GNOME.org
 

[glib/tls-database] Replace GTlsConnection:use-system-certdb with GTlsConnection:database

commit 4d927b45e7b6c1d76317bd0e0503c1648cbe69b8
Author: Stef Walter <stefw collabora co uk>
Date:   Tue Dec 28 04:22:17 2010 -0600

    Replace GTlsConnection:use-system-certdb with GTlsConnection:database
    
    The new property is a GTlsDatabase. Set to NULL if you want no checks
    against root anchor authorities. Initialized to default database
    from backend by default.

 docs/reference/gio/gio-sections.txt |    7 ++--
 gio/gdummytlsbackend.c              |    4 +-
 gio/gtlsconnection.c                |   59 +++++++++++++++++++----------------
 gio/gtlsconnection.h                |    6 ++--
 4 files changed, 41 insertions(+), 35 deletions(-)
---
diff --git a/docs/reference/gio/gio-sections.txt b/docs/reference/gio/gio-sections.txt
index e274bee..53bea14 100644
--- a/docs/reference/gio/gio-sections.txt
+++ b/docs/reference/gio/gio-sections.txt
@@ -3046,8 +3046,8 @@ g_tls_connection_get_require_close_notify
 GTlsRehandshakeMode
 g_tls_connection_set_rehandshake_mode
 g_tls_connection_get_rehandshake_mode
-g_tls_connection_set_use_system_certdb
-g_tls_connection_get_use_system_certdb
+g_tls_connection_get_database
+g_tls_connection_set_database
 <SUBSECTION>
 g_tls_connection_handshake
 g_tls_connection_handshake_async
@@ -3124,8 +3124,9 @@ g_tls_file_database_new
 G_TLS_FILE_DATABASE
 G_TLS_FILE_DATABASE_GET_INTERFACE
 G_TYPE_TLS_FILE_DATABASE
+G_IS_TLS_FILE_DATABASE
 <SUBSECTION Private>
-g_tls_database_get_type
+g_tls_file_database_get_type
 </SECTION>
 
 <SECTION>
diff --git a/gio/gdummytlsbackend.c b/gio/gdummytlsbackend.c
index 59ed004..1135056 100644
--- a/gio/gdummytlsbackend.c
+++ b/gio/gdummytlsbackend.c
@@ -198,7 +198,7 @@ enum
   PROP_BASE_IO_STREAM,
   PROP_REQUIRE_CLOSE_NOTIFY,
   PROP_REHANDSHAKE_MODE,
-  PROP_USE_SYSTEM_CERTDB,
+  PROP_DATABASE,
   PROP_VALIDATION_FLAGS,
   PROP_SERVER_IDENTITY,
   PROP_USE_SSL3,
@@ -258,7 +258,7 @@ g_dummy_tls_connection_class_init (GDummyTlsConnectionClass *connection_class)
   g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
   g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
   g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
-  g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
+  g_object_class_override_property (gobject_class, PROP_DATABASE, "database");
   g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
   g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
   g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3");
diff --git a/gio/gtlsconnection.c b/gio/gtlsconnection.c
index b358778..447a112 100644
--- a/gio/gtlsconnection.c
+++ b/gio/gtlsconnection.c
@@ -29,6 +29,7 @@
 #include "gtlsbackend.h"
 #include "gtlscertificate.h"
 #include "gtlsclientconnection.h"
+#include "gtlsdatabase.h"
 #include "glibintl.h"
 
