----END RSA PRIVATE KEY----- diff --git a/tls/tests/files/server-self.pem b/tls/tests/files/server-self.pem new file mode 100644 index 0000000..5a221bb --- /dev/null +++ b/tls/tests/files/server-self.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBiDCCATICCQDG/6CUMieoNTANBgkqhkiG9w0BAQsFADBLMRMwEQYKCZImiZPy +LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy +dmVyLmV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDkzMVoXDTQzMDQwOTE1MDkzMVow +SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx +GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA +MEgCQQCtuqYVuUH8iSQw4OEJKeYivQ3Vz8gqya7MoFAVM/oo9BVkAhiz3YiyfIra +NrbcMOv7WeiWIHbt3eGnV9fbKeNHAgMBAAEwDQYJKoZIhvcNAQELBQADQQBt0a9H +NaI47J0dW1IOsaxmAMrTEz2UAaUMhRC/02fbbzp1b5fp/UsICECFLvHh3G3xWcmi +6U0aifAZ0yGD2ecZ +-----END CERTIFICATE----- diff --git a/tls/tests/files/server.der b/tls/tests/files/server.der new file mode 100644 index 0000000..c537168 Binary files /dev/null and b/tls/tests/files/server.der differ diff --git a/tls/tests/files/server.pem b/tls/tests/files/server.pem new file mode 100644 index 0000000..8985e06 --- /dev/null +++ b/tls/tests/files/server.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSzCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp +ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq +hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDQxNTE1MDkzMVoXDTQzMDQw +OTE1MDkzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW +B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQCtuqYVuUH8iSQw4OEJKeYivQ3Vz8gqya7MoFAVM/oo9BVk +Ahiz3YiyfIraNrbcMOv7WeiWIHbt3eGnV9fbKeNHAgMBAAGjRzBFMAkGA1UdEwQC +MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIwYDVR0RBBwwGocEwKgBCoISc2VydmVy +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBALLKakcRqiJXYjLZP25/v+Tm +nMpjf5DV+4i46CGcN7TFX7tg6o6+kgeuUrGNlX/36cNoCR8lZ+N8VpSrSu69WYhH +jSb1gThzr/rE8Qxc3hx5WSwvRAKcmm6vUP4S12uygoznSIL1zuhJ4upP6ZKBTugp +e2RcHsnLV+7oBuDhzUOo +-----END CERTIFICATE----- diff --git a/tls/tests/files/ssl/ca.conf b/tls/tests/files/ssl/ca.conf new file mode 100644 index 0000000..bf776ec --- /dev/null +++ b/tls/tests/files/ssl/ca.conf @@ -0,0 +1,32 @@ +# Root CA + +[ req ] +# Use SHA-1 to verify that it does not affect the trust of root certificates. +default_md = sha1 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext +x509_extensions = v3_req_ext + +[ req_dn ] +0.domainComponent = "COM" +1.domainComponent = "EXAMPLE" +organizationalUnitName = "Certificate Authority" +commonName = "ca.example.com" +emailAddress = "ca@example.com" + +[ req_ext ] +subjectKeyIdentifier = hash +#authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign + +[ v3_req_ext ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectAltName = email:ca@example.com +issuerAltName = issuer:copy diff --git a/tls/tests/files/ssl/client.conf b/tls/tests/files/ssl/client.conf new file mode 100644 index 0000000..2ba2c77 --- /dev/null +++ b/tls/tests/files/ssl/client.conf @@ -0,0 +1,14 @@ +# Client + +[ req ] +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn + +[ req_dn ] +0.domainComponent = "COM" +1.domainComponent = "EXAMPLE" +commonName = "Client" +emailAddress = client@example.com diff --git a/tls/tests/files/ssl/intermediate-ca.conf b/tls/tests/files/ssl/intermediate-ca.conf new file mode 100644 index 0000000..53b1f7e --- /dev/null +++ b/tls/tests/files/ssl/intermediate-ca.conf @@ -0,0 +1,31 @@ +# Intermediate Root CA + +[ req ] +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext +x509_extensions = v3_req_ext + +[ req_dn ] +0.domainComponent = "COM" +1.domainComponent = "EXAMPLE" +organizationalUnitName = "Intermediate Certificate Authority" +commonName = "intermediate-ca.example.com" +emailAddress = "intermediate-ca@example.com" + +[ req_ext ] +subjectKeyIdentifier = hash +#authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign + +[ v3_req_ext ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectAltName = email:intermediate-ca@example.com +issuerAltName = issuer:copy diff --git a/tls/tests/files/ssl/old-ca.conf b/tls/tests/files/ssl/old-ca.conf new file mode 100644 index 0000000..b1d155a --- /dev/null +++ b/tls/tests/files/ssl/old-ca.conf @@ -0,0 +1,31 @@ +# Root CA + +[ req ] +default_md = sha1 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext +x509_extensions = v3_req_ext + +[ req_dn ] +0.domainComponent = "COM" +1.domainComponent = "EXAMPLE" +organizationalUnitName = "Old Untrusted Certificate Authority" +commonName = "once.was.a.ca.example.com" +emailAddress = "ca@example.com" + +[ req_ext ] +subjectKeyIdentifier = hash +#authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign + +[ v3_req_ext ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign,cRLSign +subjectAltName = email:ca@example.com +issuerAltName = issuer:copy diff --git a/tls/tests/files/ssl/server-intermediate.conf b/tls/tests/files/ssl/server-intermediate.conf new file mode 100644 index 0000000..8dbf236 --- /dev/null +++ b/tls/tests/files/ssl/server-intermediate.conf @@ -0,0 +1,28 @@ +# Server + +[ req ] +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext +x509_extensions = v3_req_ext + +[ req_dn ] +0.domainComponent = "COM" +1.domainComponent = "EXAMPLE" +commonName = "server.example.com" + +[ req_ext ] +basicConstraints = CA:false +extendedKeyUsage = serverAuth + +[ v3_req_ext ] +basicConstraints = CA:false +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[ alt_names ] +IP.0 = 192.168.1.22 +DNS.0 = "server.example.com" diff --git a/tls/tests/files/ssl/server.conf b/tls/tests/files/ssl/server.conf new file mode 100644 index 0000000..7adb406 --- /dev/null +++ b/tls/tests/files/ssl/server.conf @@ -0,0 +1,28 @@ +# Server + +[ req ] +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = req_dn +req_extensions = req_ext +x509_extensions = v3_req_ext + +[ req_dn ] +0.domainComponent = "COM" +1.domainComponent = "EXAMPLE" +commonName = "server.example.com" + +[ req_ext ] +basicConstraints = CA:false +extendedKeyUsage = serverAuth + +[ v3_req_ext ] +basicConstraints = CA:false +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[ alt_names ] +IP.0 = 192.168.1.10 +DNS.0 = "server.example.com" diff --git a/tls/tests/meson.build b/tls/tests/meson.build new file mode 100644 index 0000000..261fa1e --- /dev/null +++ b/tls/tests/meson.build @@ -0,0 +1,108 @@ +incs = [ + top_inc, + tls_inc +] + +deps = [ + gio_dep, + glib_dep, + gnutls_dep +] + +cflags = [ + '-DSRCDIR="@0@"'.format(meson.current_source_dir()), + '-DTOP_BUILDDIR="@0@"'.format(meson.build_root()) +] + +envs = [ + 'G_TEST_SRCDIR=' + meson.current_source_dir(), + 'G_TEST_BUILDDIR=' + meson.current_build_dir(), + 'GIO_MODULE_DIR=' + join_paths(meson.build_root(), 'tls', 'gnutls') +] + +test_programs = [ + ['certificate', [], deps], + ['file-database', [], deps], + ['connection', ['mock-interaction.c'], deps], + ['dtls-connection', ['mock-interaction.c'], deps], +] + +if enable_pkcs11_support + pkcs11_deps = deps + [ + libgiopkcs11_dep, + pkcs11_dep + ] + + test_programs += [ + ['pkcs11-util', [], pkcs11_deps], + ['pkcs11-array', [], pkcs11_deps], + ['pkcs11-pin', [], pkcs11_deps], + ['pkcs11-slot', ['mock-interaction.c', 'mock-pkcs11.c'], pkcs11_deps] + ] +endif + +foreach program: test_programs + test_conf = configuration_data() + test_conf.set('installed_tests_dir', installed_tests_execdir) + test_conf.set('program', program[0]) + + if enable_installed_tests + configure_file( + input: test_template, + output: program[0] + '.test', + install_dir: installed_tests_metadir, + configuration: test_conf + ) + endif + + exe = executable( + program[0], + [program[0] + '.c'] + program[1], + include_directories: incs, + dependencies: program[2], + c_args: cflags, + install: enable_installed_tests, + install_dir: installed_tests_execdir + ) + + test( + program[0], + exe, + env: envs + ) +endforeach + +if enable_installed_tests + test_data = files( + 'files/ca-alternative.pem', + 'files/ca-key.pem', + 'files/ca.pem', + 'files/ca-roots-bad.pem', + 'files/ca-roots.pem', + 'files/ca-verisign-sha1.pem', + 'files/chain.pem', + 'files/chain-with-verisign-md2.pem', + 'files/client2-and-key.pem', + 'files/client2-key.pem', + 'files/client2.pem', + 'files/client-and-key.pem', + 'files/client-future.pem', + 'files/client-past.pem', + 'files/client.pem', + 'files/intermediate-ca.pem', + 'files/non-ca.pem', + 'files/server-and-key.pem', + 'files/server.der', + 'files/server-intermediate-key.pem', + 'files/server-intermediate.pem', + 'files/server-key.der', + 'files/server-key.pem', + 'files/server.pem', + 'files/server-self.pem' + ) + + install_data( + test_data, + install_dir: join_paths(installed_tests_execdir, 'files') + ) +endif diff --git a/tls/tests/mock-interaction.c b/tls/tests/mock-interaction.c new file mode 100644 index 0000000..05d3ce4 --- /dev/null +++ b/tls/tests/mock-interaction.c @@ -0,0 +1,231 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include + +#include "mock-interaction.h" + +struct _MockInteraction +{ + GTlsInteraction parent_instance; + + gchar *static_password; + GTlsCertificate *static_certificate; + GError *static_error; +}; + +G_DEFINE_TYPE (MockInteraction, mock_interaction, G_TYPE_TLS_INTERACTION); + +static void +mock_interaction_ask_password_async (GTlsInteraction *interaction, + GTlsPassword *password, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + MockInteraction *self = MOCK_INTERACTION (interaction); + GTask *task; + + task = g_task_new (interaction, cancellable, callback, user_data); + + if (self->static_error) + g_task_return_error (task, g_error_copy (self->static_error)); + else + g_tls_password_set_value (password, (const guchar *)self->static_password, -1); + g_task_return_boolean (task, TRUE); + g_object_unref (task); +} + +static GTlsInteractionResult +mock_interaction_ask_password_finish (GTlsInteraction *interaction, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, interaction), + G_TLS_INTERACTION_UNHANDLED); + + if (g_task_had_error (G_TASK (result))) + { + g_task_propagate_boolean (G_TASK (result), error); + return G_TLS_INTERACTION_FAILED; + } + else + return G_TLS_INTERACTION_HANDLED; +} + +static GTlsInteractionResult +mock_interaction_ask_password (GTlsInteraction *interaction, + GTlsPassword *password, + GCancellable *cancellable, + GError **error) +{ + MockInteraction *self = MOCK_INTERACTION (interaction); + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_TLS_INTERACTION_FAILED; + + if (self->static_error) + { + g_propagate_error (error, g_error_copy (self->static_error)); + return G_TLS_INTERACTION_FAILED; + } + else + { + g_tls_password_set_value (password, (const guchar *)self->static_password, -1); + return G_TLS_INTERACTION_HANDLED; + } +} + +static void +mock_interaction_request_certificate_async (GTlsInteraction *interaction, + GTlsConnection *connection, + GTlsCertificateRequestFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + MockInteraction *self = MOCK_INTERACTION (interaction); + GTask *task; + + task = g_task_new (interaction, cancellable, callback, user_data); + + if (self->static_error) + g_task_return_error (task, g_error_copy (self->static_error)); + else + { + g_tls_connection_set_certificate (connection, self->static_certificate); + g_task_return_boolean (task, TRUE); + } + g_object_unref (task); +} + +static GTlsInteractionResult +mock_interaction_request_certificate_finish (GTlsInteraction *interaction, + GAsyncResult *result, + GError **error) +{ + g_return_val_if_fail (g_task_is_valid (result, interaction), + G_TLS_INTERACTION_UNHANDLED); + + if (!g_task_propagate_boolean (G_TASK (result), error)) + return G_TLS_INTERACTION_FAILED; + else + return G_TLS_INTERACTION_HANDLED; +} + +static GTlsInteractionResult +mock_interaction_request_certificate (GTlsInteraction *interaction, + GTlsConnection *connection, + GTlsCertificateRequestFlags flags, + GCancellable *cancellable, + GError **error) +{ + MockInteraction *self = MOCK_INTERACTION (interaction); + + if (g_cancellable_set_error_if_cancelled (cancellable, error)) + return G_TLS_INTERACTION_FAILED; + + if (self->static_error) + { + g_propagate_error (error, g_error_copy (self->static_error)); + return G_TLS_INTERACTION_FAILED; + } + else + { + g_tls_connection_set_certificate (connection, self->static_certificate); + return G_TLS_INTERACTION_HANDLED; + } +} + +static void +mock_interaction_init (MockInteraction *self) +{ + +} + +static void +mock_interaction_finalize (GObject *object) +{ + MockInteraction *self = MOCK_INTERACTION (object); + + g_free (self->static_password); + g_clear_object (&self->static_certificate); + g_clear_error (&self->static_error); + + G_OBJECT_CLASS (mock_interaction_parent_class)->finalize (object); +} + +static void +mock_interaction_class_init (MockInteractionClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GTlsInteractionClass *interaction_class = G_TLS_INTERACTION_CLASS (klass); + + object_class->finalize = mock_interaction_finalize; + + interaction_class->ask_password = mock_interaction_ask_password; + interaction_class->ask_password_async = mock_interaction_ask_password_async; + interaction_class->ask_password_finish = mock_interaction_ask_password_finish; + interaction_class->request_certificate = mock_interaction_request_certificate; + interaction_class->request_certificate_async = mock_interaction_request_certificate_async; + interaction_class->request_certificate_finish = mock_interaction_request_certificate_finish; +} + +GTlsInteraction * +mock_interaction_new_static_password (const gchar *password) +{ + MockInteraction *self; + + self = g_object_new (MOCK_TYPE_INTERACTION, NULL); + + self->static_password = g_strdup (password); + return G_TLS_INTERACTION (self); +} + +GTlsInteraction * +mock_interaction_new_static_certificate (GTlsCertificate *cert) +{ + MockInteraction *self; + + self = g_object_new (MOCK_TYPE_INTERACTION, NULL); + + self->static_certificate = cert ? g_object_ref (cert) : NULL; + return G_TLS_INTERACTION (self); +} + +GTlsInteraction * +mock_interaction_new_static_error (GQuark domain, + gint code, + const gchar *message) +{ + MockInteraction *self; + + self = g_object_new (MOCK_TYPE_INTERACTION, NULL); + + self->static_error = g_error_new (domain, code, "%s", message); + return G_TLS_INTERACTION (self); +} diff --git a/tls/tests/mock-interaction.h b/tls/tests/mock-interaction.h new file mode 100644 index 0000000..875207a --- /dev/null +++ b/tls/tests/mock-interaction.h @@ -0,0 +1,44 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Stef Walter + */ + +#include + +#ifndef __MOCK_INTERACTION_H__ +#define __MOCK_INTERACTION_H__ + +G_BEGIN_DECLS + +#define MOCK_TYPE_INTERACTION (mock_interaction_get_type ()) + +G_DECLARE_FINAL_TYPE (MockInteraction, mock_interaction, MOCK, INTERACTION, GTlsInteraction) + +GTlsInteraction *mock_interaction_new_static_password (const gchar *password); + +GTlsInteraction *mock_interaction_new_static_certificate (GTlsCertificate *cert); + +GTlsInteraction *mock_interaction_new_static_error (GQuark domain, + gint code, + const gchar *message); + +G_END_DECLS + +#endif /* __MOCK_INTERACTION_H__ */ diff --git a/tls/tests/mock-pkcs11.c b/tls/tests/mock-pkcs11.c new file mode 100644 index 0000000..0f156f7 --- /dev/null +++ b/tls/tests/mock-pkcs11.c @@ -0,0 +1,1547 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * Copyright (C) 2010 Stefan Walter + * Copyright (C) 2011 Collabora Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include "config.h" + +#include "mock-pkcs11.h" + +#include + +#include + +#include + +/* + * This is *NOT* how you'd want to implement a PKCS#11 module. This + * fake module simply provides enough for gnutls-pkcs11 backend to test against. + * It doesn't pass any tests, or behave as expected from a PKCS#11 module. + */ + +static gboolean initialized = FALSE; +static gchar *the_pin = NULL; +static gulong n_the_pin = 0; + +static gboolean logged_in = FALSE; +static CK_USER_TYPE user_type = 0; +static CK_FUNCTION_LIST functionList; + +typedef enum +{ + OP_FIND = 1, + OP_CRYPTO +} Operation; + +typedef struct +{ + CK_SESSION_HANDLE handle; + CK_SESSION_INFO info; + GHashTable *objects; + + Operation operation; + + /* For find operations */ + GList *matches; + + /* For crypto operations */ + CK_OBJECT_HANDLE crypto_key; + CK_ATTRIBUTE_TYPE crypto_method; + CK_MECHANISM_TYPE crypto_mechanism; + CK_BBOOL want_context_login; +} Session; + +static guint unique_identifier = 100; +static GHashTable *the_sessions = NULL; +static GHashTable *the_objects = NULL; + +static void +free_session (gpointer data) +{ + Session *sess = (Session*)data; + if (sess) + g_hash_table_destroy (sess->objects); + g_free (sess); +} + +static GPkcs11Array * +lookup_object (Session *session, + CK_OBJECT_HANDLE hObject) +{ + GPkcs11Array *attrs; + attrs = g_hash_table_lookup (the_objects, GUINT_TO_POINTER (hObject)); + if (!attrs) + attrs = g_hash_table_lookup (session->objects, GUINT_TO_POINTER (hObject)); + return attrs; +} + +CK_OBJECT_HANDLE +mock_module_take_object (GPkcs11Array *attrs) +{ + gboolean token; + guint handle; + + g_return_val_if_fail (the_objects, 0); + + if (g_pkcs11_array_find_boolean (attrs, CKA_TOKEN, &token)) + g_return_val_if_fail (token == TRUE, 0); + + handle = ++unique_identifier; + g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE); + g_hash_table_insert (the_objects, GUINT_TO_POINTER (handle), attrs); + return handle; +} + +void +mock_module_enumerate_objects (CK_SESSION_HANDLE handle, + MockEnumerator func, + gpointer user_data) +{ + GHashTableIter iter; + gpointer key; + gpointer value; + Session *session; + gboolean private; + + g_assert (the_objects); + g_assert (func); + + /* Token objects */ + g_hash_table_iter_init (&iter, the_objects); + while (g_hash_table_iter_next (&iter, &key, &value)) + { + /* Don't include private objects when not logged in */ + if (!logged_in) + { + if (g_pkcs11_array_find_boolean (value, CKA_PRIVATE, &private) && private == TRUE) + continue; + } + + if (!(func) (GPOINTER_TO_UINT (key), value, user_data)) + return; + } + + /* session objects */ + if (handle) + { + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (handle)); + if (session) + { + g_hash_table_iter_init (&iter, session->objects); + while (g_hash_table_iter_next (&iter, &key, &value)) + { + /* Don't include private objects when not logged in */ + if (!logged_in) + { + if (g_pkcs11_array_find_boolean (value, CKA_PRIVATE, &private) && private == TRUE) + continue; + } + + if (!(func) (GPOINTER_TO_UINT (key), value, user_data)) + return; + } + } + } +} + +typedef struct { + CK_ATTRIBUTE_PTR attrs; + CK_ULONG n_attrs; + CK_OBJECT_HANDLE object; +} FindObject; + +static gboolean +enumerate_and_find_object (CK_OBJECT_HANDLE object, + GPkcs11Array *attrs, + gpointer user_data) +{ + FindObject *ctx = user_data; + const CK_ATTRIBUTE *match; + const CK_ATTRIBUTE *attr; + CK_ULONG i; + + for (i = 0; i < ctx->n_attrs; ++i) + { + match = ctx->attrs + i; + attr = g_pkcs11_array_find (attrs, match->type); + if (!attr) + return TRUE; /* Continue */ + + if (attr->ulValueLen != match->ulValueLen || + memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0) + return TRUE; /* Continue */ + } + + ctx->object = object; + return FALSE; /* Stop iteration */ +} + +CK_OBJECT_HANDLE +mock_module_find_object (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs) +{ + FindObject ctx; + + ctx.attrs = attrs; + ctx.n_attrs = n_attrs; + ctx.object = 0; + + mock_module_enumerate_objects (session, enumerate_and_find_object, &ctx); + return ctx.object; +} + +static gboolean +enumerate_and_count_objects (CK_OBJECT_HANDLE object, + GPkcs11Array *attrs, + gpointer user_data) +{ + guint *n_objects = user_data; + ++(*n_objects); + return TRUE; /* Continue */ +} + +guint +mock_module_count_objects (CK_SESSION_HANDLE session) +{ + guint n_objects = 0; + mock_module_enumerate_objects (session, enumerate_and_count_objects, &n_objects); + return n_objects; +} + +void +mock_module_set_object (CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs) +{ + CK_ULONG i; + GPkcs11Array *atts; + + g_return_if_fail (object != 0); + g_return_if_fail (the_objects); + + atts = g_hash_table_lookup (the_objects, GUINT_TO_POINTER (object)); + g_return_if_fail (atts); + + for (i = 0; i < n_attrs; ++i) + g_pkcs11_array_set (atts, &attrs[i]); +} + +void +mock_module_set_pin (const gchar *password) +{ + g_free (the_pin); + the_pin = g_strdup (password); + n_the_pin = strlen (password); +} + +CK_RV +mock_C_Initialize (CK_VOID_PTR pInitArgs) +{ + GPkcs11Array *attrs; + CK_C_INITIALIZE_ARGS_PTR args; + + g_return_val_if_fail (initialized == FALSE, CKR_CRYPTOKI_ALREADY_INITIALIZED); + + args = (CK_C_INITIALIZE_ARGS_PTR)pInitArgs; + if (args) + { + g_return_val_if_fail( + (args->CreateMutex == NULL && args->DestroyMutex == NULL && + args->LockMutex == NULL && args->UnlockMutex == NULL) || + (args->CreateMutex != NULL && args->DestroyMutex != NULL && + args->LockMutex != NULL && args->UnlockMutex != NULL), + CKR_ARGUMENTS_BAD); + + /* Flags should allow OS locking and os threads */ + g_return_val_if_fail ((args->flags & CKF_OS_LOCKING_OK), CKR_CANT_LOCK); + g_return_val_if_fail ((args->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) == 0, CKR_NEED_TO_CREATE_THREADS); + } + + the_pin = g_strdup (MOCK_SLOT_ONE_PIN); + n_the_pin = strlen (the_pin); + the_sessions = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, free_session); + the_objects = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, (GDestroyNotify)g_pkcs11_array_unref); + + /* Our first token object */ + attrs = g_pkcs11_array_new (); + g_pkcs11_array_add_ulong (attrs, CKA_CLASS, CKO_DATA); + g_pkcs11_array_add_value (attrs, CKA_LABEL, "TEST LABEL", -1); + g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE); + g_hash_table_insert (the_objects, GUINT_TO_POINTER (2), attrs); + + /* Our second token object */ + attrs = g_pkcs11_array_new (); + g_pkcs11_array_add_ulong (attrs, CKA_CLASS, CKO_DATA); + g_pkcs11_array_add_value (attrs, CKA_LABEL, "LABEL TWO", -1); + g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE); + g_hash_table_insert (the_objects, GUINT_TO_POINTER (3), attrs); + + /* A private object */ + attrs = g_pkcs11_array_new (); + g_pkcs11_array_add_ulong (attrs, CKA_CLASS, CKO_DATA); + g_pkcs11_array_add_value (attrs, CKA_LABEL, "PRIVATE", -1); + g_pkcs11_array_add_boolean (attrs, CKA_PRIVATE, TRUE); + g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE); + g_hash_table_insert (the_objects, GUINT_TO_POINTER (4), attrs); + + initialized = TRUE; + return CKR_OK; +} + +CK_RV +mock_validate_and_C_Initialize (CK_VOID_PTR pInitArgs) +{ + CK_C_INITIALIZE_ARGS_PTR args; + void *mutex; + CK_RV rv; + + args = (CK_C_INITIALIZE_ARGS_PTR)pInitArgs; + if (args) + { + g_assert ((args->CreateMutex) (NULL) == CKR_ARGUMENTS_BAD && "CreateMutex succeeded wrong"); + g_assert ((args->DestroyMutex) (NULL) == CKR_MUTEX_BAD && "DestroyMutex succeeded wrong"); + g_assert ((args->LockMutex) (NULL) == CKR_MUTEX_BAD && "LockMutex succeeded wrong"); + g_assert ((args->UnlockMutex) (NULL) == CKR_MUTEX_BAD && "UnlockMutex succeeded wrong"); + + /* Try to create an actual mutex */ + rv = (args->CreateMutex) (&mutex); + g_assert (rv == CKR_OK && "CreateMutex g_assert_not_reacheded"); + g_assert (mutex != NULL && "CreateMutex created null mutex"); + + /* Try and lock the mutex */ + rv = (args->LockMutex) (mutex); + g_assert (rv == CKR_OK && "LockMutex g_assert_not_reacheded"); + + /* Try and unlock the mutex */ + rv = (args->UnlockMutex) (mutex); + g_assert (rv == CKR_OK && "UnlockMutex g_assert_not_reacheded"); + + /* Try and destroy the mutex */ + rv = (args->DestroyMutex) (mutex); + g_assert (rv == CKR_OK && "DestroyMutex g_assert_not_reacheded"); + } + + return mock_C_Initialize (pInitArgs); +} + +CK_RV +mock_C_Finalize (CK_VOID_PTR pReserved) +{ + g_return_val_if_fail (pReserved == NULL, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (initialized == TRUE, CKR_CRYPTOKI_NOT_INITIALIZED); + + initialized = FALSE; + logged_in = FALSE; + g_hash_table_destroy (the_objects); + the_objects = NULL; + + g_hash_table_destroy (the_sessions); + the_sessions = NULL; + + g_free (the_pin); + return CKR_OK; +} + +static const CK_INFO TEST_INFO = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + "TEST MANUFACTURER ", + 0, + "TEST LIBRARY ", + { 45, 145 } +}; + +CK_RV +mock_C_GetInfo (CK_INFO_PTR pInfo) +{ + g_return_val_if_fail (pInfo, CKR_ARGUMENTS_BAD); + memcpy (pInfo, &TEST_INFO, sizeof (*pInfo)); + return CKR_OK; +} + +CK_RV +mock_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + g_return_val_if_fail (list, CKR_ARGUMENTS_BAD); + *list = &functionList; + return CKR_OK; +} + +/* + * Two slots + * ONE: token present + * TWO: token not present + */ + +CK_RV +mock_C_GetSlotList (CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) +{ + CK_ULONG count; + + g_return_val_if_fail (pulCount, CKR_ARGUMENTS_BAD); + + count = tokenPresent ? 1 : 2; + + /* Application only wants to know the number of slots. */ + if (pSlotList == NULL) + { + *pulCount = count; + return CKR_OK; + } + + if (*pulCount < count) + g_return_val_if_reached (CKR_BUFFER_TOO_SMALL); + + *pulCount = count; + pSlotList[0] = MOCK_SLOT_ONE_ID; + if (!tokenPresent) + pSlotList[1] = MOCK_SLOT_TWO_ID; + + return CKR_OK; +} + +/* Update mock-pkcs11.h URIs when updating this */ + +static const CK_SLOT_INFO TEST_INFO_ONE = { + "TEST SLOT ", + "TEST MANUFACTURER ", + CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, + { 55, 155 }, + { 65, 165 }, +}; + +/* Update mock-pkcs11.h URIs when updating this */ + +static const CK_SLOT_INFO TEST_INFO_TWO = { + "TEST SLOT ", + "TEST MANUFACTURER ", + CKF_REMOVABLE_DEVICE, + { 55, 155 }, + { 65, 165 }, +}; + +CK_RV +mock_C_GetSlotInfo (CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) +{ + g_return_val_if_fail (pInfo, CKR_ARGUMENTS_BAD); + + if (slotID == MOCK_SLOT_ONE_ID) + { + memcpy (pInfo, &TEST_INFO_ONE, sizeof (*pInfo)); + return CKR_OK; + } + else if (slotID == MOCK_SLOT_TWO_ID) + { + memcpy (pInfo, &TEST_INFO_TWO, sizeof (*pInfo)); + return CKR_OK; + } + else + { + g_return_val_if_reached (CKR_SLOT_ID_INVALID); + } +} + +/* Update mock-pkcs11.h URIs when updating this */ + +static const CK_TOKEN_INFO TEST_TOKEN_ONE = { + "TEST LABEL ", + "TEST MANUFACTURER ", + "TEST MODEL ", + "TEST SERIAL ", + CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + { 75, 175 }, + { 85, 185 }, + { '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' } +}; + +CK_RV +mock_C_GetTokenInfo (CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo) +{ + g_return_val_if_fail (pInfo != NULL, CKR_ARGUMENTS_BAD); + + if (slotID == MOCK_SLOT_ONE_ID) + { + memcpy (pInfo, &TEST_TOKEN_ONE, sizeof (*pInfo)); + return CKR_OK; + } + else if (slotID == MOCK_SLOT_TWO_ID) + { + return CKR_TOKEN_NOT_PRESENT; + } + else + { + g_return_val_if_reached (CKR_SLOT_ID_INVALID); + } +} + +CK_RV +mock_fail_C_GetTokenInfo (CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo) +{ + return CKR_GENERAL_ERROR; +} + +/* + * TWO mechanisms: + * CKM_MOCK_CAPITALIZE + * CKM_MOCK_PREFIX + */ + +CK_RV +mock_C_GetMechanismList (CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) +{ + g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID); + g_return_val_if_fail (pulCount, CKR_ARGUMENTS_BAD); + + /* Application only wants to know the number of slots. */ + if (pMechanismList == NULL) + { + *pulCount = 0; + return CKR_OK; + } + + return CKR_OK; +} + +CK_RV +mock_C_GetMechanismInfo (CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo) +{ + g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID); + g_return_val_if_fail (pInfo, CKR_ARGUMENTS_BAD); + + g_return_val_if_reached (CKR_MECHANISM_INVALID); +} + +CK_RV +mock_specific_args_C_InitToken (CK_SLOT_ID slotID, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_UTF8CHAR_PTR pLabel) +{ + g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID); + + g_return_val_if_fail (pPin, CKR_PIN_INVALID); + g_return_val_if_fail (strlen ("TEST PIN") == ulPinLen, CKR_PIN_INVALID); + g_return_val_if_fail (strncmp ((gchar*)pPin, "TEST PIN", ulPinLen) == 0, CKR_PIN_INVALID); + g_return_val_if_fail (pLabel != NULL, CKR_PIN_INVALID); + g_return_val_if_fail (strcmp ((gchar*)pPin, "TEST LABEL") == 0, CKR_PIN_INVALID); + + g_free (the_pin); + the_pin = g_strndup ((gchar*)pPin, ulPinLen); + n_the_pin = ulPinLen; + return CKR_OK; +} + +CK_RV +mock_unsupported_C_WaitForSlotEvent (CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_C_OpenSession (CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession) +{ + Session *sess; + + g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID || slotID == MOCK_SLOT_TWO_ID, CKR_SLOT_ID_INVALID); + g_return_val_if_fail (phSession != NULL, CKR_ARGUMENTS_BAD); + g_return_val_if_fail ((flags & CKF_SERIAL_SESSION) == CKF_SERIAL_SESSION, CKR_SESSION_PARALLEL_NOT_SUPPORTED); + + if (slotID == MOCK_SLOT_TWO_ID) + return CKR_TOKEN_NOT_PRESENT; + + sess = g_new0 (Session, 1); + sess->handle = ++unique_identifier; + sess->info.flags = flags; + sess->info.slotID = slotID; + sess->info.state = 0; + sess->info.ulDeviceError = 1414; + sess->objects = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, (GDestroyNotify)g_pkcs11_array_unref); + *phSession = sess->handle; + + g_hash_table_replace (the_sessions, GUINT_TO_POINTER (sess->handle), sess); + return CKR_OK; +} + +CK_RV +mock_fail_C_OpenSession (CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession) +{ + return CKR_GENERAL_ERROR; +} + +CK_RV +mock_C_CloseSession (CK_SESSION_HANDLE hSession) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + g_hash_table_remove (the_sessions, GUINT_TO_POINTER (hSession)); + return CKR_OK; +} + +CK_RV +mock_C_CloseAllSessions (CK_SLOT_ID slotID) +{ + g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID); + + g_hash_table_remove_all (the_sessions); + return CKR_OK; +} + +CK_RV +mock_C_GetFunctionStatus (CK_SESSION_HANDLE hSession) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +CK_RV +mock_C_CancelFunction (CK_SESSION_HANDLE hSession) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +CK_RV +mock_C_GetSessionInfo (CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) +{ + Session *session; + + g_return_val_if_fail (pInfo != NULL, CKR_ARGUMENTS_BAD); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_assert (session != NULL && "No such session found"); + if (!session) + return CKR_SESSION_HANDLE_INVALID; + + if (logged_in) + { + if (session->info.flags & CKF_RW_SESSION) + session->info.state = CKS_RW_USER_FUNCTIONS; + else + session->info.state = CKS_RO_USER_FUNCTIONS; + } + else + { + if (session->info.flags & CKF_RW_SESSION) + session->info.state = CKS_RW_PUBLIC_SESSION; + else + session->info.state = CKS_RO_PUBLIC_SESSION; + } + + memcpy (pInfo, &session->info, sizeof (*pInfo)); + return CKR_OK; +} + +CK_RV +mock_fail_C_GetSessionInfo (CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) +{ + return CKR_GENERAL_ERROR; +} + +CK_RV +mock_C_InitPIN (CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + g_free (the_pin); + the_pin = g_strndup ((gchar*)pPin, ulPinLen); + n_the_pin = ulPinLen; + return CKR_OK; +} + +CK_RV +mock_C_SetPIN (CK_SESSION_HANDLE hSession, + CK_UTF8CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_UTF8CHAR_PTR pNewPin, + CK_ULONG ulNewLen) +{ + Session *session; + gchar *old; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + old = g_strndup ((gchar*)pOldPin, ulOldLen); + if (!old || !g_str_equal (old, the_pin)) + return CKR_PIN_INCORRECT; + + g_free (the_pin); + the_pin = g_strndup ((gchar*)pNewPin, ulNewLen); + n_the_pin = ulNewLen; + return CKR_OK; +} + +CK_RV +mock_unsupported_C_GetOperationState (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_SetOperationState (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_C_Login (CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, + CK_ULONG pPinLen) +{ + Session *session; + + g_return_val_if_fail (userType == CKU_SO || + userType == CKU_USER || + userType == CKU_CONTEXT_SPECIFIC, + CKR_USER_TYPE_INVALID); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + g_return_val_if_fail (logged_in == FALSE, CKR_USER_ALREADY_LOGGED_IN); + + if (!pPin) + return CKR_PIN_INCORRECT; + + if (pPinLen != strlen (the_pin)) + return CKR_PIN_INCORRECT; + if (strncmp ((gchar*)pPin, the_pin, pPinLen) != 0) + return CKR_PIN_INCORRECT; + + if (userType == CKU_CONTEXT_SPECIFIC) + { + g_return_val_if_fail (session->want_context_login == TRUE, CKR_OPERATION_NOT_INITIALIZED); + session->want_context_login = CK_FALSE; + } + else + { + logged_in = TRUE; + user_type = userType; + } + + return CKR_OK; +} + +CK_RV +mock_C_Logout (CK_SESSION_HANDLE hSession) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_assert (session != NULL && "No such session found"); + if (!session) + return CKR_SESSION_HANDLE_INVALID; + + g_assert (logged_in && "Not logged in"); + logged_in = FALSE; + user_type = 0; + return CKR_OK; +} + +CK_RV +mock_C_CreateObject (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject) +{ + GPkcs11Array *attrs; + Session *session; + gboolean token, priv; + CK_ULONG i; + + g_return_val_if_fail (phObject, CKR_ARGUMENTS_BAD); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + attrs = g_pkcs11_array_new (); + for (i = 0; i < ulCount; ++i) + g_pkcs11_array_add_value (attrs, pTemplate[i].type, pTemplate[i].pValue, pTemplate[i].ulValueLen); + + if (g_pkcs11_array_find_boolean (attrs, CKA_PRIVATE, &priv) && priv) + { + if (!logged_in) + { + g_pkcs11_array_unref (attrs); + return CKR_USER_NOT_LOGGED_IN; + } + } + + *phObject = ++unique_identifier; + if (g_pkcs11_array_find_boolean (attrs, CKA_TOKEN, &token) && token) + g_hash_table_insert (the_objects, GUINT_TO_POINTER (*phObject), attrs); + else + g_hash_table_insert (session->objects, GUINT_TO_POINTER (*phObject), attrs); + + return CKR_OK; +} + +CK_RV +mock_fail_C_CreateObject (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject) +{ + /* Always fails */ + return CKR_FUNCTION_FAILED; +} + +CK_RV +mock_unsupported_C_CopyObject (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_C_DestroyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) +{ + GPkcs11Array *attrs; + Session *session; + gboolean priv; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + attrs = lookup_object (session, hObject); + g_return_val_if_fail (attrs, CKR_OBJECT_HANDLE_INVALID); + + if (g_pkcs11_array_find_boolean (attrs, CKA_PRIVATE, &priv) && priv) + { + if (!logged_in) + return CKR_USER_NOT_LOGGED_IN; + } + + g_hash_table_remove (the_objects, GUINT_TO_POINTER (hObject)); + g_hash_table_remove (session->objects, GUINT_TO_POINTER (hObject)); + + return CKR_OK; +} + +CK_RV +mock_unsupported_C_GetObjectSize (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_C_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + CK_ATTRIBUTE_PTR result; + CK_RV ret = CKR_OK; + GPkcs11Array *attrs; + const CK_ATTRIBUTE *attr; + Session *session; + CK_ULONG i; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + attrs = lookup_object (session, hObject); + if (!attrs) + { + g_assert_not_reached (); /* "invalid object handle passed" */ + return CKR_OBJECT_HANDLE_INVALID; + } + + for (i = 0; i < ulCount; ++i) + { + result = pTemplate + i; + attr = g_pkcs11_array_find (attrs, result->type); + if (!attr) + { + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_ATTRIBUTE_TYPE_INVALID; + continue; + } + + if (!result->pValue) + { + result->ulValueLen = attr->ulValueLen; + continue; + } + + if (result->ulValueLen >= attr->ulValueLen) + { + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + continue; + } + + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_BUFFER_TOO_SMALL; + } + + return ret; +} + +CK_RV +mock_fail_C_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + return CKR_FUNCTION_FAILED; +} + +CK_RV +mock_C_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + Session *session; + GPkcs11Array *attrs; + CK_ULONG i; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + attrs = lookup_object (session, hObject); + g_return_val_if_fail (attrs, CKR_OBJECT_HANDLE_INVALID); + + for (i = 0; i < ulCount; ++i) + g_pkcs11_array_set (attrs, pTemplate + i); + + return CKR_OK; +} + +typedef struct +{ + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + Session *session; +} FindObjects; + +static gboolean +enumerate_and_find_objects (CK_OBJECT_HANDLE object, + GPkcs11Array *attrs, + gpointer user_data) +{ + FindObjects *ctx = user_data; + CK_ATTRIBUTE_PTR match; + const CK_ATTRIBUTE *attr; + CK_ULONG i; + + for (i = 0; i < ctx->count; ++i) + { + match = ctx->template + i; + attr = g_pkcs11_array_find (attrs, match->type); + if (!attr) + return TRUE; /* Continue */ + + if (attr->ulValueLen != match->ulValueLen || + memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0) + return TRUE; /* Continue */ + } + + ctx->session->matches = g_list_prepend (ctx->session->matches, GUINT_TO_POINTER (object)); + return TRUE; /* Continue */ +} + +CK_RV +mock_C_FindObjectsInit (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) +{ + Session *session; + FindObjects ctx; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + /* Starting an operation, cancels any previous one */ + if (session->operation != 0) + session->operation = 0; + + session->operation = OP_FIND; + + ctx.template = pTemplate; + ctx.count = ulCount; + ctx.session = session; + + mock_module_enumerate_objects (hSession, enumerate_and_find_objects, &ctx); + return CKR_OK; +} + +CK_RV +mock_fail_C_FindObjects (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount) +{ + /* Always fails */ + return CKR_FUNCTION_FAILED; +} + +CK_RV +mock_C_FindObjects (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount) +{ + Session *session; + + g_return_val_if_fail (phObject, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (pulObjectCount, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (ulMaxObjectCount != 0, CKR_ARGUMENTS_BAD); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + g_return_val_if_fail (session->operation == OP_FIND, CKR_OPERATION_NOT_INITIALIZED); + + *pulObjectCount = 0; + while (ulMaxObjectCount > 0 && session->matches) + { + *phObject = GPOINTER_TO_UINT (session->matches->data); + ++phObject; + --ulMaxObjectCount; + ++(*pulObjectCount); + session->matches = g_list_remove (session->matches, session->matches->data); + } + + return CKR_OK; +} + +CK_RV +mock_C_FindObjectsFinal (CK_SESSION_HANDLE hSession) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + g_return_val_if_fail (session->operation == OP_FIND, CKR_OPERATION_NOT_INITIALIZED); + + session->operation = 0; + g_list_free (session->matches); + session->matches = NULL; + + return CKR_OK; +} + +CK_RV +mock_no_mechanisms_C_EncryptInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_not_initialized_C_Encrypt (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen) +{ + return CKR_OPERATION_NOT_INITIALIZED; +} + +CK_RV +mock_unsupported_C_EncryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_EncryptFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_no_mechanisms_C_DecryptInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_not_initialized_C_Decrypt (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) +{ + return CKR_OPERATION_NOT_INITIALIZED; +} + +CK_RV +mock_unsupported_C_DecryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DecryptFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DigestInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_Digest (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DigestUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DigestKey (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DigestFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_no_mechanisms_C_SignInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_not_initialized_C_Sign (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) +{ + return CKR_OPERATION_NOT_INITIALIZED; +} + +CK_RV +mock_unsupported_C_SignUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_SignFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_SignRecoverInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_SignRecover (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_no_mechanisms_C_VerifyInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + Session *session; + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_not_initialized_C_Verify (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) +{ + return CKR_OPERATION_NOT_INITIALIZED; +} + +CK_RV +mock_unsupported_C_VerifyUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_VerifyFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG pulSignatureLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_VerifyRecoverInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_VerifyRecover (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG pulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DigestEncryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR ulEncryptedPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DecryptDigestUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_SignEncryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR ulEncryptedPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_DecryptVerifyUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_GenerateKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_no_mechanisms_C_GenerateKeyPair (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey) +{ + Session *session; + + g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID); + g_return_val_if_fail (pPublicKeyTemplate, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (ulPublicKeyAttributeCount, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (pPrivateKeyTemplate, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (ulPrivateKeyAttributeCount, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (phPublicKey, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (phPrivateKey, CKR_ARGUMENTS_BAD); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_no_mechanisms_C_WrapKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen) +{ + Session *session; + + g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID); + g_return_val_if_fail (hWrappingKey, CKR_OBJECT_HANDLE_INVALID); + g_return_val_if_fail (hKey, CKR_OBJECT_HANDLE_INVALID); + g_return_val_if_fail (pulWrappedKeyLen, CKR_WRAPPED_KEY_LEN_RANGE); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_no_mechanisms_C_UnwrapKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey) +{ + Session *session; + + g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID); + g_return_val_if_fail (hUnwrappingKey, CKR_WRAPPING_KEY_HANDLE_INVALID); + g_return_val_if_fail (pWrappedKey, CKR_WRAPPED_KEY_INVALID); + g_return_val_if_fail (ulWrappedKeyLen, CKR_WRAPPED_KEY_LEN_RANGE); + g_return_val_if_fail (phKey, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (pTemplate, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (ulCount, CKR_TEMPLATE_INCONSISTENT); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_no_mechanisms_C_DeriveKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey) +{ + Session *session; + + g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID); + g_return_val_if_fail (ulCount, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (pTemplate, CKR_TEMPLATE_INCOMPLETE); + g_return_val_if_fail (phKey, CKR_ARGUMENTS_BAD); + + session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession)); + g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID); + + return CKR_MECHANISM_INVALID; +} + +CK_RV +mock_unsupported_C_SeedRandom (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_unsupported_C_GenerateRandom (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_FUNCTION_LIST mock_default_functions = { + { 2, 11 }, /* version */ + mock_validate_and_C_Initialize, + mock_C_Finalize, + mock_C_GetInfo, + mock_C_GetFunctionList, + mock_C_GetSlotList, + mock_C_GetSlotInfo, + mock_C_GetTokenInfo, + mock_C_GetMechanismList, + mock_C_GetMechanismInfo, + mock_specific_args_C_InitToken, + mock_C_InitPIN, + mock_C_SetPIN, + mock_C_OpenSession, + mock_C_CloseSession, + mock_C_CloseAllSessions, + mock_C_GetSessionInfo, + mock_unsupported_C_GetOperationState, + mock_unsupported_C_SetOperationState, + mock_C_Login, + mock_C_Logout, + mock_C_CreateObject, + mock_unsupported_C_CopyObject, + mock_C_DestroyObject, + mock_unsupported_C_GetObjectSize, + mock_C_GetAttributeValue, + mock_C_SetAttributeValue, + mock_C_FindObjectsInit, + mock_C_FindObjects, + mock_C_FindObjectsFinal, + mock_no_mechanisms_C_EncryptInit, + mock_not_initialized_C_Encrypt, + mock_unsupported_C_EncryptUpdate, + mock_unsupported_C_EncryptFinal, + mock_no_mechanisms_C_DecryptInit, + mock_not_initialized_C_Decrypt, + mock_unsupported_C_DecryptUpdate, + mock_unsupported_C_DecryptFinal, + mock_unsupported_C_DigestInit, + mock_unsupported_C_Digest, + mock_unsupported_C_DigestUpdate, + mock_unsupported_C_DigestKey, + mock_unsupported_C_DigestFinal, + mock_no_mechanisms_C_SignInit, + mock_not_initialized_C_Sign, + mock_unsupported_C_SignUpdate, + mock_unsupported_C_SignFinal, + mock_unsupported_C_SignRecoverInit, + mock_unsupported_C_SignRecover, + mock_no_mechanisms_C_VerifyInit, + mock_not_initialized_C_Verify, + mock_unsupported_C_VerifyUpdate, + mock_unsupported_C_VerifyFinal, + mock_unsupported_C_VerifyRecoverInit, + mock_unsupported_C_VerifyRecover, + mock_unsupported_C_DigestEncryptUpdate, + mock_unsupported_C_DecryptDigestUpdate, + mock_unsupported_C_SignEncryptUpdate, + mock_unsupported_C_DecryptVerifyUpdate, + mock_unsupported_C_GenerateKey, + mock_no_mechanisms_C_GenerateKeyPair, + mock_no_mechanisms_C_WrapKey, + mock_no_mechanisms_C_UnwrapKey, + mock_no_mechanisms_C_DeriveKey, + mock_unsupported_C_SeedRandom, + mock_unsupported_C_GenerateRandom, + mock_C_GetFunctionStatus, + mock_C_CancelFunction, + mock_unsupported_C_WaitForSlotEvent +}; diff --git a/tls/tests/mock-pkcs11.h b/tls/tests/mock-pkcs11.h new file mode 100644 index 0000000..a6bfa27 --- /dev/null +++ b/tls/tests/mock-pkcs11.h @@ -0,0 +1,396 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * Copyright (C) 2010 Stefan Walter + * Copyright (C) 2011 Collabora Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + */ + +#include + +#include + +#include "pkcs11/gpkcs11array.h" + +#ifndef MOCK_MODULE_H +#define MOCK_MODULE_H + +extern CK_FUNCTION_LIST mock_default_functions; + +CK_RV mock_C_Initialize (CK_VOID_PTR pInitArgs); + +CK_RV mock_validate_and_C_Initialize (CK_VOID_PTR pInitArgs); + +CK_RV mock_C_Finalize (CK_VOID_PTR pReserved); + +CK_RV mock_C_GetInfo (CK_INFO_PTR pInfo); + +CK_RV mock_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); + +CK_RV mock_C_GetSlotList (CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + +CK_RV mock_C_GetSlotInfo (CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo); + +CK_RV mock_C_GetTokenInfo (CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo); + +CK_RV mock_fail_C_GetTokenInfo (CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo); + +CK_RV mock_C_GetMechanismList (CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount); + +CK_RV mock_C_GetMechanismInfo (CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); + +CK_RV mock_specific_args_C_InitToken (CK_SLOT_ID slotID, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_UTF8CHAR_PTR pLabel); + +CK_RV mock_unsupported_C_WaitForSlotEvent (CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved); + +CK_RV mock_C_OpenSession (CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + +CK_RV mock_fail_C_OpenSession (CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + +CK_RV mock_C_CloseSession (CK_SESSION_HANDLE hSession); + +CK_RV mock_C_CloseAllSessions (CK_SLOT_ID slotID); + +CK_RV mock_C_GetFunctionStatus (CK_SESSION_HANDLE hSession); + +CK_RV mock_C_CancelFunction (CK_SESSION_HANDLE hSession); + +CK_RV mock_C_GetSessionInfo (CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); + +CK_RV mock_fail_C_GetSessionInfo (CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); + +CK_RV mock_C_InitPIN (CK_SESSION_HANDLE hSession, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen); + +CK_RV mock_C_SetPIN (CK_SESSION_HANDLE hSession, + CK_UTF8CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_UTF8CHAR_PTR pNewPin, + CK_ULONG ulNewLen); + +CK_RV mock_unsupported_C_GetOperationState (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen); + +CK_RV mock_unsupported_C_SetOperationState (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey); + +CK_RV mock_C_Login (CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, + CK_ULONG pPinLen); + +CK_RV mock_C_Logout (CK_SESSION_HANDLE hSession); + +CK_RV mock_C_CreateObject (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); + +CK_RV mock_fail_C_CreateObject (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); + +CK_RV mock_unsupported_C_CopyObject (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject); + +CK_RV mock_C_DestroyObject (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); + +CK_RV mock_unsupported_C_GetObjectSize (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR pulSize); + +CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); + +CK_RV mock_fail_C_GetAttributeValue (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); + +CK_RV mock_C_SetAttributeValue (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); + +CK_RV mock_C_FindObjectsInit (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount); + +CK_RV mock_C_FindObjects (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); + +CK_RV mock_fail_C_FindObjects (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); + +CK_RV mock_C_FindObjectsFinal (CK_SESSION_HANDLE hSession); + +CK_RV mock_no_mechanisms_C_EncryptInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_not_initialized_C_Encrypt (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); + +CK_RV mock_unsupported_C_EncryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + +CK_RV mock_unsupported_C_EncryptFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen); + +CK_RV mock_no_mechanisms_C_DecryptInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_not_initialized_C_Decrypt (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); + +CK_RV mock_unsupported_C_DecryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); + +CK_RV mock_unsupported_C_DecryptFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen); + +CK_RV mock_unsupported_C_DigestInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + +CK_RV mock_unsupported_C_Digest (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + +CK_RV mock_unsupported_C_DigestUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + +CK_RV mock_unsupported_C_DigestKey (CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_unsupported_C_DigestFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + +CK_RV mock_no_mechanisms_C_SignInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_not_initialized_C_Sign (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + +CK_RV mock_unsupported_C_SignUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + +CK_RV mock_unsupported_C_SignFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + +CK_RV mock_unsupported_C_SignRecoverInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_unsupported_C_SignRecover (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + +CK_RV mock_no_mechanisms_C_VerifyInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_not_initialized_C_Verify (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + +CK_RV mock_unsupported_C_VerifyUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + +CK_RV mock_unsupported_C_VerifyFinal (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG pulSignatureLen); + +CK_RV mock_unsupported_C_VerifyRecoverInit (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV mock_unsupported_C_VerifyRecover (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG pulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); + +CK_RV mock_unsupported_C_DigestEncryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR ulEncryptedPartLen); + +CK_RV mock_unsupported_C_DecryptDigestUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); + +CK_RV mock_unsupported_C_SignEncryptUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR ulEncryptedPartLen); + +CK_RV mock_unsupported_C_DecryptVerifyUpdate (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); + +CK_RV mock_unsupported_C_GenerateKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + +CK_RV mock_no_mechanisms_C_GenerateKeyPair (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey); + +CK_RV mock_no_mechanisms_C_WrapKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen); + +CK_RV mock_no_mechanisms_C_UnwrapKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE pUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG pulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + +CK_RV mock_no_mechanisms_C_DeriveKey (CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + +CK_RV mock_unsupported_C_SeedRandom (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); + +CK_RV mock_unsupported_C_GenerateRandom (CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen); + +CK_OBJECT_HANDLE mock_module_find_object (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs); + +guint mock_module_count_objects (CK_SESSION_HANDLE session); + +typedef gboolean (*MockEnumerator) (CK_OBJECT_HANDLE handle, + GPkcs11Array *attrs, + gpointer user_data); + +void mock_module_enumerate_objects (CK_SESSION_HANDLE session, + MockEnumerator func, + gpointer user_data); + +CK_OBJECT_HANDLE mock_module_take_object (GPkcs11Array *attrs); + +void mock_module_set_object (CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs); + +void mock_module_set_pin (const gchar *password); + +#define MOCK_SLOT_ONE_ID 52 +#define MOCK_SLOT_TWO_ID 134 + +#define MOCK_SLOT_ONE_PIN "booo" +#define MOCK_SLOT_ONE_URI "pkcs11:manufacturer=TEST%20MANUFACTURER;serial=TEST%20SERIAL" + +#endif /* MOCK_MODULE_H */ diff --git a/tls/tests/pkcs11-array.c b/tls/tests/pkcs11-array.c new file mode 100644 index 0000000..c3c512d --- /dev/null +++ b/tls/tests/pkcs11-array.c @@ -0,0 +1,288 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright (C) 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include + +#include +#include + +#include "pkcs11/gpkcs11array.h" + +typedef struct { + GPkcs11Array *array; +} TestArray; + +static void +setup_array (TestArray *test, + gconstpointer unused) +{ + test->array = g_pkcs11_array_new (); + g_assert (test->array); +} + +static void +teardown_array (TestArray *test, + gconstpointer unused) +{ + g_pkcs11_array_unref (test->array); +} + +static void +test_add_find (TestArray *test, + gconstpointer data) +{ + CK_ATTRIBUTE attr; + const CK_ATTRIBUTE *check; + const gchar *value = "test"; + + attr.type = CKA_LABEL; + attr.ulValueLen = strlen (value) + 1; + attr.pValue = (gpointer)value; + g_pkcs11_array_add (test->array, &attr); + memset (&attr, 0, sizeof (attr)); + + check = g_pkcs11_array_find (test->array, CKA_LABEL); + g_assert (check != NULL); + g_assert_cmpuint ((guint)check->ulValueLen, ==, strlen (value) + 1); + g_assert_cmpstr (check->pValue, ==, value); + g_assert (check->pValue != value); + + /* Should be copied properly, and be independent from stack value */ + g_assert (check != &attr); + + check = g_pkcs11_array_find (test->array, CKA_ID); + g_assert (check == NULL); + g_assert_cmpuint (test->array->count, ==, 1); + + /* Adding a second value of same type, should add a duplicate */ + attr.type = CKA_LABEL; + attr.ulValueLen = 3; + attr.pValue = "bye"; + g_pkcs11_array_add (test->array, &attr); + g_assert_cmpuint (test->array->count, ==, 2); +} + +static void +test_set_find (TestArray *test, + gconstpointer data) +{ + CK_ATTRIBUTE attr; + const CK_ATTRIBUTE *check; + const gchar *value = "test"; + + attr.type = CKA_LABEL; + attr.ulValueLen = strlen (value) + 1; + attr.pValue = (gpointer)value; + g_pkcs11_array_set (test->array, &attr); + memset (&attr, 0, sizeof (attr)); + + check = g_pkcs11_array_find (test->array, CKA_LABEL); + g_assert (check != NULL); + g_assert_cmpuint ((guint)check->ulValueLen, ==, strlen (value) + 1); + g_assert_cmpstr (check->pValue, ==, value); + g_assert (check->pValue != value); + + /* Should be copied properly, and be independent from stack value */ + g_assert (check != &attr); + + /* Adding a second value of same type should override */ + attr.type = CKA_LABEL; + attr.ulValueLen = 3; + attr.pValue = "bye"; + g_pkcs11_array_set (test->array, &attr); + g_assert_cmpuint (test->array->count, ==, 1); +} + +static void +test_value (TestArray *test, + gconstpointer data) +{ + const CK_ATTRIBUTE *check; + const gchar *value = "test"; + + /* Add with null termiator */ + g_pkcs11_array_add_value (test->array, CKA_LABEL, value, -1); + check = g_pkcs11_array_find (test->array, CKA_LABEL); + g_assert (check != NULL); + g_assert_cmpuint ((guint)check->ulValueLen, ==, strlen (value)); + g_assert (memcmp (check->pValue, value, check->ulValueLen) == 0); + g_assert (check->pValue != value); + + /* Add with value length */ + g_pkcs11_array_add_value (test->array, CKA_ID, value, 3); + check = g_pkcs11_array_find (test->array, CKA_ID); + g_assert (check != NULL); + g_assert_cmpuint ((guint)check->ulValueLen, ==, 3); + g_assert (memcmp (check->pValue, value, check->ulValueLen) == 0); + g_assert (check->pValue != value); + g_assert_cmpuint (test->array->count, ==, 2); + + /* Set should override */ + g_pkcs11_array_set_value (test->array, CKA_LABEL, "boring", 6); + check = g_pkcs11_array_find (test->array, CKA_LABEL); + g_assert (check != NULL); + g_assert_cmpuint ((guint)check->ulValueLen, ==, 6); + g_assert (memcmp (check->pValue, "boring", check->ulValueLen) == 0); + g_assert_cmpuint (test->array->count, ==, 2); + + /* Override with calculated length */ + g_pkcs11_array_set_value (test->array, CKA_LABEL, "boring", -1); + check = g_pkcs11_array_find (test->array, CKA_LABEL); + g_assert (check != NULL); + g_assert_cmpuint ((guint)check->ulValueLen, ==, 6); + g_assert (memcmp (check->pValue, "boring", check->ulValueLen) == 0); + g_assert_cmpuint (test->array->count, ==, 2); + +} + +static void +test_boolean (TestArray *test, + gconstpointer data) +{ + const CK_ATTRIBUTE *check; + gboolean bval = FALSE; + + g_pkcs11_array_add_boolean (test->array, CKA_TOKEN, TRUE); + if (!g_pkcs11_array_find_boolean (test->array, CKA_TOKEN, &bval)) + g_assert_not_reached (); + g_assert (bval == TRUE); + + /* Check that it's actually formatted right */ + check = g_pkcs11_array_find (test->array, CKA_TOKEN); + g_assert (check != NULL); + g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_BBOOL)); + g_assert (check->pValue != NULL); + g_assert (*((CK_BBOOL*)check->pValue) == CK_TRUE); + + /* Check FALSE */ + g_pkcs11_array_add_boolean (test->array, CKA_ENCRYPT, FALSE); + + /* Check that it's actually formatted right */ + check = g_pkcs11_array_find (test->array, CKA_ENCRYPT); + g_assert (check != NULL); + g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_BBOOL)); + g_assert (check->pValue != NULL); + g_assert (*((CK_BBOOL*)check->pValue) == CK_FALSE); + g_assert_cmpuint (test->array->count, ==, 2); + + /* Add a non boolean value */ + g_pkcs11_array_add_value (test->array, CKA_LABEL, "label", -1); + + /* Shouldn't work to find boolean on that */ + if (g_pkcs11_array_find_boolean (test->array, CKA_LABEL, &bval)) + g_assert_not_reached (); + g_assert_cmpuint (test->array->count, ==, 3); + + /* Set should override */ + g_pkcs11_array_set_boolean (test->array, CKA_TOKEN, FALSE); + if (!g_pkcs11_array_find_boolean (test->array, CKA_TOKEN, &bval)) + g_assert_not_reached (); + g_assert (bval == FALSE); + g_assert_cmpuint (test->array->count, ==, 3); +} + +static void +test_ulong (TestArray *test, + gconstpointer data) +{ + const CK_ATTRIBUTE *check; + gulong uval = FALSE; + + g_pkcs11_array_add_ulong (test->array, CKA_PIXEL_X, 38938); + if (!g_pkcs11_array_find_ulong (test->array, CKA_PIXEL_X, &uval)) + g_assert_not_reached (); + g_assert (uval == 38938UL); + g_assert_cmpuint (test->array->count, ==, 1); + + /* Check that it's actually formatted right */ + check = g_pkcs11_array_find (test->array, CKA_PIXEL_X); + g_assert (check != NULL); + g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_ULONG)); + g_assert (check->pValue != NULL); + g_assert (*((CK_ULONG*)check->pValue) == 38938UL); + + /* Check -1, since this is used regularly */ + g_pkcs11_array_add_ulong (test->array, CKA_MODULUS_BITS, (gulong)-1); + + /* Check that it's actually formatted right */ + check = g_pkcs11_array_find (test->array, CKA_MODULUS_BITS); + g_assert (check != NULL); + g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_ULONG)); + g_assert (check->pValue != NULL); + g_assert (*((CK_ULONG*)check->pValue) == (CK_ULONG)-1); + g_assert_cmpuint (test->array->count, ==, 2); + + /* Add a non ulong length value */ + g_pkcs11_array_add_value (test->array, CKA_LABEL, "label", -1); + g_assert_cmpuint (test->array->count, ==, 3); + + /* Shouldn't work to find ulong on that */ + if (g_pkcs11_array_find_ulong (test->array, CKA_LABEL, &uval)) + g_assert_not_reached (); + + /* Set should override */ + g_pkcs11_array_set_ulong (test->array, CKA_PIXEL_X, 48); + if (!g_pkcs11_array_find_ulong (test->array, CKA_PIXEL_X, &uval)) + g_assert_not_reached (); + g_assert (uval == 48UL); + g_assert_cmpuint (test->array->count, ==, 3); +} + +static void +test_boxed (TestArray *test, + gconstpointer data) +{ + GPkcs11Array *array; + + /* Should reference */ + array = g_boxed_copy (G_TYPE_PKCS11_ARRAY, test->array); + g_assert (array == test->array); + + /* Should unreference */ + g_boxed_free (G_TYPE_PKCS11_ARRAY, array); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_test_add ("/pkcs11/array/add-find", TestArray, NULL, + setup_array, test_add_find, teardown_array); + g_test_add ("/pkcs11/array/set-find", TestArray, NULL, + setup_array, test_set_find, teardown_array); + g_test_add ("/pkcs11/array/value", TestArray, NULL, + setup_array, test_value, teardown_array); + g_test_add ("/pkcs11/array/boolean", TestArray, NULL, + setup_array, test_boolean, teardown_array); + g_test_add ("/pkcs11/array/ulong", TestArray, NULL, + setup_array, test_ulong, teardown_array); + g_test_add ("/pkcs11/array/boxed", TestArray, NULL, + setup_array, test_boxed, teardown_array); + + return g_test_run(); +} diff --git a/tls/tests/pkcs11-pin.c b/tls/tests/pkcs11-pin.c new file mode 100644 index 0000000..79a34dd --- /dev/null +++ b/tls/tests/pkcs11-pin.c @@ -0,0 +1,152 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright (C) 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include + +#include +#include + +#include "pkcs11/gpkcs11pin.h" + +typedef struct { + GTlsPassword *pin; +} TestPin; + +static void +setup_pin (TestPin *test, + gconstpointer unused) +{ + test->pin = g_pkcs11_pin_new (G_TLS_PASSWORD_RETRY, "Test description"); + g_assert (G_IS_PKCS11_PIN (test->pin)); + g_assert (G_IS_TLS_PASSWORD (test->pin)); +} + +static void +teardown_pin (TestPin *test, + gconstpointer unused) +{ + g_assert_cmpint (G_OBJECT (test->pin)->ref_count, ==, 1); + g_object_unref (test->pin); +} + +static void +test_attributes (TestPin *test, + gconstpointer data) +{ + GTlsPasswordFlags flags; + const gchar *description; + + flags = g_tls_password_get_flags (test->pin); + g_assert_cmpuint (flags, ==, G_TLS_PASSWORD_RETRY); + + description = g_tls_password_get_description (test->pin); + g_assert_cmpstr (description, ==, "Test description"); +} + +static void +test_warnings (TestPin *test, + gconstpointer data) +{ + const gchar *warning; + + g_tls_password_set_flags (test->pin, G_TLS_PASSWORD_RETRY); + warning = g_tls_password_get_warning (test->pin); + g_assert (warning != NULL); + + g_tls_password_set_flags (test->pin, G_TLS_PASSWORD_FINAL_TRY); + warning = g_tls_password_get_warning (test->pin); + g_assert (warning != NULL); + + g_tls_password_set_flags (test->pin, G_TLS_PASSWORD_MANY_TRIES); + warning = g_tls_password_get_warning (test->pin); + g_assert (warning != NULL); + + g_tls_password_set_flags (test->pin, (GTlsPasswordFlags)0x10000000); + warning = g_tls_password_get_warning (test->pin); + g_assert (warning == NULL); + +} + +static void +test_set_get_value (TestPin *test, + gconstpointer data) +{ + const guchar *value; + gsize n_value = G_MAXSIZE; + + value = g_tls_password_get_value (test->pin, &n_value); + g_assert_cmpuint (n_value, ==, 0); + g_assert (value == NULL); + + g_tls_password_set_value (test->pin, (const guchar *)"secret", -1); + + value = g_tls_password_get_value (test->pin, &n_value); + g_assert_cmpuint (n_value, ==, 6); + g_assert (!strncmp ((const gchar *)value, "secret", n_value)); + + g_tls_password_set_value (test->pin, (const guchar *)"other", 5); + + value = g_tls_password_get_value (test->pin, &n_value); + g_assert_cmpuint (n_value, ==, 5); + g_assert (!strncmp ((const gchar *)value, "other", n_value)); +} + +static void +test_internal_pin (TestPin *test, + gconstpointer data) +{ + P11KitPin *pin; + const unsigned char *value; + size_t n_value; + + g_tls_password_set_value (test->pin, (const guchar *)"secret", -1); + + pin = g_pkcs11_pin_steal_internal (G_PKCS11_PIN (test->pin)); + + value = p11_kit_pin_get_value (pin, &n_value); + g_assert_cmpuint (n_value, ==, 6); + g_assert (!strncmp ((const gchar *)value, "secret", n_value)); + + p11_kit_pin_unref (pin); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_test_add ("/pkcs11/pin/attributes", TestPin, NULL, + setup_pin, test_attributes, teardown_pin); + g_test_add ("/pkcs11/pin/warnings", TestPin, NULL, + setup_pin, test_warnings, teardown_pin); + g_test_add ("/pkcs11/pin/set-get-value", TestPin, NULL, + setup_pin, test_set_get_value, teardown_pin); + g_test_add ("/pkcs11/pin/internal-pin", TestPin, NULL, + setup_pin, test_internal_pin, teardown_pin); + + return g_test_run(); +} diff --git a/tls/tests/pkcs11-slot.c b/tls/tests/pkcs11-slot.c new file mode 100644 index 0000000..0fcd44b --- /dev/null +++ b/tls/tests/pkcs11-slot.c @@ -0,0 +1,526 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright (C) 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include + +#include +#include + +#include "pkcs11/gpkcs11slot.h" +#include "pkcs11/gpkcs11util.h" + +#include "mock-pkcs11.h" +#include "mock-interaction.h" + +#include + +#include + +typedef struct { + CK_FUNCTION_LIST funcs; + GPkcs11Slot *slot; + GPkcs11Slot *not_present; +} TestSlot; + +static void +setup_slot (TestSlot *test, + gconstpointer unused) +{ + CK_RV rv; + + /* Copy this so we can replace certain functions in our tests */ + memcpy (&test->funcs, &mock_default_functions, sizeof (test->funcs)); + + rv = p11_kit_module_initialize (&test->funcs); + g_assert (rv == CKR_OK); + + test->slot = g_object_new (G_TYPE_PKCS11_SLOT, + "slot-id", MOCK_SLOT_ONE_ID, + "module", &test->funcs, + NULL); + g_assert (G_IS_PKCS11_SLOT (test->slot)); + + test->not_present = g_object_new (G_TYPE_PKCS11_SLOT, + "slot-id", MOCK_SLOT_TWO_ID, + "module", &test->funcs, + NULL); + g_assert (G_IS_PKCS11_SLOT (test->not_present)); +} + +static void +teardown_slot (TestSlot *test, + gconstpointer unused) +{ + CK_RV rv; + + g_assert_cmpint (G_OBJECT (test->slot)->ref_count, ==, 1); + g_object_unref (test->slot); + + g_assert_cmpint (G_OBJECT (test->not_present)->ref_count, ==, 1); + g_object_unref (test->not_present); + + rv = p11_kit_module_finalize (&test->funcs); + g_assert (rv == CKR_OK); +} + +static void +test_properties (TestSlot *test, + gconstpointer unused) +{ + CK_SLOT_ID id; + CK_FUNCTION_LIST_PTR module; + + g_object_get (test->slot, "slot-id", &id, "module", &module, NULL); + g_assert_cmpuint (id, ==, MOCK_SLOT_ONE_ID); + g_assert (module == &test->funcs); +} + +static void +test_token_info (TestSlot *test, + gconstpointer unused) +{ + CK_TOKEN_INFO token_info; + char *label; + + if (!g_pkcs11_slot_get_token_info (test->slot, &token_info)) + g_assert_not_reached (); + + label = p11_kit_space_strdup (token_info.label, sizeof (token_info.label)); + g_assert_cmpstr (label, ==, "TEST LABEL"); + free (label); +} + +static void +test_token_info_not_present (TestSlot *test, + gconstpointer unused) +{ + CK_TOKEN_INFO token_info; + char *label; + + if (!g_pkcs11_slot_get_token_info (test->slot, &token_info)) + g_assert_not_reached (); + + label = p11_kit_space_strdup (token_info.label, sizeof (token_info.label)); + g_assert_cmpstr (label, ==, "TEST LABEL"); + free (label); +} + +static void +test_matches_uri (TestSlot *test, + gconstpointer unused) +{ + P11KitUri *uri; + + uri = p11_kit_uri_new (); + if (p11_kit_uri_parse (MOCK_SLOT_ONE_URI, P11_KIT_URI_FOR_TOKEN, uri) != 0) + g_assert_not_reached (); + g_assert (!p11_kit_uri_any_unrecognized (uri)); + + if (!g_pkcs11_slot_matches_uri (test->slot, uri)) + g_assert_not_reached(); + + if (g_pkcs11_slot_matches_uri (test->not_present, uri)) + g_assert_not_reached (); + + p11_kit_uri_free (uri); +} + + +static gboolean +accumulate_check_not_called (gpointer result, + gpointer user_data) +{ + g_assert_not_reached (); + return FALSE; +} + +static void +test_enumerate_no_match (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID }; + GError *error = NULL; + GPkcs11Array *match; + + match = g_pkcs11_array_new (); + g_pkcs11_array_add_value (match, CKA_LABEL, "Non existant", -1); + g_pkcs11_array_add_value (match, CKA_ID, "Bad ID", -1); + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, FALSE, + types, G_N_ELEMENTS (types), + accumulate_check_not_called, NULL, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); + + g_pkcs11_array_unref (match); +} + +static void +test_enumerate_not_present (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID }; + GError *error = NULL; + GPkcs11Array *match; + + /* Empty match should match anything ... */ + match = g_pkcs11_array_new (); + + /* ... but token is not