*.lo
*.la
*.test
-*.log
-*.trs
# autofoo stuff here
compile
INSTALL
ChangeLog
+m4/intltool.m4
m4/libtool.m4
m4/lt*.m4
proxy/libproxy/glib-pacrunner
-proxy/libproxy/glib-pacrunner.service
proxy/libproxy/org.gtk.GLib.PACRunner.service
proxy/tests/gnome
proxy/tests/libproxy
/tls/tests/pkcs11-pin
/tls/tests/pkcs11-slot
/tls/tests/pkcs11-util
-/tls/tests/files/server-csr.pem
-/tls/tests/files/client-csr.pem
+++ /dev/null
-
- LICENSE EXCEPTION FOR OPENSSL
-
- * In addition, as a special exception, the copyright holders give
- * permission to link the code of portions of this program with the
- * OpenSSL library, and distribute linked combinations
- * including the two.
- * You must obey the GNU Library General Public License in all respects
- * for all of the code used other than OpenSSL. If you modify
- * file(s) with this exception, you may extend this exception to your
- * version of the file(s), but you are not obligated to do so. If you
- * do not wish to do so, delete this exception statement from your
- * version. If you delete this exception statement from all source
- * files in the program, then also delete it here.
if test -n "$(GIO_QUERYMODULES)" -a -z "$(DESTDIR)"; then \
$(GIO_QUERYMODULES) $(GIO_MODULE_DIR) ; \
fi
-
-EXTRA_DIST += \
- tap-driver.sh \
- tap-test \
- $(NULL)
-2.50.0
-======
- * New stable release.
-
- * Updated translations: British English, Polish
-
-2.49.90
-=======
- * Ported to use upstream gettext rather than intltool/glib-gettext
- [#768708, Javier Jardón]
-
- * Updated po files for future gettext versions [Piotr Drąg]
-
- * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
-
- * Updated translations: Occitan
-
-2.48.2
-======
- * gnutls: Fixed an infinite loop if a server sent two identical
- copies of its CA certificate [#765317, Carlos Garcia Campos]
-
- * New/updated translations: Occitan, Scottish Gaelic
-
-2.48.1
-======
- * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
-
- * Fixed bash-ism in configure [#765396, Patrick Welche]
-
- * Updated translations: Friulian
-
-2.48.0
-======
- * New stable release. (No changes since 2.47.90)
-
-2.47.90
-=======
- * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
- validation code directly, rather than attempting to build a
- certificate chain itself first. [#753260 and others, Dan Winship]
-
- * gnutls: Fixed a leak when closing a connection during an implicit
- handshake [#736809, Philip Withnall]
-
- * gnutls: Fixed "make check" without PKCS#11 support [#728977,
- Gilles Dartiguelongue]
-
- * gnutls: Various changes in preparation for DTLS support (but not
- the actual DTLS support itself) [#697908, #735754, Philip
- Withnall, Olivier Crête]
-
- * Updated translations: Occitan
-
-2.47.1
-======
- * Fixed a certificate chain validation problem that affected
- Facebook in Epiphany. [#750457, Carlos Garcia Campos]
-
- * Added a systemd service file for glib-pacrunner [#755740, Simon
- McVittie]
-
-2.46.0
-======
- * Various minor cleanups and small memory leak fixes
-
- * Added a new test case for client certificate chain handling
- [#754129, Michael Catanzaro]
-
- * New/updated translations:
- Japanese, Occitan, Portuguese
-
-2.45.1
-======
- * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
- to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
- Lagerwall)
-
-2.44.0
-======
- * New stable release. (No changes since 2.43.92)
-
-2.43.92
-=======
- * Fix TLS session caching when using session tickets (#745099, Ross
- Lagerwall)
-
- * Updated translations:
- Bosnian
-
-2.43.91
-=======
- * tls/gnutls: Removed a workaround for connecting to servers with
- weak DH parameters, which was apparently only needed because
- gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
- (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
-
- * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
- and 2.43.1 accidentally used a 3.x-only function, so we already
- required it, we were just failing to declare that fact.)
-
- * tls/tests: Skip certain tests when running against old gnutls or
- GLib releases. (glib-networking 2.43.91 itself does not require
- GLib 2.43, but one of the test cases does.)
