Class: Gio::TlsConnection

Inherits:
IOStream show all
Defined in:
(unknown)

Overview

The class structure for the GTls::Connection type.

Instance Method Summary collapse

Methods inherited from IOStream

#clear_pending, #close, #close_async, #close_finish, #closed=, #closed?, #has_pending, #input_stream, #input_stream=, #is_closed, #output_stream, #output_stream=, #set_pending, #splice_async, splice_finish

Instance Method Details

#advertised_protocolsGio::

The list of application-layer protocols that the connection advertises that it is willing to speak. See g_tls_connection_set_advertised_protocols().

Returns:

  • (Gio::)

    advertised-protocols

#advertised_protocols=(advertised_protocols) ⇒ Gio::

The list of application-layer protocols that the connection advertises that it is willing to speak. See g_tls_connection_set_advertised_protocols().

Parameters:

  • advertised_protocols (Gio::)

Returns:

  • (Gio::)

    advertised-protocols

  • (Gio::)

    advertised-protocols

#base_io_streamGio::IOStream

The #GIOStream that the connection wraps. The connection holds a reference to this stream, and may run operations on the stream from other threads throughout its lifetime. Consequently, after the #GIOStream has been constructed, application code may only run its own operations on this stream when no #GIOStream operations are running.

Returns:

#base_io_stream=(base_io_stream) ⇒ Gio::IOStream

The #GIOStream that the connection wraps. The connection holds a reference to this stream, and may run operations on the stream from other threads throughout its lifetime. Consequently, after the #GIOStream has been constructed, application code may only run its own operations on this stream when no #GIOStream operations are running.

Parameters:

Returns:

#certificateGio::TlsCertificate

The connection's certificate; see g_tls_connection_set_certificate().

Returns:

#certificate=(certificate) ⇒ Gio::TlsCertificate

The connection's certificate; see g_tls_connection_set_certificate().

Parameters:

Returns:

#ciphersuite_nameString

The name of the TLS ciphersuite in use. See g_tls_connection_get_ciphersuite_name().

Returns:

  • (String)

    ciphersuite-name

#ciphersuite_name=(ciphersuite_name) ⇒ String

The name of the TLS ciphersuite in use. See g_tls_connection_get_ciphersuite_name().

Parameters:

  • ciphersuite_name (String)

Returns:

  • (String)

    ciphersuite-name

  • (String)

    ciphersuite-name

#databaseGio::TlsDatabase

The certificate database to use when verifying this TLS connection. If no certificate database is set, then the default database will be used. See g_tls_backend_get_default_database().

When using a non-default database, GTls::Connection must fall back to using the GTls::Database to perform certificate verification using g_tls_database_verify_chain(), which means certificate verification will not be able to make use of TLS session context. This may be less secure. For example, if you create your own GTls::Database that just wraps the default GTls::Database, you might expect that you have not changed anything, but this is not true because you may have altered the behavior of GTls::Connection by causing it to use g_tls_database_verify_chain(). See the documentation of g_tls_database_verify_chain() for more details on specific security checks that may not be performed. Accordingly, setting a non-default database is discouraged except for specialty applications with unusual security requirements.

Returns:

#database=(database) ⇒ Gio::TlsDatabase

The certificate database to use when verifying this TLS connection. If no certificate database is set, then the default database will be used. See g_tls_backend_get_default_database().

When using a non-default database, GTls::Connection must fall back to using the GTls::Database to perform certificate verification using g_tls_database_verify_chain(), which means certificate verification will not be able to make use of TLS session context. This may be less secure. For example, if you create your own GTls::Database that just wraps the default GTls::Database, you might expect that you have not changed anything, but this is not true because you may have altered the behavior of GTls::Connection by causing it to use g_tls_database_verify_chain(). See the documentation of g_tls_database_verify_chain() for more details on specific security checks that may not be performed. Accordingly, setting a non-default database is discouraged except for specialty applications with unusual security requirements.

