[glib-networking: 1/129] Initial commit from glib-networking wip/openssl branch
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking: 1/129] Initial commit from glib-networking wip/openssl branch
- Date: Sat, 2 Feb 2019 22:43:28 +0000 (UTC)
commit 3772909eda7876839495d9435f059d363df77195
Author: Ignacio Casal Quinteiro <icq gnome org>
Date: Mon Sep 26 21:25:55 2016 +0200
Initial commit from glib-networking wip/openssl branch
This is a fork of glib-networking providing only tls support
using openssl. As a side point it fully supports Windows.
See the commit log of glib-networking for a full list of
the AUTHORS of this code.
.gitignore | 47 +
AUTHORS | 0
COPYING | 481 +++++
ChangeLog | 0
LICENSE_EXCEPTION | 14 +
Makefile.am | 23 +
NEWS | 0
README | 4 +
autogen.sh | 20 +
build/Makefile-newvs.am | 41 +
build/Makefile.am | 1 +
build/Makefile.msvcproj | 103 +
build/win32/Makefile.am | 1 +
build/win32/vs10/Makefile.am | 21 +
build/win32/vs10/glib-openssl-build-defines.props | 32 +
build/win32/vs10/glib-openssl-gen-srcs.props | 18 +
build/win32/vs10/glib-openssl-install.props | 28 +
build/win32/vs10/glib-openssl-install.vcxproj | 101 +
build/win32/vs10/glib-openssl-prepbuild.vcxproj | 89 +
.../vs10/glib-openssl-prepbuild.vcxproj.filters | 12 +
build/win32/vs10/glib-openssl-version-paths.props | 25 +
build/win32/vs10/glib-openssl.sln | 56 +
build/win32/vs10/libgioopenssl.vcxproj.filtersin | 20 +
build/win32/vs10/libgioopenssl.vcxprojin | 173 ++
build/win32/vs10/tlsbase.vcxproj.filtersin | 20 +
build/win32/vs10/tlsbase.vcxprojin | 129 ++
build/win32/vs11/Makefile.am | 20 +
build/win32/vs12/Makefile.am | 20 +
build/win32/vs14/Makefile.am | 20 +
build/win32/vs9/Makefile.am | 17 +
.../vs9/glib-networking-build-defines.vsprops | 27 +
build/win32/vs9/glib-networking-gen-srcs.vsprops | 12 +
build/win32/vs9/glib-networking-install.vcproj | 74 +
build/win32/vs9/glib-networking-install.vsprops | 21 +
build/win32/vs9/glib-networking-prepbuild.vcproj | 70 +
.../vs9/glib-networking-version-paths.vsprops | 19 +
build/win32/vs9/glib-networking.sln | 65 +
build/win32/vs9/libgioopenssl.vcprojin | 174 ++
build/win32/vs9/tlsbase.vcprojin | 134 ++
config.h.win32.in | 100 +
configure.ac | 155 ++
glib-openssl.doap | 25 +
glib-openssl.mk | 14 +
glib.mk | 135 ++
m4/glibtests.m4 | 28 +
po/.gitignore | 4 +
po/LINGUAS | 67 +
po/Makevars | 78 +
po/POTFILES.in | 5 +
po/an.po | 158 ++
po/ar.po | 164 ++
po/as.po | 155 ++
po/be.po | 157 ++
po/bg.po | 159 ++
po/bn_IN.po | 127 ++
po/bs.po | 151 ++
po/ca.po | 163 ++
po/ca valencia po | 163 ++
po/cs.po | 159 ++
po/da.po | 161 ++
po/de.po | 165 ++
po/el.po | 162 ++
po/en_CA.po | 121 ++
po/en_GB.po | 159 ++
po/eo.po | 127 ++
po/es.po | 161 ++
po/et.po | 162 ++
po/eu.po | 160 ++
po/fa.po | 158 ++
po/fi.po | 161 ++
po/fr.po | 159 ++
po/fur.po | 159 ++
po/gd.po | 158 ++
po/gl.po | 163 ++
po/gu.po | 128 ++
po/he.po | 160 ++
po/hi.po | 160 ++
po/hr.po | 150 ++
po/hu.po | 161 ++
po/id.po | 160 ++
po/it.po | 160 ++
po/ja.po | 159 ++
po/kk.po | 155 ++
po/km.po | 153 ++
po/kn.po | 127 ++
po/ko.po | 158 ++
po/lt.po | 160 ++
po/lv.po | 160 ++
po/ml.po | 159 ++
po/mr.po | 153 ++
po/nb.po | 157 ++
po/nl.po | 158 ++
po/oc.po | 163 ++
po/or.po | 154 ++
po/pa.po | 156 ++
po/pl.po | 158 ++
po/pt.po | 162 ++
po/pt_BR.po | 163 ++
po/ro.po | 129 ++
po/ru.po | 162 ++
po/sk.po | 160 ++
po/sl.po | 163 ++
po/sr.po | 160 ++
po/sr latin po | 160 ++
po/sv.po | 159 ++
po/ta.po | 127 ++
po/te.po | 160 ++
po/tg.po | 159 ++
po/th.po | 156 ++
po/tr.po | 161 ++
po/ug.po | 155 ++
po/uk.po | 158 ++
po/vi.po | 156 ++
po/zh_CN.po | 157 ++
po/zh_HK.po | 155 ++
po/zh_TW.po | 155 ++
tap-driver.sh | 652 +++++++
tap-test | 5 +
tls/base/Makefile.am | 25 +
tls/base/gtlsconnection-base.c | 1271 ++++++++++++
tls/base/gtlsconnection-base.h | 215 +++
tls/base/gtlsinputstream-base.c | 249 +++
tls/base/gtlsinputstream-base.h | 51 +
tls/base/gtlsoutputstream-base.c | 251 +++
tls/base/gtlsoutputstream-base.h | 51 +
tls/openssl/Makefile.am | 48 +
tls/openssl/gtlsbackend-openssl.c | 264 +++
tls/openssl/gtlsbackend-openssl.h | 48 +
tls/openssl/gtlsbio.c | 296 +++
tls/openssl/gtlsbio.h | 55 +
tls/openssl/gtlscertificate-openssl.c | 701 +++++++
tls/openssl/gtlscertificate-openssl.h | 69 +
tls/openssl/gtlsclientconnection-openssl.c | 491 +++++
tls/openssl/gtlsclientconnection-openssl.h | 56 +
tls/openssl/gtlsconnection-openssl.c | 581 ++++++
tls/openssl/gtlsconnection-openssl.h | 68 +
tls/openssl/gtlsdatabase-openssl.c | 39 +
tls/openssl/gtlsdatabase-openssl.h | 63 +
tls/openssl/gtlsfiledatabase-openssl.c | 916 +++++++++
tls/openssl/gtlsfiledatabase-openssl.h | 64 +
tls/openssl/gtlsserverconnection-openssl.c | 316 +++
tls/openssl/gtlsserverconnection-openssl.h | 57 +
tls/openssl/openssl-module.c | 69 +
tls/openssl/openssl-util.c | 487 +++++
tls/openssl/openssl-util.h | 99 +
tls/tests/Makefile.am | 60 +
tls/tests/certificate.c | 583 ++++++
tls/tests/connection.c | 2033 ++++++++++++++++++++
tls/tests/file-database.c | 576 ++++++
tls/tests/files/ca-alternative.pem | 24 +
tls/tests/files/ca-key.pem | 15 +
tls/tests/files/ca-roots-bad.pem | 90 +
tls/tests/files/ca-roots.pem | 209 ++
tls/tests/files/ca-verisign-sha1.pem | 48 +
tls/tests/files/ca.pem | 23 +
tls/tests/files/chain-with-verisign-md2.pem | 81 +
tls/tests/files/chain.pem | 59 +
tls/tests/files/client-and-key.pem | 45 +
tls/tests/files/client-future.pem | 18 +
tls/tests/files/client-key.pem | 27 +
tls/tests/files/client-past.pem | 18 +
tls/tests/files/client.pem | 18 +
tls/tests/files/create-files.sh | 186 ++
tls/tests/files/intermediate-ca-csr.pem | 12 +
tls/tests/files/intermediate-ca-key.pem | 9 +
tls/tests/files/intermediate-ca.pem | 22 +
tls/tests/files/non-ca.pem | 88 +
tls/tests/files/old-ca-key.pem | 15 +
tls/tests/files/old-ca.pem | 24 +
tls/tests/files/root-ca-csr.pem | 14 +
tls/tests/files/server-and-key.pem | 23 +
tls/tests/files/server-intermediate-csr.pem | 9 +
tls/tests/files/server-intermediate-key.pem | 9 +
tls/tests/files/server-intermediate.pem | 14 +
tls/tests/files/server-key.der | Bin 0 -> 319 bytes
tls/tests/files/server-key.pem | 9 +
tls/tests/files/server-self.pem | 11 +
tls/tests/files/server.der | Bin 0 -> 571 bytes
tls/tests/files/server.pem | 14 +
tls/tests/files/ssl/ca.conf | 31 +
tls/tests/files/ssl/client.conf | 14 +
tls/tests/files/ssl/intermediate-ca.conf | 31 +
tls/tests/files/ssl/old-ca.conf | 31 +
tls/tests/files/ssl/server-intermediate.conf | 27 +
tls/tests/files/ssl/server.conf | 27 +
tls/tests/mock-interaction.c | 222 +++
tls/tests/mock-interaction.h | 66 +
187 files changed, 25553 insertions(+)
---
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7ed8982
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,47 @@
+# for all subdirectories
+Makefile.in
+Makefile
+.libs
+.deps
+*.o
+*.lo
+*.la
+*.test
+*.log
+*.trs
+
+# autofoo stuff here
+compile
+config.*
+configure
+depcomp
+aclocal.m4
+autom4te.cache
+stamp-*
+libtool
+ltmain.sh
+missing
+install-sh
+glib-gettextize
+glib-zip
+gtk-doc.make
+compile
+glib-lcov.info
+glib-lcov
+test-driver
+
+INSTALL
+ChangeLog
+m4/libtool.m4
+m4/lt*.m4
+
+/tls/tests/certificate
+/tls/tests/file-database
+/tls/tests/connection
+/tls/tests/pkcs11
+/tls/tests/pkcs11-array
+/tls/tests/pkcs11-pin
+/tls/tests/pkcs11-slot
+/tls/tests/pkcs11-util
+/tls/tests/files/server-csr.pem
+/tls/tests/files/client-csr.pem
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 0000000..e69de29
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..5bc8fb2
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,481 @@
+ GNU LIBRARY GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the library GPL. It is
+ numbered 2 because it goes with version 2 of the ordinary GPL.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Library General Public License, applies to some
+specially designated Free Software Foundation software, and to any
+other libraries whose authors decide to use it. You can use it for
+your libraries, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if
+you distribute copies of the library, or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link a program with the library, you must provide
+complete object files to the recipients so that they can relink them
+with the library, after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ Our method of protecting your rights has two steps: (1) copyright
+the library, and (2) offer you this license which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ Also, for each distributor's protection, we want to make certain
+that everyone understands that there is no warranty for this free
+library. If the library is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original
+version, so that any problems introduced by others will not reflect on
+the original authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that companies distributing free
+software will individually obtain patent licenses, thus in effect
+transforming the program into proprietary software. To prevent this,
+we have made it clear that any patent must be licensed for everyone's
+free use or not licensed at all.
+
+ Most GNU software, including some libraries, is covered by the ordinary
+GNU General Public License, which was designed for utility programs. This
+license, the GNU Library General Public License, applies to certain
+designated libraries. This license is quite different from the ordinary
+one; be sure to read it in full, and don't assume that anything in it is
+the same as in the ordinary license.
+
+ The reason we have a separate public license for some libraries is that
+they blur the distinction we usually make between modifying or adding to a
+program and simply using it. Linking a program with a library, without
+changing the library, is in some sense simply using the library, and is
+analogous to running a utility program or application program. However, in
+a textual and legal sense, the linked executable is a combined work, a
+derivative of the original library, and the ordinary General Public License
+treats it as such.
+
+ Because of this blurred distinction, using the ordinary General
+Public License for libraries did not effectively promote software
+sharing, because most developers did not use the libraries. We
+concluded that weaker conditions might promote sharing better.
+
+ However, unrestricted linking of non-free programs would deprive the
+users of those programs of all benefit from the free status of the
+libraries themselves. This Library General Public License is intended to
+permit developers of non-free programs to use free libraries, while
+preserving your freedom as a user of such programs to change the free
+libraries that are incorporated in them. (We have not seen how to achieve
+this as regards changes in header files, but we have achieved it as regards
+changes in the actual functions of the Library.) The hope is that this
+will lead to faster development of free libraries.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, while the latter only
+works together with the library.
+
+ Note that it is possible for a library to be covered by the ordinary
+General Public License rather than by this special one.
+
+ GNU LIBRARY GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library which
+contains a notice placed by the copyright holder or other authorized
+party saying it may be distributed under the terms of this Library
+General Public License (also called "this License"). Each licensee is
+addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+ 6. As an exception to the Sections above, you may also compile or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ c) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ d) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the source code distributed need not include anything that is normally
+distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Library General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..e69de29
diff --git a/LICENSE_EXCEPTION b/LICENSE_EXCEPTION
new file mode 100644
index 0000000..dea39f5
--- /dev/null
+++ b/LICENSE_EXCEPTION
@@ -0,0 +1,14 @@
+
+ LICENSE EXCEPTION FOR OPENSSL
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU Library General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..94a4603
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,23 @@
+## Process this file with automake to produce Makefile.in
+include $(top_srcdir)/glib-openssl.mk
+
+ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
+
+SUBDIRS = po tls/base tls/openssl tls/tests build
+
+install-exec-hook:
+ if test -n "$(GIO_QUERYMODULES)" -a -z "$(DESTDIR)"; then \
+ $(GIO_QUERYMODULES) $(GIO_MODULE_DIR) ; \
+ fi
+
+uninstall-hook:
+ if test -n "$(GIO_QUERYMODULES)" -a -z "$(DESTDIR)"; then \
+ $(GIO_QUERYMODULES) $(GIO_MODULE_DIR) ; \
+ fi
+
+EXTRA_DIST += \
+ tap-driver.sh \
+ tap-test \
+ config.h.win32.in \
+ config.h.win32 \
+ $(NULL)
diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000..e69de29
diff --git a/README b/README
new file mode 100644
index 0000000..44fb240
--- /dev/null
+++ b/README
@@ -0,0 +1,4 @@
+Network-related giomodule for glib using openssl.
+
+File bugs against
+http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000..e8cfe3e
--- /dev/null
+++ b/autogen.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Run this to generate all the initial makefiles, etc.
+
+test -n "$srcdir" || srcdir=`dirname "$0"`
+test -n "$srcdir" || srcdir=.
+
+olddir=`pwd`
+cd "$srcdir"
+
+AUTORECONF=`which autoreconf`
+if test -z $AUTORECONF; then
+ echo "*** No autoreconf found, please install it ***"
+ exit 1
+fi
+
+mkdir -p m4
+autoreconf --force --install --verbose || exit $?
+
+cd "$olddir"
+test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"
diff --git a/build/Makefile-newvs.am b/build/Makefile-newvs.am
new file mode 100644
index 0000000..33ee29f
--- /dev/null
+++ b/build/Makefile-newvs.am
@@ -0,0 +1,41 @@
+# Centralized autotools file
+# Create the Visual Studio 2012/2013 project files
+# from the Visual Studio 2010 project files
+
+# Author: Fan, Chun-wei
+# November 05, 2012
+
+# MSVC_VER_LONG: Long Version of Visual Studio (2012, 2013, 2015 and so on)
+# MSVC_VER: Short Version of Visual Studio (11 for 2012, 12 for 2013, 14 for 2015 and so on)
+# MSVC_FORMAT_VER: Use 12 for MSVC 2012 through 2015
+
+%.sln:
+ sed 's/11\.00/$(MSVC_FORMAT_VER)\.00/g' < $(top_srcdir)/build/win32/vs10/$@ >
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@.tmp
+ sed 's/2010/$(MSVC_VER_LONG)/g' < $(top_builddir)/build/win32/vs$(MSVC_VER)/$@.tmp >
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@
+ rm $(top_builddir)/build/win32/vs$(MSVC_VER)/$@.tmp
+
+%.txt:
+ sed 's/vs10/vs$(MSVC_VER)/g' < $(top_srcdir)/build/win32/vs10/$@ >
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@.tmp
+ sed 's/VS10/VS$(MSVC_VER)/g' < $(top_builddir)/build/win32/vs$(MSVC_VER)/$@.tmp >
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@
+ rm $(top_builddir)/build/win32/vs$(MSVC_VER)/$@.tmp
+
+%.vcxproj:
+ if test -e $(top_srcdir)/build/win32/vs10/$@; then \
+ sed 's/v100/v$(MSVC_VER)0/g' < $(top_srcdir)/build/win32/vs10/$@ >
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@; \
+ else \
+ sed 's/v100/v$(MSVC_VER)0/g' < $(top_builddir)/build/win32/vs10/$@ >
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@; \
+ fi
+
+%.props:
+ if test -e $(top_srcdir)/build/win32/vs10/$@; then \
+ sed 's/<VSVer>10<\/VSVer>/<VSVer>$(MSVC_VER)<\/VSVer>/g' < $(top_srcdir)/build/win32/vs10/$@
$(top_builddir)/build/win32/vs$(MSVC_VER)/$@; \
+ else \
+ sed 's/<VSVer>10<\/VSVer>/<VSVer>$(MSVC_VER)<\/VSVer>/g' <
$(top_builddir)/build/win32/vs10/$@ > $(top_builddir)/build/win32/vs$(MSVC_VER)/$@; \
+ fi
+
+%.vcxproj.filters:
+ if test -e $(top_srcdir)/build/win32/vs10/$@; then \
+ cp $(top_srcdir)/build/win32/vs10/$@ $(top_builddir)/build/win32/vs$(MSVC_VER)/$@; \
+ else \
+ cp $(top_builddir)/build/win32/vs10/$@ $(top_builddir)/build/win32/vs$(MSVC_VER)/$@; \
+ fi
diff --git a/build/Makefile.am b/build/Makefile.am
new file mode 100644
index 0000000..0f81afe
--- /dev/null
+++ b/build/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = win32
diff --git a/build/Makefile.msvcproj b/build/Makefile.msvcproj
new file mode 100644
index 0000000..5d9cdc5
--- /dev/null
+++ b/build/Makefile.msvcproj
@@ -0,0 +1,103 @@
+# Author: Fan, Chun-wei
+# Common Autotools file used to generate Visual Studio 2008+
+# Projects from their templates
+
+# * Input variables:
+#
+# MSVCPROJS - List of Projects that should be generated
+#
+# * Simple tutorial
+#
+# Add this to Makefile.am where your library/program is built:
+# include $(top_srcdir)/build/Makefile.msvcproj
+# MSVCPROJS = YourProject (can be multiple projects in a single srcdir)
+# YourProject_FILES = $(libyourlib_1_0_SOURCES)
+# YourProject_EXCLUDES = ... # list of sources to exclude, separated by '|', wildcards allowed; use random
unsed value if none
+# YourProject_HEADERS_DIR = $(libyourlibincludedir)
+# YourProject_HEADERS_INST = $(libyourlib_1_0_HEADERS)
+# YourProject_HEADERS_EXCLUDES = ... # <list of headers to exclude from installation, separated by '|',
wildcards allowed; use random unsed value if none>
+#
+# dist-hook: \ # (or add to it if it is already there, note the vs9 items will also call the vs10 items in
the process)
+# $(top_builddir)/build/win32/vs9/YourProject.vcproj \
+# $(top_builddir)/build/win32/vs9/YourProject.headers
+
+
+# Private functions
+
+## Transform the MSVC project filename (no filename extensions) to something which can reference through a
variable
+## without automake/make complaining, eg Gtk-2.0 -> Gtk_2_0
+_proj_name=$(subst /,_,$(subst -,_,$(subst .,_,$(1))))
+_proj_path_raw:=$(subst $(abs_top_srcdir)/,,$(abs_srcdir))
+_proj_path=$(subst /,\\,$(_proj_path_raw))
+_proj_subdir_int=$(if $(ifeq $(_proj_path),\.),\\,\\$(_proj_path)\\)
+_proj_subdir=$(subst \\.\\,\\,$(_proj_subdir_int))
+
+_proj_files_raw=$(subst /,\\,$($(_proj_name)_FILES))
+_proj_files=$(subst $(srcdir)\\,,$(subst $(builddir)\\,,$(subst
$(top_builddir)\\$(_proj_path)\\,\\,$(_proj_files_raw))))
+_proj_filters=$($(_proj_name)_EXCLUDES)
+
+_proj_headers_raw=$(subst /,\\,$($(_proj_name)_HEADERS_INST))
+_proj_headers=$(subst $(srcdir)\\,,$(subst $(builddir)\\,,$(subst
$(top_builddir)\\$(_proj_path)\\,\\,$(_proj_headers_raw))))
+_proj_headers_excludes=$($(_proj_name)_HEADERS_EXCLUDES)
+
+_headers_dest_posix=$(subst $(includedir),,$($(_proj_name)_HEADERS_DIR))
+_headers_destdir=$(subst /,\\,$(_headers_dest_posix))
+
+#
+# Creates Visual Studio 2008/2010 projects from items passed in from autotools files
+# $(1) - Base Name of the MSVC project files (outputs)
+#
+
+define msvcproj-builder
+
+$(top_builddir)/build/win32/vs10/$(1).vcxproj: $(top_builddir)/build/win32/vs9/$(1).vcproj
+$(top_builddir)/build/win32/vs10/$(1).vcxproj.filters: $(top_builddir)/build/win32/vs9/$(1).vcproj
+$(1).sourcefiles: $(top_builddir)/build/win32/vs9/$(1).vcproj
+$(1).vs10.sourcefiles: $(top_builddir)/build/win32/vs9/$(1).vcproj
+$(1).vs10.sourcefiles.filters: $(top_builddir)/build/win32/vs9/$(1).vcproj
+
+$(top_builddir)/build/win32/vs9/$(1).vcproj:
+ -$(RM) $(top_builddir)/build/win32/vs9/$(1).vcproj
+ -$(RM) $(top_builddir)/build/win32/vs10/$(1).vcxproj
+ -$(RM) $(top_builddir)/build/win32/vs10/$(1).vcxproj.filters
+
+ for F in $(_proj_files); do \
+ case $$$$F in \
+ $(_proj_filters)) \
+ ;; \
+ *.c|*.cpp|*.cc|*.cxx) \
+ echo ' <File RelativePath="..\..\..'$(_proj_subdir)$$$$F'" />' >>$(1).sourcefiles
&& \
+ echo ' <ClCompile Include="..\..\..'$(_proj_subdir)$$$$F'" />'
$(1).vs10.sourcefiles && \
+ echo ' <ClCompile Include="..\..\..'$(_proj_subdir)$$$$F'"><Filter>Source
Files</Filter></ClCompile>' >>$(1).vs10.sourcefiles.filters \
+ ;; \
+ esac; \
+ done
+
+
+ $(CPP) -P - <$(top_srcdir)/build/win32/vs9/$(1).vcprojin >$(top_builddir)/build/win32/vs9/$(1).vcproj
+ $(CPP) -P - <$(top_srcdir)/build/win32/vs10/$(1).vcxprojin
$(top_builddir)/build/win32/vs10/$(1).vcxproj
+ $(CPP) -P - <$(top_srcdir)/build/win32/vs10/$(1).vcxproj.filtersin
$(top_builddir)/build/win32/vs10/$(1).vcxproj.filters
+ $(RM) $(1).sourcefiles
+ $(RM) $(1).vs10.sourcefiles
+ $(RM) $(1).vs10.sourcefiles.filters
+
+$(top_builddir)/build/win32/vs10/$(1).vs10.headers: $(top_builddir)/build/win32/vs9/$(1).headers
+
+$(top_builddir)/build/win32/vs9/$(1).headers:
+ -$(RM) $(top_builddir)/build/win32/vs9/$(1).headers
+ -$(RM) $(top_builddir)/build/win32/vs10/$(1).vs10.headers
+
+ for F in $(_proj_headers); do \
+ case $$$$F in \
+ $(_proj_headers_excludes)) \
+ ;; \
+ *.h|*.hpp|*.hh|*.hxx) \
+ echo 'copy ..\..\..'$(_proj_subdir)$$$$F'
$$$$(CopyDir)\include'$(_headers_destdir)'\'$$$$F'
'
$(top_builddir)/build/win32/vs9/$(1).headers && \
+ echo 'copy ..\..\..'$(_proj_subdir)$$$$F'
$$$$(CopyDir)\include'$(_headers_destdir)'\'$$$$F >>$(top_builddir)/build/win32/vs10/$(1).vs10.headers \
+ ;; \
+ esac; \
+ done
+
+endef
+
+$(foreach proj,$(MSVCPROJS),$(eval $(call msvcproj-builder,$(proj))))
diff --git a/build/win32/Makefile.am b/build/win32/Makefile.am
new file mode 100644
index 0000000..9c15633
--- /dev/null
+++ b/build/win32/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = vs9 vs10 vs11 vs12 vs14
diff --git a/build/win32/vs10/Makefile.am b/build/win32/vs10/Makefile.am
new file mode 100644
index 0000000..f810998
--- /dev/null
+++ b/build/win32/vs10/Makefile.am
@@ -0,0 +1,21 @@
+GENERATED_ITEMS = \
+ libgioopenssl.vcxproj \
+ libgioopenssl.vcxproj.filters \
+ tlsbase.vcxproj \
+ tlsbase.vcxproj.filters
+
+EXTRA_DIST = \
+ glib-openssl.sln \
+ glib-openssl-build-defines.props \
+ glib-openssl-gen-srcs.props \
+ glib-openssl-install.props \
+ glib-openssl-version-paths.props \
+ glib-openssl-install.vcxproj \
+ glib-openssl-prepbuild.vcxproj \
+ libgioopenssl.vcxprojin \
+ libgioopenssl.vcxproj.filtersin \
+ tlsbase.vcxprojin \
+ tlsbase.vcxproj.filtersin \
+ $(GENERATED_ITEMS)
+
+DISTCLEANFILES = $(GENERATED_ITEMS)
diff --git a/build/win32/vs10/glib-openssl-build-defines.props
b/build/win32/vs10/glib-openssl-build-defines.props
new file mode 100644
index 0000000..16c37cf
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-build-defines.props
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets">
+ <Import Project="glib-openssl-version-paths.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros">
+ <ModExportCFlags>_GLIB_EXTERN=__declspec(dllexport)extern</ModExportCFlags>
+ </PropertyGroup>
+ <PropertyGroup>
+ <_PropertySheetDisplayName>glibopensslbuilddefinesprops</_PropertySheetDisplayName>
+ <OutDir>$(SolutionDir)$(Configuration)\$(PlatformName)\bin\</OutDir>
+ <IntDir>$(SolutionDir)$(Configuration)\$(PlatformName)\obj\$(ProjectName)\</IntDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+
<AdditionalIncludeDirectories>..\..\..;$(GlibEtcInstallRoot)\include\gio-win32-2.0;$(GlibEtcInstallRoot)\include\glib-2.0;$(GlibEtcInstallRoot)\lib\glib-2.0\include;$(GlibEtcInstallRoot)\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+
<PreprocessorDefinitions>HAVE_CONFIG_H;G_LOG_DOMAIN="GLib-Net";%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <ForcedIncludeFiles>msvc_recommended_pragmas.h;%(ForcedIncludeFiles)</ForcedIncludeFiles>
+ <MultiProcessorCompilation>true</MultiProcessorCompilation>
+ <AdditionalOptions>/d2Zi+ %(AdditionalOptions)</AdditionalOptions>
+ </ClCompile>
+ <Link>
+
<AdditionalDependencies>gio-2.0.lib;gobject-2.0.lib;glib-2.0.lib;intl.lib;%(AdditionalDependencies)</AdditionalDependencies>
+
<AdditionalLibraryDirectories>$(GlibEtcInstallRoot)\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <BuildMacro Include="ModExportCFlags">
+ <Value>$(ModExportCFlags)</Value>
+ </BuildMacro>
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl-gen-srcs.props b/build/win32/vs10/glib-openssl-gen-srcs.props
new file mode 100644
index 0000000..6ee87bc
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-gen-srcs.props
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets">
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros">
+ <CopyConfigH>copy ..\..\..\config.h.win32 ..\..\..\config.h</CopyConfigH>
+ </PropertyGroup>
+ <PropertyGroup>
+ <_PropertySheetDisplayName>glibopensslgensrcsprops</_PropertySheetDisplayName>
+ </PropertyGroup>
+ <ItemDefinitionGroup />
+ <ItemGroup>
+ <BuildMacro Include="CopyConfigH">
+ <Value>$(CopyConfigH)</Value>
+ </BuildMacro>
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl-install.props b/build/win32/vs10/glib-openssl-install.props
new file mode 100644
index 0000000..78911d0
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-install.props
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets">
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros">
+ <GlibNetworkingDoInstall>
+mkdir $(CopyDir)
+
+mkdir $(CopyDir)\bin\gio\modules
+copy $(SolutionDir)$(Configuration)\$(Platform)\bin\libgioopenssl.dll $(CopyDir)\bin\gio\modules
+copy $(SolutionDir)$(Configuration)\$(Platform)\bin\libgioopenssl.pdb $(CopyDir)\bin\gio\modules
+ </GlibNetworkingDoInstall>
+ <GlibNetworkingPostInstall>$(GlibEtcInstallRoot)\bin\gio-querymodules
$(CopyDir)\bin\gio\modules</GlibNetworkingPostInstall>
+ </PropertyGroup>
+ <PropertyGroup>
+ <_PropertySheetDisplayName>glibopensslinstallprops</_PropertySheetDisplayName>
+ </PropertyGroup>
+ <ItemDefinitionGroup />
+ <ItemGroup>
+ <BuildMacro Include="GlibNetworkingDoInstall">
+ <Value>$(GlibNetworkingDoInstall)</Value>
+ </BuildMacro>
+ <BuildMacro Include="GlibNetworkingPostInstall">
+ <Value>$(GlibNetworkingPostInstall)</Value>
+ </BuildMacro>
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl-install.vcxproj b/build/win32/vs10/glib-openssl-install.vcxproj
new file mode 100644
index 0000000..34e3707
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-install.vcxproj
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{C298A297-6AE4-46B1-B739-3F87A13E0B69}</ProjectGuid>
+ <RootNamespace>glibopensslinstall</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-install.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-install.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-install.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-install.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <CustomBuild Include="..\..\..\random_file">
+ <Message Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Copying Build Results...</Message>
+ <Command
Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">..\..\..\random_file_a;%(Outputs)</Outputs>
+ <Message Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Copying Build Results...</Message>
+ <Command
Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">..\..\..\random_file_a;%(Outputs)</Outputs>
+ <Message Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Copying Build Results...</Message>
+ <Command
Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\..\random_file_a;%(Outputs)</Outputs>
+ <Message Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Copying Build Results...</Message>
+ <Command
Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\..\random_file_a;%(Outputs)</Outputs>
+ </CustomBuild>
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="libgioopenssl.vcxproj">
+ <Project>{3190fd52-4014-4b39-a33c-0dbac95ea3fe}</Project>
+ <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+ </ProjectReference>
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl-prepbuild.vcxproj b/build/win32/vs10/glib-openssl-prepbuild.vcxproj
new file mode 100644
index 0000000..54ded4e
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-prepbuild.vcxproj
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}</ProjectGuid>
+ <RootNamespace>glibopensslprepbuild</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Utility</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-gen-srcs.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-gen-srcs.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-gen-srcs.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-gen-srcs.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <ItemDefinitionGroup>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <CustomBuild Include="..\..\..\config.h.win32">
+ <Message Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Copying config.h...</Message>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(CopyConfigH)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">..\..\..\config.h;%(Outputs)</Outputs>
+ <Message Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Copying config.h...</Message>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(CopyConfigH)</Command>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">..\..\..\config.h;%(Outputs)</Outputs>
+ <Message Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Copying config.h...</Message>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(CopyConfigH)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\..\config.h;%(Outputs)</Outputs>
+ <Message Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Copying config.h...</Message>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(CopyConfigH)</Command>
+ <Outputs
Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\..\config.h;%(Outputs)</Outputs>
+ </CustomBuild>
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl-prepbuild.vcxproj.filters
b/build/win32/vs10/glib-openssl-prepbuild.vcxproj.filters
new file mode 100644
index 0000000..7fafc5c
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-prepbuild.vcxproj.filters
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup>
+ <Filter Include="Resource Files">
+ <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+ <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
+ </Filter>
+ </ItemGroup>
+ <ItemGroup>
+ <CustomBuild Include="..\..\..\config.h.win32"><Filter>Resource Files</Filter></CustomBuild>
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl-version-paths.props
b/build/win32/vs10/glib-openssl-version-paths.props
new file mode 100644
index 0000000..3a9458f
--- /dev/null
+++ b/build/win32/vs10/glib-openssl-version-paths.props
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets">
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros">
+ <VSVer>10</VSVer>
+ <GlibEtcInstallRoot>..\..\..\..\vs$(VSVer)\$(Platform)</GlibEtcInstallRoot>
+ <CopyDir>$(GlibEtcInstallRoot)</CopyDir>
+ </PropertyGroup>
+ <PropertyGroup>
+ <_PropertySheetDisplayName>glibopensslversionpathsprops</_PropertySheetDisplayName>
+ </PropertyGroup>
+ <ItemDefinitionGroup />
+ <ItemGroup>
+ <BuildMacro Include="VSVer">
+ <Value>$(VSVer)</Value>
+ </BuildMacro>
+ <BuildMacro Include="GlibEtcInstallRoot">
+ <Value>$(GlibEtcInstallRoot)</Value>
+ </BuildMacro>
+ <BuildMacro Include="CopyDir">
+ <Value>$(CopyDir)</Value>
+ </BuildMacro>
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/glib-openssl.sln b/build/win32/vs10/glib-openssl.sln
new file mode 100644
index 0000000..423e24c
--- /dev/null
+++ b/build/win32/vs10/glib-openssl.sln
@@ -0,0 +1,56 @@
+
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual Studio 2010
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "glib-openssl-prepbuild",
"glib-openssl-prepbuild.vcxproj", "{4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tlsbase", "tlsbase.vcxproj",
"{4F48C3FB-55CA-4086-8D08-965CFD55B01E}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libgioopenssl", "libgioopenssl.vcxproj",
"{3190FD52-4014-4B39-A33C-0DBAC95EA3FE}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "glib-openssl-install", "glib-openssl-install.vcxproj",
"{C298A297-6AE4-46B1-B739-3F87A13E0B69}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Debug|x64 = Debug|x64
+ Release|Win32 = Release|Win32
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|Win32.ActiveCfg = Debug|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|Win32.Build.0 = Debug|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|x64.ActiveCfg = Debug|x64
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|x64.Build.0 = Debug|x64
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|Win32.ActiveCfg = Release|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|Win32.Build.0 = Release|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|x64.ActiveCfg = Release|x64
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|x64.Build.0 = Release|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|Win32.ActiveCfg = Debug|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|Win32.Build.0 = Debug|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|x64.ActiveCfg = Debug|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|x64.Build.0 = Debug|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|Win32.ActiveCfg = Release|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|Win32.Build.0 = Release|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|x64.ActiveCfg = Release|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|x64.Build.0 = Release|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|Win32.ActiveCfg = Debug|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|Win32.Build.0 = Debug|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|x64.ActiveCfg = Debug|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|x64.Build.0 = Debug|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|Win32.ActiveCfg = Release|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|Win32.Build.0 = Release|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|x64.ActiveCfg = Release|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|x64.Build.0 = Release|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|Win32.ActiveCfg = Debug|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|Win32.Build.0 = Debug|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|x64.ActiveCfg = Debug|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|x64.Build.0 = Debug|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|Win32.ActiveCfg = Release|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|Win32.Build.0 = Release|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|x64.ActiveCfg = Release|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/build/win32/vs10/libgioopenssl.vcxproj.filtersin
b/build/win32/vs10/libgioopenssl.vcxproj.filtersin
new file mode 100644
index 0000000..f6fde75
--- /dev/null
+++ b/build/win32/vs10/libgioopenssl.vcxproj.filtersin
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup>
+ <Filter Include="Sources">
+ <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+ <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+ </Filter>
+ <Filter Include="Headers">
+ <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+ <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+ </Filter>
+ <Filter Include="Resource Files">
+ <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+ <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
+ </Filter>
+ </ItemGroup>
+ <ItemGroup>
+#include "libgioopenssl.vs10.sourcefiles.filters"
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/libgioopenssl.vcxprojin b/build/win32/vs10/libgioopenssl.vcxprojin
new file mode 100644
index 0000000..86436b9
--- /dev/null
+++ b/build/win32/vs10/libgioopenssl.vcxprojin
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{3190FD52-4014-4B39-A33C-0DBAC95EA3FE}</ProjectGuid>
+ <RootNamespace>libgioopenssl</RootNamespace>
+ <Keyword>Win32Proj</Keyword>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+
<AdditionalIncludeDirectories>..\..\..\tls\base;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>_DEBUG;$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <MinimalRebuild>true</MinimalRebuild>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>libeay32.lib;ssleay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <SubSystem>Windows</SubSystem>
+ <TargetMachine>MachineX86</TargetMachine>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+
<AdditionalIncludeDirectories>..\..\..\tls\base;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>_DEBUG;$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <MinimalRebuild>true</MinimalRebuild>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>libeay32.lib;ssleay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <SubSystem>Windows</SubSystem>
+ <TargetMachine>MachineX64</TargetMachine>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+
<AdditionalIncludeDirectories>..\..\..\tls\base;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <Optimization>MaxSpeed</Optimization>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>libeay32.lib;ssleay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <SubSystem>Windows</SubSystem>
+ <OptimizeReferences>true</OptimizeReferences>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <TargetMachine>MachineX86</TargetMachine>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+
<AdditionalIncludeDirectories>..\..\..\tls\base;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <Optimization>MaxSpeed</Optimization>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>libeay32.lib;ssleay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <SubSystem>Windows</SubSystem>
+ <OptimizeReferences>true</OptimizeReferences>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <TargetMachine>MachineX64</TargetMachine>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+#include "libgioopenssl.vs10.sourcefiles"
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="tlsbase.vcxproj">
+ <Project>{4f48c3fb-55ca-4086-8d08-965cfd55b01e}</Project>
+ <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+ </ProjectReference>
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
diff --git a/build/win32/vs10/tlsbase.vcxproj.filtersin b/build/win32/vs10/tlsbase.vcxproj.filtersin
new file mode 100644
index 0000000..d1a25b7
--- /dev/null
+++ b/build/win32/vs10/tlsbase.vcxproj.filtersin
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup>
+ <Filter Include="Sources">
+ <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+ <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+ </Filter>
+ <Filter Include="Headers">
+ <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+ <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+ </Filter>
+ <Filter Include="Resource Files">
+ <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+ <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
+ </Filter>
+ </ItemGroup>
+ <ItemGroup>
+#include "tlsbase.vs10.sourcefiles.filters"
+ </ItemGroup>
+</Project>
diff --git a/build/win32/vs10/tlsbase.vcxprojin b/build/win32/vs10/tlsbase.vcxprojin
new file mode 100644
index 0000000..a3f3d3c
--- /dev/null
+++ b/build/win32/vs10/tlsbase.vcxprojin
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{4F48C3FB-55CA-4086-8D08-965CFD55B01E}</ProjectGuid>
+ <RootNamespace>tlsbase</RootNamespace>
+ <Keyword>Win32Proj</Keyword>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v100</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"
Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="glib-openssl-build-defines.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>_DEBUG;$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <MinimalRebuild>true</MinimalRebuild>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>_DEBUG;$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <MinimalRebuild>true</MinimalRebuild>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <Optimization>MaxSpeed</Optimization>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <Optimization>MaxSpeed</Optimization>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>$(ModExportCFlags);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+#include "tlsbase.vs10.sourcefiles"
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="glib-openssl-prepbuild.vcxproj">
+ <Project>{4b9d74cf-785e-4edf-8eb8-ac0e0a9756d0}</Project>
+ <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+ </ProjectReference>
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
diff --git a/build/win32/vs11/Makefile.am b/build/win32/vs11/Makefile.am
new file mode 100644
index 0000000..acb465a
--- /dev/null
+++ b/build/win32/vs11/Makefile.am
@@ -0,0 +1,20 @@
+EXTRA_DIST = \
+ glib-openssl.sln \
+ glib-openssl-build-defines.props \
+ glib-openssl-gen-srcs.props \
+ glib-openssl-install.props \
+ glib-openssl-version-paths.props \
+ glib-openssl-install.vcxproj \
+ glib-openssl-prepbuild.vcxproj \
+ libgioopenssl.vcxproj \
+ libgioopenssl.vcxproj.filters \
+ tlsbase.vcxproj \
+ tlsbase.vcxproj.filters
+
+DISTCLEANFILES = $(EXTRA_DIST)
+
+MSVC_VER = 11
+MSVC_FORMAT_VER=12
+MSVC_VER_LONG = 2012
+
+include $(top_srcdir)/build/Makefile-newvs.am
diff --git a/build/win32/vs12/Makefile.am b/build/win32/vs12/Makefile.am
new file mode 100644
index 0000000..dc66ac3
--- /dev/null
+++ b/build/win32/vs12/Makefile.am
@@ -0,0 +1,20 @@
+EXTRA_DIST = \
+ glib-openssl.sln \
+ glib-openssl-build-defines.props \
+ glib-openssl-gen-srcs.props \
+ glib-openssl-install.props \
+ glib-openssl-version-paths.props \
+ glib-openssl-install.vcxproj \
+ glib-openssl-prepbuild.vcxproj \
+ libgioopenssl.vcxproj \
+ libgioopenssl.vcxproj.filters \
+ tlsbase.vcxproj \
+ tlsbase.vcxproj.filters
+
+DISTCLEANFILES = $(EXTRA_DIST)
+
+MSVC_VER = 12
+MSVC_FORMAT_VER=12
+MSVC_VER_LONG = 2013
+
+include $(top_srcdir)/build/Makefile-newvs.am
diff --git a/build/win32/vs14/Makefile.am b/build/win32/vs14/Makefile.am
new file mode 100644
index 0000000..e16bced
--- /dev/null
+++ b/build/win32/vs14/Makefile.am
@@ -0,0 +1,20 @@
+EXTRA_DIST = \
+ glib-openssl.sln \
+ glib-openssl-build-defines.props \
+ glib-openssl-gen-srcs.props \
+ glib-openssl-install.props \
+ glib-openssl-version-paths.props \
+ glib-openssl-install.vcxproj \
+ glib-openssl-prepbuild.vcxproj \
+ libgioopenssl.vcxproj \
+ libgioopenssl.vcxproj.filters \
+ tlsbase.vcxproj \
+ tlsbase.vcxproj.filters
+
+DISTCLEANFILES = $(EXTRA_DIST)
+
+MSVC_VER = 14
+MSVC_FORMAT_VER=12
+MSVC_VER_LONG = 14
+
+include $(top_srcdir)/build/Makefile-newvs.am
diff --git a/build/win32/vs9/Makefile.am b/build/win32/vs9/Makefile.am
new file mode 100644
index 0000000..f645f58
--- /dev/null
+++ b/build/win32/vs9/Makefile.am
@@ -0,0 +1,17 @@
+GENERATED_ITEMS = \
+ libgioopenssl.vcproj \
+ tlsbase.vcproj
+
+EXTRA_DIST = \
+ glib-openssl.sln \
+ glib-openssl-build-defines.vsprops \
+ glib-openssl-gen-srcs.vsprops \
+ glib-openssl-install.vsprops \
+ glib-openssl-version-paths.vsprops \
+ glib-openssl-install.vcproj \
+ glib-openssl-prepbuild.vcproj \
+ libgioopenssl.vcprojin \
+ tlsbase.vcprojin \
+ $(GENERATED_ITEMS)
+
+DISTCLEANFILES = $(GENERATED_ITEMS)
diff --git a/build/win32/vs9/glib-networking-build-defines.vsprops
b/build/win32/vs9/glib-networking-build-defines.vsprops
new file mode 100644
index 0000000..48901e4
--- /dev/null
+++ b/build/win32/vs9/glib-networking-build-defines.vsprops
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioPropertySheet
+ ProjectType="Visual C++"
+ Version="8.00"
+ Name="glibopensslbuilddefinesprops"
+ OutputDirectory="$(SolutionDir)$(ConfigurationName)\$(PlatformName)\bin"
+ IntermediateDirectory="$(SolutionDir)$(ConfigurationName)\$(PlatformName)\obj\$(ProjectName)\"
+ InheritedPropertySheets=".\glib-openssl-version-paths.vsprops"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+
AdditionalIncludeDirectories="..\..\..;$(GlibEtcInstallRoot)\include\gio-win32-2.0;$(GlibEtcInstallRoot)\include\glib-2.0;$(GlibEtcInstallRoot)\lib\glib-2.0\include;$(GlibEtcInstallRoot)\include"
+ PreprocessorDefinitions="HAVE_CONFIG_H;G_LOG_DOMAIN=\"GLib-Net\""
+ ForcedIncludeFiles="msvc_recommended_pragmas.h"
+ AdditionalOptions="/MP"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="gio-2.0.lib gobject-2.0.lib gmodule-2.0.lib glib-2.0.lib intl.lib"
+ AdditionalLibraryDirectories="$(GlibEtcInstallRoot)\lib"
+ GenerateDebugInformation="true"
+ />
+ <UserMacro
+ Name="ModExportCFlags"
+ Value="_GLIB_EXTERN=__declspec(dllexport)extern"
+ />
+</VisualStudioPropertySheet>
diff --git a/build/win32/vs9/glib-networking-gen-srcs.vsprops
b/build/win32/vs9/glib-networking-gen-srcs.vsprops
new file mode 100644
index 0000000..00767b6
--- /dev/null
+++ b/build/win32/vs9/glib-networking-gen-srcs.vsprops
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioPropertySheet
+ ProjectType="Visual C++"
+ Version="8.00"
+ Name="glibopensslgensrcsprops"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ >
+ <UserMacro
+ Name="CopyConfigH"
+ Value="copy ..\..\..\config.h.win32 ..\..\..\config.h"
+ />
+</VisualStudioPropertySheet>
diff --git a/build/win32/vs9/glib-networking-install.vcproj b/build/win32/vs9/glib-networking-install.vcproj
new file mode 100644
index 0000000..1d902f5
--- /dev/null
+++ b/build/win32/vs9/glib-networking-install.vcproj
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="9.00"
+ Name="glib-openssl-install"
+ ProjectGUID="{C298A297-6AE4-46B1-B739-3F87A13E0B69}"
+ RootNamespace="glibopensslinstall"
+ TargetFrameworkVersion="196613"
+ >
+ <Platforms>
+ <Platform
+ Name="Win32"
+ />
+ <Platform
+ Name="x64"
+ />
+ </Platforms>
+ <ToolFiles>
+ </ToolFiles>
+ <Configurations>
+ <Configuration
+ Name="Debug|Win32"
+ InheritedPropertySheets=".\glib-openssl-install.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ CommandLine="$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)"
+ />
+ </Configuration>
+ <Configuration
+ Name="Debug|x64"
+ InheritedPropertySheets=".\glib-openssl-install.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ CommandLine="$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|Win32"
+ InheritedPropertySheets=".\glib-openssl-install.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ WholeProgramOptimization="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ CommandLine="$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|x64"
+ InheritedPropertySheets=".\glib-openssl-install.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ WholeProgramOptimization="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ CommandLine="$(GlibNetworkingDoInstall)$(GlibNetworkingPostInstall)"
+ />
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
diff --git a/build/win32/vs9/glib-networking-install.vsprops b/build/win32/vs9/glib-networking-install.vsprops
new file mode 100644
index 0000000..b5e529f
--- /dev/null
+++ b/build/win32/vs9/glib-networking-install.vsprops
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioPropertySheet
+ ProjectType="Visual C++"
+ Version="8.00"
+ Name="glibopensslinstallprops"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ >
+ <UserMacro
+ Name="GlibNetworkingDoInstall"
+ Value="
+mkdir $(CopyDir)

+mkdir $(CopyDir)\bin\gio\modules

+copy $(SolutionDir)$(ConfigurationName)\$(PlatformName)\bin\libgioopenssl.dll
$(CopyDir)\bin\gio\modules

+copy $(SolutionDir)$(ConfigurationName)\$(PlatformName)\bin\libgioopenssl.pdb
$(CopyDir)\bin\gio\modules

+"
+ />
+ <UserMacro
+ Name="GlibNetworkingPostInstall"
+ Value="$(GlibEtcInstallRoot)\bin\gio-querymodules $(CopyDir)\bin\gio\modules"
+ />
+</VisualStudioPropertySheet>
diff --git a/build/win32/vs9/glib-networking-prepbuild.vcproj
b/build/win32/vs9/glib-networking-prepbuild.vcproj
new file mode 100644
index 0000000..400e336
--- /dev/null
+++ b/build/win32/vs9/glib-networking-prepbuild.vcproj
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="9.00"
+ Name="glib-openssl-prepbuild"
+ ProjectGUID="{4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}"
+ RootNamespace="glibopensslprepbuild"
+ TargetFrameworkVersion="196613"
+ >
+ <Platforms>
+ <Platform
+ Name="Win32"
+ />
+ <Platform
+ Name="x64"
+ />
+ </Platforms>
+ <ToolFiles>
+ </ToolFiles>
+ <Configurations>
+ <Configuration
+ Name="Debug|Win32"
+ InheritedPropertySheets=".\glib-openssl-gen-srcs.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ >
+ </Configuration>
+ <Configuration
+ Name="Release|Win32"
+ InheritedPropertySheets=".\glib-openssl-gen-srcs.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ WholeProgramOptimization="1"
+ >
+ </Configuration>
+ <Configuration
+ Name="Debug|x64"
+ InheritedPropertySheets=".\glib-openssl-gen-srcs.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ >
+ </Configuration>
+ <Configuration
+ Name="Release|x64"
+ InheritedPropertySheets=".\glib-openssl-gen-srcs.vsprops"
+ ConfigurationType="10"
+ CharacterSet="2"
+ WholeProgramOptimization="1"
+ >
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ <Filter
+ Name="Resource Files"
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+ >
+ <File RelativePath="..\..\..\config.h.win32">
+ <FileConfiguration Name="Debug|Win32"><Tool Name="VCCustomBuildTool"
Description="Copying config.h..." CommandLine="$(CopyConfigH)" Outputs="..\..\..\config.h"
/></FileConfiguration>
+ <FileConfiguration Name="Debug|x64"><Tool Name="VCCustomBuildTool"
Description="Copying config.h..." CommandLine="$(CopyConfigH)" Outputs="..\..\..\config.h"
/></FileConfiguration>
+ <FileConfiguration Name="Release|Win32"><Tool Name="VCCustomBuildTool"
Description="Copying config.h..." CommandLine="$(CopyConfigH)" Outputs="..\..\..\config.h"
/></FileConfiguration>
+ <FileConfiguration Name="Release|x64"><Tool Name="VCCustomBuildTool"
Description="Copying config.h..." CommandLine="$(CopyConfigH)" Outputs="..\..\..\config.h"
/></FileConfiguration>
+ </File>
+ </Filter>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
diff --git a/build/win32/vs9/glib-networking-version-paths.vsprops
b/build/win32/vs9/glib-networking-version-paths.vsprops
new file mode 100644
index 0000000..07cc9fd
--- /dev/null
+++ b/build/win32/vs9/glib-networking-version-paths.vsprops
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioPropertySheet
+ ProjectType="Visual C++"
+ Version="8.00"
+ Name="glibopensslversionpathsprops"
+ >
+ <UserMacro
+ Name="VSVer"
+ Value="9"
+ />
+ <UserMacro
+ Name="GlibEtcInstallRoot"
+ Value="..\..\..\..\vs$(VSVer)\$(PlatformName)"
+ />
+ <UserMacro
+ Name="CopyDir"
+ Value="$(GlibEtcInstallRoot)"
+ />
+</VisualStudioPropertySheet>
diff --git a/build/win32/vs9/glib-networking.sln b/build/win32/vs9/glib-networking.sln
new file mode 100644
index 0000000..b84ff40
--- /dev/null
+++ b/build/win32/vs9/glib-networking.sln
@@ -0,0 +1,65 @@
+
+Microsoft Visual Studio Solution File, Format Version 10.00
+# Visual Studio 2008
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "glib-openssl-prepbuild",
"glib-openssl-prepbuild.vcproj", "{4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tlsbase", "tlsbase.vcproj",
"{4F48C3FB-55CA-4086-8D08-965CFD55B01E}"
+ ProjectSection(ProjectDependencies) = postProject
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0} = {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libgioopenssl", "libgioopenssl.vcproj",
"{3190FD52-4014-4B39-A33C-0DBAC95EA3FE}"
+ ProjectSection(ProjectDependencies) = postProject
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E} = {4F48C3FB-55CA-4086-8D08-965CFD55B01E}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "glib-openssl-install", "glib-openssl-install.vcproj",
"{C298A297-6AE4-46B1-B739-3F87A13E0B69}"
+ ProjectSection(ProjectDependencies) = postProject
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE} = {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Win32 = Debug|Win32
+ Debug|x64 = Debug|x64
+ Release|Win32 = Release|Win32
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|Win32.ActiveCfg = Debug|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|Win32.Build.0 = Debug|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|x64.ActiveCfg = Debug|x64
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Debug|x64.Build.0 = Debug|x64
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|Win32.ActiveCfg = Release|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|Win32.Build.0 = Release|Win32
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|x64.ActiveCfg = Release|x64
+ {4B9D74CF-785E-4EDF-8EB8-AC0E0A9756D0}.Release|x64.Build.0 = Release|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|Win32.ActiveCfg = Debug|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|Win32.Build.0 = Debug|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|x64.ActiveCfg = Debug|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Debug|x64.Build.0 = Debug|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|Win32.ActiveCfg = Release|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|Win32.Build.0 = Release|Win32
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|x64.ActiveCfg = Release|x64
+ {4F48C3FB-55CA-4086-8D08-965CFD55B01E}.Release|x64.Build.0 = Release|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|Win32.ActiveCfg = Debug|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|Win32.Build.0 = Debug|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|x64.ActiveCfg = Debug|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Debug|x64.Build.0 = Debug|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|Win32.ActiveCfg = Release|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|Win32.Build.0 = Release|Win32
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|x64.ActiveCfg = Release|x64
+ {3190FD52-4014-4B39-A33C-0DBAC95EA3FE}.Release|x64.Build.0 = Release|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|Win32.ActiveCfg = Debug|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|Win32.Build.0 = Debug|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|x64.ActiveCfg = Debug|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Debug|x64.Build.0 = Debug|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|Win32.ActiveCfg = Release|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|Win32.Build.0 = Release|Win32
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|x64.ActiveCfg = Release|x64
+ {C298A297-6AE4-46B1-B739-3F87A13E0B69}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/build/win32/vs9/libgioopenssl.vcprojin b/build/win32/vs9/libgioopenssl.vcprojin
new file mode 100644
index 0000000..5bd8407
--- /dev/null
+++ b/build/win32/vs9/libgioopenssl.vcprojin
@@ -0,0 +1,174 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="9.00"
+ Name="libgioopenssl"
+ ProjectGUID="{3190FD52-4014-4B39-A33C-0DBAC95EA3FE}"
+ RootNamespace="libgioopenssl"
+ Keyword="Win32Proj"
+ TargetFrameworkVersion="196613"
+ >
+ <Platforms>
+ <Platform
+ Name="Win32"
+ />
+ <Platform
+ Name="x64"
+ />
+ </Platforms>
+ <ToolFiles>
+ </ToolFiles>
+ <Configurations>
+ <Configuration
+ Name="Debug|Win32"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="2"
+ CharacterSet="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalIncludeDirectories="..\..\..\tls\base"
+ Optimization="0"
+ PreprocessorDefinitions="_DEBUG;$(ModExportCFlags)"
+ MinimalRebuild="true"
+ BasicRuntimeChecks="3"
+ RuntimeLibrary="3"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="4"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="libeay32.lib ssleay32.lib"
+ LinkIncremental="2"
+ GenerateDebugInformation="true"
+ SubSystem="2"
+ TargetMachine="1"
+ />
+ </Configuration>
+ <Configuration
+ Name="Debug|x64"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="2"
+ CharacterSet="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalIncludeDirectories="..\..\..\tls\base"
+ Optimization="0"
+ PreprocessorDefinitions="_DEBUG;$(ModExportCFlags)"
+ MinimalRebuild="true"
+ BasicRuntimeChecks="3"
+ RuntimeLibrary="3"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="4"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="libeay32.lib ssleay32.lib"
+ LinkIncremental="2"
+ GenerateDebugInformation="true"
+ SubSystem="2"
+ TargetMachine="17"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|Win32"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="2"
+ CharacterSet="1"
+ WholeProgramOptimization="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalIncludeDirectories="..\..\..\tls\base"
+ Optimization="2"
+ EnableIntrinsicFunctions="true"
+ PreprocessorDefinitions="$(ModExportCFlags)"
+ RuntimeLibrary="2"
+ EnableFunctionLevelLinking="true"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="3"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="libeay32.lib ssleay32.lib"
+ LinkIncremental="1"
+ GenerateDebugInformation="true"
+ SubSystem="2"
+ OptimizeReferences="2"
+ EnableCOMDATFolding="2"
+ TargetMachine="1"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|x64"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="2"
+ CharacterSet="1"
+ WholeProgramOptimization="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalIncludeDirectories="..\..\..\tls\base"
+ Optimization="2"
+ EnableIntrinsicFunctions="true"
+ PreprocessorDefinitions="$(ModExportCFlags)"
+ RuntimeLibrary="2"
+ EnableFunctionLevelLinking="true"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="3"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="libeay32.lib ssleay32.lib"
+ LinkIncremental="1"
+ GenerateDebugInformation="true"
+ SubSystem="2"
+ OptimizeReferences="2"
+ EnableCOMDATFolding="2"
+ TargetMachine="17"
+ />
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ <Filter
+ Name="Sources"
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+ >
+#include "libgioopenssl.sourcefiles"
+ </Filter>
+ <Filter
+ Name="Headers"
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+ >
+ </Filter>
+ <Filter
+ Name="Resource Files"
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+ >
+ </Filter>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
diff --git a/build/win32/vs9/tlsbase.vcprojin b/build/win32/vs9/tlsbase.vcprojin
new file mode 100644
index 0000000..a05456a
--- /dev/null
+++ b/build/win32/vs9/tlsbase.vcprojin
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="9.00"
+ Name="tlsbase"
+ ProjectGUID="{4F48C3FB-55CA-4086-8D08-965CFD55B01E}"
+ RootNamespace="tlsbase"
+ Keyword="Win32Proj"
+ TargetFrameworkVersion="196613"
+ >
+ <Platforms>
+ <Platform
+ Name="Win32"
+ />
+ <Platform
+ Name="x64"
+ />
+ </Platforms>
+ <ToolFiles>
+ </ToolFiles>
+ <Configurations>
+ <Configuration
+ Name="Debug|Win32"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="4"
+ CharacterSet="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ Optimization="0"
+ PreprocessorDefinitions="_DEBUG;$(ModExportCFlags)"
+ MinimalRebuild="true"
+ BasicRuntimeChecks="3"
+ RuntimeLibrary="3"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="4"
+ />
+ </Configuration>
+ <Configuration
+ Name="Debug|x64"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="4"
+ CharacterSet="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ Optimization="0"
+ PreprocessorDefinitions="_DEBUG;$(ModExportCFlags)"
+ MinimalRebuild="true"
+ BasicRuntimeChecks="3"
+ RuntimeLibrary="3"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="4"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|Win32"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="4"
+ CharacterSet="1"
+ WholeProgramOptimization="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ Optimization="2"
+ EnableIntrinsicFunctions="true"
+ PreprocessorDefinitions="$(ModExportCFlags)"
+ RuntimeLibrary="2"
+ EnableFunctionLevelLinking="true"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="3"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|x64"
+ InheritedPropertySheets=".\glib-openssl-build-defines.vsprops"
+ ConfigurationType="4"
+ CharacterSet="1"
+ WholeProgramOptimization="1"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ Optimization="2"
+ EnableIntrinsicFunctions="true"
+ PreprocessorDefinitions="$(ModExportCFlags)"
+ RuntimeLibrary="2"
+ EnableFunctionLevelLinking="true"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ DebugInformationFormat="3"
+ />
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ <Filter
+ Name="Sources"
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+ >
+#include "tlsbase.sourcefiles"
+ </Filter>
+ <Filter
+ Name="Headers"
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+ >
+ </Filter>
+ <Filter
+ Name="Resource Files"
+ Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+ UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+ >
+ </Filter>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
diff --git a/config.h.win32.in b/config.h.win32.in
new file mode 100644
index 0000000..1958db7
--- /dev/null
+++ b/config.h.win32.in
@@ -0,0 +1,100 @@
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* always defined to indicate that i18n is enabled */
+#define ENABLE_NLS 1
+
+/* The gettext domain name */
+#define GETTEXT_PACKAGE "@GETTEXT_PACKAGE@"
+
+/* The system TLS CA list */
+/* #undef GTLS_SYSTEM_CA_FILE */
+
+/* Define to 1 if you have the `bind_textdomain_codeset' function. */
+#define HAVE_BIND_TEXTDOMAIN_CODESET 1
+
+/* Define to 1 if you have the `dcgettext' function. */
+#define HAVE_DCGETTEXT 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+/* #undef HAVE_DLFCN_H */
+
+/* Whether you have gcov */
+/* #undef HAVE_GCOV */
+
+/* Define if the GNU gettext() function is already present or preinstalled. */
+/* #undef HAVE_GETTEXT */
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#if !defined (_MSC_VER) || (_MSC_VER >= 1800)
+#define HAVE_INTTYPES_H 1
+#endif
+
+/* Define if your <locale.h> file defines LC_MESSAGES. */
+/* #undef HAVE_LC_MESSAGES */
+
+/* Define to 1 if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Building with PKCS#11 support */
+/* #undef HAVE_PKCS11 */
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#if !defined (_MSC_VER) || (_MSC_VER >= 1600)
+#define HAVE_STDINT_H 1
+#endif
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#ifndef _MSC_VER
+#define HAVE_STRINGS_H 1
+#endif
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#ifndef _MSC_VER
+#define HAVE_UNISTD_H 1
+#endif
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#define LT_OBJDIR ".libs/"
+
+/* Name of package */
+#define PACKAGE "glib-openssl"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "@PACKAGE_NAME@"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "@PACKAGE_NAME@ @PACKAGE_VERSION@"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "glib-openssl"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "@PACKAGE_VERSION@"
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Version number of package */
+#define VERSION 1
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..ae7050b
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,155 @@
+AC_PREREQ(2.65)
+AC_CONFIG_MACRO_DIR([m4])
+
+AC_INIT([glib-openssl],[2.50.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network])
+
+AC_CONFIG_SRCDIR([tls/openssl/gtlsbackend-openssl.h])
+AC_CONFIG_HEADERS([config.h])
+
+dnl Other initialization
+AM_INIT_AUTOMAKE([1.11 no-dist-gzip dist-xz -Wno-portability])
+AM_MAINTAINER_MODE([enable])
+AM_SILENT_RULES([yes])
+LT_INIT
+
+dnl Checks for programs.
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_PROG_CPP
+
+dnl Checks for libraries.
+
+dnl ****************************
+dnl *** Checks for gettext ***
+dnl ****************************
+AM_GNU_GETTEXT_VERSION([0.19.4])
+AM_GNU_GETTEXT([external])
+
+GETTEXT_PACKAGE=glib-openssl
+AC_SUBST([GETTEXT_PACKAGE])
+AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[The gettext domain name])
+
+dnl *****************************
+dnl *** Check GLib GIO ***
+dnl *****************************
+AM_PATH_GLIB_2_0(2.46.0,,AC_MSG_ERROR(GLIB not found),gio)
+GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_46"
+
+GIO_MODULE_DIR=$($PKG_CONFIG --variable giomoduledir gio-2.0)
+AS_IF([test "$GIO_MODULE_DIR" = ""],
+ [AC_MSG_FAILURE(GIO_MODULE_DIR is missing from gio-2.0.pc)])
+AC_SUBST(GIO_MODULE_DIR)
+
+AC_PATH_PROG(GIO_QUERYMODULES, gio-querymodules)
+AC_SUBST(GIO_QUERYMODULES)
+
+GLIB_TESTS
+
+dnl **************************
+dnl *** Checks for OpenSSL ***
+dnl **************************
+with_openssl=no
+PKG_CHECK_MODULES(OPENSSL, [openssl],
+ with_openssl=yes,
+ with_openssl=no)
+AM_CONDITIONAL(HAVE_OPENSSL, [test "$with_openssl" = "yes"])
+AC_SUBST(OPENSSL_CFLAGS)
+AC_SUBST(OPENSSL_LIBS)
+
+dnl ************************************
+dnl *** Enable lcov coverage reports ***
+dnl ************************************
+
+AC_ARG_ENABLE(gcov,
+ AS_HELP_STRING([--enable-gcov],
+ [Enable gcov]),
+ [use_gcov=$enableval], [use_gcov=no])
+
+if test "$use_gcov" = "yes"; then
+ dnl we need gcc:
+ if test "$GCC" != "yes"; then
+ AC_MSG_ERROR([GCC is required for --enable-gcov])
+ fi
+
+ ltp_version_list="1.6 1.7 1.8 1.9"
+ AC_CHECK_PROG(LTP, lcov, lcov)
+ AC_CHECK_PROG(LTP_GENHTML, genhtml, genhtml)
+
+ if test "$LTP"; then
+ AC_CACHE_CHECK([for ltp version], glib_cv_ltp_version, [
+ glib_cv_ltp_version=invalid
+ ltp_version=`$LTP -v 2>/dev/null | $SED -e 's/^.* //'`
+ for ltp_check_version in $ltp_version_list; do
+ if test "$ltp_version" = "$ltp_check_version"; then
+ glib_cv_ltp_version="$ltp_check_version (ok)"
+ fi
+ done
+ ])
+ else
+ ltp_msg="To enable code coverage reporting you must have one of the following LTP versions installed:
$ltp_version_list"
+ AC_MSG_ERROR([$ltp_msg])
+ fi
+
+ case $glib_cv_ltp_version in
+ ""|invalid[)]
+ ltp_msg="You must have one of the following versions of LTP: $ltp_version_list (found: $ltp_version)."
