A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.
Each item in the list is a #GByteArray which contains the complete subject DN of the certificate authority.
The list of application-layer protocols that the connection advertises that it is willing to speak. See g_tls_connection_set_advertised_protocols().
The #GIOStream that the connection wraps. The connection holds a reference to this stream, and may run operations on the stream from other threads throughout its lifetime. Consequently, after the #GIOStream has been constructed, application code may only run its own operations on this stream when no #GIOStream operations are running.
The connection's certificate; see g_tls_connection_set_certificate().
The name of the TLS ciphersuite in use. See g_tls_connection_get_ciphersuite_name().
The certificate database to use when verifying this TLS connection. If no certificate database is set, then the default database will be used. See g_tls_backend_get_default_database().
When using a non-default database, #GTlsConnection must fall back to using the #GTlsDatabase to perform certificate verification using g_tls_database_verify_chain(), which means certificate verification will not be able to make use of TLS session context. This may be less secure. For example, if you create your own #GTlsDatabase that just wraps the default #GTlsDatabase, you might expect that you have not changed anything, but this is not true because you may have altered the behavior of #GTlsConnection by causing it to use g_tls_database_verify_chain(). See the documentation of g_tls_database_verify_chain() for more details on specific security checks that may not be performed. Accordingly, setting a non-default database is discouraged except for specialty applications with unusual security requirements.
A #GTlsInteraction object to be used when the connection or certificate database need to interact with the user. This will be used to prompt the user for passwords where necessary.
The application-layer protocol negotiated during the TLS handshake. See g_tls_connection_get_negotiated_protocol().
The connection's peer's certificate, after the TLS handshake has completed or failed. Note in particular that this is not yet set during the emission of #GTlsConnection::accept-certificate.
(You can watch for a #GObject::notify signal on this property to detect when a handshake has occurred.)
The errors noticed while verifying #GTlsConnection:peer-certificate. Normally this should be 0, but it may not be if #GTlsClientConnection:validation-flags is not %G_TLS_CERTIFICATE_VALIDATE_ALL, or if #GTlsConnection::accept-certificate overrode the default behavior.
GLib guarantees that if certificate verification fails, at least one error will be set, but it does not guarantee that all possible errors will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.
The TLS protocol version in use. See g_tls_connection_get_protocol_version().
The rehandshaking mode. See g_tls_connection_set_rehandshake_mode().
Whether or not proper TLS close notification is required. See g_tls_connection_set_require_close_notify().
A #GSocketConnectable describing the identity of the server that is expected on the other end of the connection.
If the %G_TLS_CERTIFICATE_BAD_IDENTITY flag is set in #GTlsClientConnection:validation-flags, this object will be used to determine the expected identify of the remote end of the connection; if #GTlsClientConnection:server-identity is not set, or does not match the identity presented by the server, then the %G_TLS_CERTIFICATE_BAD_IDENTITY validation will fail.
In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.
SSL 3.0 is no longer supported. See g_tls_client_connection_set_use_ssl3() for details.
Whether or not the system certificate database will be used to verify peer certificates. See g_tls_connection_set_use_system_certdb().
What steps to perform when validating a certificate received from a server. Server certificates that fail to validate in any of the ways indicated here will be rejected unless the application overrides the default via #GTlsConnection::accept-certificate.
GLib guarantees that if certificate verification fails, at least one flag will be set, but it does not guarantee that all possible flags will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate. Therefore, there is no safe way to use this property. This is not a horrible problem, though, because you should not be attempting to ignore validation errors anyway. If you really must ignore TLS certificate errors, connect to #GTlsConnection::accept-certificate.
Creates a binding between source_property
on source
and target_property
on target
.
Whenever the source_property
is changed the target_property
is
updated using the same value. For instance:
g_object_bind_property (action, "active", widget, "sensitive", 0);
Will result in the "sensitive" property of the widget #GObject instance to be updated with the same value of the "active" property of the action #GObject instance.
If flags
contains %G_BINDING_BIDIRECTIONAL then the binding will be mutual:
if target_property
on target
changes then the source_property
on source
will be updated as well.
The binding will automatically be removed when either the source
or the
target
instances are finalized. To remove the binding without affecting the
source
and the target
you can just call g_object_unref() on the returned
#GBinding instance.
