1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright © 2010 Red Hat, Inc
4 * Copyright © 2015 Collabora, Ltd.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General
17 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include "gdtlsconnection.h"
24 #include "gcancellable.h"
25 #include "gioenumtypes.h"
27 #include "gtlsbackend.h"
28 #include "gtlscertificate.h"
29 #include "gdtlsclientconnection.h"
30 #include "gtlsdatabase.h"
31 #include "gtlsinteraction.h"
35 * SECTION:gdtlsconnection
36 * @short_description: DTLS connection type
39 * #GDtlsConnection is the base DTLS connection class type, which wraps
40 * a #GDatagramBased and provides DTLS encryption on top of it. Its
41 * subclasses, #GDtlsClientConnection and #GDtlsServerConnection,
42 * implement client-side and server-side DTLS, respectively.
44 * For TLS support, see #GTlsConnection.
46 * As DTLS is datagram based, #GDtlsConnection implements #GDatagramBased,
47 * presenting a datagram-socket-like API for the encrypted connection. This
48 * operates over a base datagram connection, which is also a #GDatagramBased
49 * (#GDtlsConnection:base-socket).
51 * To close a DTLS connection, use g_dtls_connection_close().
53 * Neither #GDtlsServerConnection or #GDtlsClientConnection set the peer address
54 * on their base #GDatagramBased if it is a #GSocket — it is up to the caller to
55 * do that if they wish. If they do not, and g_socket_close() is called on the
56 * base socket, the #GDtlsConnection will not raise a %G_IO_ERROR_NOT_CONNECTED
57 * error on further I/O.
65 * Abstract base class for the backend-specific #GDtlsClientConnection
66 * and #GDtlsServerConnection types.
71 G_DEFINE_INTERFACE (GDtlsConnection
, g_dtls_connection
, G_TYPE_DATAGRAM_BASED
);
78 static guint signals
[LAST_SIGNAL
] = { 0 };
82 PROP_REQUIRE_CLOSE_NOTIFY
,
83 PROP_REHANDSHAKE_MODE
,
87 PROP_PEER_CERTIFICATE
,
88 PROP_PEER_CERTIFICATE_ERRORS
,
92 g_dtls_connection_default_init (GDtlsConnectionInterface
*iface
)
95 * GDtlsConnection:base-socket:
97 * The #GDatagramBased that the connection wraps. Note that this may be any
98 * implementation of #GDatagramBased, not just a #GSocket.
102 g_object_interface_install_property (iface
,
103 g_param_spec_object ("base-socket",
105 P_("The GDatagramBased that the connection wraps"),
106 G_TYPE_DATAGRAM_BASED
,
108 G_PARAM_CONSTRUCT_ONLY
|
109 G_PARAM_STATIC_STRINGS
));
111 * GDtlsConnection:database:
113 * The certificate database to use when verifying this TLS connection.
114 * If no certificate database is set, then the default database will be
115 * used. See g_dtls_backend_get_default_database().
119 g_object_interface_install_property (iface
,
120 g_param_spec_object ("database",
122 P_("Certificate database to use for looking up or verifying certificates"),
125 G_PARAM_STATIC_STRINGS
));
127 * GDtlsConnection:interaction:
129 * A #GTlsInteraction object to be used when the connection or certificate
130 * database need to interact with the user. This will be used to prompt the
131 * user for passwords where necessary.
135 g_object_interface_install_property (iface
,
136 g_param_spec_object ("interaction",
138 P_("Optional object for user interaction"),
139 G_TYPE_TLS_INTERACTION
,
141 G_PARAM_STATIC_STRINGS
));
143 * GDtlsConnection:require-close-notify:
145 * Whether or not proper TLS close notification is required.
146 * See g_dtls_connection_set_require_close_notify().
150 g_object_interface_install_property (iface
,
151 g_param_spec_boolean ("require-close-notify",
152 P_("Require close notify"),
153 P_("Whether to require proper TLS close notification"),
157 G_PARAM_STATIC_STRINGS
));
159 * GDtlsConnection:rehandshake-mode:
161 * The rehandshaking mode. See
162 * g_dtls_connection_set_rehandshake_mode().
