1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
3 * soup-ssl.c: temporary ssl integration
5 * Copyright (C) 2010 Red Hat, Inc.
15 #include "soup-misc.h"
17 const gboolean soup_ssl_supported = TRUE;
19 struct SoupSSLCredentials {
21 GTlsCertificateFlags validation_flags;
22 GTlsCertificate *certificate;
26 soup_ssl_get_client_credentials (const char *ca_file)
28 SoupSSLCredentials *creds;
30 creds = g_slice_new0 (SoupSSLCredentials);
35 creds->ca_list = g_tls_certificate_list_new_from_file (ca_file, &error);
37 if (!g_error_matches (error, G_TLS_ERROR, G_TLS_ERROR_UNAVAILABLE)) {
38 g_warning ("Could not set SSL credentials from '%s': %s",
39 ca_file, error->message);
43 creds->validation_flags = G_TLS_CERTIFICATE_VALIDATE_ALL;
50 soup_ssl_credentials_verify_certificate (SoupSSLCredentials *creds,
51 GTlsCertificate *cert,
52 GTlsCertificateFlags errors)
54 errors = errors & creds->validation_flags;
56 if (errors & G_TLS_CERTIFICATE_UNKNOWN_CA) {
59 for (ca = creds->ca_list; ca; ca = ca->next) {
60 if ((g_tls_certificate_verify (cert, NULL, ca->data) & G_TLS_CERTIFICATE_UNKNOWN_CA) == 0) {
61 errors &= ~G_TLS_CERTIFICATE_UNKNOWN_CA;
71 soup_ssl_free_client_credentials (SoupSSLCredentials *client_creds)
75 for (c = client_creds->ca_list; c; c = c->next)
76 g_object_unref (c->data);
77 g_list_free (client_creds->ca_list);
78 g_slice_free (SoupSSLCredentials, client_creds);
82 soup_ssl_get_server_credentials (const char *cert_file, const char *key_file)
84 SoupSSLCredentials *creds;
87 creds = g_slice_new0 (SoupSSLCredentials);
89 creds->certificate = g_tls_certificate_new_from_files (cert_file, key_file, &error);
90 if (!creds->certificate) {
91 g_warning ("Could not read SSL certificate from '%s': %s",
92 cert_file, error->message);
94 g_slice_free (SoupSSLCredentials, creds);
102 soup_ssl_credentials_get_certificate (SoupSSLCredentials *creds)
104 return creds->certificate;
108 soup_ssl_free_server_credentials (SoupSSLCredentials *server_creds)
110 g_object_unref (server_creds->certificate);
111 g_slice_free (SoupSSLCredentials, server_creds);
117 * A #GError domain representing an SSL error. Used with #SoupSSLError.
120 * soup_ssl_error_quark:
122 * The quark used as %SOUP_SSL_ERROR
124 * Return value: The quark used as %SOUP_SSL_ERROR
127 soup_ssl_error_quark (void)
131 error = g_quark_from_static_string ("soup_ssl_error_quark");
137 * @SOUP_SSL_ERROR_HANDSHAKE_NEEDS_READ: Internal error. Never exposed
138 * outside of libsoup.
139 * @SOUP_SSL_ERROR_HANDSHAKE_NEEDS_WRITE: Internal error. Never exposed
140 * outside of libsoup.
141 * @SOUP_SSL_ERROR_CERTIFICATE: Indicates an error validating an SSL
144 * SSL-related I/O errors.