Removing the binding by calling g_object_unref() on it must only be done if
the binding, source
and target
are only used from a single thread and it
is clear that both source
and target
outlive the binding. Especially it
is not safe to rely on this if the binding, source
or target
can be
finalized from different threads. Keep another reference to the binding and
use g_binding_unbind() instead to be on the safe side.
A #GObject can have multiple bindings.
the property on source
to bind
the target #GObject
the property on target
to bind
flags to pass to #GBinding
Creates a binding between source_property
on source
and target_property
on target,
allowing you to set the transformation functions to be used by
the binding.
This function is the language bindings friendly version of g_object_bind_property_full(), using #GClosures instead of function pointers.
the property on source
to bind
the target #GObject
the property on target
to bind
flags to pass to #GBinding
a #GClosure wrapping the transformation function from the source
to the target,
or %NULL to use the default
a #GClosure wrapping the transformation function from the target
to the source,
or %NULL to use the default
Clears the pending flag on stream
.
Closes the stream, releasing resources related to it. This will also close the individual input and output streams, if they are not already closed.
Once the stream is closed, all other operations will return %G_IO_ERROR_CLOSED. Closing a stream multiple times will not return an error.
Closing a stream will automatically flush any outstanding buffers in the stream.
Streams will be automatically closed when the last reference is dropped, but you might want to call this function to make sure resources are released as early as possible.
Some streams might keep the backing store of the stream (e.g. a file descriptor) open after the stream is closed. See the documentation for the individual stream for details.
On failure the first error that happened will be reported, but the close operation will finish as much as possible. A stream that failed to close will still return %G_IO_ERROR_CLOSED for all operations. Still, it is important to check and report the error to the user, otherwise there might be a loss of data as all data might not be written.
If cancellable
is not NULL, then the operation can be cancelled by
triggering the cancellable object from another thread. If the operation
was cancelled, the error %G_IO_ERROR_CANCELLED will be returned.
Cancelling a close will still leave the stream closed, but some streams
can use a faster close that doesn't block to e.g. check errors.
The default implementation of this method just calls close on the individual input/output streams.
optional #GCancellable object, %NULL to ignore
Requests an asynchronous close of the stream, releasing resources
related to it. When the operation is finished callback
will be
called. You can then call g_io_stream_close_finish() to get
the result of the operation.
For behaviour details see g_io_stream_close().
The asynchronous methods have a default fallback that uses threads to implement asynchronicity, so they are optional for inheriting classes. However, if you override one you must override all.
the io priority of the request
optional cancellable object
callback to call when the request is satisfied
Closes a stream.
a #GAsyncResult
Possibly copies session state from one connection to another, for use
in TLS session resumption. This is not normally needed, but may be
used when the same session needs to be used between different
endpoints, as is required by some protocols, such as FTP over TLS.
source
should have already completed a handshake and, since TLS 1.3,
it should have been used to read data at least once. conn
should not
have completed a handshake.
It is not possible to know whether a call to this function will
actually do anything. Because session resumption is normally used
only for performance benefit, the TLS backend might not implement
this function. Even if implemented, it may not actually succeed in
allowing conn
to resume source'
s TLS session, because the server
may not have sent a session resumption token to source,
or it may
refuse to accept the token from conn
. There is no way to know
whether a call to this function is actually successful.
Using this function is not required to benefit from session resumption. If the TLS backend supports session resumption, the session will be resumed automatically if it is possible to do so without weakening the privacy guarantees normally provided by TLS, without need to call this function. For example, with TLS 1.3, a session ticket will be automatically copied from any #GTlsClientConnection that has previously received session tickets from the server, provided a ticket is available that has not previously been used for session resumption, since session ticket reuse would be a privacy weakness. Using this function causes the ticket to be copied without regard for privacy considerations.
a #GTlsClientConnection
Used by #GTlsConnection implementations to emit the #GTlsConnection::accept-certificate signal.
the peer's #GTlsCertificate
the problems with peer_cert
This function is intended for #GObject implementations to re-enforce a [floating][floating-ref] object reference. Doing this is seldom required: all #GInitiallyUnowneds are created with a floating reference which usually just needs to be sunken by calling g_object_ref_sink().
Increases the freeze count on object
. If the freeze count is
non-zero, the emission of "notify" signals on object
is
stopped. The signals are queued until the freeze count is decreased
to zero. Duplicate notifications are squashed so that at most one
#GObject::notify signal is emitted for each property modified while the
object is frozen.