+ AC_MSG_ERROR([$ltp_msg])
+ LTP="exit 0;"
+ ;;
+ esac
+
+ if test -z "$LTP_GENHTML"; then
+ AC_MSG_ERROR([Could not find genhtml from the LTP package])
+ fi
+
+ AC_DEFINE(HAVE_GCOV, 1, [Whether you have gcov])
+
+ dnl Remove all optimization flags from CFLAGS
+ changequote({,})
+ CFLAGS=`echo "$CFLAGS" | $SED -e 's/-O[0-9]*//g'`
+ changequote([,])
+
+ dnl Add the special gcc flags
+ CFLAGS="$CFLAGS -O0 -fprofile-arcs -ftest-coverage"
+ LDFLAGS="$LDFLAGS -lgcov"
+fi
+
+dnl ****************************************************
+dnl *** Warnings to show if using GCC ***
+dnl *** (do this last so -Werror won't mess up tests ***
+dnl ****************************************************
+
+AC_ARG_ENABLE(more-warnings,
+ AS_HELP_STRING([--disable-more-warnings], [Inhibit compiler warnings]),
+ set_more_warnings=no)
+
+if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then
+ CFLAGS="$CFLAGS \
+ -Wall -Wstrict-prototypes -Werror=missing-prototypes \
+ -Werror=implicit-function-declaration \
+ -Werror=pointer-arith -Werror=init-self -Werror=format=2 \
+ -Werror=missing-include-dirs \
+ -Werror=declaration-after-statement"
+fi
+
+dnl *****************************
+dnl *** done ***
+dnl *****************************
+AC_CONFIG_FILES([Makefile
+ config.h.win32
+ build/Makefile
+ build/win32/Makefile
+ build/win32/vs9/Makefile
+ build/win32/vs10/Makefile
+ build/win32/vs11/Makefile
+ build/win32/vs12/Makefile
+ build/win32/vs14/Makefile
+ po/Makefile.in po/Makefile
+ tls/base/Makefile
+ tls/openssl/Makefile
+ tls/tests/Makefile
+ ])
+AC_OUTPUT
+
+echo ""
+echo " TLS support: ${with_openssl:-no}"
diff --git a/glib-openssl.doap b/glib-openssl.doap
new file mode 100644
index 0000000..465503d
--- /dev/null
+++ b/glib-openssl.doap
@@ -0,0 +1,25 @@
+<Project xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
+ xmlns:foaf="http://xmlns.com/foaf/0.1/"
+ xmlns:gnome="http://api.gnome.org/doap-extensions#"
+ xmlns="http://usefulinc.com/ns/doap#">
+
+ <name xml:lang="en">glib-openssl</name>
+ <shortdesc xml:lang="en">Network extensions for GLib using OpenSSL</shortdesc>
+ <description xml:lang="en"> glib-openssl contains the implementations of certain GLib openssl features
that cannot be implemented directly in GLib itself because of their dependencies.
+
+Currently it contains a OpenSSL-based implementation of GTlsBackend.</description>
+
+ <download-page rdf:resource="http://download.gnome.org/sources/glib-openssl" />
+ <bug-database rdf:resource="http://bugzilla.gnome.org/browse.cgi?product=glib" />
+ <category rdf:resource="http://api.gnome.org/doap-extensions#core" />
+ <programming-language>C</programming-language>
+
+ <maintainer>
+ <foaf:Person>
+ <foaf:name>Ignacio Casal Quinteiro</foaf:name>
+ <foaf:mbox rdf:resource="mailto:icq gnome org" />
+ <gnome:userid>icq</gnome:userid>
+ </foaf:Person>
+ </maintainer>
+</Project>
diff --git a/glib-openssl.mk b/glib-openssl.mk
new file mode 100644
index 0000000..9711ab0
--- /dev/null
+++ b/glib-openssl.mk
@@ -0,0 +1,14 @@
+### glib-openssl declarations
+
+module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex
'^g_io_module_(load|unload|query)'
+
+giomoduledir = $(GIO_MODULE_DIR)
+
+AM_CPPFLAGS = \
+ -DG_LOG_DOMAIN=\"GLib-OpenSSL\" \
+ -DLOCALE_DIR=\""$(localedir)"\" \
+ -DG_DISABLE_DEPRECATED \
+ $(GLIB_CFLAGS) \
+ $(NULL)
+
+include $(top_srcdir)/glib.mk
diff --git a/glib.mk b/glib.mk
new file mode 100644
index 0000000..016cb91
--- /dev/null
+++ b/glib.mk
@@ -0,0 +1,135 @@
+# GLIB - Library of useful C routines
+
+TESTS_ENVIRONMENT= \
+ G_TEST_SRCDIR="$(abs_srcdir)" \
+ G_TEST_BUILDDIR="$(abs_builddir)" \
+ G_DEBUG=gc-friendly \
+ MALLOC_CHECK_=2 \
+ MALLOC_PERTURB_=$$(($${RANDOM:-256} % 256))
+LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
+LOG_COMPILER = $(top_srcdir)/tap-test
+
+NULL =
+
+# initialize variables for unconditional += appending
+BUILT_SOURCES =
+BUILT_EXTRA_DIST =
+CLEANFILES = *.log *.trs
+DISTCLEANFILES =
+MAINTAINERCLEANFILES =
+EXTRA_DIST =
+TESTS =
+
+installed_test_LTLIBRARIES =
+installed_test_PROGRAMS =
+installed_test_SCRIPTS =
+nobase_installed_test_DATA =
+
+noinst_LTLIBRARIES =
+noinst_PROGRAMS =
+noinst_SCRIPTS =
+noinst_DATA =
+
+check_LTLIBRARIES =
+check_PROGRAMS =
+check_SCRIPTS =
+check_DATA =
+
+# We support a fairly large range of possible variables. It is expected that all types of files in a test
suite
+# will belong in exactly one of the following variables.
+#
+# First, we support the usual automake suffixes, but in lowercase, with the customary meaning:
+#
+# test_programs, test_scripts, test_data, test_ltlibraries
+#
+# The above are used to list files that are involved in both uninstalled and installed testing. The
+# test_programs and test_scripts are taken to be actual testcases and will be run as part of the test suite.
+# Note that _data is always used with the nobase_ automake variable name to ensure that installed test data
is
+# installed in the same way as it appears in the package layout.
+#
+# In order to mark a particular file as being only for one type of testing, use 'installed' or 'uninstalled',
+# like so:
+#
+# installed_test_programs, uninstalled_test_programs
+# installed_test_scripts, uninstalled_test_scripts
+# installed_test_data, uninstalled_test_data
+# installed_test_ltlibraries, uninstalled_test_ltlibraries
+#
+# Additionally, we support 'extra' infixes for programs and scripts. This is used for support
programs/scripts
+# that should not themselves be run as testcases (but exist to be used from other testcases):
+#
+# test_extra_programs, installed_test_extra_programs, uninstalled_test_extra_programs
+# test_extra_scripts, installed_test_extra_scripts, uninstalled_test_extra_scripts
+#
+# Additionally, for _scripts and _data, we support the customary dist_ prefix so that the named script or
data
+# file automatically end up in the tarball.
+#
+# dist_test_scripts, dist_test_data, dist_test_extra_scripts
+# dist_installed_test_scripts, dist_installed_test_data, dist_installed_test_extra_scripts
+# dist_uninstalled_test_scripts, dist_uninstalled_test_data, dist_uninstalled_test_extra_scripts
+#
+# Note that no file is automatically disted unless it appears in one of the dist_ variables. This follows
the
+# standard automake convention of not disting programs scripts or data by default.
+#
+# test_programs, test_scripts, uninstalled_test_programs and uninstalled_test_scripts (as well as their
disted
+# variants) will be run as part of the in-tree 'make check'. These are all assumed to be runnable under
+# gtester. That's a bit strange for scripts, but it's possible.
+
+TESTS += $(test_programs) $(test_scripts) $(uninstalled_test_programs) $(uninstalled_test_scripts) \
+ $(dist_test_scripts) $(dist_uninstalled_test_scripts)
+
+# Note: build even the installed-only targets during 'make check' to ensure that they still work.
+# We need to do a bit of trickery here and manage disting via EXTRA_DIST instead of using dist_ prefixes to
+# prevent automake from mistreating gmake functions like $(wildcard ...) and $(addprefix ...) as if they were
+# filenames, including removing duplicate instances of the opening part before the space, eg. '$(addprefix'.
+all_test_programs = $(test_programs) $(uninstalled_test_programs) $(installed_test_programs) \
+ $(test_extra_programs) $(uninstalled_test_extra_programs)
$(installed_test_extra_programs)
+all_test_scripts = $(test_scripts) $(uninstalled_test_scripts) $(installed_test_scripts) \
+ $(test_extra_scripts) $(uninstalled_test_extra_scripts)
$(installed_test_extra_scripts)
+all_dist_test_scripts = $(dist_test_scripts) $(dist_uninstalled_test_scripts) $(dist_installed_test_scripts)
\
+ $(dist_test_extra_scripts) $(dist_uninstalled_test_extra_scripts)
$(dist_installed_test_extra_scripts)
+all_test_scripts += $(all_dist_test_scripts)
+EXTRA_DIST += $(all_dist_test_scripts)
+all_test_data = $(test_data) $(uninstalled_test_data) $(installed_test_data)
+all_dist_test_data = $(dist_test_data) $(dist_uninstalled_test_data) $(dist_installed_test_data)
+all_test_data += $(all_dist_test_data)
+EXTRA_DIST += $(all_dist_test_data)
+all_test_ltlibs = $(test_ltlibraries) $(uninstalled_test_ltlibraries) $(installed_test_ltlibraries)
+
+if ENABLE_ALWAYS_BUILD_TESTS
+noinst_LTLIBRARIES += $(all_test_ltlibs)
+noinst_PROGRAMS += $(all_test_programs)
+noinst_SCRIPTS += $(all_test_scripts)
+noinst_DATA += $(all_test_data)
+else
+check_LTLIBRARIES += $(all_test_ltlibs)
+check_PROGRAMS += $(all_test_programs)
+check_SCRIPTS += $(all_test_scripts)
+check_DATA += $(all_test_data)
+endif
+
+if ENABLE_INSTALLED_TESTS
+installed_test_PROGRAMS += $(test_programs) $(installed_test_programs) \
+ $(test_extra_programs) $(installed_test_extra_programs)
+installed_test_SCRIPTS += $(test_scripts) $(installed_test_scripts) \
+ $(test_extra_scripts) $(test_installed_extra_scripts)
+installed_test_SCRIPTS += $(dist_test_scripts) $(dist_test_extra_scripts) \
+ $(dist_installed_test_scripts) $(dist_installed_test_extra_scripts)
+nobase_installed_test_DATA += $(test_data) $(installed_test_data)
+nobase_installed_test_DATA += $(dist_test_data) $(dist_installed_test_data)
+installed_test_LTLIBRARIES += $(test_ltlibraries) $(installed_test_ltlibraries)
+installed_testcases = $(test_programs) $(installed_test_programs) \
+ $(test_scripts) $(installed_test_scripts) \
+ $(dist_test_scripts) $(dist_installed_test_scripts)
+
+installed_test_meta_DATA = $(installed_testcases:=.test)
+
+%.test: %$(EXEEXT) Makefile
+ $(AM_V_GEN) (echo '[Test]' > $@.tmp; \
+ echo 'Type=session' >> $@.tmp; \
+ echo 'Exec=$(installed_testdir)/$(notdir $<) --tap' >> $@.tmp; \
+ echo 'Output=TAP' >> $@.tmp; \
+ mv $@.tmp $@)
+
+CLEANFILES += $(installed_test_meta_DATA)
+endif
diff --git a/m4/glibtests.m4 b/m4/glibtests.m4
new file mode 100644
index 0000000..7d5920a
--- /dev/null
+++ b/m4/glibtests.m4
@@ -0,0 +1,28 @@
+dnl GLIB_TESTS
+dnl
+
+AC_DEFUN([GLIB_TESTS],
+[
+ AC_ARG_ENABLE(installed-tests,
+ AS_HELP_STRING([--enable-installed-tests],
+ [Enable installation of some test cases]),
+ [case ${enableval} in
+ yes) ENABLE_INSTALLED_TESTS="1" ;;
+ no) ENABLE_INSTALLED_TESTS="" ;;
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-installed-tests]) ;;
+ esac])
+ AM_CONDITIONAL([ENABLE_INSTALLED_TESTS], test "$ENABLE_INSTALLED_TESTS" = "1")
+ AC_ARG_ENABLE(always-build-tests,
+ AS_HELP_STRING([--enable-always-build-tests],
+ [Enable always building tests during 'make all']),
+ [case ${enableval} in
+ yes) ENABLE_ALWAYS_BUILD_TESTS="1" ;;
+ no) ENABLE_ALWAYS_BUILD_TESTS="" ;;
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-always-build-tests]) ;;
+ esac])
+ AM_CONDITIONAL([ENABLE_ALWAYS_BUILD_TESTS], test "$ENABLE_ALWAYS_BUILD_TESTS" = "1")
+ if test "$ENABLE_INSTALLED_TESTS" = "1"; then
+ AC_SUBST(installed_test_metadir, [${datadir}/installed-tests/]AC_PACKAGE_NAME)
+ AC_SUBST(installed_testdir, [${libexecdir}/installed-tests/]AC_PACKAGE_NAME)
+ fi
+])
diff --git a/po/.gitignore b/po/.gitignore
new file mode 100644
index 0000000..a861040
--- /dev/null
+++ b/po/.gitignore
@@ -0,0 +1,4 @@
+*.gmo
+glib-openssl.pot
+Makefile.in.in
+POTFILES
diff --git a/po/LINGUAS b/po/LINGUAS
new file mode 100644
index 0000000..115782e
--- /dev/null
+++ b/po/LINGUAS
@@ -0,0 +1,67 @@
+an
+ar
+as
+be
+bg
+bn_IN
+bs
+ca
+ca@valencia
+cs
+da
+de
+el
+en_CA
+en_GB
+eo
+es
+et
+eu
+fa
+fi
+fr
+fur
+gd
+gl
+gu
+he
+hi
+hr
+hu
+id
+it
+ja
+kk
+km
+kn
+ko
+lv
+lt
+ml
+mr
+nb
+nl
+oc
+or
+pa
+pl
+pt
+pt_BR
+ro
+ru
+sk
+sl
+sr
+sr@latin
+sv
+ta
+te
+tg
+th
+tr
+ug
+uk
+vi
+zh_CN
+zh_HK
+zh_TW
diff --git a/po/Makevars b/po/Makevars
new file mode 100644
index 0000000..10357d6
--- /dev/null
+++ b/po/Makevars
@@ -0,0 +1,78 @@
+# Makefile variables for PO directory in any package using GNU gettext.
+
+# Usually the message domain is the same as the package name.
+DOMAIN = $(PACKAGE)
+
+# These two variables depend on the location of this directory.
+subdir = po
+top_builddir = ..
+
+# These options get passed to xgettext.
+XGETTEXT_OPTIONS = --from-code=UTF-8 --keyword=_ --keyword=N_ --keyword=C_:1c,2 --keyword=NC_:1c,2
--keyword=g_dngettext:2,3 --add-comments
+
+# This is the copyright holder that gets inserted into the header of the
+# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
+# package. (Note that the msgstr strings, extracted from the package's
+# sources, belong to the copyright holder of the package.) Translators are
+# expected to transfer the copyright for their translations to this person
+# or entity, or to disclaim their copyright. The empty string stands for
+# the public domain; in this case the translators are expected to disclaim
+# their copyright.
+COPYRIGHT_HOLDER = Free Software Foundation, Inc.
+
+# This tells whether or not to prepend "GNU " prefix to the package
+# name that gets inserted into the header of the $(DOMAIN).pot file.
+# Possible values are "yes", "no", or empty. If it is empty, try to
+# detect it automatically by scanning the files in $(top_srcdir) for
+# "GNU packagename" string.
+PACKAGE_GNU =
+
+# This is the email address or URL to which the translators shall report
+# bugs in the untranslated strings:
+# - Strings which are not entire sentences, see the maintainer guidelines
+# in the GNU gettext documentation, section 'Preparing Strings'.
+# - Strings which use unclear terms or require additional context to be
+# understood.
+# - Strings which make invalid assumptions about notation of date, time or
+# money.
+# - Pluralisation problems.
+# - Incorrect English spelling.
+# - Incorrect formatting.
+# It can be your email address, or a mailing list address where translators
+# can write to without being subscribed, or the URL of a web page through
+# which the translators can contact you.
+MSGID_BUGS_ADDRESS =
+
+# This is the list of locale categories, beyond LC_MESSAGES, for which the
+# message catalogs shall be used. It is usually empty.
+EXTRA_LOCALE_CATEGORIES =
+
+# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt'
+# context. Possible values are "yes" and "no". Set this to yes if the
+# package uses functions taking also a message context, like pgettext(), or
+# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument.
+USE_MSGCTXT = no
+
+# These options get passed to msgmerge.
+# Useful options are in particular:
+# --previous to keep previous msgids of translated messages,
+# --quiet to reduce the verbosity.
+MSGMERGE_OPTIONS =
+
+# These options get passed to msginit.
+# If you want to disable line wrapping when writing PO files, add
+# --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and
+# MSGINIT_OPTIONS.
+MSGINIT_OPTIONS =
+
+# This tells whether or not to regenerate a PO file when $(DOMAIN).pot
+# has changed. Possible values are "yes" and "no". Set this to no if
+# the POT file is checked in the repository and the version control
+# program ignores timestamps.
+PO_DEPENDS_ON_POT = no
+
+# This tells whether or not to forcibly update $(DOMAIN).pot and
+# regenerate PO files on "make dist". Possible values are "yes" and
+# "no". Set this to no if the POT file and PO files are maintained
+# externally.
+DIST_DEPENDS_ON_UPDATE_PO = no
diff --git a/po/POTFILES.in b/po/POTFILES.in
new file mode 100644
index 0000000..1850eb8
--- /dev/null
+++ b/po/POTFILES.in
@@ -0,0 +1,5 @@
+tls/base/gtlsconnection-base.c
+tls/openssl/gtlscertificate-openssl.c
+tls/openssl/gtlsclientconnection-openssl.c
+tls/openssl/gtlsconnection-openssl.c
+tls/openssl/gtlsserverconnection-openssl.c
diff --git a/po/an.po b/po/an.po
new file mode 100644
index 0000000..8a2da3c
--- /dev/null
+++ b/po/an.po
@@ -0,0 +1,158 @@
+# Aragonese translation for glib-openssl.
+# Copyright (C) 2013 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-02-20 01:19+0100\n"
+"Last-Translator: Daniel Martinez <entaltoaragon gmail com>\n"
+"Language-Team: Aragonese <softaragones googlegroups com>\n"
+"Language: an\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "A connexión ye zarrada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A operación se blocará"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "O servidor requiere un certificau TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "No se podió analisar o certificau DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "No se podió analisar o certificau PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "No se podió analisar a clau privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "No se podió analisar a clau privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "No s'han proporcionau datos d'o certificau"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "No se podió creyar a connexión TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "No se podió creyar a connexión TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "O par falló en realizar a negociación TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "O par d'a connexión TLS no ninvió un certificau"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error en realizar a negociación TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "O servidor no devolvió un certificau TLS valido"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificau TLS inacceptable"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Error en leyer datos d'o socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Error en escribir datos en o socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Error en zarrar o TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "O certificau no tiene clau privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Error interna d'o proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "O par solicitó una renegociación TLS ilegal"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "A connexión TLS se zarró inasperadament"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "A connexión ya ye zarrada"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ista ye a zaguera oportunidat ta introducir o PIN correctament antes que "
+#~ "se bloque o \"token\"."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Quantos intentos d'introducir o PIN han estau incorrectos y o \"token\" "
+#~ "se blocará dimpués de mas fallos."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN introduciu ye incorrecto."
+
+#~ msgid "Module"
+#~ msgstr "Modulo"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Puntero d'o modulo PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID d'a ranura"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador d'a ranura de PKCS#11"
diff --git a/po/ar.po b/po/ar.po
new file mode 100644
index 0000000..dd48005
--- /dev/null
+++ b/po/ar.po
@@ -0,0 +1,164 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# IBRAHIM <mradonadiego hotmail fr>, 2011
+# Mohammad Alhargan <malham1 gmail com>, 2012.
+# Khaled Hosny <khaledhosny eglug org>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-09-20 07:26+0200\n"
+"Last-Translator: Khaled Hosny <khaledhosny eglug org>\n"
+"Language-Team: Arabic <doc arabeyes org>\n"
+"Language: ar\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 "
+"&& n%100<=10 ? 3 : n%100>=11 ? 4 : 5;\n"
+"X-Generator: Virtaal 0.7.0\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "الاتصال مغلق"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "العملية قد تغلق"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "يتطلب الخادوم شهادة TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "تعذر تحليل شهادة DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "تعذر تحليل شهادة PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "تعذر تحليل المفتاح الخاص DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "تعذر تحليل المفتاح الخاص PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "لم يتم تقديم بيانات الشهادة"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "لا يمكن إنشاء اتصال TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "لا يمكن إنشاء اتصال TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "فشل إجراء تعارف نظير TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "لم يُرجع الخادوم شهادة TLS سليمة"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "خطأ في تعارف TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "لم يُرجع الخادوم شهادة TLS سليمة"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "شهادة TLS غير مقبولة"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "حدث خطأ أثناء قراءة البيانات من مأخذ توصيل TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "حدث خطأ أثناء كتابة البيانات من مأخذ توصيل TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "خطأ في إغلاق TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "لا يوجد مفتاح خاص للشهادة"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "خطأ داخلي تحليل الوكيل."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "طلب النظير تعارف TLS غير شرعي"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "تم إغلاق اتصال TLS بشكل غير متوقع"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "الاتصال مغلق من قبل"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "هذه هي الفرصة الأخيرة لإدخال رقم التعريف الشخصي بشكل صحيح قبل تأمين الرمز "
+#~ "المميز."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "عدة محاولات إدخال رقم التعريف الشخصي غير صحيحة، سيتم تأمين الرمز المميز "
+#~ "بعد المزيد من الفشل."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "رقم التعريف الشخصي الذي أدخلته غير صحيح."
+
+#~ msgid "Module"
+#~ msgstr "وحدة نمطية"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "مؤشر الوحدة النمطية PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "معرف المدخل"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "معرف مدخل PKCS#11"
diff --git a/po/as.po b/po/as.po
new file mode 100644
index 0000000..5aba5e9
--- /dev/null
+++ b/po/as.po
@@ -0,0 +1,155 @@
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Nilamdyuti Goswami <ngoswami redhat com>, 2011, 2012, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-12 18:28+0530\n"
+"Last-Translator: Nilamdyuti Goswami <ngoswami redhat com>\n"
+"Language-Team: Assamese <kde-i18n-doc kde org>\n"
+"Language: as\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.5\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "সংযোগ বন্ধ"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "কাৰ্য্য প্ৰতিৰোধ কৰিব"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "চাৰ্ভাৰৰ TLS প্ৰমাণপত্ৰৰ প্ৰয়োজন আছিল"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER প্ৰমাণপত্ৰক বিশ্লেষণ কৰোতে অক্ষম: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM প্ৰমাণপত্ৰক বিশ্লেষণ কৰোতে অক্ষম: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER ব্যক্তিগত চাবিক বিশ্লেষণ কৰোতে অক্ষম: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM ব্যক্তিগত চাবিক বিশ্লেষণ কৰোতে অক্ষম: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "কোনো প্ৰমাণপত্ৰ তথ্য যোগান দিয়া হোৱা নাই"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS সংযোগ সৃষ্টি কৰিব পৰা নগল: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS সংযোগ সৃষ্টি কৰিব পৰা নগল: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS হেন্ডশেক কৰিবলে সমনীয়া ব্যৰ্থ হল"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS সংযোগ সমনীয়ায়ে এটা প্ৰমাণপত্ৰ প্ৰেৰণ নকৰিলে"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS হেন্ডশেক কৰোতে ত্ৰুটি: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "চাৰ্ভাৰে এটা বৈধ TLS প্ৰমাণপত্ৰ ঘুৰাই নিদিলে"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "অগ্ৰহণযোগ্য TLS প্ৰমাণপত্ৰ"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS চকেটৰ পৰা তথ্য পঢোতে ত্ৰুটি: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS চকেটলে তথ্য লিখোতে ত্ৰুটি: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS বন্ধ কৰোতে ত্ৰুটি: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "প্ৰমাণপত্ৰৰ কোনো ব্যক্তিগত চাবি নাই"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "প্ৰক্সি সংশোধক অভ্যন্তৰীয় ত্ৰুটি।"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "সমনীয়ায় অবৈধ পুনৰ হেন্ডশেকৰ অনুৰোধ কৰিছিল"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS সংযোগ অপ্ৰত্যাশিতভাৱে বন্ধ হৈ গল"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "সংযোগ ইতিমধ্যে বন্ধ"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "টকেন লক হোৱাৰ আগত PIN সঠিকভাৱে সুমুৱাৰ এইটো শেষ সুযোগ।"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "কেইবাটাও PIN চেষ্টা ভুল হৈছে, আৰু ততোধিক ব্যৰ্থতাৰ পিছত টকেন লক কৰা হব।"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "সুমুৱা PIN ভুল।"
+
+#~ msgid "Module"
+#~ msgstr "মডিউল"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 মডিউল পোইন্টাৰ"
+
+#~ msgid "Slot ID"
+#~ msgstr "স্লট ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 স্লট চিনাক্তক"
diff --git a/po/be.po b/po/be.po
new file mode 100644
index 0000000..674c16d
--- /dev/null
+++ b/po/be.po
@@ -0,0 +1,157 @@
+# Ihar Hrachyshka <ihar hrachyshka gmail com>, 2011.
+# Kasia Bondarava <kasia bondarava gmail com>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-08-30 15:27+0300\n"
+"Last-Translator: Kasia Bondarava <kasia bondarava gmail com>\n"
+"Language-Team: Belarusian <i18n-bel-gnome googlegroups com>\n"
+"Language: be\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Virtaal 0.7.0\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Злучэнне закрыта"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Аперацыя будзе заблакіравана"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Сервер запатрабаваў TLS-сертыфікат"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Не ўдалося разабраць DER-сертыфікат: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Не ўдалося разабраць PEM-сертыфікат: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Не ўдалося разабраць прыватны DER-ключ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Не ўдалося разабраць прыватны PEM-ключ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Даныя сертыфіката не пададзеныя"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не ўдалося стварыць TLS-злучэнне: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Не ўдалося стварыць TLS-злучэнне: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Суразмоўцу не ўдалося выканаць вітанне TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Партнёр па TLS-злучэнні не паслаў сертыфікат"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Памылка выканання вітання TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сервер не вярнуў правільнага TLS-сертыфіката"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Непрымальны TLS-сертыфікат"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Памылка чытання даных з TLS-сокета: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Памылка запісу даных у TLS-сокет: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Памылка закрыцця TLS-злучэння: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Сертыфікат не мае закрытага ключа"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Унутраная памылка распазнавальніка проксі-сервера."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Суразмоўца запытаў забароненае паўторнае вітанне TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-злучэнне нечакана закрылася"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Злучэнне ўжо закрыта"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "Гэта апошні шанец увесці правільны PIN-код да блакіравання доступу."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Вы некалькі разоў уводзілі хібны PIN-код, і калі вы працягнеце ўводзіць "
+#~ "хібны PIN-код, дык будзеце заблакіраваны."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Уведзены няправільны PIN-код."
+
+#~ msgid "Module"
+#~ msgstr "Модуль"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Паказальнік модуля PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Ідэнтыфікатар слота"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Ідэнтыфікатар слота PKCS#11"
diff --git a/po/bg.po b/po/bg.po
new file mode 100644
index 0000000..0f693b5
--- /dev/null
+++ b/po/bg.po
@@ -0,0 +1,159 @@
+# Bulgarian translation of glib-openssl po-file.
+# Copyright (C) 2011, 2012, 2013 Free Software Foundation
+# This file is distributed under the same license as the glib-openssl package.
+# Alexander Shopov <ash kambanaria org>, 2011, 2012, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-01-08 21:50+0200\n"
+"Last-Translator: Alexander Shopov <ash kambanaria org>\n"
+"Language-Team: Bulgarian <dict fsa-bg org>\n"
+"Language: bg\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Връзката е прекъсната"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Операцията ще блокира"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Сървърът изисква сертификат за TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Сертификатът във формат DER не може да бъде анализиран: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Сертификатът във формат PEM не може да бъде анализиран: %s<"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Частният ключ във формат DER не може да бъде анализиран: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Частният ключ във формат PEM не може да бъде анализиран: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Липсват данни за сертификат"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не може да се създаде връзка по TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Не може да се създаде връзка по TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Отсрещната страна не осъществи ръкостискане по TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Отсрещната страна за TLS не върна сертификат"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Грешка при ръкостискане по TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сървърът върна неправилен сертификат за TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Неприемлив сертификат за TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Грешка при четене на данни по TLS от гнездо: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Грешка при запис на данни по TLS към гнездо: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Грешка при прекъсване на TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Сертификатът е без частен ключ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Вътрешна грешка при откриването на сървъра-посредник."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Отсрещната страна изиска неправилно ново ръкостискане по TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Връзката по TLS неочаквано прекъсна"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Връзката вече е прекъсната"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Това е последният ви шанс да въведете правилен ПИН. При грешка "
+#~ "устройството ще бъде заключено."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Няколко последователно въведени ПИН-а са били грешни. При поредна грешка "
+#~ "устройството ще бъде заключено."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Неправилен ПИН."
+
+#~ msgid "Module"
+#~ msgstr "Модул"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Указател към модул за PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Идентификатор на гнездо"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Идентификатор на гнездо за PKCS#11"
diff --git a/po/bn_IN.po b/po/bn_IN.po
new file mode 100644
index 0000000..1c19ce8
--- /dev/null
+++ b/po/bn_IN.po
@@ -0,0 +1,127 @@
+# Bengali (India) translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# , 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-02-11 13:52+0530\n"
+"Last-Translator: \n"
+"Language-Team: Bengali (India) <bn_IN li org>\n"
+"Language: bn_IN\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.1\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "সার্ভারের ক্ষেত্রে TLS সার্টিফিকেট আবশ্যক"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER সার্টিফিকেট পার্স করতে ব্যর্থ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM সার্টিফিকেট পার্স করতে ব্যর্থ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER গোপনীয়-কি পার্স করতে ব্যর্থ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM গোপনীয়-কি পার্স করতে ব্যর্থ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "সার্টিফিকেটের কোনো তথ্য উপলব্ধ করা হয়নি"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS সংযোগ তৈরি করতে ব্যর্থ: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS সংযোগ তৈরি করতে ব্যর্থ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "সমকক্ষ দ্বারা TLS হ্যান্ড-শেক করা সম্ভব হয়নি"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS সংযোগ অপ্রত্যাশিতভাবে বন্ধ হয়ে গেছে"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS হ্যান্ড-শেক করার সময় ত্রুটি দেখা দিয়েছে: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "সার্ভারের ক্ষেত্রে TLS সার্টিফিকেট আবশ্যক"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "অগ্রহণযোগ্য TLS সার্টিফিকেট"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS সকেট থেকে তথ্য পড়তে ত্রুটি: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS সকেটে তথ্য লিখতে ত্রুটি: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS বন্ধ করতে ত্রুটি: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "প্রক্সি মীমাংসাকারীর অভ্যন্তরীণ ত্রুটি।"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "সমকক্ষ দ্বারা TLS-র জন্য পুনরায় হ্যান্ড-শেক করার অবৈধ অনুরোধ করা হয়েছে"
diff --git a/po/bs.po b/po/bs.po
new file mode 100644
index 0000000..be54087
--- /dev/null
+++ b/po/bs.po
@@ -0,0 +1,151 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2015-02-04 14:27+0000\n"
+"Last-Translator: Samir Ribić <Unknown>\n"
+"Language-Team: Bosnian <bs li org>\n"
+"Language: bs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2015-02-05 07:01+0000\n"
+"X-Generator: Launchpad (build 17331)\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Veza je zatvorena"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operacija bi se blokirala"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server zahtijeva TLS certifikat"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Ne mogu analizirati DER certifikate: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Ne mogu analizirati PEM certifikate:: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Ne mogu analizirati DER privatni ključ:: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Ne mogu analizirati PEM privatni ključ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nema datih certifikacijskih podataka"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ne mogu kreirati TLS vezu: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ne mogu kreirati TLS vezu: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Saradnik neuspio da obavi TLS usaglašavanje"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Saradnik u TLS konekciji nije poslao certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška u TLS usaglašavanju: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server nije vratio važeći TLS certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljiv TLS certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Greška u čitanju podataka iz TLS soketa: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Greška u pisnju podataka u TLS soket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Greška u obavljanju TLS zatvaranja: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certifikat nema privatnog ključa"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Interna greška bliskog razrješivača."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Saradnik zahtijevao neispravno TLS ponovno usaglašavanje"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS veza neočekivano zatvorena"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ovo je zadnja šansa da pravilno unesete PIN prije nego se token zaključa."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Nekoliko PIN pokušaja je bilo netačni, a token će biti zaključan nakon "
+#~ "daljih grešaka."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Uneseni PIN je neispravan."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
+
+#~ msgid "Slot ID"
+#~ msgstr "IB slota"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Identifikator slota"
diff --git a/po/ca.po b/po/ca.po
new file mode 100644
index 0000000..f1d0adb
--- /dev/null
+++ b/po/ca.po
@@ -0,0 +1,163 @@
+# Catalan translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# David Planella <david planella gmail com>, 2011, 2012.
+# Gil Forcada <gilforcada guifi net>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-08-16 19:02+0200\n"
+"Last-Translator: Gil Forcada <gilforcada guifi net>\n"
+"Language-Team: Catalan <gnome-dl llistes softcatala org>\n"
+"Language: ca\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La connexió està tancada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'operació bloquejaria"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "El servidor requereix un certificat TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "No s'ha pogut analitzar el certificat DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "No s'ha pogut analitzar el certificat PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "No s'ha pogut analitzar la clau privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "No s'ha pogut analitzar la clau privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "No s'ha proporcionat cap dada per al certificat"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "No s'ha pogut crear una connexió TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "No s'ha pogut crear una connexió TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "El servidor no ha retornat un certificat TLS vàlid"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "No es pot acceptar el certificat TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "El certificat no té cap clau privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr ""
+#~ "S'ha produït un error intern al sistema de resolució del servidor "
+#~ "intermediari."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "La connexió TLS s'ha tancat de manera inesperada"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connexió ja està tancada"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Aquesta és la darrera oportunitat per introduir el PIN de manera correcta "
+#~ "abans de bloquejar el testimoni."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "S'ha intentat introduir el PIN de manera incorrecta diverses vegades, i "
+#~ "es bloquejarà el testimoni si es torna a fallar."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "S'ha introduït un PIN incorrecte."
+
+#~ msgid "Module"
+#~ msgstr "Mòdul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Punter del mòdul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Identificador de ranura"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador de la ranura PKCS#11"
diff --git a/po/ca valencia po b/po/ca valencia po
new file mode 100644
index 0000000..7ded920
--- /dev/null
+++ b/po/ca valencia po
@@ -0,0 +1,163 @@
+# Catalan translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# David Planella <david planella gmail com>, 2011, 2012.
+# Gil Forcada <gilforcada guifi net>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-08-16 19:02+0200\n"
+"Last-Translator: Gil Forcada <gilforcada guifi net>\n"
+"Language-Team: Catalan <gnome-dl llistes softcatala org>\n"
+"Language: ca@valencia\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La connexió està tancada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'operació bloquejaria"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "El servidor requereix un certificat TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "No s'ha pogut analitzar el certificat DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "No s'ha pogut analitzar el certificat PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "No s'ha pogut analitzar la clau privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "No s'ha pogut analitzar la clau privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "No s'ha proporcionat cap dada per al certificat"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "No s'ha pogut crear una connexió TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "No s'ha pogut crear una connexió TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "El servidor no ha retornat un certificat TLS vàlid"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "No es pot acceptar el certificat TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "El certificat no té cap clau privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr ""
+#~ "S'ha produït un error intern al sistema de resolució del servidor "
+#~ "intermediari."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "La connexió TLS s'ha tancat de manera inesperada"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connexió ja està tancada"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta és la darrera oportunitat per introduir el PIN de manera correcta "
+#~ "abans de bloquejar el testimoni."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "S'ha intentat introduir el PIN de manera incorrecta diverses vegades, i "
+#~ "es bloquejarà el testimoni si es torna a fallar."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "S'ha introduït un PIN incorrecte."
+
+#~ msgid "Module"
+#~ msgstr "Mòdul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Punter del mòdul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Identificador de ranura"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador de la ranura PKCS#11"
diff --git a/po/cs.po b/po/cs.po
new file mode 100644
index 0000000..29f103c
--- /dev/null
+++ b/po/cs.po
@@ -0,0 +1,159 @@
+# Czech translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Marek Černocký <marek manet cz>, 2011, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-02 21:47+0100\n"
+"Last-Translator: Marek Černocký <marek manet cz>\n"
+"Language-Team: čeština <gnome-cs-list gnome org>\n"
+"Language: cs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
+"X-Generator: Gtranslator 2.91.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Připojení je uzavřeno"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operace by blokovala"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server požaduje certifikát TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nelze zpracovat certifikát DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nelze zpracovat certifikát PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nelze zpracovat soukromý klíč DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nelze zpracovat soukromý klíč PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nebyla poskytnuta žádná data certifikátu"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nelze vytvořit připojení TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nelze vytvořit připojení TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Protějšek selhal při navazování spojení TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Protějšek připojení TLS neposlal certifikát"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Chyba při navazování spojení TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server nevrátil platný certifikát TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Nepřijatelný certifikát TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Chyba čtení dat ze soketu TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Chyba zápisu dat do soketu TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Chyba při zavírání TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certifikát nemá soukromý klíč"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Interní chyba zjišťování adres přes proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Protějšek požadoval neplatné znovunavázání spojení TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Připojení TLS bylo neočekávaně zavřeno"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Připojení je stále uzavřeno"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "Máte poslední pokus zadat PIN správně, pak bude tiket zablokován."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude tiket "
+#~ "zablokován."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Zadaný PIN je nesprávný."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Ukazatel na modul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID slotu"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identifikátor slotu PKCS#11"
diff --git a/po/da.po b/po/da.po
new file mode 100644
index 0000000..852206c
--- /dev/null
+++ b/po/da.po
@@ -0,0 +1,161 @@
+# Danish translation for glib-openssl.
+# Copyright (C) 2011-2013 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Kris Thomsen <lakristho gmail com>, 2011.
+# Ask Hjorth Larsen <asklarsen gmail com>, 2012-2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-16 17:43+0100\n"
+"Last-Translator: Ask Hjorth Larsen <asklarsen gmail com>\n"
+"Language-Team: Danish <dansk dansk-gruppen dk>\n"
+"Language: da\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Forbindelsen er lukket"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Forbindelsen ville blokere"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server kræver et TLS-certifikat"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Kunne ikke fortolke DER-certifikat: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Kunne ikke fortolke PEM-certifikat: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Kunne ikke fortolke privat nøgle for DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Kunne ikke fortolke privat nøgle for PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Ingen certifikatdata angivet"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kunne ikke oprette TLS-forbindelse: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kunne ikke oprette TLS-forbindelse: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Modpart mislykkedes i at udføre TLS-forhandling"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-modpart sendte ikke noget certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fejl under udførsel af TLS-handshake: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serveren returnerede ikke et gyldigt TLS-certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Uacceptabelt TLS-certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Fejl under læsning af data fra TLS-sokkel: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Fejl under skrivning af data til TLS-sokkel: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Fejl under nedlukning af TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certifikatet har ingen privat nøgle"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Intern fejl i proxy-opløser."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Modpart forspurgte illegalt TLS-genforhandling"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-forbindelse lukkede uventet ned"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Forbindelsen er allerede lukket"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dette er sidste chance for at indtaste PIN korrekt, før det "
+#~ "kryptografiske tegn (token) låses."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Der er indtastet adskillige forkerte PIN, og det kryptografiske tegn "
+#~ "(token) vil blive låst hvis der sker flere fejl."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Den indtastede PIN er forkert."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-modulpointer"
+
+#~ msgid "Slot ID"
+#~ msgstr "Plads-id"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 plads-identifikation"
diff --git a/po/de.po b/po/de.po
new file mode 100644
index 0000000..07c995b
--- /dev/null
+++ b/po/de.po
@@ -0,0 +1,165 @@
+# German translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Mario Blättermann <mario blaettermann gmail com>, 2011-2013.
+# Christian Kirbach <Christian Kirbach gmail com>, 2011, 2012.
+# Wolfgang Stöggl <c72578 yahoo de>, 2011, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-04 08:30+0100\n"
+"Last-Translator: Mario Blättermann <mario blaettermann gmail com>\n"
+"Language-Team: Deutsch <gnome-de gnome org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Poedit-Language: German\n"
+"X-Poedit-Country: GERMANY\n"
+"X-Generator: Gtranslator 2.91.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Verbindung ist geschlossen"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Vorgang würde blockieren"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server benötigt ein TLS-Zertifikat"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER-Zertifikat konnte nicht verarbeitet werden: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM-Zertifikat konnte nicht verarbeitet werden: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Geheimer DER-Schlüssel konnte nicht verarbeitet werden: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Geheimer PEM-Schlüssel konnte nicht verarbeitet werden: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Keine Zertifikatdaten bereitgestellt"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS-Verbindung konnte nicht erstellt werden: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS-Verbindung konnte nicht erstellt werden: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Gegenstelle scheiterte bei Ausführung der TLS-Begrüßung"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Gegenstelle der TLS-Verbindung gab kein gültiges Zertifikat zurück"
+
+# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fehler bei der Ausführung des TLS-Handshake: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server gab kein gültiges TLS-Zertifikat zurück"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Nicht akzeptables TLS-Zertifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Fehler beim Schreiben der Daten in den TLS-Socket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Fehler beim Schließen der TLS-Verbindung: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Das Zertifikat hat keinen geheimen Schlüssel"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Interner Fehler in der Auflösung des Proxys."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Gegenstelle fragte illegale erneute Begrüßung an"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-Verbindung wurde unerwartet geschlossen"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Verbindung ist bereits geschlossen"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dies ist die letzte Möglichkeit, die PIN korrekt einzugeben, bevor das "
+#~ "Token gesperrt wird."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Mehrere Versuche der PIN-Eingabe waren nicht korrekt. Das Token wird nach "
+#~ "weiteren Fehlversuchen gesperrt."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Die eingegebene PIN ist nicht korrekt."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-Modulzeiger"
+
+#~ msgid "Slot ID"
+#~ msgstr "Slot-ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11-Slotkennung"
diff --git a/po/el.po b/po/el.po
new file mode 100644
index 0000000..51097e3
--- /dev/null
+++ b/po/el.po
@@ -0,0 +1,162 @@
+# Greek translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Michael Kotsarinis <mk73628 gmail com>, 2011.
+# Kostas Papadimas <pkst gnome org>, 2012.
+# Dimitris Spingos (Δημήτρης Σπίγγος) <dmtrs32 gmail com>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2014-07-09 14:43+0200\n"
+"Last-Translator: Tom Tryfonidis <tomtryf gmail com>\n"
+"Language-Team: team gnome gr\n"
+"Language: el\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 1.6.5\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Η σύνδεση έκλεισε"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Η λειτουργία θα μπλοκαριστεί"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Ο διακομιστής απαίτησε πιστοποιητικό TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Αδυναμία ανάλυσης πιστοποιητικού DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Αδυναμία ανάλυσης πιστοποιητικού PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Αδυναμία ανάλυσης ιδιωτικού κλειδιού DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Αδυναμία ανάλυσης ιδιωτικού κλειδιού PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Δεν παρέχονται δεδομένα πιστοποιητικού"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Αδύνατη η δημιουργία σύνδεσης TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Αδύνατη η δημιουργία σύνδεσης TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Ο ομότιμος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Η ομότιμη σύνδεση TLS δεν έστειλε πιστοποιητικό"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Σφάλμα κατά τη «χειραψία» TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Ο διακομιστής δεν επέστρεψε ένα έγκυρο πιστοποιητικό TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Μη αποδεκτό πιστοποιητικό TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Σφάλμα κατά την ανάγνωση δεδομένων από την υποδοχή TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Σφάλμα κατά την εγγραφή δεδομένων στην υποδοχή TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Σφάλμα κατά το κλείσιμο TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Το πιστοποιητικό δεν έχει ιδιωτικό κλειδί"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Εσωτερικό σφάλμα επίλυσης διαμεσολαβητή."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Ο ομότιμος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Η σύνδεση TLS τερματίστηκε απρόσμενα"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Η σύνδεση έχει ήδη κλείσει"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Αυτή είναι η τελευταία σας ευκαιρία να πληκτρολογήσετε σωστά το PIN πριν "
+#~ "να κλειδωθεί το διακριτικό."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το διακριτικό θα κλειδωθεί "
+#~ "μετά από περαιτέρω αποτυχίες."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Δεν είναι έγκυρο το PIN που πληκτρολογήσατε."
+
+#~ msgid "Module"
+#~ msgstr "Άρθρωμα"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Δείκτης αρθρώματος PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Αναγνωριστικό υποδοχής"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Αναγνωριστικό θέσης PKCS#11"
diff --git a/po/en_CA.po b/po/en_CA.po
new file mode 100644
index 0000000..6cc698a
--- /dev/null
+++ b/po/en_CA.po
@@ -0,0 +1,121 @@
+# English/Canada translation of glib-openssl.
+# Copyright (C) 2010 Collabora Ltd.
+# This file is distributed under the same license as the glib-openssl package.
+# Nicolas Dufresne <nicolas dufresne collabora co uk>, 2010.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2010-08-13 17:42-0400\n"
+"Last-Translator: Nicolas Dufresne <nicolasd git gnome org>\n"
+"Language-Team: Canadian English <nicolasd git gnome org>\n"
+"Language: en_CA\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr ""
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr ""
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr ""
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr ""
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr ""
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Proxy resolver internal error."
diff --git a/po/en_GB.po b/po/en_GB.po
new file mode 100644
index 0000000..be384c1
--- /dev/null
+++ b/po/en_GB.po
@@ -0,0 +1,159 @@
+# British English translation of glib-openssl.
+# Copyright (C) 2011 glib-openssl'S COPYRIGHT HOLDER
+# This file is distributed under the same licence as the glib-openssl package.
+# Bruce Cowan <bruce bcowan me uk>, 2011, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2016-09-18 12:18+0200\n"
+"Last-Translator: David King <amigadave amigadave com>\n"
+"Language-Team: British English <en li org>\n"
+"Language: en_GB\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Connection is closed"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operation would block"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server required TLS certificate"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Could not parse DER certificate: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Could not parse PEM certificate: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Could not parse DER private key: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Could not parse PEM private key: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "No certificate data provided"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Could not create TLS connection: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Could not create TLS connection: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Peer failed to perform TLS handshake"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS connection peer did not send a certificate"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error performing TLS handshake: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server did not return a valid TLS certificate"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Unacceptable TLS certificate"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Error reading data from TLS socket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Error writing data to TLS socket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Error performing TLS close: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certificate has no private key"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Proxy resolver internal error."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Peer requested illegal TLS rehandshake"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS connection closed unexpectedly"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "The PIN entered is incorrect."
+
+#~ msgid "Module"
+#~ msgstr "Module"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
+
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Connection is already closed"
diff --git a/po/eo.po b/po/eo.po
new file mode 100644
index 0000000..beafc10
--- /dev/null
+++ b/po/eo.po
@@ -0,0 +1,127 @@
+# Esperanto translation for glib-openssl.
+# Copyright (C) 2011 Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+# Kristjan SCHMIDT <kristjan schmidt googlemail com>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-05-15 15:54+0200\n"
+"Last-Translator: Kristjan SCHMIDT <kristjan schmidt googlemail com>\n"
+"Language-Team: Esperanto <ubuntu-l10n-eo lists launchpad net>\n"
+"Language: eo\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Servilo bezonas TLS-atestilon"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Ne eblis analizi la DER-atestilon: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Ne eblis analizi la PEM-atestilon: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Ne eblis analizi la privatan DER-ŝlosilon: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Ne eblis analizi la privatan PEM-ŝlosilon: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Neniu atestilo etas provizita"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ne eblis krei TLS-konekton: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ne eblis krei TLS-konekton: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Samtavolano fiaskis efektivigi TLS-kvitancon"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-konekto fermiĝis senatendite"
+
+# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Eraro dum efektivigi TLS-kvitancon: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "Servilo bezonas TLS-atestilon"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Neakceptebla TLS-atestilo"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, fuzzy, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Eraro dum legi de la datumoj el la TLS-ingo:%s\n"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, fuzzy, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Eraro dum skribi de la datumoj el la TLS-ingo:%s\n"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Eraro dum fermi la TLS-konekto: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Interna eraro en la solvilo de la prokurilo."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Samtavolano petis kontraŭleĝan TLS-kvitancon"
diff --git a/po/es.po b/po/es.po
new file mode 100644
index 0000000..def3aae
--- /dev/null
+++ b/po/es.po
@@ -0,0 +1,161 @@
+# Spanish translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Jorge González <jorgegonz svn gnome org>, 2011.
+# Daniel Mustieles <daniel mustieles gmail com>, 2011, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-02 19:10+0100\n"
+"Last-Translator: Daniel Mustieles <daniel mustieles gmail com>\n"
+"Language-Team: Español; Castellano <gnome-es-list gnome org>\n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La conexión está cerrada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "La operación de bloqueará"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "El servidor requiere un certificado TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "No se pudo analizar el certificado DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "No se pudo analizar el certificado PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "No se pudo analizar la clave privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "No se pudo analizar la clave privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "No se han proporcionado datos del certificado"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "No se pudo crear la conexión TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "No se pudo crear la conexión TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "EL par falló al realizar la negociación TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "El par de la conexión TLS no envió un certificado"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error al realizar la negociación TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "El servidor no devolvió un certificado TLS válido"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceptable"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Error al leer datos del socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Error al escribir datos en el socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Error al cerrar el TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "El certificado no tiene clave privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Error interno del proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "El par solicitó una renegociación TLS ilegal"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "La conexión TLS se cerró inesperadamente"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La conexión ya está cerrada"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta es la última oportunidad para introducir el PIN correctamente antes "
+#~ "de que se bloquee el «token»."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Varios intentos de introducir el PIN han sido incorrectos y el «token» se "
+#~ "bloqueará después de más fallos."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "El PIN introducido es incorrecto."
+
+#~ msgid "Module"
+#~ msgstr "Módulo"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Puntero del módulo PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID de la ranura"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador de la ranura de PKCS#11"
diff --git a/po/et.po b/po/et.po
new file mode 100644
index 0000000..33bed6d
--- /dev/null
+++ b/po/et.po
@@ -0,0 +1,162 @@
+# GLibi võrgunduse eesti tõlge.
+# Estonian translation of GLib Networking.
+#
+# Copyright (C) 2011 The GNOME Project.
+# This file is distributed under the same license as the GLib package.
+#
+# Ivar Smolin <okul linux ee>, 2011.
+# Mattias Põldaru <mahfiaz gmail com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-18 14:36+0300\n"
+"Last-Translator: Mattias Põldaru <mahfiaz gmail com>\n"
+"Language-Team: Estonian <>\n"
+"Language: et\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Ühendus on suletud"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operatsioon blokeeriks"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server nõudis TLS-sertifikaati"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER-sertifikaati pole võimalik analüüsida: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM-sertifikaati pole võimalik analüüsida: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER-vormingus salajast võtit pole võimalik analüüsida: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM-vormingus salajast võtit pole võimalik analüüsida: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Sertifikaadi andmed puuduvad"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS-ühendust pole võimalik luua: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS-ühendust pole võimalik luua: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Partneril ei õnnestunud TLS-kätlust läbi viia"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS ühenduse osapool ei tagastanud sertifikaati"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Viga TLS-kätluse läbiviimisel: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server ei tagastanud kehtivat TLS-sertifikaati"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Lubamatu TLS-sertifikaat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Viga TLS-soklist andmete lugemisel: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Viga TLS-soklisse andmete kirjutamisel: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Viga TLS-i sulgemisel: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Sertifikaadil puudub privaatvõti"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Proksilahendaja sisemine viga."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Partneri nõudis lubamatut TLS-kätlust"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-ühendus suleti ootamatult"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Ühendus on juba suletud"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "See on viimane võimalus õige PIN sisestada, enne kui seade lukustub."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Mitu korda on sisestatud vale PIN, järgmisel ebaõnnestumisel seade "
+#~ "lukustub."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Sisestatud PIN oli vale."
+
+#~ msgid "Module"
+#~ msgstr "Moodul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 mooduli viit"
+
+#~ msgid "Slot ID"
+#~ msgstr "Pesa ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 pesa identifikaator"
diff --git a/po/eu.po b/po/eu.po
new file mode 100644
index 0000000..a89487e
--- /dev/null
+++ b/po/eu.po
@@ -0,0 +1,160 @@
+# translation of eu.po to Basque
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Iñaki Larrañaga Murgoitio <dooteo euskalgnu org>, 2011, 2012.
+# Iñaki Larrañaga Murgoitio <dooteo zundan com>, 2013
+msgid ""
+msgstr ""
+"Project-Id-Version: eu\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-04 23:35+0100\n"
+"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo zundan com>\n"
+"Language-Team: Basque <itzulpena euskalgnu org>\n"
+"Language: eu\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.0\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Konexioa itxi egin da"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Eragiketa blokea daiteke"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Zerbitzariak TLS ziurtagiria behar du"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Ezin izan da DER ziurtagiria analizatu: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Ezin izan da PEM ziurtagiria analizatu: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Ezin izan da DER gako pribatua analizatu: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Ezin izan da PEM gako pribatua analizatu: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Ez da ziurtagiriaren daturik eman"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ezin izan da TLS konexioa sortu: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ezin izan da TLS konexioa sortu: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Parekoak huts egin du TLS diosala lantzean"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS konexioaren parekoak ez du ziurtagiria bidali"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Errorea TLS diosala lantzean: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Zerbitzariak ez du baliozko TLS ziurtagiria itzuli"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Onartu gabeko TLS ziurtagiria"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Errorea TLS socketetik datuak irakurtzean: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Errorea TLS socketean datuak idaztean: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Errorea TLSren itxiera lantzean: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Ziurtagiriak ez dauka gako pribaturik"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Proxyen ebaztailearen barneko errorea."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Parekoak TLSren diosala ilegala eskatu du"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS konexioa ustekabean itxi da"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Konexioa jadanik itxita dago"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "Hau azken aukera da PINa ongi sartzeko, tokena blokeatu aurretik."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Sartu diren hainbat PIN ez dira zuzenak, eta tokena blokeatu egin da "
+#~ "hutsegite gehiagoren ondoren."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Sartutako PINa okerrekoa da."
+
+#~ msgid "Module"
+#~ msgstr "Modulua"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 moduluaren erakuslea"
+
+#~ msgid "Slot ID"
+#~ msgstr "Erretenaren IDa"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 erretenaren identifikatzailea"
diff --git a/po/fa.po b/po/fa.po
new file mode 100644
index 0000000..df5ecc1
--- /dev/null
+++ b/po/fa.po
@@ -0,0 +1,158 @@
+# Persian translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Arash Mousavi <mousavi arash gmail com>, 2011, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-23 18:10+0330\n"
+"Last-Translator: Arash Mousavi <mousavi arash gmail com>\n"
+"Language-Team: Persian\n"
+"Language: fa\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Generator: Poedit 1.5.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "اتصال بسته شده است"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "عملیات میتواند بلوکه شود"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "کارگزار به گواهینامه TLS احتیاج دارد"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "تجزیه گواهینامه DER امکانپذیر نبود: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "تجزیه گواهینامه PEM امکانپذیر نبود: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "تجزیه کلید خصوصی DER امکانپذیر نبود: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "تجزیه کلید خصوصی PEM امکانپذیر نبود: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "هیچ اطلاعات گواهینامهای ارائه نشده"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "نمیتوان اتصال TLS ایجاد کرد: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "نمیتوان اتصال TLS ایجاد کرد: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "برقراری TLS handshake توسط همتا شکست خورد"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "همتا اتصال TLS گواهینامهای ارسال نکرد"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "خطا در هنگام انجام TLS handshake. خطا: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "کارگزار گواهینامه TLS معتبری ارسال نکرد"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "گواهینامه TLS غیر قابل پذیرش"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "خطا در هنگام هواندن اطلاعات از طریق سوکت TLS. خط: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "خطا در هنگام نوشتن اطلاعات در سوکت TLS. خطا: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "خطا در هنگام انجام بستن TLS. خطا: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "گواهینامه هیچ کلید خصوصیای ندارد"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "خطای داخلی تحلیلگر پیشکار."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "همتا درخواست یک TLS rehandshake غیرقانونی کرده است"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "اتصال TLS بطور غیر منتظرهای شکست خورد"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "اتصال از قبل بسته شده است"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "آخرین شانس برای صحیح وارد کردن PIN قبل از قفل شدن رمز است."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "تعدادی از تلاشهای برای وارد کردن PIN شکست خورده است، و رمز پس از شکستهای "
+#~ "بعدی قفل خواهد شد."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "عبارت PIN وارد شده نادرست است."
+
+#~ msgid "Module"
+#~ msgstr "ماژول"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "نشانگر ماژول PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "شناسهی جایگاه"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "شناساگر جایگاه PKCS#11"
diff --git a/po/fi.po b/po/fi.po
new file mode 100644
index 0000000..5c83386
--- /dev/null
+++ b/po/fi.po
@@ -0,0 +1,161 @@
+# Finnish messages for glib-openssl
+# Copyright (C) 2011 Tommi Vainikainen
+# This file is distributed under the same license as the glib-openssl.
+#
+# Gnome 2012-03 Finnish translation sprint participants:
+# Jiri Grönroos
+# Tommi Vainikainen <thv iki fi>, 2011.
+# Jiri Grönroos <jiri gronroos iki fi>, 2012, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-20 23:44+0200\n"
+"Last-Translator: Jiri Grönroos <jiri gronroos+l10n iki fi>\n"
+"Language-Team: Finnish <gnome-fi-laatu lists sourceforge net>\n"
+"Language: fi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-POT-Import-Date: 2012-02-19 15:16:01+0000\n"
+"X-Generator: Lokalize 1.5\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Yhteys on suljettu"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Palvelin vaatii TLS-varmenteen"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER-varmennetta ei voitu jäsentää: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM-varmennetta ei voitu jäsentää: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER-yksityisavainta ei voitu jäsentää: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM-yksityisavainta ei voitu jäsentää: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Varmennetietoja ei tarjottu"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ei voitu luoda TLS-yhteyttä: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ei voitu luoda TLS-yhteyttä: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Vastapuoli ei kyennyt suoriutumaan TLS-kättelystä"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-yhteyden vertainen ei lähettänyt varmennetta"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Virhe suoritettaessa TLS-kättelyä: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Palvelin ei palauttanut kelvollista TLS-varmennetta"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "TLS-varmenne ei ole hyväksyttävä"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Virhe luettaessa tietoa TLS-pistokkeesta: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Virhe suoritettaessa TLS-sulkemista: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Varmenteella ei ole yksityistä avainta"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Väliselvityspalvelimen sisäinen virhe."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Vastapuoli pyysi laitonta TLS-uusintakättelyä"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-yhteys katkesi yllättäen"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Yhteys on jo suljettu"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Tämä on viimeinen mahdollisuus antaa oikea PIN, ennen kuin valtuus "
+#~ "lukitaan."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Useat PIN-yritykset ovat epäonnistuneet, ja valtuus lukitaan seuraavien "
+#~ "epäonnistumisten myötä."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Syötetty PIN-koodi on virheellinen."
+
+#~ msgid "Module"
+#~ msgstr "Moduuli"
+
+#~ msgid "Slot ID"
+#~ msgstr "Paikan tunniste"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11-paikan tunniste"
diff --git a/po/fr.po b/po/fr.po
new file mode 100644
index 0000000..b69ad13
--- /dev/null
+++ b/po/fr.po
@@ -0,0 +1,159 @@
+# French translation for glib-openssl.
+# Copyright (C) 2011-2012 Listed translators
+# This file is distributed under the same license as the glib-openssl package.
+# Claude Paroz <claude 2xlibre net>, 2011-2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-02-25 20:13+0100\n"
+"Last-Translator: Claude Paroz <claude 2xlibre net>\n"
+"Language-Team: GNOME French Team <gnomefr traduc org>\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La connexion est fermée"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'opération serait bloquée"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Le serveur requiert un certificat TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Impossible d'analyser le certificat DER : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Impossible d'analyser le certificat PEM : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Impossible d'analyser la clé privée DER : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Impossible d'analyser la clé privée PEM : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Aucune donnée de certificat fournie"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossible de créer une connexion TLS : %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossible de créer une connexion TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "La négociation TLS avec le serveur pair a échoué"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Le pair TLS n'a pas envoyé de certificat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erreur lors de la négociation TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Le serveur n'a pas renvoyé un certificat TLS valide"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptable"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Erreur lors de la lecture de données du connecteur TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Erreur lors de l'écriture de données sur le connecteur TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Erreur lors de la fermeture TLS : %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Le certificat n'a pas de clé privée"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Erreur interne du résolveur de serveur mandataire."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Le serveur pair a demandé une renégociation TLS non autorisée"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "La connexion TLS a été fermée de manière inattendue"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connexion est déjà fermée"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "C'est la dernière chance d'entrer le PIN correct avant que la carte à "
+#~ "puce soit verrouillée."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Plusieurs PIN incorrects ont été saisis, toute nouvelle erreur provoquera "
+#~ "le verrouillage de la carte à puce."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Le PIN saisi n'est pas correct."
+
+#~ msgid "Module"
+#~ msgstr "Module"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Pointeur de module PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID d'emplacement"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identifiant d'emplacement PKCS#11"
diff --git a/po/fur.po b/po/fur.po
new file mode 100644
index 0000000..48856cd
--- /dev/null
+++ b/po/fur.po
@@ -0,0 +1,159 @@
+# Friulian translation for glib-openssl.
+# Copyright (C) 2013 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2016-04-08 18:19+0200\n"
+"Last-Translator: Fabio Tomat <f t public gmail com>\n"
+"Language-Team: Friulian <fur li org>\n"
+"Language: fur\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La conession e je sierade"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Le operazion e podarès blocâsi"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Il server al domande un certificât TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Impussibil analizâ il certificât DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Impussibil analizâ il certificât PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Impussibil analizâ la clâf privade DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Impussibil analizâ la clâf privade PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nissun dât di certificât dât"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impussibil creâ la conession TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impussibil creâ la conession TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Il grop nol è rivât a eseguî il handshake TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Il grop di conession TLS nol à inviât un certificât"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erôr tal eseguî il handshake TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Il server nol à tornât un certificât TLS valit"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "certificât TLS no acetabil"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Erôr tal lei dâts tal socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Erôr tal scrivi dâts tal socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Erôr tal sierâ TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Il certificât nol à une clâf privade"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Erôr interni dal resolver proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Il grop al à domandât un rehandshake TLS no lecit"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Sieradure inspietade de conession TLS"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Cheste e je la ultime pussibilitât par inserî il PIN coret prime che al "
+#~ "vegni blocât il token."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "A son stâts fats une vore di tentatîfs par meti il PIN, il token al sarà "
+#~ "blocât dopo altris faliments."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Il PIN dât nol è coret."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Pontadôr modul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID dal slot"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificadôr Slot PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La conession a je za sierade"
diff --git a/po/gd.po b/po/gd.po
new file mode 100644
index 0000000..ad86e63
--- /dev/null
+++ b/po/gd.po
@@ -0,0 +1,158 @@
+# Scottish Gaelic translation for glib-openssl.
+# Copyright (C) 2016 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# GunChleoc <fios foramnagaidhlig net>, 2016.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2016-04-28 15:01+0100\n"
+"Last-Translator: GunChleoc <fios foramnagaidhlig net>\n"
+"Language-Team: Fòram na Gàidhlig\n"
+"Language: gd\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=(n==1 || n==11) ? 0 : (n==2 || n==12) ? 1 : "
+"(n > 2 && n < 20) ? 2 : 3;\n"
+"X-Generator: Virtaal 0.7.1\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Chaidh an ceangal a dhùnadh"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Dhèanadh an t-obrachadh bacadh"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Dh'iarr am frithealaiche teisteanas TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Cha deach leinn teisteanas DER a pharsadh: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Cha deach leinn teisteanas PEM a pharsadh: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Cha deach leinn iuchair phrìobhaideach DER a pharsadh: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Cha deach leinn iuchair phrìobhaideach PEM a pharsadh: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Cha deach dàta teisteanais a thoirt seachad"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Cha b' urrainn dhuinn ceangal TLS a chruthachadh: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Cha b' urrainn dhuinn ceangal TLS a chruthachadh: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Cha do rinn an seise crathadh-làimhe TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Cha do chuir seise a' cheangail TLS teisteanas"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Mearachd le crathadh-làimhe TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Cha do thill am frithealaiche teisteanas TLS dligheach"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Teisteanas TLS ris nach gabhar"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Mearachd a' leughadh dàta on t-socaid TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Mearachd a' sgrìobhadh dàta dhan t-socaid TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Mearachd le dùnadh TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Chan eil iuchair phrìobhaideach aig an teisteanas"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Mearachd taobh a-stagh an fhuasglaiche progsaidh."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Dh'iarr an seise ath-chrathadh-làimhe TLS mì-dhligheach"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Chaidh an ceangal TLS a dhùnadh gun dùil"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Seo an cothrom mu dheireadh gus am PIN a chur a-steach mar bu chòir mus "
+#~ "dèid an tòcan a ghlasadh."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Chaidh iomadh oidhirp air a' PIN gu cearr agus thèid an tòcan a ghlasadh "
+#~ "ma bhios e cearr a-rithist."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Chan eil am PIN a chaidh a chur a-steach mar bu chòir."
+
+#~ msgid "Module"
+#~ msgstr "Mòideal"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Tomhaire mòideil PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID an t-slota"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Aithnichear an t-slota PKCS#11"
diff --git a/po/gl.po b/po/gl.po
new file mode 100644
index 0000000..17d5df3
--- /dev/null
+++ b/po/gl.po
@@ -0,0 +1,163 @@
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright © 2011 Leandro Regueiro.
+# Leandro Regueiro <leandro regueiro gmail com>, 2011.
+# Proxecto Trasno - Adaptación do software libre á lingua galega: Se desexas
+# colaborar connosco, podes atopar máis información en <http://trasno.net>
+# Fran Diéguez <frandieguez ubuntu com>, 2011.
+# Fran Dieguez <frandieguez gnome org>, 2011, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-24 22:52+0200\n"
+"Last-Translator: Fran Dieguez <frandieguez gnome org>\n"
+"Language-Team: gnome-l10n-gl gnome org\n"
+"Language: gl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "A conexión está pechada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A operación bloquearase"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "O servidor require un certificado TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Non foi posíbel analizar o certificado DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Non foi posíbel analizar o certificado PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Non foi posíbel analizar a chave privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Non foi posíbel analizar a chave privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Non se forneceu ningún dato do certificado"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Non foi posíbel crear a conexión TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Non foi posíbel crear a conexión TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "O par fallou ao realizar a negociación TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "O par da conexión TLS non enviou un certificado"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Produciuse un erro ao realizar a negociación TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "O servidor non devolveu un certificado TLS válido"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceptábel"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Produciuse un erro ao ler datos do conectador TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Produciuse un erro ao escribir datos no conectador TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Produciuse un erro ao realizar o peche de TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "O certificado no ten unha chave privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Erro interno do resolvedor de proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "O par solicitou unha renegociación TLS inaceptábel"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "A conexión TLS pechouse de forma inesperada"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "A conexión está pechada"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta é a última oportunidade para escribir o PIN correctamente antes de "
+#~ "que o token está bloqueado."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Varios intentos de introducir o PIN foron incorrectos e o «token» "
+#~ "bloquearase despois de máis fallos."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN escrito é incorrecto."