166 g_object_interface_install_property (iface
,
167 g_param_spec_enum ("rehandshake-mode",
168 P_("Rehandshake mode"),
169 P_("When to allow rehandshaking"),
170 G_TYPE_TLS_REHANDSHAKE_MODE
,
171 G_TLS_REHANDSHAKE_NEVER
,
174 G_PARAM_STATIC_STRINGS
));
176 * GDtlsConnection:certificate:
178 * The connection's certificate; see
179 * g_dtls_connection_set_certificate().
183 g_object_interface_install_property (iface
,
184 g_param_spec_object ("certificate",
186 P_("The connection’s certificate"),
187 G_TYPE_TLS_CERTIFICATE
,
189 G_PARAM_STATIC_STRINGS
));
191 * GDtlsConnection:peer-certificate:
193 * The connection's peer's certificate, after the TLS handshake has
194 * completed and the certificate has been accepted. Note in
195 * particular that this is not yet set during the emission of
196 * #GDtlsConnection::accept-certificate.
198 * (You can watch for a #GObject::notify signal on this property to
199 * detect when a handshake has occurred.)
203 g_object_interface_install_property (iface
,
204 g_param_spec_object ("peer-certificate",
205 P_("Peer Certificate"),
206 P_("The connection’s peer’s certificate"),
207 G_TYPE_TLS_CERTIFICATE
,
209 G_PARAM_STATIC_STRINGS
));
211 * GDtlsConnection:peer-certificate-errors:
213 * The errors noticed-and-ignored while verifying
214 * #GDtlsConnection:peer-certificate. Normally this should be 0, but
215 * it may not be if #GDtlsClientConnection:validation-flags is not
216 * %G_TLS_CERTIFICATE_VALIDATE_ALL, or if
217 * #GDtlsConnection::accept-certificate overrode the default
222 g_object_interface_install_property (iface
,
223 g_param_spec_flags ("peer-certificate-errors",
224 P_("Peer Certificate Errors"),
225 P_("Errors found with the peer’s certificate"),
226 G_TYPE_TLS_CERTIFICATE_FLAGS
,
229 G_PARAM_STATIC_STRINGS
));
232 * GDtlsConnection::accept-certificate:
233 * @conn: a #GDtlsConnection
234 * @peer_cert: the peer's #GTlsCertificate
235 * @errors: the problems with @peer_cert.
237 * Emitted during the TLS handshake after the peer certificate has
238 * been received. You can examine @peer_cert's certification path by
239 * calling g_tls_certificate_get_issuer() on it.
241 * For a client-side connection, @peer_cert is the server's
242 * certificate, and the signal will only be emitted if the
243 * certificate was not acceptable according to @conn's
244 * #GDtlsClientConnection:validation_flags. If you would like the
245 * certificate to be accepted despite @errors, return %TRUE from the
246 * signal handler. Otherwise, if no handler accepts the certificate,
247 * the handshake will fail with %G_TLS_ERROR_BAD_CERTIFICATE.
249 * For a server-side connection, @peer_cert is the certificate
250 * presented by the client, if this was requested via the server's
251 * #GDtlsServerConnection:authentication_mode. On the server side,
252 * the signal is always emitted when the client presents a
253 * certificate, and the certificate will only be accepted if a
254 * handler returns %TRUE.
256 * Note that if this signal is emitted as part of asynchronous I/O
257 * in the main thread, then you should not attempt to interact with
258 * the user before returning from the signal handler. If you want to
259 * let the user decide whether or not to accept the certificate, you
260 * would have to return %FALSE from the signal handler on the first
261 * attempt, and then after the connection attempt returns a
262 * %G_TLS_ERROR_HANDSHAKE, you can interact with the user, and if
263 * the user decides to accept the certificate, remember that fact,
264 * create a new connection, and return %TRUE from the signal handler
267 * If you are doing I/O in another thread, you do not
268 * need to worry about this, and can simply block in the signal
269 * handler until the UI thread returns an answer.
271 * Returns: %TRUE to accept @peer_cert (which will also
272 * immediately end the signal emission). %FALSE to allow the signal
273 * emission to continue, which will cause the handshake to fail if
274 * no one else overrides it.