Parameters:

Returns:

#emit_accept_certificate(peer_cert, errors) ⇒ Boolean

Used by GTls::Connection implementations to emit the GTls::Connection::accept-certificate signal.

Parameters:

Returns:

  • (Boolean)

    true if one of the signal handlers has returned true to accept peer_cert

#get_channel_binding_data(type, data) ⇒ Boolean

Query the TLS backend for TLS channel binding data of type for conn.

This call retrieves TLS channel binding data as specified in RFC 5056, RFC 5929, and related RFCs. The binding data is returned in data. The data is resized by the callee using GByte::Array buffer management and will be freed when the data is destroyed by g_byte_array_unref(). If data is nil, it will only check whether TLS backend is able to fetch the data (e.g. whether type is supported by the TLS backend). It does not guarantee that the data will be available though. That could happen if TLS connection does not support type or the binding data is not available yet due to additional negotiation or input required.

Parameters:

  • type (Gio::TlsChannelBindingType)

    GTls::ChannelBindingType type of data to fetch

  • data (Array<Integer>)

    GByte::Array is filled with the binding data, or nil

Returns:

  • (Boolean)

    true on success, false otherwise

#handshake(cancellable) ⇒ Boolean

Attempts a TLS handshake on conn.

On the client side, it is never necessary to call this method; although the connection needs to perform a handshake after connecting (or after sending a "STARTTLS"-type command), GTls::Connection will handle this for you automatically when you try to send or receive data on the connection. You can call g_tls_connection_handshake() manually if you want to know whether the initial handshake succeeded or failed (as opposed to just immediately trying to use conn to read or write, in which case, if it fails, it may not be possible to tell if it failed before or after completing the handshake), but beware that servers may reject client authentication after the handshake has completed, so a successful handshake does not indicate the connection will be usable.

Likewise, on the server side, although a handshake is necessary at the beginning of the communication, you do not need to call this function explicitly unless you want clearer error reporting.

Previously, calling g_tls_connection_handshake() after the initial handshake would trigger a rehandshake; however, this usage was deprecated in GLib 2.60 because rehandshaking was removed from the TLS protocol in TLS 1.3. Since GLib 2.64, calling this function after the initial handshake will no longer do anything.

When using a GTls::Connection created by #GSocketClient, the GSocket::Client performs the initial handshake, so calling this function manually is not recommended.

GTls::Connection::accept_certificate may be emitted during the handshake.

Parameters:

Returns:

  • (Boolean)

    success or failure

#handshake_async(io_priority, cancellable, callback, user_data) ⇒ nil

Asynchronously performs a TLS handshake on conn. See g_tls_connection_handshake() for more information.

Parameters:

  • io_priority (Integer)

    the [I/O priority][io-priority] of the request

  • cancellable (Gio::Cancellable)

    a #GCancellable, or nil

  • callback (Gio::AsyncReadyCallback)

    callback to call when the handshake is complete

  • user_data (GObject)

    the data to pass to the callback function

Returns:

  • (nil)

#handshake_finish(result) ⇒ Boolean

Finish an asynchronous TLS handshake operation. See g_tls_connection_handshake() for more information. case error will be set.

Parameters:

Returns:

  • (Boolean)

    true on success, false on failure, in which

#interactionGio::TlsInteraction

A GTls::Interaction object to be used when the connection or certificate database need to interact with the user. This will be used to prompt the user for passwords where necessary.

Returns:

#interaction=(interaction) ⇒ Gio::TlsInteraction

A GTls::Interaction object to be used when the connection or certificate database need to interact with the user. This will be used to prompt the user for passwords where necessary.

Parameters:

Returns:

#negotiated_protocolString

The application-layer protocol negotiated during the TLS handshake. See g_tls_connection_get_negotiated_protocol().

Returns:

  • (String)

    negotiated-protocol

#negotiated_protocol=(negotiated_protocol) ⇒ String

The application-layer protocol negotiated during the TLS handshake. See g_tls_connection_get_negotiated_protocol().