This is necessary for accessors that modify multiple properties to prevent premature notification while the object is still being modified.
Gets the list of distinguished names of the Certificate Authorities that the server will accept certificates from. This will be set during the TLS handshake if the server requests a certificate. Otherwise, it will be %NULL.
Each item in the list is a #GByteArray which contains the complete subject DN of the certificate authority.
Gets conn'
s certificate, as set by
g_tls_connection_set_certificate().
Query the TLS backend for TLS channel binding data of type
for conn
.
This call retrieves TLS channel binding data as specified in RFC
5056, RFC
5929, and related RFCs. The
binding data is returned in data
. The data
is resized by the callee
using #GByteArray buffer management and will be freed when the data
is destroyed by g_byte_array_unref(). If data
is %NULL, it will only
check whether TLS backend is able to fetch the data (e.g. whether type
is supported by the TLS backend). It does not guarantee that the data
will be available though. That could happen if TLS connection does not
support type
or the binding data is not available yet due to additional
negotiation or input required.
#GTlsChannelBindingType type of data to fetch
Returns the name of the current TLS ciphersuite, or %NULL if the connection has not handshaked or has been closed. Beware that the TLS backend may use any of multiple different naming conventions, because OpenSSL and GnuTLS have their own ciphersuite naming conventions that are different from each other and different from the standard, IANA- registered ciphersuite names. The ciphersuite name is intended to be displayed to the user for informative purposes only, and parsing it is not recommended.
Gets a named field from the objects table of associations (see g_object_set_data()).
name of the key for that association
Gets the certificate database that conn
uses to verify
peer certificates. See g_tls_connection_set_database().
Gets the input stream for this object. This is used for reading.
Get the object that will be used to interact with the user. It will be used for things like prompting the user for passwords. If %NULL is returned, then no user interaction will occur for this connection.
Gets the name of the application-layer protocol negotiated during the handshake.
If the peer did not use the ALPN extension, or did not advertise a
protocol that matched one of conn'
s protocols, or the TLS backend
does not support ALPN, then this will be %NULL. See
g_tls_connection_set_advertised_protocols().
Gets the output stream for this object. This is used for writing.
Gets conn'
s peer's certificate after the handshake has completed
or failed. (It is not set during the emission of
#GTlsConnection::accept-certificate.)
Gets the errors associated with validating conn'
s peer's
certificate, after the handshake has completed or failed. (It is
not set during the emission of #GTlsConnection::accept-certificate.)
See #GTlsConnection:peer-certificate-errors for more information.
Gets a property of an object.
The value
can be:
In general, a copy is made of the property contents and the caller is responsible for freeing the memory by calling g_value_unset().
Note that g_object_get_property() is really intended for language bindings, g_object_get() is much more convenient for C programming.
the name of the property to get
return location for the property value
Returns the current TLS protocol version, which may be %G_TLS_PROTOCOL_VERSION_UNKNOWN if the connection has not handshaked, or has been closed, or if the TLS backend has implemented a protocol version that is not a recognized #GTlsProtocolVersion.
This function gets back user data pointers stored via g_object_set_qdata().
A #GQuark, naming the user data pointer
Gets conn
rehandshaking mode. See
g_tls_connection_set_rehandshake_mode() for details.
Tests whether or not conn
expects a proper TLS close notification
when the connection is closed. See
g_tls_connection_set_require_close_notify() for details.
Gets conn'
s expected server identity
SSL 3.0 is no longer supported. See g_tls_client_connection_set_use_ssl3() for details.
Gets whether conn
uses the system certificate database to verify
peer certificates. See g_tls_connection_set_use_system_certdb().
Gets conn'
s validation flags
This function does not work as originally designed and is impossible to use correctly. See #GTlsClientConnection:validation-flags for more information.
Gets n_properties
properties for an object
.
Obtained properties will be set to values
. All properties must be valid.
Warnings will be emitted and undefined behaviour may result if invalid
properties are passed in.
the names of each property to get
the values of each property to get
Attempts a TLS handshake on conn
.