278 signals
[ACCEPT_CERTIFICATE
] =
279 g_signal_new (I_("accept-certificate"),
280 G_TYPE_DTLS_CONNECTION
,
282 G_STRUCT_OFFSET (GDtlsConnectionInterface
, accept_certificate
),
283 g_signal_accumulator_true_handled
, NULL
,
286 G_TYPE_TLS_CERTIFICATE
,
287 G_TYPE_TLS_CERTIFICATE_FLAGS
);
291 * g_dtls_connection_set_database:
292 * @conn: a #GDtlsConnection
293 * @database: a #GTlsDatabase
295 * Sets the certificate database that is used to verify peer certificates.
296 * This is set to the default database by default. See
297 * g_dtls_backend_get_default_database(). If set to %NULL, then
298 * peer certificate validation will always set the
299 * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning
300 * #GDtlsConnection::accept-certificate will always be emitted on
301 * client-side connections, unless that bit is not set in
302 * #GDtlsClientConnection:validation-flags).
307 g_dtls_connection_set_database (GDtlsConnection
*conn
,
308 GTlsDatabase
*database
)
310 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
311 g_return_if_fail (database
== NULL
|| G_IS_TLS_DATABASE (database
));
313 g_object_set (G_OBJECT (conn
),
314 "database", database
,
319 * g_dtls_connection_get_database:
320 * @conn: a #GDtlsConnection
322 * Gets the certificate database that @conn uses to verify
323 * peer certificates. See g_dtls_connection_set_database().
325 * Returns: (transfer none): the certificate database that @conn uses or %NULL
330 g_dtls_connection_get_database (GDtlsConnection
*conn
)
332 GTlsDatabase
*database
= NULL
;
334 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), NULL
);
336 g_object_get (G_OBJECT (conn
),
337 "database", &database
,
340 g_object_unref (database
);
345 * g_dtls_connection_set_certificate:
346 * @conn: a #GDtlsConnection
347 * @certificate: the certificate to use for @conn
349 * This sets the certificate that @conn will present to its peer
350 * during the TLS handshake. For a #GDtlsServerConnection, it is
351 * mandatory to set this, and that will normally be done at construct
354 * For a #GDtlsClientConnection, this is optional. If a handshake fails
355 * with %G_TLS_ERROR_CERTIFICATE_REQUIRED, that means that the server
356 * requires a certificate, and if you try connecting again, you should
357 * call this method first. You can call
358 * g_dtls_client_connection_get_accepted_cas() on the failed connection
359 * to get a list of Certificate Authorities that the server will
360 * accept certificates from.
362 * (It is also possible that a server will allow the connection with
363 * or without a certificate; in that case, if you don't provide a
364 * certificate, you can tell that the server requested one by the fact
365 * that g_dtls_client_connection_get_accepted_cas() will return
371 g_dtls_connection_set_certificate (GDtlsConnection
*conn
,
372 GTlsCertificate
*certificate
)
374 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
375 g_return_if_fail (G_IS_TLS_CERTIFICATE (certificate
));
377 g_object_set (G_OBJECT (conn
), "certificate", certificate
, NULL
);
381 * g_dtls_connection_get_certificate:
382 * @conn: a #GDtlsConnection
384 * Gets @conn's certificate, as set by
385 * g_dtls_connection_set_certificate().
387 * Returns: (transfer none): @conn's certificate, or %NULL
392 g_dtls_connection_get_certificate (GDtlsConnection
*conn
)
394 GTlsCertificate
*certificate
;
396 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), NULL
);
398 g_object_get (G_OBJECT (conn
), "certificate", &certificate
, NULL
);
400 g_object_unref (certificate
);
406 * g_dtls_connection_set_interaction:
407 * @conn: a connection
408 * @interaction: (nullable): an interaction object, or %NULL
410 * Set the object that will be used to interact with the user. It will be used
411 * for things like prompting the user for passwords.
413 * The @interaction argument will normally be a derived subclass of
414 * #GTlsInteraction. %NULL can also be provided if no user interaction
415 * should occur for this connection.
420 g_dtls_connection_set_interaction (GDtlsConnection
*conn
,
421 GTlsInteraction
*interaction
)
423 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
424 g_return_if_fail (interaction
== NULL
|| G_IS_TLS_INTERACTION (interaction
));
426 g_object_set (G_OBJECT (conn
), "interaction", interaction
, NULL
);
430 * g_dtls_connection_get_interaction:
431 * @conn: a connection
433 * Get the object that will be used to interact with the user. It will be used
434 * for things like prompting the user for passwords. If %NULL is returned, then
435 * no user interaction will occur for this connection.