+
+#~ msgid "Module"
+#~ msgstr "Módulo"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Punteiro do módulo PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID da ranura"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador da ranura PKCS#11"
diff --git a/po/gu.po b/po/gu.po
new file mode 100644
index 0000000..1ca31f7
--- /dev/null
+++ b/po/gu.po
@@ -0,0 +1,128 @@
+# translation of gu.po to Gujarati
+# Gujarati translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Sweta Kothari <swkothar redhat com>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: gu\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-02-08 12:18+0530\n"
+"Last-Translator: Sweta Kothari <swkothar redhat com>\n"
+"Language-Team: Gujarati\n"
+"Language: gu\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "સર્વરને TLS પ્રમાણપત્રની જરૂરિયાત છે"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER પ્રમાણપત્રનું પદચ્છેદન કરી શક્યા નહિં: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM પ્રમાણપત્રનું પદચ્છેદન કરી શક્યા નહિં: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER ખાનગી કીનું પદચ્છેદન કરી શક્યા નહિં: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM ખાનગી કીનું પદચ્છેદન કરી શક્યા નહિં: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "પ્રમાણપત્ર માહિતીને પૂરી પાડેલ નથી"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS જોડાણને બનાવી શક્યા નહિં: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS જોડાણને બનાવી શક્યા નહિં: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS handshake ને ચલાવવામાં Peer નિષ્ફળ"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS જોડાણ અચાનક બંધ થઇ ગયુ"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS handshake ને ચલાવી રહ્યા હોય ત્યારે ભૂલ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "સર્વરને TLS પ્રમાણપત્રની જરૂરિયાત છે"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "અસ્વીકાર્ય TLS પ્રમાણપત્ર"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS સોકેટમાંથી માહિતીને વાંચી રહ્યા હોય ત્યારે ભૂલ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS સોકેટમાં માહિતીને લખી રહ્યા હોય ત્યારે ભૂલ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS બંધ ને ચલાવી રહ્યા હોય ત્યારે ભૂલ: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "પ્રોક્સી રિઝૉલ્વર આંતરિક ભૂલ."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Peer ને બિનકાયદેસર TLS rehandshake માટે સૂચિત કરેલ છે"
diff --git a/po/he.po b/po/he.po
new file mode 100644
index 0000000..a627b25
--- /dev/null
+++ b/po/he.po
@@ -0,0 +1,160 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-11-30 10:53+0200\n"
+"Last-Translator: Yaron Shahrabani <sh yaron gmail com>\n"
+"Language-Team: Hebrew <sh yaron gmail com>\n"
+"Language: he\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural= (n !=1 );\n"
+"X-Poedit-Language: Hebrew\n"
+"X-Poedit-Country: ISRAEL\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "החיבור סגור"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "הפעולה תיחסם"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "השרת דורש תעודת TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "לא ניתן לפענח את אישור ה־DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "לא ניתן לפענח את אישור ה־PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "לא ניתן לפענח את מפתח ה־DER הפרטי: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "לא ניתן לפענח את מפתח ה־PEM הפרטי: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "לא סופקו נתוני אישור"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "לא ניתן ליצור חיבור TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "לא ניתן ליצור חיבור TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "העמית נכשל בלחיצת היד מסוג TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "הצד השני בחיבור ה־TLS לא החזיר תעודה"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "שגיאה בביצוע לחיצת יד מסוג TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "השרת לא החזיר תעודת TLS תקפה"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "אישור ה־TLS אינו מקובל"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "שגיאה בקריאת הנתונים משקע ה־TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "שגיאה בכתיבת נתונים אל שקע ה־TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "שגיאה בביצוע סגירת TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "לאישור אין מפתח פרטי"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "שגיאה פנימית בפתרון המתווך."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "העמית ביקש לחיצת יד חוזרת מסוג TLS בלתי חוקית"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "החיבור ל־TLS נסגר באופן בלתי צפוי"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "החיבור כבר סגור"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "זוהי ההזדמנות האחרונה להזין את ה־PIN הנכון לפני שהאסימון ננעל."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "חלק מניסיונות הזנת ה־PIN עלו בתוהו והאסימון יינעל לאחר ניסיונות כושלים "
+#~ "נוספים."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "ה־PIN שהוזן שגוי."
+
+#~ msgid "Module"
+#~ msgstr "מודול"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "מצביע מודול PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "מזהה חריץ"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "מזהה חריץ PKCS#11"
diff --git a/po/hi.po b/po/hi.po
new file mode 100644
index 0000000..559b5c2
--- /dev/null
+++ b/po/hi.po
@@ -0,0 +1,160 @@
+# translation of glib-openssl.po.master.hi.po to Hindi
+# Hindi translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Rajesh Ranjan <rranjan redhat com>, 2011.
+# chandankumar(ciypro) <chandankumar 093047 gmail com>, 2012, 2013.
+# rajesh <rajeshkajha yahoo com>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl.po.master.hi\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-25 13:35+0000\n"
+"Last-Translator: chandankumar <chandankumar 093047 gmail com>\n"
+"Language-Team: Hindi <kde-i18n-doc kde org>\n"
+"Language: hi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Lokalize 1.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "कनेक्शन बंद है"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "कार्य रोक दिया जाएगा"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "सर्वर के लिए TLS प्रमाणपत्र चाहिए"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER प्रमाणपत्र नहीं विश्लेषित कर सकता है: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM प्रमाणपत्र नहीं विश्लेषित कर सकता है: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER निजी कुंजी नहीं विश्लेषित कर सकता है: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM निजी कुंजी नहीं विश्लेषित कर सकता है: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "कोई प्रमाणपत्र आँकड़ा नहीं दिया गया"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "टीएलएस कनेक्शन नहीं बना सका: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "टीएलएस कनेक्शन नहीं बना सका: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS हैंडशेक करने में पीयर विफल रहा"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS कनेक्शन सहकर्मी एक प्रमाण पत्र नहीं भेजा"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS हैंडशेक करने में त्रुटि: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "सर्वर ने वैध TLS प्रमाणपत्र नहीं दिया है"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "अस्वीकार्य TLS प्रमाणपत्र"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS सॉकेट से आँकड़ा पढ़ने में त्रुटि: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS सॉकेट से आँकड़ा लिखने में त्रुटि: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS बंद करने में त्रुटि: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "प्रमाणपत्र में कोई निजी कुंजी नहीं है"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "प्रॉक्सी समाधानकर्ता आंतरिक त्रुटि."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "पीयर ने TLS फिर हैंडशेक के लिए आग्रह किया"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS अप्रत्याशित रूप से बंद हो गया"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "कनेक्शन पहले से बंद है"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "टोकन बंद होने से पहले पिन सही तरीके से दर्ज करने का यह आखिरी मौका है."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "कई पिन प्रयास को गलत कर दिया गया है, और आगे विफलताओं के बाद टोकन बंद कर दिया "
+#~ "जाएगा."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "दर्ज किया गया पिन गलत है."
+
+#~ msgid "Module"
+#~ msgstr "मॉडयूल"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 मॉडयूल पाइंटर"
+
+#~ msgid "Slot ID"
+#~ msgstr "स्लॉट ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 स्लॉट पहचानकर्ता"
diff --git a/po/hr.po b/po/hr.po
new file mode 100644
index 0000000..b72b41c
--- /dev/null
+++ b/po/hr.po
@@ -0,0 +1,150 @@
+# Croatian translation for glib-openssl
+# Copyright (c) 2015 Rosetta Contributors and Canonical Ltd 2015
+# This file is distributed under the same license as the glib-openssl package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2015.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2015-05-03 00:07+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Croatian <hr li org>\n"
+"Language: hr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2015-07-01 11:49+0000\n"
+"X-Generator: Launchpad (build 17590)\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Poslužitelj zahtijeva TLS vjerodajnicu"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nemoguća analiza DER vjerodajnica: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nemoguća analiza PEM vjerodajnica: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nemoguća analiza DER privatnog ključa: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nemoguća analiza PEM privatnog ključa: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nema pruženih podataka certifikata"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nemoguće stvaranje TLS povezivanja: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nemoguće stvaranje TLS povezivanja: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Čvor je odbio izvesti TLS rukovanje"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS povezivanje je neočekivano zatvoreno"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška izvođenja TLS rukovanja: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "Poslužitelj zahtijeva TLS vjerodajnicu"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljiva TLS vjerodajnica"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Greška čitanja podataka iz TLS priključnice: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Greška zapisivanja podataka iz TLS priključnice: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Greška izvođenja TLS zatvaranja: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Vjerodajnica nema privatni ključ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Unutrašnja greška proxy razrješitelja."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Čvor zahtjeva ilegalno TLS ponovno rukovanje"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ovo je posljednja šansa za upis PIN-a ispravno prije nego što se token "
+#~ "zaključa."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Nekoliko PIN-ova je neispravno, i token će biti zaključan nakon budućih "
+#~ "neuspjeha."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Upisani PIN je neispravan"
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 pokazivač modula"
diff --git a/po/hu.po b/po/hu.po
new file mode 100644
index 0000000..381b425
--- /dev/null
+++ b/po/hu.po
@@ -0,0 +1,161 @@
+# Hungarian translation of glib-openssl
+# Copyright (C) 2011, 2012. Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Gabor Kelemen <kelemeng at gnome dot hu>, 2011, 2012.
+# Balázs Úr <urbalazs at gmail dot com>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-31 19:04+0100\n"
+"Last-Translator: Balázs Úr <urbalazs at gmail dot com>\n"
+"Language-Team: Hungarian <gnome-hu-list at gnome dot org>\n"
+"Language: hu\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "A kapcsolat lezárva"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A művelet blokkoló lenne"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "A kiszolgáló TLS-tanúsítványt kért"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "A DER tanúsítvány nem dolgozható fel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "A PEM tanúsítvány nem dolgozható fel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "A DER személyes kulcs nem dolgozható fel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "A PEM személyes kulcs nem dolgozható fel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nincsenek megadva tanúsítványadatok"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nem sikerült létrehozni TLS-kapcsolatot: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nem sikerült létrehozni TLS-kapcsolatot: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "A partner nem tudta végrehajtani a TLS-kézfogást"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "A TLS kapcsolat partner nem küldött tanúsítványt"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Hiba a TLS-kézfogás végrehajtásakor: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "A kiszolgáló nem adott vissza érvényes TLS-tanúsítványt"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Elfogadhatatlan TLS-tanúsítvány"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Hiba az adatok olvasásakor a TLS-foglalatból: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Hiba az adatok TLS-foglalatba írásakor: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Hiba a TLS-lezárás végrehajtásakor: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "A tanúsítványnak nincs személyes kulcsa"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Proxyfeloldó belső hiba."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "A partner illegális ismételt TLS-kézfogást kért"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "A TLS-kapcsolat váratlanul befejeződött"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "A kapcsolat már le van zárva"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ez az utolsó lehetősége a helyes PIN megadására, mielőtt a jelsor "
+#~ "zárolásra kerül."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Több PiN-megadás sikertelen volt, és a további sikertelen próbálkozások "
+#~ "után a jelsor zárolásra kerül."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "A megadott PIN helytelen."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 modulmutató"
+
+#~ msgid "Slot ID"
+#~ msgstr "Nyílásazonosító"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 nyílásazonosító"
diff --git a/po/id.po b/po/id.po
new file mode 100644
index 0000000..04aca9f
--- /dev/null
+++ b/po/id.po
@@ -0,0 +1,160 @@
+# Indonesian translation of glib-openssl
+# Copyright (C) 2011 THE glib-openssl'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Andika Triwidada <andika gmail com>, 2011, 2012, 2013.
+# Dirgita <dirgitadevina yahoo co id>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-29 08:57+0700\n"
+"Last-Translator: Andika Triwidada <andika gmail com>\n"
+"Language-Team: Indonesian <gnome i15n org>\n"
+"Language: id\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Poedit 1.5.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Koneksi ditutup"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operasi akan memblokir"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server memerlukan sertifikat TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Tak bisa mengurai sertifikat DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Tak bisa mengurai sertifikat PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Tak bisa mengurai kunci privat DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Tak bisa mengurai kunci privat PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Data sertifikat tak disediakan"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Tak bisa membuat koneksi TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Tak bisa membuat koneksi TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Peer gagal melakukan jabat tangan TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Pasangan koneksi TLS tak mengembalikan sertifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Galat melakukan jabat tangan TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server tak mengembalikan sertifikat TLS yang valid"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Sertifikat TLS tak dapat diterima"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Galat saat membaca data dari soket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Galat saat menulis data ke soket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Galat melaksanakan penutupan TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Sertifikatnya tidak memiliki kunci privat"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Galat internal resolver proksi."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Peer meminta jabat tangan ulang TLS yang ilegal"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Koneksi TLS tertutup tak disangka-sangka"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Koneksi telah ditutup"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ini kesempatan terakhir memasukkan PIN yang benar sebelum token dikunci."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Sudah beberapa kali PIN yang dimasukkan salah, token akan dikunci jika "
+#~ "terulang."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "PIN yang dimasukkan salah."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Pointer Modul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID Slot"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identifair Slot PKCS#11"
diff --git a/po/it.po b/po/it.po
new file mode 100644
index 0000000..b1bcfd6
--- /dev/null
+++ b/po/it.po
@@ -0,0 +1,160 @@
+# glib-openssl Italian translation
+# Copyright (C) 2011, 2012, 2013 Free Software Foundation, Inc
+# This file is distributed under the same license as the glib-openssl package.
+# Luca Ferretti <lferrett gnome org>, 2011, 2012.
+# Milo Casagrande <milo ubuntu com>, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-01-24 22:41+0100\n"
+"Last-Translator: Milo Casagrande <milo ubuntu com>\n"
+"Language-Team: Italian <tp lists linux it>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8-bit\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La connessione è chiusa"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'operazione potrebbe bloccarsi"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Il server richiede un certificato TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Impossibile analizzare il certificato DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Impossibile analizzare il certificato PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Impossibile analizzare la chiave privata DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Impossibile analizzare la chiave privata PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nessun dato di certificato fornito"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossibile creare la connessione TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossibile creare la connessione TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Il nono non è stato in grado di eseguire l'handshake TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Il nodo di connessione TLS non ha inviato un certificato"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Errore nell'eseguire l'handshake TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Il server non ha restituito un certificato TLS valido"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificato TLS inammissibile"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Errore nel leggere dati dal socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Errore nello scrivere dati sul socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Errore nell'eseguire la chiusura TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Il certificato non presenta chiave privata"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Errore interno del resolver proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Il nodo ha richesto un re-handshake non lecito"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "La connessione TLS si è chiusa in modo inatteso"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connessione è già chiusa"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Questa è l'ultima opportunità di inserire il PIN corretto prima che venga "
+#~ "bloccato il token."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "È stato inserito diverse volte un PIN non corretto, altri tentativi "
+#~ "errati e il token verrà bloccato."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Il PIN inserito non è corretto."
+
+#~ msgid "Module"
+#~ msgstr "Modulo"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Puntatore modulo PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID dello slot"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificatore slot PKCS#11"
diff --git a/po/ja.po b/po/ja.po
new file mode 100644
index 0000000..2c7b7f9
--- /dev/null
+++ b/po/ja.po
@@ -0,0 +1,159 @@
+# Japanese translation of glib-openssl message catalog.
+# Copyright (C) 2011-2012 Free Software Foundation, Inc.
+# This file is distributed under the same license as glib-openssl package.
+# Takayuki KUSANO <AE5T-KSN asahi-net or jp>, 2011-2012.
+# Hideki Yamane <henrich debian org>, 2011-2012.
+# Yoji TOYODA <bsyamato sea plala or jp>, 2012.
+# Jiro Matsuzawa <jmatsuzawa gnome org>, 2015.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2015-09-15 01:29+0900\n"
+"Last-Translator: Jiro Matsuzawa <jmatsuzawa gnome org>\n"
+"Language-Team: Japanese <gnome-translation gnome gr jp>\n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "コネクションが切断されています"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "操作がブロックされます"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "サーバーが TLS 証明書を要求しました"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER 形式の証明書を解析できませんでした: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM 形式の証明書を解析できませんでした: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER 形式の秘密鍵を解析できませんでした: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM 形式の秘密鍵を解析できませんでした: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "証明書のデータが与えられていません"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS コネクションを確立できませんでした: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS コネクションを確立できませんでした: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "通信相手が TLS ハンドシェイクの実行に失敗しました"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS の通信相手が証明書を送信しませんでした。"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS ハンドシェイク実行中のエラー: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "サーバーが有効な TLS 証明書を返しませんでした。"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "受け付けられない TLS 証明書です"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS ソケットからのデータ読み込み中のエラー: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS ソケットへのデータ書き出し中のエラー: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS クローズ実行中のエラー: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "証明書に秘密鍵がありません"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "プロキシリゾルバーでの内部エラー。"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "通信相手が不当な TLS の再ハンドシェイクを要求しました"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS コネクションが突然閉じられました"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "これがトークンがロックされる前に正しく PIN コードを入力する最後のチャンス"
+#~ "です。"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "正しくない PIN コードの入力が複数回行われたので、さらに失敗するとトークン"
+#~ "はロックされます。"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "入力された PIN コードが正しくありません。"
+
+#~ msgid "Module"
+#~ msgstr "モジュール"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 モジュールポインター"
+
+#~ msgid "Slot ID"
+#~ msgstr "スロット ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 スロット ID"
diff --git a/po/kk.po b/po/kk.po
new file mode 100644
index 0000000..31c5969
--- /dev/null
+++ b/po/kk.po
@@ -0,0 +1,155 @@
+# Kazakh translation for glib-openssl.
+# Copyright (C) 2014 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Baurzhan Muftakhidinov <baurthefirst gmail com>, 2014.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2014-11-07 09:12+0600\n"
+"Last-Translator: Baurzhan Muftakhidinov <baurthefirst gmail com>\n"
+"Language-Team: Kazakh <kk_KZ googlegroups com>\n"
+"Language: kk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.9\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Байланыс жабылды"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Әрекет блоктайды"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Сервер TLS сертификатын талап етеді"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER сертификатын талдау қатесі: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM сертификатын талдау қатесі: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER жеке кілтін талдау қатесі: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM жеке кілтін талдау қатесі: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Сертификат ұсынылмады"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS байланысының торабы сертификатты жібермеген"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сервер жарамды TLS сертификатын қайтармады"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Жарамсыз TLS сертификаты"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS сокетінен деректерді оқу қатесі: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS сокетіне деректерді жазу қатесі: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS жабу әрекетін орындау қатесі: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Сертификатта жеке кілт жоқ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Прокси шешушісінің ішкі қатесі."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS байланысты күтпегенде жабылды"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз "
+#~ "енгізілерде блокталатын болады."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Енгізілген PIN коды дұрыс емес."
+
+#~ msgid "Module"
+#~ msgstr "Модуль"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 модулі көрсеткіші"
+
+#~ msgid "Slot ID"
+#~ msgstr "Слот ID-і"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 слот идентификаторы"
diff --git a/po/km.po b/po/km.po
new file mode 100644
index 0000000..555c5a9
--- /dev/null
+++ b/po/km.po
@@ -0,0 +1,153 @@
+# translation of glib-openssl.master.po to Khmer
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Khoem Sokhem <khoemsokhem khmeros info>, 2012.
+# Seng Sutha <sutha khmeros info>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl.master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-02-20 09:22+0700\n"
+"Last-Translator: Seng Sutha <sutha khmeros info>\n"
+"Language-Team: Khmer <support khmeros info>\n"
+"Language: km\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: WordForge 0.8 RC1\n"
+"X-Language: km-KH\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "ម៉ាស៊ីនបម្រើបានទាមទារវិញ្ញាបនបត្ររបស់ TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "មិនអាចញែកវិញ្ញាបនបត្ររបស់ DER បានទេ ៖ %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "មិនអាចញែកវិញ្ញាបនបត្ររបស់ PEM បានទេ %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "មិនអាចញែកកូនសោឯកជនរបស់ DER បានទេ ៖ %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "មិនអាចញែកកូនសោឯកជនរបស់ PEM បានទេ ៖ %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "គ្មានទិន្នន័យវិញ្ញាបនបត្របានផ្ដល់ឡើយ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "មិនអាចធ្វើការតភ្ជាប់ TLS បានទេ ៖ %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "មិនអាចធ្វើការតភ្ជាប់ TLS បានទេ ៖ %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "បានបរាជ័យម៉ាស៊ីនក្នុងការប្រតិបត្តិ TLS handshake"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "ការតភ្ជាប់របស់ TLS បានបិទដោយមិនរំពឹង"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "កំហុសក្នុងការប្រតិបត្តិ TLS handshake ៖ %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "ម៉ាស៊ីនបម្រើបានទាមទារវិញ្ញាបនបត្ររបស់ TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "វិញ្ញាបនបត្ររបស់ TLS ដែលមិនអាចទទួលយកបាន"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "កំហុសក្នុងការអានទិន្នន័យពីរន្ធរបស់ TLS ៖ %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "កំហុសក្នុងការសរសេរទិន្នន័យអំពីរន្ធរបស់ TLS ៖ %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "កំហុសក្នុងការបិទ TLS ៖ %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "វិញ្ញាបនបត្រគ្មានកូនសោឯកជនឡើយ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "កំហុសខាងក្នុងរបស់កម្មវិធីដោះស្រាយប្រូកស៊ី ។"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "ម៉ាស៊ីនបានស្នើ TLS rehandshake ដែលមិនត្រឹមត្រូវ"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "វាជាឱកាសចុងក្រោយក្នុងការបញ្ចូល PIN ដោយត្រឹមត្រូវ មុនពេលថូខឹងត្រូវបានជាប់សោ ។"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "ការប៉ុនប៉ងរបស់ PIN មួយចំនួនមិនត្រឹមត្រូវ ហើយថូខឹងនឹងត្រូវបានជាប់សោ ក្រោយពីភាពបរាជ័យ
។"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "PIN បានបញ្ចូលមិនត្រឹមត្រូវ ។"
+
+#~ msgid "Module"
+#~ msgstr "ម៉ូឌុល"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "ទ្រនិចម៉ូឌុល PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "លេខសម្គាល់រន្ធ"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "ឧបករណ៍សម្គាល់រន្ធរបស់ PKCS#11"
diff --git a/po/kn.po b/po/kn.po
new file mode 100644
index 0000000..6beb739
--- /dev/null
+++ b/po/kn.po
@@ -0,0 +1,127 @@
+# Kannada translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Shankar Prasad <svenkate redhat com>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-03-31 22:40+0530\n"
+"Last-Translator: Shankar Prasad <svenkate redhat com>\n"
+"Language-Team: Kannada <kn li org>\n"
+"Language: kn\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.1\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr " ಪರಿಚಾರಕಕ್ಕೆ TSL ಪ್ರಮಾಣಪತ್ರದ ಅಗತ್ಯವಿದೆ"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER ಪ್ರಮಾಣಪತ್ರವನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM ಪ್ರಮಾಣಪತ್ರವನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER ಖಾಸಗಿ ಕೀಲಿಯನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM ಖಾಸಗಿ ಕೀಲಿಯನ್ನು ಪಾರ್ಸ್ ಮಾಡಲಾಗಿಲ್ಲ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "ಯಾವುದೆ ಪ್ರಮಾಣಪತ್ರ ದತ್ತಾಂಶವನ್ನು ಒದಗಿಸಲಾಗಿಲ್ಲ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS ಸಂಪರ್ಕವನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS ಸಂಪರ್ಕವನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS ಹ್ಯಾಂಡ್ಶೇಕ್ ಅನ್ನು ನಿರ್ವಹಿಸಲು ಪೀರ್-ನಿಂದ ಸಾಧ್ಯವಾಗಿಲ್ಲ"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS ಸಂಪರ್ಕವು ಅನಿರೀಕ್ಷಿತವಾಗಿ ನಿರ್ಗಮಿಸಿದೆ"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS ಹ್ಯಾಂಡ್ಶೇಕ್ ನಿರ್ವಹಿಸುವಾಗ ದೋಷ ಉಂಟಾಗಿದೆ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr " ಪರಿಚಾರಕಕ್ಕೆ TSL ಪ್ರಮಾಣಪತ್ರದ ಅಗತ್ಯವಿದೆ"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "TLS ಪ್ರಮಾಣಪತ್ರವನ್ನು ಒಪ್ಪಿಕೊಳ್ಳಲು ಸಾಧ್ಯವಿಲ್ಲ"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS ಸಾಕೆಟ್ನಿಂದ ದತ್ತಾಂಶವನ್ನು ಓದುವಲ್ಲಿ ದೋಷ ಉಂಟಾಗಿದೆ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS ಸಾಕೆಟ್ಗೆ ದತ್ತಾಂಶವನ್ನು ಬರೆಯುವಲ್ಲಿ ದೋಷ ಉಂಟಾಗಿದೆ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS ಮುಚ್ಚುವಿಕೆಯನ್ನು ನಿರ್ವಹಿಸುವಲ್ಲಿ ದೋಷ ಉಂಟಾಗಿದೆ: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "ಪ್ರಾಕ್ಸಿ ಪರಿಚಾರಕದ ಆಂತರಿಕ ದೋಷ."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "ಪೀರ್ ಒಂದು ಅನಧೀಕೃತವಾದ TLS ಮರುಹ್ಯಾಂಡ್ಶೇಕ್"
diff --git a/po/ko.po b/po/ko.po
new file mode 100644
index 0000000..c44c923
--- /dev/null
+++ b/po/ko.po
@@ -0,0 +1,158 @@
+# Korean translation for glib-openssl.
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Changwoo Ryu <cwryu debian org>, 2011-2013.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-12 02:31+0900\n"
+"Last-Translator: Changwoo Ryu <cwryu debian org>\n"
+"Language-Team: Korean <gnome-kr googlegroups com>\n"
+"Language: ko\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "연결이 닫혔습니다"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "동작이 중단됩니다"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "서버에 TLS 인증서가 필요합니다"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER 인증서를 파싱할 수 없습니다: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM 인증서를 파싱할 수 없습니다: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER 개인 키를 파싱할 수 없습니다: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM 개인 키를 파싱할 수 없습니다: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "인증서 데이터를 제공하지 않았습니다"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS 연결을 만들 수 없습니다: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS 연결을 만들 수 없습니다: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "상대편이 TLS 핸드셰이킹에 실패했습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS 연결 상대가 인증서를 보내지 않았습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS 핸드셰이킹에 오류가 발생했습니다: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "서버에서 올바른 TLS 인증서를 반환하지 않았습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "TLS 핸드셰이킹을 받아들일 수 없습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS를 닫는데 오류가 발생했습니다: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "인증서에 개인 키가 없습니다"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "프록시 리졸버 내부 오류."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "상대편이 잘못된 TLS 핸드셰이킹을 요청했습니다"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS 연결이 예상치 못하게 닫혔습니다"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "연결이 이미 닫혔습니다"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "PIN 입력 마지막 기회입니다. 한 번 더 실패하면 토큰을 잠급니다."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "여러 번의 PIN 시도가 모두 틀렸으므로, 앞으로 더 실패하면 해당 토큰을 잠급"
+#~ "니다."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "입력한 PIN이 올바르지 않습니다."
+
+#~ msgid "Module"
+#~ msgstr "모듈"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 모듈 포인터"
+
+#~ msgid "Slot ID"
+#~ msgstr "슬롯 아이디"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 슬롯 아이디"
diff --git a/po/lt.po b/po/lt.po
new file mode 100644
index 0000000..4bc654d
--- /dev/null
+++ b/po/lt.po
@@ -0,0 +1,160 @@
+# Lithuanian translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Aurimas Černius <aurisc4 gmail com>, 2011.
+# Algimantas Margevičius <margevicius algimantas gmail com>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-11-30 21:55+0300\n"
+"Last-Translator: Aurimas Černius <aurisc4 gmail com>\n"
+"Language-Team: Lietuvių <>\n"
+"Language: lt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n"
+"%100<10 || n%100>=20) ? 1 : 2)\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Ryšys užvertas"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Veiksmas blokuosis"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Serveris reikalauja TLS liudijimo"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nepavyko perskaityti DER liudijimo: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nepavyko perskaityti PEM liudijimo: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nepavyko perskaityti DER privataus rakto: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nepavyko perskaityti PEM privataus rakto: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nėra pateiktų liudijimo duomenų"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nepavyko užmegsti TLS ryšio: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nepavyko užmegsti TLS ryšio: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Kita pusė neatliko TLS rankos paspaudimo"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS ryšio porininkas neatsiuntė liudijimo"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Klaida atliekant TLS rankos paspaudimą: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serveris negrąžino teisingo TLS liudijimo"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Nepriimtinas TLS liudijimas"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Klaida skaitant duomenis iš TLS lizdo: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Klaida rašant duomenis į TLS lizdą: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Klaida atliekant TLS užvėrimą: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Liudijimas neturi privataus rakto"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Tarpininkų nustatytojo vidinė klaida."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Kita pusė paprašė neteisingo pakartotinio TLS rankos paspaudimo"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS ryšys netikėtai užsivėrė"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Ryšys jau užvertas"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Tai yra paskutinis šansas įvesti teisingą PIN, kitaip jūsų prieiga bus "
+#~ "užrakinta."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Keli PIN bandymai buvo neteisingi, jei taip ir toliau, bus užrakinta."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Įvestas PIN yra neteisingas."
+
+#~ msgid "Module"
+#~ msgstr "Modulis"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 modulio rodyklė"
+
+#~ msgid "Slot ID"
+#~ msgstr "Lizdo ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 lizdo identifikatorius"
diff --git a/po/lv.po b/po/lv.po
new file mode 100644
index 0000000..510e9d1
--- /dev/null
+++ b/po/lv.po
@@ -0,0 +1,160 @@
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Rūdolfs Mazurs <rudolfs mazurs gmail com>, 2012, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-17 20:22+0200\n"
+"Last-Translator: Rūdolfs Mazurs <rudolfs mazurs gmail com>\n"
+"Language-Team: Latvian <lata-l10n googlegroups com>\n"
+"Language: lv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.4\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : "
+"2);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Savienojums ir aizvērts"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Darbība bloķēs"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Serveris pieprasa TLS sertifikātu"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nevarēju noparsēt DER sertifikātu — %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nevarēju noparsēt PEM sertifikātu — %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nevarēju noparsēt DER privāto atslēgu — %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nevarēju noparsēt PEM privāto atslēgu — %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nav norādīti sertifikāta dati"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Neizdevās izveidot TLS savienojumu — %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Neizdevās izveidot TLS savienojumu — %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Dalībniekam neizdevās veikt TLS izaicinājumrokspiedienu"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS savienojuma dalībnieks neatsūtīja sertifikātu"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu — %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serveris neatgrieza derīgu TLS sertifikātu"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Nepieņemams TLS sertifikāts"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Kļūda, lasot datus no TLS ligzdas — %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Kļūda, rakstot datus TLS ligzdā — %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Kļūda, veicot TLS aizvēršanu — %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Sertifikātam nav privātās atslēgas"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Starpnieka risinātāja iekšēja kļūda."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Dalībnieks pieprasīja neatļautu TLS izaicinājumrokspiedienu"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS savienojums aizvērās negaidīti"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Savienojums jau ir aizvērts"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Šī ir pēdējā iespēja ievadīt pareizu PIN, pirms marķierierīce tiek "
+#~ "noslēgta."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Vairāki ievadītie PIN kodi ir bijuši nepareizi, un marķierierīce tiks "
+#~ "noslēgta pēc turpmākām neveiksmēm."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Ievadītais PIN kods ir nepareizs."
+
+#~ msgid "Module"
+#~ msgstr "Modulis"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 moduļa rādītājs"
+
+#~ msgid "Slot ID"
+#~ msgstr "Ligzdas ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 ligzdas identifikators"
diff --git a/po/ml.po b/po/ml.po
new file mode 100644
index 0000000..635752a
--- /dev/null
+++ b/po/ml.po
@@ -0,0 +1,159 @@
+# Malayalam translation for glib-openssl.
+# Copyright (C) 2012 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Manoj K <manojkmohanme03107 gmail com>, 2012.
+# Balasankar Chelamattath <c balasankar gmail com>, 2012
+# Anish A <aneesh nl gmail com>, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-02-15 11:30+0530\n"
+"Last-Translator: Anish A <aneesh nl gmail com>\n"
+"Language-Team: Swatantra Malayalam Computing\n"
+"Language: ml\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "ബന്ധം വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "പ്രക്രിയ തടസ്സപ്പെടും"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "സെര്വ്വരിന് TLS സാക്ഷ്യപത്രം ആവശ്യമാണ്. "
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "%s :DER സാക്ഷ്യപത്രം പാഴ്സ് ചെയ്യാന് സാധിക്കുന്നില്ല."
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "%s :PEM സാക്ഷ്യപത്രം പാഴ്സ് ചെയ്യാന് സാധിക്കുന്നില്ല."
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "%s :DER രഹസ്യ കീ പാഴ്സ് ചെയ്യാന് സാധിക്കുന്നില്ല."
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "%s :PEM രഹസ്യ കീ പാഴ്സ് ചെയ്യാന് സാധിക്കുന്നില്ല."
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "സാക്ഷ്യപത്രവിവരങ്ങള് ലഭ്യമല്ല"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "%s :TLS കണക്ഷന് നിര്മ്മിക്കാന് സാധിച്ചില്ല"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "%s :TLS കണക്ഷന് നിര്മ്മിക്കാന് സാധിച്ചില്ല"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS ഹാന്ഡ്ഷെയ്ക്ക് കാരണം പിയര് പ്രകടനം പരാജയപ്പെട്ടു"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS ബന്ധത്തിന്റെ പീയര് സാക്ഷ്യപത്രം അയ്ച്ചില്ല"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "%s: TLS ഹസ്തദാനം നടപ്പിലാക്കുന്നതില് പിഴവ്"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "സെര്വ്വര് സാധുവായ TLS സാക്ഷ്യപത്രം തന്നില്ല."
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "സ്വീകരിക്കാന് പറ്റാത TLS സാക്ഷ്യപത്രം"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "%s: TLS സോക്കറ്റില് നിന്നും ഡാറ്റ വായിക്കുന്നതില് പിഴവ് "
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "%s: TLS സോക്കറ്റിലേക്ക് ഡാറ്റ എഴുതുന്നതില് പിഴവ്"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "%s: TLS അടയ്ക്കുന്നതില് പരാജയപ്പെട്ടിരിക്കുന്നു"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "സാക്ഷ്യപത്രത്തിന്് സ്വകാര്യ താക്കോല് ഇല്ല "
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "പ്രോക്സി റിസോള്വറിന്റെ ആന്തരിക പിഴവ്."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "പിയര് നിയമാനുസൃതമല്ലാത്ത TLS ഹസ്തദാനം ആവശ്യപ്പെട്ടിരിക്കുന്നു"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS ബന്ധം അപ്രതീക്ഷിതമായി വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "ബന്ധം ഇതിനകം തന്നെ വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "ഇത് ടോക്കണ് പൂട്ടുന്നതിന് മുന്പായി PIN ശരിയായി കയറ്റാനുള്ള അവസാന അവസരമാണ്"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "ഒട്ടേറെ PIN ശ്രമങ്ങള് പരാജയപ്പെട്ടു, അതിനാല് ഇനിയുള്ള പരാജയങ്ങള്ക്ക് ശേഷം ടോക്കണ് പൂട്ടുന്നു"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "നല്കിയ അടയാളനമ്പര് തെറ്റാണ്."
+
+#~ msgid "Module"
+#~ msgstr "മൊഡ്യൂള്"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 മൊഡ്യൂള് പോയിന്റര്"
+
+#~ msgid "Slot ID"
+#~ msgstr "സ്ലോട്ട് ഐഡി"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 സ്ലോട്ട് ഐഡന്റിഫയര്"
diff --git a/po/mr.po b/po/mr.po
new file mode 100644
index 0000000..f25f0d4
--- /dev/null
+++ b/po/mr.po
@@ -0,0 +1,153 @@
+# translation of mr.po to Marathi
+# Marathi translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Sandeep Shedmake <sshedmak redhat com>, 2011, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: mr\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-03-28 10:00+0530\n"
+"Last-Translator: Sandeep Shedmake <sshedmak redhat com>\n"
+"Language-Team: Marathi <fedora-trans-mr redhat com>\n"
+"Language: mr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "सर्व्हरला TLS प्रमाणपत्र आवश्यक आहे"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "वाचणे अशक्य DER प्रमाणपत्र: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "वाचणे अशक्य PEM प्रमाणपत्र: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "वाचणे अशक्य DER व्यक्तिगत कि: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "वाचणे अशक्य PEM व्यक्तिगत कि: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "प्रमाणपत्र डाटा पुरवले नाही"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS जोडणी निर्माण करणे अशक्य: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS जोडणी निर्माण करणे अशक्य: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "पीअर TLS हँडशेक करण्यास अपयशी"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS जोडणी अनपेक्षीतरित्या बंद झाले"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS हँडशेकवेळी त्रुटी आढळली: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "सर्व्हरला TLS प्रमाणपत्र आवश्यक आहे"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "अस्वीकार्य TLS प्रमाणपत्र"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS सॉकेटपासून डाटा वाचतेवेळी त्रुटी: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS सॉकेटकरीता डाटा लिहतेवेळी त्रुटी: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS बंद करतेवेळी त्रुटी: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "प्रमामपत्रात प्राइव्हेट कि आढळली नाही"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "प्रॉक्सी रिजॉलव्हर आंतरिक त्रुटी."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "पीअरने बेकायदेशीर TLS पुनः हँडशेककरीता विनंती केली"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "टोकन कुलूपबंद करण्यापूर्वी PIN योग्यरित्या देण्याचा हा शेवटचा पर्याय आहे."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "बरेच दिलेले PIN अयोग्य आहेत, व पुढील अपयशनंतर तुमचे टोकन कुलूपबंद केले जाईल."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "दिलेले PIN अयोग्य आहे."
+
+#~ msgid "Module"
+#~ msgstr "मॉड्युल"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 मॉड्युल पॉइंटर"
+
+#~ msgid "Slot ID"
+#~ msgstr "स्लॉट ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 स्लॉट आइडेंटिफायर"
diff --git a/po/nb.po b/po/nb.po
new file mode 100644
index 0000000..2b4e4de
--- /dev/null
+++ b/po/nb.po
@@ -0,0 +1,157 @@
+# Norwegian bokmål translation of glib-openssl.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Kjartan Maraas <kmaraas gnome org>, 2011-2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl 2.35.x\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-01-21 12:27+0100\n"
+"Last-Translator: Kjartan Maraas <kmaraas gnome org>\n"
+"Language-Team: Norwegian bokmål <i18n-nb lister ping uio no>\n"
+"Language: nb\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Tilkoblingen er lukket"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operasjonen ville blokkere"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Tjener krever TLS-sertifikat"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Kunne ikke lese DER-sertifikat: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Kunne ikke lese PEM-sertifikat: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Kunne ikke lese privat DER-nøkkel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Kunne ikke lese privat PEM-nøkkel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Ingen sertifikatdata oppgitt"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kunne ikke lage TLS-tilkobling: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kunne ikke lage TLS-tilkobling: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Likemann feilet å utføre TLS-håndtrykk"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Sidemann for TLS-tilkobling sendte ikke et sertifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Feil under utføring av TLS-håndtrykk: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Tjener returnerte ikke et gyldig TLS-sertifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Uakseptabelt TLS-sertifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Feil under lesing av data fra TLS-plugg: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Feil under skriving av data til TLS-plugg: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Feil under utføring av lukking av TLS-tilkobling: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Sertifikatet har ingen privat nøkkel"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Intern feil i proxy-navneoppslag."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Likemann ba om ugyldig nytt TLS-håndtrykk"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-tilkobling ble lukket uventet"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Tilkoblingen er allerede lukket"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dette er siste sjanse til å oppgi korrekt PIN-kode før tokenet låses."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Flere feilede forsøk med PIN oppdaget. Token vil bli låst ved flere "
+#~ "feilede forsøk."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Oppgitt PIN er feil."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-modulpeker"
+
+#~ msgid "Slot ID"
+#~ msgstr "Plassidentifikator"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 plassidentifikator"
diff --git a/po/nl.po b/po/nl.po
new file mode 100644
index 0000000..406dc33
--- /dev/null
+++ b/po/nl.po
@@ -0,0 +1,158 @@
+# Dutch translation for glib-openssl
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Wouter Bolsterlee <wbolster gnome org>, 2011–2013
+# Rachid <rachidbm ubuntu com>, 2012.
+#
+# Peer - andere kant van de verbinding (heel vrij vertaald)
+msgid ""
+msgstr ""
+"Project-Id-Version: gconf\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-06-18 21:07+0200\n"
+"Last-Translator: Wouter Bolsterlee <wbolster gnome org>\n"
+"Language-Team: Dutch <vertaling vrijschrift org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server vereiste een TLS-certificaat"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Kon DER-certificaat niet parsen: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Kon PEM-certificaat niet parsen: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Kon DER-privésleutel niet parsen: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Kon PEM-privésleutel niet parsen: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Geen certificaatgegevens opgegeven"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kon geen TLS-verbinding maken: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kon geen TLS-verbinding maken: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Andere kant van de verbinding gaf geen TLS-handshake"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-verbinding onverwachts afgebroken"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fout bij uitvoeren van TLS-handshake: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server vereiste een TLS-certificaat"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Onacceptabel TLS-certificaat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Fout bij het lezen van de TLS-socket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Fout bij het schrijven naar de TLS-socket: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Fout bij sluiten van TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certificaat heeft geen privésleutel"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Interne fout in proxy-resolver."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dit is de laatste kans om het PIN correct in te voeren voordat de token "
+#~ "ongeldig wordt."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "U heeft meerdere malen een onjuiste PIN ingevoerd. Na verdere mislukte "
+#~ "pogingen wordt de token ongeldig."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Het ingevoerde PIN is onjuist."
+
+#~ msgid "Module"
+#~ msgstr "Module"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
+
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"
diff --git a/po/oc.po b/po/oc.po
new file mode 100644
index 0000000..7ecf579
--- /dev/null
+++ b/po/oc.po
@@ -0,0 +1,163 @@
+# Occitan translation for glib-openssl.
+# Copyright (C) 2011-2012 Listed translators
+# This file is distributed under the same license as the glib-openssl package.
+# Cédric Valmary <cvalmary yahoo fr>, 2015.
+# Cédric Valmary (Tot en òc) <cvalmary yahoo fr>, 2015.
+# Cédric Valmary (totenoc.eu) <cvalmary yahoo fr>, 2016.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2016-05-05 21:48+0200\n"
+"Last-Translator: Cédric Valmary (totenoc.eu) <cvalmary yahoo fr>\n"
+"Language-Team: Tot En Òc\n"
+"Language: oc\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+"X-Launchpad-Export-Date: 2015-05-21 17:44+0000\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "La connexion es tampada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'operacion se poiriá blocar"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Lo servidor requerís un certificat TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Impossible d'analisar lo certificat DER : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Impossible d'analisar lo certificat PEM : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Impossible d'analisar la clau privada DER : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Impossible d'analisar la clau privada PEM : %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Cap de donada de certificat pas provesida"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossible de crear una connexion TLS : %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossible de crear una connexion TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "La negociacion TLS amb lo servidor par a fracassat"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Lo par TLS a pas mandat cap de certificat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error al moment de la negociacion TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Lo servidor a pas renviat cap de certificat TLS valid"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptable"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Error al moment de la lectura de donadas del connectador TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Error al moment de l'escritura de donadas sul connectador TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Error al moment de la tampadura TLS : %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Lo certificat a pas cap de clau privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Error intèrna del resolvedor de servidor mandatari."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Lo servidor par a demandat una renegociacion TLS pas autorizada"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "La connexion TLS es estada tampada d'un biais imprevist"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de "
+#~ "piuse siá verrolhada."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo "
+#~ "verrolhatge de la carta de piuse."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Lo PIN picat es incorrècte."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Puntador de modul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID del connectador"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificant d'emplaçament PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connexion es ja tampada"
diff --git a/po/or.po b/po/or.po
new file mode 100644
index 0000000..899733b
--- /dev/null
+++ b/po/or.po
@@ -0,0 +1,154 @@
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Manoj Kumar Giri <mgiri redhat com>, 2011, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-04-05 17:32+0530\n"
+"Last-Translator: Manoj Kumar Giri <mgiri redhat com>\n"
+"Language-Team: Oriya <oriya-it googlegroups com>\n"
+"Language: or\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "ସର୍ଭର TLS ପ୍ରମାଣପତ୍ର ଆବଶ୍ୟକ କରିଥାଏ"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER ପ୍ରମାଣପତ୍ରକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM ପ୍ରମାଣପତ୍ରକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER ବ୍ୟକ୍ତିଗତ କିକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM ବ୍ୟକ୍ତିଗତ କିକୁ ବିଶ୍ଳେଷଣ କରିପାରିଲା ନାହିଁ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "କୌଣସି ପ୍ରମାଣପତ୍ର ତଥ୍ୟ ପ୍ରଦାନ କରାଯାଇନାହିଁ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS ସଂଯୋଗକୁ ନିର୍ମାଣ କରିପାରିଲା ନାହିଁ: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS ସଂଯୋଗକୁ ନିର୍ମାଣ କରିପାରିଲା ନାହିଁ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "ସହଯୋଗୀଟି TLS ହ୍ୟାଣ୍ଡସେକ କରିବାରେ ବିଫଳ ହେଲା"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS ସଂଯୋଗ ଅପ୍ରତ୍ୟାଶିତ ଭାବରେ ବନ୍ଦ ହୋଇଛି"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS ହ୍ୟାଣ୍ଡସେକ କରିବା ସମୟରେ ତ୍ରୁଟି: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "ସର୍ଭର TLS ପ୍ରମାଣପତ୍ର ଆବଶ୍ୟକ କରିଥାଏ"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "ଅଗ୍ରହଣୀୟ TLS ପ୍ରମାଣପତ୍ର"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS ସକେଟରୁ ତଥ୍ଯ ପଢିବାରେ ତୃଟି: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS ସକେଟରେ ତଥ୍ୟ ଲେଖିବାରେ ତୃଟି: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS ବନ୍ଦ କରିବା ସମୟରେ ତ୍ରୁଟି: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "ପ୍ରମାଣପତ୍ରରେ କୌଣସି ବ୍ୟକ୍ତିଗତ କି ନାହିଁ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "ପ୍ରକ୍ସି ସମାଧାନକାରୀ ଆଭ୍ଯନ୍ତରୀଣ ତୃଟି।"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "ସହଯୋଗୀଟି ଅବୈଧ TLS ରିହ୍ୟାଣ୍ଡସେକକୁ ଅନୁରୋଧ କରିଛି"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "ସଠିକ ଭାବରେ PIN ଭରଣ କରିବାର ଏହା ଅନ୍ତିମ ସୁଯୋଗ। ଏହା ପରେ ଟକେନଟି ଅପରିବର୍ତ୍ତନୀୟ ହୋଇଯିବ।"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "ଅନେକ PIN ଭୁଲ ଭାବରେ ଭରଣ କରାଯାଇଛି, ଏବଂ ଅନେକ ବିଫଳତା ହେତୁ ଟକେନଟିକୁ ଅପରିବର୍ତ୍ତନୀୟ "
+#~ "କରାଯାଇଛି।"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "ଭରଣ କରାଯାଇଥିବା PIN ଟି ଭୁଲ ଅଟେ।"
+
+#~ msgid "Module"
+#~ msgstr "ମୋଡ୍ଯୁଲ"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 ମୋଡ୍ୟୁଲ ସୂଚକ"
+
+#~ msgid "Slot ID"
+#~ msgstr "ସ୍ଲଟ ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 ସ୍ଲଟ ପରିଚାୟକ"
diff --git a/po/pa.po b/po/pa.po
new file mode 100644
index 0000000..6a23b20
--- /dev/null
+++ b/po/pa.po
@@ -0,0 +1,156 @@
+# Punjabi translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# A S Alam <aalam users sf net>, 2011, 2012, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-02-26 07:18+0530\n"
+"Last-Translator: A S Alam <aalam users sf net>\n"
+"Language-Team: Punjabi/Panjabi <punjabi-users lists sf net>\n"
+"Language: pa\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Lokalize 1.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "ਕੁਨੈਕਸ਼ਨ ਬੰਦ ਕੀਤਾ ਗਿਆ"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "ਕਾਰਵਾਈ ਰੋਕੀ ਜਾ ਸਕਦੀ ਹੈ"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "ਸਰਵਰ ਨੂੰ TLS ਸਰਟੀਫਿਕੇਤ ਚਾਹੀਦਾ ਹੈ"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER ਸਰਟੀਫਿਕੇਟ ਪਾਰਸ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਿਆ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM ਸਰਟੀਫਿਕੇਟ ਪਾਰਸ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਿਆ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER ਪ੍ਰਾਈਵੇਟ ਕੁੰਜੀ ਪਾਰਸ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM ਪ੍ਰਾਈਵੇਟ ਕੁੰਜੀ ਪਾਰਸ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "ਕੋਈ ਸਰਟੀਫਿਕੇਟ ਡਾਟਾ ਨਹੀਂ ਦਿੱਤਾ ਗਿਆ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਬਣਾਇਆ ਨਹੀਂ ਜਾ ਸਕਿਆ: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਬਣਾਇਆ ਨਹੀਂ ਜਾ ਸਕਿਆ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "ਪੀਅਰ TLS ਹੈਂਡਸੇਕ ਕਰਨ ਲਈ ਫੇਲ੍ਹ ਹੈ"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਪੀਅਰ ਨੇ ਸਰਟੀਫਿਕੇਟ ਵਾਪਸ ਨਹੀਂ ਭੇਜਿਆ"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS ਹੈਂਡਸੇਕ ਕਰਨ ਦੌਰਾਨ ਗਲਤੀ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "ਸਰਵਰ ਨੇ ਠੀਕ TLS ਸਰਟੀਫਿਕੇਟ ਵਾਪਸ ਨਹੀਂ ਕੀਤਾ ਹੈ"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "ਨਾ-ਮਨਜ਼ੂਰ TLS ਸਰਟੀਫਿਕੇਟ"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS ਸਾਕਟ ਤੋਂ ਡਾਟਾ ਪੜ੍ਹਨ ਲਈ ਫੇਲ੍ਹ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS ਸਾਕਟ ਲਈ ਡਾਟਾ ਪੜ੍ਹਨ ਦੌਰਾਨ ਗਲਤੀ: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS ਬੰਦ ਕਰਨ ਗਲਤੀ: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "ਸਰਟੀਫਿਕੇਟ ਲਈ ਕੋਈ ਪ੍ਰਾਈਵੇਟ ਕੁੰਜੀ ਨਹੀਂ ਹੈ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "ਪਰਾਕਸੀ ਹੱਲਕਰਤਾ ਅੰਦਰੂਨੀ ਗਲਤੀ ਹੈ।"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "ਪੀਅਰ ਨੇ ਗਲਤ TLS ਮੁੜ-ਹੈਂਡਸੇਕ ਲਈ ਮੰਗ ਕੀਤੀ"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS ਕੁਨੈਕਸ਼ਨ ਅਚਾਨਕ ਬੰਦ ਹੋ ਗਿਆ"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "ਕੁਨੈਕਸ਼ਨ ਪਹਿਲਾਂ ਹੀ ਬੰਦ ਹੈ"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "ਟੋਕਨ ਦੇ ਲਾਕ ਹੋਣ ਤੋਂ ਪਹਿਲਾਂ ਠੀਕ ਪਿੰਨ ਭਰਨ ਦਾ ਇਹ ਆਖਰੀ ਮੌਕਾ ਹੈ।"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "ਪਿੰਨ ਭਰਨ ਦੀਆਂ ਕਈ ਕੋਸ਼ਿਸ਼ ਗਲਤ ਹੋਈਆਂ ਹਨ ਅਤੇ ਫੇਰ ਟੋਕਨ ਹੋਰ ਫੇਲ੍ਹ ਦੇ ਬਾਅਦ ਲਾਕ ਹੋ ਜਾਵੇਗਾ।"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "ਦਿੱਤਾ ਗਿਆ ਪਿੰਨ ਗਲਤ ਹੈ।"
+
+#~ msgid "Module"
+#~ msgstr "ਮੋਡੀਊਲ"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 ਮੋਡੀਊਲ ਪੁਆਇੰਟਰ"
+
+#~ msgid "Slot ID"
+#~ msgstr "ਸਲਾਟ ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 ਸਲਾਟ ਪਛਾਣਕਰਤਾ"
diff --git a/po/pl.po b/po/pl.po
new file mode 100644
index 0000000..170dd38
--- /dev/null
+++ b/po/pl.po
@@ -0,0 +1,158 @@
+# Polish translation for glib-openssl.
+# Copyright © 2011-2016 the glib-openssl authors.
+# This file is distributed under the same license as the glib-openssl package.
+# Piotr Drąg <piotrdrag gmail com>, 2011-2016.
+# Aviary.pl <community-poland mozilla org>, 2011-2016.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2016-08-16 10:35+0200\n"
+"Last-Translator: Piotr Drąg <piotrdrag gmail com>\n"
+"Language-Team: Polish <community-poland mozilla org>\n"
+"Language: pl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+"|| n%100>=20) ? 1 : 2);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Połączenie jest zamknięte"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Działanie zablokowałoby"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Serwer wymaga certyfikatu TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nie można przetworzyć certyfikatu DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nie można przetworzyć certyfikatu PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nie można przetworzyć klucza prywatnego DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nie można przetworzyć klucza prywatnego PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nie podano danych certyfikatu"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nie można utworzyć połączenia TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nie można utworzyć połączenia TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Wykonanie powitania TLS przez partnera się nie powiodło"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Partner połączenia TLS nie wysłał certyfikatu"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Błąd podczas wykonywania powitania TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Nieakceptowalny certyfikat TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Błąd podczas zapisywania danych do gniazda TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Błąd podczas wykonywania zamknięcia TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certyfikat nie ma klucza prywatnego"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Wewnętrzny błąd rozwiązywania pośrednika."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Partner zażądał niedozwolonego ponownego powitania TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Połączenie TLS zostało nieoczekiwanie zamknięte"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "To jest ostatnia szansa na poprawne wpisanie kodu PIN przed zablokowaniem "
+#~ "tokena."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Przeprowadzono kilka niepoprawnych prób wpisania kodu PIN. Token zostanie "
+#~ "zablokowany po dalszych niepowodzeniach."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Wpisany kod PIN jest niepoprawny."
+
+#~ msgid "Module"
+#~ msgstr "Moduł"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Wskaźnik modułu PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Identyfikator gniazda"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identyfikator gniazda PKCS#11"
diff --git a/po/pt.po b/po/pt.po
new file mode 100644
index 0000000..2be8eda
--- /dev/null
+++ b/po/pt.po
@@ -0,0 +1,162 @@
+# Portuguese translation for glib-openssl.
+# Copyright © 2011, 2012, 2013 glib-openssl
+# This file is distributed under the same license as the glib-openssl package.
+# Duarte Loreto <happyguy_pt hotmail com>, 2011, 2012, 2013.
+#
+# Pedro Albuquerque <palbuquerque73 openmailbox com>, 2015.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: 3.8\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2015-06-24 09:24+0100\n"
+"Last-Translator: Pedro Albuquerque <palbuquerque73 openmailbox com>\n"
+"Language-Team: Português <palbuquerque73 openmailbox com>\n"
+"Language: pt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.6\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "A ligação está fechada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operação iria bloquear"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "O servidor requer um certificado TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Impossível processar o certificado DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Impossível processar o certificado PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Impossível processar a chave privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Impossível processar a chave privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Não foram indicados quaisquer dados de certificado"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossível criar uma ligação TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossível criar uma ligação TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "O destino falhou ao estabelecer a ligação (handshake) TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "O parceiro de ligação TLS não enviou um certificado"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erro ao estabelecer a ligação TLS (handshake): %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "O servidor não devolveu um certificado TLS válido"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceitável"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Erro ao ler dados do socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Erro ao escrever dados no socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Erro ao terminar a ligação TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certificado não tem chave privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Erro interno do solucionador de proxies."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Destino requereu novo handshake TLS ilegal"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Ligação TLS terminada inesperadamente"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta é a última oportunidade para introduzir corretamente o PIN antes de "
+#~ "que o símbolo seja trancado."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Foram introduzidos vários PINs incorretos e o símbolo será trancado caso "
+#~ "ocorram mais falhas."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN introduzido está incorreto."
+
+#~ msgid "Module"
+#~ msgstr "Módulo"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Ponteiro de módulo PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID de slot"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador de slot PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "A ligação já está fechada"
diff --git a/po/pt_BR.po b/po/pt_BR.po
new file mode 100644
index 0000000..3ef66d7
--- /dev/null
+++ b/po/pt_BR.po
@@ -0,0 +1,163 @@
+# Brazilian Portuguese translation of glib-openssl.
+# Copyright (C) 2012 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# André Gondim <In memoriam>, 2011.
+# Djavan Fagundes <djavan comum org>, 2011.
+# Jonh Wendell <jwendell gnome org>, 2012.
+# Rafael Ferreira <rafael f f1 gmail com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-02 13:21-0300\n"
+"Last-Translator: Antonio Fernandes C. Neto <fernandesn gnome org>\n"
+"Language-Team: Brazilian Portuguese <gnome-pt_br-list gnome org>\n"
+"Language: pt_BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "A conexão está encerrada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A operação bloquearia"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "O servidor requer certificado TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Não foi possível analisar certificado DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Não foi possível analisar certificado PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Não foi possível analisar chave privada DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Não foi possível analisar chave privada PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nenhum dado de certificado fornecido"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Não foi possível criar conexão TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Não foi possível criar conexão TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Peer falhou ao realizar negociação TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Conexão TLS não enviou um certificado"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erro executando negociação TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Servidor não retornou certificado TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceitável"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Erro ao ler dados do socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Erro ao gravar dados do socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Erro ao executar fechamento TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "O certificado não contém nenhuma chave privada"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Erro interno do resolvedor de proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "O peer requisitou uma negociação TLS ilegal"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Conexão TLS fechou inesperadamente"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "A conexão já está encerrada"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta é a última chance de digitar o PIN corretamente antes que o token "
+#~ "seja bloqueado."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "O PIN foi digitado várias vezes incorretamente, por isso o token será "
+#~ "bloqueado agora."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN digitado está incorreto."
+
+#~ msgid "Module"
+#~ msgstr "Módulo"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
+
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"
diff --git a/po/ro.po b/po/ro.po
new file mode 100644
index 0000000..d383199
--- /dev/null
+++ b/po/ro.po
@@ -0,0 +1,129 @@
+# Romanian translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Lucian Adrian Grijincu <lucian grijincu gmail com>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-03-14 02:02+0200\n"
+"Last-Translator: Lucian Adrian Grijincu <lucian grijincu gmail com>\n"
+"Language-Team: Romanian Gnome Team <gnomero-list lists sourceforge net>\n"
+"Language: ro\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
+"20)) ? 1 : 2);;\n"
+"X-Generator: Virtaal 0.6.1\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Serverul necesită certificat TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nu s-a putut parsa certificatul DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nu s-a putut parsa certificatul PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nu s-a putut parsa cheia privată DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nu s-a putut parsa cheia privată PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nu s-au furnizat date de certificat"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nu s-a putut crea conexiunea TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nu s-a putut crea conexiunea TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Celălalt capăt al conexiunii nu a reușit să efectueze handshake-ul TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "Conexiunea TLS a fost închisă în mod neașteptat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Eroare în timp ce se efectua handshake-ul TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serverul necesită certificat TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptabil"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Eroare la citirea datelor din socketul TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Eroare la scrierea datelor în socketul TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Eroare la închiderea TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Eroare internă în rezolvantul proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "Celălalt capăt al conexiunii a solicitat ilegal reefectuarea handshake-"
+#~ "ului TLS"
diff --git a/po/ru.po b/po/ru.po
new file mode 100644
index 0000000..b65ac96
--- /dev/null
+++ b/po/ru.po
@@ -0,0 +1,162 @@
+# Russian translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Pavel Dmitriev <Kitchenknif gmail com>, 2011.
+# Yuri Myasoedov <omerta13 yandex ru>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-17 23:11+0400\n"
+"Last-Translator: Dmitriy S. Seregin <dseregin 59 ru>\n"
+"Language-Team: русский <gnome-cyr gnome org>\n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"X-Generator: Poedit 1.5.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Соединение закрыто"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Действие будет заблокировано"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Сервер требует сертификат TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Не удалось обработать сертификат DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Не удалось обработать сертификат PER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Не удалось обработать личный ключ DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Не удалось обработать личный ключ PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Данные сертификата не предоставлены"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не удалось создать соединение TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Не удалось создать соединение TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Узлу не удалось квитировать выполнение связи TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Узел, с которым производится TLS-соединение, не предоставил сертификат"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Ошибка выполнения квитирования связи TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сертификат TLS, возвращённый сервером, не является подлинным"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Недопустимый сертификат TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Ошибка чтения данных из сокета TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Ошибка записи данных в сокет TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Ошибка закрытия TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "У сертификата нет секретного ключа"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Внутренняя ошибка распознавателя прокси."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Узел запросил недопустимое повторное квитирование связи TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Соединение TLS неожиданно закрылось"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Соединение было закрыто ранее"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Это — последняя возможность ввести корректный PIN перед тем, как токен "
+#~ "будет заблокирован."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "PIN был несколько раз введён неправильно, токен будет заблокирован после "
+#~ "последующих неудачных попыток."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Введён неверный PIN."
+
+#~ msgid "Module"
+#~ msgstr "Модуль"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Указатель модуля PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID слота"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Идентификатор слота PKCS#11"
diff --git a/po/sk.po b/po/sk.po
new file mode 100644
index 0000000..361ff6d
--- /dev/null
+++ b/po/sk.po
@@ -0,0 +1,160 @@
+# Slovak translation for glib-openssl.
+# Copyright (C) 2012 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Richard Stanislavský <kenny vv gmail com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-24 13:14+0100\n"
+"Last-Translator: Richard Stanislavský <kenny vv gmail com>\n"
+"Language-Team: Slovak <gnome-sk-list gnome org>\n"
+"Language: sk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 1 : (n>=2 && n<=4) ? 2 : 0;\n"
+"X-Generator: Poedit 1.5.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Pripojenie je ukončené"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operácia by blokovala"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Server požaduje certifikát pre TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nepodarilo sa analyzovať certifikát v kodovaní DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nepodarilo sa analyzovať certifikát v kodovaní PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nie sú dostupné údaje certifikátu"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nepodarilo sa vytvoriť pripojenie s použitím TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nepodarilo sa vytvoriť pripojenie s použitím TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Partner zlyhal pri vzájomnom spoznaní pomocou TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Partner neposlal certifikát pre pripojenie TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Chyba vzájomného spoznania s použitím TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server nevrátil platný certifikát pre TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Neprijateľný certifikát pre TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Chyba pri čítaní údajov zo soketu s použitím TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Chyba pri zapisovaní údajov do soketu s použitím TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Chyba pri uzatváraní spojenia s použitím TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certifikát nemá súkromný kľúč"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Vnútorná chyba sprostredkovateľa."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Partner žiadal nelegálne opätovné vzájomné spoznanie pomocou TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Pripojenie pomocou TLS bolo nečakane ukončené"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Pripojenie je už ukončené"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Toto je posledná možnosť na vloženie správneho kódu PIN predtým, ako bude "
+#~ "token uzamknutý."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Niekoľko pokusov zadať kód PIN bolo nesprávnych, po niekoľkých ďalších "
+#~ "nesprávnych pokusoch bude token uzamknutý."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Vložený kód PIN je nesprávny."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Ukazovateľ na modul štandardu PKCS č.11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Identifikátor slotu"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Idntifikátor slotu štandardu PKCS č.11"
diff --git a/po/sl.po b/po/sl.po
new file mode 100644
index 0000000..49a7ad7
--- /dev/null
+++ b/po/sl.po
@@ -0,0 +1,163 @@
+# Slovenian translation for glib-openssl.
+# Copyright (C) 2011 Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Klemen Košir <klemen kosir gmx com>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-12-18 08:24+0100\n"
+"Last-Translator: Matej Urbančič <mateju svn gnome org>\n"
+"Language-Team: Slovenian GNOME Translation Team <gnome-si googlegroups com>\n"
+"Language: sl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n"
+"%100==4 ? 3 : 0);\n"
+"X-Poedit-SourceCharset: utf-8\n"
+"X-Generator: Poedit 1.5.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Povezava je zaprta"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Opravilo bi zaustavilo delovanje"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Strežnik potrebuje potrdilo TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Zasebnega potrdila DER ni mogoče razčleniti: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Zasebnega potrdila PEM ni mogoče razčleniti: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Zasebnega ključa DER ni mogoče razčleniti: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Zasebnega ključa PEM ni mogoče razčleniti: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Podatki o potrdilu niso bili podani"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Povezave TLS ni mogoče ustvariti: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Povezave TLS ni mogoče ustvariti: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Soležniku ni uspelo izvesti izmenjave signalov TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Povezani soležnik ni vrnil veljavnega potrdila TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Napaka med izvajanjem izmenjave signalov TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Strežnik ni vrnil veljavnega potrdila TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Nesprejemljivo potrdilo TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Napaka med branjem podatkov iz vtiča TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Napaka med zapisovanjem podatkov v vtič TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Napaka med izvajanjem zapiranja TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Potrdilo nima določenega zasebnega ključa"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Notranja napaka razreševalnika posredniškega strežnika."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Soležnik je zahteval nedovoljeno ponovno izmenjavo signalov TLS"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Povezava TLS se je nepričakovano zaprla"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Povezava je že zaprta"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "To je zadnja priložnost za pravilen vnos gesla PIN preden se dostop "
+#~ "popolnoma zaklene."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Več poskusov vnosa gesla PIN je bilo neuspešnih. Vnos bo po ponovni "
+#~ "napaki popolnoma zakljenjen."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Vneseno geslo PIN je nepravilno."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Kazalnik odkodirnika PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID odkodirnika"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Določilo odkodirnika PKCS#11"
diff --git a/po/sr.po b/po/sr.po
new file mode 100644
index 0000000..6e35138
--- /dev/null
+++ b/po/sr.po
@@ -0,0 +1,160 @@
+# Serbian translation of glib-openssl
+# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2013.
+# This file is distributed under the same license as the glib-openssl package.
