The path to a file containing PEM encoded certificate authority root anchors. The certificates in this file will be treated as root authorities for the purpose of verifying other certificates via the g_tls_database_verify_chain() operation.
Creates a binding between source_property
on source
and target_property
on target
.
Whenever the source_property
is changed the target_property
is
updated using the same value. For instance:
g_object_bind_property (action, "active", widget, "sensitive", 0);
Will result in the "sensitive" property of the widget #GObject instance to be updated with the same value of the "active" property of the action #GObject instance.
If flags
contains %G_BINDING_BIDIRECTIONAL then the binding will be mutual:
if target_property
on target
changes then the source_property
on source
will be updated as well.
The binding will automatically be removed when either the source
or the
target
instances are finalized. To remove the binding without affecting the
source
and the target
you can just call g_object_unref() on the returned
#GBinding instance.
Removing the binding by calling g_object_unref() on it must only be done if
the binding, source
and target
are only used from a single thread and it
is clear that both source
and target
outlive the binding. Especially it
is not safe to rely on this if the binding, source
or target
can be
finalized from different threads. Keep another reference to the binding and
use g_binding_unbind() instead to be on the safe side.
A #GObject can have multiple bindings.
the property on source
to bind
the target #GObject
the property on target
to bind
flags to pass to #GBinding
Creates a binding between source_property
on source
and target_property
on target,
allowing you to set the transformation functions to be used by
the binding.
This function is the language bindings friendly version of g_object_bind_property_full(), using #GClosures instead of function pointers.
the property on source
to bind
the target #GObject
the property on target
to bind
flags to pass to #GBinding
a #GClosure wrapping the transformation function from the source
to the target,
or %NULL to use the default
a #GClosure wrapping the transformation function from the target
to the source,
or %NULL to use the default
Create a handle string for the certificate. The database will only be able to create a handle for certificates that originate from the database. In cases where the database cannot create a handle for a certificate, %NULL will be returned.
This handle should be stable across various instances of the application, and between applications. If a certificate is modified in the database, then it is not guaranteed that this handle will continue to point to it.
certificate for which to create a handle.
This function is intended for #GObject implementations to re-enforce a [floating][floating-ref] object reference. Doing this is seldom required: all #GInitiallyUnowneds are created with a floating reference which usually just needs to be sunken by calling g_object_ref_sink().
Increases the freeze count on object
. If the freeze count is
non-zero, the emission of "notify" signals on object
is
stopped. The signals are queued until the freeze count is decreased
to zero. Duplicate notifications are squashed so that at most one
#GObject::notify signal is emitted for each property modified while the
object is frozen.
This is necessary for accessors that modify multiple properties to prevent premature notification while the object is still being modified.
Gets a named field from the objects table of associations (see g_object_set_data()).
name of the key for that association
Gets a property of an object.
The value
can be:
In general, a copy is made of the property contents and the caller is responsible for freeing the memory by calling g_value_unset().
Note that g_object_get_property() is really intended for language bindings, g_object_get() is much more convenient for C programming.
the name of the property to get
return location for the property value
This function gets back user data pointers stored via g_object_set_qdata().
A #GQuark, naming the user data pointer
Gets n_properties
properties for an object
.
Obtained properties will be set to values
. All properties must be valid.
Warnings will be emitted and undefined behaviour may result if invalid
properties are passed in.
the names of each property to get
the values of each property to get
Checks whether object
has a [floating][floating-ref] reference.
Look up a certificate by its handle.
The handle should have been created by calling g_tls_database_create_certificate_handle() on a #GTlsDatabase object of the same TLS backend. The handle is designed to remain valid across instantiations of the database.
If the handle is no longer valid, or does not point to a certificate in this database, then %NULL will be returned.
This function can block, use g_tls_database_lookup_certificate_for_handle_async() to perform the lookup operation asynchronously.
a certificate handle
used to interact with the user if necessary
Flags which affect the lookup.
a #GCancellable, or %NULL
Asynchronously look up a certificate by its handle in the database. See g_tls_database_lookup_certificate_for_handle() for more information.
a certificate handle
used to interact with the user if necessary
Flags which affect the lookup.
a #GCancellable, or %NULL
callback to call when the operation completes
Finish an asynchronous lookup of a certificate by its handle. See g_tls_database_lookup_certificate_for_handle() for more information.