On the client side, it is never necessary to call this method;
although the connection needs to perform a handshake after
connecting (or after sending a "STARTTLS"-type command),
#GTlsConnection will handle this for you automatically when you try
to send or receive data on the connection. You can call
g_tls_connection_handshake() manually if you want to know whether
the initial handshake succeeded or failed (as opposed to just
immediately trying to use conn
to read or write, in which case,
if it fails, it may not be possible to tell if it failed before or
after completing the handshake), but beware that servers may reject
client authentication after the handshake has completed, so a
successful handshake does not indicate the connection will be usable.
Likewise, on the server side, although a handshake is necessary at the beginning of the communication, you do not need to call this function explicitly unless you want clearer error reporting.
Previously, calling g_tls_connection_handshake() after the initial handshake would trigger a rehandshake; however, this usage was deprecated in GLib 2.60 because rehandshaking was removed from the TLS protocol in TLS 1.3. Since GLib 2.64, calling this function after the initial handshake will no longer do anything.
When using a #GTlsConnection created by #GSocketClient, the #GSocketClient performs the initial handshake, so calling this function manually is not recommended.
#GTlsConnection::accept_certificate may be emitted during the handshake.
a #GCancellable, or %NULL
Asynchronously performs a TLS handshake on conn
. See
g_tls_connection_handshake() for more information.
the [I/O priority][io-priority] of the request
a #GCancellable, or %NULL
callback to call when the handshake is complete
Finish an asynchronous TLS handshake operation. See g_tls_connection_handshake() for more information.
a #GAsyncResult.
Checks if a stream has pending actions.
Checks if a stream is closed.
Checks whether object
has a [floating][floating-ref] reference.
Emits a "notify" signal for the property property_name
on object
.
When possible, eg. when signaling a property change from within the class that registered the property, you should use g_object_notify_by_pspec() instead.
Note that emission of the notify signal may be blocked with g_object_freeze_notify(). In this case, the signal emissions are queued and will be emitted (in reverse order) when g_object_thaw_notify() is called.
the name of a property installed on the class of object
.
Emits a "notify" signal for the property specified by pspec
on object
.
This function omits the property name lookup, hence it is faster than g_object_notify().
One way to avoid using g_object_notify() from within the class that registered the properties, and using g_object_notify_by_pspec() instead, is to store the GParamSpec used with g_object_class_install_property() inside a static array, e.g.:
enum
{
PROP_0,
PROP_FOO,
PROP_LAST
};
static GParamSpec *properties[PROP_LAST];
static void
my_object_class_init (MyObjectClass *klass)
{
properties[PROP_FOO] = g_param_spec_int ("foo", "Foo", "The foo",
0, 100,
50,
G_PARAM_READWRITE);
g_object_class_install_property (gobject_class,
PROP_FOO,
properties[PROP_FOO]);
}
and then notify a change on the "foo" property with:
g_object_notify_by_pspec (self, properties[PROP_FOO]);
the #GParamSpec of a property installed on the class of object
.
Increase the reference count of object,
and possibly remove the
[floating][floating-ref] reference, if object
has a floating reference.
In other words, if the object is floating, then this call "assumes ownership" of the floating reference, converting it to a normal reference by clearing the floating flag while leaving the reference count unchanged. If the object is not floating, then this call adds a new normal reference increasing the reference count by one.
Since GLib 2.56, the type of object
will be propagated to the return type
under the same conditions as for g_object_ref().
Releases all references to other objects. This can be used to break reference cycles.
This function should only be called from object system implementations.
Sets the list of application-layer protocols to advertise that the
caller is willing to speak on this connection. The
Application-Layer Protocol Negotiation (ALPN) extension will be
used to negotiate a compatible protocol with the peer; use
g_tls_connection_get_negotiated_protocol() to find the negotiated
protocol after the handshake. Specifying %NULL for the the value
of protocols
will disable ALPN negotiation.
See IANA TLS ALPN Protocol IDs for a list of registered protocol IDs.
a %NULL-terminated array of ALPN protocol names (eg, "http/1.1", "h2"), or %NULL
This sets the certificate that conn
will present to its peer
during the TLS handshake. For a #GTlsServerConnection, it is
mandatory to set this, and that will normally be done at construct
time.
For a #GTlsClientConnection, this is optional. If a handshake fails with %G_TLS_ERROR_CERTIFICATE_REQUIRED, that means that the server requires a certificate, and if you try connecting again, you should call this method first. You can call g_tls_client_connection_get_accepted_cas() on the failed connection to get a list of Certificate Authorities that the server will accept certificates from.