-
- * Updated translations:
- Friulian
-
-2.43.1
-======
-
- * The GTlsClientConnection "use-ssl3" property now falls back to TLS
- 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
- we now use the gnutls %LATEST_RECORD_VERSION option by default (to
- allow connecting to certain servers that were incorrectly patched
- for the POODLE attack), but also make sure to remove that option
- in the fallback ("use-ssl3") mode (to allow connecting to other
- servers that are differently broken). (#738633, #740087, Dan
- Winship)
-
- * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
- (#736757, #736809, #737106, Philip Withnall)
-
- * New/updated translations:
- Kazakh
-
-2.42.0
-======
- * New stable release. (No changes since 2.41.92)
-
-2.41.92
-=======
- * tls/gnutls: Incorrectly-ordered certificate chains are now
- accepted (#683266, Michael Catanzaro)
-
- * tls/gnutls: Closing an already-closed GTlsConnection now correctly
- returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
- Crête)
-
-2.41.4
-======
- * tls/gnutls: certificates with IP address subject altnames are now
- supported (#726596, Aleix Conchillo Flaqué)
-
- * tls/tests: added a script to re-generate the certificates, and
- regenerated them (since the key for the existing CA certificate
- had been lost, so it wasn't possible to add new test certificates,
- eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
-
- * Updated translations:
- Greek
-
-2.41.3
-======
- * tls/gnutls: g_tls_backend_get_default_database() should never
- return %NULL; if glib-networking was built without a
- ca-certificates file, then the default GTlsDatabase should just be
- empty. (#727282, Olivier Crête)
-
- * tls/gnutls: If a server's certificate includes an issuer chain, we
- now send the entire chain to the client. (#724708, Aleix Conchillo
- Flaqué)
-
- * Updated translations:
- Swedish
-
-2.40.0
-======
- * New stable release. (No changes since 2.39.90)
-
-2.39.90
-=======
- * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
- Philip Withnall)
-
- * tls/tests: Fix another flaky test (#722336)
-
- * tests: use the TAP driver
-
- * Updated translations:
- Chinese, Czech
-
-2.39.3
-======
- * tls/tests: Fix one sporadic bug in the connection test (#720081)
- and make it properly fail rather than hanging forever when another
- sporadic bug happens (which I don't actually know the cause of)
- (#719727)
-
- * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
- Lortie)
-
-2.39.1
-======
- * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
- when processing a certificate request. (#637257, Stef Walter)
-
- * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
- correctly rather than reporting "The specified session has
- been invalidated for some reason". (#710700, Aleix Concillo
- Flaque)
-
- * tls/tests: Fix to previous installed-tests fix, which resulted
- in some files getting installed even when installed tests weren't
- enabled. (#710197)
-
- * tls/tests: add a test for a fix made in glib (#710691, Aleix
- Conchillo Flaque).
-
-2.38.1
-======
- * glibpacrunner: Don't crash if there is an internal libproxy error.
- (rhbz #866927)
-
- * tls/tests: Fix installed tests to not accidentally depend on
- having the source tree still exist. (#709628)
-
- * Updated translations:
- Tajik
-
2.38.0
======
* New stable release. (No changes since 2.37.5)
mkdir -p m4
autoreconf --force --install --verbose || exit $?
+intltoolize --copy --force --automake || exit $?
cd "$olddir"
test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"
AC_PREREQ(2.65)
AC_CONFIG_MACRO_DIR([m4])
-AC_INIT([glib-networking],[2.50.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network])
+AC_INIT([glib-networking],[2.38.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network])
AC_CONFIG_SRCDIR([proxy/libproxy/glibproxyresolver.h])
AC_CONFIG_HEADERS([config.h])
dnl Checks for libraries.
dnl ****************************
-dnl *** Checks for gettext ***
+dnl *** Checks for intltool ***