+# Мирослав Николић <miroslavnikolic rocketmail com>, 2011, 2012, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-01-18 11:59+0200\n"
+"Last-Translator: Мирослав Николић <miroslavnikolic rocketmail com>\n"
+"Language-Team: Serbian <gnom prevod org>\n"
+"Language: sr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n"
+"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Веза је затворена"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Поступак би блокирао"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "ТЛС уверење које захтева сервер"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Не могу да обрадим ДЕР уверење: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Не могу да обрадим ПЕМ уверење: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Не могу да обрадим приватни ДЕР кључ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Не могу да обрадим приватни ПЕМ кључ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Нису обезбеђени подаци уверења"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не могу да направим ТЛС везу: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Не могу да направим ТЛС везу: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Парњак није успео да изврши ТЛС руковање"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Парњак ТЛС везе није послао уверење"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Грешка у извршавању ТЛС руковања: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сервер није вратио исправно ТЛС уверење"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Неприхватљиво ТЛС уверење"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Грешка приликом читања података са ТЛС прикључка: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Грешка приликом уписивања података у ТЛС прикључак: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Грешка у извршавању ТЛС затварања: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Уверење нема приватни кључ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Унутрашња грешка решавача посредника."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Парњак је затражио илегално ТЛС поновно руковање"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "ТЛС веза је неочекивано затворена"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Веза је већ затворена"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ово је последња прилика да исправно унесете ПИН пре него што карика буде "
+#~ "закључана."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Неколико унешених ПИН-ова је било неисправно, и зато ће карика бити "
+#~ "закључана након будућих неуспеха."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Унешени ПИН је погрешан."
+
+#~ msgid "Module"
+#~ msgstr "Модул"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Указивач ПКЦС#11 модула"
+
+#~ msgid "Slot ID"
+#~ msgstr "ИБ слота"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Одредник ПКЦС#11 слота"
diff --git a/po/sr latin po b/po/sr latin po
new file mode 100644
index 0000000..82fe5f2
--- /dev/null
+++ b/po/sr latin po
@@ -0,0 +1,160 @@
+# Serbian translation of glib-openssl
+# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2013.
+# This file is distributed under the same license as the glib-openssl package.
+# Miroslav Nikolić <miroslavnikolic rocketmail com>, 2011, 2012, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-01-18 11:59+0200\n"
+"Last-Translator: Miroslav Nikolić <miroslavnikolic rocketmail com>\n"
+"Language-Team: Serbian <gnom prevod org>\n"
+"Language: sr@latin\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n"
+"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Veza je zatvorena"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Postupak bi blokirao"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "TLS uverenje koje zahteva server"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Ne mogu da obradim DER uverenje: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Ne mogu da obradim PEM uverenje: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Ne mogu da obradim privatni DER ključ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Ne mogu da obradim privatni PEM ključ: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Nisu obezbeđeni podaci uverenja"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ne mogu da napravim TLS vezu: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ne mogu da napravim TLS vezu: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Parnjak nije uspeo da izvrši TLS rukovanje"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Parnjak TLS veze nije poslao uverenje"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška u izvršavanju TLS rukovanja: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server nije vratio ispravno TLS uverenje"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljivo TLS uverenje"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Greška prilikom čitanja podataka sa TLS priključka: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Greška prilikom upisivanja podataka u TLS priključak: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Greška u izvršavanju TLS zatvaranja: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Uverenje nema privatni ključ"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Unutrašnja greška rešavača posrednika."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Parnjak je zatražio ilegalno TLS ponovno rukovanje"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS veza je neočekivano zatvorena"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Veza je već zatvorena"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ovo je poslednja prilika da ispravno unesete PIN pre nego što karika bude "
+#~ "zaključana."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Nekoliko unešenih PIN-ova je bilo neispravno, i zato će karika biti "
+#~ "zaključana nakon budućih neuspeha."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Unešeni PIN je pogrešan."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Ukazivač PKCS#11 modula"
+
+#~ msgid "Slot ID"
+#~ msgstr "IB slota"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Odrednik PKCS#11 slota"
diff --git a/po/sv.po b/po/sv.po
new file mode 100644
index 0000000..dcd45cb
--- /dev/null
+++ b/po/sv.po
@@ -0,0 +1,159 @@
+# Swedish translation for glib-openssl.
+# Copyright © 2011, 2014 Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+# Daniel Nylander <po danielnylander se>, 2011.
+# Anders Jonsson <anders jonsson norsjovallen se>, 2014.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2014-05-17 00:56+0100\n"
+"Last-Translator: Anders Jonsson <anders jonsson norsjovallen se>\n"
+"Language-Team: Swedish <tp-sv listor tp-sv se>\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Anslutningen är stängd"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operationen skulle blockera"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Servern krävde TLS-certifikat"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Kunde inte tolka DER-certifikat: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Kunde inte tolka PEM-certifikat: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Kunde inte tolka privat DER-nyckel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Kunde inte tolka privat PEM-nyckel: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Inget certifikatdata tillhandahölls"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kunde inte skapa TLS-anslutning: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kunde inte skapa TLS-anslutning: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Motparten misslyckades med att genomföra TLS-handskakning"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-anslutningens motpart sände inte ett certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fel vid genomförande av TLS-handskakning: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Servern returnerade inte ett giltigt TLS-certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Ej acceptabelt TLS-certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Fel vid läsning av data från TLS-uttag: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Fel vid skrivning av data till TLS-uttag: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Fel vid genomförande av TLS-stängning: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Certifikatet har ingen privat nyckel"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Internt fel i proxyuppslag."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Motparten begärde otillåten TLS-återhandskakning"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS-anslutningen stängdes oväntat"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Anslutningen är redan stängd"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Detta är sista försöket att ange PIN-koden korrekt innan kortet låses."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid "
+#~ "ytterligare felaktiga försök."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Angiven PIN-kod är felaktig."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-modulpekare"
+
+#~ msgid "Slot ID"
+#~ msgstr "Plats-id"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11-platsidentifierare"
diff --git a/po/ta.po b/po/ta.po
new file mode 100644
index 0000000..33049c9
--- /dev/null
+++ b/po/ta.po
@@ -0,0 +1,127 @@
+# Tamil translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+#
+# I Felix <ifelix redhat com>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-09-09 12:18+0530\n"
+"Last-Translator: I Felix <ifelix redhat com>\n"
+"Language-Team: Tamil <ta li org>\n"
+"Language: ta\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.2\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "சேவையகத்திற்கு TLS சான்றிதழ் தேவைப்படுகிறது"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER சான்றிதழை பிரிக்க முடியவில்லை: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM சான்றிதழை பிரிக்க முடியவில்லை: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER தனிபட்ட விசையை பிரிக்க முடியவில்லை: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM தனிபட்ட விசையை பிரிக்க முடியவில்லை:% s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "சான்றிதழ் தரவு எதுவும் வழங்கப்படவில்லை"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS இணைப்பை உருவாக்க முடியவில்லை: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS இணைப்பை உருவாக்க முடியவில்லை: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS கைகுலுக்கலில் பீரால் செயற்படுத்த முடியவில்லை"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "எதிர்பாராதவிதமாக TLS இணைப்பு மூடப்பட்டது"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS கைக்குலுக்கலில் பிழையை செயற்படுத்துகிறது: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "சேவையகத்திற்கு TLS சான்றிதழ் தேவைப்படுகிறது"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "ஏற்றுக்கொள்ள முடியாத TLS சான்றிதழ்"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS சாக்கெட்டிலிருந்து பிழை வாசிக்கும் தரவு: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS சாக்கெட்டிற்கு பிழை எழுதும் தரவு: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS மூடுவதில் பிழையை செயற்படுத்துகிறது: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "ப்ராக்ஸி ரிசால்வர் உள்ளார்ந்த பிழை."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "பீரானது சட்ட விரோதமான TLS மீண்டும் கைகுலுக்கலை கோருகிறது"
diff --git a/po/te.po b/po/te.po
new file mode 100644
index 0000000..b5bd999
--- /dev/null
+++ b/po/te.po
@@ -0,0 +1,160 @@
+# Copyright (C) 2011, 2012 Swecha Telugu Localisation team
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Hari Krishna <hari swecha net>, 2011.
+# Bhuvan Krishna <bhuvan swecha net>, 2012.
+# Krishnababu Krothapalli <kkrothap redhat com>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-network.master.te\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2012-08-14 13:48+0530\n"
+"Last-Translator: Krishnababu Krothapalli <kkrothap redhat com>\n"
+"Language-Team: Telugu <Indlinux-telugu lists sourceforge net>\n"
+"Language: te\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+"X-Generator: Lokalize 1.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "అనుసంధానం మూసివేయబడింది"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "ఆపరేషన్ నిరోధించబడును"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "TLS ధృవీకరణపత్రము సేవికకు అవసరం "
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER ధృవీకరణపత్రము పార్స్ చేయుట కుదరుటలేదు: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM ధృవీకరణపత్రము పార్స్ చేయుట కుదరుటలేదు: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER స్వంతతాళం పార్స్ చేయుట కుదరుటలేదు: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM స్వంతతాళం పార్స్ చేయుట కుదరుటలేదు: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "ధృవీకరణపత్ర దత్తాశం అమర్చబడలేదు "
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS అనుసంధానం సృష్టించడం కుదరుటలేదు: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS అనుసంధానం సృష్టించడం కుదరుటలేదు: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "TLS హాండ్ షేక్ నెరవేర్చటకు పీర్ విఫలం "
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "సేవిక చెల్లునటువంటి TLS ధృవీకరణపత్రం తిప్పియీయలేదు"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS హాండ్ షేక్ నెరవేర్చటలో విఫలం: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "సేవిక చెల్లునటువంటి TLS ధృవీకరణపత్రం తిప్పియీయలేదు"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "అంగీకరించని TLS ధృవీకరణపత్రము "
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS తొర్ర లో దత్తంశం పఠించుటలో దొషం: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS తొర్ర లో దత్తంశం లిఖించుట లో దొషం: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS మూయడంలో దోషం: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "సర్టిఫికేట్ కు స్వంతతాళం లెదు"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "అంతర్గత ప్రాతినిధ్య పరిష్కారములో దోషం "
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "న్యాయవిరోధమైన TLS తిరిగి హాండ్ షేక్ పీర్ అడిగినది "
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS బంధం ఊహించని విధంగా రద్దైపోయినది "
+
+#~ msgid "Connection is already closed"
+#~ msgstr "అనుసంధానం యిప్పటికే మూయబడెను"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "టోకెన్ తాళం వెసె ముందు సరైన PIN ను నమోదు చివరి అవకాశం"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "మీరు చేసిన అనేక PIN ప్రయత్నాలు సరైనవి కాదు, అందువల్ల తదుపరి తప్పిదాలు జరగకుండా టోకెన్ లాక్ "
+#~ "చేయబడినది"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "నమోదు చేసిన PIN సరైనది కాదు"
+
+#~ msgid "Module"
+#~ msgstr "అధిభాగం"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 అధిభాగం సూచిక"
+
+#~ msgid "Slot ID"
+#~ msgstr "జాబితా ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 జాబితా గుర్తింపుచిహ్నం"
diff --git a/po/tg.po b/po/tg.po
new file mode 100644
index 0000000..ea8cd2d
--- /dev/null
+++ b/po/tg.po
@@ -0,0 +1,159 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Victor Ibragimov <victor ibragimov gmail com>, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Tajik Gnome\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-10-09 14:52+0500\n"
+"Last-Translator: Victor Ibragimov <victor ibragimov gmail com>\n"
+"Language-Team: \n"
+"Language: tg\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.5.7\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Пайваст пӯшонида шудааст"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Амалиёт баста мешавад"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Сервер гувоҳиномаи TLS-ро дархост кардааст"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Гувоҳиномаи DER таҷзия карда нашуд: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Гувоҳиномаи PEM таҷзия карда нашуд: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Калиди шахсии DER таҷзия карда нашуд: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Калиди шахсии PEM таҷзия карда нашуд: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Ягон иттилооти гувоҳинома таъмин нашудааст"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Пайвасти TLS эҷод карда нашуд: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Пайвасти TLS эҷод карда нашуд: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Ҳамсон даъвати TLS-ро иҷро карда натавонист"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Ҳамсони пайвати TLS гувоҳиномаро фиристода накард"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Даъвати TLS бо хато иҷро карда шуд: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сервер бо гувоҳиномаи TLS-и боэътибор ҷавоб надод"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Гувоҳиномаи TLS-и нораво"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Хатои хониши маълумот аз бастагоҳи TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Хатои навишти маълумот ба бастагоҳи TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Пӯшидани TLS бо хато иҷро карда шудааст: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Гувоҳинома калиди шахсӣ надрад"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Хатои дарунии ислоҳкунандаи Proxy."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Ҳамсон даъвати дастнораси TLS-ро дархост кард"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Пайвасти TLS ногаҳон пӯшида шудааст"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Пайваст аллакай пӯшида шудааст"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ин маротибаи охирин барои вориди рамзи PIN-и дуруст пеш аз қулфи вуруд "
+#~ "мебошад."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Баъзе кӯшишҳои вориди PIN бо хато иҷро шудаанд ва вуруд баъд аз кӯшишҳои "
+#~ "нокомии навбатӣ қулф мешавад."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Рамзи PIN-и воридшуда нодуруст аст."
+
+#~ msgid "Module"
+#~ msgstr "Модул"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Нишондиҳандаи модули PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Ковокии рамзи ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Идентификатори ковокии PKCS#11"
diff --git a/po/th.po b/po/th.po
new file mode 100644
index 0000000..87898dc
--- /dev/null
+++ b/po/th.po
@@ -0,0 +1,156 @@
+# Thai translation for glib-openssl.
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+# Unticha Pramgoed <unticha gmail com>, 2011-2012.
+# Theppitak Karoonboonyanan <thep linux thai net>, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-09 11:45+0700\n"
+"Last-Translator: Theppitak Karoonboonyanan <thep linux thai net>\n"
+"Language-Team: Thai <thai-l10n googlegroups com>\n"
+"Language: th\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: UTF-8\n"
+"\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "การเชื่อมต่อถูกปิดไปแล้ว"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "ปฏิบัติการจะบล็อค"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "เซิร์ฟเวอร์ต้องการใบรับรอง TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "ไม่สามารถแจงใบรับรอง DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "ไม่สามารถแจงใบรับรอง PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "ไม่สามารถแจงกุญแจส่วนตัว DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "ไม่สามารถแจงกุญแจส่วนตัว PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "ไม่มีข้อมูลใบรับรอง"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "ไม่สามารถสร้างการเชื่อมต่อ TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "ไม่สามารถสร้างการเชื่อมต่อ TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "อีกฝ่ายหนึ่งดำเนินการ TLS handshake ไม่สำเร็จ"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "คู่สายการเชื่อมต่อ TLS ไม่ส่งใบรับรองมา"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "เกิดข้อผิดพลาดขณะดำเนินการ TLS handshake: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "เซิร์ฟเวอร์ไม่คืนใบรับรอง TLS ที่ถูกต้อง"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "ใบรับรอง TLS ไม่เป็นที่ยอมรับ"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "เกิดข้อผิดพลาดขณะอ่านข้อมูลจากซ็อกเก็ต TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "เกิดข้อผิดพลาดขณะเขียนข้อมูลลงซ็อกเก็ต TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "เกิดข้อผิดพลาดขณะดำเนินการปิด TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "ใบรับรองไม่มีกุญแจส่วนตัว"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "เกิดข้อผิดพลาดภายในของบริการเปิดหาพร็อกซี"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "อีกฝ่ายหนึ่งร้องขอ TLS rehandshake ไม่ถูกต้อง"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "การเชื่อมต่อ TLS ปิดอย่างกะทันหัน"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "การเชื่อมต่อถูกปิดไปเรียบร้อยแล้ว"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "นี่เป็นโอกาสสุดท้ายที่จะป้อน PIN ให้ถูกต้อง ก่อนโทเค็นจะถูกล็อค"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "ป้อน PIN ผิดมาแล้วหลายครั้ง และโทเค็นจะถูกล็อคถ้ายังป้อนผิดอีก"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "PIN ที่ป้อนไม่ถูกต้อง"
+
+#~ msgid "Module"
+#~ msgstr "มอดูล"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "ตัวชี้มอดูล PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "หมายเลข Slot"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "ตัวระบุ Slot PKCS#11"
diff --git a/po/tr.po b/po/tr.po
new file mode 100644
index 0000000..d62dc48
--- /dev/null
+++ b/po/tr.po
@@ -0,0 +1,161 @@
+# Turkish translation for glib-openssl.
+# Copyright (C) 2011 the Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+#
+# Muhammed Eken <gnome m-eken com>, 2011.
+# Ozan Çağlayan <ozancag gmail com>, 2013.
+# Muhammet Kara <muhammetk gmail com>, 2011, 2012, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-04-08 12:09+0300\n"
+"Last-Translator: Muhammet Kara <muhammetk gmail com>\n"
+"Language-Team: Türkçe <gnome-turk gnome org>\n"
+"Language: tr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Gtranslator 2.91.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Bağlantı kapalı"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Bloke eden işlem"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Sunucu TLS sertifikası talep etti"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER sertifikası ayrıştırılamadı: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM sertifikası ayrıştırılamadı: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER özel anahtarı ayrıştırılamadı: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM özel anahtarı ayrıştırılamadı: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Sertifika verisi sağlanmadı"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS bağlantısı oluşturulamadı: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS bağlantısı oluşturulamadı: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Uç, TLS el sıkışmasını başaramadı"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS bağlantı ucu sertifika göndermedi"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS el sıkışması sırasında hata: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Sunucu geçerli bir TLS sertifikası döndürmedi"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "TLS sertifikası kabul edilemez"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS soketinden veri okurken hata: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS soketine veri yazarken hata: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS kapatma işleminde hata: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Sertifikanın özel anahtarı yok"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Proxy çözücü iç hatası."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Uç, kural dışı TLS el sıkışması talep etti"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS bağlantısı beklenmedik şekilde sonlandı"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Bağlantı zaten kapalı"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Bu, simge (token) kilitlenmeden önce PIN kodunu doğru girmeniz için son "
+#~ "şanstır."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "PIN daha fazla yanlış girilirse simge (token) kilitlenecektir."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Girilen PIN hatalı."
+
+#~ msgid "Module"
+#~ msgstr "Modül"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Modül İşaretçisi"
+
+#~ msgid "Slot ID"
+#~ msgstr "Yuva Kimliği (Slot ID)"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Yuva Tanımlayıcısı"
diff --git a/po/ug.po b/po/ug.po
new file mode 100644
index 0000000..966f139
--- /dev/null
+++ b/po/ug.po
@@ -0,0 +1,155 @@
+# Uyghur translation for glib-openssl.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Gheyret Kenji <gheyret yahoo com>, 2010.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-02-22 22:21+0900\n"
+"Last-Translator: Gheyret Kenji <gheyret gmail com>\n"
+"Language-Team: Uyghur Computer Science Association <UKIJ yahoogroups com>\n"
+"Language: ug\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "باغلىنىش تاقالدى"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "مەشغۇلات توسۇلىدۇ"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "مۇلازىمېتىر TLS ئىسپاتنامىسى تەلەپ قىلىدۇ"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER ئىسپاتنامىسىنى يېشەلمىدى: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM ئىسپاتنامىسىنى يېشەلمىدى: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER شەخسىي ئاچقۇچىنى يېشەلمىدى: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM شەخسىي ئاچقۇچىنى يېشەلمىدى: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "ئىسپاتنامە سانلىق-مەلۇماتلىرى تەمىنلەنمىگەن"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS باغلىنىشى قۇرالمىدى:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS باغلىنىشى قۇرالمىدى:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "قارىشى تەرەپ TLS سالىمىدا مەغلۇپ بولدى"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS باغلىنىشىدىكى قارىشى تەرەپ گۇۋاھنامىنى ئەۋەتمىدى"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS بىلەن سالاملىشىشتا خاتالىق كۆرۈلدى: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "مۇلازىمېتىر ئىناۋەتلىك TLS گۇۋاھنامىسىنى قايتۇرمىدى"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "قوبۇل قىلىنمايدىغان ئىسپاتنامە"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS سوكېتىدىن سانلىق-مەلۇمات ئوقۇشتا خاتالىق كۆرۈلدى: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS سوكېتىغا سانلىق-مەلۇمات يېزىشتا خاتالىق كۆرۈلدى: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS تاقاش مەشغۇلاتىدا خاتالىق كۆرۈلدى: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "گۇۋاھنامىنىڭ شەخسىي ئاچقۇچى يوق ئىكەن"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "ۋاكالەتچى ھەل قىلغۇچ ئىچكى خاتالىقى."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Peer(باشقىلار) TLS قايتا سالىمىدا ناتوغرا سالام قىلدى"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "قارىشى تەرەپ توغرا بولمىغان TLS سالىمىنى تەلەپ قىلدى"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "باغلىنىش ئاللىقاچان تاقالغان"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "بۇ سىزنىڭ ئەڭ ئاخىرقى پۇرسىتىڭىز. يەنە خاتالاشسىڭىز قۇلۇپلىنىپ قالىدۇ."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "بىر قانچە قېتىم خاتالاشتىڭىز. يەنە خاتالاشسىڭىز قۇلۇپلىنىپ قالىدۇ."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "كىرگۈزگەن PIN توغرا ئەمەس."
+
+#~ msgid "Module"
+#~ msgstr "بۆلەك"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 بۆلەك كۆرسەتكۈچى"
+
+#~ msgid "Slot ID"
+#~ msgstr "ئوقۇر ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 ئوقۇر كىملىكى"
diff --git a/po/uk.po b/po/uk.po
new file mode 100644
index 0000000..2b78413
--- /dev/null
+++ b/po/uk.po
@@ -0,0 +1,158 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# Korostil Daniel <ted korostiled gmail com>, 2011.
+# Alexandr Toorchyn <ilex mail ua>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: 1.0\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2011-12-11 14:59+0300\n"
+"Last-Translator: Korostil Daniel <ted korostiled gmail com>\n"
+"Language-Team: translation linux org ua\n"
+"Language: uk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"X-Generator: Virtaal 0.6.1\n"
+"X-Project-Style: gnome\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Сервер потребує сертифікат TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Неможливо проаналізувати сертифікат DER: %s "
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Неможливо проаналізувати сертифікат PEM: %s "
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Неможливо проаналізувати закритий ключ DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Неможливо проаналізувати закритий ключ PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Не надано даних сертифіката"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Неможливо створити з'єднання TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Неможливо створити з'єднання TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Не вдалось виконати з'єднання TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+#, fuzzy
+msgid "TLS connection peer did not send a certificate"
+msgstr "Раптово закрито з'єднання TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Помилка виконання з'єднання TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+#, fuzzy
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сервер потребує сертифікат TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Неприпустимий сертифікат TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Помилка зчитування даних з гнізда TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Помилка запису даних у гніздо TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Помилка закриття TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Сертифікат не має закритого ключа"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Внутрішня помилка розв'язника проксі."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Вузол потребує нелегального перез'єднання TLS"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Це останній шанс, щоб ввести код PIN правильно, перш ніж розпізнавальний "
+#~ "знак заблокується."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Кілька спроб вводу коду PIN були неправильними, і розпізнавальний знак "
+#~ "буде заблокований після подальших невдач."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Код PIN уведено неправильно."
+
+#~ msgid "Module"
+#~ msgstr "Модуль"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Модуль покажчика PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "Ідентифікатор слоту"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Ідентифікатор слоту PKCS#11"
diff --git a/po/vi.po b/po/vi.po
new file mode 100644
index 0000000..871f732
--- /dev/null
+++ b/po/vi.po
@@ -0,0 +1,156 @@
+# Vietnamese translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's Free Software Foundation, Inc.
+# This file is distributed under the same license as the glib-openssl package.
+# Nguyễn Thái Ngọc Duy <pclouds gmail com>, 2011-2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-02 20:35+0700\n"
+"Last-Translator: Nguyễn Thái Ngọc Duy <pclouds gmail com>\n"
+"Language-Team: Vietnamese <gnomevi-list lists sourceforge net>\n"
+"Language: vi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "Kết nối đã đóng"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Thao tác có thể ngăn các thao tác khác"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "Máy chủ yêu cầu chứng nhận TLS"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Không thể phân tích chứng nhận DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Không thể phân tích chứng nhận PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Không thể phân tích khoá riêng DER: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Không thể phân tích khoá riêng PEM: %s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "Chưa cung cấp thông tin chứng nhận"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Không thể tạo kết nối TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Không thể tạo kết nối TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "Bên kia không thực hiện bắt tay TLS được"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "Phía bên kia kết nối TLS không gửi chứng nhận"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Lỗi thực hiện bắt tay TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "Máy chủ không trả về chứng nhận TLS hợp lệ"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "Chứng nhận TLS không thể chấp nhận"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Lỗi đọc dữ liệu từ kết nối TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Lỗi đọc dữ liệu vào kết nối TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Lỗi đóng kết nối TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "Chứng nhận không có khoá riêng"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "Lỗi nội bộ trình uỷ nhiệm phân giải tên."
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Bên kia yêu cầu bắt tay TLS lại không hợp lệ"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "Kết nối TLS kết thúc bất ngờ"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Kết nối đã đóng rồi"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "Đây là cơ hội cuối cùng để nhập đúng PIN trước khi token bị khoá."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "PIN bị nhập sai đã vài lần, token sẽ bị khoá để tránh lỗi tiếp theo."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "PIN nhập không đúng."
+
+#~ msgid "Module"
+#~ msgstr "Mô-đun"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Con trỏ mô đun PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID khe"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Định danh khe PKCS#11"
diff --git a/po/zh_CN.po b/po/zh_CN.po
new file mode 100644
index 0000000..968488b
--- /dev/null
+++ b/po/zh_CN.po
@@ -0,0 +1,157 @@
+# Chinese (China) translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Funda Wang <fundawang gmail com>, 2011
+# YunQiang Su <wzssyqa gmail com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2014-01-24 21:26+0800\n"
+"Last-Translator: YunQiang Su <wzssyqa gmail com>\n"
+"Language-Team: Chinese (simplified) <i18n-zh googlegroups com>\n"
+"Language: zh_CN\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bits\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Gtranslator 2.91.5\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "连接被关闭"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "操作被阻塞"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "服务器需要 TLS 证书"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "无法分析 DER 证书:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "无法分析 PEM 证书:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "无法分析 DER 私钥:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "无法分析 PEM 私钥:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "没有提供证书数据"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "无法创建 TLS 连接:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "无法创建 TLS 连接:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "执行 TLS 握手失败"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS 连接的对方未发送证书"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "执行 TLS 握手时出错:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "服务器未返回有效的 TLS 证书"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "无法接受的 TLS 证书"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "从 TLS 套接字读取数据时出错:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "向 TLS 套接字写入数据时出错:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "执行 TLS 关闭时出错:%s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "证书没有私钥"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "代理服务器解析器内部错误。"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "请求了无效的 TLS 再握手"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS 连接被异常关闭"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "连接已经关闭"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "这是最后一次输入正确 PIN 的机会,之后令牌会锁定。"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "几次 PIN 尝试都不正确,如果再出错令牌将会锁定。"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "输入的 PIN 不正确。"
+
+#~ msgid "Module"
+#~ msgstr "模块"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 模块指针"
+
+#~ msgid "Slot ID"
+#~ msgstr "槽 ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 槽标识符"
diff --git a/po/zh_HK.po b/po/zh_HK.po
new file mode 100644
index 0000000..e551c18
--- /dev/null
+++ b/po/zh_HK.po
@@ -0,0 +1,155 @@
+# Chinese (Hong Kong) translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Chao-Hsiung Liao <j_h_liau yahoo com tw>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl 2.31.6\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-03-01 22:24+0800\n"
+"Last-Translator: Chao-Hsiung Liao <j_h_liau yahoo com tw>\n"
+"Language-Team: Chinese (Hong Kong) <community linuxhall org>\n"
+"Language: zh_HK\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.5.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "連線已關閉"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "操作會阻擋"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "伺服器要求的 TLS 證書"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "無法解析 DER 編碼的證書:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "無法解析 PEM 編碼的證書:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "無法解析 DER 編碼的私人密碼匙:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "無法解析 PEM 編碼的私人密碼匙:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "沒有提供證書資料"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "無法建立 TLS 連線:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "無法建立 TLS 連線:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "執行 TLS 交握對等失敗"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS 連線對等點沒有傳回證書"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "執行 TLS 交握時發生錯誤:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "伺服器沒有回傳有效的 TLS 證書"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "不接受的 TLS 證書"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "從 TLS socket 讀取資料時發生錯誤:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "當寫入資料到 TLS socket 時發生錯誤:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "執行 TLS 關閉時發生錯誤:%s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "證書沒有私人密碼匙"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "代理伺服器解析器內部錯誤。"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "對等要求了不合法的 TLS 重交握"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS 連線無預警的關閉了"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "連線已經關閉"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "這是在你的智慧卡被鎖定之前最後輸入正確 PIN 的機會。"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "發生多次 PIN 嘗試錯誤,智慧卡會在下次錯誤時被鎖定。"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "輸入的 PIN 是不正確的。"
+
+#~ msgid "Module"
+#~ msgstr "模組"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 模組指標"
+
+#~ msgid "Slot ID"
+#~ msgstr "插槽 ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 插槽識別符"
diff --git a/po/zh_TW.po b/po/zh_TW.po
new file mode 100644
index 0000000..71c6168
--- /dev/null
+++ b/po/zh_TW.po
@@ -0,0 +1,155 @@
+# Chinese (Taiwan) translation for glib-openssl.
+# Copyright (C) 2011 glib-openssl's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-openssl package.
+# Chao-Hsiung Liao <j_h_liau yahoo com tw>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-openssl 2.31.6\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&component=network\n"
+"POT-Creation-Date: 2016-09-26 22:04+0200\n"
+"PO-Revision-Date: 2013-02-28 09:41+0800\n"
+"Last-Translator: Chao-Hsiung Liao <j_h_liau yahoo com tw>\n"
+"Language-Team: Chinese (Taiwan) <chinese-l10n googlegroups com>\n"
+"Language: zh_TW\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.5.4\n"
+
+#: tls/base/gtlsconnection-base.c:282
+msgid "Connection is closed"
+msgstr "連線已關閉"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "操作會阻擋"
+
+#: tls/base/gtlsconnection-base.c:809
+msgid "Server required TLS certificate"
+msgstr "伺服器要求的 TLS 憑證"
+
+#: tls/openssl/gtlscertificate-openssl.c:179
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "無法解析 DER 編碼的憑證:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:199
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "無法解析 PEM 編碼的憑證:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:218
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "無法解析 DER 編碼的私鑰:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:237
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "無法解析 PEM 編碼的私鑰:%s"
+
+#: tls/openssl/gtlscertificate-openssl.c:275
+msgid "No certificate data provided"
+msgstr "沒有提供憑證資料"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+#, fuzzy, c-format
+msgid "Could not create TLS context: %s"
+msgstr "無法建立 TLS 連線:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:468
+#: tls/openssl/gtlsserverconnection-openssl.c:296
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "無法建立 TLS 連線:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:149
+msgid "Peer failed to perform TLS handshake"
+msgstr "執行 TLS 交握對等失敗"
+
+#: tls/openssl/gtlsconnection-openssl.c:158
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS 連線對等點沒有傳回憑證"
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+#: tls/openssl/gtlsconnection-openssl.c:309
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "執行 TLS 交握時發生錯誤:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:319
+msgid "Server did not return a valid TLS certificate"
+msgstr "伺服器沒有回傳有效的 TLS 憑證"
+
+#: tls/openssl/gtlsconnection-openssl.c:349
+msgid "Unacceptable TLS certificate"
+msgstr "不接受的 TLS 憑證"
+
+#: tls/openssl/gtlsconnection-openssl.c:433
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "從 TLS socket 讀取資料時發生錯誤:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:459
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "當寫入資料到 TLS socket 時發生錯誤:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:485
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "執行 TLS 關閉時發生錯誤:%s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:250
+msgid "Certificate has no private key"
+msgstr "憑證沒有私鑰"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:257
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
+
+#: tls/openssl/gtlsserverconnection-openssl.c:266
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr ""
+
+#~ msgid "Proxy resolver internal error."
+#~ msgstr "代理伺服器解析器內部錯誤。"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "對等要求了不合法的 TLS 重交握"
+
+#~ msgid "TLS connection closed unexpectedly"
+#~ msgstr "TLS 連線無預警的關閉了"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "連線已經關閉"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "這是在您的智慧卡被鎖定之前最後輸入正確 PIN 的機會。"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "發生多次 PIN 嘗試錯誤,智慧卡會在下次錯誤時被鎖定。"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "輸入的 PIN 是不正確的。"
+
+#~ msgid "Module"
+#~ msgstr "模組"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 模組指標"
+
+#~ msgid "Slot ID"
+#~ msgstr "插槽 ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 插槽識別符"
diff --git a/tap-driver.sh b/tap-driver.sh
new file mode 100755
index 0000000..19aa531
--- /dev/null
+++ b/tap-driver.sh
@@ -0,0 +1,652 @@
+#! /bin/sh
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake gnu org> or send patches to
+# <automake-patches gnu org>.
+
+scriptversion=2011-12-27.17; # UTC
+
+# Make unconditional expansion of undefined variables an error. This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+me=tap-driver.sh
+
+fatal ()
+{
+ echo "$me: fatal: $*" >&2
+ exit 1
+}
+
+usage_error ()
+{
+ echo "$me: $*" >&2
+ print_usage >&2
+ exit 2
+}
+
+print_usage ()
+{
+ cat <<END
+Usage:
+ tap-driver.sh --test-name=NAME --log-file=PATH --trs-file=PATH
+ [--expect-failure={yes|no}] [--color-tests={yes|no}]
+ [--enable-hard-errors={yes|no}] [--ignore-exit]
+ [--diagnostic-string=STRING] [--merge|--no-merge]
+ [--comments|--no-comments] [--] TEST-COMMAND
+The \`--test-name', \`--log-file' and \`--trs-file' options are mandatory.
+END
+}
+
+# TODO: better error handling in option parsing (in particular, ensure
+# TODO: $log_file, $trs_file and $test_name are defined).
+test_name= # Used for reporting.
+log_file= # Where to save the result and output of the test script.
+trs_file= # Where to save the metadata of the test run.
+expect_failure=0
+color_tests=0
+merge=0
+ignore_exit=0
+comments=0
+diag_string='#'
+while test $# -gt 0; do
+ case $1 in
+ --help) print_usage; exit $?;;
+ --version) echo "$me $scriptversion"; exit $?;;
+ --test-name) test_name=$2; shift;;
+ --log-file) log_file=$2; shift;;
+ --trs-file) trs_file=$2; shift;;
+ --color-tests) color_tests=$2; shift;;
+ --expect-failure) expect_failure=$2; shift;;
+ --enable-hard-errors) shift;; # No-op.
+ --merge) merge=1;;
+ --no-merge) merge=0;;
+ --ignore-exit) ignore_exit=1;;
+ --comments) comments=1;;
+ --no-comments) comments=0;;
+ --diagnostic-string) diag_string=$2; shift;;
+ --) shift; break;;
+ -*) usage_error "invalid option: '$1'";;
+ esac
+ shift
+done
+
+test $# -gt 0 || usage_error "missing test command"
+
+case $expect_failure in
+ yes) expect_failure=1;;
+ *) expect_failure=0;;
+esac
+
+if test $color_tests = yes; then
+ init_colors='
+ color_map["red"]="[0;31m" # Red.
+ color_map["grn"]="[0;32m" # Green.
+ color_map["lgn"]="[1;32m" # Light green.
+ color_map["blu"]="[1;34m" # Blue.
+ color_map["mgn"]="[0;35m" # Magenta.
+ color_map["std"]="[m" # No color.
+ color_for_result["ERROR"] = "mgn"
+ color_for_result["PASS"] = "grn"
+ color_for_result["XPASS"] = "red"
+ color_for_result["FAIL"] = "red"
+ color_for_result["XFAIL"] = "lgn"
+ color_for_result["SKIP"] = "blu"'
+else
+ init_colors=''
+fi
+
+# :; is there to work around a bug in bash 3.2 (and earlier) which
+# does not always set '$?' properly on redirection failure.
+# See the Autoconf manual for more details.
+:;{
+ (
+ # Ignore common signals (in this subshell only!), to avoid potential
+ # problems with Korn shells. Some Korn shells are known to propagate
+ # to themselves signals that have killed a child process they were
+ # waiting for; this is done at least for SIGINT (and usually only for
+ # it, in truth). Without the `trap' below, such a behaviour could
+ # cause a premature exit in the current subshell, e.g., in case the
+ # test command it runs gets terminated by a SIGINT. Thus, the awk
+ # script we are piping into would never seen the exit status it
+ # expects on its last input line (which is displayed below by the
+ # last `echo $?' statement), and would thus die reporting an internal
+ # error.
+ # For more information, see the Autoconf manual and the threads:
+ # <http://lists.gnu.org/archive/html/bug-autoconf/2011-09/msg00004.html>
+ # <http://mail.opensolaris.org/pipermail/ksh93-integration-discuss/2009-February/004121.html>
+ trap : 1 3 2 13 15
+ if test $merge -gt 0; then
+ exec 2>&1
+ else
+ exec 2>&3
+ fi
+ "$@"
+ echo $?
+ ) | LC_ALL=C ${AM_TAP_AWK-awk} \
+ -v me="$me" \
+ -v test_script_name="$test_name" \
+ -v log_file="$log_file" \
+ -v trs_file="$trs_file" \
+ -v expect_failure="$expect_failure" \
+ -v merge="$merge" \
+ -v ignore_exit="$ignore_exit" \
+ -v comments="$comments" \
+ -v diag_string="$diag_string" \
+'
+# FIXME: the usages of "cat >&3" below could be optimized when using
+# FIXME: GNU awk, and/on on systems that supports /dev/fd/.
+
+# Implementation note: in what follows, `result_obj` will be an
+# associative array that (partly) simulates a TAP result object
+# from the `TAP::Parser` perl module.
+
+## ----------- ##
+## FUNCTIONS ##
+## ----------- ##
+
+function fatal(msg)
+{
+ print me ": " msg | "cat >&2"
+ exit 1
+}
+
+function abort(where)
+{
+ fatal("internal error " where)
+}
+
+# Convert a boolean to a "yes"/"no" string.
+function yn(bool)
+{
+ return bool ? "yes" : "no";
+}
+
+function add_test_result(result)
+{
+ if (!test_results_index)
+ test_results_index = 0
+ test_results_list[test_results_index] = result
+ test_results_index += 1
+ test_results_seen[result] = 1;
+}
+
+# Whether the test script should be re-run by "make recheck".
+function must_recheck()
+{
+ for (k in test_results_seen)
+ if (k != "XFAIL" && k != "PASS" && k != "SKIP")
+ return 1
+ return 0
+}
+
+# Whether the content of the log file associated to this test should
+# be copied into the "global" test-suite.log.
+function copy_in_global_log()
+{
+ for (k in test_results_seen)
+ if (k != "PASS")
+ return 1
+ return 0
+}
+
+# FIXME: this can certainly be improved ...
+function get_global_test_result()
+{
+ if ("ERROR" in test_results_seen)
+ return "ERROR"
+ if ("FAIL" in test_results_seen || "XPASS" in test_results_seen)
+ return "FAIL"
+ all_skipped = 1
+ for (k in test_results_seen)
+ if (k != "SKIP")
+ all_skipped = 0
+ if (all_skipped)
+ return "SKIP"
+ return "PASS";
+}
+
+function stringify_result_obj(result_obj)
+{
+ if (result_obj["is_unplanned"] || result_obj["number"] != testno)
+ return "ERROR"
+
+ if (plan_seen == LATE_PLAN)
+ return "ERROR"
+
+ if (result_obj["directive"] == "TODO")
+ return result_obj["is_ok"] ? "XPASS" : "XFAIL"
+
+ if (result_obj["directive"] == "SKIP")
+ return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL;
+
+ if (length(result_obj["directive"]))
+ abort("in function stringify_result_obj()")
+
+ return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL
+}
+
+function decorate_result(result)
+{
+ color_name = color_for_result[result]
+ if (color_name)
+ return color_map[color_name] "" result "" color_map["std"]
+ # If we are not using colorized output, or if we do not know how
+ # to colorize the given result, we should return it unchanged.
+ return result
+}
+
+function report(result, details)
+{
+ if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/)
+ {
+ msg = ": " test_script_name
+ add_test_result(result)
+ }
+ else if (result == "#")
+ {
+ msg = " " test_script_name ":"
+ }
+ else
+ {
+ abort("in function report()")
+ }
+ if (length(details))
+ msg = msg " " details
+ # Output on console might be colorized.
+ print decorate_result(result) msg
+ # Log the result in the log file too, to help debugging (this is
+ # especially true when said result is a TAP error or "Bail out!").
+ print result msg | "cat >&3";
+}
+
+function testsuite_error(error_message)
+{
+ report("ERROR", "- " error_message)
+}
+
+function handle_tap_result()
+{
+ details = result_obj["number"];
+ if (length(result_obj["description"]))
+ details = details " " result_obj["description"]
+
+ if (plan_seen == LATE_PLAN)
+ {
+ details = details " # AFTER LATE PLAN";
+ }
+ else if (result_obj["is_unplanned"])
+ {
+ details = details " # UNPLANNED";
+ }
+ else if (result_obj["number"] != testno)
+ {
+ details = sprintf("%s # OUT-OF-ORDER (expecting %d)",
+ details, testno);
+ }
+ else if (result_obj["directive"])
+ {
+ details = details " # " result_obj["directive"];
+ if (length(result_obj["explanation"]))
+ details = details " " result_obj["explanation"]
+ }
+
+ report(stringify_result_obj(result_obj), details)
+}
+
+# `skip_reason` should be empty whenever planned > 0.
+function handle_tap_plan(planned, skip_reason)
+{
+ planned += 0 # Avoid getting confused if, say, `planned` is "00"
+ if (length(skip_reason) && planned > 0)
+ abort("in function handle_tap_plan()")
+ if (plan_seen)
+ {
+ # Error, only one plan per stream is acceptable.
+ testsuite_error("multiple test plans")
+ return;
+ }
+ planned_tests = planned
+ # The TAP plan can come before or after *all* the TAP results; we speak
+ # respectively of an "early" or a "late" plan. If we see the plan line
+ # after at least one TAP result has been seen, assume we have a late
+ # plan; in this case, any further test result seen after the plan will
+ # be flagged as an error.
+ plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN)
+ # If testno > 0, we have an error ("too many tests run") that will be
+ # automatically dealt with later, so do not worry about it here. If
+ # $plan_seen is true, we have an error due to a repeated plan, and that
+ # has already been dealt with above. Otherwise, we have a valid "plan
+ # with SKIP" specification, and should report it as a particular kind
+ # of SKIP result.
+ if (planned == 0 && testno == 0)
+ {
+ if (length(skip_reason))
+ skip_reason = "- " skip_reason;
+ report("SKIP", skip_reason);
+ }
+}
+
+function extract_tap_comment(line)
+{
+ if (index(line, diag_string) == 1)
+ {
+ # Strip leading `diag_string` from `line`.
+ line = substr(line, length(diag_string) + 1)
+ # And strip any leading and trailing whitespace left.
+ sub("^[ \t]*", "", line)
+ sub("[ \t]*$", "", line)
+ # Return what is left (if any).
+ return line;
+ }
+ return "";
+}
+
+# When this function is called, we know that line is a TAP result line,
+# so that it matches the (perl) RE "^(not )?ok\b".
+function setup_result_obj(line)
+{
+ # Get the result, and remove it from the line.
+ result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0)
+ sub("^(not )?ok[ \t]*", "", line)
+
+ # If the result has an explicit number, get it and strip it; otherwise,
+ # automatically assing the next progresive number to it.
+ if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
+ {
+ match(line, "^[0-9]+")
+ # The final `+ 0` is to normalize numbers with leading zeros.
+ result_obj["number"] = substr(line, 1, RLENGTH) + 0
+ line = substr(line, RLENGTH + 1)
+ }
+ else
+ {
+ result_obj["number"] = testno
+ }
+
+ if (plan_seen == LATE_PLAN)
+ # No further test results are acceptable after a "late" TAP plan
+ # has been seen.
+ result_obj["is_unplanned"] = 1
+ else if (plan_seen && testno > planned_tests)
+ result_obj["is_unplanned"] = 1
+ else
+ result_obj["is_unplanned"] = 0
+
+ # Strip trailing and leading whitespace.
+ sub("^[ \t]*", "", line)
+ sub("[ \t]*$", "", line)
+
+ # This will have to be corrected if we have a "TODO"/"SKIP" directive.
+ result_obj["description"] = line
+ result_obj["directive"] = ""
+ result_obj["explanation"] = ""
+
+ if (index(line, "#") == 0)
+ return # No possible directive, nothing more to do.
+
+ # Directives are case-insensitive.
+ rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*"
+
+ # See whether we have the directive, and if yes, where.
+ pos = match(line, rx "$")
+ if (!pos)
+ pos = match(line, rx "[^a-zA-Z0-9_]")
+
+ # If there was no TAP directive, we have nothing more to do.
+ if (!pos)
+ return
+
+ # Let`s now see if the TAP directive has been escaped. For example:
+ # escaped: ok \# SKIP
+ # not escaped: ok \\# SKIP
+ # escaped: ok \\\\\# SKIP
+ # not escaped: ok \ # SKIP
+ if (substr(line, pos, 1) == "#")
+ {
+ bslash_count = 0
+ for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--)
+ bslash_count += 1
+ if (bslash_count % 2)
+ return # Directive was escaped.
+ }
+
+ # Strip the directive and its explanation (if any) from the test
+ # description.
+ result_obj["description"] = substr(line, 1, pos - 1)
+ # Now remove the test description from the line, that has been dealt
+ # with already.
+ line = substr(line, pos)
+ # Strip the directive, and save its value (normalized to upper case).
+ sub("^[ \t]*#[ \t]*", "", line)
+ result_obj["directive"] = toupper(substr(line, 1, 4))
+ line = substr(line, 5)
+ # Now get the explanation for the directive (if any), with leading
+ # and trailing whitespace removed.
+ sub("^[ \t]*", "", line)
+ sub("[ \t]*$", "", line)
+ result_obj["explanation"] = line
+}
+
+function get_test_exit_message(status)
+{
+ if (status == 0)
+ return ""
+ if (status !~ /^[1-9][0-9]*$/)
+ abort("getting exit status")
+ if (status < 127)
+ exit_details = ""
+ else if (status == 127)
+ exit_details = " (command not found?)"
+ else if (status >= 128 && status <= 255)
+ exit_details = sprintf(" (terminated by signal %d?)", status - 128)
+ else if (status > 256 && status <= 384)
+ # We used to report an "abnormal termination" here, but some Korn
+ # shells, when a child process die due to signal number n, can leave
+ # in $? an exit status of 256+n instead of the more standard 128+n.
+ # Apparently, both behaviours are allowed by POSIX (2008), so be
+ # prepared to handle them both. See also Austing Group report ID
+ # 0000051 <http://www.austingroupbugs.net/view.php?id=51>
+ exit_details = sprintf(" (terminated by signal %d?)", status - 256)
+ else
+ # Never seen in practice.
+ exit_details = " (abnormal termination)"
+ return sprintf("exited with status %d%s", status, exit_details)
+}
+
+function write_test_results()
+{
+ print ":global-test-result: " get_global_test_result() > trs_file
+ print ":recheck: " yn(must_recheck()) > trs_file
+ print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file
+ for (i = 0; i < test_results_index; i += 1)
+ print ":test-result: " test_results_list[i] > trs_file
+ close(trs_file);
+}
+
+BEGIN {
+
+## ------- ##
+## SETUP ##
+## ------- ##
+
+'"$init_colors"'
+
+# Properly initialized once the TAP plan is seen.
+planned_tests = 0
+
+COOKED_PASS = expect_failure ? "XPASS": "PASS";
+COOKED_FAIL = expect_failure ? "XFAIL": "FAIL";
+
+# Enumeration-like constants to remember which kind of plan (if any)
+# has been seen. It is important that NO_PLAN evaluates "false" as
+# a boolean.
+NO_PLAN = 0
+EARLY_PLAN = 1
+LATE_PLAN = 2
+
+testno = 0 # Number of test results seen so far.
+bailed_out = 0 # Whether a "Bail out!" directive has been seen.
+
+# Whether the TAP plan has been seen or not, and if yes, which kind
+# it is ("early" is seen before any test result, "late" otherwise).
+plan_seen = NO_PLAN
+
+## --------- ##
+## PARSING ##
+## --------- ##
+
+is_first_read = 1
+
+while (1)
+ {
+ # Involutions required so that we are able to read the exit status
+ # from the last input line.
+ st = getline
+ if (st < 0) # I/O error.
+ fatal("I/O error while reading from input stream")
+ else if (st == 0) # End-of-input
+ {
+ if (is_first_read)
+ abort("in input loop: only one input line")
+ break
+ }
+ if (is_first_read)
+ {
+ is_first_read = 0
+ nextline = $0
+ continue
+ }
+ else
+ {
+ curline = nextline
+ nextline = $0
+ $0 = curline
+ }
+ # Copy any input line verbatim into the log file.
+ print | "cat >&3"
+ # Parsing of TAP input should stop after a "Bail out!" directive.
+ if (bailed_out)
+ continue
+
+ # TAP test result.
+ if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/)
+ {
+ testno += 1
+ setup_result_obj($0)
+ handle_tap_result()
+ }
+ # TAP plan (normal or "SKIP" without explanation).
+ else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/)
+ {
+ # The next two lines will put the number of planned tests in $0.
+ sub("^1\\.\\.", "")
+ sub("[^0-9]*$", "")
+ handle_tap_plan($0, "")
+ continue
+ }
+ # TAP "SKIP" plan, with an explanation.
+ else if ($0 ~ /^1\.\.0+[ \t]*#/)
+ {
+ # The next lines will put the skip explanation in $0, stripping
+ # any leading and trailing whitespace. This is a little more
+ # tricky in truth, since we want to also strip a potential leading
+ # "SKIP" string from the message.
+ sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "")
+ sub("[ \t]*$", "");
+ handle_tap_plan(0, $0)
+ }
+ # "Bail out!" magic.
+ # Older versions of prove and TAP::Harness (e.g., 3.17) did not
+ # recognize a "Bail out!" directive when preceded by leading
+ # whitespace, but more modern versions (e.g., 3.23) do. So we
+ # emulate the latter, "more modern" behaviour.
+ else if ($0 ~ /^[ \t]*Bail out!/)
+ {
+ bailed_out = 1
+ # Get the bailout message (if any), with leading and trailing
+ # whitespace stripped. The message remains stored in `$0`.
+ sub("^[ \t]*Bail out![ \t]*", "");
+ sub("[ \t]*$", "");
+ # Format the error message for the
+ bailout_message = "Bail out!"
+ if (length($0))
+ bailout_message = bailout_message " " $0
+ testsuite_error(bailout_message)
+ }
+ # Maybe we have too look for dianogtic comments too.
+ else if (comments != 0)
+ {
+ comment = extract_tap_comment($0);
+ if (length(comment))
+ report("#", comment);
+ }
+ }
+
+## -------- ##
+## FINISH ##
+## -------- ##
+
+# A "Bail out!" directive should cause us to ignore any following TAP
+# error, as well as a non-zero exit status from the TAP producer.
+if (!bailed_out)
+ {
+ if (!plan_seen)
+ {
+ testsuite_error("missing test plan")
+ }
+ else if (planned_tests != testno)
+ {
+ bad_amount = testno > planned_tests ? "many" : "few"
+ testsuite_error(sprintf("too %s tests run (expected %d, got %d)",
+ bad_amount, planned_tests, testno))
+ }
+ if (!ignore_exit)
+ {
+ # Fetch exit status from the last line.
+ exit_message = get_test_exit_message(nextline)
+ if (exit_message)
+ testsuite_error(exit_message)
+ }
+ }
+
+write_test_results()
+
+exit 0
+
+} # End of "BEGIN" block.
+'
+
+# TODO: document that we consume the file descriptor 3 :-(
+} 3>"$log_file"
+
+test $? -eq 0 || fatal "I/O or internal error"
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/tap-test b/tap-test
new file mode 100755
index 0000000..481e333
--- /dev/null
+++ b/tap-test
@@ -0,0 +1,5 @@
+#! /bin/sh
+
+# run a GTest in tap mode. The test binary is passed as $1
+
+$1 -k --tap
diff --git a/tls/base/Makefile.am b/tls/base/Makefile.am
new file mode 100644
index 0000000..ce5e64f
--- /dev/null
+++ b/tls/base/Makefile.am
@@ -0,0 +1,25 @@
+include $(top_srcdir)/glib-openssl.mk
+
+noinst_LTLIBRARIES += libtlsbase.la
+
+libtlsbase_la_SOURCES = \
+ gtlsconnection-base.c \
+ gtlsconnection-base.h \
+ gtlsinputstream-base.c \
+ gtlsinputstream-base.h \
+ gtlsoutputstream-base.c \
+ gtlsoutputstream-base.h \
+ $(NULL)
+
+libtlsbase_la_LDFLAGS = $(module_flags)
+libtlsbase_la_LIBADD = $(GLIB_LIBS)
+
+# MSVC Projects
+
+MSVCPROJS = tlsbase
+
+tlsbase_FILES = $(libtlsbase_la_SOURCES)
+tlsbase_EXCLUDES = dummy
+
+include $(top_srcdir)/build/Makefile.msvcproj
+dist-hook: $(top_builddir)/build/win32/vs9/tlsbase.vcproj
diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
new file mode 100644
index 0000000..f180676
--- /dev/null
+++ b/tls/base/gtlsconnection-base.c
@@ -0,0 +1,1271 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2009-2011 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+
+#include "gtlsconnection-base.h"
+#include "gtlsinputstream-base.h"
+#include "gtlsoutputstream-base.h"
+
+#include <glib/gi18n-lib.h>
+
+static gboolean do_implicit_handshake (GTlsConnectionBase *tls,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error);
+static gboolean finish_handshake (GTlsConnectionBase *tls,
+ GTask *task,
+ GError **error);
+
+G_DEFINE_ABSTRACT_TYPE (GTlsConnectionBase, g_tls_connection_base, G_TYPE_TLS_CONNECTION);
+
+enum
+{
+ PROP_0,
+ PROP_BASE_IO_STREAM,
+ PROP_REQUIRE_CLOSE_NOTIFY,
+ PROP_REHANDSHAKE_MODE,
+ PROP_USE_SYSTEM_CERTDB,
+ PROP_DATABASE,
+ PROP_CERTIFICATE,
+ PROP_INTERACTION,
+ PROP_PEER_CERTIFICATE,
+ PROP_PEER_CERTIFICATE_ERRORS
+};
+
+static void
+g_tls_connection_base_init (GTlsConnectionBase *tls)
+{
+ tls->need_handshake = TRUE;
+ tls->database_is_unset = TRUE;
+ tls->is_system_certdb = TRUE;
+
+ g_mutex_init (&tls->op_mutex);
+ tls->waiting_for_op = g_cancellable_new ();
+ g_cancellable_cancel (tls->waiting_for_op);
+}
+
+static void
+g_tls_connection_base_finalize (GObject *object)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+
+ g_clear_object (&tls->base_io_stream);
+
+ g_clear_object (&tls->tls_istream);
+ g_clear_object (&tls->tls_ostream);
+
+ g_clear_object (&tls->database);
+ g_clear_object (&tls->certificate);
+ g_clear_error (&tls->certificate_error);
+ g_clear_object (&tls->peer_certificate);
+
+ g_clear_object (&tls->interaction);
+
+ /* This must always be NULL at this, as it holds a referehce to @gnutls as
+ * its source object. However, we clear it anyway just in case this changes
+ * in future. */
+ g_clear_object (&tls->implicit_handshake);
+
+ g_clear_error (&tls->handshake_error);
+ g_clear_error (&tls->read_error);
+ g_clear_error (&tls->write_error);
+ g_clear_object (&tls->read_cancellable);
+ g_clear_object (&tls->write_cancellable);
+
+ g_clear_object (&tls->waiting_for_op);
+ g_mutex_clear (&tls->op_mutex);
+
+ g_clear_pointer (&tls->app_data_buf, g_byte_array_unref);
+
+ G_OBJECT_CLASS (g_tls_connection_base_parent_class)->finalize (object);
+}
+
+static void
+g_tls_connection_base_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+ GTlsBackend *backend;
+
+ switch (prop_id)
+ {
+ case PROP_BASE_IO_STREAM:
+ g_value_set_object (value, tls->base_io_stream);
+ break;
+
+ case PROP_REQUIRE_CLOSE_NOTIFY:
+ g_value_set_boolean (value, tls->require_close_notify);
+ break;
+
+ case PROP_REHANDSHAKE_MODE:
+ g_value_set_enum (value, tls->rehandshake_mode);
+ break;
+
+ case PROP_USE_SYSTEM_CERTDB:
+ g_value_set_boolean (value, tls->is_system_certdb);
+ break;
+
+ case PROP_DATABASE:
+ if (tls->database_is_unset)
+ {
+ backend = g_tls_backend_get_default ();
+ tls->database = g_tls_backend_get_default_database (backend);
+ tls->database_is_unset = FALSE;
+ }
+ g_value_set_object (value, tls->database);
+ break;
+
+ case PROP_CERTIFICATE:
+ g_value_set_object (value, tls->certificate);
+ break;
+
+ case PROP_INTERACTION:
+ g_value_set_object (value, tls->interaction);
+ break;
+
+ case PROP_PEER_CERTIFICATE:
+ g_value_set_object (value, tls->peer_certificate);
+ break;
+
+ case PROP_PEER_CERTIFICATE_ERRORS:
+ g_value_set_flags (value, tls->peer_certificate_errors);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_connection_base_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+ GInputStream *istream;
+ GOutputStream *ostream;
+ gboolean system_certdb;
+ GTlsBackend *backend;
+
+ switch (prop_id)
+ {
+ case PROP_BASE_IO_STREAM:
+ if (tls->base_io_stream)
+ {
+ g_object_unref (tls->base_io_stream);
+ tls->base_istream = NULL;
+ tls->base_ostream = NULL;
+ }
+ tls->base_io_stream = g_value_dup_object (value);
+ if (!tls->base_io_stream)
+ return;
+
+ istream = g_io_stream_get_input_stream (tls->base_io_stream);
+ ostream = g_io_stream_get_output_stream (tls->base_io_stream);
+
+ if (G_IS_POLLABLE_INPUT_STREAM (istream) &&
+ g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
+ {
+ tls->base_istream = G_POLLABLE_INPUT_STREAM (istream);
+ tls->tls_istream = g_tls_input_stream_base_new (tls);
+ }
+ if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) &&
+ g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
+ {
+ tls->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
+ tls->tls_ostream = g_tls_output_stream_base_new (tls);
+ }
+ break;
+
+ case PROP_REQUIRE_CLOSE_NOTIFY:
+ tls->require_close_notify = g_value_get_boolean (value);
+ break;
+
+ case PROP_REHANDSHAKE_MODE:
+ tls->rehandshake_mode = g_value_get_enum (value);
+ break;
+
+ case PROP_USE_SYSTEM_CERTDB:
+ system_certdb = g_value_get_boolean (value);
+ if (system_certdb != tls->is_system_certdb)
+ {
+ g_clear_object (&tls->database);
+ if (system_certdb)
+ {
+ backend = g_tls_backend_get_default ();
+ tls->database = g_tls_backend_get_default_database (backend);
+ }
+ tls->is_system_certdb = system_certdb;
+ tls->database_is_unset = FALSE;
+ }
+ break;
+
+ case PROP_DATABASE:
+ g_clear_object (&tls->database);
+ tls->database = g_value_dup_object (value);
+ tls->is_system_certdb = FALSE;
+ tls->database_is_unset = FALSE;
+ break;
+
+ case PROP_CERTIFICATE:
+ if (tls->certificate)
+ g_object_unref (tls->certificate);
+ tls->certificate = g_value_dup_object (value);
+ break;
+
+ case PROP_INTERACTION:
+ g_clear_object (&tls->interaction);
+ tls->interaction = g_value_dup_object (value);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+typedef enum {
+ G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ G_TLS_CONNECTION_BASE_OP_READ,
+ G_TLS_CONNECTION_BASE_OP_WRITE,
+ G_TLS_CONNECTION_BASE_OP_CLOSE_READ,
+ G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE,
+ G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH,
+} GTlsConnectionBaseOp;
+
+static gboolean
+claim_op (GTlsConnectionBase *tls,
+ GTlsConnectionBaseOp op,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error)
+{
+ try_again:
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ g_mutex_lock (&tls->op_mutex);
+
+ if (((op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE ||
+ op == G_TLS_CONNECTION_BASE_OP_READ) &&
+ (tls->read_closing || tls->read_closed)) ||
+ ((op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE ||
+ op == G_TLS_CONNECTION_BASE_OP_WRITE) &&
+ (tls->write_closing || tls->write_closed)))
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+ _("Connection is closed"));
+ g_mutex_unlock (&tls->op_mutex);
+ return FALSE;
+ }
+
+ if (tls->handshake_error &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
+ {
+ if (error)
+ *error = g_error_copy (tls->handshake_error);
+ g_mutex_unlock (&tls->op_mutex);
+ return FALSE;
+ }
+
+ if (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
+ {
+ if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
+ tls->need_handshake && !tls->handshaking)
+ {
+ tls->handshaking = TRUE;
+ if (!do_implicit_handshake (tls, blocking, cancellable, error))
+ {
+ g_cancellable_reset (tls->waiting_for_op);
+ g_mutex_unlock (&tls->op_mutex);
+ return FALSE;
+ }
+ }
+
+ if (tls->need_finish_handshake &&
+ tls->implicit_handshake)
+ {
+ GError *my_error = NULL;
+ gboolean success;
+
+ tls->need_finish_handshake = FALSE;
+
+ g_mutex_unlock (&tls->op_mutex);
+ success = finish_handshake (tls, tls->implicit_handshake, &my_error);
+ g_clear_object (&tls->implicit_handshake);
+ g_mutex_lock (&tls->op_mutex);
+
+ if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
+ (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
+ {
+ g_propagate_error (error, my_error);
+ g_mutex_unlock (&tls->op_mutex);
+ return FALSE;
+ }
+
+ g_clear_error (&my_error);
+ }
+ }
+
+ if ((op != G_TLS_CONNECTION_BASE_OP_WRITE && tls->reading) ||
+ (op != G_TLS_CONNECTION_BASE_OP_READ && tls->writing) ||
+ (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE && tls->handshaking))
+ {
+ GPollFD fds[2];
+ int nfds;
+
+ g_cancellable_reset (tls->waiting_for_op);
+
+ g_mutex_unlock (&tls->op_mutex);
+
+ if (!blocking)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
+ _("Operation would block"));
+ return FALSE;
+ }
+
+ g_cancellable_make_pollfd (tls->waiting_for_op, &fds[0]);
+ if (g_cancellable_make_pollfd (cancellable, &fds[1]))
+ nfds = 2;
+ else
+ nfds = 1;
+
+ g_poll (fds, nfds, -1);
+
+ if (nfds > 1)
+ g_cancellable_release_fd (cancellable);
+
+ goto try_again;
+ }
+
+ if (op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
+ tls->handshaking = TRUE;
+ if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_BASE_OP_CLOSE_READ)
+ tls->read_closing = TRUE;
+ if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
+ tls->write_closing = TRUE;
+
+ if (op != G_TLS_CONNECTION_BASE_OP_WRITE)
+ tls->reading = TRUE;
+ if (op != G_TLS_CONNECTION_BASE_OP_READ)
+ tls->writing = TRUE;
+
+ g_mutex_unlock (&tls->op_mutex);
+ return TRUE;
+}
+
+static void
+yield_op (GTlsConnectionBase *tls,
+ GTlsConnectionBaseOp op,
+ GTlsConnectionBaseStatus status)
+{
+ g_mutex_lock (&tls->op_mutex);
+
+ if (op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
+ tls->handshaking = FALSE;
+ else if (status == G_TLS_CONNECTION_BASE_REHANDSHAKE && !tls->handshaking)
+ tls->need_handshake = TRUE;
+
+ if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_BASE_OP_CLOSE_READ)
+ tls->read_closing = FALSE;
+ if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
+ tls->write_closing = FALSE;
+
+ if (op != G_TLS_CONNECTION_BASE_OP_WRITE)
+ tls->reading = FALSE;
+ if (op != G_TLS_CONNECTION_BASE_OP_READ)
+ tls->writing = FALSE;
+
+ g_cancellable_cancel (tls->waiting_for_op);
+ g_mutex_unlock (&tls->op_mutex);
+}
+
+static void
+g_tls_connection_base_real_push_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean blocking,
+ GCancellable *cancellable)
+{
+ if (direction & G_IO_IN)
+ {
+ tls->read_blocking = blocking;
+ tls->read_cancellable = cancellable;
+ g_clear_error (&tls->read_error);
+ }
+
+ if (direction & G_IO_OUT)
+ {
+ tls->write_blocking = blocking;
+ tls->write_cancellable = cancellable;
+ g_clear_error (&tls->write_error);
+ }
+}
+
+void
+g_tls_connection_base_push_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean blocking,
+ GCancellable *cancellable)
+{
+ g_assert (direction & (G_IO_IN | G_IO_OUT));
+ g_return_if_fail (G_IS_TLS_CONNECTION_BASE (tls));
+
+ G_TLS_CONNECTION_BASE_GET_CLASS (tls)->push_io (tls, direction,
+ blocking, cancellable);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_base_real_pop_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error)
+{
+ GError *my_error = NULL;
+
+ if (direction & G_IO_IN)
+ {
+ tls->read_cancellable = NULL;
+ if (!success)
+ {
+ my_error = tls->read_error;
+ tls->read_error = NULL;
+ }
+ else
+ g_clear_error (&tls->read_error);
+ }
+ if (direction & G_IO_OUT)
+ {
+ tls->write_cancellable = NULL;
+ if (!success && !my_error)
+ {
+ my_error = tls->write_error;
+ tls->write_error = NULL;
+ }
+ else
+ g_clear_error (&tls->write_error);
+ }
+
+ if (success)
+ return G_TLS_CONNECTION_BASE_OK;
+
+ if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+ {
+ g_propagate_error (error, my_error);
+ return G_TLS_CONNECTION_BASE_WOULD_BLOCK;
+ }
+ else if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
+ {
+ g_propagate_error (error, my_error);
+ return G_TLS_CONNECTION_BASE_TIMED_OUT;
+ }
+ else if (my_error)
+ g_propagate_error (error, my_error);
+
+ return G_TLS_CONNECTION_BASE_ERROR;
+}
+
+GTlsConnectionBaseStatus
+g_tls_connection_base_pop_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error)
+{
+ g_assert (direction & (G_IO_IN | G_IO_OUT));
+ g_assert (!error || !*error);
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_BASE (tls), G_TLS_CONNECTION_BASE_ERROR);
+
+ return G_TLS_CONNECTION_BASE_GET_CLASS (tls)->pop_io (tls, direction,
+ success, error);
+}
+
+gboolean
+g_tls_connection_base_check (GTlsConnectionBase *tls,
+ GIOCondition condition)
+{
+ /* Racy, but worst case is that we just get WOULD_BLOCK back */
+ if (tls->need_finish_handshake)
+ return TRUE;
+
+ /* If a handshake or close is in progress, then tls_istream and
+ * tls_ostream are blocked, regardless of the base stream status.
