Top |
Types and Values
#define | G_TLS_ERROR |
enum | GTlsError |
#define | G_TLS_CHANNEL_BINDING_ERROR |
enum | GTlsChannelBindingError |
enum | GTlsAuthenticationMode |
enum | GTlsCertificateFlags |
Object Hierarchy
GEnum ├── GTlsAuthenticationMode ├── GTlsChannelBindingError ╰── GTlsError GFlags ╰── GTlsCertificateFlags
Description
GTlsConnection and related classes provide TLS (Transport Layer Security, previously known as SSL, Secure Sockets Layer) support for gio-based network streams.
GDtlsConnection and related classes provide DTLS (Datagram TLS) support for GIO-based network sockets, using the GDatagramBased interface. The TLS and DTLS APIs are almost identical, except TLS is stream-based and DTLS is datagram-based. They share certificate and backend infrastructure.
In the simplest case, for a client TLS connection, you can just set the “tls” flag on a GSocketClient, and then any connections created by that client will have TLS negotiated automatically, using appropriate default settings, and rejecting any invalid or self-signed certificates (unless you change that default by setting the “tls-validation-flags” property). The returned object will be a GTcpWrapperConnection, which wraps the underlying GTlsClientConnection.
For greater control, you can create your own GTlsClientConnection, wrapping a GSocketConnection (or an arbitrary GIOStream with pollable input and output streams) and then connect to its signals, such as “accept-certificate”, before starting the handshake.
Server-side TLS is similar, using GTlsServerConnection. At the moment, there is no support for automatically wrapping server-side connections in the way GSocketClient does for client-side connections.
Types and Values
G_TLS_ERROR
#define G_TLS_ERROR (g_tls_error_quark ())
Error domain for TLS. Errors in this domain will be from the GTlsError enumeration. See GError for more information on error domains.
enum GTlsError
An error code used with G_TLS_ERROR
in a GError returned from a
TLS-related routine.
Members
No TLS provider is available |
||
Miscellaneous TLS error |
||
The certificate presented could not be parsed or failed validation. |
||
The TLS handshake failed because the peer does not seem to be a TLS server. |
||
The TLS handshake failed because the peer's certificate was not acceptable. |
||
The TLS handshake failed because
the server requested a client-side certificate, but none was
provided. See |
||
The TLS connection was closed without proper
notice, which may indicate an attack. See
|
||
The TLS handshake failed because the client sent the fallback SCSV, indicating a protocol downgrade attack. Since: 2.60 |
Since: 2.28
G_TLS_CHANNEL_BINDING_ERROR
#define G_TLS_CHANNEL_BINDING_ERROR (g_tls_channel_binding_error_quark ())
Error domain for TLS channel binding. Errors in this domain will be from the GTlsChannelBindingError enumeration. See GError for more information on error domains.
Since: 2.66
enum GTlsChannelBindingError
An error code used with G_TLS_CHANNEL_BINDING_ERROR
in a GError to
indicate a TLS channel binding retrieval error.
Members
Either entire binding retrieval facility or specific binding type is not implemented in the TLS backend. |
||
The handshake is not yet complete on the connection which is a strong requirement for any existing binding type. |
||
Handshake is complete but binding data is not available. That normally indicates the TLS implementation failed to provide the binding data. For example, some implementations do not provide a peer certificate for resumed connections. |
||
Binding type is not supported
on the current connection. This error could be triggered when requesting
|
||
Any other backend error preventing binding data retrieval. |
Since: 2.66
enum GTlsAuthenticationMode
The client authentication mode for a GTlsServerConnection.
Since: 2.28
enum GTlsCertificateFlags
A set of flags describing TLS certification validation. This can be
used to set which validation steps to perform (eg, with
g_tls_client_connection_set_validation_flags()
), or to describe why
a particular certificate was rejected (eg, in
“accept-certificate”).
Members
The signing certificate authority is not known. |
||
The certificate does not match the expected identity of the site that it was retrieved from. |
||
The certificate's activation time is still in the future |
||
The certificate has expired |
||
The certificate has been revoked according to the GTlsConnection's certificate revocation list. |
||
The certificate's algorithm is considered insecure. |
||
Some other error occurred validating the certificate |
||
the combination of all of the above flags |
Since: 2.28