dnl ****************************
-AM_GNU_GETTEXT_VERSION([0.19.4])
-AM_GNU_GETTEXT([external])
+IT_PROG_INTLTOOL([0.35.0])
GETTEXT_PACKAGE=glib-networking
+
AC_SUBST([GETTEXT_PACKAGE])
AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[The gettext domain name])
+AM_GLIB_GNU_GETTEXT
dnl *****************************
dnl *** Check GLib GIO ***
dnl *****************************
-AM_PATH_GLIB_2_0(2.46.0,,AC_MSG_ERROR(GLIB not found),gio)
-GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_46"
+AM_PATH_GLIB_2_0(2.38.0,,AC_MSG_ERROR(GLIB not found),gio)
+GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_36"
GIO_MODULE_DIR=$($PKG_CONFIG --variable giomoduledir gio-2.0)
-AS_IF([test "$GIO_MODULE_DIR" = ""],
+AS_IF([test "x$GIO_MODULE_DIR" = "x"],
[AC_MSG_FAILURE(GIO_MODULE_DIR is missing from gio-2.0.pc)])
AC_SUBST(GIO_MODULE_DIR)
[support for libproxy @<:@default=check@:>@])],
[],
[with_libproxy=check])
-AS_IF([test "$with_libproxy" != "no"],
+AS_IF([test "x$with_libproxy" != "xno"],
[PKG_CHECK_MODULES(LIBPROXY, [libproxy-1.0 >= 0.3.1],
[with_libproxy=yes; proxy_support=libproxy],
- [AS_IF([test "$with_libproxy" = "yes"],
+ [AS_IF([test "x$with_libproxy" = "xyes"],
[AC_MSG_FAILURE("$LIBPROXY_PKG_ERRORS")])])])
-AM_CONDITIONAL(HAVE_LIBPROXY, [test "$with_libproxy" = "yes"])
+AM_CONDITIONAL(HAVE_LIBPROXY, [test "x$with_libproxy" = "xyes"])
AC_SUBST(LIBPROXY_CFLAGS)
AC_SUBST(LIBPROXY_LIBS)
[support for GNOME proxy configuration @<:@default=check@:>@])],
[],
[with_gnome_proxy=check])
-AS_IF([test "$with_gnome_proxy" != "no"],
+AS_IF([test "x$with_gnome_proxy" != "xno"],
[PKG_CHECK_MODULES(GSETTINGS_DESKTOP_SCHEMAS, [gsettings-desktop-schemas],
[with_gnome_proxy=yes; proxy_support="gnome $proxy_support"],
- [AS_IF([test "$with_gnome_proxy" = "yes"],
+ [AS_IF([test "x$with_gnome_proxy" = "xyes"],
[AC_MSG_FAILURE("$GSETTINGS_DESKTOP_SCHEMAS_PKG_ERRORS")])])])
-AM_CONDITIONAL(HAVE_GNOME_PROXY, [test "$with_gnome_proxy" = "yes"])
+AM_CONDITIONAL(HAVE_GNOME_PROXY, [test "x$with_gnome_proxy" = "xyes"])
AC_SUBST(GSETTINGS_DESKTOP_SCHEMAS_CFLAGS)
dnl *****************************
dnl *** Checks for GNUTLS ***
dnl *****************************
-GNUTLS_MIN_REQUIRED=3.0
+GNUTLS_MIN_REQUIRED=2.12.8
AC_ARG_WITH(gnutls,
[AC_HELP_STRING([--with-gnutls],
[support for GNUTLS @<:@default=yes@:>@])],
[],
[with_gnutls=yes])
-if test "$with_gnutls" != "no"; then
+if test "x$with_gnutls" != "xno"; then
PKG_CHECK_MODULES(GNUTLS,
[gnutls >= $GNUTLS_MIN_REQUIRED],
[with_gnutls=yes
tls_support="${tls_support}gnutls "],
- [AS_IF([test "$with_gnutls" = "yes"],
+ [AS_IF([test "x$with_gnutls" = "xyes"],
[AC_MSG_FAILURE("$GNUTLS_PKG_ERRORS")])])
fi
-AM_CONDITIONAL(HAVE_GNUTLS, [test "$with_gnutls" = "yes"])
+AM_CONDITIONAL(HAVE_GNUTLS, [test "x$with_gnutls" = "xyes"])
AC_SUBST(GNUTLS_CFLAGS)
AC_SUBST(GNUTLS_LIBS)
-if test "$with_gnutls" = "yes"; then
+if test "x$with_gnutls" = "xyes"; then
AC_MSG_CHECKING([location of system Certificate Authority list])
AC_ARG_WITH(ca-certificates,
[AC_HELP_STRING([--with-ca-certificates=@<:@path@:>@],
[support for pkcs11 @<:@default=check@:>@])],
[],
[with_pkcs11=check])
-if test "$with_pkcs11" != "no"; then
+if test "x$with_pkcs11" != "xno"; then
PKG_CHECK_MODULES(PKCS11,
[p11-kit-1 >= $P11_KIT_REQUIRED],
[with_pkcs11=yes
pkcs11_support=p11-kit
tls_support="${tls_support}gnutls-pkcs11 "
AC_DEFINE_UNQUOTED([HAVE_PKCS11], [1], [Building with PKCS#11 support])],
- [AS_IF([test "$with_pkcs11" = "yes"],
+ [AS_IF([test "x$with_pkcs11" = "xyes"],
[AC_MSG_FAILURE("$PKCS11_PKG_ERRORS")])
pkcs11_support=no])
else
pkcs11_support=no
fi
-AM_CONDITIONAL(HAVE_PKCS11, [test "$with_pkcs11" = "yes"])
+AM_CONDITIONAL(HAVE_PKCS11, [test "x$with_pkcs11" = "xyes"])
AC_SUBST(PKCS11_CFLAGS)
AC_SUBST(PKCS11_LIBS)
[Enable gcov]),
[use_gcov=$enableval], [use_gcov=no])
-if test "$use_gcov" = "yes"; then
+if test "x$use_gcov" = "xyes"; then
dnl we need gcc:
if test "$GCC" != "yes"; then
AC_MSG_ERROR([GCC is required for --enable-gcov])