+ */
+ if (tls->handshaking)
+ return FALSE;
+
+ if (((condition & G_IO_IN) && tls->read_closing) ||
+ ((condition & G_IO_OUT) && tls->write_closing))
+ return FALSE;
+
+ if (condition & G_IO_IN)
+ return g_pollable_input_stream_is_readable (tls->base_istream);
+ else
+ return g_pollable_output_stream_is_writable (tls->base_ostream);
+}
+
+typedef struct {
+ GSource source;
+
+ GTlsConnectionBase *tls;
+ GObject *stream;
+
+ GSource *child_source;
+ GIOCondition condition;
+
+ gboolean io_waiting;
+ gboolean op_waiting;
+} GTlsConnectionBaseSource;
+
+static gboolean
+tls_source_prepare (GSource *source,
+ gint *timeout)
+{
+ *timeout = -1;
+ return FALSE;
+}
+
+static gboolean
+tls_source_check (GSource *source)
+{
+ return FALSE;
+}
+
+static void
+tls_source_sync (GTlsConnectionBaseSource *tls_source)
+{
+ GTlsConnectionBase *tls = tls_source->tls;
+ gboolean io_waiting, op_waiting;
+
+ /* Was the source destroyed earlier in this main context iteration? */
+ if (g_source_is_destroyed ((GSource *) tls_source))
+ return;
+
+ g_mutex_lock (&tls->op_mutex);
+ if (((tls_source->condition & G_IO_IN) && tls->reading) ||
+ ((tls_source->condition & G_IO_OUT) && tls->writing) ||
+ (tls->handshaking && !tls->need_finish_handshake))
+ op_waiting = TRUE;
+ else
+ op_waiting = FALSE;
+
+ if (!op_waiting && !tls->need_handshake &&
+ !tls->need_finish_handshake)
+ io_waiting = TRUE;
+ else
+ io_waiting = FALSE;
+ g_mutex_unlock (&tls->op_mutex);
+
+ if (op_waiting == tls_source->op_waiting &&
+ io_waiting == tls_source->io_waiting)
+ return;
+ tls_source->op_waiting = op_waiting;
+ tls_source->io_waiting = io_waiting;
+
+ if (tls_source->child_source)
+ {
+ g_source_remove_child_source ((GSource *)tls_source,
+ tls_source->child_source);
+ g_source_unref (tls_source->child_source);
+ }
+
+ if (op_waiting)
+ tls_source->child_source = g_cancellable_source_new (tls->waiting_for_op);
+ else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (tls_source->stream))
+ tls_source->child_source = g_pollable_input_stream_create_source (tls->base_istream, NULL);
+ else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (tls_source->stream))
+ tls_source->child_source = g_pollable_output_stream_create_source (tls->base_ostream, NULL);
+ else
+ tls_source->child_source = g_timeout_source_new (0);
+
+ g_source_set_dummy_callback (tls_source->child_source);
+ g_source_add_child_source ((GSource *)tls_source, tls_source->child_source);
+}
+
+static gboolean
+tls_source_dispatch (GSource *source,
+ GSourceFunc callback,
+ gpointer user_data)
+{
+ GPollableSourceFunc func = (GPollableSourceFunc)callback;
+ GTlsConnectionBaseSource *tls_source = (GTlsConnectionBaseSource *)source;
+ gboolean ret;
+
+ ret = (*func) (tls_source->stream, user_data);
+ if (ret)
+ tls_source_sync (tls_source);
+
+ return ret;
+}
+
+static void
+tls_source_finalize (GSource *source)
+{
+ GTlsConnectionBaseSource *tls_source = (GTlsConnectionBaseSource *)source;
+
+ g_object_unref (tls_source->tls);
+ g_source_unref (tls_source->child_source);
+}
+
+static gboolean
+g_tls_connection_tls_source_closure_callback (GObject *stream,
+ gpointer data)
+{
+ GClosure *closure = data;
+
+ GValue param = { 0, };
+ GValue result_value = { 0, };
+ gboolean result;
+
+ g_value_init (&result_value, G_TYPE_BOOLEAN);
+
+ g_value_init (¶m, G_TYPE_OBJECT);
+ g_value_set_object (¶m, stream);
+
+ g_closure_invoke (closure, &result_value, 1, ¶m, NULL);
+
+ result = g_value_get_boolean (&result_value);
+ g_value_unset (&result_value);
+ g_value_unset (¶m);
+
+ return result;
+}
+
+static GSourceFuncs tls_source_funcs =
+{
+ tls_source_prepare,
+ tls_source_check,
+ tls_source_dispatch,
+ tls_source_finalize,
+ (GSourceFunc)g_tls_connection_tls_source_closure_callback,
+ (GSourceDummyMarshal)g_cclosure_marshal_generic
+};
+
+GSource *
+g_tls_connection_base_create_source (GTlsConnectionBase *tls,
+ GIOCondition condition,
+ GCancellable *cancellable)
+{
+ GSource *source, *cancellable_source;
+ GTlsConnectionBaseSource *tls_source;
+
+ source = g_source_new (&tls_source_funcs, sizeof (GTlsConnectionBaseSource));
+ g_source_set_name (source, "GTlsConnectionBaseSource");
+ tls_source = (GTlsConnectionBaseSource *)source;
+ tls_source->tls = g_object_ref (tls);
+ tls_source->condition = condition;
+ if (condition & G_IO_IN)
+ tls_source->stream = G_OBJECT (tls->tls_istream);
+ else if (condition & G_IO_OUT)
+ tls_source->stream = G_OBJECT (tls->tls_ostream);
+
+ tls_source->op_waiting = (gboolean) -1;
+ tls_source->io_waiting = (gboolean) -1;
+ tls_source_sync (tls_source);
+
+ if (cancellable)
+ {
+ cancellable_source = g_cancellable_source_new (cancellable);
+ g_source_set_dummy_callback (cancellable_source);
+ g_source_add_child_source (source, cancellable_source);
+ g_source_unref (cancellable_source);
+ }
+
+ return source;
+}
+
+gboolean
+g_tls_connection_base_accept_peer_certificate (GTlsConnectionBase *tls,
+ GTlsCertificate *peer_certificate,
+ GTlsCertificateFlags peer_certificate_errors)
+{
+ gboolean accepted = FALSE;
+
+ if (G_IS_TLS_CLIENT_CONNECTION (tls))
+ {
+ GTlsCertificateFlags validation_flags =
+ g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (tls));
+
+ if ((peer_certificate_errors & validation_flags) == 0)
+ accepted = TRUE;
+ }
+
+ if (!accepted)
+ {
+ accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (tls),
+ peer_certificate,
+ peer_certificate_errors);
+ }
+
+ return accepted;
+}
+
+void
+g_tls_connection_base_set_peer_certificate (GTlsConnectionBase *tls,
+ GTlsCertificate *peer_certificate,
+ GTlsCertificateFlags peer_certificate_errors)
+{
+ g_set_object (&tls->peer_certificate, peer_certificate);
+
+ tls->peer_certificate_errors = peer_certificate_errors;
+
+ g_object_notify (G_OBJECT (tls), "peer-certificate");
+ g_object_notify (G_OBJECT (tls), "peer-certificate-errors");
+}
+
+static void
+handshake_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsConnectionBase *tls = object;
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ GError *error = NULL;
+
+ tls->started_handshake = FALSE;
+ tls->certificate_requested = FALSE;
+
+ if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ TRUE, cancellable, &error))
+ {
+ g_task_return_error (task, error);
+ return;
+ }
+
+ g_clear_error (&tls->handshake_error);
+
+ if (tls->ever_handshaked && !tls->need_handshake)
+ {
+ GTlsConnectionBaseStatus status;
+
+ status = tls_class->request_rehandshake (tls, cancellable, &error);
+ if (status != G_TLS_CONNECTION_BASE_OK)
+ {
+ g_task_return_error (task, error);
+ return;
+ }
+ }
+
+ g_clear_object (&tls->peer_certificate);
+ tls->peer_certificate_errors = 0;
+
+ tls->started_handshake = TRUE;
+ tls_class->handshake (tls, cancellable, &error);
+ tls->need_handshake = FALSE;
+
+ if (error)
+ {
+ if ((g_error_matches (error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
+#if GLIB_CHECK_VERSION (2, 35, 3)
+ g_error_matches (error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
+#endif
+ g_error_matches (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS)) &&
+ tls->certificate_requested)
+ {
+ g_clear_error (&error);
+ if (tls->certificate_error)
+ {
+ error = tls->certificate_error;
+ tls->certificate_error = NULL;
+ }
+ else
+ {
+ g_set_error_literal (&error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("Server required TLS certificate"));
+ }
+ }
+ g_task_return_error (task, error);
+ }
+ else
+ {
+ tls->ever_handshaked = TRUE;
+ g_task_return_boolean (task, TRUE);
+ }
+}
+
+static gboolean
+finish_handshake (GTlsConnectionBase *tls,
+ GTask *task,
+ GError **error)
+{
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ GError *my_error = NULL;
+
+ if (g_task_propagate_boolean (task, &my_error))
+ tls_class->complete_handshake (tls, &my_error);
+
+ if (my_error && tls->started_handshake)
+ tls->handshake_error = g_error_copy (my_error);
+
+ if (!my_error)
+ return TRUE;
+
+ g_propagate_error (error, my_error);
+ return FALSE;
+}
+
+static gboolean
+g_tls_connection_base_handshake (GTlsConnection *conn,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+ GTask *task;
+ gboolean success;
+ GError *my_error = NULL;
+
+ task = g_task_new (conn, cancellable, NULL, NULL);
+ g_task_set_source_tag (task, g_tls_connection_base_handshake);
+ g_task_run_in_thread_sync (task, handshake_thread);
+ success = finish_handshake (tls, task, &my_error);
+ g_object_unref (task);
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ G_TLS_CONNECTION_BASE_OK);
+
+ if (my_error)
+ g_propagate_error (error, my_error);
+ return success;
+}
+
+/* In the async version we use two GTasks; one to run
+ * handshake_thread() and then call handshake_thread_completed(), and
+ * a second to call the caller's original callback after we call
+ * finish_handshake().
+ */
+
+static void
+handshake_thread_completed (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ GTask *caller_task = user_data;
+ GTlsConnectionBase *tls = g_task_get_source_object (caller_task);
+ GError *error = NULL;
+ gboolean need_finish_handshake, success;
+
+ g_mutex_lock (&tls->op_mutex);
+ if (tls->need_finish_handshake)
+ {
+ need_finish_handshake = TRUE;
+ tls->need_finish_handshake = FALSE;
+ }
+ else
+ need_finish_handshake = FALSE;
+ g_mutex_unlock (&tls->op_mutex);
+
+ if (need_finish_handshake)
+ {
+ success = finish_handshake (tls, G_TASK (result), &error);
+ if (success)
+ g_task_return_boolean (caller_task, TRUE);
+ else
+ g_task_return_error (caller_task, error);
+ }
+ else if (tls->handshake_error)
+ g_task_return_error (caller_task, g_error_copy (tls->handshake_error));
+ else
+ g_task_return_boolean (caller_task, TRUE);
+
+ g_object_unref (caller_task);
+}
+
+static void
+async_handshake_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsConnectionBase *tls = object;
+
+ handshake_thread (task, object, task_data, cancellable);
+
+ g_mutex_lock (&tls->op_mutex);
+ tls->need_finish_handshake = TRUE;
+ /* yield_op will clear handshaking too, but we don't want the
+ * connection to be briefly "handshaking && need_finish_handshake"
+ * after we unlock the mutex.
+ */
+ tls->handshaking = FALSE;
+ g_mutex_unlock (&tls->op_mutex);
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ G_TLS_CONNECTION_BASE_OK);
+}
+
+static void
+g_tls_connection_base_handshake_async (GTlsConnection *conn,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *thread_task, *caller_task;
+
+ caller_task = g_task_new (conn, cancellable, callback, user_data);
+ g_task_set_source_tag (caller_task, g_tls_connection_base_handshake_async);
+ g_task_set_priority (caller_task, io_priority);
+ thread_task = g_task_new (conn, cancellable, handshake_thread_completed, caller_task);
+ g_task_set_source_tag (thread_task, g_tls_connection_base_handshake_async);
+ g_task_set_priority (thread_task, io_priority);
+
+ g_task_run_in_thread (thread_task, async_handshake_thread);
+ g_object_unref (thread_task);
+}
+
+static gboolean
+g_tls_connection_base_handshake_finish (GTlsConnection *conn,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+implicit_handshake_completed (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+
+ g_mutex_lock (&tls->op_mutex);
+ tls->need_finish_handshake = TRUE;
+ g_mutex_unlock (&tls->op_mutex);
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ G_TLS_CONNECTION_BASE_OK);
+}
+
+static gboolean
+do_implicit_handshake (GTlsConnectionBase *tls,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error)
+{
+ /* We have op_mutex */
+
+ tls->implicit_handshake = g_task_new (tls, cancellable,
+ implicit_handshake_completed,
+ NULL);
+ g_task_set_source_tag (tls->implicit_handshake, do_implicit_handshake);
+
+ if (blocking)
+ {
+ GError *my_error = NULL;
+ gboolean success;
+
+ g_mutex_unlock (&tls->op_mutex);
+ g_task_run_in_thread_sync (tls->implicit_handshake,
+ handshake_thread);
+ success = finish_handshake (tls,
+ tls->implicit_handshake,
+ &my_error);
+ g_clear_object (&tls->implicit_handshake);
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ G_TLS_CONNECTION_BASE_OK);
+ g_mutex_lock (&tls->op_mutex);
+
+ if (my_error)
+ g_propagate_error (error, my_error);
+ return success;
+ }
+ else
+ {
+ g_task_run_in_thread (tls->implicit_handshake,
+ handshake_thread);
+
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
+ _("Operation would block"));
+ return FALSE;
+ }
+}
+
+gssize
+g_tls_connection_base_read (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize count,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBaseStatus status;
+ gssize nread;
+
+ do
+ {
+ if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_READ,
+ blocking, cancellable, error))
+ return -1;
+
+ if (tls->app_data_buf && !tls->handshaking)
+ {
+ nread = MIN (count, tls->app_data_buf->len);
+ memcpy (buffer, tls->app_data_buf->data, nread);
+ if (nread == tls->app_data_buf->len)
+ g_clear_pointer (&tls->app_data_buf, g_byte_array_unref);
+ else
+ g_byte_array_remove_range (tls->app_data_buf, 0, nread);
+ status = G_TLS_CONNECTION_BASE_OK;
+ }
+ else
+ {
+ status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+ read_fn (tls, buffer, count, blocking, &nread, cancellable, error);
+ }
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_READ, status);
+ }
+ while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
+
+ if (status == G_TLS_CONNECTION_BASE_OK)
+ return nread;
+ else
+ return -1;
+}
+
+gssize
+g_tls_connection_base_write (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize count,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBaseStatus status;
+ gssize nwrote;
+
+ do
+ {
+ if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE,
+ blocking, cancellable, error))
+ return -1;
+
+ status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+ write_fn (tls, buffer, count, blocking, &nwrote, cancellable, error);
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE, status);
+ }
+ while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
+
+ if (status == G_TLS_CONNECTION_BASE_OK)
+ return nwrote;
+ else
+ return -1;
+}
+
+static GInputStream *
+g_tls_connection_base_get_input_stream (GIOStream *stream)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+
+ return tls->tls_istream;
+}
+
+static GOutputStream *
+g_tls_connection_base_get_output_stream (GIOStream *stream)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+
+ return tls->tls_ostream;
+}
+
+gboolean
+g_tls_connection_base_close_internal (GIOStream *stream,
+ GTlsDirection direction,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+ GTlsConnectionBaseOp op;
+ GTlsConnectionBaseStatus status;
+ gboolean success = TRUE;
+ GError *close_error = NULL, *stream_error = NULL;
+
+ /* This can be called from g_io_stream_close(), g_input_stream_close() or
+ * g_output_stream_close(). In all cases, we only do the close_fn() for
+ * writing. The difference is how we set the flags on this class and how
+ * the underlying stream is closed.
+ */
+
+ g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
+
+ if (direction == G_TLS_DIRECTION_BOTH)
+ op = G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH;
+ else if (direction == G_TLS_DIRECTION_READ)
+ op = G_TLS_CONNECTION_BASE_OP_CLOSE_READ;
+ else
+ op = G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE;
+
+ if (!claim_op (tls, op, TRUE, cancellable, error))
+ return FALSE;
+
+ if (tls->ever_handshaked && !tls->write_closed &&
+ direction & G_TLS_DIRECTION_WRITE)
+ {
+ status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+ close_fn (tls, cancellable, &close_error);
+
+ tls->write_closed = TRUE;
+ }
+ else
+ status = G_TLS_CONNECTION_BASE_OK;
+
+ if (!tls->read_closed && direction & G_TLS_DIRECTION_READ)
+ tls->read_closed = TRUE;
+
+ /* Close the underlying streams. Do this even if the close_fn() call failed,
+ * as the parent GIOStream will have set its internal closed flag and hence
+ * this implementation will never be called again. */
+ if (direction == G_TLS_DIRECTION_BOTH)
+ success = g_io_stream_close (tls->base_io_stream,
+ cancellable, &stream_error);
+ else if (direction & G_TLS_DIRECTION_READ)
+ success = g_input_stream_close (g_io_stream_get_input_stream (tls->base_io_stream),
+ cancellable, &stream_error);
+ else if (direction & G_TLS_DIRECTION_WRITE)
+ success = g_output_stream_close (g_io_stream_get_output_stream (tls->base_io_stream),
+ cancellable, &stream_error);
+
+ yield_op (tls, op, status);
+
+ /* Propagate errors. */
+ if (status != G_TLS_CONNECTION_BASE_OK)
+ {
+ g_propagate_error (error, close_error);
+ g_clear_error (&stream_error);
+ }
+ else if (!success)
+ {
+ g_propagate_error (error, stream_error);
+ g_clear_error (&close_error);
+ }
+
+ return success && status == G_TLS_CONNECTION_BASE_OK;
+}
+
+static gboolean
+g_tls_connection_base_close (GIOStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ return g_tls_connection_base_close_internal (stream,
+ G_TLS_DIRECTION_BOTH,
+ cancellable, error);
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GIOStream *stream = object;
+ GError *error = NULL;
+
+ if (!g_tls_connection_base_close (stream, cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+}
+
+static void
+g_tls_connection_base_close_async (GIOStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_connection_base_close_async);
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_connection_base_close_finish (GIOStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_connection_base_class_init (GTlsConnectionBaseClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsConnectionClass *connection_class = G_TLS_CONNECTION_CLASS (klass);
+ GIOStreamClass *iostream_class = G_IO_STREAM_CLASS (klass);
+
+ gobject_class->get_property = g_tls_connection_base_get_property;
+ gobject_class->set_property = g_tls_connection_base_set_property;
+ gobject_class->finalize = g_tls_connection_base_finalize;
+
+ connection_class->handshake = g_tls_connection_base_handshake;
+ connection_class->handshake_async = g_tls_connection_base_handshake_async;
+ connection_class->handshake_finish = g_tls_connection_base_handshake_finish;
+
+ iostream_class->get_input_stream = g_tls_connection_base_get_input_stream;
+ iostream_class->get_output_stream = g_tls_connection_base_get_output_stream;
+ iostream_class->close_fn = g_tls_connection_base_close;
+ iostream_class->close_async = g_tls_connection_base_close_async;
+ iostream_class->close_finish = g_tls_connection_base_close_finish;
+
+ klass->push_io = g_tls_connection_base_real_push_io;
+ klass->pop_io = g_tls_connection_base_real_pop_io;
+
+ g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
+ g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
+ g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
+ g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
+ g_object_class_override_property (gobject_class, PROP_DATABASE, "database");
+ g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
+ g_object_class_override_property (gobject_class, PROP_INTERACTION, "interaction");
+ g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE, "peer-certificate");
+ g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
+}
diff --git a/tls/base/gtlsconnection-base.h b/tls/base/gtlsconnection-base.h
new file mode 100644
index 0000000..0809644
--- /dev/null
+++ b/tls/base/gtlsconnection-base.h
@@ -0,0 +1,215 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2009-2011 Red Hat, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_CONNECTION_BASE_H__
+#define __G_TLS_CONNECTION_BASE_H__
+
+#include <gio/gio.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CONNECTION_BASE (g_tls_connection_base_get_type ())
+#define G_TLS_CONNECTION_BASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBase))
+#define G_TLS_CONNECTION_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CONNECTION_BASE,
GTlsConnectionBaseClass))
+#define G_IS_TLS_CONNECTION_BASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_CONNECTION_BASE))
+#define G_IS_TLS_CONNECTION_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CONNECTION_BASE))
+#define G_TLS_CONNECTION_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBaseClass))
+
+typedef struct _GTlsConnectionBasePrivate GTlsConnectionBasePrivate;
+typedef struct _GTlsConnectionBaseClass GTlsConnectionBaseClass;
+typedef struct _GTlsConnectionBase GTlsConnectionBase;
+
+typedef enum {
+ G_TLS_CONNECTION_BASE_OK,
+ G_TLS_CONNECTION_BASE_WOULD_BLOCK,
+ G_TLS_CONNECTION_BASE_TIMED_OUT,
+ G_TLS_CONNECTION_BASE_REHANDSHAKE,
+ G_TLS_CONNECTION_BASE_TRY_AGAIN,
+ G_TLS_CONNECTION_BASE_ERROR,
+} GTlsConnectionBaseStatus;
+
+struct _GTlsConnectionBaseClass
+{
+ GTlsConnectionClass parent_class;
+
+ GTlsConnectionBaseStatus (*request_rehandshake) (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsConnectionBaseStatus (*handshake) (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsConnectionBaseStatus (*complete_handshake) (GTlsConnectionBase *tls,
+ GError **error);
+
+ void (*push_io) (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean blocking,
+ GCancellable *cancellable);
+ GTlsConnectionBaseStatus (*pop_io) (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error);
+
+ GTlsConnectionBaseStatus (*read_fn) (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize count,
+ gboolean blocking,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsConnectionBaseStatus (*write_fn) (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize count,
+ gboolean blocking,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error);
+
+ GTlsConnectionBaseStatus (*close_fn) (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error);
+};
+
+struct _GTlsConnectionBase
+{
+ GTlsConnection parent_instance;
+
+ GIOStream *base_io_stream;
+ GPollableInputStream *base_istream;
+ GPollableOutputStream *base_ostream;
+
+ GTlsDatabase *database;
+ GTlsInteraction *interaction;
+
+ GTlsCertificate *certificate;
+ gboolean certificate_requested;
+ GError *certificate_error;
+ GTlsCertificate *peer_certificate;
+ GTlsCertificateFlags peer_certificate_errors;
+
+ gboolean require_close_notify;
+ GTlsRehandshakeMode rehandshake_mode;
+
+ /* need_handshake means the next claim_op() will get diverted into
+ * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
+ * need_finish_handshake means the next claim_op() will get diverted
+ * into finish_handshake() (unless it's an OP_CLOSE*).
+ *
+ * handshaking is TRUE as soon as a handshake thread is queued. For
+ * a sync handshake it becomes FALSE after finish_handshake()
+ * completes in the calling thread, but for an async implicit
+ * handshake, it becomes FALSE (and need_finish_handshake becomes
+ * TRUE) at the end of the handshaking thread (and then the next
+ * non-close op will call finish_handshake()). We can't just wait
+ * for handshake_thread_completed() to run, because it's possible
+ * that its main loop is being blocked by a synchronous op which is
+ * waiting for handshaking to become FALSE...
+ *
+ * started_handshake indicates that the current handshake attempt
+ * got at least as far as sending the first handshake packet (and so
+ * any error should be copied to handshake_error and returned on all
+ * future operations). ever_handshaked indicates that TLS has been
+ * successfully negotiated at some point.
+ */
+ gboolean need_handshake;
+ gboolean need_finish_handshake;
+ gboolean started_handshake;
+ gboolean handshaking;
+ gboolean ever_handshaked;
+ GTask *implicit_handshake;
+ GError *handshake_error;
+ GByteArray *app_data_buf;
+
+ /* read_closed means the read direction has closed; write_closed similarly.
+ * If (and only if) both are set, the entire GTlsConnection is closed. */
+ gboolean read_closing, read_closed;
+ gboolean write_closing, write_closed;
+
+ gboolean reading;
+ gboolean read_blocking;
+ GError *read_error;
+ GCancellable *read_cancellable;
+
+ gboolean writing;
+ gboolean write_blocking;
+ GError *write_error;
+ GCancellable *write_cancellable;
+
+ /*< private >*/
+ gboolean is_system_certdb;
+ gboolean database_is_unset;
+
+ GInputStream *tls_istream;
+ GOutputStream *tls_ostream;
+
+ GMutex op_mutex;
+ GCancellable *waiting_for_op;
+};
+
+GType g_tls_connection_base_get_type (void) G_GNUC_CONST;
+
+gboolean g_tls_connection_base_accept_peer_certificate (GTlsConnectionBase *tls,
+ GTlsCertificate *peer_certificate,
+ GTlsCertificateFlags peer_certificate_errors);
+
+void g_tls_connection_base_set_peer_certificate (GTlsConnectionBase *tls,
+ GTlsCertificate *peer_certificate,
+ GTlsCertificateFlags peer_certificate_errors);
+
+void g_tls_connection_base_push_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean blocking,
+ GCancellable *cancellable);
+GTlsConnectionBaseStatus
+ g_tls_connection_base_pop_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error);
+
+gssize g_tls_connection_base_read (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize size,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error);
+gssize g_tls_connection_base_write (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize size,
+ gboolean blocking,
+ GCancellable *cancellable,
+ GError **error);
+
+gboolean g_tls_connection_base_check (GTlsConnectionBase *tls,
+ GIOCondition condition);
+GSource *g_tls_connection_base_create_source (GTlsConnectionBase *tls,
+ GIOCondition condition,
+ GCancellable *cancellable);
+
+typedef enum {
+ G_TLS_DIRECTION_NONE = 0,
+ G_TLS_DIRECTION_READ = 1 << 0,
+ G_TLS_DIRECTION_WRITE = 1 << 1,
+} GTlsDirection;
+
+#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
+
+gboolean g_tls_connection_base_close_internal (GIOStream *stream,
+ GTlsDirection direction,
+ GCancellable *cancellable,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_CONNECTION_BASE_H___ */
diff --git a/tls/base/gtlsinputstream-base.c b/tls/base/gtlsinputstream-base.c
new file mode 100644
index 0000000..3438a11
--- /dev/null
+++ b/tls/base/gtlsinputstream-base.c
@@ -0,0 +1,249 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "gtlsinputstream-base.h"
+
+static void g_tls_input_stream_base_pollable_iface_init (GPollableInputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamBase, g_tls_input_stream_base, G_TYPE_INPUT_STREAM,
+ G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM,
g_tls_input_stream_base_pollable_iface_init)
+ )
+
+struct _GTlsInputStreamBasePrivate
+{
+ GWeakRef weak_conn;
+};
+
+static void
+g_tls_input_stream_base_dispose (GObject *object)
+{
+ GTlsInputStreamBase *stream = G_TLS_INPUT_STREAM_BASE (object);
+
+ g_weak_ref_set (&stream->priv->weak_conn, NULL);
+
+ G_OBJECT_CLASS (g_tls_input_stream_base_parent_class)->dispose (object);
+}
+
+static void
+g_tls_input_stream_base_finalize (GObject *object)
+{
+ GTlsInputStreamBase *stream = G_TLS_INPUT_STREAM_BASE (object);
+
+ g_weak_ref_clear (&stream->priv->weak_conn);
+
+ G_OBJECT_CLASS (g_tls_input_stream_base_parent_class)->finalize (object);
+}
+
+static gssize
+g_tls_input_stream_base_read (GInputStream *stream,
+ void *buffer,
+ gsize count,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (stream);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
+
+ ret = g_tls_connection_base_read (conn,
+ buffer, count, TRUE,
+ cancellable, error);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_input_stream_base_pollable_is_readable (GPollableInputStream *pollable)
+{
+ GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
+ GTlsConnectionBase *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, FALSE);
+
+ ret = g_tls_connection_base_check (conn, G_IO_IN);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static GSource *
+g_tls_input_stream_base_pollable_create_source (GPollableInputStream *pollable,
+ GCancellable *cancellable)
+{
+ GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
+ GTlsConnectionBase *conn;
+ GSource *ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, NULL);
+
+ ret = g_tls_connection_base_create_source (conn, G_IO_IN, cancellable);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gssize
+g_tls_input_stream_base_pollable_read_nonblocking (GPollableInputStream *pollable,
+ void *buffer,
+ gsize size,
+ GError **error)
+{
+ GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
+
+ ret = g_tls_connection_base_read (conn, buffer, size, FALSE, NULL, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_input_stream_base_close (GInputStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (stream);
+ GIOStream *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ /* Special case here because this is called by the finalize
+ * of the main GTlsConnection object.
+ */
+ if (conn == NULL)
+ return TRUE;
+
+ ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_READ,
+ cancellable, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsInputStreamBase *tls_stream = object;
+ GError *error = NULL;
+ GIOStream *conn;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ if (conn && !g_tls_connection_base_close_internal (conn,
+ G_TLS_DIRECTION_READ,
+ cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+
+ if (conn)
+ g_object_unref (conn);
+}
+
+
+static void
+g_tls_input_stream_base_close_async (GInputStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_input_stream_base_close_async);
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_input_stream_base_close_finish (GInputStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
+ g_tls_input_stream_base_close_async, FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_input_stream_base_class_init (GTlsInputStreamBaseClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
+
+ g_type_class_add_private (klass, sizeof (GTlsInputStreamBasePrivate));
+
+ gobject_class->dispose = g_tls_input_stream_base_dispose;
+ gobject_class->finalize = g_tls_input_stream_base_finalize;
+
+ input_stream_class->read_fn = g_tls_input_stream_base_read;
+ input_stream_class->close_fn = g_tls_input_stream_base_close;
+ input_stream_class->close_async = g_tls_input_stream_base_close_async;
+ input_stream_class->close_finish = g_tls_input_stream_base_close_finish;
+}
+
+static void
+g_tls_input_stream_base_pollable_iface_init (GPollableInputStreamInterface *iface)
+{
+ iface->is_readable = g_tls_input_stream_base_pollable_is_readable;
+ iface->create_source = g_tls_input_stream_base_pollable_create_source;
+ iface->read_nonblocking = g_tls_input_stream_base_pollable_read_nonblocking;
+}
+
+static void
+g_tls_input_stream_base_init (GTlsInputStreamBase *stream)
+{
+ stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_INPUT_STREAM_BASE,
GTlsInputStreamBasePrivate);
+}
+
+GInputStream *
+g_tls_input_stream_base_new (GTlsConnectionBase *conn)
+{
+ GTlsInputStreamBase *tls_stream;
+
+ tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_BASE, NULL);
+ g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+
+ return G_INPUT_STREAM (tls_stream);
+}
diff --git a/tls/base/gtlsinputstream-base.h b/tls/base/gtlsinputstream-base.h
new file mode 100644
index 0000000..5f0694e
--- /dev/null
+++ b/tls/base/gtlsinputstream-base.h
@@ -0,0 +1,51 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_INPUT_STREAM_BASE_H__
+#define __G_TLS_INPUT_STREAM_BASE_H__
+
+#include <gio/gio.h>
+#include "gtlsconnection-base.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_INPUT_STREAM_BASE (g_tls_input_stream_base_get_type ())
+#define G_TLS_INPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBase))
+#define G_TLS_INPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBaseClass))
+#define G_IS_TLS_INPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_INPUT_STREAM_BASE))
+#define G_IS_TLS_INPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_INPUT_STREAM_BASE))
+#define G_TLS_INPUT_STREAM_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBaseClass))
+
+typedef struct _GTlsInputStreamBasePrivate GTlsInputStreamBasePrivate;
+typedef struct _GTlsInputStreamBaseClass GTlsInputStreamBaseClass;
+typedef struct _GTlsInputStreamBase GTlsInputStreamBase;
+
+struct _GTlsInputStreamBaseClass
+{
+ GInputStreamClass parent_class;
+};
+
+struct _GTlsInputStreamBase
+{
+ GInputStream parent_instance;
+ GTlsInputStreamBasePrivate *priv;
+};
+
+GType g_tls_input_stream_base_get_type (void) G_GNUC_CONST;
+GInputStream *g_tls_input_stream_base_new (GTlsConnectionBase *conn);
+
+G_END_DECLS
+
+#endif /* __G_TLS_INPUT_STREAM_BASE_H___ */
diff --git a/tls/base/gtlsoutputstream-base.c b/tls/base/gtlsoutputstream-base.c
new file mode 100644
index 0000000..d9bcf8e
--- /dev/null
+++ b/tls/base/gtlsoutputstream-base.c
@@ -0,0 +1,251 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "gtlsoutputstream-base.h"
+
+static void g_tls_output_stream_base_pollable_iface_init (GPollableOutputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamBase, g_tls_output_stream_base, G_TYPE_OUTPUT_STREAM,
+ G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM,
g_tls_output_stream_base_pollable_iface_init)
+ )
+
+struct _GTlsOutputStreamBasePrivate
+{
+ GWeakRef weak_conn;
+};
+
+static void
+g_tls_output_stream_base_dispose (GObject *object)
+{
+ GTlsOutputStreamBase *stream = G_TLS_OUTPUT_STREAM_BASE (object);
+
+ g_weak_ref_set (&stream->priv->weak_conn, NULL);
+
+ G_OBJECT_CLASS (g_tls_output_stream_base_parent_class)->dispose (object);
+}
+
+static void
+g_tls_output_stream_base_finalize (GObject *object)
+{
+ GTlsOutputStreamBase *stream = G_TLS_OUTPUT_STREAM_BASE (object);
+
+ g_weak_ref_clear (&stream->priv->weak_conn);
+
+ G_OBJECT_CLASS (g_tls_output_stream_base_parent_class)->finalize (object);
+}
+
+static gssize
+g_tls_output_stream_base_write (GOutputStream *stream,
+ const void *buffer,
+ gsize count,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (stream);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
+
+ ret = g_tls_connection_base_write (conn, buffer, count, TRUE,
+ cancellable, error);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_output_stream_base_pollable_is_writable (GPollableOutputStream *pollable)
+{
+ GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
+ GTlsConnectionBase *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, FALSE);
+
+ ret = g_tls_connection_base_check (conn, G_IO_OUT);
+
+ g_object_unref (conn);
+
+ return ret;
+}
+
+static GSource *
+g_tls_output_stream_base_pollable_create_source (GPollableOutputStream *pollable,
+ GCancellable *cancellable)
+{
+ GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
+ GTlsConnectionBase *conn;
+ GSource *ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, NULL);
+
+ ret = g_tls_connection_base_create_source (conn,
+ G_IO_OUT,
+ cancellable);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gssize
+g_tls_output_stream_base_pollable_write_nonblocking (GPollableOutputStream *pollable,
+ const void *buffer,
+ gsize size,
+ GError **error)
+{
+ GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
+
+ ret = g_tls_connection_base_write (conn, buffer, size, FALSE, NULL, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_output_stream_base_close (GOutputStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (stream);
+ GIOStream *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ /* Special case here because this is called by the finalize
+ * of the main GTlsConnection object.
+ */
+ if (conn == NULL)
+ return TRUE;
+
+ ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_WRITE,
+ cancellable, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsOutputStreamBase *tls_stream = object;
+ GError *error = NULL;
+ GIOStream *conn;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ if (conn && !g_tls_connection_base_close_internal (conn,
+ G_TLS_DIRECTION_WRITE,
+ cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+
+ if (conn)
+ g_object_unref (conn);
+}
+
+
+static void
+g_tls_output_stream_base_close_async (GOutputStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_output_stream_base_close_async);
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_output_stream_base_close_finish (GOutputStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
+ g_tls_output_stream_base_close_async, FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_output_stream_base_class_init (GTlsOutputStreamBaseClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
+
+ g_type_class_add_private (klass, sizeof (GTlsOutputStreamBasePrivate));
+
+ gobject_class->dispose = g_tls_output_stream_base_dispose;
+ gobject_class->finalize = g_tls_output_stream_base_finalize;
+
+ output_stream_class->write_fn = g_tls_output_stream_base_write;
+ output_stream_class->close_fn = g_tls_output_stream_base_close;
+ output_stream_class->close_async = g_tls_output_stream_base_close_async;
+ output_stream_class->close_finish = g_tls_output_stream_base_close_finish;
+}
+
+static void
+g_tls_output_stream_base_pollable_iface_init (GPollableOutputStreamInterface *iface)
+{
+ iface->is_writable = g_tls_output_stream_base_pollable_is_writable;
+ iface->create_source = g_tls_output_stream_base_pollable_create_source;
+ iface->write_nonblocking = g_tls_output_stream_base_pollable_write_nonblocking;
+}
+
+static void
+g_tls_output_stream_base_init (GTlsOutputStreamBase *stream)
+{
+ stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_OUTPUT_STREAM_BASE,
GTlsOutputStreamBasePrivate);
+}
+
+GOutputStream *
+g_tls_output_stream_base_new (GTlsConnectionBase *conn)
+{
+ GTlsOutputStreamBase *tls_stream;
+
+ tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_BASE, NULL);
+ g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+
+ return G_OUTPUT_STREAM (tls_stream);
+}
diff --git a/tls/base/gtlsoutputstream-base.h b/tls/base/gtlsoutputstream-base.h
new file mode 100644
index 0000000..b0a25e1
--- /dev/null
+++ b/tls/base/gtlsoutputstream-base.h
@@ -0,0 +1,51 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_OUTPUT_STREAM_BASE_H__
+#define __G_TLS_OUTPUT_STREAM_BASE_H__
+
+#include <gio/gio.h>
+#include "gtlsconnection-base.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_OUTPUT_STREAM_BASE (g_tls_output_stream_base_get_type ())
+#define G_TLS_OUTPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBase))
+#define G_TLS_OUTPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBaseClass))
+#define G_IS_TLS_OUTPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_OUTPUT_STREAM_BASE))
+#define G_IS_TLS_OUTPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_OUTPUT_STREAM_BASE))
+#define G_TLS_OUTPUT_STREAM_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBaseClass))
+
+typedef struct _GTlsOutputStreamBasePrivate GTlsOutputStreamBasePrivate;
+typedef struct _GTlsOutputStreamBaseClass GTlsOutputStreamBaseClass;
+typedef struct _GTlsOutputStreamBase GTlsOutputStreamBase;
+
+struct _GTlsOutputStreamBaseClass
+{
+ GOutputStreamClass parent_class;
+};
+
+struct _GTlsOutputStreamBase
+{
+ GOutputStream parent_instance;
+ GTlsOutputStreamBasePrivate *priv;
+};
+
+GType g_tls_output_stream_base_get_type (void) G_GNUC_CONST;
+GOutputStream *g_tls_output_stream_base_new (GTlsConnectionBase *conn);
+
+G_END_DECLS
+
+#endif /* __G_TLS_OUTPUT_STREAM_BASE_H___ */
diff --git a/tls/openssl/Makefile.am b/tls/openssl/Makefile.am
new file mode 100644
index 0000000..4a387f0
--- /dev/null
+++ b/tls/openssl/Makefile.am
@@ -0,0 +1,48 @@
+include $(top_srcdir)/glib-openssl.mk
+
+giomodule_LTLIBRARIES = libgioopenssl.la
+
+libgioopenssl_la_SOURCES = \
+ openssl-module.c \
+ gtlsbackend-openssl.h \
+ gtlsbackend-openssl.c \
+ gtlscertificate-openssl.h \
+ gtlscertificate-openssl.c \
+ gtlsconnection-openssl.h \
+ gtlsconnection-openssl.c \
+ gtlsserverconnection-openssl.h \
+ gtlsserverconnection-openssl.c \
+ gtlsclientconnection-openssl.h \
+ gtlsclientconnection-openssl.c \
+ gtlsdatabase-openssl.h \
+ gtlsdatabase-openssl.c \
+ gtlsfiledatabase-openssl.h \
+ gtlsfiledatabase-openssl.c \
+ gtlsbio.h \
+ gtlsbio.c \
+ openssl-util.h \
+ openssl-util.c \
+ $(NULL)
+
+AM_CPPFLAGS += \
+ -I$(top_srcdir)/tls/base \
+ $(OPENSSL_CFLAGS) \
+ $(NULL)
+
+libgioopenssl_la_LDFLAGS = $(module_flags)
+libgioopenssl_la_LIBADD = \
+ ../base/libtlsbase.la \
+ $(GLIB_LIBS) \
+ $(OPENSSL_LIBS) \
+ $(NULL)
+
+# MSVC Projects
+
+MSVCPROJS = libgioopenssl
+
+libgioopenssl_FILES = $(libgioopenssl_la_SOURCES)
+libgioopenssl_EXCLUDES = dummy
+
+include $(top_srcdir)/build/Makefile.msvcproj
+
+dist-hook: $(top_builddir)/build/win32/vs9/libgioopenssl.vcproj
diff --git a/tls/openssl/gtlsbackend-openssl.c b/tls/openssl/gtlsbackend-openssl.c
new file mode 100644
index 0000000..81a5d07
--- /dev/null
+++ b/tls/openssl/gtlsbackend-openssl.c
@@ -0,0 +1,264 @@
+/*
+ * gtlsbackend-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+#include <string.h>
+
+#include <openssl/ssl.h>
+#include <openssl/crypto.h>
+
+#include "gtlsbackend-openssl.h"
+#include "gtlscertificate-openssl.h"
+#include "gtlsserverconnection-openssl.h"
+#include "gtlsclientconnection-openssl.h"
+#include "gtlsfiledatabase-openssl.h"
+
+typedef struct _GTlsBackendOpensslPrivate
+{
+ GMutex mutex;
+ GTlsDatabase *default_database;
+} GTlsBackendOpensslPrivate;
+
+static void g_tls_backend_openssl_interface_init (GTlsBackendInterface *iface);
+
+G_DEFINE_DYNAMIC_TYPE_EXTENDED (GTlsBackendOpenssl, g_tls_backend_openssl, G_TYPE_OBJECT, 0,
+ G_ADD_PRIVATE_DYNAMIC (GTlsBackendOpenssl)
+ G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND,
+ g_tls_backend_openssl_interface_init))
+
+static GMutex *mutex_array = NULL;
+
+struct CRYPTO_dynlock_value {
+ GMutex mutex;
+};
+
+static unsigned long
+id_cb (void)
+{
+ return (unsigned long) g_thread_self ();
+}
+
+static void
+locking_cb (int mode,
+ int n,
+ const char *file,
+ int line)
+{
+ if (mode & CRYPTO_LOCK)
+ g_mutex_lock (&mutex_array[n]);
+ else
+ g_mutex_unlock (&mutex_array[n]);
+}
+
+static struct CRYPTO_dynlock_value *
+dyn_create_cb (const char *file,
+ int line)
+{
+ struct CRYPTO_dynlock_value *value = g_try_new (struct CRYPTO_dynlock_value, 1);
+
+ if (value)
+ g_mutex_init (&value->mutex);
+
+ return value;
+}
+
+static void
+dyn_lock_cb (int mode,
+ struct CRYPTO_dynlock_value *l,
+ const char *file,
+ int line)
+{
+ if (mode & CRYPTO_LOCK)
+ g_mutex_lock (&l->mutex);
+ else
+ g_mutex_unlock (&l->mutex);
+}
+
+static void
+dyn_destroy_cb (struct CRYPTO_dynlock_value *l,
+ const char *file,
+ int line)
+{
+ g_mutex_clear (&l->mutex);
+ g_free (l);
+}
+
+static gpointer
+gtls_openssl_init (gpointer data)
+{
+ int i;
+
+ /* Initialize openssl threading */
+ mutex_array = g_malloc_n (CRYPTO_num_locks(), sizeof (GMutex));
+ for (i = 0; i < CRYPTO_num_locks (); ++i)
+ g_mutex_init(&mutex_array[i]);
+
+ CRYPTO_set_id_callback (id_cb);
+ CRYPTO_set_locking_callback (locking_cb);
+ CRYPTO_set_dynlock_create_callback (dyn_create_cb);
+ CRYPTO_set_dynlock_lock_callback (dyn_lock_cb);
+ CRYPTO_set_dynlock_destroy_callback (dyn_destroy_cb);
+
+ SSL_library_init ();
+ SSL_load_error_strings ();
+ OpenSSL_add_all_algorithms ();
+
+ /* Leak the module to keep it from being unloaded. */
+ g_type_plugin_use (g_type_get_plugin (G_TYPE_TLS_BACKEND_OPENSSL));
+
+ return NULL;
+}
+
+static GOnce openssl_inited = G_ONCE_INIT;
+
+static void
+g_tls_backend_openssl_init (GTlsBackendOpenssl *backend)
+{
+ GTlsBackendOpensslPrivate *priv;
+
+ priv = g_tls_backend_openssl_get_instance_private (backend);
+
+ /* Once we call gtls_openssl_init(), we can't allow the module to be
+ * unloaded (since if openssl gets unloaded but gcrypt doesn't, then
+ * gcrypt will have dangling pointers to openssl's mutex functions).
+ * So we initialize it from here rather than at class init time so
+ * that it doesn't happen unless the app is actually using TLS (as
+ * opposed to just calling g_io_modules_scan_all_in_directory()).
+ */
+ g_once (&openssl_inited, gtls_openssl_init, NULL);
+
+ g_mutex_init (&priv->mutex);
+}
+
+static void
+g_tls_backend_openssl_finalize (GObject *object)
+{
+ int i;
+
+ GTlsBackendOpenssl *backend = G_TLS_BACKEND_OPENSSL (object);
+ GTlsBackendOpensslPrivate *priv;
+
+ priv = g_tls_backend_openssl_get_instance_private (backend);
+
+ g_clear_object (&priv->default_database);
+ g_mutex_clear (&priv->mutex);
+
+ CRYPTO_set_id_callback (NULL);
+ CRYPTO_set_locking_callback (NULL);
+ CRYPTO_set_dynlock_create_callback (NULL);
+ CRYPTO_set_dynlock_lock_callback (NULL);
+ CRYPTO_set_dynlock_destroy_callback (NULL);
+ for (i = 0; i < CRYPTO_num_locks(); ++i)
+ g_mutex_clear (&mutex_array[i]);
+ g_free (mutex_array);
+
+ G_OBJECT_CLASS (g_tls_backend_openssl_parent_class)->finalize (object);
+}
+
+static GTlsDatabase *
+g_tls_backend_openssl_real_create_database (GTlsBackendOpenssl *self,
+ GError **error)
+{
+ const gchar *anchor_file = NULL;
+#ifdef GTLS_SYSTEM_CA_FILE
+ anchor_file = GTLS_SYSTEM_CA_FILE;
+#endif
+ return g_tls_file_database_new (anchor_file, error);
+}
+
+static void
+g_tls_backend_openssl_class_init (GTlsBackendOpensslClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+
+ gobject_class->finalize = g_tls_backend_openssl_finalize;
+
+ klass->create_database = g_tls_backend_openssl_real_create_database;
+}
+
+static void
+g_tls_backend_openssl_class_finalize (GTlsBackendOpensslClass *backend_class)
+{
+}
+
+static GTlsDatabase*
+g_tls_backend_openssl_get_default_database (GTlsBackend *backend)
+{
+ GTlsBackendOpenssl *openssl_backend = G_TLS_BACKEND_OPENSSL (backend);
+ GTlsBackendOpensslPrivate *priv;
+ GTlsDatabase *result;
+ GError *error = NULL;
+
+ priv = g_tls_backend_openssl_get_instance_private (openssl_backend);
+
+ g_mutex_lock (&priv->mutex);
+
+ if (priv->default_database)
+ {
+ result = g_object_ref (priv->default_database);
+ }
+ else
+ {
+ g_assert (G_TLS_BACKEND_OPENSSL_GET_CLASS (openssl_backend)->create_database);
+ result = G_TLS_BACKEND_OPENSSL_GET_CLASS (openssl_backend)->create_database (openssl_backend, &error);
+ if (error)
+ {
+ g_warning ("Couldn't load TLS file database: %s",
+ error->message);
+ g_clear_error (&error);
+ }
+ else
+ {
+ g_assert (result);
+ priv->default_database = g_object_ref (result);
+ }
+ }
+
+ g_mutex_unlock (&priv->mutex);
+
+ return result;
+}
+
+static void
+g_tls_backend_openssl_interface_init (GTlsBackendInterface *iface)
+{
+ iface->get_certificate_type = g_tls_certificate_openssl_get_type;
+ iface->get_client_connection_type = g_tls_client_connection_openssl_get_type;
+ iface->get_server_connection_type = g_tls_server_connection_openssl_get_type;
+ iface->get_file_database_type = g_tls_file_database_openssl_get_type;
+ iface->get_default_database = g_tls_backend_openssl_get_default_database;
+}
+
+void
+g_tls_backend_openssl_register (GIOModule *module)
+{
+ g_tls_backend_openssl_register_type (G_TYPE_MODULE (module));
+ g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
+ g_tls_backend_openssl_get_type(),
+ "openssl",
+ 100);
+}
diff --git a/tls/openssl/gtlsbackend-openssl.h b/tls/openssl/gtlsbackend-openssl.h
new file mode 100644
index 0000000..410b0fb
--- /dev/null
+++ b/tls/openssl/gtlsbackend-openssl.h
@@ -0,0 +1,48 @@
+/*
+ * gtlsbackend-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_BACKEND_OPENSSL_H__
+#define __G_TLS_BACKEND_OPENSSL_H__
+
+#include <gio/gio.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_BACKEND_OPENSSL (g_tls_backend_openssl_get_type ())
+G_DECLARE_DERIVABLE_TYPE (GTlsBackendOpenssl, g_tls_backend_openssl,
+ G, TLS_BACKEND_OPENSSL, GObject)
+
+struct _GTlsBackendOpensslClass
+{
+ GObjectClass parent_class;
+
+ GTlsDatabase* (*create_database) (GTlsBackendOpenssl *backend,
+ GError **error);
+};
+
+void g_tls_backend_openssl_register (GIOModule *module);
+
+G_END_DECLS
+
+#endif /* __G_TLS_BACKEND_OPENSSL_H___ */
diff --git a/tls/openssl/gtlsbio.c b/tls/openssl/gtlsbio.c
new file mode 100644
index 0000000..17d10a0
--- /dev/null
+++ b/tls/openssl/gtlsbio.c
@@ -0,0 +1,296 @@
+/*
+ * gtlsbio.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "gtlsbio.h"
+
+#include <string.h>
+
+typedef struct {
+ GIOStream *io_stream;
+ GCancellable *read_cancellable;
+ GCancellable *write_cancellable;
+ gboolean read_blocking;
+ gboolean write_blocking;
+ GError **read_error;
+ GError **write_error;
+} GTlsBio;
+
+static void
+free_gbio (gpointer user_data)
+{
+ GTlsBio *bio = (GTlsBio *)user_data;
+
+ g_object_unref (bio->io_stream);
+ g_free (bio);
+}
+
+static int
+gtls_bio_create (BIO *bio)
+{
+ bio->init = 0;
+ bio->num = 0;
+ bio->ptr = NULL;
+ bio->flags = 0;
+ return 1;
+}
+
+static int
+gtls_bio_destroy (BIO *bio)
+{
+ if (bio == NULL)
+ return 0;
+
+ if (bio->shutdown)
+ {
+ if (bio->ptr != NULL)
+ {
+ free_gbio (bio->ptr);
+ bio->ptr = NULL;
+ }
+ bio->init = 0;
+ }
+
+ return 1;
+}
+
+static long
+gtls_bio_ctrl (BIO *b,
+ int cmd,
+ long num,
+ void *ptr)
+{
+ long ret = 1;
+
+ switch (cmd)
+ {
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+ case BIO_CTRL_PUSH:
+ case BIO_CTRL_POP:
+ ret = 0;
+ break;
+ default:
+ g_debug ("Got unsupported command: %d", cmd);
+ ret = 0;
+ break;
+ }
+
+ return ret;
+}
+
+static int
+gtls_bio_write (BIO *bio,
+ const char *in,
+ int inl)
+{
+ GTlsBio *gbio;
+ gssize written;
+ GError *error = NULL;
+
+ if (!bio->init || in == NULL || inl == 0)
+ return 0;
+
+ gbio = (GTlsBio *)bio->ptr;
+
+ BIO_clear_retry_flags (bio);
+ written = g_pollable_stream_write (g_io_stream_get_output_stream (gbio->io_stream),
+ in, inl,
+ gbio->write_blocking,
+ gbio->write_cancellable,
+ &error);
+
+ if (written == -1)
+ {
+ if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+ BIO_set_retry_write (bio);
+
+ g_propagate_error (gbio->write_error, error);
+ }
+
+ return written;
+}
+
+static int
+gtls_bio_read (BIO *bio,
+ char *out,
+ int outl)
+{
+ GTlsBio *gbio;
+ gssize read;
+ GError *error = NULL;
+
+ if (!bio->init || out == NULL || outl == 0)
+ return 0;
+
+ gbio = (GTlsBio *)bio->ptr;
+
+ BIO_clear_retry_flags (bio);
+ read = g_pollable_stream_read (g_io_stream_get_input_stream (gbio->io_stream),
+ out, outl,
+ gbio->read_blocking,
+ gbio->read_cancellable,
+ &error);
+
+ if (read == -1)
+ {
+ if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+ BIO_set_retry_read (bio);
+
+ g_propagate_error (gbio->read_error, error);
+ }
+
+ return read;
+}
+
+static int
+gtls_bio_puts(BIO *bio,
+ const char *str)
+{
+ return gtls_bio_write (bio, str, (int)strlen (str));
+}
+
+static int
+gtls_bio_gets(BIO *bio,
+ char *buf,
+ int len)
+{
+ return -1;
+}
+
+static BIO_METHOD methods_gtls = {
+ BIO_TYPE_SOURCE_SINK,
+ "gtls",
+ gtls_bio_write,
+ gtls_bio_read,
+ gtls_bio_puts,
+ gtls_bio_gets,
+ gtls_bio_ctrl,
+ gtls_bio_create,
+ gtls_bio_destroy
+};
+
+static BIO_METHOD *
+BIO_s_gtls (void)
+{
+ return &methods_gtls;
+}
+
+BIO *
+g_tls_bio_new (GIOStream *io_stream)
+{
+ BIO *ret;
+ GTlsBio *gbio;
+
+ ret = BIO_new(BIO_s_gtls ());
+ if (ret == NULL)
+ return NULL;
+
+ gbio = g_new0 (GTlsBio, 1);
+ gbio->io_stream = g_object_ref (io_stream);
+
+ ret->ptr = gbio;
+ ret->init = 1;
+
+ return ret;
+}
+
+void
+g_tls_bio_set_read_cancellable (BIO *bio,
+ GCancellable *cancellable)
+{
+ GTlsBio *gbio;
+
+ g_return_if_fail (bio != NULL);
+
+ gbio = (GTlsBio *)bio->ptr;
+ gbio->read_cancellable = cancellable;
+}
+
+void
+g_tls_bio_set_read_blocking (BIO *bio,
+ gboolean blocking)
+{
+ GTlsBio *gbio;
+
+ g_return_if_fail (bio != NULL);
+
+ gbio = (GTlsBio *)bio->ptr;
+ gbio->read_blocking = blocking;
+}
+
+void
+g_tls_bio_set_read_error (BIO *bio,
+ GError **error)
+{
+ GTlsBio *gbio;
+
+ g_return_if_fail (bio != NULL);
+
+ gbio = (GTlsBio *)bio->ptr;
+ gbio->read_error = error;
+}
+
+void
+g_tls_bio_set_write_cancellable (BIO *bio,
+ GCancellable *cancellable)
+{
+ GTlsBio *gbio;
+
+ g_return_if_fail (bio != NULL);
+
+ gbio = (GTlsBio *)bio->ptr;
+ gbio->write_cancellable = cancellable;
+}
+
+void
+g_tls_bio_set_write_blocking (BIO *bio,
+ gboolean blocking)
+{
+ GTlsBio *gbio;
+
+ g_return_if_fail (bio != NULL);
+
+ gbio = (GTlsBio *)bio->ptr;
+ gbio->write_blocking = blocking;
+}
+
+void
+g_tls_bio_set_write_error (BIO *bio,
+ GError **error)
+{
+ GTlsBio *gbio;
+
+ g_return_if_fail (bio != NULL);
+
+ gbio = (GTlsBio *)bio->ptr;
+ gbio->write_error = error;
+}
diff --git a/tls/openssl/gtlsbio.h b/tls/openssl/gtlsbio.h
new file mode 100644
index 0000000..701f5d1
--- /dev/null
+++ b/tls/openssl/gtlsbio.h
@@ -0,0 +1,55 @@
+/*
+ * gtlsbio.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_BIO_H__
+#define __G_TLS_BIO_H__
+
+#include <gio/gio.h>
+#include <openssl/bio.h>
+
+G_BEGIN_DECLS
+
+BIO *g_tls_bio_new (GIOStream *io_stream);
+
+void g_tls_bio_set_read_cancellable (BIO *bio,
+ GCancellable *cancellable);
+
+void g_tls_bio_set_read_blocking (BIO *bio,
+ gboolean blocking);
+
+void g_tls_bio_set_read_error (BIO *bio,
+ GError **error);
+
+void g_tls_bio_set_write_cancellable (BIO *bio,
+ GCancellable *cancellable);
+
+void g_tls_bio_set_write_blocking (BIO *bio,
+ gboolean blocking);
+
+void g_tls_bio_set_write_error (BIO *bio,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_BIO_H__ */
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
new file mode 100644
index 0000000..d51c9f5
--- /dev/null
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -0,0 +1,701 @@
+/*
+ * gtlscertificate-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+
+#include "gtlscertificate-openssl.h"
+#include "openssl-util.h"
+#include <glib/gi18n-lib.h>
+
+typedef struct _GTlsCertificateOpensslPrivate
+{
+ X509 *cert;
+ EVP_PKEY *key;
+
+ GTlsCertificateOpenssl *issuer;
+
+ GError *construct_error;
+
+ guint have_cert : 1;
+ guint have_key : 1;
+} GTlsCertificateOpensslPrivate;
+
+enum
+{
+ PROP_0,
+
+ PROP_CERTIFICATE,
+ PROP_CERTIFICATE_PEM,
+ PROP_PRIVATE_KEY,
+ PROP_PRIVATE_KEY_PEM,
+ PROP_ISSUER
+};
+
+static void g_tls_certificate_openssl_initable_iface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsCertificateOpenssl, g_tls_certificate_openssl, G_TYPE_TLS_CERTIFICATE,
+ G_ADD_PRIVATE (GTlsCertificateOpenssl)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_certificate_openssl_initable_iface_init))
+
+static void
+g_tls_certificate_openssl_finalize (GObject *object)
+{
+ GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
+ GTlsCertificateOpensslPrivate *priv;
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ if (priv->cert)
+ X509_free (priv->cert);
+ if (priv->key)
+ EVP_PKEY_free (priv->key);
+
+ g_clear_object (&priv->issuer);
+
+ g_clear_error (&priv->construct_error);
+
+ G_OBJECT_CLASS (g_tls_certificate_openssl_parent_class)->finalize (object);
+}
+
+static void
+g_tls_certificate_openssl_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
+ GTlsCertificateOpensslPrivate *priv;
+ GByteArray *certificate;
+ guint8 *data;
+ BIO *bio;
+ char *certificate_pem;
+ int size;
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ switch (prop_id)
+ {
+ case PROP_CERTIFICATE:
+ /* NOTE: we do the two calls to avoid openssl allocating the buffer for us */
+ size = i2d_X509 (priv->cert, NULL);
+ if (size < 0)
+ certificate = NULL;
+ else
+ {
+ certificate = g_byte_array_sized_new (size);
+ certificate->len = size;
+ data = certificate->data;
+ size = i2d_X509 (priv->cert, &data);
+ if (size < 0)
+ {
+ g_byte_array_free (certificate, TRUE);
+ certificate = NULL;
+ }
+ }
+ g_value_take_boxed (value, certificate);
+ break;
+
+ case PROP_CERTIFICATE_PEM:
+ bio = BIO_new (BIO_s_mem ());
+
+ if (!PEM_write_bio_X509 (bio, priv->cert) || !BIO_write (bio, "\0", 1))
+ certificate_pem = NULL;
+ else
+ {
+ BIO_get_mem_data (bio, &certificate_pem);
+ g_value_set_string (value, certificate_pem);
+
+ BIO_free_all (bio);
+ }
+ break;
+
+ case PROP_ISSUER:
+ g_value_set_object (value, priv->issuer);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_certificate_openssl_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
+ GTlsCertificateOpensslPrivate *priv;
+ GByteArray *bytes;
+ guint8 *data;
+ BIO *bio;
+ const char *string;
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ switch (prop_id)
+ {
+ case PROP_CERTIFICATE:
+ bytes = g_value_get_boxed (value);
+ if (!bytes)
+ break;
+ g_return_if_fail (priv->have_cert == FALSE);
+ /* see that we cannot use bytes->data directly since it will move the pointer */
+ data = bytes->data;
+ priv->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
+ if (priv->cert != NULL)
+ priv->have_cert = TRUE;
+ else if (!priv->construct_error)
+ {
+ priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse DER certificate: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ }
+
+ break;
+
+ case PROP_CERTIFICATE_PEM:
+ string = g_value_get_string (value);
+ if (!string)
+ break;
+ g_return_if_fail (priv->have_cert == FALSE);
+ bio = BIO_new_mem_buf ((gpointer)string, -1);
+ priv->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
+ BIO_free (bio);
+ if (priv->cert != NULL)
+ priv->have_cert = TRUE;
+ else if (!priv->construct_error)
+ {
+ priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse PEM certificate: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ }
+ break;
+
+ case PROP_PRIVATE_KEY:
+ bytes = g_value_get_boxed (value);
+ if (!bytes)
+ break;
+ g_return_if_fail (priv->have_key == FALSE);
+ bio = BIO_new_mem_buf (bytes->data, bytes->len);
+ priv->key = d2i_PrivateKey_bio (bio, NULL);
+ BIO_free (bio);
+ if (priv->key != NULL)
+ priv->have_key = TRUE;
+ else if (!priv->construct_error)
+ {
+ priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse DER private key: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ }
+ break;
+
+ case PROP_PRIVATE_KEY_PEM:
+ string = g_value_get_string (value);
+ if (!string)
+ break;
+ g_return_if_fail (priv->have_key == FALSE);
+ bio = BIO_new_mem_buf ((gpointer)string, -1);
+ priv->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
+ BIO_free (bio);
+ if (priv->key != NULL)
+ priv->have_key = TRUE;
+ else if (!priv->construct_error)
+ {
+ priv->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not parse PEM private key: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ }
+ break;
+
+ case PROP_ISSUER:
+ priv->issuer = g_value_dup_object (value);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_certificate_openssl_init (GTlsCertificateOpenssl *openssl)
+{
+}
+
+static gboolean
+g_tls_certificate_openssl_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (initable);
+ GTlsCertificateOpensslPrivate *priv;
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ if (priv->construct_error)
+ {
+ g_propagate_error (error, priv->construct_error);
+ priv->construct_error = NULL;
+ return FALSE;
+ }
+ else if (!priv->have_cert)
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("No certificate data provided"));
+ return FALSE;
+ }
+ else
+ return TRUE;
+}
+
+static GTlsCertificateFlags
+g_tls_certificate_openssl_verify (GTlsCertificate *cert,
+ GSocketConnectable *identity,
+ GTlsCertificate *trusted_ca)
+{
+ GTlsCertificateOpenssl *cert_openssl;
+ GTlsCertificateOpensslPrivate *priv;
+ GTlsCertificateFlags gtls_flags;
+ X509 *x;
+ STACK_OF(X509) *untrusted;
+ gint i;
+
+ cert_openssl = G_TLS_CERTIFICATE_OPENSSL (cert);
+ priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
+ x = priv->cert;
+
+ untrusted = sk_X509_new_null ();
+ for (; cert_openssl; cert_openssl = priv->issuer)
+ {
+ priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
+ sk_X509_push (untrusted, priv->cert);
+ }
+
+ gtls_flags = 0;
+
+ if (trusted_ca)
+ {
+ X509_STORE *store;
+ X509_STORE_CTX csc;
+ STACK_OF(X509) *trusted;
+
+ store = X509_STORE_new ();
+
+ if (!X509_STORE_CTX_init (&csc, store, x, untrusted))
+ {
+ sk_X509_free (untrusted);
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_free (store);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ trusted = sk_X509_new_null ();
+ cert_openssl = G_TLS_CERTIFICATE_OPENSSL (trusted_ca);
+ for (; cert_openssl; cert_openssl = priv->issuer)
+ {
+ priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
+ sk_X509_push (trusted, priv->cert);
+ }
+
+ X509_STORE_CTX_trusted_stack (&csc, trusted);
+ if (X509_verify_cert (&csc) <= 0)
+ gtls_flags |= g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (&csc));
+
+ sk_X509_free (trusted);
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_free (store);
+ }
+
+ /* We have to check these ourselves since openssl
+ * does not give us flags and UNKNOWN_CA will take priority.