(It is also possible that a server will allow the connection with or without a certificate; in that case, if you don't provide a certificate, you can tell that the server requested one by the fact that g_tls_client_connection_get_accepted_cas() will return non-%NULL.)
the certificate to use for conn
Each object carries around a table of associations from strings to pointers. This function lets you set an association.
If the object already had an association with that name, the old association will be destroyed.
Internally, the key
is converted to a #GQuark using g_quark_from_string().
This means a copy of key
is kept permanently (even after object
has been
finalized) — so it is recommended to only use a small, bounded set of values
for key
in your program, to avoid the #GQuark storage growing unbounded.
name of the key
data to associate with that key
Sets the certificate database that is used to verify peer certificates. This is set to the default database by default. See g_tls_backend_get_default_database(). If set to %NULL, then peer certificate validation will always set the %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning #GTlsConnection::accept-certificate will always be emitted on client-side connections, unless that bit is not set in #GTlsClientConnection:validation-flags).
There are nonintuitive security implications when using a non-default database. See #GDtlsConnection:database for details.
a #GTlsDatabase
Set the object that will be used to interact with the user. It will be used for things like prompting the user for passwords.
The interaction
argument will normally be a derived subclass of
#GTlsInteraction. %NULL can also be provided if no user interaction
should occur for this connection.
an interaction object, or %NULL
Sets stream
to have actions pending. If the pending flag is
already set or stream
is closed, it will return %FALSE and set
error
.
Sets a property on an object.
the name of the property to set
the value
Since GLib 2.64, changing the rehandshake mode is no longer supported and will have no effect. With TLS 1.3, rehandshaking has been removed from the TLS protocol, replaced by separate post-handshake authentication and rekey operations.
the rehandshaking mode
Sets whether or not conn
expects a proper TLS close notification
before the connection is closed. If this is %TRUE (the default),
then conn
will expect to receive a TLS close notification from its
peer before the connection is closed, and will return a
%G_TLS_ERROR_EOF error if the connection is closed without proper
notification (since this may indicate a network error, or
man-in-the-middle attack).
In some protocols, the application will know whether or not the
connection was closed cleanly based on application-level data
(because the application-level data includes a length field, or is
somehow self-delimiting); in this case, the close notify is
redundant and sometimes omitted. (TLS 1.1 explicitly allows this;
in TLS 1.0 it is technically an error, but often done anyway.) You
can use g_tls_connection_set_require_close_notify() to tell conn
to allow an "unannounced" connection close, in which case the close
will show up as a 0-length read, as in a non-TLS
#GSocketConnection, and it is up to the application to check that
the data has been fully received.
Note that this only affects the behavior when the peer closes the
connection; when the application calls g_io_stream_close() itself
on conn,
this will send a close notification regardless of the
setting of this property. If you explicitly want to do an unclean
close, you can close conn'
s #GTlsConnection:base-io-stream rather
than closing conn
itself, but note that this may only be done when no other
operations are pending on conn
or the base I/O stream.
whether or not to require close notification
Sets conn'
s expected server identity, which is used both to tell
servers on virtual hosts which certificate to present, and also
to let conn
know what name to look for in the certificate when
performing %G_TLS_CERTIFICATE_BAD_IDENTITY validation, if enabled.
a #GSocketConnectable describing the expected server identity
Since GLib 2.42.1, SSL 3.0 is no longer supported.
From GLib 2.42.1 through GLib 2.62, this function could be used to force use of TLS 1.0, the lowest-supported TLS protocol version at the time. In the past, this was needed to connect to broken TLS servers that exhibited protocol version intolerance. Such servers are no longer common, and using TLS 1.0 is no longer considered acceptable.
Since GLib 2.64, this function does nothing.
a #gboolean, ignored
Sets whether conn
uses the system certificate database to verify
peer certificates. This is %TRUE by default. If set to %FALSE, then
peer certificate validation will always set the
%G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
#GTlsConnection::accept-certificate will always be emitted on
client-side connections, unless that bit is not set in
#GTlsClientConnection:validation-flags).
whether to use the system certificate database
Sets conn'
s validation flags, to override the default set of
checks performed when validating a server certificate. By default,
%G_TLS_CERTIFICATE_VALIDATE_ALL is used.