if test "$tls_support" != "no"; then
echo " PKCS#11 Support: $pkcs11_support"
echo " TLS CA file: ${with_ca_certificates:-(none)}"
- if test "x$with_ca_certificates" != xno -a -n "$with_ca_certificates"; then
+ if test -n "$with_ca_certificates"; then
if ! test -f "$with_ca_certificates"; then
AC_MSG_WARN([Specified certificate authority file '$with_ca_certificates' does not exist])
fi
<download-page rdf:resource="http://download.gnome.org/sources/glib-networking" />
<bug-database rdf:resource="http://bugzilla.gnome.org/browse.cgi?product=glib" />
- <category rdf:resource="http://api.gnome.org/doap-extensions#core" />
- <programming-language>C</programming-language>
<maintainer>
<foaf:Person>
AM_CPPFLAGS = \
-DG_LOG_DOMAIN=\"GLib-Net\" \
- -DLOCALE_DIR=\""$(localedir)"\" \
-DG_DISABLE_DEPRECATED \
$(GLIB_CFLAGS) \
$(NULL)
# GLIB - Library of useful C routines
-TESTS_ENVIRONMENT= \
- G_TEST_SRCDIR="$(abs_srcdir)" \
- G_TEST_BUILDDIR="$(abs_builddir)" \
- G_DEBUG=gc-friendly \
- MALLOC_CHECK_=2 \
- MALLOC_PERTURB_=$$(($${RANDOM:-256} % 256))
-LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
-LOG_COMPILER = $(top_srcdir)/tap-test
-
+GTESTER = gtester # for non-GLIB packages
+GTESTER_REPORT = gtester-report # for non-GLIB packages
+#GTESTER = $(top_builddir)/glib/gtester # for the GLIB package
+#GTESTER_REPORT = $(top_builddir)/glib/gtester-report # for the GLIB package
NULL =
# initialize variables for unconditional += appending
DISTCLEANFILES =
MAINTAINERCLEANFILES =
EXTRA_DIST =
-TESTS =
+TEST_PROGS =
installed_test_LTLIBRARIES =
installed_test_PROGRAMS =
check_SCRIPTS =
check_DATA =
+TESTS =
+
+### testing rules
+
+# test: run all tests in cwd and subdirs
+test: test-nonrecursive
+ @ for subdir in $(SUBDIRS) . ; do \
+ test "$$subdir" = "." -o "$$subdir" = "po" || \
+ ( cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $@ ) || exit $? ; \
+ done
+
+# test-nonrecursive: run tests only in cwd
+test-nonrecursive: ${TEST_PROGS}
+ @test -z "${TEST_PROGS}" || G_TEST_SRCDIR="$(abs_srcdir)" G_TEST_BUILDDIR="$(abs_builddir)" G_DEBUG=gc-friendly MALLOC_CHECK_=2 MALLOC_PERTURB_=$$(($${RANDOM:-256} % 256)) ${GTESTER} --verbose ${TEST_PROGS}
+
+# test-report: run tests in subdirs and generate report
+# perf-report: run tests in subdirs with -m perf and generate report
+# full-report: like test-report: with -m perf and -m slow
+test-report perf-report full-report: ${TEST_PROGS}
+ @test -z "${TEST_PROGS}" || { \
+ case $@ in \
+ test-report) test_options="-k";; \
+ perf-report) test_options="-k -m=perf";; \
+ full-report) test_options="-k -m=perf -m=slow";; \
+ esac ; \
+ if test -z "$$GTESTER_LOGDIR" ; then \
+ G_TEST_SRCDIR="$(abs_srcdir)" G_TEST_BUILDDIR="$(abs_builddir)" ${GTESTER} --verbose $$test_options -o test-report.xml ${TEST_PROGS} ; \
+ elif test -n "${TEST_PROGS}" ; then \
+ G_TEST_SRCDIR="$(abs_srcdir)" G_TEST_BUILDDIR="$(abs_builddir)" ${GTESTER} --verbose $$test_options -o `mktemp "$$GTESTER_LOGDIR/log-XXXXXX"` ${TEST_PROGS} ; \
+ fi ; \
+ }
+ @ ignore_logdir=true ; \
+ if test -z "$$GTESTER_LOGDIR" ; then \
+ GTESTER_LOGDIR=`mktemp -d "\`pwd\`/.testlogs-XXXXXX"`; export GTESTER_LOGDIR ; \
+ ignore_logdir=false ; \
+ fi ; \
+ if test -d "$(top_srcdir)/.git" ; then \
+ REVISION=`git describe` ; \
+ else \
+ REVISION=$(VERSION) ; \
+ fi ; \
+ for subdir in $(SUBDIRS) . ; do \
+ test "$$subdir" = "." -o "$$subdir" = "po" || \
+ ( cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $@ ) || exit $? ; \
+ done ; \
+ $$ignore_logdir || { \
+ echo '<?xml version="1.0"?>' > $@.xml ; \
+ echo '<report-collection>' >> $@.xml ; \
+ echo '<info>' >> $@.xml ; \
+ echo ' <package>$(PACKAGE)</package>' >> $@.xml ; \
+ echo ' <version>$(VERSION)</version>' >> $@.xml ; \
+ echo " <revision>$$REVISION</revision>" >> $@.xml ; \
+ echo '</info>' >> $@.xml ; \
+ for lf in `ls -L "$$GTESTER_LOGDIR"/.` ; do \
+ sed '1,1s/^<?xml\b[^>?]*?>//' <"$$GTESTER_LOGDIR"/"$$lf" >> $@.xml ; \
+ done ; \
+ echo >> $@.xml ; \
+ echo '</report-collection>' >> $@.xml ; \