+ */
+ for (i = 0; i < sk_X509_num (untrusted); i++)
+ {
+ X509 *c = sk_X509_value (untrusted, i);
+ ASN1_TIME *not_before = X509_get_notBefore (c);
+ ASN1_TIME *not_after = X509_get_notAfter (c);
+
+ if (X509_cmp_current_time (not_before) > 0)
+ gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
+
+ if (X509_cmp_current_time (not_after) < 0)
+ gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
+ }
+
+ sk_X509_free (untrusted);
+
+ if (identity)
+ gtls_flags |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (cert), identity);
+
+ return gtls_flags;
+}
+
+static void
+g_tls_certificate_openssl_class_init (GTlsCertificateOpensslClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsCertificateClass *certificate_class = G_TLS_CERTIFICATE_CLASS (klass);
+
+ gobject_class->get_property = g_tls_certificate_openssl_get_property;
+ gobject_class->set_property = g_tls_certificate_openssl_set_property;
+ gobject_class->finalize = g_tls_certificate_openssl_finalize;
+
+ certificate_class->verify = g_tls_certificate_openssl_verify;
+
+ g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
+ g_object_class_override_property (gobject_class, PROP_CERTIFICATE_PEM, "certificate-pem");
+ g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
+ g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
+ g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer");
+}
+
+static void
+g_tls_certificate_openssl_initable_iface_init (GInitableIface *iface)
+{
+ iface->init = g_tls_certificate_openssl_initable_init;
+}
+
+GTlsCertificate *
+g_tls_certificate_openssl_new (GBytes *bytes,
+ GTlsCertificate *issuer)
+{
+ GTlsCertificateOpenssl *openssl;
+
+ openssl = g_object_new (G_TYPE_TLS_CERTIFICATE_OPENSSL,
+ "issuer", issuer,
+ NULL);
+ g_tls_certificate_openssl_set_data (openssl, bytes);
+
+ return G_TLS_CERTIFICATE (openssl);
+}
+
+GTlsCertificate *
+g_tls_certificate_openssl_new_from_x509 (X509 *x,
+ GTlsCertificate *issuer)
+{
+ GTlsCertificateOpenssl *openssl;
+ GTlsCertificateOpensslPrivate *priv;
+
+ openssl = g_object_new (G_TYPE_TLS_CERTIFICATE_OPENSSL,
+ "issuer", issuer,
+ NULL);
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ priv->cert = X509_dup (x);
+ priv->have_cert = TRUE;
+
+ return G_TLS_CERTIFICATE (openssl);
+}
+
+void
+g_tls_certificate_openssl_set_data (GTlsCertificateOpenssl *openssl,
+ GBytes *bytes)
+{
+ GTlsCertificateOpensslPrivate *priv;
+ const unsigned char *data;
+
+ g_return_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl));
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ g_return_if_fail (!priv->have_cert);
+
+ data = (const unsigned char *)g_bytes_get_data (bytes, NULL);
+ priv->cert = d2i_X509 (NULL, &data, g_bytes_get_size (bytes));
+
+ if (priv->cert != NULL)
+ priv->have_cert = TRUE;
+}
+
+GBytes *
+g_tls_certificate_openssl_get_bytes (GTlsCertificateOpenssl *openssl)
+{
+ GByteArray *array;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), NULL);
+
+ g_object_get (openssl, "certificate", &array, NULL);
+ return g_byte_array_free_to_bytes (array);
+}
+
+X509 *
+g_tls_certificate_openssl_get_cert (GTlsCertificateOpenssl *openssl)
+{
+ GTlsCertificateOpensslPrivate *priv;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), FALSE);
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ return priv->cert;
+}
+
+EVP_PKEY *
+g_tls_certificate_openssl_get_key (GTlsCertificateOpenssl *openssl)
+{
+ GTlsCertificateOpensslPrivate *priv;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), FALSE);
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ return priv->key;
+}
+
+void
+g_tls_certificate_openssl_set_issuer (GTlsCertificateOpenssl *openssl,
+ GTlsCertificateOpenssl *issuer)
+{
+ GTlsCertificateOpensslPrivate *priv;
+
+ g_return_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl));
+ g_return_if_fail (!issuer || G_IS_TLS_CERTIFICATE_OPENSSL (issuer));
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ if (g_set_object (&priv->issuer, issuer))
+ g_object_notify (G_OBJECT (openssl), "issuer");
+}
+
+static gboolean
+verify_identity_hostname (GTlsCertificateOpenssl *openssl,
+ GSocketConnectable *identity)
+{
+ GTlsCertificateOpensslPrivate *priv;
+ const char *hostname;
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ if (G_IS_NETWORK_ADDRESS (identity))
+ hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+ else if (G_IS_NETWORK_SERVICE (identity))
+ hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+ else
+ return FALSE;
+
+ return g_tls_X509_check_host (priv->cert, hostname, strlen (hostname), 0, NULL) == 1;
+}
+
+static gboolean
+verify_identity_ip (GTlsCertificateOpenssl *openssl,
+ GSocketConnectable *identity)
+{
+ GTlsCertificateOpensslPrivate *priv;
+ GInetAddress *addr;
+ gsize addr_size;
+ const guint8 *addr_bytes;
+ gboolean ret;
+
+ priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+ if (G_IS_INET_SOCKET_ADDRESS (identity))
+ addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)));
+ else {
+ const char *hostname;
+
+ if (G_IS_NETWORK_ADDRESS (identity))
+ hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+ else if (G_IS_NETWORK_SERVICE (identity))
+ hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+ else
+ return FALSE;
+
+ addr = g_inet_address_new_from_string (hostname);
+ if (!addr)
+ return FALSE;
+ }
+
+ addr_bytes = g_inet_address_to_bytes (addr);
+ addr_size = g_inet_address_get_native_size (addr);
+
+ ret = g_tls_X509_check_ip (priv->cert, addr_bytes, addr_size, 0) == 1;
+
+ g_object_unref (addr);
+ return ret;
+}
+
+GTlsCertificateFlags
+g_tls_certificate_openssl_verify_identity (GTlsCertificateOpenssl *openssl,
+ GSocketConnectable *identity)
+{
+ if (verify_identity_hostname (openssl, identity))
+ return 0;
+ else if (verify_identity_ip (openssl, identity))
+ return 0;
+
+ /* FIXME: check sRVName and uniformResourceIdentifier
+ * subjectAltNames, if appropriate for @identity.
+ */
+
+ return G_TLS_CERTIFICATE_BAD_IDENTITY;
+}
+
+GTlsCertificateFlags
+g_tls_certificate_openssl_convert_error (guint openssl_error)
+{
+ GTlsCertificateFlags gtls_flags;
+
+ gtls_flags = 0;
+
+ /* FIXME: should we add more ? */
+ switch (openssl_error)
+ {
+ case X509_V_OK:
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ gtls_flags = G_TLS_CERTIFICATE_NOT_ACTIVATED;
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ gtls_flags = G_TLS_CERTIFICATE_EXPIRED;
+ break;
+ case X509_V_ERR_CERT_REVOKED:
+ gtls_flags = G_TLS_CERTIFICATE_REVOKED;
+ break;
+ case X509_V_ERR_AKID_SKID_MISMATCH:
+ gtls_flags = G_TLS_CERTIFICATE_BAD_IDENTITY;
+ break;
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ gtls_flags = G_TLS_CERTIFICATE_UNKNOWN_CA;
+ break;
+ default:
+ g_message ("certificate error: %s", X509_verify_cert_error_string (openssl_error));
+ gtls_flags = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ return gtls_flags;
+}
+
+static gboolean
+is_issuer (GTlsCertificateOpenssl *cert,
+ GTlsCertificateOpenssl *issuer)
+{
+ X509 *x;
+ X509 *issuer_x;
+ X509_STORE *store;
+ X509_STORE_CTX csc;
+ STACK_OF(X509) *trusted;
+ gboolean ret = FALSE;
+ gint err;
+
+ x = g_tls_certificate_openssl_get_cert (cert);
+ issuer_x = g_tls_certificate_openssl_get_cert (issuer);
+
+ store = X509_STORE_new ();
+
+ if (!X509_STORE_CTX_init (&csc, store, x, NULL))
+ goto end;
+
+ trusted = sk_X509_new_null ();
+ sk_X509_push (trusted, issuer_x);
+
+ X509_STORE_CTX_trusted_stack (&csc, trusted);
+ X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CB_ISSUER_CHECK);
+
+ /* FIXME: is this the right way to do it? */
+ if (X509_verify_cert (&csc) <= 0)
+ {
+ err = X509_STORE_CTX_get_error (&csc);
+ if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+ ret = TRUE;
+ }
+ else
+ ret = TRUE;
+
+ sk_X509_free (trusted);
+
+end:
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_free (store);
+
+ return ret;
+}
+
+GTlsCertificateOpenssl *
+g_tls_certificate_openssl_build_chain (X509 *x,
+ STACK_OF (X509) *chain)
+{
+ GPtrArray *glib_certs;
+ GTlsCertificateOpenssl *issuer;
+ GTlsCertificateOpenssl *result;
+ guint i, j;
+
+ g_return_val_if_fail (x != NULL, NULL);
+ g_return_val_if_fail (chain, NULL);
+
+ glib_certs = g_ptr_array_new_full (sk_X509_num (chain), g_object_unref);
+ g_ptr_array_add (glib_certs, g_tls_certificate_openssl_new_from_x509 (x, NULL));
+ for (i = 1; i < sk_X509_num (chain); i++)
+ g_ptr_array_add (glib_certs, g_tls_certificate_openssl_new_from_x509 (sk_X509_value (chain, i), NULL));
+
+ /* Some servers send certs out of order, or will send duplicate
+ * certs, so we need to be careful when assigning the issuer of
+ * our new GTlsCertificateOpenssl.
+ */
+ for (i = 0; i < glib_certs->len; i++)
+ {
+ issuer = NULL;
+
+ /* Check if the cert issued itself */
+ if (is_issuer (glib_certs->pdata[i], glib_certs->pdata[i]))
+ continue;
+
+ if (i < glib_certs->len - 1 &&
+ is_issuer (glib_certs->pdata[i], glib_certs->pdata[i + 1]))
+ {
+ issuer = glib_certs->pdata[i + 1];
+ }
+ else
+ {
+ for (j = 0; j < glib_certs->len; j++)
+ {
+ if (j != i &&
+ is_issuer (glib_certs->pdata[i], glib_certs->pdata[j]))
+ {
+ issuer = glib_certs->pdata[j];
+ break;
+ }
+ }
+ }
+
+ if (issuer)
+ g_tls_certificate_openssl_set_issuer (glib_certs->pdata[i], issuer);
+ }
+
+ result = g_object_ref (glib_certs->pdata[0]);
+ g_ptr_array_unref (glib_certs);
+
+ return result;
+}
diff --git a/tls/openssl/gtlscertificate-openssl.h b/tls/openssl/gtlscertificate-openssl.h
new file mode 100644
index 0000000..6b40502
--- /dev/null
+++ b/tls/openssl/gtlscertificate-openssl.h
@@ -0,0 +1,69 @@
+/*
+ * gtlscertificate-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_CERTIFICATE_OPENSSL_H__
+#define __G_TLS_CERTIFICATE_OPENSSL_H__
+
+#include <gio/gio.h>
+#include <openssl/ssl.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_openssl_get_type ())
+G_DECLARE_DERIVABLE_TYPE (GTlsCertificateOpenssl, g_tls_certificate_openssl,
+ G, TLS_CERTIFICATE_OPENSSL, GTlsCertificate)
+
+struct _GTlsCertificateOpensslClass
+{
+ GTlsCertificateClass parent_class;
+};
+
+GTlsCertificate *g_tls_certificate_openssl_new (GBytes *bytes,
+ GTlsCertificate *issuer);
+
+GTlsCertificate *g_tls_certificate_openssl_new_from_x509 (X509 *x,
+ GTlsCertificate *issuer);
+
+void g_tls_certificate_openssl_set_data (GTlsCertificateOpenssl *openssl,
+ GBytes *bytes);
+
+GBytes * g_tls_certificate_openssl_get_bytes (GTlsCertificateOpenssl *openssl);
+
+X509 *g_tls_certificate_openssl_get_cert (GTlsCertificateOpenssl *openssl);
+EVP_PKEY *g_tls_certificate_openssl_get_key (GTlsCertificateOpenssl *openssl);
+
+void g_tls_certificate_openssl_set_issuer (GTlsCertificateOpenssl *openssl,
+ GTlsCertificateOpenssl *issuer);
+
+GTlsCertificateFlags g_tls_certificate_openssl_verify_identity (GTlsCertificateOpenssl *openssl,
+ GSocketConnectable *identity);
+
+GTlsCertificateFlags g_tls_certificate_openssl_convert_error (guint
openssl_error);
+
+GTlsCertificateOpenssl *g_tls_certificate_openssl_build_chain (X509 *x,
+ STACK_OF (X509) *chain);
+
+G_END_DECLS
+
+#endif /* __G_TLS_CERTIFICATE_OPENSSL_H___ */
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
new file mode 100644
index 0000000..4608f7e
--- /dev/null
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -0,0 +1,491 @@
+/*
+ * gtlsclientconnection-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#ifdef G_OS_WIN32
+#define WIN32_LEAN_AND_MEAN
+#endif
+
+#include <errno.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <string.h>
+
+#include "gtlsconnection-base.h"
+#include "gtlsclientconnection-openssl.h"
+#include "gtlsbackend-openssl.h"
+#include "gtlscertificate-openssl.h"
+#include <glib/gi18n-lib.h>
+
+typedef struct _GTlsClientConnectionOpensslPrivate
+{
+ GTlsCertificateFlags validation_flags;
+ GSocketConnectable *server_identity;
+ gboolean use_ssl3;
+ gboolean session_data_override;
+
+ GBytes *session_id;
+ GBytes *session_data;
+
+ STACK_OF (X509_NAME) *ca_list;
+
+ SSL_SESSION *session;
+ SSL *ssl;
+ SSL_CTX *ssl_ctx;
+} GTlsClientConnectionOpensslPrivate;
+
+enum
+{
+ PROP_0,
+ PROP_VALIDATION_FLAGS,
+ PROP_SERVER_IDENTITY,
+ PROP_USE_SSL3,
+ PROP_ACCEPTED_CAS
+};
+
+static void g_tls_client_connection_openssl_initable_interface_init (GInitableIface *iface);
+
+static void g_tls_client_connection_openssl_client_connection_interface_init (GTlsClientConnectionInterface
*iface);
+
+static GInitableIface *g_tls_client_connection_openssl_parent_initable_iface;
+
+G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionOpenssl, g_tls_client_connection_openssl,
G_TYPE_TLS_CONNECTION_OPENSSL,
+ G_ADD_PRIVATE (GTlsClientConnectionOpenssl)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_client_connection_openssl_initable_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
+
g_tls_client_connection_openssl_client_connection_interface_init))
+
+static void
+g_tls_client_connection_openssl_finalize (GObject *object)
+{
+ GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+ GTlsClientConnectionOpensslPrivate *priv;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+ g_clear_object (&priv->server_identity);
+ g_clear_pointer (&priv->session_id, g_bytes_unref);
+ g_clear_pointer (&priv->session_data, g_bytes_unref);
+
+ SSL_free (priv->ssl);
+ SSL_CTX_free (priv->ssl_ctx);
+ SSL_SESSION_free (priv->session);
+
+ G_OBJECT_CLASS (g_tls_client_connection_openssl_parent_class)->finalize (object);
+}
+
+static const gchar *
+get_server_identity (GTlsClientConnectionOpenssl *openssl)
+{
+ GTlsClientConnectionOpensslPrivate *priv;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+ if (G_IS_NETWORK_ADDRESS (priv->server_identity))
+ return g_network_address_get_hostname (G_NETWORK_ADDRESS (priv->server_identity));
+ else if (G_IS_NETWORK_SERVICE (priv->server_identity))
+ return g_network_service_get_domain (G_NETWORK_SERVICE (priv->server_identity));
+ else
+ return NULL;
+}
+
+static void
+g_tls_client_connection_openssl_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+ GTlsClientConnectionOpensslPrivate *priv;
+ GList *accepted_cas;
+ gint i;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+ switch (prop_id)
+ {
+ case PROP_VALIDATION_FLAGS:
+ g_value_set_flags (value, priv->validation_flags);
+ break;
+
+ case PROP_SERVER_IDENTITY:
+ g_value_set_object (value, priv->server_identity);
+ break;
+
+ case PROP_USE_SSL3:
+ g_value_set_boolean (value, priv->use_ssl3);
+ break;
+
+ case PROP_ACCEPTED_CAS:
+ accepted_cas = NULL;
+ if (priv->ca_list)
+ {
+ for (i = 0; i < sk_X509_NAME_num (priv->ca_list); ++i)
+ {
+ int size;
+
+ size = i2d_X509_NAME (sk_X509_NAME_value (priv->ca_list, i), NULL);
+ if (size > 0)
+ {
+ unsigned char *ca;
+
+ ca = g_malloc (size);
+ size = i2d_X509_NAME (sk_X509_NAME_value (priv->ca_list, i), &ca);
+ if (size > 0)
+ accepted_cas = g_list_prepend (accepted_cas, g_byte_array_new_take (
+ ca, size));
+ else
+ g_free (ca);
+ }
+ }
+ accepted_cas = g_list_reverse (accepted_cas);
+ }
+ g_value_set_pointer (value, accepted_cas);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_client_connection_openssl_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+ GTlsClientConnectionOpensslPrivate *priv;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+ switch (prop_id)
+ {
+ case PROP_VALIDATION_FLAGS:
+ priv->validation_flags = g_value_get_flags (value);
+ break;
+
+ case PROP_SERVER_IDENTITY:
+ if (priv->server_identity)
+ g_object_unref (priv->server_identity);
+ priv->server_identity = g_value_dup_object (value);
+ break;
+
+ case PROP_USE_SSL3:
+ priv->use_ssl3 = g_value_get_boolean (value);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_client_connection_openssl_constructed (GObject *object)
+{
+ GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+ GTlsClientConnectionOpensslPrivate *priv;
+ GSocketConnection *base_conn;
+ GSocketAddress *remote_addr;
+ GInetAddress *iaddr;
+ guint port;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+ /* Create a TLS session ID. We base it on the IP address since
+ * different hosts serving the same hostname/service will probably
+ * not share the same session cache. We base it on the
+ * server-identity because at least some servers will fail (rather
+ * than just failing to resume the session) if we don't.
+ * (https://bugs.launchpad.net/bugs/823325)
+ */
+ g_object_get (G_OBJECT (openssl), "base-io-stream", &base_conn, NULL);
+ if (G_IS_SOCKET_CONNECTION (base_conn))
+ {
+ remote_addr = g_socket_connection_get_remote_address (base_conn, NULL);
+ if (G_IS_INET_SOCKET_ADDRESS (remote_addr))
+ {
+ GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr);
+ const gchar *server_hostname;
+ gchar *addrstr, *session_id;
+
+ iaddr = g_inet_socket_address_get_address (isaddr);
+ port = g_inet_socket_address_get_port (isaddr);
+
+ addrstr = g_inet_address_to_string (iaddr);
+ server_hostname = get_server_identity (openssl);
+ session_id = g_strdup_printf ("%s/%s/%d", addrstr,
+ server_hostname ? server_hostname : "",
+ port);
+ priv->session_id = g_bytes_new_take (session_id, strlen (session_id));
+ g_free (addrstr);
+ }
+ g_object_unref (remote_addr);
+ }
+ g_object_unref (base_conn);
+
+ G_OBJECT_CLASS (g_tls_client_connection_openssl_parent_class)->constructed (object);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_client_connection_openssl_handshake (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error)
+{
+ return G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->
+ handshake (tls, cancellable, error);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_client_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
+ GError **error)
+{
+ GTlsConnectionBaseStatus status;
+
+ status = G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->
+ complete_handshake (tls, error);
+
+ return status;
+}
+
+static SSL *
+g_tls_client_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection)
+{
+ GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (connection);
+ GTlsClientConnectionOpensslPrivate *priv;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+ return priv->ssl;
+}
+
+static SSL_CTX *
+g_tls_client_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *connection)
+{
+ GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (connection);
+ GTlsClientConnectionOpensslPrivate *priv;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+ return priv->ssl_ctx;
+}
+
+static void
+g_tls_client_connection_openssl_class_init (GTlsClientConnectionOpensslClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+ GTlsConnectionOpensslClass *connection_class = G_TLS_CONNECTION_OPENSSL_CLASS (klass);
+
+ gobject_class->finalize = g_tls_client_connection_openssl_finalize;
+ gobject_class->get_property = g_tls_client_connection_openssl_get_property;
+ gobject_class->set_property = g_tls_client_connection_openssl_set_property;
+ gobject_class->constructed = g_tls_client_connection_openssl_constructed;
+
+ base_class->handshake = g_tls_client_connection_openssl_handshake;
+ base_class->complete_handshake = g_tls_client_connection_openssl_complete_handshake;
+
+ connection_class->get_ssl = g_tls_client_connection_openssl_get_ssl;
+ connection_class->get_ssl_ctx = g_tls_client_connection_openssl_get_ssl_ctx;
+
+ g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
+ g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
+ g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3");
+ g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas");
+}
+
+static void
+g_tls_client_connection_openssl_init (GTlsClientConnectionOpenssl *openssl)
+{
+}
+
+
+static void
+g_tls_client_connection_openssl_copy_session_state (GTlsClientConnection *conn,
+ GTlsClientConnection *source)
+{
+}
+
+static void
+g_tls_client_connection_openssl_client_connection_interface_init (GTlsClientConnectionInterface *iface)
+{
+ iface->copy_session_state = g_tls_client_connection_openssl_copy_session_state;
+}
+
+static int data_index;
+
+static int
+retrieve_certificate (SSL *ssl,
+ X509 **x509,
+ EVP_PKEY **pkey)
+{
+ GTlsClientConnectionOpenssl *client;
+ GTlsClientConnectionOpensslPrivate *priv;
+ GTlsConnectionBase *tls;
+ GTlsConnectionOpenssl *openssl;
+ GTlsCertificate *cert;
+ gboolean set_certificate = FALSE;
+
+ client = SSL_get_ex_data (ssl, data_index);
+ tls = G_TLS_CONNECTION_BASE (client);
+ openssl = G_TLS_CONNECTION_OPENSSL (client);
+
+ priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+ tls->certificate_requested = TRUE;
+
+ priv->ca_list = SSL_get_client_CA_list (priv->ssl);
+ g_object_notify (G_OBJECT (client), "accepted-cas");
+
+ cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
+ if (cert != NULL)
+ set_certificate = TRUE;
+ else
+ {
+ g_clear_error (&tls->certificate_error);
+ if (g_tls_connection_openssl_request_certificate (openssl, &tls->certificate_error))
+ {
+ cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
+ set_certificate = (cert != NULL);
+ }
+ }
+
+ if (set_certificate)
+ {
+ EVP_PKEY *key;
+
+ key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
+ /* increase ref count */
+ CRYPTO_add (&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ *pkey = key;
+
+ *x509 = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
+
+ return 1;
+ }
+
+ return 0;
+}
+
+static int
+generate_session_id (const SSL *ssl,
+ unsigned char *id,
+ unsigned int *id_len)
+{
+ GTlsClientConnectionOpenssl *client;
+ GTlsClientConnectionOpensslPrivate *priv;
+ int len;
+
+ client = SSL_get_ex_data (ssl, data_index);
+ priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+ len = MIN (*id_len, g_bytes_get_size (priv->session_id));
+ memcpy (id, g_bytes_get_data (priv->session_id, NULL), len);
+
+ return 1;
+}
+
+static gboolean
+g_tls_client_connection_openssl_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
+ GTlsClientConnectionOpensslPrivate *priv;
+ long options;
+
+ priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+ priv->session = SSL_SESSION_new ();
+
+ priv->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
+ if (priv->ssl_ctx == NULL)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS context: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ options = SSL_OP_NO_TICKET;
+
+ /* Only TLS 1.2 or higher */
+ SSL_CTX_set_options (priv->ssl_ctx, options);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10200000L
+ {
+ const char *hostname;
+
+ hostname = get_server_identity (client);
+ if (hostname)
+ {
+ X509_VERIFY_PARAM *param;
+
+ param = X509_VERIFY_PARAM_new ();
+ X509_VERIFY_PARAM_set1_host (param, hostname);
+ SSL_CTX_set1_param (priv->ssl_ctx, param);
+ X509_VERIFY_PARAM_free (param);
+ }
+ }
+#endif
+
+ SSL_CTX_set_generate_session_id (priv->ssl_ctx, generate_session_id);
+ SSL_CTX_add_session (priv->ssl_ctx, priv->session);
+
+ SSL_CTX_set_client_cert_cb (priv->ssl_ctx, retrieve_certificate);
+
+ SSL_CTX_set_cipher_list (priv->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
+ priv->ssl = SSL_new (priv->ssl_ctx);
+ if (priv->ssl == NULL)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS connection: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ data_index = SSL_get_ex_new_index (0, "gtlsclientconnection", NULL, NULL, NULL);
+ SSL_set_ex_data (priv->ssl, data_index, client);
+
+ SSL_set_connect_state (priv->ssl);
+
+ if (!g_tls_client_connection_openssl_parent_initable_iface->
+ init (initable, cancellable, error))
+ return FALSE;
+
+ return TRUE;
+}
+
+static void
+g_tls_client_connection_openssl_initable_interface_init (GInitableIface *iface)
+{
+ g_tls_client_connection_openssl_parent_initable_iface = g_type_interface_peek_parent (iface);
+
+ iface->init = g_tls_client_connection_openssl_initable_init;
+}
diff --git a/tls/openssl/gtlsclientconnection-openssl.h b/tls/openssl/gtlsclientconnection-openssl.h
new file mode 100644
index 0000000..e686fc1
--- /dev/null
+++ b/tls/openssl/gtlsclientconnection-openssl.h
@@ -0,0 +1,56 @@
+/*
+ * gtlsclientconnection-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_CLIENT_CONNECTION_OPENSSL_H__
+#define __G_TLS_CLIENT_CONNECTION_OPENSSL_H__
+
+#include "gtlsconnection-openssl.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL (g_tls_client_connection_openssl_get_type ())
+#define G_TLS_CLIENT_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpenssl))
+#define G_TLS_CLIENT_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpensslClass))
+#define G_IS_TLS_CLIENT_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL))
+#define G_IS_TLS_CLIENT_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL))
+#define G_TLS_CLIENT_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpensslClass))
+
+typedef struct _GTlsClientConnectionOpensslClass GTlsClientConnectionOpensslClass;
+typedef struct _GTlsClientConnectionOpenssl GTlsClientConnectionOpenssl;
+
+struct _GTlsClientConnectionOpensslClass
+{
+ GTlsConnectionOpensslClass parent_class;
+};
+
+struct _GTlsClientConnectionOpenssl
+{
+ GTlsConnectionOpenssl parent_instance;
+};
+
+GType g_tls_client_connection_openssl_get_type (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __G_TLS_CLIENT_CONNECTION_OPENSSL_H___ */
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
new file mode 100644
index 0000000..7c97fc9
--- /dev/null
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -0,0 +1,581 @@
+/*
+ * gtlsconnection-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+#include <stdarg.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include "gtlsconnection-openssl.h"
+#include "gtlsbackend-openssl.h"
+#include "gtlscertificate-openssl.h"
+#include "gtlsbio.h"
+
+#include <glib/gi18n-lib.h>
+
+typedef struct _GTlsConnectionOpensslPrivate
+{
+ BIO *bio;
+
+ GTlsCertificate *peer_certificate_tmp;
+ GTlsCertificateFlags peer_certificate_errors_tmp;
+
+ gboolean shutting_down;
+} GTlsConnectionOpensslPrivate;
+
+static void g_tls_connection_openssl_initable_iface_init (GInitableIface *iface);
+
+G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionOpenssl, g_tls_connection_openssl,
G_TYPE_TLS_CONNECTION_BASE,
+ G_ADD_PRIVATE (GTlsConnectionOpenssl)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_connection_openssl_initable_iface_init))
+
+static void
+g_tls_connection_openssl_finalize (GObject *object)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (object);
+ GTlsConnectionOpensslPrivate *priv;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ g_clear_object (&priv->peer_certificate_tmp);
+
+ G_OBJECT_CLASS (g_tls_connection_openssl_parent_class)->finalize (object);
+}
+
+static GTlsConnectionBaseStatus
+end_openssl_io (GTlsConnectionOpenssl *openssl,
+ GIOCondition direction,
+ int ret,
+ GError **error,
+ const char *err_fmt,
+ ...) G_GNUC_PRINTF(5, 6);
+
+static GTlsConnectionBaseStatus
+end_openssl_io (GTlsConnectionOpenssl *openssl,
+ GIOCondition direction,
+ int ret,
+ GError **error,
+ const char *err_fmt,
+ ...)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (openssl);
+ GTlsConnectionOpensslPrivate *priv;
+ int err_code, err, reason;
+ GError *my_error = NULL;
+ GTlsConnectionBaseStatus status;
+ SSL *ssl;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ err_code = SSL_get_error (ssl, ret);
+
+ status = g_tls_connection_base_pop_io (tls, direction, ret > 0, &my_error);
+
+ /* NOTE: this is tricky! The tls bio will set to retry if the operation
+ * would block, and we would get an error code with WANT_READ or WANT_WRITE,
+ * though if in that case we try again we would end up in an infinite loop
+ * since we will not let the glib main loop to do its stuff and we would
+ * be getting a would block forever. Instead we need to also check the error
+ * we get from the socket operation to understand whether to try again. See
+ * that we propagate the WOULD_BLOCK error a bit more down.
+ */
+ if ((err_code == SSL_ERROR_WANT_READ ||
+ err_code == SSL_ERROR_WANT_WRITE) &&
+ status != G_TLS_CONNECTION_BASE_WOULD_BLOCK)
+ {
+ if (my_error)
+ g_error_free (my_error);
+ return G_TLS_CONNECTION_BASE_TRY_AGAIN;
+ }
+
+ if (err_code == SSL_ERROR_ZERO_RETURN)
+ return G_TLS_CONNECTION_BASE_OK;
+
+ if (status == G_TLS_CONNECTION_BASE_OK ||
+ status == G_TLS_CONNECTION_BASE_WOULD_BLOCK ||
+ status == G_TLS_CONNECTION_BASE_TIMED_OUT)
+ {
+ if (my_error)
+ g_propagate_error (error, my_error);
+ return status;
+ }
+
+ /* This case is documented that it may happen and that is perfectly fine */
+ if (err_code == SSL_ERROR_SYSCALL && priv->shutting_down && !my_error)
+ return G_TLS_CONNECTION_BASE_OK;
+
+ err = ERR_get_error ();
+ reason = ERR_GET_REASON (err);
+
+ if (tls->handshaking && !tls->ever_handshaked)
+ {
+ if (reason == SSL_R_BAD_PACKET_LENGTH ||
+ reason == SSL_R_UNKNOWN_ALERT_TYPE ||
+ reason == SSL_R_DECRYPTION_FAILED ||
+ reason == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ||
+ reason == SSL_R_BAD_PROTOCOL_VERSION_NUMBER ||
+ reason == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ||
+ reason == SSL_R_UNKNOWN_PROTOCOL)
+ {
+ g_clear_error (&my_error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+ _("Peer failed to perform TLS handshake"));
+ return G_TLS_CONNECTION_BASE_ERROR;
+ }
+ }
+
+ if (reason == SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ||
+ reason == SSL_R_NO_CERTIFICATE_RETURNED)
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("TLS connection peer did not send a certificate"));
+ return status;
+ }
+
+ if (my_error != NULL)
+ g_propagate_error (error, my_error);
+ else
+ /* FIXME: this is just for debug */
+ g_message ("end_openssl_io %s: %d, %d", G_IS_TLS_CLIENT_CONNECTION (openssl) ? "client" : "server",
err_code, reason);
+
+ if (error && !*error)
+ {
+ va_list ap;
+
+ va_start (ap, err_fmt);
+ *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
+ va_end (ap);
+ }
+
+ return G_TLS_CONNECTION_BASE_ERROR;
+}
+
+#define BEGIN_OPENSSL_IO(openssl, direction, blocking, cancellable) \
+ g_tls_connection_base_push_io (G_TLS_CONNECTION_BASE (openssl), \
+ direction, blocking, cancellable); \
+ do {
+
+#define END_OPENSSL_IO(openssl, direction, ret, status, errmsg, err) \
+ status = end_openssl_io (openssl, direction, ret, err, errmsg, ERR_error_string (SSL_get_error (ssl,
ret), NULL)); \
+ } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_request_rehandshake (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl;
+ GTlsConnectionBaseStatus status;
+ SSL *ssl;
+ int ret;
+
+ /* On a client-side connection, SSL_renegotiate() itself will start
+ * a rehandshake, so we only need to do something special here for
+ * server-side connections.
+ */
+ if (!G_IS_TLS_SERVER_CONNECTION (tls))
+ return G_TLS_CONNECTION_BASE_OK;
+
+ openssl = G_TLS_CONNECTION_OPENSSL (tls);
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
+ ret = SSL_renegotiate (ssl);
+ END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
+ _("Error performing TLS handshake: %s"), error);
+
+ return status;
+}
+
+static GTlsCertificate *
+get_peer_certificate (GTlsConnectionOpenssl *openssl)
+{
+ X509 *peer;
+ STACK_OF (X509) *certs;
+ GTlsCertificateOpenssl *chain;
+ SSL *ssl;
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ peer = SSL_get_peer_certificate (ssl);
+ if (peer == NULL)
+ return NULL;
+
+ certs = SSL_get_peer_cert_chain (ssl);
+ if (certs == NULL)
+ return NULL;
+
+ chain = g_tls_certificate_openssl_build_chain (peer, certs);
+ if (!chain)
+ return NULL;
+
+ return G_TLS_CERTIFICATE (chain);
+}
+
+static GTlsCertificateFlags
+verify_peer_certificate (GTlsConnectionOpenssl *openssl,
+ GTlsCertificate *peer_certificate)
+{
+ GTlsConnection *conn = G_TLS_CONNECTION (openssl);
+ GSocketConnectable *peer_identity;
+ GTlsDatabase *database;
+ GTlsCertificateFlags errors;
+ gboolean is_client;
+
+ is_client = G_IS_TLS_CLIENT_CONNECTION (openssl);
+ if (is_client)
+ peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (openssl));
+ else
+ peer_identity = NULL;
+
+ errors = 0;
+
+ database = g_tls_connection_get_database (conn);
+ if (database == NULL)
+ {
+ errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
+ errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL);
+ }
+ else
+ {
+ GError *error = NULL;
+
+ errors |= g_tls_database_verify_chain (database, peer_certificate,
+ is_client ?
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
+ peer_identity,
+ g_tls_connection_get_interaction (conn),
+ G_TLS_DATABASE_VERIFY_NONE,
+ NULL, &error);
+ if (error)
+ {
+ g_warning ("failure verifying certificate chain: %s",
+ error->message);
+ g_assert (errors != 0);
+ g_clear_error (&error);
+ }
+ }
+
+ return errors;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_handshake (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
+ GTlsConnectionBaseStatus status;
+ SSL *ssl;
+ int ret;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
+ ret = SSL_do_handshake (ssl);
+ END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
+ _("Error performing TLS handshake: %s"), error);
+
+ if (ret > 0)
+ {
+ priv->peer_certificate_tmp = get_peer_certificate (openssl);
+ if (priv->peer_certificate_tmp)
+ priv->peer_certificate_errors_tmp = verify_peer_certificate (openssl, priv->peer_certificate_tmp);
+ else if (G_IS_TLS_CLIENT_CONNECTION (openssl))
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Server did not return a valid TLS certificate"));
+ }
+ }
+
+ return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
+ GTlsCertificate *peer_certificate;
+ GTlsCertificateFlags peer_certificate_errors = 0;
+ GTlsConnectionBaseStatus status = G_TLS_CONNECTION_BASE_OK;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ peer_certificate = priv->peer_certificate_tmp;
+ priv->peer_certificate_tmp = NULL;
+ peer_certificate_errors = priv->peer_certificate_errors_tmp;
+ priv->peer_certificate_errors_tmp = 0;
+
+ if (peer_certificate)
+ {
+ if (!g_tls_connection_base_accept_peer_certificate (tls, peer_certificate,
+ peer_certificate_errors))
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Unacceptable TLS certificate"));
+ status = G_TLS_CONNECTION_BASE_ERROR;
+ }
+
+ g_tls_connection_base_set_peer_certificate (G_TLS_CONNECTION_BASE (openssl),
+ peer_certificate,
+ peer_certificate_errors);
+ g_clear_object (&peer_certificate);
+ }
+
+ return status;
+}
+
+static void
+g_tls_connection_openssl_push_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean blocking,
+ GCancellable *cancellable)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->push_io (tls, direction,
+ blocking, cancellable);
+
+ if (direction & G_IO_IN)
+ {
+ g_tls_bio_set_read_cancellable (priv->bio, cancellable);
+ g_tls_bio_set_read_blocking (priv->bio, blocking);
+ g_clear_error (&tls->read_error);
+ g_tls_bio_set_read_error (priv->bio, &tls->read_error);
+ }
+
+ if (direction & G_IO_OUT)
+ {
+ g_tls_bio_set_write_cancellable (priv->bio, cancellable);
+ g_tls_bio_set_write_blocking (priv->bio, blocking);
+ g_clear_error (&tls->write_error);
+ g_tls_bio_set_write_error (priv->bio, &tls->write_error);
+ }
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_pop_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ if (direction & G_IO_IN)
+ g_tls_bio_set_read_cancellable (priv->bio, NULL);
+
+ if (direction & G_IO_OUT)
+ g_tls_bio_set_write_cancellable (priv->bio, NULL);
+
+ return G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->pop_io (tls, direction,
+ success, error);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_read (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize count,
+ gboolean blocking,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionBaseStatus status;
+ SSL *ssl;
+ gssize ret;
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ BEGIN_OPENSSL_IO (openssl, G_IO_IN, blocking, cancellable);
+ ret = SSL_read (ssl, buffer, count);
+ END_OPENSSL_IO (openssl, G_IO_IN, ret, status,
+ _("Error reading data from TLS socket: %s"), error);
+
+ if (ret >= 0)
+ *nread = ret;
+ return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_write (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize count,
+ gboolean blocking,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionBaseStatus status;
+ SSL *ssl;
+ gssize ret;
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ BEGIN_OPENSSL_IO (openssl, G_IO_OUT, blocking, cancellable);
+ ret = SSL_write (ssl, buffer, count);
+ END_OPENSSL_IO (openssl, G_IO_OUT, ret, status,
+ _("Error writing data to TLS socket: %s"), error);
+
+ if (ret >= 0)
+ *nwrote = ret;
+ return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_close (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
+ GTlsConnectionBaseStatus status;
+ SSL *ssl;
+ int ret;
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ priv->shutting_down = TRUE;
+
+ BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
+ ret = SSL_shutdown (ssl);
+ END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
+ _("Error performing TLS close: %s"), error);
+
+ return status;
+}
+
+static void
+g_tls_connection_openssl_class_init (GTlsConnectionOpensslClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+
+ gobject_class->finalize = g_tls_connection_openssl_finalize;
+
+ base_class->request_rehandshake = g_tls_connection_openssl_request_rehandshake;
+ base_class->handshake = g_tls_connection_openssl_handshake;
+ base_class->complete_handshake = g_tls_connection_openssl_complete_handshake;
+ base_class->push_io = g_tls_connection_openssl_push_io;
+ base_class->pop_io = g_tls_connection_openssl_pop_io;
+ base_class->read_fn = g_tls_connection_openssl_read;
+ base_class->write_fn = g_tls_connection_openssl_write;
+ base_class->close_fn = g_tls_connection_openssl_close;
+}
+
+static gboolean
+g_tls_connection_openssl_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (initable);
+ GTlsConnectionOpensslPrivate *priv;
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (initable);
+ SSL *ssl;
+
+ g_return_val_if_fail (tls->base_istream != NULL &&
+ tls->base_ostream != NULL, FALSE);
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+ g_assert (ssl != NULL);
+
+ priv->bio = g_tls_bio_new (tls->base_io_stream);
+
+ SSL_set_bio (ssl, priv->bio, priv->bio);
+
+ return TRUE;
+}
+
+static void
+g_tls_connection_openssl_initable_iface_init (GInitableIface *iface)
+{
+ iface->init = g_tls_connection_openssl_initable_init;
+}
+
+static void
+g_tls_connection_openssl_init (GTlsConnectionOpenssl *openssl)
+{
+}
+
+SSL *
+g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *openssl)
+{
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), NULL);
+
+ return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl (openssl);
+}
+
+SSL_CTX *
+g_tls_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *openssl)
+{
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), NULL);
+
+ return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl_ctx (openssl);
+}
+
+gboolean
+g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
+ GError **error)
+{
+ GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+ GTlsInteraction *interaction;
+ GTlsConnection *conn;
+ GTlsConnectionBase *tls;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), FALSE);
+
+ conn = G_TLS_CONNECTION (openssl);
+ tls = G_TLS_CONNECTION_BASE (openssl);
+
+ interaction = g_tls_connection_get_interaction (conn);
+ if (!interaction)
+ return FALSE;
+
+ res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
+ tls->read_cancellable, error);
+ return res != G_TLS_INTERACTION_FAILED;
+}
diff --git a/tls/openssl/gtlsconnection-openssl.h b/tls/openssl/gtlsconnection-openssl.h
new file mode 100644
index 0000000..0689189
--- /dev/null
+++ b/tls/openssl/gtlsconnection-openssl.h
@@ -0,0 +1,68 @@
+/*
+ * gtlsconnection-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_CONNECTION_OPENSSL_H__
+#define __G_TLS_CONNECTION_OPENSSL_H__
+
+#include <gio/gio.h>
+
+#include "gtlsconnection-base.h"
+#include <openssl/ssl.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CONNECTION_OPENSSL (g_tls_connection_openssl_get_type ())
+#define G_TLS_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpenssl))
+#define G_TLS_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpensslClass))
+#define G_IS_TLS_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_CONNECTION_OPENSSL))
+#define G_IS_TLS_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_CONNECTION_OPENSSL))
+#define G_TLS_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpensslClass))
+
+typedef struct _GTlsConnectionOpensslClass GTlsConnectionOpensslClass;
+typedef struct _GTlsConnectionOpenssl GTlsConnectionOpenssl;
+
+struct _GTlsConnectionOpensslClass
+{
+ GTlsConnectionBaseClass parent_class;
+
+ SSL *(*get_ssl) (GTlsConnectionOpenssl *connection);
+ SSL_CTX *(*get_ssl_ctx) (GTlsConnectionOpenssl *connection);
+};
+
+struct _GTlsConnectionOpenssl
+{
+ GTlsConnectionBase parent_instance;
+};
+
+GType g_tls_connection_openssl_get_type (void) G_GNUC_CONST;
+
+SSL *g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection);
+SSL_CTX *g_tls_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *connection);
+
+gboolean g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
+ GError **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_CONNECTION_OPENSSL_H___ */
diff --git a/tls/openssl/gtlsdatabase-openssl.c b/tls/openssl/gtlsdatabase-openssl.c
new file mode 100644
index 0000000..93461a2
--- /dev/null
+++ b/tls/openssl/gtlsdatabase-openssl.c
@@ -0,0 +1,39 @@
+/*
+ * gtlsdatabase-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include "gtlsdatabase-openssl.h"
+
+G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseOpenssl, g_tls_database_openssl, G_TYPE_TLS_DATABASE)
+
+static void
+g_tls_database_openssl_class_init (GTlsDatabaseOpensslClass *klass)
+{
+}
+
+static void
+g_tls_database_openssl_init (GTlsDatabaseOpenssl *openssl)
+{
+}
diff --git a/tls/openssl/gtlsdatabase-openssl.h b/tls/openssl/gtlsdatabase-openssl.h
new file mode 100644
index 0000000..fd31352
--- /dev/null
+++ b/tls/openssl/gtlsdatabase-openssl.h
@@ -0,0 +1,63 @@
+/*
+ * gtlsdatabase-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_DATABASE_OPENSSL_H__
+#define __G_TLS_DATABASE_OPENSSL_H__
+
+#include <gio/gio.h>
+
+#include "gtlscertificate-openssl.h"
+
+G_BEGIN_DECLS
+
+typedef enum {
+ G_TLS_DATABASE_OPENSSL_PINNED_CERTIFICATE = 1,
+ G_TLS_DATABASE_OPENSSL_ANCHORED_CERTIFICATE = 2,
+} GTlsDatabaseOpensslAssertion;
+
+#define G_TYPE_TLS_DATABASE_OPENSSL (g_tls_database_openssl_get_type ())
+#define G_TLS_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpenssl))
+#define G_TLS_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpensslClass))
+#define G_IS_TLS_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_DATABASE_OPENSSL))
+#define G_IS_TLS_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_DATABASE_OPENSSL))
+#define G_TLS_DATABASE_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpensslClass))
+
+typedef struct _GTlsDatabaseOpensslClass GTlsDatabaseOpensslClass;
+typedef struct _GTlsDatabaseOpenssl GTlsDatabaseOpenssl;
+
+struct _GTlsDatabaseOpensslClass
+{
+ GTlsDatabaseClass parent_class;
+};
+
+struct _GTlsDatabaseOpenssl
+{
+ GTlsDatabase parent_instance;
+};
+
+GType g_tls_database_openssl_get_type (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __G_TLS_DATABASE_OPENSSL_H___ */
diff --git a/tls/openssl/gtlsfiledatabase-openssl.c b/tls/openssl/gtlsfiledatabase-openssl.c
new file mode 100644
index 0000000..8f906b4
--- /dev/null
+++ b/tls/openssl/gtlsfiledatabase-openssl.c
@@ -0,0 +1,916 @@
+/*
+ * gtlsfiledatabase-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include "gtlsfiledatabase-openssl.h"
+
+#include <gio/gio.h>
+#include <glib/gi18n-lib.h>
+#include <openssl/ssl.h>
+
+typedef struct _GTlsFileDatabaseOpensslPrivate
+{
+ /* read-only after construct */
+ gchar *anchor_filename;
+
+ /* protected by mutex */
+ GMutex mutex;
+
+ /*
+ * These are hash tables of gulong -> GPtrArray<GBytes>. The values of
+ * the ptr array are full DER encoded certificate values. The keys are byte
+ * arrays containing either subject DNs, issuer DNs, or full DER encoded certs
+ */
+ GHashTable *subjects;
+ GHashTable *issuers;
+
+ /*
+ * This is a table of GBytes -> GBytes. The values and keys are
+ * DER encoded certificate values.
+ */
+ GHashTable *complete;
+
+ /*
+ * This is a table of gchar * -> GTlsCertificate.
+ */
+ GHashTable *certs_by_handle;
+} GTlsFileDatabaseOpensslPrivate;
+
+enum {
+ STATUS_FAILURE,
+ STATUS_INCOMPLETE,
+ STATUS_SELFSIGNED,
+ STATUS_PINNED,
+ STATUS_ANCHORED,
+};
+
+enum
+{
+ PROP_0,
+ PROP_ANCHORS,
+};
+
+static void g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface);
+
+static void g_tls_file_database_openssl_initable_interface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseOpenssl, g_tls_file_database_openssl, G_TYPE_TLS_DATABASE_OPENSSL,
+ G_ADD_PRIVATE (GTlsFileDatabaseOpenssl)
+ G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
+ g_tls_file_database_openssl_file_database_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_file_database_openssl_initable_interface_init))
+
+static GHashTable *
+bytes_multi_table_new (void)
+{
+ return g_hash_table_new_full (g_int_hash, g_int_equal,
+ (GDestroyNotify)g_free,
+ (GDestroyNotify)g_ptr_array_unref);
+}
+
+static void
+bytes_multi_table_insert (GHashTable *table,
+ gulong key,
+ GBytes *value)
+{
+ GPtrArray *multi;
+
+ multi = g_hash_table_lookup (table, &key);
+ if (multi == NULL)
+ {
+ int *key_ptr;
+
+ key_ptr = g_new (int, 1);
+ *key_ptr = (int)key;
+ multi = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
+ g_hash_table_insert (table, key_ptr, multi);
+ }
+ g_ptr_array_add (multi, g_bytes_ref (value));
+}
+
+static GBytes *
+bytes_multi_table_lookup_ref_one (GHashTable *table,
+ gulong key)
+{
+ GPtrArray *multi;
+
+ multi = g_hash_table_lookup (table, &key);
+ if (multi == NULL)
+ return NULL;
+
+ g_assert (multi->len > 0);
+ return g_bytes_ref (multi->pdata[0]);
+}
+
+static GList *
+bytes_multi_table_lookup_ref_all (GHashTable *table,
+ gulong key)
+{
+ GPtrArray *multi;
+ GList *list = NULL;
+ guint i;
+
+ multi = g_hash_table_lookup (table, &key);
+ if (multi == NULL)
+ return NULL;
+
+ for (i = 0; i < multi->len; i++)
+ list = g_list_prepend (list, g_bytes_ref (multi->pdata[i]));
+
+ return g_list_reverse (list);
+}
+
+static gchar *
+create_handle_for_certificate (const gchar *filename,
+ GBytes *der)
+{
+ gchar *bookmark;
+ gchar *uri_part;
+ gchar *uri;
+
+ /*
+ * Here we create a URI that looks like:
+ *
file:///etc/ssl/certs/ca-certificates.crt#11b2641821252596420e468c275771f5e51022c121a17bd7a89a2f37b6336c8f
+ */
+
+ uri_part = g_filename_to_uri (filename, NULL, NULL);
+ if (!uri_part)
+ return NULL;
+
+ bookmark = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, der);
+ uri = g_strconcat (uri_part, "#", bookmark, NULL);
+
+ g_free (bookmark);
+ g_free (uri_part);
+
+ return uri;
+}
+
+static gboolean
+load_anchor_file (GTlsFileDatabaseOpenssl *file_database,
+ const gchar *filename,
+ GHashTable *subjects,
+ GHashTable *issuers,
+ GHashTable *complete,
+ GHashTable *certs_by_handle,
+ GError **error)
+{
+ GTlsFileDatabaseOpensslPrivate *priv;
+ GList *list;
+ GList *l;
+ GBytes *der;
+ gchar *handle;
+ GError *my_error = NULL;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ list = g_tls_certificate_list_new_from_file (filename, &my_error);
+ if (my_error)
+ {
+ g_propagate_error (error, my_error);
+ return FALSE;
+ }
+
+ for (l = list; l; l = l->next)
+ {
+ X509 *x;
+ unsigned long subject;
+ unsigned long issuer;
+
+ x = g_tls_certificate_openssl_get_cert (l->data);
+ subject = X509_subject_name_hash (x);
+ issuer = X509_issuer_name_hash (x);
+
+ der = g_tls_certificate_openssl_get_bytes (l->data);
+ g_return_val_if_fail (der != NULL, FALSE);
+
+ g_hash_table_insert (complete, g_bytes_ref (der),
+ g_bytes_ref (der));
+
+ bytes_multi_table_insert (subjects, subject, der);
+ bytes_multi_table_insert (issuers, issuer, der);
+
+ handle = create_handle_for_certificate (priv->anchor_filename, der);
+ g_hash_table_insert (certs_by_handle, handle, g_object_ref (l->data));
+
+ g_bytes_unref (der);
+
+ g_object_unref (l->data);
+ }
+ g_list_free (list);
+
+ return TRUE;
+}
+
+static void
+g_tls_file_database_openssl_finalize (GObject *object)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
+ GTlsFileDatabaseOpensslPrivate *priv;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ g_clear_pointer (&priv->subjects, g_hash_table_destroy);
+ g_clear_pointer (&priv->issuers, g_hash_table_destroy);
+ g_clear_pointer (&priv->complete, g_hash_table_destroy);
+ g_clear_pointer (&priv->certs_by_handle, g_hash_table_destroy);
+
+ g_free (priv->anchor_filename);
+ priv->anchor_filename = NULL;
+
+ g_mutex_clear (&priv->mutex);
+
+ G_OBJECT_CLASS (g_tls_file_database_openssl_parent_class)->finalize (object);
+}
+
+static void
+g_tls_file_database_openssl_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
+ GTlsFileDatabaseOpensslPrivate *priv;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ switch (prop_id)
+ {
+ case PROP_ANCHORS:
+ g_value_set_string (value, priv->anchor_filename);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_file_database_openssl_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ gchar *anchor_path;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ switch (prop_id)
+ {
+ case PROP_ANCHORS:
+ anchor_path = g_value_dup_string (value);
+ if (anchor_path && !g_path_is_absolute (anchor_path))
+ {
+ g_warning ("The anchor file name for used with a GTlsFileDatabase "
+ "must be an absolute path, and not relative: %s", anchor_path);
+ }
+ else
+ {
+ priv->anchor_filename = anchor_path;
+ }
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_file_database_openssl_init (GTlsFileDatabaseOpenssl *file_database)
+{
+ GTlsFileDatabaseOpensslPrivate *priv;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ g_mutex_init (&priv->mutex);
+}
+
+static gchar *
+g_tls_file_database_openssl_create_certificate_handle (GTlsDatabase *database,
+ GTlsCertificate *certificate)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ GBytes *der;
+ gboolean contains;
+ gchar *handle = NULL;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ der = g_tls_certificate_openssl_get_bytes (G_TLS_CERTIFICATE_OPENSSL (certificate));
+ g_return_val_if_fail (der != NULL, FALSE);
+
+ g_mutex_lock (&priv->mutex);
+
+ /* At the same time look up whether this certificate is in list */
+ contains = g_hash_table_lookup (priv->complete, der) ? TRUE : FALSE;
+
+ g_mutex_unlock (&priv->mutex);
+
+ /* Certificate is in the database */
+ if (contains)
+ handle = create_handle_for_certificate (priv->anchor_filename, der);
+
+ g_bytes_unref (der);
+ return handle;
+}
+
+static GTlsCertificate *
+g_tls_file_database_openssl_lookup_certificate_for_handle (GTlsDatabase *database,
+ const gchar *handle,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ GTlsCertificate *cert;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return NULL;
+
+ if (!handle)
+ return NULL;
+
+ g_mutex_lock (&priv->mutex);
+
+ cert = g_hash_table_lookup (priv->certs_by_handle, handle);
+
+ g_mutex_unlock (&priv->mutex);
+
+ return cert ? g_object_ref (cert) : NULL;
+}
+
+static GTlsCertificate *
+g_tls_file_database_openssl_lookup_certificate_issuer (GTlsDatabase *database,
+ GTlsCertificate *certificate,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ X509 *x;
+ unsigned long issuer_hash;
+ GBytes *der;
+ GTlsCertificate *issuer = NULL;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (certificate), NULL);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return NULL;
+
+ if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+ return NULL;
+
+ /* Dig out the issuer of this certificate */
+ x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (certificate));
+ issuer_hash = X509_issuer_name_hash (x);
+
+ g_mutex_lock (&priv->mutex);
+ der = bytes_multi_table_lookup_ref_one (priv->subjects, issuer_hash);
+ g_mutex_unlock (&priv->mutex);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ issuer = NULL;
+ else if (der != NULL)
+ issuer = g_tls_certificate_openssl_new (der, NULL);
+
+ if (der != NULL)
+ g_bytes_unref (der);
+ return issuer;
+
+ return NULL;
+}
+
+static GList *
+g_tls_file_database_openssl_lookup_certificates_issued_by (GTlsDatabase *database,
+ GByteArray *issuer_raw_dn,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ X509_NAME *x_name;
+ const unsigned char *in;
+ GList *issued = NULL;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return NULL;
+
+ /* We don't have any private keys here */
+ if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+ return NULL;
+
+ in = issuer_raw_dn->data;
+ x_name = d2i_X509_NAME (NULL, &in, issuer_raw_dn->len);
+ if (x_name != NULL)
+ {
+ unsigned long issuer_hash;
+ GList *ders, *l;
+
+ issuer_hash = X509_NAME_hash (x_name);
+
+ /* Find the full DER value of the certificate */
+ g_mutex_lock (&priv->mutex);
+ ders = bytes_multi_table_lookup_ref_all (priv->issuers, issuer_hash);
+ g_mutex_unlock (&priv->mutex);
+
+ for (l = ders; l != NULL; l = g_list_next (l))
+ {
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ {
+ g_list_free_full (issued, g_object_unref);
+ issued = NULL;
+ break;
+ }
+
+ issued = g_list_prepend (issued, g_tls_certificate_openssl_new (l->data, NULL));
+ }
+
+ g_list_free_full (ders, (GDestroyNotify)g_bytes_unref);
+ X509_NAME_free (x_name);
+ }
+
+ return issued;
+}
+
+static gboolean
+lookup_assertion (GTlsDatabaseOpenssl *database,
+ GTlsCertificateOpenssl *certificate,
+ GTlsDatabaseOpensslAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ GBytes *der = NULL;
+ gboolean contains;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ /* We only have anchored certificate assertions here */
+ if (assertion != G_TLS_DATABASE_OPENSSL_ANCHORED_CERTIFICATE)
+ return FALSE;
+
+ /*
+ * TODO: We should be parsing any Extended Key Usage attributes and
+ * comparing them to the purpose.
+ */
+
+ der = g_tls_certificate_openssl_get_bytes (certificate);
+
+ g_mutex_lock (&priv->mutex);
+ contains = g_hash_table_lookup (priv->complete, der) ? TRUE : FALSE;
+ g_mutex_unlock (&priv->mutex);
+
+ g_bytes_unref (der);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ /* All certificates in our file are anchored certificates */
+ return contains;
+}
+
+static gboolean
+is_self_signed (GTlsCertificateOpenssl *certificate)
+{
+ X509 *cert;
+ X509_STORE *store;
+ X509_STORE_CTX csc;
+ STACK_OF(X509) *trusted;
+ gboolean ret = FALSE;
+
+ store = X509_STORE_new ();
+ cert = g_tls_certificate_openssl_get_cert (certificate);
+
+ if (!X509_STORE_CTX_init(&csc, store, cert, NULL))
+ goto end;
+
+ trusted = sk_X509_new_null ();
+ sk_X509_push (trusted, cert);
+
+ X509_STORE_CTX_trusted_stack (&csc, trusted);
+ X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+
+ ret = X509_verify_cert (&csc) > 0;
+ sk_X509_free (trusted);
+
+end:
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_free (store);
+
+ return ret;
+}
+
+static gint
+build_certificate_chain (GTlsDatabaseOpenssl *openssl,
+ GTlsCertificateOpenssl *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GTlsCertificateOpenssl **anchor,
+ GError **error)
+{
+
+ GTlsCertificateOpenssl *certificate;
+ GTlsCertificateOpenssl *previous;
+ GTlsCertificate *issuer;
+ gboolean certificate_is_from_db;
+
+ g_assert (anchor);
+ g_assert (chain);
+ g_assert (purpose);
+ g_assert (error);
+ g_assert (!*error);
+
+ /*
+ * Remember that the first certificate never changes in the chain.
+ * When we find a self-signed, pinned or anchored certificate, all
+ * issuers are truncated from the chain.
+ */
+
+ *anchor = NULL;
+ previous = NULL;
+ certificate = chain;
+ certificate_is_from_db = FALSE;
+
+ /* First check for pinned certificate */
+ if (lookup_assertion (openssl, certificate,
+ G_TLS_DATABASE_OPENSSL_PINNED_CERTIFICATE,
+ purpose, identity, cancellable, error))
+ {
+ g_tls_certificate_openssl_set_issuer (certificate, NULL);
+ return STATUS_PINNED;
+ }
+ else if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+
+ for (;;)
+ {
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return STATUS_FAILURE;
+
+ /* Look up whether this certificate is an anchor */
+ if (lookup_assertion (openssl, certificate,
+ G_TLS_DATABASE_OPENSSL_ANCHORED_CERTIFICATE,
+ purpose, identity, cancellable, error))
+ {
+ g_tls_certificate_openssl_set_issuer (certificate, NULL);
+ *anchor = certificate;
+ return STATUS_ANCHORED;
+ }
+ else if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+
+ /* Is it self-signed? */
+ if (is_self_signed (certificate))
+ {
+ /*
+ * Since at this point we would fail with 'self-signed', can we replace
+ * this certificate with one from the database and do better?
+ */
+ if (previous && !certificate_is_from_db)
+ {
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (openssl),
+ G_TLS_CERTIFICATE (previous),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+ else if (issuer)
+ {
+ /* Replaced with certificate in the db, restart step again with this certificate */
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (issuer), STATUS_FAILURE);
+ g_tls_certificate_openssl_set_issuer (previous, G_TLS_CERTIFICATE_OPENSSL (issuer));
+ certificate = G_TLS_CERTIFICATE_OPENSSL (issuer);
+ certificate_is_from_db = TRUE;
+ g_object_unref (issuer);
+ continue;
+ }
+ }
+
+ g_tls_certificate_openssl_set_issuer (certificate, NULL);
+ return STATUS_SELFSIGNED;
+ }
+
+ previous = certificate;
+
+ /* Bring over the next certificate in the chain */
+ issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
+ if (issuer)
+ {
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (issuer), STATUS_FAILURE);
+ certificate = G_TLS_CERTIFICATE_OPENSSL (issuer);
+ certificate_is_from_db = FALSE;
+ }
+
+ /* Search for the next certificate in chain */
+ else
+ {
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (openssl),
+ G_TLS_CERTIFICATE (certificate),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ return STATUS_FAILURE;
+ else if (!issuer)
+ return STATUS_INCOMPLETE;
+
+ /* Found a certificate in chain, use for next step */
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (issuer), STATUS_FAILURE);
+ g_tls_certificate_openssl_set_issuer (certificate, G_TLS_CERTIFICATE_OPENSSL (issuer));
+ certificate = G_TLS_CERTIFICATE_OPENSSL (issuer);
+ certificate_is_from_db = TRUE;
+ g_object_unref (issuer);
+ }
+ }
+
+ g_assert_not_reached ();
+}
+
+static GTlsCertificateFlags
+double_check_before_after_dates (GTlsCertificateOpenssl *chain)
+{
+ GTlsCertificateFlags gtls_flags = 0;
+ X509 *cert;
+
+ while (chain)
+ {
+ ASN1_TIME *not_before;
+ ASN1_TIME *not_after;
+
+ cert = g_tls_certificate_openssl_get_cert (chain);
+ not_before = X509_get_notBefore (cert);
+ not_after = X509_get_notAfter (cert);
+
+ if (X509_cmp_current_time (not_before) > 0)
+ gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
+
+ if (X509_cmp_current_time (not_after) < 0)
+ gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
+
+ chain = G_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_get_issuer
+ (G_TLS_CERTIFICATE (chain)));
+ }
+
+ return gtls_flags;
+}
+
+static STACK_OF(X509) *
+convert_certificate_chain_to_openssl (GTlsCertificateOpenssl *chain)
+{
+ GTlsCertificate *cert;
+ STACK_OF(X509) *openssl_chain;
+
+ openssl_chain = sk_X509_new_null ();
+
+ for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert))
+ sk_X509_push (openssl_chain, g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
+
+ return openssl_chain;
+}
+
+static GTlsCertificateFlags
+g_tls_file_database_openssl_verify_chain (GTlsDatabase *database,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDatabaseOpenssl *openssl;
+ GTlsCertificateOpenssl *anchor;
+ STACK_OF(X509) *certs, *anchors;
+ X509_STORE *store;
+ X509_STORE_CTX csc;
+ X509 *x;
+ gint status;
+ GTlsCertificateFlags result = 0;
+ GError *err = NULL;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (chain),
+ G_TLS_CERTIFICATE_GENERIC_ERROR);
+
+ openssl = G_TLS_DATABASE_OPENSSL (database);
+ anchor = NULL;
+
+ status = build_certificate_chain (openssl, G_TLS_CERTIFICATE_OPENSSL (chain), purpose,
+ identity, interaction, flags, cancellable, &anchor, &err);
+ if (status == STATUS_FAILURE)
+ {
+ g_propagate_error (error, err);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ /*
+ * A pinned certificate is verified on its own, without any further
+ * verification.
+ */
+ if (status == STATUS_PINNED)
+ return 0;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
+
+ store = X509_STORE_new ();
+
+ x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
+ if (!X509_STORE_CTX_init(&csc, store, x, certs))
+ {
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_free (store);
+ sk_X509_free (certs);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ if (anchor)
+ {
+ g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
+ anchors = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (anchor));
+ X509_STORE_CTX_trusted_stack (&csc, anchors);
+ }
+ else
+ anchors = NULL;
+
+ if (X509_verify_cert (&csc) <= 0)
+ result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (&csc));
+
+ X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_free (store);
+ sk_X509_free (certs);
+ if (anchors)
+ sk_X509_free (anchors);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ /* We have to check these ourselves since openssl
+ * does not give us flags and UNKNOWN_CA will take priority.
