| Copyright | Will Thompson Iñaki García Etxebarria and Jonas Platte |
|---|---|
| License | LGPL-2.1 |
| Maintainer | Iñaki García Etxebarria (garetxe@gmail.com) |
| Safe Haskell | None |
| Language | Haskell2010 |
GI.Gio.Interfaces.TlsClientConnection
Contents
Description
TlsClientConnection is the client-side subclass of
TlsConnection, representing a client-side TLS connection.
Since: 2.28
Synopsis
- newtype TlsClientConnection = TlsClientConnection (ManagedPtr TlsClientConnection)
- noTlsClientConnection :: Maybe TlsClientConnection
- class GObject o => IsTlsClientConnection o
- toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection
- tlsClientConnectionCopySessionState :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsTlsClientConnection b) => a -> b -> m ()
- tlsClientConnectionGetAcceptedCas :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m [ByteString]
- tlsClientConnectionGetServerIdentity :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m SocketConnectable
- tlsClientConnectionGetUseSsl3 :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m Bool
- tlsClientConnectionGetValidationFlags :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> m [TlsCertificateFlags]
- tlsClientConnectionNew :: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) => a -> Maybe b -> m TlsClientConnection
- tlsClientConnectionSetServerIdentity :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) => a -> b -> m ()
- tlsClientConnectionSetUseSsl3 :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> Bool -> m ()
- tlsClientConnectionSetValidationFlags :: (HasCallStack, MonadIO m, IsTlsClientConnection a) => a -> [TlsCertificateFlags] -> m ()
- getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()]
- constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o)
- getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable
- setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m ()
- constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o)
- getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool
- setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m ()
- constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o)
- getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags]
- setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m ()
Exported types
newtype TlsClientConnection Source #
Memory-managed wrapper type.
Constructors
| TlsClientConnection (ManagedPtr TlsClientConnection) |
Instances
noTlsClientConnection :: Maybe TlsClientConnection Source #
A convenience alias for Nothing :: Maybe TlsClientConnection.
class GObject o => IsTlsClientConnection o Source #
Type class for types which can be safely cast to TlsClientConnection, for instance with toTlsClientConnection.
Instances
toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection Source #
Cast to TlsClientConnection, for types for which this is known to be safe. For general casts, use castTo.
Methods
copySessionState
tlsClientConnectionCopySessionState Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsTlsClientConnection b) | |
| => a |
|
| -> b |
|
| -> m () |
Copies session state from one connection to another. This is
not normally needed, but may be used when the same session
needs to be used between different endpoints as is required
by some protocols such as FTP over TLS. source should have
already completed a handshake, and conn should not have
completed a handshake.
Since: 2.46
getAcceptedCas
tlsClientConnectionGetAcceptedCas Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
| => a |
|
| -> m [ByteString] | Returns: the list of
CA DNs. You should unref each element with |
Gets the list of distinguished names of the Certificate Authorities
that the server will accept certificates from. This will be set
during the TLS handshake if the server requests a certificate.
Otherwise, it will be Nothing.
Each item in the list is a ByteArray which contains the complete
subject DN of the certificate authority.
Since: 2.28
getServerIdentity
tlsClientConnectionGetServerIdentity Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
| => a |
|
| -> m SocketConnectable | Returns: a |
Gets conn's expected server identity
Since: 2.28
getUseSsl3
tlsClientConnectionGetUseSsl3 Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
| => a |
|
| -> m Bool | Returns: whether |
Deprecated: (Since version 2.56)SSL 3.0 is insecure, and this function does notactually indicate whether it is enabled.
Gets whether conn will force the lowest-supported TLS protocol
version rather than attempt to negotiate the highest mutually-
supported version of TLS; see tlsClientConnectionSetUseSsl3.
Since: 2.28
getValidationFlags
tlsClientConnectionGetValidationFlags Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
| => a |
|
| -> m [TlsCertificateFlags] | Returns: the validation flags |
Gets conn's validation flags
Since: 2.28
new
tlsClientConnectionNew Source #
Arguments
| :: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) | |
| => a |
|
| -> Maybe b |
|
| -> m TlsClientConnection | Returns: the new
|
Creates a new TlsClientConnection wrapping baseIoStream (which
must have pollable input and output streams) which is assumed to
communicate with the server identified by serverIdentity.