+ rm -rf "$$GTESTER_LOGDIR"/ ; \
+ ${GTESTER_REPORT} --version 2>/dev/null 1>&2 ; test "$$?" != 0 || ${GTESTER_REPORT} $@.xml >$@.html ; \
+ }
+.PHONY: test test-report perf-report full-report test-nonrecursive
+
+.PHONY: lcov genlcov lcov-clean
+# use recursive makes in order to ignore errors during check
+lcov:
+ -$(MAKE) $(AM_MAKEFLAGS) -k check
+ $(MAKE) $(AM_MAKEFLAGS) genlcov
+
+# we have to massage the lcov.info file slightly to hide the effect of libtool
+# placing the objects files in the .libs/ directory separate from the *.c
+# we also have to delete tests/.libs/libmoduletestplugin_*.gcda
+genlcov:
+ rm -f $(top_builddir)/tests/.libs/libmoduletestplugin_*.gcda
+ $(LTP) --directory $(top_builddir) --capture --output-file glib-lcov.info --test-name GLIB_PERF --no-checksum --compat-libtool
+ LANG=C $(LTP_GENHTML) --prefix $(top_builddir) --output-directory glib-lcov --title "GLib Code Coverage" --legend --show-details glib-lcov.info
+ @echo "file://$(abs_top_builddir)/glib-lcov/index.html"
+
+lcov-clean:
+ -$(LTP) --directory $(top_builddir) -z
+ -rm -rf glib-lcov.info glib-lcov
+ -find -name '*.gcda' -print | xargs rm
+
+# run tests in cwd as part of make check
+check-local: test-nonrecursive
+
# We support a fairly large range of possible variables. It is expected that all types of files in a test suite
# will belong in exactly one of the following variables.
#
# variants) will be run as part of the in-tree 'make check'. These are all assumed to be runnable under
# gtester. That's a bit strange for scripts, but it's possible.
-TESTS += $(test_programs) $(test_scripts) $(uninstalled_test_programs) $(uninstalled_test_scripts) \
- $(dist_test_scripts) $(dist_uninstalled_test_scripts)
+# we use test -z "$(TEST_PROGS)" above, so make sure we have no extra whitespace...
+TEST_PROGS += $(strip $(test_programs) $(test_scripts) $(uninstalled_test_programs) $(uninstalled_test_scripts) \
+ $(dist_test_scripts) $(dist_uninstalled_test_scripts))
# Note: build even the installed-only targets during 'make check' to ensure that they still work.
# We need to do a bit of trickery here and manage disting via EXTRA_DIST instead of using dist_ prefixes to
%.test: %$(EXEEXT) Makefile
$(AM_V_GEN) (echo '[Test]' > $@.tmp; \
echo 'Type=session' >> $@.tmp; \
- echo 'Exec=$(installed_testdir)/$(notdir $<) --tap' >> $@.tmp; \
- echo 'Output=TAP' >> $@.tmp; \
+ echo 'Exec=$(installed_testdir)/$<' >> $@.tmp; \
mv $@.tmp $@)
CLEANFILES += $(installed_test_meta_DATA)
*) AC_MSG_ERROR([bad value ${enableval} for --enable-always-build-tests]) ;;
esac])
AM_CONDITIONAL([ENABLE_ALWAYS_BUILD_TESTS], test "$ENABLE_ALWAYS_BUILD_TESTS" = "1")
- if test "$ENABLE_INSTALLED_TESTS" = "1"; then
+ if test "$ENABLE_INSTALLED_TESTS" == "1"; then
AC_SUBST(installed_test_metadir, [${datadir}/installed-tests/]AC_PACKAGE_NAME)
AC_SUBST(installed_testdir, [${libexecdir}/installed-tests/]AC_PACKAGE_NAME)
fi
be
bg
bn_IN
-bs
ca
ca@valencia
cs
fi
fr
fur
-gd
gl
gu
he
id
it
ja
-kk
km
kn
ko
mr
nb
nl
-oc
or
pa
pl
+++ /dev/null
-# Makefile variables for PO directory in any package using GNU gettext.
-
-# Usually the message domain is the same as the package name.
-DOMAIN = $(PACKAGE)
-
-# These two variables depend on the location of this directory.
-subdir = po
-top_builddir = ..
-
-# These options get passed to xgettext.
-XGETTEXT_OPTIONS = --from-code=UTF-8 --keyword=_ --keyword=N_ --keyword=C_:1c,2 --keyword=NC_:1c,2 --keyword=g_dngettext:2,3 --add-comments
-
-# This is the copyright holder that gets inserted into the header of the
-# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
-# package. (Note that the msgstr strings, extracted from the package's
-# sources, belong to the copyright holder of the package.) Translators are
-# expected to transfer the copyright for their translations to this person
-# or entity, or to disclaim their copyright. The empty string stands for
-# the public domain; in this case the translators are expected to disclaim
-# their copyright.