If the handle is no longer valid, or does not point to a certificate in this database, then %NULL will be returned.
a #GAsyncResult.
Look up the issuer of certificate
in the database. The
#GTlsCertificate:issuer property of certificate
is not modified, and
the two certificates are not hooked into a chain.
This function can block. Use g_tls_database_lookup_certificate_issuer_async() to perform the lookup operation asynchronously.
Beware this function cannot be used to build certification paths. The issuer certificate returned by this function may not be the same as the certificate that would actually be used to construct a valid certification path during certificate verification. RFC 4158 explains why an issuer certificate cannot be naively assumed to be part of the the certification path (though GLib's TLS backends may not follow the path building strategies outlined in this RFC). Due to the complexity of certification path building, GLib does not provide any way to know which certification path will actually be used when verifying a TLS certificate. Accordingly, this function cannot be used to make security-related decisions. Only GLib itself should make security decisions about TLS certificates.
a #GTlsCertificate
used to interact with the user if necessary
flags which affect the lookup operation
a #GCancellable, or %NULL
Asynchronously look up the issuer of certificate
in the database. See
g_tls_database_lookup_certificate_issuer() for more information.
a #GTlsCertificate
used to interact with the user if necessary
flags which affect the lookup operation
a #GCancellable, or %NULL
callback to call when the operation completes
Finish an asynchronous lookup issuer operation. See g_tls_database_lookup_certificate_issuer() for more information.
a #GAsyncResult.
Look up certificates issued by this issuer in the database.
This function can block, use g_tls_database_lookup_certificates_issued_by_async() to perform the lookup operation asynchronously.
a #GByteArray which holds the DER encoded issuer DN.
used to interact with the user if necessary
Flags which affect the lookup operation.
a #GCancellable, or %NULL
Asynchronously look up certificates issued by this issuer in the database. See g_tls_database_lookup_certificates_issued_by() for more information.
The database may choose to hold a reference to the issuer byte array for the duration of of this asynchronous operation. The byte array should not be modified during this time.
a #GByteArray which holds the DER encoded issuer DN.
used to interact with the user if necessary
Flags which affect the lookup operation.
a #GCancellable, or %NULL
callback to call when the operation completes
Finish an asynchronous lookup of certificates. See g_tls_database_lookup_certificates_issued_by() for more information.
a #GAsyncResult.
Emits a "notify" signal for the property property_name
on object
.
When possible, eg. when signaling a property change from within the class that registered the property, you should use g_object_notify_by_pspec() instead.
Note that emission of the notify signal may be blocked with g_object_freeze_notify(). In this case, the signal emissions are queued and will be emitted (in reverse order) when g_object_thaw_notify() is called.
the name of a property installed on the class of object
.
Emits a "notify" signal for the property specified by pspec
on object
.
This function omits the property name lookup, hence it is faster than g_object_notify().
One way to avoid using g_object_notify() from within the class that registered the properties, and using g_object_notify_by_pspec() instead, is to store the GParamSpec used with g_object_class_install_property() inside a static array, e.g.:
enum
{
PROP_0,
PROP_FOO,
PROP_LAST
};
static GParamSpec *properties[PROP_LAST];
static void
my_object_class_init (MyObjectClass *klass)
{
properties[PROP_FOO] = g_param_spec_int ("foo", "Foo", "The foo",
0, 100,
50,
G_PARAM_READWRITE);
g_object_class_install_property (gobject_class,
PROP_FOO,
properties[PROP_FOO]);
}
and then notify a change on the "foo" property with:
g_object_notify_by_pspec (self, properties[PROP_FOO]);
the #GParamSpec of a property installed on the class of object
.
Increase the reference count of object,
and possibly remove the
[floating][floating-ref] reference, if object
has a floating reference.
