diff options
author | Michael Catanzaro <mcatanzaro@redhat.com> | 2021-08-04 15:20:41 -0500 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@redhat.com> | 2021-08-04 15:57:47 -0500 |
commit | ffa5c17d12d296583cc7ca598031eab04a91b239 (patch) | |
tree | b0868b7575e0390790ed13805b8a4c82ef8fc4cf | |
parent | acff685c13d51a3ea1014bb3471e7698e15d5f05 (diff) | |
download | glib-mcatanzaro/validation-flags.tar.gz |
gsocketclient: deprecate tls-validation-flags propertymcatanzaro/validation-flags
It doesn't work as expected, and you shouldn't be trying to use it
anyway.
-rw-r--r-- | gio/gsocketclient.c | 37 | ||||
-rw-r--r-- | gio/gsocketclient.h | 4 |
2 files changed, 38 insertions, 3 deletions
diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c index 62b1afbcd..c378d8692 100644 --- a/gio/gsocketclient.c +++ b/gio/gsocketclient.c @@ -289,7 +289,9 @@ g_socket_client_get_property (GObject *object, break; case PROP_TLS_VALIDATION_FLAGS: +G_GNUC_BEGIN_IGNORE_DEPRECATIONS g_value_set_flags (value, g_socket_client_get_tls_validation_flags (client)); +G_GNUC_END_IGNORE_DEPRECATIONS break; case PROP_PROXY_RESOLVER: @@ -340,7 +342,9 @@ g_socket_client_set_property (GObject *object, break; case PROP_TLS_VALIDATION_FLAGS: +G_GNUC_BEGIN_IGNORE_DEPRECATIONS g_socket_client_set_tls_validation_flags (client, g_value_get_flags (value)); +G_GNUC_END_IGNORE_DEPRECATIONS break; case PROP_PROXY_RESOLVER: @@ -682,6 +686,8 @@ g_socket_client_set_tls (GSocketClient *client, * Returns: the TLS validation flags * * Since: 2.28 + * + * Deprecated: 2.70. Do not attempt to ignore validation errors. */ GTlsCertificateFlags g_socket_client_get_tls_validation_flags (GSocketClient *client) @@ -697,7 +703,11 @@ g_socket_client_get_tls_validation_flags (GSocketClient *client) * Sets the TLS validation flags used when creating TLS connections * via @client. The default value is %G_TLS_CERTIFICATE_VALIDATE_ALL. * + * See #GSocketClient:tls-validation-flags for more information. + * * Since: 2.28 + * + * Deprecated: 2.70. Do not attempt to ignore validation errors. */ void g_socket_client_set_tls_validation_flags (GSocketClient *client, @@ -916,6 +926,26 @@ g_socket_client_class_init (GSocketClientClass *class) G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); + + /** + * GSocketClient:tls-validation-flags: + * + * The TLS validation flags used when creating TLS connections. The + * default value is %G_TLS_CERTIFICATE_VALIDATE_ALL. + * + * GLib guarantees that if certificate verification fails, at least one + * flag will be set, but it does not guarantee that all possible flags + * will be set. Accordingly, you may not safely decide to ignore any + * particular type of error. For example, it would be incorrect to mask + * %G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, + * because this could potentially be the only error flag set even if + * other problems exist with the certificate. Therefore, there is no + * safe way to use this property. This is not a horrible problem, + * though, because you should not be attempting to ignore validation + * errors anyway. + * + * Deprecated: 2.70. Do not attempt to ignore validation errors. + */ g_object_class_install_property (gobject_class, PROP_TLS_VALIDATION_FLAGS, g_param_spec_flags ("tls-validation-flags", P_("TLS validation flags"), @@ -924,7 +954,8 @@ g_socket_client_class_init (GSocketClientClass *class) G_TLS_CERTIFICATE_VALIDATE_ALL, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | - G_PARAM_STATIC_STRINGS)); + G_PARAM_STATIC_STRINGS | + G_PARAM_DEPRECATED)); /** * GSocketClient:proxy-resolver: @@ -1209,8 +1240,10 @@ g_socket_client_connect (GSocketClient *client, if (tlsconn) { +G_GNUC_BEGIN_IGNORE_DEPRECATIONS g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (tlsconn), client->priv->tls_validation_flags); +G_GNUC_END_IGNORE_DEPRECATIONS g_socket_client_emit_event (client, G_SOCKET_CLIENT_TLS_HANDSHAKING, connectable, connection); if (g_tls_connection_handshake (G_TLS_CONNECTION (tlsconn), cancellable, &error_info->tmp_error)) @@ -1635,8 +1668,10 @@ g_socket_client_tls_handshake (ConnectionAttempt *attempt) &data->error_info->tmp_error); if (tlsconn) { +G_GNUC_BEGIN_IGNORE_DEPRECATIONS g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (tlsconn), data->client->priv->tls_validation_flags); +G_GNUC_END_IGNORE_DEPRECATIONS g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_TLS_HANDSHAKING, data->connectable, G_IO_STREAM (tlsconn)); g_tls_connection_handshake_async (G_TLS_CONNECTION (tlsconn), G_PRIORITY_DEFAULT, diff --git a/gio/gsocketclient.h b/gio/gsocketclient.h index f0153450d..1b532f8b0 100644 --- a/gio/gsocketclient.h +++ b/gio/gsocketclient.h @@ -110,9 +110,9 @@ gboolean g_socket_client_get_tls (GSocket GLIB_AVAILABLE_IN_2_28 void g_socket_client_set_tls (GSocketClient *client, gboolean tls); -GLIB_AVAILABLE_IN_2_28 +GLIB_DEPRECATED_IN_2_70 GTlsCertificateFlags g_socket_client_get_tls_validation_flags (GSocketClient *client); -GLIB_AVAILABLE_IN_2_28 +GLIB_DEPRECATED_IN_2_70 void g_socket_client_set_tls_validation_flags (GSocketClient *client, GTlsCertificateFlags flags); GLIB_AVAILABLE_IN_2_36 |