437 * Returns: (transfer none): The interaction object.
442 g_dtls_connection_get_interaction (GDtlsConnection
*conn
)
444 GTlsInteraction
*interaction
= NULL
;
446 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), NULL
);
448 g_object_get (G_OBJECT (conn
), "interaction", &interaction
, NULL
);
450 g_object_unref (interaction
);
456 * g_dtls_connection_get_peer_certificate:
457 * @conn: a #GDtlsConnection
459 * Gets @conn's peer's certificate after the handshake has completed.
460 * (It is not set during the emission of
461 * #GDtlsConnection::accept-certificate.)
463 * Returns: (transfer none): @conn's peer's certificate, or %NULL
468 g_dtls_connection_get_peer_certificate (GDtlsConnection
*conn
)
470 GTlsCertificate
*peer_certificate
;
472 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), NULL
);
474 g_object_get (G_OBJECT (conn
), "peer-certificate", &peer_certificate
, NULL
);
475 if (peer_certificate
)
476 g_object_unref (peer_certificate
);
478 return peer_certificate
;
482 * g_dtls_connection_get_peer_certificate_errors:
483 * @conn: a #GDtlsConnection
485 * Gets the errors associated with validating @conn's peer's
486 * certificate, after the handshake has completed. (It is not set
487 * during the emission of #GDtlsConnection::accept-certificate.)
489 * Returns: @conn's peer's certificate errors
494 g_dtls_connection_get_peer_certificate_errors (GDtlsConnection
*conn
)
496 GTlsCertificateFlags errors
;
498 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), 0);
500 g_object_get (G_OBJECT (conn
), "peer-certificate-errors", &errors
, NULL
);
505 * g_dtls_connection_set_require_close_notify:
506 * @conn: a #GDtlsConnection
507 * @require_close_notify: whether or not to require close notification
509 * Sets whether or not @conn expects a proper TLS close notification
510 * before the connection is closed. If this is %TRUE (the default),
511 * then @conn will expect to receive a TLS close notification from its
512 * peer before the connection is closed, and will return a
513 * %G_TLS_ERROR_EOF error if the connection is closed without proper
514 * notification (since this may indicate a network error, or
515 * man-in-the-middle attack).
517 * In some protocols, the application will know whether or not the
518 * connection was closed cleanly based on application-level data
519 * (because the application-level data includes a length field, or is
520 * somehow self-delimiting); in this case, the close notify is
521 * redundant and may be omitted. You
522 * can use g_dtls_connection_set_require_close_notify() to tell @conn
523 * to allow an "unannounced" connection close, in which case the close
524 * will show up as a 0-length read, as in a non-TLS
525 * #GDatagramBased, and it is up to the application to check that
526 * the data has been fully received.
528 * Note that this only affects the behavior when the peer closes the
529 * connection; when the application calls g_dtls_connection_close_async() on
530 * @conn itself, this will send a close notification regardless of the
531 * setting of this property. If you explicitly want to do an unclean
532 * close, you can close @conn's #GDtlsConnection:base-socket rather
533 * than closing @conn itself.
538 g_dtls_connection_set_require_close_notify (GDtlsConnection
*conn
,
539 gboolean require_close_notify
)
541 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
543 g_object_set (G_OBJECT (conn
),
544 "require-close-notify", require_close_notify
,
549 * g_dtls_connection_get_require_close_notify:
550 * @conn: a #GDtlsConnection
552 * Tests whether or not @conn expects a proper TLS close notification
553 * when the connection is closed. See
554 * g_dtls_connection_set_require_close_notify() for details.
556 * Returns: %TRUE if @conn requires a proper TLS close notification.
561 g_dtls_connection_get_require_close_notify (GDtlsConnection
*conn
)
563 gboolean require_close_notify
;
565 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), TRUE
);
567 g_object_get (G_OBJECT (conn
),
568 "require-close-notify", &require_close_notify
,
570 return require_close_notify
;
574 * g_dtls_connection_set_rehandshake_mode:
575 * @conn: a #GDtlsConnection
576 * @mode: the rehandshaking mode
578 * Sets how @conn behaves with respect to rehandshaking requests.
