[glib/wip/danw/poodle: 2/2] Allow controlling the SSL/TLS versions a GTlsConnection can use
- From: Dan Winship <danw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/wip/danw/poodle: 2/2] Allow controlling the SSL/TLS versions a GTlsConnection can use
- Date: Fri, 17 Oct 2014 00:54:50 +0000 (UTC)
commit 2b57c5894c778d93dc1db2374d4e8f358de750c3
Author: Dan Winship <danw gnome org>
Date: Thu Oct 16 20:53:58 2014 -0400
Allow controlling the SSL/TLS versions a GTlsConnection can use
docs/reference/gio/gio-sections.txt | 4 +
gio/gioenums.h | 20 ++++++
gio/gtlsclientconnection.c | 7 ++
gio/gtlsclientconnection.h | 4 +-
gio/gtlsconnection.c | 114 +++++++++++++++++++++++++++++++++++
gio/gtlsconnection.h | 9 +++
6 files changed, 156 insertions(+), 2 deletions(-)
---
diff --git a/docs/reference/gio/gio-sections.txt b/docs/reference/gio/gio-sections.txt
index 80980fd..edd74b7 100644
--- a/docs/reference/gio/gio-sections.txt
+++ b/docs/reference/gio/gio-sections.txt
@@ -3470,6 +3470,10 @@ g_tls_connection_get_require_close_notify
GTlsRehandshakeMode
g_tls_connection_set_rehandshake_mode
g_tls_connection_get_rehandshake_mode
+GTlsVersion
+g_tls_connection_set_requested_versions
+g_tls_connection_get_requested_versions
+g_tls_connection_get_version
g_tls_connection_set_use_system_certdb
g_tls_connection_get_use_system_certdb
g_tls_connection_get_database
diff --git a/gio/gioenums.h b/gio/gioenums.h
index 1ca5be5..bb0c771 100644
--- a/gio/gioenums.h
+++ b/gio/gioenums.h
@@ -1811,6 +1811,26 @@ typedef enum {
G_NOTIFICATION_PRIORITY_URGENT
} GNotificationPriority;
+/**
+ * GTlsVersion:
+ * @G_TLS_VERSION_INVALID: invalid or unspecified version
+ * @G_TLS_VERSION_SSL_3_0: SSL 3.0
+ * @G_TLS_VERSION_TLS_1_0: TLS 1.0
+ * @G_TLS_VERSION_TLS_1_1: TLS 1.1
+ * @G_TLS_VERSION_TLS_1_2: TLS 1.2
+ *
+ * Versions of TLS/SSL that a connection might support.
+ *
+ * Since: 2.44
+ */
+typedef enum {
+ G_TLS_VERSION_INVALID = 0,
+ G_TLS_VERSION_SSL_3_0 = (1 << 0),
+ G_TLS_VERSION_TLS_1_0 = (1 << 1),
+ G_TLS_VERSION_TLS_1_1 = (1 << 2),
+ G_TLS_VERSION_TLS_1_2 = (1 << 3)
+} GTlsVersion;
+
G_END_DECLS
#endif /* __GIO_ENUMS_H__ */
diff --git a/gio/gtlsclientconnection.c b/gio/gtlsclientconnection.c
index 5d2a17d..40b0a72 100644
--- a/gio/gtlsclientconnection.c
+++ b/gio/gtlsclientconnection.c
@@ -110,6 +110,8 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
* a "modern" TLS handshake.
*
* Since: 2.28
+ * Deprecated: 2.44: #GTlsConnection:requested-versions gives you
+ * greater control over the versions to use.
*/
g_object_interface_install_property (iface,
g_param_spec_boolean ("use-ssl3",
@@ -118,6 +120,7 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
FALSE,
G_PARAM_READWRITE |
G_PARAM_CONSTRUCT |
+ G_PARAM_DEPRECATED |
G_PARAM_STATIC_STRINGS));
/**
@@ -271,6 +274,8 @@ g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
* Returns: whether @conn will use SSL 3.0
*
* Since: 2.28
+ * Deprecated: 2.44: #GTlsConnection:requested-versions gives you
+ * greater control over the versions to use.
*/
gboolean
g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
@@ -295,6 +300,8 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
* a "modern" TLS handshake attempt.
*
* Since: 2.28
+ * Deprecated: 2.44: #GTlsConnection:requested-versions gives you
+ * greater control over the versions to use.
*/
void
g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
diff --git a/gio/gtlsclientconnection.h b/gio/gtlsclientconnection.h
index b711a47..d8e1f69 100644
--- a/gio/gtlsclientconnection.h
+++ b/gio/gtlsclientconnection.h
@@ -58,9 +58,9 @@ GSocketConnectable *g_tls_client_connection_get_server_identity (GTlsClientCo
GLIB_AVAILABLE_IN_ALL
void g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
GSocketConnectable *identity);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_44
gboolean g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn);
-GLIB_AVAILABLE_IN_ALL
+GLIB_DEPRECATED_IN_2_44
void g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
gboolean use_ssl3);
GLIB_AVAILABLE_IN_ALL
diff --git a/gio/gtlsconnection.c b/gio/gtlsconnection.c
index d614c05..573cdf0 100644
--- a/gio/gtlsconnection.c
+++ b/gio/gtlsconnection.c
@@ -76,6 +76,8 @@ enum {
PROP_BASE_IO_STREAM,
PROP_REQUIRE_CLOSE_NOTIFY,
PROP_REHANDSHAKE_MODE,
+ PROP_REQUESTED_VERSIONS,
+ PROP_VERSION,
PROP_USE_SYSTEM_CERTDB,
PROP_DATABASE,
PROP_INTERACTION,
@@ -190,6 +192,46 @@ g_tls_connection_class_init (GTlsConnectionClass *klass)
G_PARAM_CONSTRUCT |
G_PARAM_STATIC_STRINGS));
/**
+ * GTlsConnection:requested-versions:
+ *
+ * The requested SSL/TLS versions. See
+ * g_tls_connection_set_requested_versions().