In other words, if the object is floating, then this call "assumes ownership" of the floating reference, converting it to a normal reference by clearing the floating flag while leaving the reference count unchanged. If the object is not floating, then this call adds a new normal reference increasing the reference count by one.
Since GLib 2.56, the type of object
will be propagated to the return type
under the same conditions as for g_object_ref().
Releases all references to other objects. This can be used to break reference cycles.
This function should only be called from object system implementations.
Each object carries around a table of associations from strings to pointers. This function lets you set an association.
If the object already had an association with that name, the old association will be destroyed.
Internally, the key
is converted to a #GQuark using g_quark_from_string().
This means a copy of key
is kept permanently (even after object
has been
finalized) — so it is recommended to only use a small, bounded set of values
for key
in your program, to avoid the #GQuark storage growing unbounded.
name of the key
data to associate with that key
Sets a property on an object.
the name of the property to set
the value
Remove a specified datum from the object's data associations, without invoking the association's destroy handler.
name of the key
This function gets back user data pointers stored via
g_object_set_qdata() and removes the data
from object
without invoking its destroy() function (if any was
set).
Usually, calling this function is only required to update
user data pointers with a destroy notifier, for example:
void
object_add_to_user_list (GObject *object,
const gchar *new_string)
{
// the quark, naming the object data
GQuark quark_string_list = g_quark_from_static_string ("my-string-list");
// retrieve the old string list
GList *list = g_object_steal_qdata (object, quark_string_list);
// prepend new string
list = g_list_prepend (list, g_strdup (new_string));
// this changed 'list', so we need to set it again
g_object_set_qdata_full (object, quark_string_list, list, free_string_list);
}
static void
free_string_list (gpointer data)
{
GList *node, *list = data;
for (node = list; node; node = node->next)
g_free (node->data);
g_list_free (list);
}
Using g_object_get_qdata() in the above example, instead of g_object_steal_qdata() would have left the destroy function set, and thus the partial string list would have been freed upon g_object_set_qdata_full().
A #GQuark, naming the user data pointer
Reverts the effect of a previous call to
g_object_freeze_notify(). The freeze count is decreased on object
and when it reaches zero, queued "notify" signals are emitted.
Duplicate notifications for each property are squashed so that at most one #GObject::notify signal is emitted for each property, in the reverse order in which they have been queued.
It is an error to call this function when the freeze count is zero.
Decreases the reference count of object
. When its reference count
drops to 0, the object is finalized (i.e. its memory is freed).
If the pointer to the #GObject may be reused in future (for example, if it is an instance variable of another object), it is recommended to clear the pointer to %NULL rather than retain a dangling pointer to a potentially invalid #GObject instance. Use g_clear_object() for this.
Determines the validity of a certificate chain, outside the context of a TLS session.
chain
is a chain of #GTlsCertificate objects each pointing to the next
certificate in the chain by its #GTlsCertificate:issuer property.
purpose
describes the purpose (or usage) for which the certificate
is being used. Typically purpose
will be set to %G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
which means that the certificate is being used to authenticate a server
(and we are acting as the client).
The identity
is used to ensure the server certificate is valid for
the expected peer identity. If the identity does not match the
certificate, %G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the
return value. If identity
is %NULL, that bit will never be set in
the return value. The peer identity may also be used to check for
pinned certificates (trust exceptions) in the database. These may
override the normal verification process on a host-by-host basis.
Currently there are no flags,
and %G_TLS_DATABASE_VERIFY_NONE should be
used.
If chain
is found to be valid, then the return value will be 0. If
chain
is found to be invalid, then the return value will indicate at
least one problem found. If the function is unable to determine
whether chain
is valid (for example, because cancellable
is
triggered before it completes) then the return value will be
%G_TLS_CERTIFICATE_GENERIC_ERROR and error
will be set accordingly.
error
is not set when chain
is successfully analyzed but found to
be invalid.
GLib guarantees that if certificate verification fails, at least one error will be set in the return value, but it does not guarantee that all possible errors will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.
