gi-gio-2.0.24: Gio bindings

CopyrightWill Thompson Iñaki García Etxebarria and Jonas Platte
LicenseLGPL-2.1
MaintainerIñaki García Etxebarria (inaki@blueleaf.cc)
Safe HaskellNone
LanguageHaskell2010

GI.Gio.Interfaces.TlsClientConnection

Contents

Description

TlsClientConnection is the client-side subclass of TlsConnection, representing a client-side TLS connection.

Since: 2.28

Synopsis

Exported types

class (GObject o, IsDescendantOf TlsClientConnection o) => IsTlsClientConnection o Source #

Type class for types which can be safely cast to TlsClientConnection, for instance with toTlsClientConnection.

toTlsClientConnection :: (MonadIO m, IsTlsClientConnection o) => o -> m TlsClientConnection Source #

Cast to TlsClientConnection, for types for which this is known to be safe. For general casts, use castTo.

Methods

copySessionState

tlsClientConnectionCopySessionState Source #

Copies session state from one connection to another. This is not normally needed, but may be used when the same session needs to be used between different endpoints as is required by some protocols such as FTP over TLS. source should have already completed a handshake, and conn should not have completed a handshake.

Since: 2.46

getAcceptedCas

tlsClientConnectionGetAcceptedCas Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a) 
=> a

conn: the TlsClientConnection

-> m [ByteString]

Returns: the list of CA DNs. You should unref each element with byteArrayUnref and then the free the list with g_list_free().

Gets the list of distinguished names of the Certificate Authorities that the server will accept certificates from. This will be set during the TLS handshake if the server requests a certificate. Otherwise, it will be Nothing.

Each item in the list is a ByteArray which contains the complete subject DN of the certificate authority.

Since: 2.28

getServerIdentity

tlsClientConnectionGetServerIdentity Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a) 
=> a

conn: the TlsClientConnection

-> m SocketConnectable

Returns: a SocketConnectable describing the expected server identity, or Nothing if the expected identity is not known.

Gets conn's expected server identity

Since: 2.28

getUseSsl3

tlsClientConnectionGetUseSsl3 Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a) 
=> a

conn: the TlsClientConnection

-> m Bool

Returns: whether conn will use the lowest-supported TLS protocol version

Deprecated: (Since version 2.56)SSL 3.0 is insecure, and this function does notactually indicate whether it is enabled.

Gets whether conn will force the lowest-supported TLS protocol version rather than attempt to negotiate the highest mutually- supported version of TLS; see tlsClientConnectionSetUseSsl3.

Since: 2.28

getValidationFlags

tlsClientConnectionGetValidationFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a) 
=> a

conn: the TlsClientConnection

-> m [TlsCertificateFlags]

Returns: the validation flags

Gets conn's validation flags

Since: 2.28

new

tlsClientConnectionNew Source #

Arguments

:: (HasCallStack, MonadIO m, IsIOStream a, IsSocketConnectable b) 
=> a

baseIoStream: the IOStream to wrap

-> Maybe b

serverIdentity: the expected identity of the server

-> m TlsClientConnection

Returns: the new TlsClientConnection, or Nothing on error (Can throw GError)

Creates a new TlsClientConnection wrapping baseIoStream (which must have pollable input and output streams) which is assumed to communicate with the server identified by serverIdentity.

See the documentation for TlsConnection:base-io-stream for restrictions on when application code can run operations on the baseIoStream after this function has returned.

Since: 2.28

setServerIdentity

tlsClientConnectionSetServerIdentity Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a, IsSocketConnectable b) 
=> a

conn: the TlsClientConnection

-> b

identity: a SocketConnectable describing the expected server identity

-> m () 

Sets conn's expected server identity, which is used both to tell servers on virtual hosts which certificate to present, and also to let conn know what name to look for in the certificate when performing TlsCertificateFlagsBadIdentity validation, if enabled.

Since: 2.28

setUseSsl3

tlsClientConnectionSetUseSsl3 Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a) 
=> a

conn: the TlsClientConnection

-> Bool

useSsl3: whether to use the lowest-supported protocol version

-> m () 

Deprecated: (Since version 2.56)SSL 3.0 is insecure, and this function does notgenerally enable or disable it, despite its name.