+ *
+ * Note that the default value of this property may change in future
+ * releases.
+ *
+ * Since: 2.44
+ */
+ g_object_class_install_property (gobject_class, PROP_REQUESTED_VERSIONS,
+ g_param_spec_flags ("requested-versions",
+ P_("Requested versions"),
+ P_("SSL/TLS versions to use"),
+ G_TYPE_TLS_VERSION,
+ (G_TLS_VERSION_SSL_3_0 |
+ G_TLS_VERSION_TLS_1_0 |
+ G_TLS_VERSION_TLS_1_1 |
+ G_TLS_VERSION_TLS_1_2),
+ G_PARAM_READWRITE |
+ G_PARAM_CONSTRUCT |
+ G_PARAM_STATIC_STRINGS));
+ /**
+ * GTlsConnection:version:
+ *
+ * The negotiated SSL/TLS version; this is only valid after a
+ * handshake has completed.
+ *
+ * Since: 2.44
+ */
+ g_object_class_install_property (gobject_class, PROP_VERSION,
+ g_param_spec_flags ("version",
+ P_("Version"),
+ P_("Negotiated SSL/TLS version"),
+ G_TYPE_TLS_VERSION,
+ G_TLS_VERSION_INVALID,
+ G_PARAM_READABLE |
+ G_PARAM_CONSTRUCT |
+ G_PARAM_STATIC_STRINGS));
+ /**
* GTlsConnection:certificate:
*
* The connection's certificate; see
@@ -726,6 +768,78 @@ g_tls_connection_get_rehandshake_mode (GTlsConnection *conn)
}
/**
+ * g_tls_connection_set_requested_versions:
+ * @conn: a #GTlsConnection
+ * @versions: the requested versions
+ *
+ * Sets the SSL/TLS versions that @conn will accept when handshaking.
+ *
+ * After the handshake completes, you can use
+ * g_tls_connection_get_version() to discover the negotiated version.
+ *
+ * Since: 2.44
+ */
+void
+g_tls_connection_set_requested_versions (GTlsConnection *conn,
+ GTlsVersion versions)
+{
+ g_return_if_fail (G_IS_TLS_CONNECTION (conn));
+
+ g_object_set (G_OBJECT (conn),
+ "requested-versions", versions,
+ NULL);
+}
+
+/**
+ * g_tls_connection_get_requested_versions:
+ * @conn: a #GTlsConnection
+ *
+ * Gets the SSL/TLS versions that @conn will accept when handshaking.
+ * (To find the version that was actually negotiated, use
+ * g_tls_connection_get_version().)
+ *
+ * Returns: @conn's requested SSL/TLS versions
+ *
+ * Since: 2.44
+ */
+GTlsVersion
+g_tls_connection_get_requested_versions (GTlsConnection *conn)
+{
+ GTlsVersion versions;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), G_TLS_VERSION_INVALID);
+
+ g_object_get (G_OBJECT (conn),
+ "requested-versions", &versions,
+ NULL);
+ return versions;
+}
+
+/**
+ * g_tls_connection_get_version:
+ * @conn: a #GTlsConnection
+ *
+ * Gets the SSL/TLS version that was negotiated on @conn.
+ *
+ * Returns: @conn's SSL/TLS version, or %G_TLS_VERSION_INVALID if @conn
+ * has not yet completed a handshake.
+ *
+ * Since: 2.44
+ */
+GTlsVersion
+g_tls_connection_get_version (GTlsConnection *conn)
+{
+ GTlsVersion version;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION (conn), G_TLS_VERSION_INVALID);
+
+ g_object_get (G_OBJECT (conn),
+ "version", &version,
+ NULL);
+ return version;
+}
+
+/**
* g_tls_connection_handshake:
* @conn: a #GTlsConnection
* @cancellable: (allow-none): a #GCancellable, or %NULL
diff --git a/gio/gtlsconnection.h b/gio/gtlsconnection.h
index 15b29aa..e03ff4a 100644
--- a/gio/gtlsconnection.h
+++ b/gio/gtlsconnection.h
@@ -115,6 +115,15 @@ void g_tls_connection_set_rehandshake_mode (GTlsConnecti
GLIB_AVAILABLE_IN_ALL
GTlsRehandshakeMode g_tls_connection_get_rehandshake_mode (GTlsConnection *conn);
+GLIB_AVAILABLE_IN_2_44
+void g_tls_connection_set_requested_versions (GTlsConnection *conn,
+ GTlsVersion versions);
+GLIB_AVAILABLE_IN_2_44
+GTlsVersion g_tls_connection_get_requested_versions (GTlsConnection *conn);
+
+GLIB_AVAILABLE_IN_2_44
+GTlsVersion g_tls_connection_get_version (GTlsConnection *conn);
+
GLIB_AVAILABLE_IN_ALL
gboolean g_tls_connection_handshake (GTlsConnection *conn,
GCancellable *cancellable,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