+ */
+ result |= double_check_before_after_dates (G_TLS_CERTIFICATE_OPENSSL (chain));
+
+ if (identity)
+ result |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (chain),
+ identity);
+
+ return result;
+}
+
+static void
+g_tls_file_database_openssl_class_init (GTlsFileDatabaseOpensslClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+
+ gobject_class->get_property = g_tls_file_database_openssl_get_property;
+ gobject_class->set_property = g_tls_file_database_openssl_set_property;
+ gobject_class->finalize = g_tls_file_database_openssl_finalize;
+
+ database_class->create_certificate_handle = g_tls_file_database_openssl_create_certificate_handle;
+ database_class->lookup_certificate_for_handle = g_tls_file_database_openssl_lookup_certificate_for_handle;
+ database_class->lookup_certificate_issuer = g_tls_file_database_openssl_lookup_certificate_issuer;
+ database_class->lookup_certificates_issued_by = g_tls_file_database_openssl_lookup_certificates_issued_by;
+ database_class->verify_chain = g_tls_file_database_openssl_verify_chain;
+
+ g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
+}
+
+static void
+g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface)
+{
+}
+
+static gboolean
+g_tls_file_database_openssl_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (initable);
+ GTlsFileDatabaseOpensslPrivate *priv;
+ GHashTable *subjects, *issuers, *complete, *certs_by_handle;
+ gboolean result;
+
+ priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ subjects = bytes_multi_table_new ();
+ issuers = bytes_multi_table_new ();
+
+ complete = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
+ (GDestroyNotify)g_bytes_unref,
+ (GDestroyNotify)g_bytes_unref);
+
+ certs_by_handle = g_hash_table_new_full (g_str_hash, g_str_equal,
+ (GDestroyNotify)g_free,
+ (GDestroyNotify)g_object_unref);
+
+ if (priv->anchor_filename)
+ result = load_anchor_file (file_database,
+ priv->anchor_filename,
+ subjects, issuers, complete,
+ certs_by_handle,
+ error);
+ else
+ result = TRUE;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ result = FALSE;
+
+ if (result)
+ {
+ g_mutex_lock (&priv->mutex);
+ if (!priv->subjects)
+ {
+ priv->subjects = subjects;
+ subjects = NULL;
+ }
+ if (!priv->issuers)
+ {
+ priv->issuers = issuers;
+ issuers = NULL;
+ }
+ if (!priv->complete)
+ {
+ priv->complete = complete;
+ complete = NULL;
+ }
+ if (!priv->certs_by_handle)
+ {
+ priv->certs_by_handle = certs_by_handle;
+ certs_by_handle = NULL;
+ }
+ g_mutex_unlock (&priv->mutex);
+ }
+
+ if (subjects != NULL)
+ g_hash_table_unref (subjects);
+ if (issuers != NULL)
+ g_hash_table_unref (issuers);
+ if (complete != NULL)
+ g_hash_table_unref (complete);
+ if (certs_by_handle != NULL)
+ g_hash_table_unref (certs_by_handle);
+ return result;
+}
+
+static void
+g_tls_file_database_openssl_initable_interface_init (GInitableIface *iface)
+{
+ iface->init = g_tls_file_database_openssl_initable_init;
+}
diff --git a/tls/openssl/gtlsfiledatabase-openssl.h b/tls/openssl/gtlsfiledatabase-openssl.h
new file mode 100644
index 0000000..4ec6627
--- /dev/null
+++ b/tls/openssl/gtlsfiledatabase-openssl.h
@@ -0,0 +1,64 @@
+/*
+ * gtlsfiledatabase-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_FILE_DATABASE_OPENSSL_H__
+#define __G_TLS_FILE_DATABASE_OPENSSL_H__
+
+#include <gio/gio.h>
+
+#ifdef G_OS_WIN32
+#define WIN32_LEAN_AND_MEAN
+#endif
+
+#include "gtlsdatabase-openssl.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_FILE_DATABASE_OPENSSL (g_tls_file_database_openssl_get_type ())
+#define G_TLS_FILE_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpenssl))
+#define G_TLS_FILE_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpensslClass))
+#define G_IS_TLS_FILE_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_FILE_DATABASE_OPENSSL))
+#define G_IS_TLS_FILE_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_FILE_DATABASE_OPENSSL))
+#define G_TLS_FILE_DATABASE_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpensslClass))
+
+typedef struct _GTlsFileDatabaseOpensslClass GTlsFileDatabaseOpensslClass;
+typedef struct _GTlsFileDatabaseOpenssl GTlsFileDatabaseOpenssl;
+
+struct _GTlsFileDatabaseOpensslClass
+{
+ GTlsDatabaseOpensslClass parent_class;
+};
+
+struct _GTlsFileDatabaseOpenssl
+{
+ GTlsDatabaseOpenssl parent_instance;
+};
+
+GType g_tls_file_database_openssl_get_type (void) G_GNUC_CONST;
+
+GTlsDatabase *g_tls_file_database_openssl_new (const gchar *anchor_file);
+
+G_END_DECLS
+
+#endif /* __G_TLS_FILE_DATABASE_OPENSSL_H___ */
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
new file mode 100644
index 0000000..e9add65
--- /dev/null
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -0,0 +1,316 @@
+/*
+ * gtlsserverconnection-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+#include "gtlsserverconnection-openssl.h"
+#include "gtlscertificate-openssl.h"
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <glib/gi18n-lib.h>
+
+typedef struct _GTlsServerConnectionOpensslPrivate
+{
+ GTlsAuthenticationMode authentication_mode;
+ SSL_SESSION *session;
+ SSL *ssl;
+ SSL_CTX *ssl_ctx;
+} GTlsServerConnectionOpensslPrivate;
+
+enum
+{
+ PROP_0,
+ PROP_AUTHENTICATION_MODE
+};
+
+static void g_tls_server_connection_openssl_initable_interface_init (GInitableIface *iface);
+
+static void g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface
*iface);
+
+static GInitableIface *g_tls_server_connection_openssl_parent_initable_iface;
+
+G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionOpenssl, g_tls_server_connection_openssl,
G_TYPE_TLS_CONNECTION_OPENSSL,
+ G_ADD_PRIVATE (GTlsServerConnectionOpenssl)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_server_connection_openssl_initable_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION,
+
g_tls_server_connection_openssl_server_connection_interface_init))
+
+static void
+g_tls_server_connection_openssl_finalize (GObject *object)
+{
+ GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
+ GTlsServerConnectionOpensslPrivate *priv;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+ SSL_free (priv->ssl);
+ SSL_CTX_free (priv->ssl_ctx);
+ SSL_SESSION_free (priv->session);
+
+ G_OBJECT_CLASS (g_tls_server_connection_openssl_parent_class)->finalize (object);
+}
+
+static void
+g_tls_server_connection_openssl_get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
+ GTlsServerConnectionOpensslPrivate *priv;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+ switch (prop_id)
+ {
+ case PROP_AUTHENTICATION_MODE:
+ g_value_set_enum (value, priv->authentication_mode);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static void
+g_tls_server_connection_openssl_set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
+ GTlsServerConnectionOpensslPrivate *priv;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+ switch (prop_id)
+ {
+ case PROP_AUTHENTICATION_MODE:
+ priv->authentication_mode = g_value_get_enum (value);
+ break;
+
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ }
+}
+
+static int
+verify_callback (int preverify_ok,
+ X509_STORE_CTX *ctx)
+{
+ return 1;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_server_connection_openssl_handshake (GTlsConnectionBase *tls,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (tls);
+ GTlsServerConnectionOpensslPrivate *priv;
+ int req_mode = 0;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+ switch (priv->authentication_mode)
+ {
+ case G_TLS_AUTHENTICATION_REQUIRED:
+ req_mode = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ case G_TLS_AUTHENTICATION_REQUESTED:
+ req_mode |= SSL_VERIFY_PEER;
+ break;
+ case G_TLS_AUTHENTICATION_NONE:
+ default:
+ req_mode = SSL_VERIFY_NONE;
+ break;
+ }
+
+ SSL_set_verify (priv->ssl, req_mode, verify_callback);
+ /* FIXME: is this ok? */
+ SSL_set_verify_depth (priv->ssl, 0);
+
+ return G_TLS_CONNECTION_BASE_CLASS (g_tls_server_connection_openssl_parent_class)->
+ handshake (tls, cancellable, error);
+}
+
+static SSL *
+g_tls_server_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection)
+{
+ GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (connection);
+ GTlsServerConnectionOpensslPrivate *priv;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+ return priv->ssl;
+}
+
+static SSL_CTX *
+g_tls_server_connection_openssl_get_ssl_ctx (GTlsConnectionOpenssl *connection)
+{
+ GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (connection);
+ GTlsServerConnectionOpensslPrivate *priv;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+ return priv->ssl_ctx;
+}
+
+static void
+g_tls_server_connection_openssl_class_init (GTlsServerConnectionOpensslClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+ GTlsConnectionOpensslClass *connection_class = G_TLS_CONNECTION_OPENSSL_CLASS (klass);
+
+ gobject_class->finalize = g_tls_server_connection_openssl_finalize;
+ gobject_class->get_property = g_tls_server_connection_openssl_get_property;
+ gobject_class->set_property = g_tls_server_connection_openssl_set_property;
+
+ base_class->handshake = g_tls_server_connection_openssl_handshake;
+
+ connection_class->get_ssl = g_tls_server_connection_openssl_get_ssl;
+ connection_class->get_ssl_ctx = g_tls_server_connection_openssl_get_ssl_ctx;
+
+ g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
+}
+
+static void
+g_tls_server_connection_openssl_init (GTlsServerConnectionOpenssl *openssl)
+{
+}
+
+static void
+g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface *iface)
+{
+}
+
+static gboolean
+g_tls_server_connection_openssl_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (initable);
+ GTlsServerConnectionOpensslPrivate *priv;
+ GTlsCertificate *cert;
+ long options;
+
+ priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+ priv->session = SSL_SESSION_new ();
+
+ priv->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
+ if (priv->ssl_ctx == NULL)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS context: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ options = SSL_OP_NO_TICKET;
+
+ /* Only TLS 1.2 or higher */
+ SSL_CTX_set_options (priv->ssl_ctx, options);
+
+ cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
+ if (cert != NULL)
+ {
+ EVP_PKEY *key;
+ X509 *x;
+ GTlsCertificate *issuer;
+
+ key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
+
+ if (key == NULL)
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Certificate has no private key"));
+ return FALSE;
+ }
+
+ if (SSL_CTX_use_PrivateKey (priv->ssl_ctx, key) <= 0)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("There is a problem with the certificate private key: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert));
+ if (SSL_CTX_use_certificate (priv->ssl_ctx, x) <= 0)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("There is a problem with the certificate: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ /* Add all the issuers to create the full certificate chain */
+ for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
+ issuer != NULL;
+ issuer = g_tls_certificate_get_issuer (issuer))
+ {
+ X509 *issuer_x;
+
+ /* Be careful here and duplicate the certificate since the context
+ * will take the ownership
+ */
+ issuer_x = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (issuer)));
+ if (!SSL_CTX_add_extra_chain_cert (priv->ssl_ctx, issuer_x))
+ g_warning ("There was a problem adding the extra chain certificate: %s",
+ ERR_error_string (ERR_get_error (), NULL));
+ }
+ }
+
+ SSL_CTX_add_session (priv->ssl_ctx, priv->session);
+
+ SSL_CTX_set_cipher_list (priv->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
+ priv->ssl = SSL_new (priv->ssl_ctx);
+ if (priv->ssl == NULL)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS connection: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ SSL_set_accept_state (priv->ssl);
+
+ if (!g_tls_server_connection_openssl_parent_initable_iface->
+ init (initable, cancellable, error))
+ return FALSE;
+
+ return TRUE;
+}
+
+static void
+g_tls_server_connection_openssl_initable_interface_init (GInitableIface *iface)
+{
+ g_tls_server_connection_openssl_parent_initable_iface = g_type_interface_peek_parent (iface);
+
+ iface->init = g_tls_server_connection_openssl_initable_init;
+}
diff --git a/tls/openssl/gtlsserverconnection-openssl.h b/tls/openssl/gtlsserverconnection-openssl.h
new file mode 100644
index 0000000..96e0fb7
--- /dev/null
+++ b/tls/openssl/gtlsserverconnection-openssl.h
@@ -0,0 +1,57 @@
+/*
+ * gtlsserverconnection-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_SERVER_CONNECTION_OPENSSL_H__
+#define __G_TLS_SERVER_CONNECTION_OPENSSL_H__
+
+#include <gio/gio.h>
+#include "gtlsconnection-openssl.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_SERVER_CONNECTION_OPENSSL (g_tls_server_connection_openssl_get_type ())
+#define G_TLS_SERVER_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst),
G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpenssl))
+#define G_TLS_SERVER_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class),
G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpensslClass))
+#define G_IS_TLS_SERVER_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst),
G_TYPE_TLS_SERVER_CONNECTION_OPENSSL))
+#define G_IS_TLS_SERVER_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class),
G_TYPE_TLS_SERVER_CONNECTION_OPENSSL))
+#define G_TLS_SERVER_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst),
G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpensslClass))
+
+typedef struct _GTlsServerConnectionOpensslClass GTlsServerConnectionOpensslClass;
+typedef struct _GTlsServerConnectionOpenssl GTlsServerConnectionOpenssl;
+
+struct _GTlsServerConnectionOpensslClass
+{
+ GTlsConnectionOpensslClass parent_class;
+};
+
+struct _GTlsServerConnectionOpenssl
+{
+ GTlsConnectionOpenssl parent_instance;
+};
+
+GType g_tls_server_connection_openssl_get_type (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __G_TLS_SERVER_CONNECTION_OPENSSL_H___ */
diff --git a/tls/openssl/openssl-module.c b/tls/openssl/openssl-module.c
new file mode 100644
index 0000000..f58aed3
--- /dev/null
+++ b/tls/openssl/openssl-module.c
@@ -0,0 +1,69 @@
+/*
+ * gtlsbio.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include <glib/gi18n-lib.h>
+#include <gio/gio.h>
+
+#include "gtlsbackend-openssl.h"
+
+
+void
+g_io_module_load (GIOModule *module)
+{
+ gchar *locale_dir;
+#ifdef G_OS_WIN32
+ gchar *base_dir;
+#endif
+
+ g_tls_backend_openssl_register (module);
+
+#ifdef G_OS_WIN32
+ base_dir = g_win32_get_package_installation_directory_of_module (NULL);
+ locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
+ g_free (base_dir);
+#else
+ locale_dir = g_strdup (LOCALE_DIR);
+#endif
+
+ bindtextdomain (GETTEXT_PACKAGE, locale_dir);
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+ g_free (locale_dir);
+}
+
+void
+g_io_module_unload (GIOModule *module)
+{
+}
+
+gchar **
+g_io_module_query (void)
+{
+ gchar *eps[] = {
+ G_TLS_BACKEND_EXTENSION_POINT_NAME,
+ NULL
+ };
+ return g_strdupv (eps);
+}
diff --git a/tls/openssl/openssl-util.c b/tls/openssl/openssl-util.c
new file mode 100644
index 0000000..5ba63f1
--- /dev/null
+++ b/tls/openssl/openssl-util.c
@@ -0,0 +1,487 @@
+/* v3_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve openssl org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing OpenSSL org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay cryptsoft com). This product includes software written by Tim
+ * Hudson (tjh cryptsoft com).
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ */
+/* X509 v3 extension utilities */
+
+/* NOTE: this has been copied from openssl */
+
+#include "openssl-util.h"
+#include <string.h>
+#include <openssl/x509v3.h>
+
+#ifdef _MSC_VER
+#define strncasecmp _strnicmp
+#endif
+
+typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags);
+
+
+/* Skip pattern prefix to match "wildcard" subject */
+static void skip_prefix(const unsigned char **p, size_t *plen,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags)
+{
+ const unsigned char *pattern = *p;
+ size_t pattern_len = *plen;
+
+ /*
+ * If subject starts with a leading '.' followed by more octets, and
+ * pattern is longer, compare just an equal-length suffix with the
+ * full subject (starting at the '.'), provided the prefix contains
+ * no NULs.
+ */
+ if ((flags & _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
+ return;
+
+ while (pattern_len > subject_len && *pattern) {
+ if ((flags & G_TLS_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
+ *pattern == '.')
+ break;
+ ++pattern;
+ --pattern_len;
+ }
+
+ /* Skip if entire prefix acceptable */
+ if (pattern_len == subject_len) {
+ *p = pattern;
+ *plen = pattern_len;
+ }
+}
+
+/* Compare while ASCII ignoring case. */
+static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags)
+{
+ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+ if (pattern_len != subject_len)
+ return 0;
+ while (pattern_len) {
+ unsigned char l = *pattern;
+ unsigned char r = *subject;
+ /* The pattern must not contain NUL characters. */
+ if (l == 0)
+ return 0;
+ if (l != r) {
+ if ('A' <= l && l <= 'Z')
+ l = (l - 'A') + 'a';
+ if ('A' <= r && r <= 'Z')
+ r = (r - 'A') + 'a';
+ if (l != r)
+ return 0;
+ }
+ ++pattern;
+ ++subject;
+ --pattern_len;
+ }
+ return 1;
+}
+
+/* Compare using memcmp. */
+static int equal_case(const unsigned char *pattern, size_t pattern_len,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags)
+{
+ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+ if (pattern_len != subject_len)
+ return 0;
+ return !memcmp(pattern, subject, pattern_len);
+}
+
+/*
+ * RFC 5280, section 7.5, requires that only the domain is compared in a
+ * case-insensitive manner.
+ */
+static int equal_email(const unsigned char *a, size_t a_len,
+ const unsigned char *b, size_t b_len,
+ unsigned int unused_flags)
+{
+ size_t i = a_len;
+ if (a_len != b_len)
+ return 0;
+ /*
+ * We search backwards for the '@' character, so that we do not have to
+ * deal with quoted local-parts. The domain part is compared in a
+ * case-insensitive manner.
+ */
+ while (i > 0) {
+ --i;
+ if (a[i] == '@' || b[i] == '@') {
+ if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
+ return 0;
+ break;
+ }
+ }
+ if (i == 0)
+ i = a_len;
+ return equal_case(a, i, b, i, 0);
+}
+
+/*
+ * Compare an ASN1_STRING to a supplied string. If they match return 1. If
+ * cmp_type > 0 only compare if string matches the type, otherwise convert it
+ * to UTF8.
+ */
+
+static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
+ unsigned int flags, const char *b, size_t blen,
+ char **peername)
+{
+ int rv = 0;
+
+ if (!a->data || !a->length)
+ return 0;
+ if (cmp_type > 0) {
+ if (cmp_type != a->type)
+ return 0;
+ if (cmp_type == V_ASN1_IA5STRING)
+ rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
+ else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+ rv = 1;
+ if (rv > 0 && peername)
+ *peername = BUF_strndup((char *)a->data, a->length);
+ } else {
+ int astrlen;
+ unsigned char *astr;
+ astrlen = ASN1_STRING_to_UTF8(&astr, a);
+ if (astrlen < 0) {
+ /*
+ * -1 could be an internal malloc failure or a decoding error from
+ * malformed input; we can't distinguish.
+ */
+ return -1;
+ }
+ rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
+ if (rv > 0 && peername)
+ *peername = BUF_strndup((char *)astr, astrlen);
+ OPENSSL_free(astr);
+ }
+ return rv;
+}
+
+/*
+ * Compare the prefix and suffix with the subject, and check that the
+ * characters in-between are valid.
+ */
+static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
+ const unsigned char *suffix, size_t suffix_len,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags)
+{
+ const unsigned char *wildcard_start;
+ const unsigned char *wildcard_end;
+ const unsigned char *p;
+ int allow_multi = 0;
+ int allow_idna = 0;
+
+ if (subject_len < prefix_len + suffix_len)
+ return 0;
+ if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
+ return 0;
+ wildcard_start = subject + prefix_len;
+ wildcard_end = subject + (subject_len - suffix_len);
+ if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
+ return 0;
+ /*
+ * If the wildcard makes up the entire first label, it must match at
+ * least one character.
+ */
+ if (prefix_len == 0 && *suffix == '.') {
+ if (wildcard_start == wildcard_end)
+ return 0;
+ allow_idna = 1;
+ if (flags & G_TLS_X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
+ allow_multi = 1;
+ }
+ /* IDNA labels cannot match partial wildcards */
+ if (!allow_idna &&
+ subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
+ return 0;
+ /* The wildcard may match a literal '*' */
+ if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
+ return 1;
+ /*
+ * Check that the part matched by the wildcard contains only
+ * permitted characters and only matches a single label unless
+ * allow_multi is set.
+ */
+ for (p = wildcard_start; p != wildcard_end; ++p)
+ if (!(('0' <= *p && *p <= '9') ||
+ ('A' <= *p && *p <= 'Z') ||
+ ('a' <= *p && *p <= 'z') ||
+ *p == '-' || (allow_multi && *p == '.')))
+ return 0;
+ return 1;
+}
+
+#define LABEL_START (1 << 0)
+#define LABEL_END (1 << 1)
+#define LABEL_HYPHEN (1 << 2)
+#define LABEL_IDNA (1 << 3)
+
+static const unsigned char *valid_star(const unsigned char *p, size_t len,
+ unsigned int flags)
+{
+ const unsigned char *star = 0;
+ size_t i;
+ int state = LABEL_START;
+ int dots = 0;
+ for (i = 0; i < len; ++i) {
+ /*
+ * Locate first and only legal wildcard, either at the start
+ * or end of a non-IDNA first and not final label.
+ */
+ if (p[i] == '*') {
+ int atstart = (state & LABEL_START);
+ int atend = (i == len - 1 || p[i + 1] == '.');
+ /*-
+ * At most one wildcard per pattern.
+ * No wildcards in IDNA labels.
+ * No wildcards after the first label.
+ */
+ if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
+ return NULL;
+ /* Only full-label '*.example.com' wildcards? */
+ if ((flags & G_TLS_X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
+ && (!atstart || !atend))
+ return NULL;
+ /* No 'foo*bar' wildcards */
+ if (!atstart && !atend)
+ return NULL;
+ star = &p[i];
+ state &= ~LABEL_START;
+ } else if (('a' <= p[i] && p[i] <= 'z')
+ || ('A' <= p[i] && p[i] <= 'Z')
+ || ('0' <= p[i] && p[i] <= '9')) {
+ if ((state & LABEL_START) != 0
+ && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
+ state |= LABEL_IDNA;
+ state &= ~(LABEL_HYPHEN | LABEL_START);
+ } else if (p[i] == '.') {
+ if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
+ return NULL;
+ state = LABEL_START;
+ ++dots;
+ } else if (p[i] == '-') {
+ if ((state & LABEL_HYPHEN) != 0)
+ return NULL;
+ state |= LABEL_HYPHEN;
+ } else
+ return NULL;
+ }
+
+ /*
+ * The final label must not end in a hyphen or ".", and
+ * there must be at least two dots after the star.
+ */
+ if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
+ return NULL;
+ return star;
+}
+
+/* Compare using wildcards. */
+static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags)
+{
+ const unsigned char *star = NULL;
+
+ /*
+ * Subject names starting with '.' can only match a wildcard pattern
+ * via a subject sub-domain pattern suffix match.
+ */
+ if (!(subject_len > 1 && subject[0] == '.'))
+ star = valid_star(pattern, pattern_len, flags);
+ if (star == NULL)
+ return equal_nocase(pattern, pattern_len,
+ subject, subject_len, flags);
+ return wildcard_match(pattern, star - pattern,
+ star + 1, (pattern + pattern_len) - star - 1,
+ subject, subject_len, flags);
+}
+
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags, int check_type, char **peername)
+{
+ GENERAL_NAMES *gens = NULL;
+ X509_NAME *name = NULL;
+ int i;
+ int cnid;
+ int alt_type;
+ int san_present = 0;
+ int rv = 0;
+ equal_fn equal;
+
+ /* See below, this flag is internal-only */
+ flags &= ~_G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+ if (check_type == GEN_EMAIL) {
+ cnid = NID_pkcs9_emailAddress;
+ alt_type = V_ASN1_IA5STRING;
+ equal = equal_email;
+ } else if (check_type == GEN_DNS) {
+ cnid = NID_commonName;
+ /* Implicit client-side DNS sub-domain pattern */
+ if (chklen > 1 && chk[0] == '.')
+ flags |= _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+ alt_type = V_ASN1_IA5STRING;
+ if (flags & G_TLS_X509_CHECK_FLAG_NO_WILDCARDS)
+ equal = equal_nocase;
+ else
+ equal = equal_wildcard;
+ } else {
+ cnid = 0;
+ alt_type = V_ASN1_OCTET_STRING;
+ equal = equal_case;
+ }
+
+ if (chklen == 0)
+ chklen = strlen(chk);
+
+ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+ if (gens) {
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+ GENERAL_NAME *gen;
+ ASN1_STRING *cstr;
+ gen = sk_GENERAL_NAME_value(gens, i);
+ if (gen->type != check_type)
+ continue;
+ san_present = 1;
+ if (check_type == GEN_EMAIL)
+ cstr = gen->d.rfc822Name;
+ else if (check_type == GEN_DNS)
+ cstr = gen->d.dNSName;
+ else
+ cstr = gen->d.iPAddress;
+ /* Positive on success, negative on error! */
+ if ((rv = do_check_string(cstr, alt_type, equal, flags,
+ chk, chklen, peername)) != 0)
+ break;
+ }
+ GENERAL_NAMES_free(gens);
+ if (rv != 0)
+ return rv;
+ if (!cnid
+ || (san_present
+ && !(flags & G_TLS_X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
+ return 0;
+ }
+ i = -1;
+ name = X509_get_subject_name(x);
+ while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
+ X509_NAME_ENTRY *ne;
+ ASN1_STRING *str;
+ ne = X509_NAME_get_entry(name, i);
+ str = X509_NAME_ENTRY_get_data(ne);
+ /* Positive on success, negative on error! */
+ if ((rv = do_check_string(str, -1, equal, flags,
+ chk, chklen, peername)) != 0)
+ return rv;
+ }
+ return 0;
+}
+
+int g_tls_X509_check_host(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags, char **peername)
+{
+ if (chk == NULL)
+ return -2;
+ /*
+ * Embedded NULs are disallowed, except as the last character of a
+ * string of length 2 or more (tolerate caller including terminating
+ * NUL in string length).
+ */
+ if (chklen == 0)
+ chklen = strlen(chk);
+ else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+ return -2;
+ if (chklen > 1 && chk[chklen - 1] == '\0')
+ --chklen;
+ return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
+}
+
+int g_tls_X509_check_email(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags)
+{
+ if (chk == NULL)
+ return -2;
+ /*
+ * Embedded NULs are disallowed, except as the last character of a
+ * string of length 2 or more (tolerate caller including terminating
+ * NUL in string length).
+ */
+ if (chklen == 0)
+ chklen = strlen((char *)chk);
+ else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+ return -2;
+ if (chklen > 1 && chk[chklen - 1] == '\0')
+ --chklen;
+ return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
+}
+
+int g_tls_X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+ unsigned int flags)
+{
+ if (chk == NULL)
+ return -2;
+ return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
+}
diff --git a/tls/openssl/openssl-util.h b/tls/openssl/openssl-util.h
new file mode 100644
index 0000000..72cd2c9
--- /dev/null
+++ b/tls/openssl/openssl-util.h
@@ -0,0 +1,99 @@
+/* v3_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve openssl org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing OpenSSL org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay cryptsoft com). This product includes software written by Tim
+ * Hudson (tjh cryptsoft com).
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ */
+/* X509 v3 extension utilities */
+
+#ifndef __G_TLS_OPENSSL_UTIL_H__
+#define __G_TLS_OPENSSL_UTIL_H__
+
+#include <openssl/x509.h>
+
+/*
+ * Always check subject name for host match even if subject alt names present
+ */
+# define G_TLS_X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
+/* Disable wildcard matching for dnsName fields and common name. */
+# define G_TLS_X509_CHECK_FLAG_NO_WILDCARDS 0x2
+/* Wildcards must not match a partial label. */
+# define G_TLS_X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
+/* Allow (non-partial) wildcards to match multiple labels. */
+# define G_TLS_X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
+/* Constraint verifier subdomain patterns to match a single labels. */
+# define G_TLS_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/*
+ * Match reference identifiers starting with "." to any sub-domain.
+ * This is a non-public flag, turned on implicitly when the subject
+ * reference identity is a DNS name.
+ */
+# define _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
+
+int g_tls_X509_check_host(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags, char **peername);
+
+int g_tls_X509_check_email(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags);
+
+int g_tls_X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+ unsigned int flags);
+
+#endif /* __G_TLS_OPENSSL_UTIL_H__ */
+
+
diff --git a/tls/tests/Makefile.am b/tls/tests/Makefile.am
new file mode 100644
index 0000000..4cafda3
--- /dev/null
+++ b/tls/tests/Makefile.am
@@ -0,0 +1,60 @@
+include $(top_srcdir)/glib-openssl.mk
+
+AM_CPPFLAGS += \
+ -I$(top_srcdir)/tls \
+ -I$(top_builddir)/tls \
+ -DSRCDIR=\""$(abs_srcdir)"\" \
+ -DTOP_BUILDDIR=\""$(top_builddir)"\"
+
+LDADD = \
+ $(GLIB_LIBS)
+
+test_programs = \
+ certificate-openssl \
+ file-database-openssl \
+ connection-openssl \
+ $(NULL)
+
+certificate_openssl_SOURCES = certificate.c
+certificate_openssl_CPPFLAGS = $(AM_CPPFLAGS) $(OPENSSL_CFLAGS) -DBACKEND=\""openssl"\"
-DWITH_BACKEND_OPENSSL
+certificate_openssl_LDADD = $(GLIB_LIBS) $(OPENSSL_LIBS)
+
+connection_openssl_SOURCES = connection.c mock-interaction.c mock-interaction.h
+connection_openssl_CPPFLAGS = $(AM_CPPFLAGS) $(OPENSSL_CFLAGS) -DBACKEND=\""openssl"\" -DWITH_BACKEND_OPENSSL
+connection_openssl_LDADD = $(GLIB_LIBS) $(OPENSSL_LIBS)
+
+file_database_openssl_SOURCES = file-database.c
+file_database_openssl_CPPFLAGS = $(AM_CPPFLAGS) $(OPENSSL_CFLAGS) -DBACKEND=\""openssl"\"
-DWITH_BACKEND_OPENSSL
+file_database_openssl_LDADD = $(GLIB_LIBS) $(OPENSSL_LIBS)
+
+testfiles_data = \
+ files/ca.pem \
+ files/ca-alternative.pem \
+ files/ca-key.pem \
+ files/ca-roots.pem \
+ files/ca-roots-bad.pem \
+ files/ca-verisign-sha1.pem \
+ files/chain.pem \
+ files/chain-with-verisign-md2.pem \
+ files/client-and-key.pem \
+ files/client-future.pem \
+ files/client-past.pem \
+ files/client.pem \
+ files/intermediate-ca.pem \
+ files/non-ca.pem \
+ files/server-and-key.pem \
+ files/server.der \
+ files/server-intermediate.pem \
+ files/server-intermediate-key.pem \
+ files/server-key.der \
+ files/server-key.pem \
+ files/server.pem \
+ files/server-self.pem \
+ $(NULL)
+
+if ENABLE_INSTALLED_TESTS
+testfilesdir = $(installed_testdir)/files
+testfiles_DATA = $(testfiles_data)
+endif
+
+EXTRA_DIST += $(testfiles_data)
diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
new file mode 100644
index 0000000..e0f7d04
--- /dev/null
+++ b/tls/tests/certificate.c
@@ -0,0 +1,583 @@
+/* GIO TLS tests
+ *
+ * Copyright 2011 Collabora, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include <gio/gio.h>
+
+#include <sys/types.h>
+#include <string.h>
+
+static const gchar *
+tls_test_file_path (const char *name)
+{
+ const gchar *const_path;
+ gchar *path;
+
+ path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+ if (!g_path_is_absolute (path))
+ {
+ gchar *cwd, *abs;
+
+ cwd = g_get_current_dir ();
+ abs = g_build_filename (cwd, path, NULL);
+ g_free (cwd);
+ g_free (path);
+ path = abs;
+ }
+
+ const_path = g_intern_string (path);
+ g_free (path);
+ return const_path;
+}
+
+typedef struct {
+ GTlsBackend *backend;
+ GType cert_gtype;
+ gchar *cert_pem;
+ gsize cert_pem_length;
+ GByteArray *cert_der;
+ gchar *key_pem;
+ gsize key_pem_length;
+ GByteArray *key_der;
+} TestCertificate;
+
+static void
+setup_certificate (TestCertificate *test, gconstpointer data)
+{
+ GError *error = NULL;
+ gchar *contents;
+ gsize length;
+
+ test->backend = g_tls_backend_get_default ();
+ test->cert_gtype = g_tls_backend_get_certificate_type (test->backend);
+
+ g_file_get_contents (tls_test_file_path ("server.pem"), &test->cert_pem,
+ &test->cert_pem_length, &error);
+ g_assert_no_error (error);
+
+ g_file_get_contents (tls_test_file_path ("server.der"),
+ &contents, &length, &error);
+ g_assert_no_error (error);
+
+ test->cert_der = g_byte_array_new ();
+ g_byte_array_append (test->cert_der, (guint8 *)contents, length);
+ g_free (contents);
+
+ g_file_get_contents (tls_test_file_path ("server-key.pem"), &test->key_pem,
+ &test->key_pem_length, &error);
+ g_assert_no_error (error);
+
+ g_file_get_contents (tls_test_file_path ("server-key.der"),
+ &contents, &length, &error);
+ g_assert_no_error (error);
+
+ test->key_der = g_byte_array_new ();
+ g_byte_array_append (test->key_der, (guint8 *)contents, length);
+ g_free (contents);
+}
+
+static void
+teardown_certificate (TestCertificate *test,
+ gconstpointer data)
+{
+ g_free (test->cert_pem);
+ g_byte_array_free (test->cert_der, TRUE);
+
+ g_free (test->key_pem);
+ g_byte_array_free (test->key_der, TRUE);
+}
+
+static void
+test_create_pem (TestCertificate *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ gchar *pem = NULL;
+ GError *error = NULL;
+
+ cert = g_tls_certificate_new_from_pem (test->cert_pem, test->cert_pem_length, &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ g_object_get (cert, "certificate-pem", &pem, NULL);
+ g_assert_cmpstr (pem, ==, test->cert_pem);
+ g_free (pem);
+
+ g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
+ g_object_unref (cert);
+ g_assert (cert == NULL);
+}
+
+static void
+test_create_with_key_pem (TestCertificate *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ cert = g_initable_new (test->cert_gtype, NULL, &error,
+ "certificate-pem", test->cert_pem,
+ "private-key-pem", test->key_pem,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
+ g_object_unref (cert);
+ g_assert (cert == NULL);
+}
+
+static void
+test_create_der (TestCertificate *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ GByteArray *der = NULL;
+ GError *error = NULL;
+
+ cert = g_initable_new (test->cert_gtype, NULL, &error,
+ "certificate", test->cert_der,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ g_object_get (cert, "certificate", &der, NULL);
+ g_assert (der);
+ g_assert_cmpuint (der->len, ==, test->cert_der->len);
+ g_assert (memcmp (der->data, test->cert_der->data, der->len) == 0);
+
+ g_byte_array_unref (der);
+
+ g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
+ g_object_unref (cert);
+ g_assert (cert == NULL);
+}
+
+static void
+test_create_with_key_der (TestCertificate *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ cert = g_initable_new (test->cert_gtype, NULL, &error,
+ "certificate", test->cert_der,
+ "private-key", test->key_der,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
+ g_object_unref (cert);
+ g_assert (cert == NULL);
+}
+
+static void
+test_create_certificate_with_issuer (TestCertificate *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert, *issuer, *check;
+ GError *error = NULL;
+
+ issuer = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (issuer));
+
+ cert = g_initable_new (test->cert_gtype, NULL, &error,
+ "certificate-pem", test->cert_pem,
+ "issuer", issuer,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ g_object_add_weak_pointer (G_OBJECT (issuer), (gpointer *)&issuer);
+ g_object_unref (issuer);
+ g_assert (issuer != NULL);
+
+ check = g_tls_certificate_get_issuer (cert);
+ g_assert (check == issuer);
+
+ g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
+ g_object_unref (cert);
+ g_assert (cert == NULL);
+ g_assert (issuer == NULL);
+}
+
+static void
+test_create_certificate_chain (void)
+{
+ GTlsCertificate *cert, *intermediate, *root;
+ GError *error = NULL;
+
+ if (glib_check_version (2, 43, 0))
+ {
+ g_test_skip ("This test requires glib 2.43");
+ return;
+ }
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ intermediate = g_tls_certificate_get_issuer (cert);
+ g_assert (G_IS_TLS_CERTIFICATE (intermediate));
+
+ root = g_tls_certificate_get_issuer (intermediate);
+ g_assert (G_IS_TLS_CERTIFICATE (root));
+
+ g_assert (g_tls_certificate_get_issuer (root) == NULL);
+
+ g_object_unref (cert);
+}
+
+static void
+test_create_certificate_no_chain (void)
+{
+ GTlsCertificate *cert, *issuer;
+ GError *error = NULL;
+ gchar *cert_pem;
+ gsize cert_pem_length;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer == NULL);
+ g_object_unref (cert);
+
+ /* Truncate a valid chain certificate file. We should only get the
+ * first certificate.
+ */
+ g_file_get_contents (tls_test_file_path ("chain.pem"), &cert_pem,
+ &cert_pem_length, &error);
+ g_assert_no_error (error);
+
+ cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error);
+ g_free (cert_pem);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer == NULL);
+ g_object_unref (cert);
+}
+
+static void
+test_create_list (void)
+{
+ GList *list;
+ GError *error = NULL;
+
+ list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (g_list_length (list), ==, 8);
+
+ g_list_free_full (list, g_object_unref);
+}
+
+static void
+test_create_list_bad (void)
+{
+ GList *list;
+ GError *error = NULL;
+
+ list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots-bad.pem"), &error);
+ g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_assert_null (list);
+ g_error_free (error);
+}
+
+/* -----------------------------------------------------------------------------
+ * CERTIFICATE VERIFY
+ */
+
+typedef struct {
+ GTlsCertificate *cert;
+ GTlsCertificate *anchor;
+ GSocketConnectable *identity;
+ GTlsDatabase *database;
+} TestVerify;
+
+static void
+setup_verify (TestVerify *test,
+ gconstpointer data)
+{
+ GError *error = NULL;
+
+ test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+
+ test->identity = g_network_address_new ("server.example.com", 80);
+
+ test->anchor = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (test->anchor));
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_DATABASE (test->database));
+}
+
+static void
+teardown_verify (TestVerify *test,
+ gconstpointer data)
+{
+ g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+ g_object_add_weak_pointer (G_OBJECT (test->cert),
+ (gpointer *)&test->cert);
+ g_object_unref (test->cert);
+ g_assert (test->cert == NULL);
+
+ g_assert (G_IS_TLS_CERTIFICATE (test->anchor));
+ g_object_add_weak_pointer (G_OBJECT (test->anchor),
+ (gpointer *)&test->anchor);
+ g_object_unref (test->anchor);
+ g_assert (test->anchor == NULL);
+
+ g_assert (G_IS_TLS_DATABASE (test->database));
+ g_object_add_weak_pointer (G_OBJECT (test->database),
+ (gpointer *)&test->database);
+ g_object_unref (test->database);
+ g_assert (test->database == NULL);
+
+ g_object_add_weak_pointer (G_OBJECT (test->identity),
+ (gpointer *)&test->identity);
+ g_object_unref (test->identity);
+ g_assert (test->identity == NULL);
+}
+
+static void
+test_verify_certificate_good (TestVerify *test,
+ gconstpointer data)
+{
+ GSocketConnectable *identity;
+ GSocketAddress *addr;
+ GTlsCertificateFlags errors;
+
+ errors = g_tls_certificate_verify (test->cert, test->identity, test->anchor);
+ g_assert_cmpuint (errors, ==, 0);
+
+ errors = g_tls_certificate_verify (test->cert, NULL, test->anchor);
+ g_assert_cmpuint (errors, ==, 0);
+
+ identity = g_network_address_new ("192.168.1.10", 80);
+ errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
+ g_assert_cmpuint (errors, ==, 0);
+ g_object_unref (identity);
+
+ addr = g_inet_socket_address_new_from_string ("192.168.1.10", 80);
+ errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor);
+ g_assert_cmpuint (errors, ==, 0);
+ g_object_unref (addr);
+}
+
+static void
+test_verify_certificate_bad_identity (TestVerify *test,
+ gconstpointer data)
+{
+ GSocketConnectable *identity;
+ GTlsCertificateFlags errors;
+ GSocketAddress *addr;
+
+ identity = g_network_address_new ("other.example.com", 80);
+ errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_object_unref (identity);
+
+ identity = g_network_address_new ("127.0.0.1", 80);
+ errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_object_unref (identity);
+
+ addr = g_inet_socket_address_new_from_string ("127.0.0.1", 80);
+ errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_object_unref (addr);
+}
+
+static void
+test_verify_certificate_bad_ca (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ /* Use a client certificate as the CA, which is wrong */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ errors = g_tls_certificate_verify (test->cert, test->identity, cert);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA);
+
+ g_object_unref (cert);
+}
+
+static void
+test_verify_certificate_bad_before (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ /* This is a certificate in the future */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ errors = g_tls_certificate_verify (cert, NULL, test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_NOT_ACTIVATED);
+
+ g_object_unref (cert);
+}
+
+static void
+test_verify_certificate_bad_expired (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ /* This is a certificate in the future */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ errors = g_tls_certificate_verify (cert, NULL, test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_EXPIRED);
+
+ g_object_unref (cert);
+}
+
+static void
+test_verify_certificate_bad_combo (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ GTlsCertificate *cacert;
+ GSocketConnectable *identity;
+ GTlsCertificateFlags errors;
+ GError *error = NULL;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ /* Unrelated cert used as certificate authority */
+ cacert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cacert));
+
+ /*
+ * - Use unrelated cert as CA
+ * - Use wrong identity.
+ * - Use expired certificate.
+ */
+
+ identity = g_network_address_new ("other.example.com", 80);
+
+ errors = g_tls_certificate_verify (cert, identity, cacert);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA |
+ G_TLS_CERTIFICATE_BAD_IDENTITY | G_TLS_CERTIFICATE_EXPIRED);
+
+ g_object_unref (cert);
+ g_object_unref (cacert);
+ g_object_unref (identity);
+}
+
+static void
+test_certificate_is_same (void)
+{
+ GTlsCertificate *one;
+ GTlsCertificate *two;
+ GTlsCertificate *three;
+ GError *error = NULL;
+
+ one = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
+ g_assert_no_error (error);
+
+ two = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+ g_assert_no_error (error);
+
+ three = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+
+ g_assert (g_tls_certificate_is_same (one, two) == TRUE);
+ g_assert (g_tls_certificate_is_same (two, one) == TRUE);
+ g_assert (g_tls_certificate_is_same (three, one) == FALSE);
+ g_assert (g_tls_certificate_is_same (one, three) == FALSE);
+ g_assert (g_tls_certificate_is_same (two, three) == FALSE);
+ g_assert (g_tls_certificate_is_same (three, two) == FALSE);
+
+ g_object_unref (one);
+ g_object_unref (two);
+ g_object_unref (three);
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ g_test_init (&argc, &argv, NULL);
+
+ g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
+
+ g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+ g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) ==
0);
+
+ g_test_add ("/tls/certificate/create-pem", TestCertificate, NULL,
+ setup_certificate, test_create_pem, teardown_certificate);
+ g_test_add ("/tls/certificate/create-der", TestCertificate, NULL,
+ setup_certificate, test_create_der, teardown_certificate);
+ g_test_add ("/tls/certificate/create-with-key-pem", TestCertificate, NULL,
+ setup_certificate, test_create_with_key_pem, teardown_certificate);
+ g_test_add ("/tls/certificate/create-with-key-der", TestCertificate, NULL,
+ setup_certificate, test_create_with_key_der, teardown_certificate);
+ g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
+ setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+ g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
+ g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
+ g_test_add_func ("/tls/certificate/create-list", test_create_list);
+ g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad);
+
+ g_test_add ("/tls/certificate/verify-good", TestVerify, NULL,
+ setup_verify, test_verify_certificate_good, teardown_verify);
+ g_test_add ("/tls/certificate/verify-bad-identity", TestVerify, NULL,
+ setup_verify, test_verify_certificate_bad_identity, teardown_verify);
+ g_test_add ("/tls/certificate/verify-bad-ca", TestVerify, NULL,
+ setup_verify, test_verify_certificate_bad_ca, teardown_verify);
+ g_test_add ("/tls/certificate/verify-bad-before", TestVerify, NULL,
+ setup_verify, test_verify_certificate_bad_before, teardown_verify);
+ g_test_add ("/tls/certificate/verify-bad-expired", TestVerify, NULL,
+ setup_verify, test_verify_certificate_bad_expired, teardown_verify);
+ g_test_add ("/tls/certificate/verify-bad-combo", TestVerify, NULL,
+ setup_verify, test_verify_certificate_bad_combo, teardown_verify);
+
+ g_test_add_func ("/tls/certificate/is-same", test_certificate_is_same);
+
+ return g_test_run();
+}
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
new file mode 100644
index 0000000..9e13903
--- /dev/null
+++ b/tls/tests/connection.c
@@ -0,0 +1,2033 @@
+/* GIO TLS tests
+ *
+ * Copyright 2011 Collabora, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include "mock-interaction.h"
+
+#include <gio/gio.h>
+
+#include <sys/types.h>
+#include <string.h>
+
+static const gchar *
+tls_test_file_path (const char *name)
+{
+ const gchar *const_path;
+ gchar *path;
+
+ path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+ if (!g_path_is_absolute (path))
+ {
+ gchar *cwd, *abs;
+
+ cwd = g_get_current_dir ();
+ abs = g_build_filename (cwd, path, NULL);
+ g_free (cwd);
+ g_free (path);
+ path = abs;
+ }
+
+ const_path = g_intern_string (path);
+ g_free (path);
+ return const_path;
+}
+
+#define TEST_DATA "You win again, gravity!\n"
+#define TEST_DATA_LENGTH 24
+
+typedef struct {
+ GMainContext *context;
+ GMainLoop *loop;
+ GSocketService *service;
+ GTlsDatabase *database;
+ GIOStream *server_connection;
+ GIOStream *client_connection;
+ GSocketConnectable *identity;
+ GSocketAddress *address;
+ GTlsAuthenticationMode auth_mode;
+ gboolean rehandshake;
+ GTlsCertificateFlags accept_flags;
+ GError *read_error;
+ gboolean expect_server_error;
+ GError *server_error;
+ gboolean server_should_close;
+ gboolean server_running;
+ GTlsCertificate *server_certificate;
+
+ char buf[128];
+ gssize nread, nwrote;
+} TestConnection;
+
+static void
+setup_connection (TestConnection *test, gconstpointer data)
+{
+ test->context = g_main_context_default ();
+ test->loop = g_main_loop_new (test->context, FALSE);
+ test->auth_mode = G_TLS_AUTHENTICATION_NONE;
+}
+
+/* Waits about 10 seconds for @var to be NULL/FALSE */
+#define WAIT_UNTIL_UNSET(var) \
+ if (var) \
+ { \
+ int i; \
+ \
+ for (i = 0; i < 13 && (var); i++) \
+ { \
+ g_usleep (1000 * (1 << i)); \
+ g_main_context_iteration (NULL, FALSE); \
+ } \
+ \
+ g_assert (!(var)); \
+ }
+
+static void
+teardown_connection (TestConnection *test, gconstpointer data)
+{
+ if (test->service)
+ {
+ g_socket_service_stop (test->service);
+ /* The outstanding accept_async will hold a ref on test->service,
+ * which we want to wait for it to release if we're valgrinding.
+ */
+ g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)&test->service);
+ g_object_unref (test->service);
+ WAIT_UNTIL_UNSET (test->service);
+ }
+
+ if (test->server_connection)
+ {
+ WAIT_UNTIL_UNSET (test->server_running);
+
+ g_object_add_weak_pointer (G_OBJECT (test->server_connection),
+ (gpointer *)&test->server_connection);
+ g_object_unref (test->server_connection);
+ WAIT_UNTIL_UNSET (test->server_connection);
+ }
+
+ if (test->client_connection)
+ {
+ g_object_add_weak_pointer (G_OBJECT (test->client_connection),
+ (gpointer *)&test->client_connection);
+ g_object_unref (test->client_connection);
+ WAIT_UNTIL_UNSET (test->client_connection);
+ }
+
+ if (test->database)
+ {
+ g_object_add_weak_pointer (G_OBJECT (test->database),
+ (gpointer *)&test->database);
+ g_object_unref (test->database);
+ WAIT_UNTIL_UNSET (test->database);
+ }
+
+ g_clear_object (&test->address);
+ g_clear_object (&test->identity);
+ g_clear_object (&test->server_certificate);
+ g_main_loop_unref (test->loop);
+ g_clear_error (&test->read_error);
+ g_clear_error (&test->server_error);
+}
+
+static void
+start_server (TestConnection *test)
+{
+ GInetAddress *inet;
+ GSocketAddress *addr;
+ GInetSocketAddress *iaddr;
+ GError *error = NULL;
+
+ inet = g_inet_address_new_from_string ("127.0.0.1");
+ addr = g_inet_socket_address_new (inet, 0);
+ g_object_unref (inet);
+
+ g_socket_listener_add_address (G_SOCKET_LISTENER (test->service), addr,
+ G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
+ NULL, &test->address, &error);
+ g_assert_no_error (error);
+
+ g_object_unref (addr);
+
+ /* The hostname in test->identity matches the server certificate. */
+ iaddr = G_INET_SOCKET_ADDRESS (test->address);
+ test->identity = g_network_address_new ("server.example.com",
+ g_inet_socket_address_get_port (iaddr));
+
+ test->server_running = TRUE;
+}
+
+static gboolean
+on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
+ GTlsCertificateFlags errors, gpointer user_data)
+{
+ TestConnection *test = user_data;
+ return errors == test->accept_flags;
+}
+
+static void on_output_write_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data);
+
+static void
+on_rehandshake_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+ GOutputStream *stream;
+
+ g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), res, &error);
+ g_assert_no_error (error);
+
+ stream = g_io_stream_get_output_stream (test->server_connection);
+ g_output_stream_write_async (stream, TEST_DATA + TEST_DATA_LENGTH / 2,
+ TEST_DATA_LENGTH / 2,
+ G_PRIORITY_DEFAULT, NULL,
+ on_output_write_finish, test);
+}
+
+static void
+on_server_close_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+
+ g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
+ if (test->expect_server_error)
+ g_assert (error != NULL);
+ else
+ g_assert_no_error (error);
+ test->server_running = FALSE;
+}
+
+static void
+close_server_connection (TestConnection *test)
+{
+ g_io_stream_close_async (test->server_connection, G_PRIORITY_DEFAULT, NULL,
+ on_server_close_finish, test);
+}
+
+static void
+on_output_write_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+
+ g_assert (test->server_error == NULL);
+ g_output_stream_write_finish (G_OUTPUT_STREAM (object), res, &test->server_error);
+
+ if (!test->server_error && test->rehandshake)
+ {
+ test->rehandshake = FALSE;
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->server_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ on_rehandshake_finish, test);
+ return;
+ }
+
+ if (test->server_should_close)
+ close_server_connection (test);
+}
+
+static gboolean
+on_incoming_connection (GSocketService *service,
+ GSocketConnection *connection,
+ GObject *source_object,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GOutputStream *stream;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ if (test->server_certificate)
+ {
+ cert = g_object_ref (test->server_certificate);
+ }
+ else
+ {
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
+ }
+
+ test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
+ cert, &error);
+ g_assert_no_error (error);
+ g_object_unref (cert);
+
+ g_object_set (test->server_connection, "authentication-mode", test->auth_mode, NULL);
+ g_signal_connect (test->server_connection, "accept-certificate",
+ G_CALLBACK (on_accept_certificate), test);
+
+ if (test->database)
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->server_connection), test->database);
+
+ stream = g_io_stream_get_output_stream (test->server_connection);
+
+ g_output_stream_write_async (stream, TEST_DATA,
+ test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
+ G_PRIORITY_DEFAULT, NULL,
+ on_output_write_finish, test);
+ return FALSE;
+}
+
+static void
+start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode,
+ gboolean should_close)
+{
+ test->service = g_socket_service_new ();
+ start_server (test);
+
+ test->auth_mode = auth_mode;
+ g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
+
+ test->server_should_close = should_close;
+}
+
+static GIOStream *
+start_async_server_and_connect_to_it (TestConnection *test,
+ GTlsAuthenticationMode auth_mode,
+ gboolean should_close)
+{
+ GSocketClient *client;
+ GError *error = NULL;
+ GSocketConnection *connection;
+
+ start_async_server_service (test, auth_mode, should_close);
+
+ client = g_socket_client_new ();
+ connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ return G_IO_STREAM (connection);
+}
+
+static void
+run_echo_server (GThreadedSocketService *service,
+ GSocketConnection *connection,
+ GObject *source_object,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GTlsConnection *tlsconn;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ GInputStream *istream;
+ GOutputStream *ostream;
+ gssize nread, nwrote, total;
+ gchar buf[128];
+
+ if (test->server_certificate)
+ {
+ cert = g_object_ref (test->server_certificate);
+ }
+ else
+ {
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
+ }
+
+ test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
+ cert, &error);
+ g_assert_no_error (error);
+ g_object_unref (cert);
+
+ tlsconn = G_TLS_CONNECTION (test->server_connection);
+ g_tls_connection_handshake (tlsconn, NULL, &error);
+ g_assert_no_error (error);
+
+ istream = g_io_stream_get_input_stream (test->server_connection);
+ ostream = g_io_stream_get_output_stream (test->server_connection);
+
+ while (TRUE)
+ {
+ nread = g_input_stream_read (istream, buf, sizeof (buf), NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (nread, >=, 0);
+
+ if (nread == 0)
+ break;
+
+ for (total = 0; total < nread; total += nwrote)
+ {
+ nwrote = g_output_stream_write (ostream, buf + total, nread - total, NULL, &error);
+ g_assert_no_error (error);
+ }
+
+ if (test->rehandshake)
+ {
+ test->rehandshake = FALSE;
+ g_tls_connection_handshake (tlsconn, NULL, &error);
+ g_assert_no_error (error);
+ }
+ }
+
+ g_io_stream_close (test->server_connection, NULL, &error);
+ g_assert_no_error (error);
+ test->server_running = FALSE;
+}
+
+static void
+start_echo_server_service (TestConnection *test)
+{
+ test->service = g_threaded_socket_service_new (5);
+ start_server (test);
+
+ g_signal_connect (test->service, "run", G_CALLBACK (run_echo_server), test);
+}
+
+static GIOStream *
+start_echo_server_and_connect_to_it (TestConnection *test)
+{
+ GSocketClient *client;
+ GError *error = NULL;
+ GSocketConnection *connection;
+
+ start_echo_server_service (test);
+
+ client = g_socket_client_new ();
+ connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ return G_IO_STREAM (connection);
+}
+
+static void
+on_client_connection_close_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+
+ g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
+ g_assert_no_error (error);
+
+ g_main_loop_quit (test->loop);
+}
+
+static void
+on_input_read_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ gchar *line, *check;
+
+ line = g_data_input_stream_read_line_finish (G_DATA_INPUT_STREAM (object), res,
+ NULL, &test->read_error);
+ if (!test->read_error)
+ {
+ g_assert (line);
+
+ check = g_strdup (TEST_DATA);
+ g_strstrip (check);
+ g_assert_cmpstr (line, ==, check);
+ g_free (check);
+ g_free (line);
+ }
+
+ g_io_stream_close_async (test->client_connection, G_PRIORITY_DEFAULT,
+ NULL, on_client_connection_close_finish, test);
+}
+
+static void
+read_test_data_async (TestConnection *test)
+{
+ GDataInputStream *stream;
+
+ stream = g_data_input_stream_new (g_io_stream_get_input_stream (test->client_connection));
+ g_assert (stream);
+
+ g_data_input_stream_read_line_async (stream, G_PRIORITY_DEFAULT, NULL,
+ on_input_read_finish, test);
+ g_object_unref (stream);
+}
+
+static void
+test_basic_connection (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ /* No validation at all in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+test_verified_connection (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+test_verified_chain (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* Prepare the intermediate cert. */
+ intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_chain_with_redundant_root_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ GTlsCertificate *root_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* The root is redundant. It should not hurt anything. */
+ root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ /* Prepare the intermediate cert. */
+ g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_chain_with_duplicate_server_cert (TestConnection *test,
+ gconstpointer data)
+{
+ /* This is another common server misconfiguration. Apache reads certificates
+ * from two configuration files: one for the server cert, and one for the rest
+ * of the chain. If the server cert is pasted into both files, it will be sent
+ * twice. We should be tolerant of this. */
+
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *extra_server_cert;
+ GTlsCertificate *intermediate_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* Prepare the intermediate cert. */
+ intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ /* Prepare the server cert... again. Private key must go on this one. */
+ extra_server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", server_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (extra_server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (server_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = extra_server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_unordered_chain (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ GTlsCertificate *root_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* Prepare the intermediate cert (to be sent last, out of order)! */
+ intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"),
+ &error);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ g_file_get_contents (tls_test_file_path ("ca.pem"), &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ /* Prepare the root cert (to be sent in the middle of the chain). */
+ root_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ /* Prepare the server cert. */
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_chain_with_alternative_ca_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ GTlsCertificate *root_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* This "root" cert is issued by a CA that is not in the trust store. So it's
+ * not really a root, but it has the same public key as a cert in the trust
+ * store. If the client insists on a traditional chain of trust, this will
+ * fail, since the issuer is untrusted. */
+ root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ /* Prepare the intermediate cert. Modern TLS libraries are expected to notice
+ * that it is signed by the same public key as a certificate in the root
+ * store, and accept the certificate, ignoring the untrusted "root" sent next
+ * in the chain, which servers send for compatibility with clients that don't
+ * have the new CA cert in the trust store yet. (In this scenario, the old
+ * client still trusts the old CA cert.) */
+ g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *root_cert;
+ GIOStream *connection;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* This certificate has the same public key as a certificate in the root store. */
+ root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ /* The intermediate cert is not sent. The chain should be rejected, since without intermediate.pem
+ * there is no proof that ca-alternative.pem signed server-intermediate.pem. */
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* Make sure this test doesn't expire. */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+on_notify_accepted_cas (GObject *obj,
+ GParamSpec *spec,
+ gpointer user_data)
+{
+ gboolean *changed = user_data;
+ g_assert (*changed == FALSE);
+ *changed = TRUE;
+}
+
+static void
+test_client_auth_connection (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsCertificate *cert;
+ GTlsCertificate *peer;
+ gboolean cas_changed;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+ g_assert_no_error (error);
+
+ g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ cas_changed = FALSE;
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (on_notify_accepted_cas), &cas_changed);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+ g_assert (peer != NULL);
+ g_assert (g_tls_certificate_is_same (peer, cert));
+ g_assert (cas_changed == TRUE);
+
+ g_object_unref (cert);
+}
+
+static void
+test_client_auth_rehandshake (TestConnection *test,
+ gconstpointer data)
+{
+ test->rehandshake = TRUE;
+ test_client_auth_connection (test, data);
+}
+
+static void
+test_client_auth_failure (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ gboolean accepted_changed;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* No Certificate set */
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ accepted_changed = FALSE;
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (on_notify_accepted_cas), &accepted_changed);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+
+ g_assert (accepted_changed == TRUE);
+}
+
+static void
+test_client_auth_request_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsCertificate *cert;
+ GTlsCertificate *peer;
+ GTlsInteraction *interaction;
+ gboolean cas_changed;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* Have the interaction return a certificate */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+ g_assert_no_error (error);
+ interaction = mock_interaction_new_static_certificate (cert);
+ g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+ g_object_unref (interaction);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ cas_changed = FALSE;
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (on_notify_accepted_cas), &cas_changed);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+ g_assert (peer != NULL);
+ g_assert (g_tls_certificate_is_same (peer, cert));
+ g_assert (cas_changed == TRUE);
+
+ g_object_unref (cert);
+}
+
+static void
+test_client_auth_request_fail (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsInteraction *interaction;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* Have the interaction return an error */
+ interaction = mock_interaction_new_static_error (G_FILE_ERROR, G_FILE_ERROR_ACCES, "Request message");
+ g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+ g_object_unref (interaction);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
+
+ g_io_stream_close (test->server_connection, NULL, NULL);
+ g_io_stream_close (test->client_connection, NULL, NULL);
+}
+
+static void
+test_connection_no_database (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ /* Overrides loading of the default database */
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), NULL);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ test->accept_flags = G_TLS_CERTIFICATE_UNKNOWN_CA;
+ g_signal_connect (test->client_connection, "accept-certificate",
+ G_CALLBACK (on_accept_certificate), test);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+handshake_failed_cb (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+
+ g_tls_connection_handshake_finish (G_TLS_CONNECTION (test->client_connection),
+ result, &error);
+ g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_clear_error (&error);
+
+ g_main_loop_quit (test->loop);
+}
+
+static void
+test_failed_connection (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GSocketConnectable *bad_addr;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+
+ bad_addr = g_network_address_new ("wrong.example.com", 80);
+ test->client_connection = g_tls_client_connection_new (connection, bad_addr, &error);
+ g_object_unref (bad_addr);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_failed_cb, test);
+ g_main_loop_run (test->loop);
+
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+socket_client_connected (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GSocketConnection *connection;
+ GError *error = NULL;
+
+ connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
+ result, &error);
+ g_assert_no_error (error);
+ test->client_connection = G_IO_STREAM (connection);
+
+ g_main_loop_quit (test->loop);
+}
+
+static void
+test_connection_socket_client (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GTlsCertificateFlags flags;
+ GSocketConnection *connection;
+ GIOStream *base;
+ GError *error = NULL;
+
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ client = g_socket_client_new ();
+ g_socket_client_set_tls (client, TRUE);
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
+ /* test->address doesn't match the server's cert */
+ flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY;
+ g_socket_client_set_tls_validation_flags (client, flags);
+
+ g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, socket_client_connected, test);
+ g_main_loop_run (test->loop);
+
+ connection = (GSocketConnection *)test->client_connection;
+ test->client_connection = NULL;
+
+ g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection));
+ base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection));
+ g_assert (G_IS_TLS_CONNECTION (base));
+
+ g_io_stream_close (G_IO_STREAM (connection), NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ g_object_unref (client);
+}
+
+static void
+socket_client_failed (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+
+ g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
+ result, &error);
+ g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_clear_error (&error);
+
+ g_main_loop_quit (test->loop);
+}
+
+static void
+test_connection_socket_client_failed (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ client = g_socket_client_new ();
+ g_socket_client_set_tls (client, TRUE);
+ /* this time we don't adjust the validation flags */
+
+ g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, socket_client_failed, test);
+ g_main_loop_run (test->loop);
+
+ g_object_unref (client);
+}
+
+static void
+socket_client_timed_out_write (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GSocketConnection *connection;
+ GInputStream *input_stream;
+ GOutputStream *output_stream;
+ GError *error = NULL;
+ gchar buffer[TEST_DATA_LENGTH];
+ gssize size;
+
+ connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
+ result, &error);
+ g_assert_no_error (error);
+ test->client_connection = G_IO_STREAM (connection);
+
+ input_stream = g_io_stream_get_input_stream (test->client_connection);
+ output_stream = g_io_stream_get_output_stream (test->client_connection);
+
+ /* read TEST_DATA_LENGTH once */
+ size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+
+ /* read TEST_DATA_LENGTH again to cause the time out */
+ size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
+ g_assert_cmpint (size, ==, -1);
+ g_clear_error (&error);
+
+ /* write after a timeout, session should still be valid */
+ size = g_output_stream_write (output_stream, TEST_DATA, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+
+ g_main_loop_quit (test->loop);
+}
+
+static void
+test_connection_read_time_out_write (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GTlsCertificateFlags flags;
+ GSocketConnection *connection;
+ GIOStream *base;
+ GError *error = NULL;
+
+ /* Don't close the server connection after writing TEST_DATA. */
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, FALSE);
+ client = g_socket_client_new ();
+ /* Set a 1 second time out on the socket */
+ g_socket_client_set_timeout (client, 1);
+ g_socket_client_set_tls (client, TRUE);
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
+ /* test->address doesn't match the server's cert */
+ flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY;
+ g_socket_client_set_tls_validation_flags (client, flags);
+
+ g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, socket_client_timed_out_write, test);
+
+ g_main_loop_run (test->loop);
+
+ /* Close the server now */
+ close_server_connection (test);
+
+ connection = (GSocketConnection *)test->client_connection;
+ test->client_connection = NULL;
+
+ g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection));
+ base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection));
+ g_assert (G_IS_TLS_CONNECTION (base));
+
+ g_io_stream_close (G_IO_STREAM (connection), NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ g_object_unref (client);
+}
+
+static void
+simul_async_read_complete (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ gssize nread;
+ GError *error = NULL;
+
+ nread = g_input_stream_read_finish (G_INPUT_STREAM (object),
+ result, &error);
+ g_assert_no_error (error);
+
+ test->nread += nread;
+ g_assert_cmpint (test->nread, <=, TEST_DATA_LENGTH);
+
+ if (test->nread == TEST_DATA_LENGTH)
+ {
+ g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+ g_main_loop_quit (test->loop);
+ }
+ else
+ {
+ g_input_stream_read_async (G_INPUT_STREAM (object),
+ test->buf + test->nread,
+ TEST_DATA_LENGTH / 2,
+ G_PRIORITY_DEFAULT, NULL,
+ simul_async_read_complete, test);
+ }
+}
+
+static void
+simul_async_write_complete (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ gssize nwrote;
+ GError *error = NULL;
+
+ nwrote = g_output_stream_write_finish (G_OUTPUT_STREAM (object),
+ result, &error);
+ g_assert_no_error (error);
+
+ test->nwrote += nwrote;
+ if (test->nwrote < TEST_DATA_LENGTH)
+ {
+ g_output_stream_write_async (G_OUTPUT_STREAM (object),
+ TEST_DATA + test->nwrote,
+ TEST_DATA_LENGTH - test->nwrote,
+ G_PRIORITY_DEFAULT, NULL,
+ simul_async_write_complete, test);
+ }
+}
+
+static void
+test_simultaneous_async (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GTlsCertificateFlags flags;
+ GError *error = NULL;
+
+ connection = start_echo_server_and_connect_to_it (test);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL &
+ ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ flags);
+
+ memset (test->buf, 0, sizeof (test->buf));
+ test->nread = test->nwrote = 0;
+
+ g_input_stream_read_async (g_io_stream_get_input_stream (test->client_connection),
+ test->buf, TEST_DATA_LENGTH / 2,
+ G_PRIORITY_DEFAULT, NULL,
+ simul_async_read_complete, test);
+ g_output_stream_write_async (g_io_stream_get_output_stream (test->client_connection),
+ TEST_DATA, TEST_DATA_LENGTH / 2,
+ G_PRIORITY_DEFAULT, NULL,
+ simul_async_write_complete, test);
+
+ g_main_loop_run (test->loop);
+
+ g_assert_cmpint (test->nread, ==, TEST_DATA_LENGTH);
+ g_assert_cmpint (test->nwrote, ==, TEST_DATA_LENGTH);
+ g_assert_cmpstr (test->buf, ==, TEST_DATA);
+}
+
+static void
+test_simultaneous_async_rehandshake (TestConnection *test,
+ gconstpointer data)
+{
+ g_test_skip ("this needs more research on openssl");
+ return;
+
+ test->rehandshake = TRUE;
+ test_simultaneous_async (test, data);
+}
+
+static gpointer
+simul_read_thread (gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GInputStream *istream = g_io_stream_get_input_stream (test->client_connection);
+ GError *error = NULL;
+ gssize nread;
+
+ while (test->nread < TEST_DATA_LENGTH)
+ {
+ nread = g_input_stream_read (istream,
+ test->buf + test->nread,
+ MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nread),
+ NULL, &error);
+ g_assert_no_error (error);
+
+ test->nread += nread;
+ }
+
+ return NULL;
+}
+
+static gpointer
+simul_write_thread (gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GOutputStream *ostream = g_io_stream_get_output_stream (test->client_connection);
+ GError *error = NULL;
+ gssize nwrote;
+
+ while (test->nwrote < TEST_DATA_LENGTH)
+ {
+ nwrote = g_output_stream_write (ostream,
+ TEST_DATA + test->nwrote,
+ MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nwrote),
+ NULL, &error);
+ g_assert_no_error (error);
+
+ test->nwrote += nwrote;
+ }
+
+ return NULL;
+}
+
+static void
+test_simultaneous_sync (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GTlsCertificateFlags flags;
+ GError *error = NULL;
+ GThread *read_thread, *write_thread;
+
+ connection = start_echo_server_and_connect_to_it (test);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL &
+ ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ flags);
+
+ memset (test->buf, 0, sizeof (test->buf));
+ test->nread = test->nwrote = 0;
+
+ read_thread = g_thread_new ("reader", simul_read_thread, test);
+ write_thread = g_thread_new ("writer", simul_write_thread, test);
+
+ /* We need to run the main loop to get the GThreadedSocketService to
+ * receive the connection and spawn the server thread.
+ */
+ while (!test->server_connection)
+ g_main_context_iteration (NULL, FALSE);
+
+ g_thread_join (write_thread);
+ g_thread_join (read_thread);
+
+ g_assert_cmpint (test->nread, ==, TEST_DATA_LENGTH);
+ g_assert_cmpint (test->nwrote, ==, TEST_DATA_LENGTH);
+ g_assert_cmpstr (test->buf, ==, TEST_DATA);
+
+ g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+}
+
+static void
+test_simultaneous_sync_rehandshake (TestConnection *test,
+ gconstpointer data)
+{
+ g_test_skip ("this needs more research on openssl");
+ return;
+
+ test->rehandshake = TRUE;
+ test_simultaneous_sync (test, data);
+}
+
+static void
+test_close_immediately (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ /*
+ * At this point the server won't get a chance to run. But regardless
+ * closing should not wait on the server, trying to handshake or something.
+ */
+ g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+}
+
+static void
+quit_loop_on_notify (GObject *obj,
+ GParamSpec *spec,
+ gpointer user_data)
+{
+ GMainLoop *loop = user_data;
+
+ g_main_loop_quit (loop);
+}
+
+static void
+handshake_completed (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ gboolean *complete = user_data;
+
+ *complete = TRUE;
+ return;
+}
+
+static void
+test_close_during_handshake (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GMainContext *context;
+ GMainLoop *loop;
+ gboolean handshake_complete = FALSE;
+
+ g_test_bug ("688751");
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
+ test->expect_server_error = TRUE;
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ loop = g_main_loop_new (NULL, FALSE);
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (quit_loop_on_notify), loop);
+
+ context = g_main_context_new ();
+ g_main_context_push_thread_default (context);
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
+ g_main_context_pop_thread_default (context);
+
+ /* Now run the (default GMainContext) loop, which is needed for
+ * the server side of things. The client-side handshake will run in
+ * a thread, but its callback will never be invoked because its
+ * context isn't running.
+ */
+ g_main_loop_run (loop);
+ g_main_loop_unref (loop);
+
+ /* At this point handshake_thread() has started (and maybe
+ * finished), but handshake_thread_completed() (and thus
+ * finish_handshake()) has not yet run. Make sure close doesn't
+ * block.
+ */
+ g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+
+ /* We have to let the handshake_async() call finish now, or
+ * teardown_connection() will assert.
+ */
+ while (!handshake_complete)
+ g_main_context_iteration (context, TRUE);
+ g_main_context_unref (context);
+}
+
+static void
+test_output_stream_close_during_handshake (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GMainContext *context;
+ GMainLoop *loop;
+ gboolean handshake_complete = FALSE;
+
+ g_test_bug ("688751");
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ loop = g_main_loop_new (NULL, FALSE);
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (quit_loop_on_notify), loop);
+
+ context = g_main_context_new ();
+ g_main_context_push_thread_default (context);
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
+ g_main_context_pop_thread_default (context);
+
+ /* Now run the (default GMainContext) loop, which is needed for
+ * the server side of things. The client-side handshake will run in
+ * a thread, but its callback will never be invoked because its
+ * context isn't running.