See the documentation for TlsConnection:base-io-stream for restrictions
on when application code can run operations on the baseIoStream after
this function has returned.
Since: 2.28
setServerIdentity
tlsClientConnectionSetServerIdentity Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) | |
| => a |
|
| -> b |
|
| -> m () |
Sets conn's expected server identity, which is used both to tell
servers on virtual hosts which certificate to present, and also
to let conn know what name to look for in the certificate when
performing TlsCertificateFlagsBadIdentity validation, if enabled.
Since: 2.28
setUseSsl3
tlsClientConnectionSetUseSsl3 Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
| => a |
|
| -> Bool |
|
| -> m () |
Deprecated: (Since version 2.56)SSL 3.0 is insecure, and this function does notgenerally enable or disable it, despite its name.
If useSsl3 is True, this forces conn to use the lowest-supported
TLS protocol version rather than trying to properly negotiate the
highest mutually-supported protocol version with the peer. This can
be used when talking to broken TLS servers that exhibit protocol
version intolerance.
Be aware that SSL 3.0 is generally disabled by the TlsBackend, so
the lowest-supported protocol version is probably not SSL 3.0.
Since: 2.28
setValidationFlags
tlsClientConnectionSetValidationFlags Source #
Arguments
| :: (HasCallStack, MonadIO m, IsTlsClientConnection a) | |
| => a |
|
| -> [TlsCertificateFlags] |
|
| -> m () |
Sets conn's validation flags, to override the default set of
checks performed when validating a server certificate. By default,
TlsCertificateFlagsValidateAll is used.
Since: 2.28
Properties
acceptedCas
A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.
Each item in the list is a ByteArray which contains the complete
subject DN of the certificate authority.
Since: 2.28
getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()] Source #
Get the value of the “accepted-cas” property.
When overloading is enabled, this is equivalent to
get tlsClientConnection #acceptedCas
serverIdentity
A SocketConnectable describing the identity of the server that
is expected on the other end of the connection.
If the TlsCertificateFlagsBadIdentity flag is set in
TlsClientConnection:validation-flags, this object will be used
to determine the expected identify of the remote end of the
connection; if TlsClientConnection:server-identity is not set,
or does not match the identity presented by the server, then the
TlsCertificateFlagsBadIdentity validation will fail.
In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.
Since: 2.28
constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o) Source #
Construct a GValueConstruct with valid value for the “server-identity” property. This is rarely needed directly, but it is used by new.
getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable Source #
Get the value of the “server-identity” property.
When overloading is enabled, this is equivalent to
get tlsClientConnection #serverIdentity
setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m () Source #
Set the value of the “server-identity” property.
When overloading is enabled, this is equivalent to
settlsClientConnection [ #serverIdentity:=value ]
useSsl3
If True, forces the connection to use a fallback version of TLS
or SSL, rather than trying to negotiate the best version of TLS
to use. This can be used when talking to servers that don't
implement version negotiation correctly and therefore refuse to
handshake at all with a modern TLS handshake.
Despite the property name, the fallback version is usually not
SSL 3.0, because SSL 3.0 is generally disabled by the TlsBackend.
TlsClientConnection will use the next-highest available version
as the fallback version.
Since: 2.28
constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o) Source #
Construct a GValueConstruct with valid value for the “use-ssl3” property. This is rarely needed directly, but it is used by new.
getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool Source #
Get the value of the “use-ssl3” property.
When overloading is enabled, this is equivalent to
get tlsClientConnection #useSsl3
setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m () Source #
Set the value of the “use-ssl3” property.
When overloading is enabled, this is equivalent to
settlsClientConnection [ #useSsl3:=value ]
validationFlags
What steps to perform when validating a certificate received from
a server. Server certificates that fail to validate in all of the
ways indicated here will be rejected unless the application
overrides the default via TlsConnection::accept-certificate.
Since: 2.28
constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o) Source #
Construct a GValueConstruct with valid value for the “validation-flags” property. This is rarely needed directly, but it is used by new.
getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags] Source #
Get the value of the “validation-flags” property.
When overloading is enabled, this is equivalent to
get tlsClientConnection #validationFlags
setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m () Source #
Set the value of the “validation-flags” property.
When overloading is enabled, this is equivalent to
settlsClientConnection [ #validationFlags:=value ]