580 * %G_TLS_REHANDSHAKE_NEVER means that it will never agree to
581 * rehandshake after the initial handshake is complete. (For a client,
582 * this means it will refuse rehandshake requests from the server, and
583 * for a server, this means it will close the connection with an error
584 * if the client attempts to rehandshake.)
586 * %G_TLS_REHANDSHAKE_SAFELY means that the connection will allow a
587 * rehandshake only if the other end of the connection supports the
588 * TLS `renegotiation_info` extension. This is the default behavior,
589 * but means that rehandshaking will not work against older
590 * implementations that do not support that extension.
592 * %G_TLS_REHANDSHAKE_UNSAFELY means that the connection will allow
593 * rehandshaking even without the `renegotiation_info` extension. On
594 * the server side in particular, this is not recommended, since it
595 * leaves the server open to certain attacks. However, this mode is
596 * necessary if you need to allow renegotiation with older client
602 g_dtls_connection_set_rehandshake_mode (GDtlsConnection
*conn
,
603 GTlsRehandshakeMode mode
)
605 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
607 g_object_set (G_OBJECT (conn
),
608 "rehandshake-mode", mode
,
613 * g_dtls_connection_get_rehandshake_mode:
614 * @conn: a #GDtlsConnection
616 * Gets @conn rehandshaking mode. See
617 * g_dtls_connection_set_rehandshake_mode() for details.
619 * Returns: @conn's rehandshaking mode
624 g_dtls_connection_get_rehandshake_mode (GDtlsConnection
*conn
)
626 GTlsRehandshakeMode mode
;
628 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), G_TLS_REHANDSHAKE_NEVER
);
630 g_object_get (G_OBJECT (conn
),
631 "rehandshake-mode", &mode
,
637 * g_dtls_connection_handshake:
638 * @conn: a #GDtlsConnection
639 * @cancellable: (nullable): a #GCancellable, or %NULL
640 * @error: a #GError, or %NULL
642 * Attempts a TLS handshake on @conn.
644 * On the client side, it is never necessary to call this method;
645 * although the connection needs to perform a handshake after
646 * connecting (or after sending a "STARTTLS"-type command) and may
647 * need to rehandshake later if the server requests it,
648 * #GDtlsConnection will handle this for you automatically when you try
649 * to send or receive data on the connection. However, you can call
650 * g_dtls_connection_handshake() manually if you want to know for sure
651 * whether the initial handshake succeeded or failed (as opposed to
652 * just immediately trying to write to @conn, in which
653 * case if it fails, it may not be possible to tell if it failed
654 * before or after completing the handshake).
656 * Likewise, on the server side, although a handshake is necessary at
657 * the beginning of the communication, you do not need to call this
658 * function explicitly unless you want clearer error reporting.
659 * However, you may call g_dtls_connection_handshake() later on to
660 * renegotiate parameters (encryption methods, etc) with the client.
662 * #GDtlsConnection::accept_certificate may be emitted during the
665 * Returns: success or failure
670 g_dtls_connection_handshake (GDtlsConnection
*conn
,
671 GCancellable
*cancellable
,
674 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), FALSE
);
676 return G_DTLS_CONNECTION_GET_INTERFACE (conn
)->handshake (conn
, cancellable
,
681 * g_dtls_connection_handshake_async:
682 * @conn: a #GDtlsConnection
683 * @io_priority: the [I/O priority][io-priority] of the request
684 * @cancellable: (nullable): a #GCancellable, or %NULL
685 * @callback: callback to call when the handshake is complete
686 * @user_data: the data to pass to the callback function
688 * Asynchronously performs a TLS handshake on @conn. See
689 * g_dtls_connection_handshake() for more information.
694 g_dtls_connection_handshake_async (GDtlsConnection
*conn
,
696 GCancellable
*cancellable
,
697 GAsyncReadyCallback callback
,
700 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
702 G_DTLS_CONNECTION_GET_INTERFACE (conn
)->handshake_async (conn
, io_priority
,
704 callback
, user_data
);
708 * g_dtls_connection_handshake_finish:
709 * @conn: a #GDtlsConnection
710 * @result: a #GAsyncResult.