This function does not work as originally designed and is impossible to use correctly. See #GTlsClientConnection:validation-flags for more information.
the #GTlsCertificateFlags to use
Asynchronously splice the output stream of stream1
to the input stream of
stream2
, and splice the output stream of stream2
to the input stream of
stream1
.
When the operation is finished callback
will be called.
You can then call g_io_stream_splice_finish() to get the
result of the operation.
a #GIOStream.
a set of #GIOStreamSpliceFlags.
the io priority of the request.
optional #GCancellable object, %NULL to ignore.
a #GAsyncReadyCallback.
Remove a specified datum from the object's data associations, without invoking the association's destroy handler.
name of the key
This function gets back user data pointers stored via
g_object_set_qdata() and removes the data
from object
without invoking its destroy() function (if any was
set).
Usually, calling this function is only required to update
user data pointers with a destroy notifier, for example:
void
object_add_to_user_list (GObject *object,
const gchar *new_string)
{
// the quark, naming the object data
GQuark quark_string_list = g_quark_from_static_string ("my-string-list");
// retrieve the old string list
GList *list = g_object_steal_qdata (object, quark_string_list);
// prepend new string
list = g_list_prepend (list, g_strdup (new_string));
// this changed 'list', so we need to set it again
g_object_set_qdata_full (object, quark_string_list, list, free_string_list);
}
static void
free_string_list (gpointer data)
{
GList *node, *list = data;
for (node = list; node; node = node->next)
g_free (node->data);
g_list_free (list);
}
Using g_object_get_qdata() in the above example, instead of g_object_steal_qdata() would have left the destroy function set, and thus the partial string list would have been freed upon g_object_set_qdata_full().
A #GQuark, naming the user data pointer
Reverts the effect of a previous call to
g_object_freeze_notify(). The freeze count is decreased on object
and when it reaches zero, queued "notify" signals are emitted.
Duplicate notifications for each property are squashed so that at most one #GObject::notify signal is emitted for each property, in the reverse order in which they have been queued.
It is an error to call this function when the freeze count is zero.
Decreases the reference count of object
. When its reference count
drops to 0, the object is finalized (i.e. its memory is freed).
If the pointer to the #GObject may be reused in future (for example, if it is an instance variable of another object), it is recommended to clear the pointer to %NULL rather than retain a dangling pointer to a potentially invalid #GObject instance. Use g_clear_object() for this.
Requests an asynchronous close of the stream, releasing resources
related to it. When the operation is finished callback
will be
called. You can then call g_io_stream_close_finish() to get
the result of the operation.
For behaviour details see g_io_stream_close().
The asynchronous methods have a default fallback that uses threads to implement asynchronicity, so they are optional for inheriting classes. However, if you override one you must override all.
the io priority of the request
optional cancellable object
callback to call when the request is satisfied
Closes a stream.
a #GAsyncResult
Possibly copies session state from one connection to another, for use
in TLS session resumption. This is not normally needed, but may be
used when the same session needs to be used between different
endpoints, as is required by some protocols, such as FTP over TLS.
source
should have already completed a handshake and, since TLS 1.3,
it should have been used to read data at least once. conn
should not
have completed a handshake.
It is not possible to know whether a call to this function will
actually do anything. Because session resumption is normally used
only for performance benefit, the TLS backend might not implement
this function. Even if implemented, it may not actually succeed in
allowing conn
to resume source'
s TLS session, because the server
may not have sent a session resumption token to source,
or it may
refuse to accept the token from conn
. There is no way to know
whether a call to this function is actually successful.
Using this function is not required to benefit from session resumption. If the TLS backend supports session resumption, the session will be resumed automatically if it is possible to do so without weakening the privacy guarantees normally provided by TLS, without need to call this function. For example, with TLS 1.3, a session ticket will be automatically copied from any #GTlsClientConnection that has previously received session tickets from the server, provided a ticket is available that has not previously been used for session resumption, since session ticket reuse would be a privacy weakness. Using this function causes the ticket to be copied without regard for privacy considerations.
a #GTlsClientConnection
Gets the input stream for this object. This is used for reading.
Gets the name of the application-layer protocol negotiated during the handshake.
If the peer did not use the ALPN extension, or did not advertise a
protocol that matched one of conn'
s protocols, or the TLS backend
does not support ALPN, then this will be %NULL. See
g_tls_connection_set_advertised_protocols().
Gets the output stream for this object. This is used for writing.