 /**
@@ -77,7 +78,7 @@ enum {
   PROP_BASE_IO_STREAM,
   PROP_REQUIRE_CLOSE_NOTIFY,
   PROP_REHANDSHAKE_MODE,
-  PROP_USE_SYSTEM_CERTDB,
+  PROP_DATABASE,
   PROP_CERTIFICATE,
   PROP_PEER_CERTIFICATE,
   PROP_PEER_CERTIFICATE_ERRORS
@@ -107,19 +108,19 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
 							G_PARAM_CONSTRUCT_ONLY |
 							G_PARAM_STATIC_STRINGS));
   /**
-   * GTlsConnection:use-system-certdb:
+   * GTlsConnection:database:
    *
-   * Whether or not the system certificate database will be used to
-   * verify peer certificates. See
-   * g_tls_connection_set_use_system_certdb().
+   * The certificate database to use when verifying this TLS connection.
+   * If no cerificate database is set, then the default database will be
+   * used. See g_tls_backend_get_default_database().
    *
    * Since: 2.28
    */
-  g_object_class_install_property (gobject_class, PROP_USE_SYSTEM_CERTDB,
-				   g_param_spec_boolean ("use-system-certdb",
-							 P_("Use system certificate database"),
-							 P_("Whether to verify peer certificates against the system certificate database"),
-							 TRUE,
+  g_object_class_install_property (gobject_class, PROP_DATABASE,
+				   g_param_spec_object ("database",
+							 P_("Database"),
+							 P_("Certificate database to use for verifying certificates"),
+							 G_TYPE_TLS_DATABASE,
 							 G_PARAM_READWRITE |
 							 G_PARAM_CONSTRUCT |
 							 G_PARAM_STATIC_STRINGS));
@@ -295,12 +296,13 @@ g_tls_connection_set_property (GObject      *object,
 }
 
 /**
- * g_tls_connection_set_use_system_certdb:
+ * g_tls_connection_set_database:
  * @conn: a #GTlsConnection
- * @use_system_certdb: whether to use the system certificate database
+ * @database: a #GTlsDatabase
  *
- * Sets whether @conn uses the system certificate database to verify
- * peer certificates. This is %TRUE by default. If set to %FALSE, then
+ * Sets the certificate database that is used to verify peer certificates.
+ * This is set to the default database by default. See
+ * g_tls_backend_get_default_database(). If set to %NULL, then
  * peer certificate validation will always set the
  * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
  * #GTlsConnection::accept-certificate will always be emitted on
@@ -310,38 +312,41 @@ g_tls_connection_set_property (GObject      *object,
  * Since: 2.28
  */
 void
-g_tls_connection_set_use_system_certdb (GTlsConnection *conn,
-					gboolean        use_system_certdb)
+g_tls_connection_set_database (GTlsConnection *conn,
+                               GTlsDatabase   *database)
 {
   g_return_if_fail (G_IS_TLS_CONNECTION (conn));
+  g_return_if_fail (!database || G_IS_TLS_DATABASE (database));
 
   g_object_set (G_OBJECT (conn),
-		"use-system-certdb", use_system_certdb,
+		"database", database,
 		NULL);
 }
 
 /**
- * g_tls_connection_get_use_system_certdb:
+ * g_tls_connection_get_database:
  * @conn: a #GTlsConnection
  *
- * Gets whether @conn uses the system certificate database to verify
- * peer certificates. See g_tls_connection_set_use_system_certdb().
+ * Gets the certificate database that @conn uses to verify
+ * peer certificates. See g_tls_connection_set_database().
  *
- * Return value: whether @conn uses the system certificate database
+ * Return value: the certificate database that @conn uses or %NULL
  *
  * Since: 2.28
  */
-gboolean
-g_tls_connection_get_use_system_certdb (GTlsConnection *conn)
+GTlsDatabase*
+g_tls_connection_get_database (GTlsConnection *conn)
 {
-  gboolean use_system_certdb;
+  GTlsDatabase *database = NULL;
 
-  g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), TRUE);
+  g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), NULL);
 
   g_object_get (G_OBJECT (conn),
-		"use-system-certdb", &use_system_certdb,
+		"database", &database,
 		NULL);
-  return use_system_certdb;
+  if (database)
+    g_object_unref (database);
+  return database;
 }
 
 /**
diff --git a/gio/gtlsconnection.h b/gio/gtlsconnection.h
index 7786c43..b44a869 100644
--- a/gio/gtlsconnection.h
+++ b/gio/gtlsconnection.h
@@ -83,9 +83,9 @@ struct _GTlsConnectionClass
 
 GType                 g_tls_connection_get_type                    (void) G_GNUC_CONST;
 
-void                  g_tls_connection_set_use_system_certdb       (GTlsConnection       *conn,
-								    gboolean              use_system_certdb);
-gboolean              g_tls_connection_get_use_system_certdb       (GTlsConnection       *conn);
+void                  g_tls_connection_set_database                (GTlsConnection       *conn,
+								    GTlsDatabase         *database);
+GTlsDatabase *        g_tls_connection_get_database                (GTlsConnection       *conn);
 
 void                  g_tls_connection_set_certificate             (GTlsConnection       *conn,
 								    GTlsCertificate      *certificate);
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]