-COPYRIGHT_HOLDER = Free Software Foundation, Inc.
-
-# This tells whether or not to prepend "GNU " prefix to the package
-# name that gets inserted into the header of the $(DOMAIN).pot file.
-# Possible values are "yes", "no", or empty. If it is empty, try to
-# detect it automatically by scanning the files in $(top_srcdir) for
-# "GNU packagename" string.
-PACKAGE_GNU =
-
-# This is the email address or URL to which the translators shall report
-# bugs in the untranslated strings:
-# - Strings which are not entire sentences, see the maintainer guidelines
-# in the GNU gettext documentation, section 'Preparing Strings'.
-# - Strings which use unclear terms or require additional context to be
-# understood.
-# - Strings which make invalid assumptions about notation of date, time or
-# money.
-# - Pluralisation problems.
-# - Incorrect English spelling.
-# - Incorrect formatting.
-# It can be your email address, or a mailing list address where translators
-# can write to without being subscribed, or the URL of a web page through
-# which the translators can contact you.
-MSGID_BUGS_ADDRESS =
-
-# This is the list of locale categories, beyond LC_MESSAGES, for which the
-# message catalogs shall be used. It is usually empty.
-EXTRA_LOCALE_CATEGORIES =
-
-# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt'
-# context. Possible values are "yes" and "no". Set this to yes if the
-# package uses functions taking also a message context, like pgettext(), or
-# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument.
-USE_MSGCTXT = no
-
-# These options get passed to msgmerge.
-# Useful options are in particular:
-# --previous to keep previous msgids of translated messages,
-# --quiet to reduce the verbosity.
-MSGMERGE_OPTIONS =
-
-# These options get passed to msginit.
-# If you want to disable line wrapping when writing PO files, add
-# --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and
-# MSGINIT_OPTIONS.
-MSGINIT_OPTIONS =
-
-# This tells whether or not to regenerate a PO file when $(DOMAIN).pot
-# has changed. Possible values are "yes" and "no". Set this to no if
-# the POT file is checked in the repository and the version control
-# program ignores timestamps.
-PO_DEPENDS_ON_POT = no
-
-# This tells whether or not to forcibly update $(DOMAIN).pot and
-# regenerate PO files on "make dist". Possible values are "yes" and
-# "no". Set this to no if the POT file and PO files are maintained
-# externally.
-DIST_DEPENDS_ON_UPDATE_PO = no
"PO-Revision-Date: 2011-02-11 13:52+0530\n"
"Last-Translator: \n"
"Language-Team: Bengali (India) <bn_IN@li.org>\n"
-"Language: bn_IN\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+++ /dev/null
-msgid ""
-msgstr ""
-"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2015-02-27 06:51+0000\n"
-"PO-Revision-Date: 2015-02-04 14:27+0000\n"
-"Last-Translator: Samir Ribić <Unknown>\n"
-"Language-Team: Bosnian <bs@li.org>\n"
-"Language: bs\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2015-02-05 07:01+0000\n"
-"X-Generator: Launchpad (build 17331)\n"
-
-#: ../proxy/libproxy/glibproxyresolver.c:157
-msgid "Proxy resolver internal error."
-msgstr "Interna greška bliskog razrješivača."
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
-#, c-format
-msgid "Could not parse DER certificate: %s"
-msgstr "Ne mogu analizirati DER certifikate: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
-#, c-format
-msgid "Could not parse PEM certificate: %s"
-msgstr "Ne mogu analizirati PEM certifikate:: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
-#, c-format
-msgid "Could not parse DER private key: %s"
-msgstr "Ne mogu analizirati DER privatni ključ:: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
-#, c-format
-msgid "Could not parse PEM private key: %s"
-msgstr "Ne mogu analizirati PEM privatni ključ: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
-msgid "No certificate data provided"
-msgstr "Nema datih certifikacijskih podataka"
-
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
-msgid "Server required TLS certificate"
-msgstr "Server zahtijeva TLS certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:305
-#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Ne mogu kreirati TLS vezu: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:572
-msgid "Connection is closed"
-msgstr "Veza je zatvorena"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:635
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1504
-msgid "Operation would block"
-msgstr "Operacija bi se blokirala"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:774
-#: ../tls/gnutls/gtlsconnection-gnutls.c:813
-msgid "Peer failed to perform TLS handshake"
-msgstr "Saradnik neuspio da obavi TLS usaglašavanje"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:792
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Saradnik zahtijevao neispravno TLS ponovno usaglašavanje"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:819
-msgid "TLS connection closed unexpectedly"
-msgstr "TLS veza neočekivano zatvorena"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:829
-msgid "TLS connection peer did not send a certificate"
-msgstr "Saradnik u TLS konekciji nije poslao certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1245
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Greška u TLS usaglašavanju: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1255
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server nije vratio važeći TLS certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1330
-msgid "Unacceptable TLS certificate"
-msgstr "Neprihvatljiv TLS certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1538
-#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Greška u čitanju podataka iz TLS soketa: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1567
-#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Greška u pisnju podataka u TLS soket: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1619
-#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Greška u obavljanju TLS zatvaranja: %s"
-
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Certifikat nema privatnog ključa"
-
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Ovo je zadnja šansa da pravilno unesete PIN prije nego se token zaključa."