711 * @error: a #GError pointer, or %NULL
713 * Finish an asynchronous TLS handshake operation. See
714 * g_dtls_connection_handshake() for more information.
716 * Returns: %TRUE on success, %FALSE on failure, in which
717 * case @error will be set.
722 g_dtls_connection_handshake_finish (GDtlsConnection
*conn
,
723 GAsyncResult
*result
,
726 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), FALSE
);
728 return G_DTLS_CONNECTION_GET_INTERFACE (conn
)->handshake_finish (conn
,
734 * g_dtls_connection_shutdown:
735 * @conn: a #GDtlsConnection
736 * @shutdown_read: %TRUE to stop reception of incoming datagrams
737 * @shutdown_write: %TRUE to stop sending outgoing datagrams
738 * @cancellable: (nullable): a #GCancellable, or %NULL
739 * @error: a #GError, or %NULL
741 * Shut down part or all of a DTLS connection.
743 * If @shutdown_read is %TRUE then the receiving side of the connection is shut
744 * down, and further reading is disallowed. Subsequent calls to
745 * g_datagram_based_receive_messages() will return %G_IO_ERROR_CLOSED.
747 * If @shutdown_write is %TRUE then the sending side of the connection is shut
748 * down, and further writing is disallowed. Subsequent calls to
749 * g_datagram_based_send_messages() will return %G_IO_ERROR_CLOSED.
751 * It is allowed for both @shutdown_read and @shutdown_write to be TRUE — this
752 * is equivalent to calling g_dtls_connection_close().
754 * If @cancellable is cancelled, the #GDtlsConnection may be left
755 * partially-closed and any pending untransmitted data may be lost. Call
756 * g_dtls_connection_shutdown() again to complete closing the #GDtlsConnection.
758 * Returns: %TRUE on success, %FALSE otherwise
763 g_dtls_connection_shutdown (GDtlsConnection
*conn
,
764 gboolean shutdown_read
,
765 gboolean shutdown_write
,
766 GCancellable
*cancellable
,
769 GDtlsConnectionInterface
*iface
;
771 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), FALSE
);
772 g_return_val_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
),
774 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, FALSE
);
776 if (!shutdown_read
&& !shutdown_write
)
779 iface
= G_DTLS_CONNECTION_GET_INTERFACE (conn
);
780 g_assert (iface
->shutdown
!= NULL
);
782 return iface
->shutdown (conn
, shutdown_read
, shutdown_write
,
787 * g_dtls_connection_shutdown_async:
788 * @conn: a #GDtlsConnection
789 * @shutdown_read: %TRUE to stop reception of incoming datagrams
790 * @shutdown_write: %TRUE to stop sending outgoing datagrams
791 * @io_priority: the [I/O priority][io-priority] of the request
792 * @cancellable: (nullable): a #GCancellable, or %NULL
793 * @callback: callback to call when the shutdown operation is complete
794 * @user_data: the data to pass to the callback function
796 * Asynchronously shut down part or all of the DTLS connection. See
797 * g_dtls_connection_shutdown() for more information.
802 g_dtls_connection_shutdown_async (GDtlsConnection
*conn
,
803 gboolean shutdown_read
,
804 gboolean shutdown_write
,
806 GCancellable
*cancellable
,
807 GAsyncReadyCallback callback
,
810 GDtlsConnectionInterface
*iface
;
812 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
813 g_return_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
));
815 iface
= G_DTLS_CONNECTION_GET_INTERFACE (conn
);
816 g_assert (iface
->shutdown_async
!= NULL
);
818 iface
->shutdown_async (conn
, TRUE
, TRUE
, io_priority
, cancellable
,
819 callback
, user_data
);
823 * g_dtls_connection_shutdown_finish:
824 * @conn: a #GDtlsConnection
825 * @result: a #GAsyncResult
826 * @error: a #GError pointer, or %NULL
828 * Finish an asynchronous TLS shutdown operation. See
829 * g_dtls_connection_shutdown() for more information.
