DtlsClientConnection
GDtlsClientConnection
is the client-side subclass of iface@Gio.DtlsConnection, representing a client-side DTLS connection.
Since
2.48
Properties
A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.
The name of the DTLS ciphersuite in use. See g_dtls_connection_get_ciphersuite_name().
The certificate database to use when verifying this TLS connection. If no certificate database is set, then the default database will be used. See g_tls_backend_get_default_database().
A #GTlsInteraction object to be used when the connection or certificate database need to interact with the user. This will be used to prompt the user for passwords where necessary.
The application-layer protocol negotiated during the TLS handshake. See g_dtls_connection_get_negotiated_protocol().
The connection's peer's certificate, after the TLS handshake has completed or failed. Note in particular that this is not yet set during the emission of #GDtlsConnection::accept-certificate.
The errors noticed while verifying #GDtlsConnection:peer-certificate. Normally this should be 0, but it may not be if #GDtlsClientConnection:validation-flags is not %G_TLS_CERTIFICATE_VALIDATE_ALL, or if #GDtlsConnection::accept-certificate overrode the default behavior.
The DTLS protocol version in use. See g_dtls_connection_get_protocol_version().
The rehandshaking mode. See g_dtls_connection_set_rehandshake_mode().
Whether or not proper TLS close notification is required. See g_dtls_connection_set_require_close_notify().
A #GSocketConnectable describing the identity of the server that is expected on the other end of the connection.
What steps to perform when validating a certificate received from a server. Server certificates that fail to validate in any of the ways indicated here will be rejected unless the application overrides the default via #GDtlsConnection::accept-certificate.
Functions
Close the DTLS connection. This is equivalent to calling g_dtls_connection_shutdown() to shut down both sides of the connection.
Asynchronously close the DTLS connection. See g_dtls_connection_close() for more information.
Finish an asynchronous TLS close operation. See g_dtls_connection_close() for more information.
Checks on the readiness of @datagram_based to perform operations. The operations specified in @condition are checked for and masked against the currently-satisfied conditions on @datagram_based. The result is returned.
Waits for up to @timeout microseconds for condition to become true on
Emitted during the TLS handshake after the peer certificate has been received. You can examine @peer_cert's certification path by calling g_tls_certificate_get_issuer() on it.
Creates a #GSource that can be attached to a #GMainContext to monitor for the availability of the specified @condition on the #GDatagramBased. The #GSource keeps a reference to the @datagram_based.
Used by #GDtlsConnection implementations to emit the #GDtlsConnection::accept-certificate signal.
Gets the list of distinguished names of the Certificate Authorities that the server will accept certificates from. This will be set during the TLS handshake if the server requests a certificate. Otherwise, it will be null.
Gets @conn's certificate, as set by g_dtls_connection_set_certificate().
Returns the name of the current DTLS ciphersuite, or null if the connection has not handshaked or has been closed. Beware that the TLS backend may use any of multiple different naming conventions, because OpenSSL and GnuTLS have their own ciphersuite naming conventions that are different from each other and different from the standard, IANA- registered ciphersuite names. The ciphersuite name is intended to be displayed to the user for informative purposes only, and parsing it is not recommended.
Gets the certificate database that @conn uses to verify peer certificates. See g_dtls_connection_set_database().
Get the object that will be used to interact with the user. It will be used for things like prompting the user for passwords. If null is returned, then no user interaction will occur for this connection.
Gets the name of the application-layer protocol negotiated during the handshake.
Gets @conn's peer's certificate after the handshake has completed or failed. (It is not set during the emission of #GDtlsConnection::accept-certificate.)
Gets the errors associated with validating @conn's peer's certificate, after the handshake has completed or failed. (It is not set during the emission of #GDtlsConnection::accept-certificate.)
Returns the current DTLS protocol version, which may be %G_TLS_PROTOCOL_VERSION_UNKNOWN if the connection has not handshaked, or has been closed, or if the TLS backend has implemented a protocol version that is not a recognized #GTlsProtocolVersion.
Gets @conn rehandshaking mode. See g_dtls_connection_set_rehandshake_mode() for details.
Tests whether or not @conn expects a proper TLS close notification when the connection is closed. See g_dtls_connection_set_require_close_notify() for details.
Gets @conn's expected server identity
Gets @conn's validation flags
Attempts a TLS handshake on @conn.
Asynchronously performs a TLS handshake on @conn. See g_dtls_connection_handshake() for more information.
Finish an asynchronous TLS handshake operation. See g_dtls_connection_handshake() for more information.
Sets the list of application-layer protocols to advertise that the caller is willing to speak on this connection. The Application-Layer Protocol Negotiation (ALPN) extension will be used to negotiate a compatible protocol with the peer; use g_dtls_connection_get_negotiated_protocol() to find the negotiated protocol after the handshake. Specifying null for the the value of @protocols will disable ALPN negotiation.
This sets the certificate that @conn will present to its peer during the TLS handshake. For a #GDtlsServerConnection, it is mandatory to set this, and that will normally be done at construct time.
Sets the certificate database that is used to verify peer certificates. This is set to the default database by default. See g_tls_backend_get_default_database(). If set to null, then peer certificate validation will always set the %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning #GDtlsConnection::accept-certificate will always be emitted on client-side connections, unless that bit is not set in #GDtlsClientConnection:validation-flags).
Set the object that will be used to interact with the user. It will be used for things like prompting the user for passwords.
Since GLib 2.64, changing the rehandshake mode is no longer supported and will have no effect. With TLS 1.3, rehandshaking has been removed from the TLS protocol, replaced by separate post-handshake authentication and rekey operations.
Sets whether or not @conn expects a proper TLS close notification before the connection is closed. If this is true (the default), then @conn will expect to receive a TLS close notification from its peer before the connection is closed, and will return a %G_TLS_ERROR_EOF error if the connection is closed without proper notification (since this may indicate a network error, or man-in-the-middle attack).
Sets @conn's expected server identity, which is used both to tell servers on virtual hosts which certificate to present, and also to let @conn know what name to look for in the certificate when performing %G_TLS_CERTIFICATE_BAD_IDENTITY validation, if enabled.
Sets @conn's validation flags, to override the default set of checks performed when validating a server certificate. By default, %G_TLS_CERTIFICATE_VALIDATE_ALL is used.
Asynchronously shut down part or all of the DTLS connection. See g_dtls_connection_shutdown() for more information.
Finish an asynchronous TLS shutdown operation. See g_dtls_connection_shutdown() for more information.