-
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Nekoliko PIN pokušaja je bilo netačni, a token će biti zaključan nakon "
-"daljih grešaka."
-
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Uneseni PIN je neispravan."
-
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
-
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 Module Pointer"
-
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "IB slota"
-
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 Identifikator slota"
"PO-Revision-Date: 2012-08-16 19:02+0200\n"
"Last-Translator: Gil Forcada <gilforcada@guifi.net>\n"
"Language-Team: Catalan <gnome-dl@llistes.softcatala.org>\n"
-"Language: ca@valencia\n"
+"Language: ca-XV\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
-msgstr "Máte poslední pokus zadat PIN správně, pak bude tiket zablokován."
+msgstr "Máte poslední pokus zadat PIN správně, pak bude kupon zablokován."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude tiket "
+"Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude kupon "
"zablokován."
#: ../tls/pkcs11/gpkcs11pin.c:112
"PO-Revision-Date: 2013-03-04 08:30+0100\n"
"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
"Language-Team: Deutsch <gnome-de@gnome.org>\n"
-"Language: de\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2014-07-09 05:52+0000\n"
-"PO-Revision-Date: 2014-07-09 14:43+0200\n"
-"Last-Translator: Tom Tryfonidis <tomtryf@gmail.com>\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
+"eywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2012-11-29 22:09+0000\n"
+"PO-Revision-Date: 2012-12-24 17:24+0300\n"
+"Last-Translator: Dimitris Spingos (Δημήτρης Σπίγγος) <dmtrs32@gmail.com>\n"
"Language-Team: team@gnome.gr\n"
"Language: el\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 1.6.5\n"
+"X-Generator: Virtaal 0.7.1\n"
"X-Project-Style: gnome\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "Εσωτερικό σφάλμα επίλυσης διαμεσολαβητή."
msgid "No certificate data provided"
msgstr "Δεν παρέχονται δεδομένα πιστοποιητικού"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "Ο διακομιστής απαίτησε πιστοποιητικό TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: ../tls/gnutls/gtlsconnection-gnutls.c:254
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Αδύνατη η δημιουργία σύνδεσης TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:531
+#: ../tls/gnutls/gtlsconnection-gnutls.c:514
msgid "Connection is closed"
msgstr "Η σύνδεση έκλεισε"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1465
+#: ../tls/gnutls/gtlsconnection-gnutls.c:576
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
msgid "Operation would block"
msgstr "Η λειτουργία θα μπλοκαριστεί"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:733
-#: ../tls/gnutls/gtlsconnection-gnutls.c:772
+#: ../tls/gnutls/gtlsconnection-gnutls.c:703
msgid "Peer failed to perform TLS handshake"
-msgstr "Î\9f ομÏ\8cÏ\84ιμος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS"
+msgstr "Î\9f άλλος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:751
+#: ../tls/gnutls/gtlsconnection-gnutls.c:720
msgid "Peer requested illegal TLS rehandshake"
-msgstr "Î\9f ομÏ\8cÏ\84ιμος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS"
+msgstr "Î\9f άλλος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:778
+#: ../tls/gnutls/gtlsconnection-gnutls.c:746
msgid "TLS connection closed unexpectedly"
msgstr "Η σύνδεση TLS τερματίστηκε απρόσμενα"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:788
+#: ../tls/gnutls/gtlsconnection-gnutls.c:756
+#| msgid "Server did not return a valid TLS certificate"
msgid "TLS connection peer did not send a certificate"
msgstr "Η ομότιμη σύνδεση TLS δεν έστειλε πιστοποιητικό"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1178
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1211
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Σφάλμα κατά τη «χειραψία» TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
-msgid "Server did not return a valid TLS certificate"
-msgstr "Ο διακομιστής δεν επέστρεψε ένα έγκυρο πιστοποιητικό TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1296
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
msgid "Unacceptable TLS certificate"
msgstr "Μη αποδεκτό πιστοποιητικό TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1499
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+msgid "Server did not return a valid TLS certificate"
+msgstr "Ο διακομιστής δεν επέστρεψε ένα έγκυρο πιστοποιητικό TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Σφάλμα κατά την ανάγνωση δεδομένων από την υποδοχή TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Σφάλμα κατά την εγγραφή δεδομένων στην υποδοχή TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1572
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
msgid "Connection is already closed"
msgstr "Η σύνδεση έχει ήδη κλείσει"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1582
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Σφάλμα κατά το κλείσιμο TLS: %s"
"locked."
msgstr ""
"Αυτή είναι η τελευταία σας ευκαιρία να πληκτρολογήσετε σωστά το PIN πριν να "
-"κλειδωθεί το διακριτικό."