831 * Returns: %TRUE on success, %FALSE on failure, in which
832 * case @error will be set
837 g_dtls_connection_shutdown_finish (GDtlsConnection
*conn
,
838 GAsyncResult
*result
,
841 GDtlsConnectionInterface
*iface
;
843 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), FALSE
);
844 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, FALSE
);
846 iface
= G_DTLS_CONNECTION_GET_INTERFACE (conn
);
847 g_assert (iface
->shutdown_finish
!= NULL
);
849 return iface
->shutdown_finish (conn
, result
, error
);
853 * g_dtls_connection_close:
854 * @conn: a #GDtlsConnection
855 * @cancellable: (nullable): a #GCancellable, or %NULL
856 * @error: a #GError, or %NULL
858 * Close the DTLS connection. This is equivalent to calling
859 * g_dtls_connection_shutdown() to shut down both sides of the connection.
861 * Closing a #GDtlsConnection waits for all buffered but untransmitted data to
862 * be sent before it completes. It then sends a `close_notify` DTLS alert to the
863 * peer and may wait for a `close_notify` to be received from the peer. It does
864 * not close the underlying #GDtlsConnection:base-socket; that must be closed
867 * Once @conn is closed, all other operations will return %G_IO_ERROR_CLOSED.
868 * Closing a #GDtlsConnection multiple times will not return an error.
870 * #GDtlsConnections will be automatically closed when the last reference is
871 * dropped, but you might want to call this function to make sure resources are
872 * released as early as possible.
874 * If @cancellable is cancelled, the #GDtlsConnection may be left
875 * partially-closed and any pending untransmitted data may be lost. Call
876 * g_dtls_connection_close() again to complete closing the #GDtlsConnection.
878 * Returns: %TRUE on success, %FALSE otherwise
883 g_dtls_connection_close (GDtlsConnection
*conn
,
884 GCancellable
*cancellable
,
887 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), FALSE
);
888 g_return_val_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
),
890 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, FALSE
);
892 return G_DTLS_CONNECTION_GET_INTERFACE (conn
)->shutdown (conn
, TRUE
, TRUE
,
897 * g_dtls_connection_close_async:
898 * @conn: a #GDtlsConnection
899 * @io_priority: the [I/O priority][io-priority] of the request
900 * @cancellable: (nullable): a #GCancellable, or %NULL
901 * @callback: callback to call when the close operation is complete
902 * @user_data: the data to pass to the callback function
904 * Asynchronously close the DTLS connection. See g_dtls_connection_close() for
910 g_dtls_connection_close_async (GDtlsConnection
*conn
,
912 GCancellable
*cancellable
,
913 GAsyncReadyCallback callback
,
916 g_return_if_fail (G_IS_DTLS_CONNECTION (conn
));
917 g_return_if_fail (cancellable
== NULL
|| G_IS_CANCELLABLE (cancellable
));
919 G_DTLS_CONNECTION_GET_INTERFACE (conn
)->shutdown_async (conn
, TRUE
, TRUE
,
922 callback
, user_data
);
926 * g_dtls_connection_close_finish:
927 * @conn: a #GDtlsConnection
928 * @result: a #GAsyncResult
929 * @error: a #GError pointer, or %NULL
931 * Finish an asynchronous TLS close operation. See g_dtls_connection_close()
932 * for more information.
934 * Returns: %TRUE on success, %FALSE on failure, in which
935 * case @error will be set
940 g_dtls_connection_close_finish (GDtlsConnection
*conn
,
941 GAsyncResult
*result
,
944 g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn
), FALSE
);
945 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, FALSE
);
947 return G_DTLS_CONNECTION_GET_INTERFACE (conn
)->shutdown_finish (conn
, result
,
952 * g_dtls_connection_emit_accept_certificate:
953 * @conn: a #GDtlsConnection
954 * @peer_cert: the peer's #GTlsCertificate
955 * @errors: the problems with @peer_cert
957 * Used by #GDtlsConnection implementations to emit the
958 * #GDtlsConnection::accept-certificate signal.
960 * Returns: %TRUE if one of the signal handlers has returned
961 * %TRUE to accept @peer_cert
966 g_dtls_connection_emit_accept_certificate (GDtlsConnection
*conn
,
967 GTlsCertificate
*peer_cert
,
968 GTlsCertificateFlags errors
)
970 gboolean accept
= FALSE
;
972 g_signal_emit (conn
, signals
[ACCEPT_CERTIFICATE
], 0,
973 peer_cert
, errors
, &accept
);