Top |
GTlsConnection and related classes provide TLS (Transport Layer Security, previously known as SSL, Secure Sockets Layer) support for gio-based network streams.
GDtlsConnection and related classes provide DTLS (Datagram TLS) support for GIO-based network sockets, using the GDatagramBased interface. The TLS and DTLS APIs are almost identical, except TLS is stream-based and DTLS is datagram-based. They share certificate and backend infrastructure.
In the simplest case, for a client TLS connection, you can just set the “tls” flag on a GSocketClient, and then any connections created by that client will have TLS negotiated automatically, using appropriate default settings, and rejecting any invalid or self-signed certificates (unless you change that default by setting the “tls-validation-flags” property). The returned object will be a GTcpWrapperConnection, which wraps the underlying GTlsClientConnection.
For greater control, you can create your own GTlsClientConnection, wrapping a GSocketConnection (or an arbitrary GIOStream with pollable input and output streams) and then connect to its signals, such as “accept-certificate”, before starting the handshake.
Server-side TLS is similar, using GTlsServerConnection. At the moment, there is no support for automatically wrapping server-side connections in the way GSocketClient does for client-side connections.
An error code used with G_TLS_ERROR
in a GError returned from a
TLS-related routine.
No TLS provider is available |
||
Miscellaneous TLS error |
||
A certificate could not be parsed |
||
The TLS handshake failed because the peer does not seem to be a TLS server. |
||
The TLS handshake failed because the peer's certificate was not acceptable. |
||
The TLS handshake failed because
the server requested a client-side certificate, but none was
provided. See |
||
The TLS connection was closed without proper
notice, which may indicate an attack. See
|
Since: 2.28
The client authentication mode for a GTlsServerConnection.
Since: 2.28
A set of flags describing TLS certification validation. This can be
used to set which validation steps to perform (eg, with
g_tls_client_connection_set_validation_flags()
), or to describe why
a particular certificate was rejected (eg, in
“accept-certificate”).
The signing certificate authority is not known. |
||
The certificate does not match the expected identity of the site that it was retrieved from. |
||
The certificate's activation time is still in the future |
||
The certificate has expired |
||
The certificate has been revoked according to the GTlsConnection's certificate revocation list. |
||
The certificate's algorithm is considered insecure. |
||
Some other error occurred validating the certificate |
||
the combination of all of the above flags |
Since: 2.28