Since 2.42.1, if useSsl3 is True, this forces conn to use the lowest-supported TLS protocol version rather than trying to properly negotiate the highest mutually-supported protocol version with the peer. Be aware that SSL 3.0 is generally disabled by the TlsBackend, so the lowest-supported protocol version is probably not SSL 3.0.

Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to be sent to the server, causing modern TLS servers to immediately terminate the connection. You should generally only use this function if you need to connect to broken servers that exhibit TLS protocol version intolerance, and when an initial attempt to connect to a server normally has already failed.

Since: 2.28

setValidationFlags

tlsClientConnectionSetValidationFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsTlsClientConnection a) 
=> a

conn: the TlsClientConnection

-> [TlsCertificateFlags]

flags: the TlsCertificateFlags to use

-> m () 

Sets conn's validation flags, to override the default set of checks performed when validating a server certificate. By default, TlsCertificateFlagsValidateAll is used.

Since: 2.28

Properties

acceptedCas

A list of the distinguished names of the Certificate Authorities that the server will accept client certificates signed by. If the server requests a client certificate during the handshake, then this property will be set after the handshake completes.

Each item in the list is a ByteArray which contains the complete subject DN of the certificate authority.

Since: 2.28

getTlsClientConnectionAcceptedCas :: (MonadIO m, IsTlsClientConnection o) => o -> m [Ptr ()] Source #

Get the value of the “accepted-cas” property. When overloading is enabled, this is equivalent to

get tlsClientConnection #acceptedCas

serverIdentity

A SocketConnectable describing the identity of the server that is expected on the other end of the connection.

If the TlsCertificateFlagsBadIdentity flag is set in TlsClientConnection:validation-flags, this object will be used to determine the expected identify of the remote end of the connection; if TlsClientConnection:server-identity is not set, or does not match the identity presented by the server, then the TlsCertificateFlagsBadIdentity validation will fail.

In addition to its use in verifying the server certificate, this is also used to give a hint to the server about what certificate we expect, which is useful for servers that serve virtual hosts.

Since: 2.28

constructTlsClientConnectionServerIdentity :: (IsTlsClientConnection o, IsSocketConnectable a) => a -> IO (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “server-identity” property. This is rarely needed directly, but it is used by new.

getTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o) => o -> m SocketConnectable Source #

Get the value of the “server-identity” property. When overloading is enabled, this is equivalent to

get tlsClientConnection #serverIdentity

setTlsClientConnectionServerIdentity :: (MonadIO m, IsTlsClientConnection o, IsSocketConnectable a) => o -> a -> m () Source #

Set the value of the “server-identity” property. When overloading is enabled, this is equivalent to

set tlsClientConnection [ #serverIdentity := value ]

useSsl3

If True, forces the connection to use a fallback version of TLS or SSL, rather than trying to negotiate the best version of TLS to use. See tlsClientConnectionSetUseSsl3.

Since: 2.28

constructTlsClientConnectionUseSsl3 :: IsTlsClientConnection o => Bool -> IO (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “use-ssl3” property. This is rarely needed directly, but it is used by new.

getTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> m Bool Source #

Get the value of the “use-ssl3” property. When overloading is enabled, this is equivalent to

get tlsClientConnection #useSsl3

setTlsClientConnectionUseSsl3 :: (MonadIO m, IsTlsClientConnection o) => o -> Bool -> m () Source #

Set the value of the “use-ssl3” property. When overloading is enabled, this is equivalent to

set tlsClientConnection [ #useSsl3 := value ]

validationFlags

What steps to perform when validating a certificate received from a server. Server certificates that fail to validate in all of the ways indicated here will be rejected unless the application overrides the default via TlsConnection::accept-certificate.

Since: 2.28

constructTlsClientConnectionValidationFlags :: IsTlsClientConnection o => [TlsCertificateFlags] -> IO (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “validation-flags” property. This is rarely needed directly, but it is used by new.

getTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> m [TlsCertificateFlags] Source #

Get the value of the “validation-flags” property. When overloading is enabled, this is equivalent to

get tlsClientConnection #validationFlags

setTlsClientConnectionValidationFlags :: (MonadIO m, IsTlsClientConnection o) => o -> [TlsCertificateFlags] -> m () Source #

Set the value of the “validation-flags” property. When overloading is enabled, this is equivalent to

set tlsClientConnection [ #validationFlags := value ]