+ */
+ g_main_loop_run (loop);
+ g_main_loop_unref (loop);
+
+ /* At this point handshake_thread() has started (and maybe
+ * finished), but handshake_thread_completed() (and thus
+ * finish_handshake()) has not yet run. Make sure close doesn't
+ * block.
+ */
+ g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), NULL, &error);
+ g_assert_no_error (error);
+
+ /* We have to let the handshake_async() call finish now, or
+ * teardown_connection() will assert.
+ */
+ while (!handshake_complete)
+ g_main_context_iteration (context, TRUE);
+ g_main_context_unref (context);
+}
+
+
+static void
+test_write_during_handshake (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GMainContext *context;
+ GMainLoop *loop;
+ GOutputStream *ostream;
+ gboolean handshake_complete = FALSE;
+
+ g_test_bug ("697754");
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ loop = g_main_loop_new (NULL, FALSE);
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (quit_loop_on_notify), loop);
+
+ context = g_main_context_new ();
+ g_main_context_push_thread_default (context);
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
+ g_main_context_pop_thread_default (context);
+
+ /* Now run the (default GMainContext) loop, which is needed for
+ * the server side of things. The client-side handshake will run in
+ * a thread, but its callback will never be invoked because its
+ * context isn't running.
+ */
+ g_main_loop_run (loop);
+ g_main_loop_unref (loop);
+
+ /* At this point handshake_thread() has started (and maybe
+ * finished), but handshake_thread_completed() (and thus
+ * finish_handshake()) has not yet run. Make sure close doesn't
+ * block.
+ */
+
+ ostream = g_io_stream_get_output_stream (test->client_connection);
+ g_output_stream_write (ostream, TEST_DATA, TEST_DATA_LENGTH,
+ G_PRIORITY_DEFAULT, &error);
+ g_assert_no_error (error);
+
+ /* We have to let the handshake_async() call finish now, or
+ * teardown_connection() will assert.
+ */
+ while (!handshake_complete)
+ g_main_context_iteration (context, TRUE);
+ g_main_context_unref (context);
+}
+
+static gboolean
+async_implicit_handshake_dispatch (GPollableInputStream *stream,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+ gchar buffer[TEST_DATA_LENGTH];
+ gssize size;
+ gboolean keep_running;
+
+ size = g_pollable_input_stream_read_nonblocking (stream, buffer,
+ TEST_DATA_LENGTH,
+ NULL, &error);
+
+ keep_running = (-1 == size);
+
+ if (keep_running)
+ {
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK);
+ g_error_free (error);
+ }
+ else
+ {
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+ g_main_loop_quit (test->loop);
+ }
+
+ return keep_running;
+}
+
+static void
+test_async_implicit_handshake (TestConnection *test, gconstpointer data)
+{
+ GTlsCertificateFlags flags;
+ GIOStream *stream;
+ GInputStream *input_stream;
+ GSource *input_source;
+ GError *error = NULL;
+
+ g_test_bug ("710691");
+
+ stream = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (stream, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (stream);
+
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL &
+ ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ flags);
+
+ /**
+ * Create a source from the client's input stream. The dispatch
+ * callback will be called a first time, which will perform a
+ * non-blocking read triggering the asynchronous implicit
+ * handshaking.
+ */
+ input_stream = g_io_stream_get_input_stream (test->client_connection);
+ input_source =
+ g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (input_stream),
+ NULL);
+
+ g_source_set_callback (input_source,
+ (GSourceFunc) async_implicit_handshake_dispatch,
+ test, NULL);
+
+ g_source_attach (input_source, NULL);
+
+ g_main_loop_run (test->loop);
+
+ g_io_stream_close (G_IO_STREAM (test->client_connection), NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (test->client_connection);
+ test->client_connection = NULL;
+}
+
+static void
+quit_on_handshake_complete (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+
+ g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error);
+ g_assert_no_error (error);
+
+ g_main_loop_quit (test->loop);
+ return;
+}
+
+#define PRIORITY_SSL_FALLBACK "NORMAL:+VERS-SSL3.0"
+#define PRIORITY_TLS_FALLBACK "NORMAL:+VERS-TLS-ALL:-VERS-SSL3.0"
+
+static void
+test_fallback (gconstpointer data)
+{
+ const char *priority_string = (const char *) data;
+ char *test_name;
+
+ test_name = g_strdup_printf ("/tls/connection/fallback/subprocess/%s", priority_string);
+ g_test_trap_subprocess (test_name, 0, 0);
+ g_test_trap_assert_passed ();
+ g_free (test_name);
+}
+
+static void
+test_fallback_subprocess (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GTlsConnection *tlsconn;
+ GError *error = NULL;
+
+ connection = start_echo_server_and_connect_to_it (test);
+ test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
+ g_assert_no_error (error);
+ tlsconn = G_TLS_CONNECTION (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+ g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ TRUE);
+ g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL,
+ quit_on_handshake_complete, test);
+ g_main_loop_run (test->loop);
+
+ /* In 2.42 we don't have the API to test that the correct version was negotiated,
+ * so we merely test that the connection succeeded at all.
+ */
+
+ g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+}
+
+static void
+test_output_stream_close (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ gboolean ret;
+ gboolean handshake_complete = FALSE;
+ gssize size;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ /* No validation at all in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
+
+ while (!handshake_complete)
+ g_main_context_iteration (NULL, TRUE);
+
+ ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
+
+
+ /* Verify that double close returns TRUE */
+ ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
+
+ size = g_output_stream_write (g_io_stream_get_output_stream (test->client_connection),
+ "data", 4, NULL, &error);
+ g_assert (size == -1);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED);
+ g_clear_error (&error);
+
+ /* We closed the output stream, but not the input stream, so receiving
+ * data should still work.
+ */
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ ret = g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ int ret;
+
+ g_test_init (&argc, &argv, NULL);
+ g_test_bug_base ("http://bugzilla.gnome.org/");
+
+ g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
+
+ g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+ g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) ==
0);
+
+ g_test_add ("/tls/connection/basic", TestConnection, NULL,
+ setup_connection, test_basic_connection, teardown_connection);
+ g_test_add ("/tls/connection/verified", TestConnection, NULL,
+ setup_connection, test_verified_connection, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain", TestConnection, NULL,
+ setup_connection, test_verified_chain, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL,
+ setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL,
+ setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection);
+ g_test_add ("/tls/connection/verified-unordered-chain", TestConnection, NULL,
+ setup_connection, test_verified_unordered_chain, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL,
+ setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection);
+ g_test_add ("/tls/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL,
+ setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection);
+ g_test_add ("/tls/connection/client-auth", TestConnection, NULL,
+ setup_connection, test_client_auth_connection, teardown_connection);
+ g_test_add ("/tls/connection/client-auth-rehandshake", TestConnection, NULL,
+ setup_connection, test_client_auth_rehandshake, teardown_connection);
+ g_test_add ("/tls/connection/client-auth-failure", TestConnection, NULL,
+ setup_connection, test_client_auth_failure, teardown_connection);
+ g_test_add ("/tls/connection/client-auth-request-cert", TestConnection, NULL,
+ setup_connection, test_client_auth_request_cert, teardown_connection);
+ g_test_add ("/tls/connection/client-auth-request-fail", TestConnection, NULL,
+ setup_connection, test_client_auth_request_fail, teardown_connection);
+ g_test_add ("/tls/connection/no-database", TestConnection, NULL,
+ setup_connection, test_connection_no_database, teardown_connection);
+ g_test_add ("/tls/connection/failed", TestConnection, NULL,
+ setup_connection, test_failed_connection, teardown_connection);
+ g_test_add ("/tls/connection/socket-client", TestConnection, NULL,
+ setup_connection, test_connection_socket_client, teardown_connection);
+ g_test_add ("/tls/connection/socket-client-failed", TestConnection, NULL,
+ setup_connection, test_connection_socket_client_failed, teardown_connection);
+ g_test_add ("/tls/connection/read-time-out-then-write", TestConnection, NULL,
+ setup_connection, test_connection_read_time_out_write, teardown_connection);
+ g_test_add ("/tls/connection/simultaneous-async", TestConnection, NULL,
+ setup_connection, test_simultaneous_async, teardown_connection);
+ g_test_add ("/tls/connection/simultaneous-sync", TestConnection, NULL,
+ setup_connection, test_simultaneous_sync, teardown_connection);
+ g_test_add ("/tls/connection/simultaneous-async-rehandshake", TestConnection, NULL,
+ setup_connection, test_simultaneous_async_rehandshake, teardown_connection);
+ g_test_add ("/tls/connection/simultaneous-sync-rehandshake", TestConnection, NULL,
+ setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
+ g_test_add ("/tls/connection/close-immediately", TestConnection, NULL,
+ setup_connection, test_close_immediately, teardown_connection);
+ g_test_add ("/tls/connection/close-during-handshake", TestConnection, NULL,
+ setup_connection, test_close_during_handshake, teardown_connection);
+ g_test_add ("/tls/connection/close-output-stream-during-handshake", TestConnection, NULL,
+ setup_connection, test_output_stream_close_during_handshake, teardown_connection);
+ g_test_add ("/tls/connection/write-during-handshake", TestConnection, NULL,
+ setup_connection, test_write_during_handshake, teardown_connection);
+ g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL,
+ setup_connection, test_async_implicit_handshake, teardown_connection);
+ g_test_add ("/tls/connection/output-stream-close", TestConnection, NULL,
+ setup_connection, test_output_stream_close, teardown_connection);
+
+ g_test_add_data_func ("/tls/connection/fallback/SSL", PRIORITY_SSL_FALLBACK, test_fallback);
+ g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_SSL_FALLBACK,
+ TestConnection, NULL,
+ setup_connection, test_fallback_subprocess, teardown_connection);
+ g_test_add_data_func ("/tls/connection/fallback/TLS", PRIORITY_TLS_FALLBACK, test_fallback);
+ g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_TLS_FALLBACK,
+ TestConnection, NULL,
+ setup_connection, test_fallback_subprocess, teardown_connection);
+
+ ret = g_test_run();
+
+ /* for valgrinding */
+ g_main_context_unref (g_main_context_default ());
+
+ return ret;
+}
diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c
new file mode 100644
index 0000000..2c7b6f6
--- /dev/null
+++ b/tls/tests/file-database.c
@@ -0,0 +1,576 @@
+/* GIO TLS tests
+ *
+ * Copyright 2011 Collabora, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include <gio/gio.h>
+
+#include <sys/types.h>
+#include <string.h>
+
+static const gchar *
+tls_test_file_path (const char *name)
+{
+ const gchar *const_path;
+ gchar *path;
+
+ path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+ if (!g_path_is_absolute (path))
+ {
+ gchar *cwd, *abs;
+
+ cwd = g_get_current_dir ();
+ abs = g_build_filename (cwd, path, NULL);
+ g_free (cwd);
+ g_free (path);
+ path = abs;
+ }
+
+ const_path = g_intern_string (path);
+ g_free (path);
+ return const_path;
+}
+
+/* -----------------------------------------------------------------------------
+ * CERTIFICATE VERIFY
+ */
+
+typedef struct {
+ GTlsCertificate *cert;
+ GSocketConnectable *identity;
+ GTlsDatabase *database;
+} TestVerify;
+
+static void
+setup_verify (TestVerify *test,
+ gconstpointer data)
+{
+ GError *error = NULL;
+
+ test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+
+ test->identity = g_network_address_new ("server.example.com", 80);
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_DATABASE (test->database));
+}
+
+static void
+teardown_verify (TestVerify *test,
+ gconstpointer data)
+{
+ g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+ g_object_add_weak_pointer (G_OBJECT (test->cert),
+ (gpointer *)&test->cert);
+ g_object_unref (test->cert);
+ g_assert (test->cert == NULL);
+
+ g_assert (G_IS_TLS_DATABASE (test->database));
+ g_object_add_weak_pointer (G_OBJECT (test->database),
+ (gpointer *)&test->database);
+ g_object_unref (test->database);
+ g_assert (test->database == NULL);
+
+ g_object_add_weak_pointer (G_OBJECT (test->identity),
+ (gpointer *)&test->identity);
+ g_object_unref (test->identity);
+ g_assert (test->identity == NULL);
+}
+
+static void
+test_verify_database_good (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GError *error = NULL;
+
+ errors = g_tls_database_verify_chain (test->database, test->cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ test->identity, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpuint (errors, ==, 0);
+
+ errors = g_tls_database_verify_chain (test->database, test->cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ NULL, NULL, 0, NULL, &error);
+ g_assert_cmpuint (errors, ==, 0);
+}
+
+static void
+test_verify_database_bad_identity (TestVerify *test,
+ gconstpointer data)
+{
+ GSocketConnectable *identity;
+ GTlsCertificateFlags errors;
+ GError *error = NULL;
+
+ identity = g_network_address_new ("other.example.com", 80);
+
+ errors = g_tls_database_verify_chain (test->database, test->cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ identity, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
+
+ g_object_unref (identity);
+}
+
+static void
+test_verify_database_bad_ca (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ /* Use another certificate which isn't in our CA list */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ errors = g_tls_database_verify_chain (test->database, cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ test->identity, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA);
+
+ g_object_unref (cert);
+}
+
+static void
+test_verify_database_bad_before (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ /* This is a certificate in the future */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ errors = g_tls_database_verify_chain (test->database, cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ NULL, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_NOT_ACTIVATED);
+
+ g_object_unref (cert);
+}
+
+static void
+test_verify_database_bad_expired (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificateFlags errors;
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ /* This is a certificate in the future */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ errors = g_tls_database_verify_chain (test->database, cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ NULL, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_EXPIRED);
+
+ g_object_unref (cert);
+}
+
+static void
+test_verify_database_bad_combo (TestVerify *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ GSocketConnectable *identity;
+ GTlsCertificateFlags errors;
+ GError *error = NULL;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ /*
+ * - Use is self signed
+ * - Use wrong identity.
+ */
+
+ identity = g_network_address_new ("other.example.com", 80);
+
+ errors = g_tls_database_verify_chain (test->database, cert,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ identity, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA |
+ G_TLS_CERTIFICATE_BAD_IDENTITY);
+
+ g_object_unref (cert);
+ g_object_unref (identity);
+}
+
+static GTlsCertificate *
+load_certificate_chain (const char *filename,
+ GError **error)
+{
+ GList *certificates;
+ GTlsCertificate *chain = NULL, *prev_chain = NULL;
+ GTlsBackend *backend;
+ GByteArray *der;
+ GList *l;
+
+ certificates = g_tls_certificate_list_new_from_file (filename, error);
+ if (certificates == NULL)
+ return NULL;
+
+ backend = g_tls_backend_get_default ();
+ certificates = g_list_reverse (certificates);
+ for (l = certificates; l != NULL; l = g_list_next (l))
+ {
+ prev_chain = chain;
+ g_object_get (l->data, "certificate", &der, NULL);
+ chain = g_object_new (g_tls_backend_get_certificate_type (backend),
+ "certificate", der,
+ "issuer", prev_chain,
+ NULL);
+ g_byte_array_unref (der);
+ g_clear_object (&prev_chain);
+ }
+
+ g_list_free_full (certificates, g_object_unref);
+ return chain;
+}
+
+static gboolean
+is_certificate_in_chain (GTlsCertificate *chain,
+ GTlsCertificate *cert)
+{
+ while (chain != NULL)
+ {
+ if (g_tls_certificate_is_same (chain, cert))
+ return TRUE;
+ chain = g_tls_certificate_get_issuer (chain);
+ }
+
+ return FALSE;
+}
+
+static void
+test_verify_with_incorrect_root_in_chain (void)
+{
+ GTlsCertificate *ca_verisign_sha1;
+ GTlsDatabase *database;
+ GError *error = NULL;
+ GTlsCertificate *chain;
+ GSocketConnectable *identity;
+ GTlsCertificateFlags errors;
+
+ /*
+ * This database contains a single anchor certificate of:
+ * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
+ */
+ database = g_tls_file_database_new (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_DATABASE (database));
+
+ ca_verisign_sha1 = g_tls_certificate_new_from_file (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
+
+ /*
+ * This certificate chain contains a root certificate with that same issuer, public key:
+ * C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
+ *
+ * But it is not the same certificate in our database. However our database should
+ * verify this chain as valid, since the issuer fields and signatures should chain up
+ * to the certificate in our database.
+ */
+ chain = load_certificate_chain (tls_test_file_path ("chain-with-verisign-md2.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (chain));
+
+ g_assert (g_tls_certificate_get_issuer (chain) != NULL);
+ g_assert (g_tls_certificate_get_issuer (g_tls_certificate_get_issuer (chain)) != NULL);
+ g_assert (is_certificate_in_chain (chain, chain));
+ g_assert (!is_certificate_in_chain (chain, ca_verisign_sha1));
+
+
+ identity = g_network_address_new ("secure-test.streamline-esolutions.com", 443);
+
+ errors = g_tls_database_verify_chain (database, chain,
+ G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
+ identity, NULL, 0, NULL, &error);
+ g_assert_no_error (error);
+ errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */
+ g_assert_cmpuint (errors, ==, 0);
+
+ g_object_unref (chain);
+ g_object_unref (ca_verisign_sha1);
+ g_object_unref (identity);
+ g_object_unref (database);
+}
+
+/* -----------------------------------------------------------------------------
+ * FILE DATABASE
+ */
+
+typedef struct {
+ GTlsDatabase *database;
+ const gchar *path;
+} TestFileDatabase;
+
+static void
+setup_file_database (TestFileDatabase *test,
+ gconstpointer data)
+{
+ GError *error = NULL;
+
+ test->path = tls_test_file_path ("ca-roots.pem");
+ test->database = g_tls_file_database_new (test->path, &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_DATABASE (test->database));
+}
+
+static void
+teardown_file_database (TestFileDatabase *test,
+ gconstpointer data)
+{
+ g_assert (G_IS_TLS_DATABASE (test->database));
+ g_object_add_weak_pointer (G_OBJECT (test->database),
+ (gpointer *)&test->database);
+ g_object_unref (test->database);
+ g_assert (test->database == NULL);
+}
+
+static void
+test_file_database_handle (TestFileDatabase *test,
+ gconstpointer unused)
+{
+ GTlsCertificate *certificate;
+ GTlsCertificate *check;
+ GError *error = NULL;
+ gchar *handle;
+
+ /*
+ * ca.pem is in the ca-roots.pem that the test->database represents.
+ * So it should be able to create a handle for it and treat it as if it
+ * is 'in' the database.
+ */
+
+ certificate = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (certificate));
+
+ handle = g_tls_database_create_certificate_handle (test->database, certificate);
+ g_assert (handle != NULL);
+ g_assert (g_str_has_prefix (handle, "file:///"));
+
+ check = g_tls_database_lookup_certificate_for_handle (test->database, handle,
+ NULL, G_TLS_DATABASE_LOOKUP_NONE,
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (check));
+
+ g_free (handle);
+ g_object_unref (check);
+ g_object_unref (certificate);
+}
+
+static void
+test_file_database_handle_invalid (TestFileDatabase *test,
+ gconstpointer unused)
+{
+ GTlsCertificate *certificate;
+ GError *error = NULL;
+
+ certificate = g_tls_database_lookup_certificate_for_handle (test->database, "blah:blah",
+ NULL, G_TLS_DATABASE_LOOKUP_NONE,
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert (certificate == NULL);
+}
+
+/* -----------------------------------------------------------------------------
+ * DATABASE
+ */
+
+static void
+test_anchors_property (void)
+{
+ GTlsDatabase *database;
+ gchar *anchor_filename = NULL;
+ GError *error = NULL;
+
+ database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+
+ g_object_get (database, "anchors", &anchor_filename, NULL);
+ g_assert_cmpstr (anchor_filename, ==, tls_test_file_path ("ca.pem"));
+ g_free (anchor_filename);
+
+ g_object_unref (database);
+}
+
+static gboolean
+certificate_is_in_list (GList *certificates,
+ const gchar *filename)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ GList *l;
+
+ cert = g_tls_certificate_new_from_file (filename, &error);
+ g_assert_no_error (error);
+
+ for (l = certificates; l != NULL; l = g_list_next (l))
+ {
+ if (g_tls_certificate_is_same (l->data, cert))
+ break;
+ }
+
+ g_object_unref (cert);
+
+ /* Had an early break from loop */
+ return l != NULL;
+}
+
+static void
+test_lookup_certificates_issued_by (void)
+{
+ /* This data is generated from the frob-certificate test tool in gcr library.
+ * To regenerate (from e.g. a directory containing gcr and glib-openssl):
+ *
+ * $ gcr/frob-certificate glib-openssl/tls/tests/files/ca.pem
+ *
+ * Then copy the hex that is printed after "subject" (not "issuer"!) and add
+ * the missing 'x's.
+ */
+ const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2"
+ "\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A"
+ "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41"
+ "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15"
+ "\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74"
+ "\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03"
+ "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
+ "\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09"
+ "\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63"
+ "\x6F\x6D";
+
+ GList *certificates;
+ GByteArray *issuer_dn;
+ GTlsDatabase *database;
+ GError *error = NULL;
+
+ database = g_tls_file_database_new (tls_test_file_path ("non-ca.pem"), &error);
+ g_assert_no_error (error);
+
+ issuer_dn = g_byte_array_new ();
+ /* The null terminator is in the array/string above */
+ g_byte_array_append (issuer_dn, ISSUER, G_N_ELEMENTS (ISSUER) - 1);
+
+ certificates = g_tls_database_lookup_certificates_issued_by (database, issuer_dn, NULL,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ NULL, &error);
+
+ g_byte_array_unref (issuer_dn);
+
+ g_assert_cmpuint (g_list_length (certificates), ==, 4);
+
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("server.pem")));
+ g_assert (!certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem")));
+
+ g_list_free_full (certificates, g_object_unref);
+ g_object_unref (database);
+}
+
+static void
+test_default_database_is_singleton (void)
+{
+ GTlsBackend *backend;
+ GTlsDatabase *database;
+ GTlsDatabase *check;
+
+ backend = g_tls_backend_get_default ();
+ g_assert (G_IS_TLS_BACKEND (backend));
+
+ database = g_tls_backend_get_default_database (backend);
+ g_assert (G_IS_TLS_DATABASE (database));
+
+ check = g_tls_backend_get_default_database (backend);
+ g_assert (database == check);
+
+ g_object_unref (database);
+ g_object_unref (check);
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ g_test_init (&argc, &argv, NULL);
+
+ g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
+
+ g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+ g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) ==
0);
+
+ g_test_add_func ("/tls/backend/default-database-is-singleton",
+ test_default_database_is_singleton);
+
+ g_test_add ("/tls/database/verify-good", TestVerify, NULL,
+ setup_verify, test_verify_database_good, teardown_verify);
+ g_test_add ("/tls/database/verify-bad-identity", TestVerify, NULL,
+ setup_verify, test_verify_database_bad_identity, teardown_verify);
+ g_test_add ("/tls/database/verify-bad-ca", TestVerify, NULL,
+ setup_verify, test_verify_database_bad_ca, teardown_verify);
+ g_test_add ("/tls/database/verify-bad-before", TestVerify, NULL,
+ setup_verify, test_verify_database_bad_before, teardown_verify);
+ g_test_add ("/tls/database/verify-bad-expired", TestVerify, NULL,
+ setup_verify, test_verify_database_bad_expired, teardown_verify);
+ g_test_add ("/tls/database/verify-bad-combo", TestVerify, NULL,
+ setup_verify, test_verify_database_bad_combo, teardown_verify);
+ g_test_add_func ("/tls/database/verify-with-incorrect-root-in-chain",
+ test_verify_with_incorrect_root_in_chain);
+
+ g_test_add_func ("/tls/file-database/anchors-property",
+ test_anchors_property);
+ g_test_add_func ("/tls/file-database/lookup-certificates-issued-by",
+ test_lookup_certificates_issued_by);
+
+ g_test_add ("/tls/file-database/test-handle", TestFileDatabase, NULL,
+ setup_file_database, test_file_database_handle, teardown_file_database);
+ g_test_add ("/tls/file-database/test-handle-invalid", TestFileDatabase, NULL,
+ setup_file_database, test_file_database_handle_invalid, teardown_file_database);
+
+ return g_test_run();
+}
diff --git a/tls/tests/files/ca-alternative.pem b/tls/tests/files/ca-alternative.pem
new file mode 100644
index 0000000..695fc37
--- /dev/null
+++ b/tls/tests/files/ca-alternative.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBV
+bnRydXN0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndh
+cy5hLmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNv
+bTAeFw0xNTA4MzAwMDIyMzFaFw00NTA4MjIwMDIyMzFaMIGGMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsG
+CSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAL2qSsuOcbcaJ9+uvbKan/v5186d6u1i5kIk3dPu4etHegHpDG5baq+C
+IUdY1AyCcz6OL61J1lbB3Ksk6eyo9woKHHto0BJ9IVEb7K7pT+gau7QeS15MUK5m
+NfueUfIdXTCNpHez6Nzt4H57bgqJJrJnHnondOuEalEFgDtOBqilAgMBAAGjggFR
+MIIBTTAdBgNVHQ4EFgQUmAbQgRwBOJuIai3NygAtGQ9xlbEwgdQGA1UdIwSBzDCB
+yYAULu6rFocDkpwOJyAjyQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50
+cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMu
+YS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22C
+CQD9kIwlfKYqXDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV
+HREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNv
+bTANBgkqhkiG9w0BAQUFAAOBgQA9CNpCI5kLKsccy73SZWyp2fEwMDrZHMJvChdv
+1CWaE1BYlLQWtr1bSy2aEPZujMVzUW5XtoRlLWpTBxUB7o888u7FJmFVhEv4Apq2
+DZ8yDlIy4yHFOShIQfmfdeDzYSoxXgoUINqxQDpfKXrQCB9OqQjI4yrJkw+lO7fs
+eIIk5w==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/ca-key.pem b/tls/tests/files/ca-key.pem
new file mode 100644
index 0000000..306604e
--- /dev/null
+++ b/tls/tests/files/ca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9qkrLjnG3Giffrr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6Qxu
+W2qvgiFHWNQMgnM+ji+tSdZWwdyrJOnsqPcKChx7aNASfSFRG+yu6U/oGru0Hkte
+TFCuZjX7nlHyHV0wjaR3s+jc7eB+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQAB
+AoGAY6BlA4HCV9TkZwnJ2VyBdwFpC75F3gYaP1pQL3gGsejsvL4m6n0YkDKBupF9
+aUjIsm5LuvHTJeVVPYz5V3f1syZr4fYYpmwoWjHkb6g55R9iAgmSd29gQwu0OdsP
+EhothysqPMvhWQi2gLHAz14U+EZVH9zKCZ50GW7bTrZoc20CQQD2LkPn6S2HQhPl
+Ks9HmPAsFkd0dKE0zE2IKvgsCiBsfvd4H1u0QO17ZWNR8AK9x16gnrDv0Xjpsw6H
+V9xaMsY7AkEAxTrzZKdaeu1BFDuLdgGuEj5YOUbhXjmldDwvw/xFXPU03MjCVDjo
+4V6MDZJ1HlpwWBCYO+pIyRd5NADXh33+nwJBAPT8d6FbYG6BKJFfd+V1YlVNWpCe
+3CpRwjpnII+bCEdQVu9YrYcFMhAhhqRs6B16QUYwhj4yRFS1VxkDK4srii8CQCdm
+U2D0HZsY8js8eeulAkUatz0Z78OG+Ipzy4b3SlP7mAfTAx8YD02WOZwsecEKiA7P
+odm2P7wMOGYvFN84SDkCQQCYg8rdrLdM1Wx+/k9aiFku1LmyHLZPtq39je4S/EJN
+ibWCMmhysz6cuIKykUYI7DKolQnxu4BWLnn9ff60T1xp
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/ca-roots-bad.pem b/tls/tests/files/ca-roots-bad.pem
new file mode 100644
index 0000000..0f8d7cc
--- /dev/null
+++ b/tls/tests/files/ca-roots-bad.pem
@@ -0,0 +1,90 @@
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
+CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
+aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
+gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
+aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
+tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
+nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
+77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
diff --git a/tls/tests/files/ca-roots.pem b/tls/tests/files/ca-roots.pem
new file mode 100644
index 0000000..435a1da
--- /dev/null
+++ b/tls/tests/files/ca-roots.pem
@@ -0,0 +1,209 @@
+These are some CA certificates
+
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
+-----END CERTIFICATE-----
+
+GLib shouldn't care about this comment
+
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
+CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
+aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
+gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
+aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
+tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
+nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
+77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
+Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
+ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
+zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
+rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
+YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
+oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
+FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
+0m6lG5kngOcLqagA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMC
+WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
+MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBl
+cnNvbmFsIEJhc2ljIENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNp
+Y0B0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVow
+gcsxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV
+BAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAm
+BgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xITAfBgNV
+BAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBDQTEoMCYGCSqGSIb3DQEJARYZ
+cGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53dXLdjUmbllegeNTK
+P1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdKwPQIcOk8RHtQ
+fmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7G1sY0b8j
+kyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOB
+gQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
+c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95
+B21P9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMC
+WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
+MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl
+cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1m
+cmVlbWFpbEB0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIz
+NTk1OVowgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
+EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp
+bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
+JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG
+SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfYDFG26nKRsIRefS0N
+j3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5ErHzmj+hND3Ef
+QDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVquzgkCGqY
+x7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
+MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgC
+neSa/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr
+5PjRzneigQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMC
+WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
+MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBl
+cnNvbmFsIFByZW1pdW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXBy
+ZW1pdW1AdGhhd3RlLmNvbTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5
+NTlaMIHPMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIw
+EAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n
+MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSMw
+IQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJlbWl1bSBDQTEqMCgGCSqGSIb3
+DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUuY29tMIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0VsBd/eJxZRNkERbGw7
+7f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWIEt12TfIa/G8j
+Hnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYDZicRFTuq
+W/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
+b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVx
+eTBhKXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1
+KzGJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMC
+WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
+MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy
+dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3Rl
+IFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
+cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1
+OVowgc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ
+BgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcg
+Y2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
+ITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3
+DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhI
+NTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPL
+lyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/qgeN
+9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZ
+a4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcU
+Qg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMC
+WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
+MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy
+dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3Rl
+IFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0
+ZS5jb20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkG
+A1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
+ZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
+CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQ
+VGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRz
+QHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I
+/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC
+6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCXL+eQbcAoQpnX
+TEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzARMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWD
+TSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdni
+TCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+
+Thank you for loading this list of CA certificates.
diff --git a/tls/tests/files/ca-verisign-sha1.pem b/tls/tests/files/ca-verisign-sha1.pem
new file mode 100644
index 0000000..7df0e49
--- /dev/null
+++ b/tls/tests/files/ca-verisign-sha1.pem
@@ -0,0 +1,48 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number:
+ 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+ Validity
+ Not Before: Jan 29 00:00:00 1996 GMT
+ Not After : Aug 2 23:59:59 2028 GMT
+ Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
+ db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
+ 11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
+ 1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
+ 63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
+ 42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
+ 5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
+ e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
+ 71:64:4c:65:2e:81:68:45:a7
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: sha1WithRSAEncryption
+ 10:72:52:a9:05:14:19:32:08:41:f0:c5:6b:0a:cc:7e:0f:21:
+ 19:cd:e4:67:dc:5f:a9:1b:e6:ca:e8:73:9d:22:d8:98:6e:73:
+ 03:61:91:c5:7c:b0:45:40:6e:44:9d:8d:b0:b1:96:74:61:2d:
+ 0d:a9:45:d2:a4:92:2a:d6:9a:75:97:6e:3f:53:fd:45:99:60:
+ 1d:a8:2b:4c:f9:5e:a7:09:d8:75:30:d7:d2:65:60:3d:67:d6:
+ 48:55:75:69:3f:91:f5:48:0b:47:69:22:69:82:96:be:c9:c8:
+ 38:86:4a:7a:2c:73:19:48:69:4e:6b:7c:65:bf:0f:fc:70:ce:
+ 88:90
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
+2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
+2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/ca.pem b/tls/tests/files/ca.pem
new file mode 100644
index 0000000..be5d6fc
--- /dev/null
+++ b/tls/tests/files/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/chain-with-verisign-md2.pem b/tls/tests/files/chain-with-verisign-md2.pem
new file mode 100644
index 0000000..88cbaf8
--- /dev/null
+++ b/tls/tests/files/chain-with-verisign-md2.pem
@@ -0,0 +1,81 @@
+ 0 s:/C=GB/ST=Lothian/L=Edinburgh/O=The Royal Bank of Scotland Group Plc/OU=Business
Standard/CN=secure-test.streamline-esolutions.com
+ i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa
(c)10/CN=VeriSign Class 3 Secure Server CA - G3
+-----BEGIN CERTIFICATE-----
+MIIFhzCCBG+gAwIBAgIQG8SaOaLKoAlziyc01IKx1TANBgkqhkiG9w0BAQUFADCB
+tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
+YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
+VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIwNjE1
+MDAwMDAwWhcNMTMwNjE2MjM1OTU5WjCBrjELMAkGA1UEBhMCR0IxEDAOBgNVBAgT
+B0xvdGhpYW4xEjAQBgNVBAcUCUVkaW5idXJnaDEtMCsGA1UEChQkVGhlIFJveWFs
+IEJhbmsgb2YgU2NvdGxhbmQgR3JvdXAgUGxjMRowGAYDVQQLFBFCdXNpbmVzcyBT
+dGFuZGFyZDEuMCwGA1UEAxQlc2VjdXJlLXRlc3Quc3RyZWFtbGluZS1lc29sdXRp
+b25zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj7qWBZQgxK
+TngnAIYCrmNWv9OPUeOhHWx/aRUwWNTQI5LnTfFq+IzrruiS296KoaMF89Veg6Li
+kIaR6GJ1LVNb5uWmNGo8zsXmSFeieqtREBfJHlu3G/1VcfpreqSiSi/8G6U/e6mZ
+tEuVUau5kw2cM92mzYPKV4h23aasNxc7UvhFTSr6Y3D1ImuHJcKYLcXhDGB35To5
+BqlIv9M7vURDbiStlOFOHoEe/nZ/86J073Vk0gc9TQUQ6d1yB5vgw5ZIi2kDHQ7b
+4yPYnD9j/RO6s6FimS/mM3m1c8GOLv3jtI0G/z30UIgGT4wXxqR8BY8dYULVO55M
+kn904sjk+GMCAwEAAaOCAZYwggGSMDAGA1UdEQQpMCeCJXNlY3VyZS10ZXN0LnN0
+cmVhbWxpbmUtZXNvbHV0aW9ucy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC
+BaAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVy
+aXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB
+BxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFA1EXBZT
+RMGCfh0gqyX0AWPYvnmlMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
+cDovL29jc3AudmVyaXNpZ24uY29tMEAGCCsGAQUFBzAChjRodHRwOi8vU1ZSU2Vj
+dXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2VyMA0GCSqGSIb3
+DQEBBQUAA4IBAQCvnbqk/8I12vNKIU0lMQ3+1Q67cS+Tith067RjwRt29D1TYxGc
+MV8GIDIXOjFc0BVrdXLniMuMP3ZfI7W2L7Gy8AfKNMseZ9r2tuF3fIHjXf9RChUA
+lUZe3eGuwhh3H64xGA+RbbEoTM8AMgvk9wu9P9I2qHmqFZOBoYwL8UY3SYO5Rzl1
+ggCAgj02evm6zWCmRLvZHJSDO7oWRw9Ke85VgJULRsn7jvGyFmc3W1uvuLOILj5P
+JhSKbb6eWVcWSqEKE+X1lLkUMd+8aBRjwkWHi5WVZX9NDscqBdl2DtYdmiVeFIqN
+9nGMGwm846SvURK6c5ySrExIkPnxVCOYXhGz
+-----END CERTIFICATE-----
+ 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa
(c)10/CN=VeriSign Class 3 Secure Server CA - G3
+ i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIEpTCCBA6gAwIBAgIQfnbFd1jfGsI+zDL79hUa1TANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
+LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+HhcNMTAwOTMwMDAwMDAwWhcNMTQwMTAxMjM1OTU5WjCBtTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
+dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu
+dmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3Mg
+MyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG5btljkRPTc5v7QlK
+1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8f0MmV1gzgzszChew
+0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDKtpo9yus3nABINYYp
+UHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAboGLSa6Dxugf3kzTU2
+s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RVM5l/JJs/U0V/hhrz
+PPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggGFMIIBgTASBgNVHRMBAf8E
+CDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAoBggrBgEFBQcC
+ARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEFBQcCAjAeGhxo
+dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMA4GA1UdDwEB/wQEAwIBBjBtBggr
+BgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP
+5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20v
+dnNsb2dvLmdpZjAoBgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJ
+LTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+HSCrJfQBY9i+eaUwMQYDVR0fBCowKDAm
+oCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDQYJKoZIhvcN
+AQEFBQADgYEALCbJk3A/lLYWx3aEmMiqkWjX3h00sBOmGUDc4wqwGR4aZdQ9ih8g
+KYjzFNWfxAaVZB5dDyc6ojY4wh8OsP4GWDYZfeeaHWBoczew8mukbaVpqrE97dTQ
+hRRcY4t+sIjMaXfRJi2w8dTeYSEMce6e3XVhijp5eJm8RlWXZJE9J0M=
+-----END CERTIFICATE-----
+# Note: this next certificate has:
+# Signature Algorithm: md2WithRSAEncryption
+ 2 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/chain.pem b/tls/tests/files/chain.pem
new file mode 100644
index 0000000..9fedf90
--- /dev/null
+++ b/tls/tests/files/chain.pem
@@ -0,0 +1,59 @@
+-----BEGIN CERTIFICATE-----
+MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
+bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
+aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
+LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
+SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
+urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
+ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
+rIGhqRjNMWRmaH1wgSCGRiE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
+MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
+V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
+BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
+gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
+FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
+LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
+gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
+T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
+Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/client-and-key.pem b/tls/tests/files/client-and-key.pem
new file mode 100644
index 0000000..86a405d
--- /dev/null
+++ b/tls/tests/files/client-and-key.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
+onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
+vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
+CWob7aQ/SlFQ+txnwJtOnA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
+5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
+asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
+SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
+AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
+XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
++j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
+K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
+CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
+Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
+UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
+Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
+NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
+11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
+vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
+Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
+uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
+f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
+e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
+RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
+NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
+ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
+9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
+7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
+As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/client-future.pem b/tls/tests/files/client-future.pem
new file mode 100644
index 0000000..bf08f8c
--- /dev/null
+++ b/tls/tests/files/client-future.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
+MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
+dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
+jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
+ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
+qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
+gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
+rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
+s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
+nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
+cbRhKzUoJD6FBuUq7OXOO+4T30c=
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/client-key.pem b/tls/tests/files/client-key.pem
new file mode 100644
index 0000000..a9740dc
--- /dev/null
+++ b/tls/tests/files/client-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
+5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
+asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
+SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
+AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
+XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
++j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
+K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
+CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
+Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
+UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
+Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
+NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
+11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
+vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
+Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
+uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
+f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
+e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
+RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
+NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
+ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
+9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
+7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
+As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/client-past.pem b/tls/tests/files/client-past.pem
new file mode 100644
index 0000000..f2e29e1
--- /dev/null
+++ b/tls/tests/files/client-past.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
+MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
+VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
+hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
+Iy/P6Hx0b2bZ5H6v/y6bqw==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/client.pem b/tls/tests/files/client.pem
new file mode 100644
index 0000000..75fae57
--- /dev/null
+++ b/tls/tests/files/client.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
+onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
+vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
+CWob7aQ/SlFQ+txnwJtOnA==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh
new file mode 100755
index 0000000..0a7140f
--- /dev/null
+++ b/tls/tests/files/create-files.sh
@@ -0,0 +1,186 @@
+#!/bin/sh
+
+msg() {
+ echo
+ echo "* $1 ..."
+}
+
+cd `dirname $0`
+
+echo
+echo "This script re-generates all private keys and certificates"
+echo "needed to run the Unit Test."
+echo
+echo " *** IMPORTANT ***"
+echo
+echo "This script will change the system date momentarily to generate"
+echo "a couple of certificates (sudo password will be requested). This"
+echo "is because it uses the OpenSSL x509 utility instead of the ca"
+echo "utility which allows to set a starting date for the certificates."
+echo
+echo "A few manual changes need to be made. The first certificate"
+echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by"
+echo "the contents of ca.pem."
+echo
+echo "Also, file-database.c:test_lookup_certificates_issued_by has"
+echo "an ISSUER variable that needs to be changed by the CA identifier"
+echo "(read the comment in that function) if you modify this script."
+echo
+echo " *** IMPORTANT ***"
+echo
+
+read -p "Press [Enter] key to continue..." key
+
+#######################################################################
+### Obsolete/Untrusted Root CA
+#######################################################################
+
+echo "00" > serial
+
+msg "Creating CA private key for obsolete/untrusted CA"
+openssl genrsa -out old-ca-key.pem 1024
+
+msg "Creating CA certificate for obsolete/untrusted CA"
+openssl req -x509 -new -config ssl/old-ca.conf -days 10950 -key old-ca-key.pem -out old-ca.pem
+
+#######################################################################
+### New Root CA
+#######################################################################
+
+msg "Creating CA private key"
+openssl genrsa -out ca-key.pem 1024
+
+msg "Creating CA certificate"
+openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem
+
+#######################################################################
+### New Root CA, issued by Obsolete/Untrusted Root CA
+#######################################################################
+
+msg "Creating CA certificate request"
+openssl req -config ssl/ca.conf -key ca-key.pem -new -out root-ca-csr.pem
+
+msg "Creating alternative certificate with same keys as CA"
+openssl x509 -req -in root-ca-csr.pem -days 10950 -CA old-ca.pem -CAkey old-ca-key.pem -CAserial serial
-extfile ssl/ca.conf -extensions v3_req_ext -out ca-alternative.pem
+
+#######################################################################
+### Server
+#######################################################################
+
+msg "Creating server private key"
+openssl genrsa -out server-key.pem 512
+
+msg "Creating server certificate request"
+openssl req -config ssl/server.conf -key server-key.pem -new -out server-csr.pem
+
+msg "Creating server certificate"
+openssl x509 -req -in server-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile
ssl/server.conf -extensions v3_req_ext -out server.pem
+
+msg "Concatenating server certificate and private key into a single file"
+cat server.pem > server-and-key.pem
+cat server-key.pem >> server-and-key.pem
+
+msg "Converting server certificate from PEM to DER"
+openssl x509 -in server.pem -outform DER -out server.der
+
+msg "Converting server private key from PEM to DER"
+openssl rsa -in server-key.pem -outform DER -out server-key.der
+
+#######################################################################
+### Server (self-signed)
+#######################################################################
+
+msg "Creating server self-signed certificate"
+openssl x509 -req -days 9125 -in server-csr.pem -signkey server-key.pem -out server-self.pem
+
+#######################################################################
+### Client
+#######################################################################
+
+msg "Creating client private key"
+openssl genrsa -out client-key.pem 2048
+
+msg "Creating client certificate request"
+openssl req -config ssl/client.conf -key client-key.pem -new -out client-csr.pem
+
+msg "Creating client certificate"
+openssl x509 -req -in client-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client.pem
+
+msg "Concatenating client certificate and private key into a single file"
+cat client.pem > client-and-key.pem
+cat client-key.pem >> client-and-key.pem
+
+# It is not possible to specify the start and end date using the "x509" tool.
+# It would be better to use the "ca" tool. Sorry!
+msg "Creating client certificate (past)"
+sudo date -s "17 JUL 2000 18:00:00"
+openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial
serial -out client-past.pem
+sudo hwclock -s
+touch client-past.pem
+
+msg "Creating client certificate (future)"
+sudo date -s "17 JUL 2060 18:00:00"
+openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial
serial -out client-future.pem
+sudo hwclock -s
+touch client-future.pem
+
+#######################################################################
+### Concatenate all non-CA certificates
+#######################################################################
+
+msg "Concatenating all non-CA certificates into a single file"
+echo "client.pem:" > non-ca.pem
+cat client.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "client-future.pem:" >> non-ca.pem
+cat client-future.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "client-past.pem:" >> non-ca.pem
+cat client-past.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "server.pem:" >> non-ca.pem
+cat server.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "server-self.pem:" >> non-ca.pem
+cat server-self.pem >> non-ca.pem
+
+#######################################################################
+### Intermediate CA
+#######################################################################
+
+echo "00" > intermediate-serial
+
+msg "Creating intermediate CA private key"
+openssl genrsa -out intermediate-ca-key.pem 512
+
+msg "Creating intermediate CA certificate request"
+openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem
+
+msg "Creating intermediate CA certificate"
+openssl x509 -req -in intermediate-ca-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial
-extfile ssl/intermediate-ca.conf -extensions v3_req_ext -out intermediate-ca.pem
+
+#######################################################################
+### Server (signed by Intermediate CA)
+#######################################################################
+
+msg "Creating server (intermediate CA) private key"
+openssl genrsa -out server-intermediate-key.pem 512
+
+msg "Creating server (intermediate CA) certificate request"
+openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out
server-intermediate-csr.pem
+
+msg "Creating server (intermediate CA) certificate"
+openssl x509 -req -in server-intermediate-csr.pem -days 9125 -CA intermediate-ca.pem -CAkey
intermediate-ca-key.pem -CAserial intermediate-serial -extfile ssl/server-intermediate.conf -extensions
v3_req_ext -out server-intermediate.pem
+
+msg "Concatenating server (intermediate CA) chain into a file"
+cat server-intermediate.pem > chain.pem
+cat intermediate-ca.pem >> chain.pem
+cat ca.pem >> chain.pem
+
+#######################################################################
+### Cleanup
+#######################################################################
+
+# We don't need the serial files anymore
+rm -f serial
+rm -f intermediate-serial
diff --git a/tls/tests/files/intermediate-ca-csr.pem b/tls/tests/files/intermediate-ca-csr.pem
new file mode 100644
index 0000000..189a2d3
--- /dev/null
+++ b/tls/tests/files/intermediate-ca-csr.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBujCCAWQCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x
+KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDN
+L2JuV7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGgUTBPBgkq
+hkiG9w0BCQ4xQjBAMB0GA1UdDgQWBBRd9ylgHXCCZmIH9Y3sRbfjbCVnATAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAANBAIp7
+2/fnWAYyd4QxpW8qqajTKyuGiS5rwm5knLZvriM3qR6mAtuI3vluk431YcQ1G/jn
+QdPf5uYuttJC1GzrZDE=
+-----END CERTIFICATE REQUEST-----
diff --git a/tls/tests/files/intermediate-ca-key.pem b/tls/tests/files/intermediate-ca-key.pem
new file mode 100644
index 0000000..e449282
--- /dev/null
+++ b/tls/tests/files/intermediate-ca-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBANEyJ2u0kBnbu0j2ADeGEg/tLkS1+OEwdSLyYM0vYm5XucwMagAR
+R8dXfH/4Rv9N7Ka8GJHOVQPpgZBEr7YLz4sCAwEAAQJAUPmw+Kfz/45meF+Axf1H
+kJKmjkJCDCjNrrFTdxkYaM0pCDPjHeclMHZ9mhtKQs2/8ER4tvdNIUCba/f9n4lI
+QQIhAO6s3jWb4JVobvpC0r5OE/HLOLgnnieQPQGl/sBoqL6fAiEA4GF+A8XaSF/C
+V5tFTFMDN1hw9bvOxhwaVAgcBNzHA5UCIFI5t+wcIYkXi3QoZVYuq+xXKNk4vOHA
+bWQN/e/nnordAiEA26qWU9s+99vHxzybez1JyMUs0WYr6IdavymxRJFfxIECIEra
+zEU8vYbm02cECN2fB6SRAlyD8Gb6KAMP+A4RXVWO
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/intermediate-ca.pem b/tls/tests/files/intermediate-ca.pem
new file mode 100644
index 0000000..179d030
--- /dev/null
+++ b/tls/tests/files/intermediate-ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
+MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
+V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
+BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
+gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
+FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
+LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
+gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
+T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
+Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/non-ca.pem b/tls/tests/files/non-ca.pem
new file mode 100644
index 0000000..068263b
--- /dev/null
+++ b/tls/tests/files/non-ca.pem
@@ -0,0 +1,88 @@
+client.pem:
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
+onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
+vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
+CWob7aQ/SlFQ+txnwJtOnA==
+-----END CERTIFICATE-----
+
+client-future.pem:
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
+MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
+dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
+jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
+ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
+qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
+gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
+rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
+s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
+nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
+cbRhKzUoJD6FBuUq7OXOO+4T30c=
+-----END CERTIFICATE-----
+
+client-past.pem:
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
+MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
+VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
+hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
+Iy/P6Hx0b2bZ5H6v/y6bqw==
+-----END CERTIFICATE-----
+
+server.pem:
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
+MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
+crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
+9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
+YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
+JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+-----END CERTIFICATE-----
+
+server-self.pem:
+-----BEGIN CERTIFICATE-----
+MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
+dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
+SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
+gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
+pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
+6JR2XOHSot4zsr68
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/old-ca-key.pem b/tls/tests/files/old-ca-key.pem
new file mode 100644
index 0000000..c0eb15d
--- /dev/null
+++ b/tls/tests/files/old-ca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDAcmBlQzZO0JXytrD6hG7mLM4UOcv/Mq0Spdko3VfLkBXMJKF5
+TC8gJYFw5/YhWH5rQ3hQoSUq/GbaHZh1XrJpHBYHQn4sS0m4Nlrd/q1pyvSMNr0s
+Ywe+McBw9TFqGgimV6rgDGsjqz3uxqOlo5goovOS7BT9XxcHMBW3/uQuIQIDAQAB
+AoGBAIxYXTg8BfUAZPo2hWaNAhtWfYt+gui/WjyJOo90rDxF/b98z02YY527/GQM
+phC3aqpq7+lNO7/XhmJ2xuKBhvWgw7sVjhEG5bqigofH8Rc3W/SvNyo1xh658HDF
+3IgpUVAMKVb3puvZNOqBn+3WxfFP7cawSPH+gU2GTdk+e5nJAkEA4LWOlU3vlVnp
+Rd3ngQNrfrh0MR2tD34Pu0xvvpNq9KWUjREVtcNGCFx0M4WYl1caiwtmWUtmdfhy
+Yd49v0E1VwJBANs+ujWmjh8hfwAZ1lQ5DfJROAvmxYrrn98sdj9RzuhnGdFoE+Ld
+BkpAQU1PvTPp2ot60633pwEDLZzd7tfb1UcCQDUcdIDxlMkWIT60Pj2OE2A2NLBP
+NVJOF2XLoTXIHiWI5V2aRilZ6DmdsJFk6DYNDmcC4MQGQEdt24sqPinwPa0CQE6S
+kWtu0FpJx9kCaXRvqhbgkqR5ROx/eyEhLxOMPwm9AVyx3wabzYhItN5/KEB1m7QH
+Bdu/+GL9f5hLVTCZATsCQQCyc9HNvPb2V4q4ksn+RuQH7VHI/cOtqTvldBXm1HhV
+XlM4brBTQjS1WbSmjlTcnzwfaLQXk+pGsqThOgbLwDvq
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/old-ca.pem b/tls/tests/files/old-ca.pem
new file mode 100644
index 0000000..cdee6c2
--- /dev/null
+++ b/tls/tests/files/old-ca.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEETCCA3qgAwIBAgIJAP2QjCV8pipcMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UE
+CwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMM
+GW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQ1MDgyMjAwMjIzMVowgZ8xEzAR
+BgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYD
+VQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UE
+AwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA
+ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMByYGVDNk7Q
+lfK2sPqEbuYszhQ5y/8yrRKl2SjdV8uQFcwkoXlMLyAlgXDn9iFYfmtDeFChJSr8
+ZtodmHVesmkcFgdCfixLSbg2Wt3+rWnK9Iw2vSxjB74xwHD1MWoaCKZXquAMayOr
+Pe7Go6WjmCii85LsFP1fFwcwFbf+5C4hAgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU
+Lu6rFocDkpwOJyAjyQrCxuefLW8wgdQGA1UdIwSBzDCByYAULu6rFocDkpwOJyAj
+yQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ
+k/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmlj
+YXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQD9kIwlfKYqXDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFt
+cGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUF
+AAOBgQAQLX3HpbnxH3gLf6rhj7IQEizZhAEGpvLMURlDdUdoH9ZYPsQ49rZ2kcjD
+FFUKa4Y9/smcBOkF1Za9xepinsftz8ALhsfyo3azXUJTm7sRcQzQkwaSsAh0smIv
+UbmMskbCbFVDwW8xu+SCRJac/+NAuxjxkgrytZksJPvQB545XQ==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/root-ca-csr.pem b/tls/tests/files/root-ca-csr.pem
new file mode 100644
index 0000000..48f5365
--- /dev/null
+++ b/tls/tests/files/root-ca-csr.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICGDCCAYECAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV
+BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvapKy45xtxon3669spqf
++/nXzp3q7WLmQiTd0+7h60d6AekMbltqr4IhR1jUDIJzPo4vrUnWVsHcqyTp7Kj3
+Cgoce2jQEn0hURvsrulP6Bq7tB5LXkxQrmY1+55R8h1dMI2kd7Po3O3gfntuCokm
+smceeid064RqUQWAO04GqKUCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O
+BBYEFJgG0IEcATibiGotzcoALRkPcZWxMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBACd9IesNyKrVhriex7hMBZv+1M1A
+9/1ZPstHARbjRJ4AhOKQGvu3Bz7yiuzWUyVaY+naMYlu1rPcA01588xbKdBCGF9Z
+noOeVHlTZwu1OOV57KjwoilRBtjNNbmUUl3t4nlw6+sz5pPjyVYPBunMiig3n1Ke
+8jYPdl0bW/kX+8ve
+-----END CERTIFICATE REQUEST-----
diff --git a/tls/tests/files/server-and-key.pem b/tls/tests/files/server-and-key.pem
new file mode 100644
index 0000000..a74436a
--- /dev/null
+++ b/tls/tests/files/server-and-key.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
+MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
+crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
+9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
+YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
+JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
+7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
+hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
+YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
+DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
+8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
+c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/server-intermediate-csr.pem b/tls/tests/files/server-intermediate-csr.pem
new file mode 100644
index 0000000..c112d6c
--- /dev/null
+++ b/tls/tests/files/server-intermediate-csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBNjCB4QIBADBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
+GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/A
+jUg3gVFKw+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAaAxMC8GCSqGSIb3
+DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
+9w0BAQUFAANBADtTaSyvJDUzCuim8Wlk8MVVsGQzC2czFRshO5JcPgjq08gN9FXM
+KUYeUQYLGGVnVXkTqWdAOog769XukpDGv2g=
+-----END CERTIFICATE REQUEST-----
diff --git a/tls/tests/files/server-intermediate-key.pem b/tls/tests/files/server-intermediate-key.pem
new file mode 100644
index 0000000..32661d5
--- /dev/null
+++ b/tls/tests/files/server-intermediate-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/AjUg3gVFK
+w+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAQJACu1/RMIenHYnmaOOgDrU
+/0q+a/QnwZqx3JWzJyJsYhZmAJRw7/0MjsrD+UoPggvliu77FmnYihYEPxdlM39D
+QQIhAPE0Lu0W1vhiXxuEwIP7w7ix/IlTgZ/xIhoOltfwKSMPAiEA2itd/y6MvNgq
+39ZZDiAn5mjyDoSNJuafRi1FNY4fP+kCIGcNRH9HItE8NiYrsZSyHAzs/lgttVQA
+UfGQCiJ4GRtBAiBc+I4d6KBg+V2L9bQNqPZX4fEE7seYBD9rkG8l22LFwQIgOKPr
+BUkGlw/IMHWVXhQkPKSAPoSLHEvGiQCIyIckCMc=
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/server-intermediate.pem b/tls/tests/files/server-intermediate.pem
new file mode 100644
index 0000000..6e4246a
--- /dev/null
+++ b/tls/tests/files/server-intermediate.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
+bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
+aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
+LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
+SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
+urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
+ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
+rIGhqRjNMWRmaH1wgSCGRiE=
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/server-key.der b/tls/tests/files/server-key.der
new file mode 100644
index 0000000..abd1336
Binary files /dev/null and b/tls/tests/files/server-key.der differ
diff --git a/tls/tests/files/server-key.pem b/tls/tests/files/server-key.pem
new file mode 100644
index 0000000..93a9cc5
--- /dev/null
+++ b/tls/tests/files/server-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
+7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
+hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
+YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
+DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
+8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
+c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
+-----END RSA PRIVATE KEY-----
diff --git a/tls/tests/files/server-self.pem b/tls/tests/files/server-self.pem
new file mode 100644
index 0000000..3827cda
--- /dev/null
+++ b/tls/tests/files/server-self.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
+dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
+SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
+gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
+pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
+6JR2XOHSot4zsr68
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/server.der b/tls/tests/files/server.der
new file mode 100644
index 0000000..a3a4b39
Binary files /dev/null and b/tls/tests/files/server.der differ
diff --git a/tls/tests/files/server.pem b/tls/tests/files/server.pem
new file mode 100644
index 0000000..56be360
--- /dev/null
+++ b/tls/tests/files/server.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
+MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
+crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
+9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
+YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
+JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+-----END CERTIFICATE-----
diff --git a/tls/tests/files/ssl/ca.conf b/tls/tests/files/ssl/ca.conf
new file mode 100644
index 0000000..8e1844e
--- /dev/null
+++ b/tls/tests/files/ssl/ca.conf
@@ -0,0 +1,31 @@
+# Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Certificate Authority"
+commonName = "ca.example.com"
+emailAddress = "ca example com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:ca example com
+issuerAltName = issuer:copy
diff --git a/tls/tests/files/ssl/client.conf b/tls/tests/files/ssl/client.conf
new file mode 100644
index 0000000..be59460
--- /dev/null
+++ b/tls/tests/files/ssl/client.conf
@@ -0,0 +1,14 @@
+# Client
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "Client"
+emailAddress = client example com
diff --git a/tls/tests/files/ssl/intermediate-ca.conf b/tls/tests/files/ssl/intermediate-ca.conf
new file mode 100644
index 0000000..f766c14
--- /dev/null
+++ b/tls/tests/files/ssl/intermediate-ca.conf
@@ -0,0 +1,31 @@
+# Intermediate Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Intermediate Certificate Authority"
+commonName = "intermediate-ca.example.com"
+emailAddress = "intermediate-ca example com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:intermediate-ca example com
+issuerAltName = issuer:copy
diff --git a/tls/tests/files/ssl/old-ca.conf b/tls/tests/files/ssl/old-ca.conf
new file mode 100644
index 0000000..b1d155a
--- /dev/null
+++ b/tls/tests/files/ssl/old-ca.conf
@@ -0,0 +1,31 @@
+# Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Old Untrusted Certificate Authority"
+commonName = "once.was.a.ca.example.com"
+emailAddress = "ca example com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:ca example com
+issuerAltName = issuer:copy
diff --git a/tls/tests/files/ssl/server-intermediate.conf b/tls/tests/files/ssl/server-intermediate.conf
new file mode 100644
index 0000000..d899a0f
--- /dev/null
+++ b/tls/tests/files/ssl/server-intermediate.conf
@@ -0,0 +1,27 @@
+# Server
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "server.example.com"
+
+[ req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+
+[ v3_req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.0 = 192.168.1.22
diff --git a/tls/tests/files/ssl/server.conf b/tls/tests/files/ssl/server.conf
new file mode 100644
index 0000000..6a98029
--- /dev/null
+++ b/tls/tests/files/ssl/server.conf
@@ -0,0 +1,27 @@
+# Server
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "server.example.com"
+
+[ req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+
+[ v3_req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.0 = 192.168.1.10
diff --git a/tls/tests/mock-interaction.c b/tls/tests/mock-interaction.c
new file mode 100644
index 0000000..1bcb729
--- /dev/null
+++ b/tls/tests/mock-interaction.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright (C) 2011 Collabora Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include <gio/gio.h>
+
+#include "mock-interaction.h"
+
+G_DEFINE_TYPE (MockInteraction, mock_interaction, G_TYPE_TLS_INTERACTION);
+
+static void
+mock_interaction_ask_password_async (GTlsInteraction *interaction,
+ GTlsPassword *password,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ MockInteraction *self = MOCK_INTERACTION (interaction);
+ GTask *task;
+
+ task = g_task_new (interaction, cancellable, callback, user_data);
+
+ if (self->static_error)
+ g_task_return_error (task, g_error_copy (self->static_error));
+ else
+ g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
+ g_task_return_boolean (task, TRUE);
+ g_object_unref (task);
+}
+
+static GTlsInteractionResult
+mock_interaction_ask_password_finish (GTlsInteraction *interaction,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, interaction),
+ G_TLS_INTERACTION_UNHANDLED);
+
+ if (g_task_had_error (G_TASK (result)))
+ {
+ g_task_propagate_boolean (G_TASK (result), error);
+ return G_TLS_INTERACTION_FAILED;
+ }
+ else
+ return G_TLS_INTERACTION_HANDLED;
+}
+
+static GTlsInteractionResult
+mock_interaction_ask_password (GTlsInteraction *interaction,
+ GTlsPassword *password,
+ GCancellable *cancellable,
+ GError **error)
+{
+ MockInteraction *self = MOCK_INTERACTION (interaction);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_INTERACTION_FAILED;
+
+ if (self->static_error)
+ {
+ g_propagate_error (error, g_error_copy (self->static_error));
+ return G_TLS_INTERACTION_FAILED;
+ }
+ else
+ {
+ g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
+ return G_TLS_INTERACTION_HANDLED;
+ }
+}
+
+static void
+mock_interaction_request_certificate_async (GTlsInteraction *interaction,
+ GTlsConnection *connection,
+ GTlsCertificateRequestFlags flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ MockInteraction *self = MOCK_INTERACTION (interaction);
+ GTask *task;
+
+ task = g_task_new (interaction, cancellable, callback, user_data);
+
+ if (self->static_error)
+ g_task_return_error (task, g_error_copy (self->static_error));
+ else
+ {
+ g_tls_connection_set_certificate (connection, self->static_certificate);
+ g_task_return_boolean (task, TRUE);
+ }
+ g_object_unref (task);
+}
+
+static GTlsInteractionResult
+mock_interaction_request_certificate_finish (GTlsInteraction *interaction,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, interaction),
+ G_TLS_INTERACTION_UNHANDLED);
+
+ if (!g_task_propagate_boolean (G_TASK (result), error))
+ return G_TLS_INTERACTION_FAILED;
+ else
+ return G_TLS_INTERACTION_HANDLED;
+}
+
+static GTlsInteractionResult
+mock_interaction_request_certificate (GTlsInteraction *interaction,
+ GTlsConnection *connection,
+ GTlsCertificateRequestFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ MockInteraction *self = MOCK_INTERACTION (interaction);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_INTERACTION_FAILED;
+
+ if (self->static_error)
+ {
+ g_propagate_error (error, g_error_copy (self->static_error));
+ return G_TLS_INTERACTION_FAILED;
+ }
+ else
+ {
+ g_tls_connection_set_certificate (connection, self->static_certificate);
+ return G_TLS_INTERACTION_HANDLED;
+ }
+}
+
+static void
+mock_interaction_init (MockInteraction *self)
+{
+
+}
+
+static void
+mock_interaction_finalize (GObject *object)
+{
+ MockInteraction *self = MOCK_INTERACTION (object);
+
+ g_free (self->static_password);
+ g_clear_object (&self->static_certificate);
+ g_clear_error (&self->static_error);
+
+ G_OBJECT_CLASS (mock_interaction_parent_class)->finalize (object);
+}
+
+static void
+mock_interaction_class_init (MockInteractionClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ GTlsInteractionClass *interaction_class = G_TLS_INTERACTION_CLASS (klass);
+
+ object_class->finalize = mock_interaction_finalize;
+
+ interaction_class->ask_password = mock_interaction_ask_password;
+ interaction_class->ask_password_async = mock_interaction_ask_password_async;
+ interaction_class->ask_password_finish = mock_interaction_ask_password_finish;
+ interaction_class->request_certificate = mock_interaction_request_certificate;
+ interaction_class->request_certificate_async = mock_interaction_request_certificate_async;
+ interaction_class->request_certificate_finish = mock_interaction_request_certificate_finish;
+}
+
+GTlsInteraction *
+mock_interaction_new_static_password (const gchar *password)
+{
+ MockInteraction *self;
+
+ self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
+
+ self->static_password = g_strdup (password);
+ return G_TLS_INTERACTION (self);
+}
+
+GTlsInteraction *
+mock_interaction_new_static_certificate (GTlsCertificate *cert)
+{
+ MockInteraction *self;
+
+ self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
+
+ self->static_certificate = cert ? g_object_ref (cert) : NULL;
+ return G_TLS_INTERACTION (self);
+}
+
+GTlsInteraction *
+mock_interaction_new_static_error (GQuark domain,
+ gint code,
+ const gchar *message)
+{
+ MockInteraction *self;
+
+ self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
+
+ self->static_error = g_error_new (domain, code, "%s", message);
+ return G_TLS_INTERACTION (self);
+}
diff --git a/tls/tests/mock-interaction.h b/tls/tests/mock-interaction.h
new file mode 100644
index 0000000..f357d8a
--- /dev/null
+++ b/tls/tests/mock-interaction.h
@@ -0,0 +1,66 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * Copyright (C) 2011 Collabora Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include <gio/gio.h>
+
+#ifndef __MOCK_INTERACTION_H__
+#define __MOCK_INTERACTION_H__
+
+G_BEGIN_DECLS
+
+#define MOCK_TYPE_INTERACTION (mock_interaction_get_type ())
+#define MOCK_INTERACTION(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), MOCK_TYPE_INTERACTION,
MockInteraction))
+#define MOCK_INTERACTION_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), MOCK_TYPE_INTERACTION,
MockInteractionClass))
+#define MOCK_IS_INTERACTION(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), MOCK_TYPE_INTERACTION))
+#define MOCK_IS_INTERACTION_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), MOCK_TYPE_INTERACTION))
+#define MOCK_INTERACTION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), MOCK_TYPE_INTERACTION,
MockInteractionClass))
+
+typedef struct _MockInteraction MockInteraction;
+typedef struct _MockInteractionClass MockInteractionClass;
+
+struct _MockInteraction
+{
+ GTlsInteraction parent_instance;
+ gchar *static_password;
+ GTlsCertificate *static_certificate;
+ GError *static_error;
+};
+
+struct _MockInteractionClass
+{
+ GTlsInteractionClass parent_class;
+};
+
+
+GType mock_interaction_get_type (void);
+
+GTlsInteraction *mock_interaction_new_static_password (const gchar *password);
+
+GTlsInteraction *mock_interaction_new_static_certificate (GTlsCertificate *cert);
+
+GTlsInteraction *mock_interaction_new_static_error (GQuark domain,
+ gint code,
+ const gchar *message);
+
+G_END_DECLS
+
+#endif /* __MOCK_INTERACTION_H__ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]