The PEM (ASCII) encoded representation of the certificate. This property and the #GTlsCertificate:certificate property represent the same data, just in different forms.
A #GTlsCertificate representing the entity that issued this certificate. If %NULL, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.
Beware the issuer certificate may not be the same as the certificate that would actually be used to construct a valid certification path during certificate verification. RFC 4158 explains why an issuer certificate cannot be naively assumed to be part of the the certification path (though GLib's TLS backends may not follow the path building strategies outlined in this RFC). Due to the complexity of certification path building, GLib does not provide any way to know which certification path will actually be used. Accordingly, this property cannot be used to make security-related decisions. Only GLib itself should make security decisions about TLS certificates.
An optional password used when constructed with GTlsCertificate:pkcs12-data.
A URI referencing the PKCS #11 objects containing an X.509 certificate and optionally a private key.
If %NULL, the certificate is either not backed by PKCS #11 or the #GTlsBackend does not support PKCS #11.
The PKCS #12 formatted data used to construct the object.
See also: g_tls_certificate_new_from_pkcs12()
The DER (binary) encoded representation of the certificate's
private key, in either PKCS #1 format
or unencrypted PKCS #8 format.
PKCS #8 format is supported since 2.32; earlier releases only
support PKCS #1. You can use the openssl rsa tool to convert
PKCS #8 keys to PKCS #1.
This property (or the #GTlsCertificate:private-key-pem property) can be set when constructing a key (for example, from a file). Since GLib 2.70, it is now also readable; however, be aware that if the private key is backed by a PKCS #11 URI – for example, if it is stored on a smartcard – then this property will be %NULL. If so, the private key must be referenced via its PKCS #11 URI, #GTlsCertificate:private-key-pkcs11-uri. You must check both properties to see if the certificate really has a private key. When this property is read, the output format will be unencrypted PKCS #8.
The PEM (ASCII) encoded representation of the certificate's
private key in either PKCS #1 format
("BEGIN RSA PRIVATE KEY") or unencrypted
PKCS #8 format
("BEGIN PRIVATE KEY"). PKCS #8 format is supported since 2.32;
earlier releases only support PKCS #1. You can use the openssl rsa
tool to convert PKCS #8 keys to PKCS #1.
This property (or the #GTlsCertificate:private-key property) can be set when constructing a key (for example, from a file). Since GLib 2.70, it is now also readable; however, be aware that if the private key is backed by a PKCS #11 URI - for example, if it is stored on a smartcard - then this property will be %NULL. If so, the private key must be referenced via its PKCS #11 URI, #GTlsCertificate:private-key-pkcs11-uri. You must check both properties to see if the certificate really has a private key. When this property is read, the output format will be unencrypted PKCS #8.
A URI referencing a PKCS #11 object containing a private key.
The DER (binary) encoded representation of the certificate. This property and the #GTlsCertificate:certificate-pem property represent the same data, just in different forms.