Attempts a TLS handshake on conn
.
On the client side, it is never necessary to call this method;
although the connection needs to perform a handshake after
connecting (or after sending a "STARTTLS"-type command),
#GTlsConnection will handle this for you automatically when you try
to send or receive data on the connection. You can call
g_tls_connection_handshake() manually if you want to know whether
the initial handshake succeeded or failed (as opposed to just
immediately trying to use conn
to read or write, in which case,
if it fails, it may not be possible to tell if it failed before or
after completing the handshake), but beware that servers may reject
client authentication after the handshake has completed, so a
successful handshake does not indicate the connection will be usable.
Likewise, on the server side, although a handshake is necessary at the beginning of the communication, you do not need to call this function explicitly unless you want clearer error reporting.
Previously, calling g_tls_connection_handshake() after the initial handshake would trigger a rehandshake; however, this usage was deprecated in GLib 2.60 because rehandshaking was removed from the TLS protocol in TLS 1.3. Since GLib 2.64, calling this function after the initial handshake will no longer do anything.
When using a #GTlsConnection created by #GSocketClient, the #GSocketClient performs the initial handshake, so calling this function manually is not recommended.
#GTlsConnection::accept_certificate may be emitted during the handshake.
a #GCancellable, or %NULL
Asynchronously performs a TLS handshake on conn
. See
g_tls_connection_handshake() for more information.
the [I/O priority][io-priority] of the request
a #GCancellable, or %NULL
callback to call when the handshake is complete
Finish an asynchronous TLS handshake operation. See g_tls_connection_handshake() for more information.
a #GAsyncResult.
Emits a "notify" signal for the property property_name
on object
.
When possible, eg. when signaling a property change from within the class that registered the property, you should use g_object_notify_by_pspec() instead.
Note that emission of the notify signal may be blocked with g_object_freeze_notify(). In this case, the signal emissions are queued and will be emitted (in reverse order) when g_object_thaw_notify() is called.
This function essentially limits the life time of the closure
to
the life time of the object. That is, when the object is finalized,
the closure
is invalidated by calling g_closure_invalidate() on
it, in order to prevent invocations of the closure with a finalized
(nonexisting) object. Also, g_object_ref() and g_object_unref() are
added as marshal guards to the closure,
to ensure that an extra
reference count is held on object
during invocation of the
closure
. Usually, this function will be called on closures that
use this object
as closure data.
#GClosure to watch
Find the #GParamSpec with the given name for an
interface. Generally, the interface vtable passed in as g_iface
will be the default vtable from g_type_default_interface_ref(), or,
if you know the interface has already been loaded,
g_type_default_interface_peek().
any interface vtable for the interface, or the default vtable for the interface
name of a property to look up.
Add a property to an interface; this is only useful for interfaces that are added to GObject-derived types. Adding a property to an interface forces all objects classes with that interface to have a compatible property. The compatible property could be a newly created #GParamSpec, but normally g_object_class_override_property() will be used so that the object class only needs to provide an implementation and inherits the property description, default value, bounds, and so forth from the interface property.
This function is meant to be called from the interface's default
vtable initialization function (the class_init
member of
#GTypeInfo.) It must not be called after after class_init
has
been called for any object types implementing this interface.
If pspec
is a floating reference, it will be consumed.
any interface vtable for the interface, or the default vtable for the interface.
the #GParamSpec for the new property
Lists the properties of an interface.Generally, the interface
vtable passed in as g_iface
will be the default vtable from
g_type_default_interface_ref(), or, if you know the interface has
already been loaded, g_type_default_interface_peek().
any interface vtable for the interface, or the default vtable for the interface
Creates a new #GTlsClientConnection wrapping base_io_stream
(which
must have pollable input and output streams) which is assumed to
communicate with the server identified by server_identity
.
See the documentation for #GTlsConnection:base-io-stream for restrictions
on when application code can run operations on the base_io_stream
after
this function has returned.
the #GIOStream to wrap
the expected identity of the server
Creates a new instance of a #GObject subtype and sets its properties.
Construction parameters (see %G_PARAM_CONSTRUCT, %G_PARAM_CONSTRUCT_ONLY) which are not explicitly specified are set to their default values.
the type id of the #GObject subtype to instantiate
an array of #GParameter
#GTlsClientConnection is the client-side subclass of #GTlsConnection, representing a client-side TLS connection.