The #GIOStream that the connection wraps. The connection holds a reference to this stream, and may run operations on the stream from other threads throughout its lifetime. Consequently, after the #GIOStream has been constructed, application code may only run its own operations on this stream when no #GIOStream operations are running.
The connection's certificate; see g_tls_connection_set_certificate().
The certificate database to use when verifying this TLS connection. If no certificate database is set, then the default database will be used. See g_tls_backend_get_default_database().
When using a non-default database, #GTlsConnection must fall back to using the #GTlsDatabase to perform certificate verification using g_tls_database_verify_chain(), which means certificate verification will not be able to make use of TLS session context. This may be less secure. For example, if you create your own #GTlsDatabase that just wraps the default #GTlsDatabase, you might expect that you have not changed anything, but this is not true because you may have altered the behavior of #GTlsConnection by causing it to use g_tls_database_verify_chain(). See the documentation of g_tls_database_verify_chain() for more details on specific security checks that may not be performed. Accordingly, setting a non-default database is discouraged except for specialty applications with unusual security requirements.
A #GTlsInteraction object to be used when the connection or certificate database need to interact with the user. This will be used to prompt the user for passwords where necessary.
The rehandshaking mode. See g_tls_connection_set_rehandshake_mode().
Whether or not proper TLS close notification is required. See g_tls_connection_set_require_close_notify().
A #GSocketConnectable describing the identity of the server that is expected on the other end of the connection.
If the %G_TLS_CERTIFICATE_BAD_IDENTITY flag is set in #GTlsClientConnection:validation-flags, this object will be used to determine the expected identify of the remote end of the connection; if #GTlsClientConnection:server-identity is not set, or does not match the identity presented by the server, then the %G_TLS_CERTIFICATE_BAD_IDENTITY validation will fail.
In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.
SSL 3.0 is no longer supported. See g_tls_client_connection_set_use_ssl3() for details.
Whether or not the system certificate database will be used to verify peer certificates. See g_tls_connection_set_use_system_certdb().
What steps to perform when validating a certificate received from a server. Server certificates that fail to validate in any of the ways indicated here will be rejected unless the application overrides the default via #GTlsConnection::accept-certificate.
GLib guarantees that if certificate verification fails, at least one flag will be set, but it does not guarantee that all possible flags will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate. Therefore, there is no safe way to use this property. This is not a horrible problem, though, because you should not be attempting to ignore validation errors anyway. If you really must ignore TLS certificate errors, connect to #GTlsConnection::accept-certificate.
The list of application-layer protocols that the connection advertises that it is willing to speak. See g_tls_connection_set_advertised_protocols().