Parameters:

  • negotiated_protocol (String)

Returns:

  • (String)

    negotiated-protocol

  • (String)

    negotiated-protocol

#peer_certificateGio::TlsCertificate

The connection's peer's certificate, after the TLS handshake has completed or failed. Note in particular that this is not yet set during the emission of GTls::Connection::accept-certificate.

(You can watch for a #GObject::notify signal on this property to detect when a handshake has occurred.)

Returns:

#peer_certificate=(peer_certificate) ⇒ Gio::TlsCertificate

The connection's peer's certificate, after the TLS handshake has completed or failed. Note in particular that this is not yet set during the emission of GTls::Connection::accept-certificate.

(You can watch for a #GObject::notify signal on this property to detect when a handshake has occurred.)

Parameters:

Returns:

#peer_certificate_errorsGio::TlsCertificateFlags

The errors noticed while verifying GTls::Connection:peer-certificate. Normally this should be 0, but it may not be if GTls::ClientConnection:validation-flags is not %G_TLS_CERTIFICATE_VALIDATE_ALL, or if GTls::Connection::accept-certificate overrode the default behavior.

GLib guarantees that if certificate verification fails, at least one error will be set, but it does not guarantee that all possible errors will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.

Returns:

#peer_certificate_errors=(peer_certificate_errors) ⇒ Gio::TlsCertificateFlags

The errors noticed while verifying GTls::Connection:peer-certificate. Normally this should be 0, but it may not be if GTls::ClientConnection:validation-flags is not %G_TLS_CERTIFICATE_VALIDATE_ALL, or if GTls::Connection::accept-certificate overrode the default behavior.

GLib guarantees that if certificate verification fails, at least one error will be set, but it does not guarantee that all possible errors will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.

Parameters:

Returns:

#protocol_versionGio::TlsProtocolVersion

The TLS protocol version in use. See g_tls_connection_get_protocol_version().

Returns:

#protocol_version=(protocol_version) ⇒ Gio::TlsProtocolVersion

The TLS protocol version in use. See g_tls_connection_get_protocol_version().

Parameters:

Returns:

#rehandshake_modeGio::TlsRehandshakeMode

The rehandshaking mode. See g_tls_connection_set_rehandshake_mode().

Returns:

#rehandshake_mode=(rehandshake_mode) ⇒ Gio::TlsRehandshakeMode

The rehandshaking mode. See g_tls_connection_set_rehandshake_mode().

Parameters:

Returns:

#require_close_notifyBoolean

Tests whether or not conn expects a proper TLS close notification when the connection is closed. See g_tls_connection_set_require_close_notify() for details. notification.

Returns:

  • (Boolean)

    true if conn requires a proper TLS close

#require_close_notify=(require_close_notify) ⇒ Boolean

Whether or not proper TLS close notification is required. See g_tls_connection_set_require_close_notify().

Parameters:

  • require_close_notify (Boolean)

Returns:

  • (Boolean)

    require-close-notify

  • (Boolean)

    require-close-notify

#require_close_notify?Boolean

Whether or not proper TLS close notification is required. See g_tls_connection_set_require_close_notify().

Returns:

  • (Boolean)

    require-close-notify

#use_system_certdbBoolean

Gets whether conn uses the system certificate database to verify peer certificates. See g_tls_connection_set_use_system_certdb().

Returns:

  • (Boolean)

    whether conn uses the system certificate database

#use_system_certdb=(use_system_certdb) ⇒ Boolean

Whether or not the system certificate database will be used to verify peer certificates. See g_tls_connection_set_use_system_certdb().

Parameters:

  • use_system_certdb (Boolean)

Returns:

  • (Boolean)

    use-system-certdb

  • (Boolean)

    use-system-certdb

#use_system_certdb?Boolean

Whether or not the system certificate database will be used to verify peer certificates. See g_tls_connection_set_use_system_certdb().

Returns:

  • (Boolean)

    use-system-certdb