<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>GTlsClientConnection: GIO Reference Manual</title>

<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">

<link rel="home" href="index.html" title="GIO Reference Manual">

<link rel="up" href="tls.html" title="TLS (SSL) support">

<link rel="prev" href="GTlsConnection.html" title="GTlsConnection">

<link rel="next" href="GTlsServerConnection.html" title="GTlsServerConnection">

<meta name="generator" content="GTK-Doc V1.27 (XML mode)">

<link rel="stylesheet" href="style.css" type="text/css">

</head>

<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

Top  | 

                  Description  | 

                  Object Hierarchy  | 

                  Prerequisites  | 

                  Properties

GTlsClientConnection

GTlsClientConnection — TLS client-side connection

Functions

GIOStream *

g_tls_client_connection_new ()

void

g_tls_client_connection_set_server_identity ()

GSocketConnectable *

g_tls_client_connection_get_server_identity ()

void

g_tls_client_connection_set_validation_flags ()

GTlsCertificateFlags

g_tls_client_connection_get_validation_flags ()

void

g_tls_client_connection_set_use_ssl3 ()

gboolean

g_tls_client_connection_get_use_ssl3 ()

GList *

g_tls_client_connection_get_accepted_cas ()

void

g_tls_client_connection_copy_session_state ()

Properties

gpointer

accepted-cas

Read

GSocketConnectable *

server-identity

Read / Write / Construct

gboolean

use-ssl3

Read / Write / Construct

GTlsCertificateFlags

validation-flags

Read / Write / Construct

Types and Values

GTlsClientConnection

struct

GTlsClientConnectionInterface

Object Hierarchy

    GInterface

    ╰── GTlsClientConnection

Prerequisites

GTlsClientConnection requires

 GTlsConnection.

Includes

#include <gio/gio.h>

Description

GTlsClientConnection is the client-side subclass of

GTlsConnection, representing a client-side TLS connection.

Functions

g_tls_client_connection_new ()

GIOStream *

g_tls_client_connection_new (GIOStream *base_io_stream,

                             GSocketConnectable *server_identity,

                             GError **error);

Creates a new GTlsClientConnection wrapping base_io_stream

 (which

must have pollable input and output streams) which is assumed to

communicate with the server identified by server_identity

.

See the documentation for “base-io-stream” for restrictions

on when application code can run operations on the base_io_stream

 after

this function has returned.

Parameters

base_io_stream

the GIOStream to wrap

server_identity

the expected identity of the server. 

[nullable]

error

GError for error reporting, or NULL to ignore.

Returns

the new

GTlsClientConnection, or NULL on error. 

[transfer full][type GTlsClientConnection]

Since: 2.28

g_tls_client_connection_set_server_identity ()

void

g_tls_client_connection_set_server_identity

                               (GTlsClientConnection *conn,

                                GSocketConnectable *identity);

Sets conn

's expected server identity, which is used both to tell

servers on virtual hosts which certificate to present, and also

to let conn

 know what name to look for in the certificate when

performing G_TLS_CERTIFICATE_BAD_IDENTITY validation, if enabled.

Parameters

conn

the GTlsClientConnection

identity

a GSocketConnectable describing the expected server identity

Since: 2.28

g_tls_client_connection_get_server_identity ()

GSocketConnectable *

g_tls_client_connection_get_server_identity

                               (GTlsClientConnection *conn);

Gets conn

's expected server identity

Parameters

conn

the GTlsClientConnection

Returns

a GSocketConnectable describing the

expected server identity, or NULL if the expected identity is not

known. 

[transfer none]

Since: 2.28

g_tls_client_connection_set_validation_flags ()

void

g_tls_client_connection_set_validation_flags

                               (GTlsClientConnection *conn,

                                GTlsCertificateFlags flags);

Sets conn

's validation flags, to override the default set of

checks performed when validating a server certificate. By default,

G_TLS_CERTIFICATE_VALIDATE_ALL is used.

Parameters

conn

the GTlsClientConnection

flags

the GTlsCertificateFlags to use

Since: 2.28

g_tls_client_connection_get_validation_flags ()

GTlsCertificateFlags

g_tls_client_connection_get_validation_flags

                               (GTlsClientConnection *conn);

Gets conn

's validation flags

Parameters

conn

the GTlsClientConnection

Returns

 the validation flags

Since: 2.28

g_tls_client_connection_set_use_ssl3 ()

void

g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,

                                      gboolean use_ssl3);

g_tls_client_connection_set_use_ssl3 has been deprecated since version 2.56 and should not be used in newly-written code.

SSL 3.0 is insecure, and this function does not

generally enable or disable it, despite its name.

If use_ssl3

 is TRUE, this forces conn

 to use the lowest-supported

TLS protocol version rather than trying to properly negotiate the

highest mutually-supported protocol version with the peer. This can

be used when talking to broken TLS servers that exhibit protocol

version intolerance.

Be aware that SSL 3.0 is generally disabled by the GTlsBackend, so

the lowest-supported protocol version is probably not SSL 3.0.

