Top |
gpointer | accepted-cas | Read |
GSocketConnectable * | server-identity | Read / Write / Construct |
GTlsCertificateFlags | validation-flags | Read / Write / Construct |
GDtlsClientConnection is the client-side subclass of GDtlsConnection, representing a client-side DTLS connection.
GDatagramBased * g_dtls_client_connection_new (GDatagramBased *base_socket
,GSocketConnectable *server_identity
,GError **error
);
Creates a new GDtlsClientConnection wrapping base_socket
which is
assumed to communicate with the server identified by server_identity
.
base_socket |
the GDatagramBased to wrap |
|
server_identity |
the expected identity of the server. |
[nullable] |
error |
the new
GDtlsClientConnection, or NULL
on error.
[transfer full][type GDtlsClientConnection]
Since: 2.48
void g_dtls_client_connection_set_server_identity (GDtlsClientConnection *conn
,GSocketConnectable *identity
);
Sets conn
's expected server identity, which is used both to tell
servers on virtual hosts which certificate to present, and also
to let conn
know what name to look for in the certificate when
performing G_TLS_CERTIFICATE_BAD_IDENTITY
validation, if enabled.
Since: 2.48
GSocketConnectable *
g_dtls_client_connection_get_server_identity
(GDtlsClientConnection *conn
);
Gets conn
's expected server identity
a GSocketConnectable describing the
expected server identity, or NULL
if the expected identity is not
known.
[transfer none]
Since: 2.48
void g_dtls_client_connection_set_validation_flags (GDtlsClientConnection *conn
,GTlsCertificateFlags flags
);
Sets conn
's validation flags, to override the default set of
checks performed when validating a server certificate. By default,
G_TLS_CERTIFICATE_VALIDATE_ALL
is used.
Since: 2.48
GTlsCertificateFlags
g_dtls_client_connection_get_validation_flags
(GDtlsClientConnection *conn
);
Gets conn
's validation flags
Since: 2.48
GList *
g_dtls_client_connection_get_accepted_cas
(GDtlsClientConnection *conn
);
Gets the list of distinguished names of the Certificate Authorities
that the server will accept certificates from. This will be set
during the TLS handshake if the server requests a certificate.
Otherwise, it will be NULL
.
Each item in the list is a GByteArray which contains the complete subject DN of the certificate authority.
the list of
CA DNs. You should unref each element with g_byte_array_unref()
and then
the free the list with g_list_free()
.
[element-type GByteArray][transfer full]
Since: 2.48
typedef struct _GDtlsClientConnection GDtlsClientConnection;
Abstract base class for the backend-specific client connection type.
Since: 2.48
struct GDtlsClientConnectionInterface { GTypeInterface g_iface; };
vtable for a GDtlsClientConnection implementation.
Since: 2.48
“accepted-cas”
property“accepted-cas” gpointer
A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.
Each item in the list is a GByteArray which contains the complete subject DN of the certificate authority.
[element-type GLib.ByteArray]
Flags: Read
Since: 2.48
“server-identity”
property“server-identity” GSocketConnectable *
A GSocketConnectable describing the identity of the server that is expected on the other end of the connection.
If the G_TLS_CERTIFICATE_BAD_IDENTITY
flag is set in
“validation-flags”, this object will be used
to determine the expected identify of the remote end of the
connection; if “server-identity” is not set,
or does not match the identity presented by the server, then the
G_TLS_CERTIFICATE_BAD_IDENTITY
validation will fail.
In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.
Flags: Read / Write / Construct
Since: 2.48
“validation-flags”
property“validation-flags” GTlsCertificateFlags
What steps to perform when validating a certificate received from a server. Server certificates that fail to validate in all of the ways indicated here will be rejected unless the application overrides the default via “accept-certificate”.
Flags: Read / Write / Construct
Default value: G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY | G_TLS_CERTIFICATE_NOT_ACTIVATED | G_TLS_CERTIFICATE_EXPIRED | G_TLS_CERTIFICATE_REVOKED | G_TLS_CERTIFICATE_INSECURE | G_TLS_CERTIFICATE_GENERIC_ERROR
Since: 2.48