Prior to GLib 2.48, GLib's default TLS backend modified chain
to
represent the certification path built by #GTlsDatabase during
certificate verification by adjusting the #GTlsCertificate:issuer
property of each certificate in chain
. Since GLib 2.48, this no
longer occurs, so you cannot rely on #GTlsCertificate:issuer to
represent the actual certification path used during certificate
verification.
Because TLS session context is not used, #GTlsDatabase may not perform as many checks on the certificates as #GTlsConnection would. For example, certificate constraints may not be honored, and revocation checks may not be performed. The best way to verify TLS certificates used by a TLS connection is to let #GTlsConnection handle the verification.
The TLS backend may attempt to look up and add missing certificates to the chain. This may involve HTTP requests to download missing certificates.
This function can block. Use g_tls_database_verify_chain_async() to perform the verification operation asynchronously.
a #GTlsCertificate chain
the purpose that this certificate chain will be used for.
the expected peer identity
used to interact with the user if necessary
additional verify flags
a #GCancellable, or %NULL
Asynchronously determines the validity of a certificate chain after looking up and adding any missing certificates to the chain. See g_tls_database_verify_chain() for more information.
a #GTlsCertificate chain
the purpose that this certificate chain will be used for.
the expected peer identity
used to interact with the user if necessary
additional verify flags
a #GCancellable, or %NULL
callback to call when the operation completes
Finish an asynchronous verify chain operation. See g_tls_database_verify_chain() for more information.
If chain
is found to be valid, then the return value will be 0. If
chain
is found to be invalid, then the return value will indicate
the problems found. If the function is unable to determine whether
chain
is valid or not (eg, because cancellable
is triggered
before it completes) then the return value will be
%G_TLS_CERTIFICATE_GENERIC_ERROR and error
will be set
accordingly. error
is not set when chain
is successfully analyzed
but found to be invalid.
a #GAsyncResult.
This function essentially limits the life time of the closure
to
the life time of the object. That is, when the object is finalized,
the closure
is invalidated by calling g_closure_invalidate() on
it, in order to prevent invocations of the closure with a finalized
(nonexisting) object. Also, g_object_ref() and g_object_unref() are
added as marshal guards to the closure,
to ensure that an extra
reference count is held on object
during invocation of the
closure
. Usually, this function will be called on closures that
use this object
as closure data.
#GClosure to watch
Find the #GParamSpec with the given name for an
interface. Generally, the interface vtable passed in as g_iface
will be the default vtable from g_type_default_interface_ref(), or,
if you know the interface has already been loaded,
g_type_default_interface_peek().
any interface vtable for the interface, or the default vtable for the interface
name of a property to look up.
Add a property to an interface; this is only useful for interfaces that are added to GObject-derived types. Adding a property to an interface forces all objects classes with that interface to have a compatible property. The compatible property could be a newly created #GParamSpec, but normally g_object_class_override_property() will be used so that the object class only needs to provide an implementation and inherits the property description, default value, bounds, and so forth from the interface property.
This function is meant to be called from the interface's default
vtable initialization function (the class_init
member of
#GTypeInfo.) It must not be called after after class_init
has
been called for any object types implementing this interface.
If pspec
is a floating reference, it will be consumed.
any interface vtable for the interface, or the default vtable for the interface.
the #GParamSpec for the new property
Lists the properties of an interface.Generally, the interface
vtable passed in as g_iface
will be the default vtable from
g_type_default_interface_ref(), or, if you know the interface has
already been loaded, g_type_default_interface_peek().
any interface vtable for the interface, or the default vtable for the interface
Creates a new #GTlsFileDatabase which uses anchor certificate authorities
in anchors
to verify certificate chains.
The certificates in anchors
must be PEM encoded.
filename of anchor certificate authorities.
Creates a new instance of a #GObject subtype and sets its properties.
Construction parameters (see %G_PARAM_CONSTRUCT, %G_PARAM_CONSTRUCT_ONLY) which are not explicitly specified are set to their default values.
the type id of the #GObject subtype to instantiate
an array of #GParameter
#GTlsFileDatabase is implemented by #GTlsDatabase objects which load their certificate information from a file. It is an interface which TLS library specific subtypes implement.