present, so nothing */ + state = g_pkcs11_slot_enumerate (test->not_present, NULL, + match->attrs, match->count, FALSE, + types, G_N_ELEMENTS (types), + accumulate_check_not_called, NULL, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); + + g_pkcs11_array_unref (match); +} + +static gboolean +accumulate_results (gpointer result, + gpointer user_data) +{ + GPtrArray *results = user_data; + GPkcs11Array *attrs = result; + + g_assert (results); + g_assert (attrs); + + g_ptr_array_add (results, g_pkcs11_array_ref (attrs)); + return TRUE; +} + +static void +test_enumerate_all (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID }; + GError *error = NULL; + GPkcs11Array *match; + GPkcs11Array *attrs; + GPtrArray *results; + const CK_ATTRIBUTE *attr; + guint i; + + /* Match anything */ + match = g_pkcs11_array_new (); + + results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref); + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, FALSE, + types, G_N_ELEMENTS (types), + accumulate_results, results, + NULL, &error); + + g_pkcs11_array_unref (match); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); + + g_assert_cmpuint (results->len, >, 1); + + for (i = 0; i < results->len; i++) + { + attrs = results->pdata[i]; + attr = g_pkcs11_array_find (attrs, CKA_LABEL); + g_assert (attr != NULL); + g_assert (g_utf8_validate (attr->pValue, attr->ulValueLen, NULL)); + } + + g_ptr_array_free (results, TRUE); +} + +static gboolean +accumulate_first (gpointer result, + gpointer user_data) +{ + GPtrArray *results = user_data; + GPkcs11Array *attrs = result; + + g_assert (results); + g_assert (attrs); + g_assert_cmpuint (results->len, ==, 0); + + g_ptr_array_add (results, g_pkcs11_array_ref (attrs)); + return FALSE; /* Don't call again */ +} + +static void +test_enumerate_first (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID }; + GError *error = NULL; + GPkcs11Array *match; + GPkcs11Array *attrs; + GPtrArray *results; + const CK_ATTRIBUTE *attr; + + /* Match anything */ + match = g_pkcs11_array_new (); + + results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref); + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, FALSE, + types, G_N_ELEMENTS (types), + accumulate_first, results, + NULL, &error); + + g_pkcs11_array_unref (match); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_STOP); + g_assert_no_error (error); + + g_assert_cmpuint (results->len, ==, 1); + attrs = results->pdata[0]; + attr = g_pkcs11_array_find (attrs, CKA_LABEL); + g_assert (attr != NULL); + g_assert (g_utf8_validate (attr->pValue, attr->ulValueLen, NULL)); + + g_ptr_array_free (results, TRUE); +} + +static gboolean +accumulate_check_null_result (gpointer result, + gpointer user_data) +{ + GPkcs11Array *attrs = result; + g_assert (attrs == NULL); + return TRUE; /* call again */ +} + +static void +test_enumerate_no_attrs (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + GError *error = NULL; + GPkcs11Array *match; + + /* Match anything */ + match = g_pkcs11_array_new (); + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, FALSE, + NULL, 0, + accumulate_check_null_result, NULL, + NULL, &error); + + g_pkcs11_array_unref (match); + + /* Didn't find anything, so continue */ + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); +} + +static void +test_enumerate_fail_session (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + GError *error = NULL; + + /* Make opening a session fail */ + test->funcs.C_OpenSession = mock_fail_C_OpenSession; + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + NULL, 0, FALSE, + NULL, 0, + accumulate_check_not_called, NULL, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_FAILED); + g_assert_error (error, G_PKCS11_ERROR, CKR_GENERAL_ERROR); + g_error_free (error); +} + +static void +test_enumerate_fail_attributes (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + GError *error = NULL; + CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID }; + + /* Make retrieving object attrs fail */ + test->funcs.C_GetAttributeValue = mock_fail_C_GetAttributeValue; + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + NULL, 0, FALSE, + types, G_N_ELEMENTS (types), + accumulate_check_not_called, NULL, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_FAILED); + g_assert_error (error, G_PKCS11_ERROR, CKR_FUNCTION_FAILED); + g_error_free (error); +} + +static gboolean +accumulate_cancel_on_first (gpointer result, + gpointer user_data) +{ + GCancellable *cancellable = G_CANCELLABLE (user_data); + g_assert (!g_cancellable_is_cancelled (cancellable)); + g_cancellable_cancel (cancellable); + return TRUE; /* call again, except that above cancellation should stop */ +} + +static void +test_enumerate_cancel (TestSlot *test, + gconstpointer unused) +{ + GPkcs11EnumerateState state; + GError *error = NULL; + GPkcs11Array *match; + GCancellable *cancellable; + + cancellable = g_cancellable_new (); + + /* Match anything */ + match = g_pkcs11_array_new (); + + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, FALSE, + NULL, 0, + accumulate_cancel_on_first, cancellable, + cancellable, &error); + + g_pkcs11_array_unref (match); + g_object_unref (cancellable); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_FAILED); + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED); + g_error_free (error); +} + +static void +test_enumerate_private (TestSlot *test, + gconstpointer unused) +{ + CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID, CKA_PRIVATE }; + GPkcs11EnumerateState state; + GError *error = NULL; + GPkcs11Array *match; + GPtrArray *results; + gboolean bval; + GTlsInteraction *interaction; + + /* Match label of private object, see mock*/ + match = g_pkcs11_array_new (); + g_pkcs11_array_add_value (match, CKA_LABEL, "PRIVATE", -1); + + /* Shouldn't match anything, since not logged in */ + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, FALSE, + types, G_N_ELEMENTS (types), + accumulate_check_not_called, NULL, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); + + /* This time we try to log in but no interaction is set */ + state = g_pkcs11_slot_enumerate (test->slot, NULL, + match->attrs, match->count, TRUE, /* match privates */ + types, G_N_ELEMENTS (types), + accumulate_check_not_called, NULL, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); + + /* This time we log in, and should have a match */ + results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref); + interaction = mock_interaction_new_static_password (MOCK_SLOT_ONE_PIN); + + state = g_pkcs11_slot_enumerate (test->slot, interaction, + match->attrs, match->count, TRUE, + types, G_N_ELEMENTS (types), + accumulate_results, results, + NULL, &error); + + g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE); + g_assert_no_error (error); + + /* One private object, with following info */ + g_assert_cmpuint (results->len, ==, 1); + if (!g_pkcs11_array_find_boolean (results->pdata[0], CKA_PRIVATE, &bval)) + g_assert_not_reached (); + g_assert (bval == TRUE); + + g_object_unref (interaction); + g_pkcs11_array_unref (match); + g_ptr_array_free (results, TRUE); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_test_add ("/pkcs11/slot/properties", TestSlot, NULL, + setup_slot, test_properties, teardown_slot); + g_test_add ("/pkcs11/slot/token-info", TestSlot, NULL, + setup_slot, test_token_info, teardown_slot); + g_test_add ("/pkcs11/slot/token-not-present", TestSlot, NULL, + setup_slot, test_token_info_not_present, teardown_slot); + g_test_add ("/pkcs11/slot/matches-uri", TestSlot, NULL, + setup_slot, test_matches_uri, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-no-match", TestSlot, NULL, + setup_slot, test_enumerate_no_match, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-not-present", TestSlot, NULL, + setup_slot, test_enumerate_not_present, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-all", TestSlot, NULL, + setup_slot, test_enumerate_all, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-first", TestSlot, NULL, + setup_slot, test_enumerate_first, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-no-attrs", TestSlot, NULL, + setup_slot, test_enumerate_no_attrs, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-fail-session", TestSlot, NULL, + setup_slot, test_enumerate_fail_session, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-fail-attributes", TestSlot, NULL, + setup_slot, test_enumerate_fail_attributes, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-cancel", TestSlot, NULL, + setup_slot, test_enumerate_cancel, teardown_slot); + g_test_add ("/pkcs11/slot/enumerate-private", TestSlot, NULL, + setup_slot, test_enumerate_private, teardown_slot); + + return g_test_run(); +} diff --git a/tls/tests/pkcs11-util.c b/tls/tests/pkcs11-util.c new file mode 100644 index 0000000..b432651 --- /dev/null +++ b/tls/tests/pkcs11-util.c @@ -0,0 +1,63 @@ +/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * GIO TLS tests + * + * Copyright (C) 2011 Collabora, Ltd. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, see + * . + * + * In addition, when the library is used with OpenSSL, a special + * exception applies. Refer to the LICENSE_EXCEPTION file for details. + * + * Author: Stef Walter + */ + +#include + +#include +#include + +#include "pkcs11/gpkcs11util.h" + +static void +test_propagate_error (void) +{ + GError *error = NULL; + + if (!g_pkcs11_propagate_error (&error, CKR_BUFFER_TOO_SMALL)) + g_assert_not_reached (); + g_assert_error (error, G_PKCS11_ERROR, (gint)CKR_BUFFER_TOO_SMALL); + g_clear_error (&error); + + if (g_pkcs11_propagate_error (&error, CKR_OK)) + g_assert_not_reached (); + g_assert_no_error (error); + + if (!g_pkcs11_propagate_error (&error, CKR_CANCEL)) + g_assert_not_reached (); + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED); + g_clear_error (&error); +} + +int +main (int argc, + char *argv[]) +{ + g_test_init (&argc, &argv, NULL); + + g_test_add_func ("/pkcs11/util/propagate-error", test_propagate_error); + + return g_test_run(); +}