Parameters

conn

the GTlsClientConnection

use_ssl3

whether to use the lowest-supported protocol version

Since: 2.28

g_tls_client_connection_get_use_ssl3 ()

gboolean

g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn);

g_tls_client_connection_get_use_ssl3 has been deprecated since version 2.56 and should not be used in newly-written code.

SSL 3.0 is insecure, and this function does not

actually indicate whether it is enabled.

Gets whether conn

 will force the lowest-supported TLS protocol

version rather than attempt to negotiate the highest mutually-

supported version of TLS; see g_tls_client_connection_set_use_ssl3().

Parameters

conn

the GTlsClientConnection

Returns

 whether conn

will use the lowest-supported TLS protocol version

Since: 2.28

g_tls_client_connection_get_accepted_cas ()

GList *

g_tls_client_connection_get_accepted_cas

                               (GTlsClientConnection *conn);

Gets the list of distinguished names of the Certificate Authorities

that the server will accept certificates from. This will be set

during the TLS handshake if the server requests a certificate.

Otherwise, it will be NULL.

Each item in the list is a GByteArray which contains the complete

subject DN of the certificate authority.

Parameters

conn

the GTlsClientConnection

Returns

the list of

CA DNs. You should unref each element with g_byte_array_unref() and then

the free the list with g_list_free(). 

[element-type GByteArray][transfer full]

Since: 2.28

g_tls_client_connection_copy_session_state ()

void

g_tls_client_connection_copy_session_state

                               (GTlsClientConnection *conn,

                                GTlsClientConnection *source);

Copies session state from one connection to another. This is

not normally needed, but may be used when the same session

needs to be used between different endpoints as is required

by some protocols such as FTP over TLS. source

 should have

already completed a handshake, and conn

 should not have

completed a handshake.

Parameters

conn

a GTlsClientConnection

source

a GTlsClientConnection

Since: 2.46

Types and Values

GTlsClientConnection

typedef struct _GTlsClientConnection GTlsClientConnection;

Abstract base class for the backend-specific client connection

type.

Since: 2.28

struct GTlsClientConnectionInterface

struct GTlsClientConnectionInterface {

  GTypeInterface g_iface;

  void     ( *copy_session_state )     (GTlsClientConnection       *conn,

                                        GTlsClientConnection       *source);

};

vtable for a GTlsClientConnection implementation.

Members

copy_session_state ()

Copies session state from one GTlsClientConnection to another.

Since: 2.26

Property Details

The “accepted-cas” property

  “accepted-cas”             gpointer

A list of the distinguished names of the Certificate Authorities

that the server will accept client certificates signed by. If the

server requests a client certificate during the handshake, then

this property will be set after the handshake completes.

Each item in the list is a GByteArray which contains the complete

subject DN of the certificate authority.

[element-type GLib.ByteArray]

Flags: Read

Since: 2.28

The “server-identity” property

  “server-identity”          GSocketConnectable *

A GSocketConnectable describing the identity of the server that

is expected on the other end of the connection.

If the G_TLS_CERTIFICATE_BAD_IDENTITY flag is set in

“validation-flags”, this object will be used

to determine the expected identify of the remote end of the

connection; if “server-identity” is not set,

or does not match the identity presented by the server, then the

G_TLS_CERTIFICATE_BAD_IDENTITY validation will fail.

In addition to its use in verifying the server certificate,

this is also used to give a hint to the server about what

certificate we expect, which is useful for servers that serve

virtual hosts.

Flags: Read / Write / Construct

Since: 2.28

The “use-ssl3” property

  “use-ssl3”                 gboolean

If TRUE, forces the connection to use a fallback version of TLS

or SSL, rather than trying to negotiate the best version of TLS

to use. This can be used when talking to servers that don't

implement version negotiation correctly and therefore refuse to

handshake at all with a modern TLS handshake.

Despite the property name, the fallback version is usually not

SSL 3.0, because SSL 3.0 is generally disabled by the GTlsBackend.

GTlsClientConnection will use the next-highest available version

as the fallback version.

GTlsClientConnection:use-ssl3 has been deprecated since version 2.56 and should not be used in newly-written code.

SSL 3.0 is insecure, and this property does not

generally enable or disable it, despite its name.

Flags: Read / Write / Construct

Default value: FALSE

Since: 2.28

The “validation-flags” property

  “validation-flags”         GTlsCertificateFlags

What steps to perform when validating a certificate received from

a server. Server certificates that fail to validate in all of the

ways indicated here will be rejected unless the application

overrides the default via “accept-certificate”.

Flags: Read / Write / Construct

Default value: G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY | G_TLS_CERTIFICATE_NOT_ACTIVATED | G_TLS_CERTIFICATE_EXPIRED | G_TLS_CERTIFICATE_REVOKED | G_TLS_CERTIFICATE_INSECURE | G_TLS_CERTIFICATE_GENERIC_ERROR

Since: 2.28

Generated by GTK-Doc V1.27

</body>

</html>