+"κλειδωθεί το token."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το διακριτικό θα κλειδωθεί μετά "
-"από περαιτέρω αποτυχίες."
+"Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το token θα κλειδωθεί μετά από "
+"περαιτέρω αποτυχίες."
#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
-msgstr "Î\94εν είναι ÎγκÏ\85Ï\81ο Ï\84ο PIN Ï\80οÏ\85 Ï\80ληκÏ\84Ï\81ολογήÏ\83αÏ\84ε."
+msgstr "Το PIN Ï\80οÏ\85 ειÏ\83άγαÏ\84ε δεν είναι ÎγκÏ\85Ï\81ο."
#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr "Αναγνωριστικό υποδοχής"
+msgstr "ID υποδοχής"
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
"PO-Revision-Date: 2010-08-13 17:42-0400\n"
"Last-Translator: Nicolas Dufresne <nicolasd@git.gnome.org>\n"
"Language-Team: Canadian English <nicolasd@git.gnome.org>\n"
-"Language: en_CA\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-08-15 21:53+0000\n"
-"PO-Revision-Date: 2016-09-18 12:18+0200\n"
-"Last-Translator: David King <amigadave@amigadave.com>\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2012-09-05 19:36+0100\n"
+"PO-Revision-Date: 2012-09-05 19:36+0100\n"
+"Last-Translator: Bruce Cowan <bruce@bcowan.me.uk>\n"
"Language-Team: British English <en@li.org>\n"
"Language: en_GB\n"
"MIME-Version: 1.0\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Virtaal 0.7.1\n"
-#: proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "Proxy resolver internal error."
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Could not parse DER certificate: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Could not parse PEM certificate: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Could not parse DER private key: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Could not parse PEM private key: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgstr "No certificate data provided"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "Server required TLS certificate"
-#: tls/gnutls/gtlsconnection-gnutls.c:323
+#: ../tls/gnutls/gtlsconnection-gnutls.c:254
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Could not create TLS connection: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:585
+#: ../tls/gnutls/gtlsconnection-gnutls.c:514
msgid "Connection is closed"
msgstr "Connection is closed"
-#: tls/gnutls/gtlsconnection-gnutls.c:658
-#: tls/gnutls/gtlsconnection-gnutls.c:1537
+#: ../tls/gnutls/gtlsconnection-gnutls.c:574
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1377
msgid "Operation would block"
msgstr "Operation would block"
-#: tls/gnutls/gtlsconnection-gnutls.c:808
-#: tls/gnutls/gtlsconnection-gnutls.c:847
+#: ../tls/gnutls/gtlsconnection-gnutls.c:701
msgid "Peer failed to perform TLS handshake"
msgstr "Peer failed to perform TLS handshake"
-#: tls/gnutls/gtlsconnection-gnutls.c:826
+#: ../tls/gnutls/gtlsconnection-gnutls.c:718
msgid "Peer requested illegal TLS rehandshake"
msgstr "Peer requested illegal TLS rehandshake"
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: ../tls/gnutls/gtlsconnection-gnutls.c:744
msgid "TLS connection closed unexpectedly"
msgstr "TLS connection closed unexpectedly"
-#: tls/gnutls/gtlsconnection-gnutls.c:863
-msgid "TLS connection peer did not send a certificate"
-msgstr "TLS connection peer did not send a certificate"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1250
-#: tls/gnutls/gtlsconnection-gnutls.c:1283
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1055
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1074
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Error performing TLS handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1293
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server did not return a valid TLS certificate"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1363
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1210
msgid "Unacceptable TLS certificate"
msgstr "Unacceptable TLS certificate"
-#: tls/gnutls/gtlsconnection-gnutls.c:1571
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server did not return a valid TLS certificate"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1400
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Error reading data from TLS socket: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1600
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1429
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Error writing data to TLS socket: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1664
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1473
+msgid "Connection is already closed"
+msgstr "Connection is already closed"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1483
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Error performing TLS close: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
msgstr "Certificate has no private key"
-#: tls/pkcs11/gpkcs11pin.c:111
+#: ../tls/pkcs11/gpkcs11pin.c:108
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
"This is the last chance to enter the PIN correctly before the token is "
"locked."
-#: tls/pkcs11/gpkcs11pin.c:113
+#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
-#: tls/pkcs11/gpkcs11pin.c:115
+#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
msgstr "The PIN entered is incorrect."
-#: tls/pkcs11/gpkcs11slot.c:449
+#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
msgstr "Module"
-#: tls/pkcs11/gpkcs11slot.c:450
+#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
msgstr "PKCS#11 Module Pointer"
-#: tls/pkcs11/gpkcs11slot.c:457
+#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
msgstr "Slot ID"
-#: tls/pkcs11/gpkcs11slot.c:458
+#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
msgstr "PKCS#11 Slot Identifier"
-
-#~ msgid "Connection is already closed"
-#~ msgstr "Connection is already closed"
"PO-Revision-Date: 2011-05-15 15:54+0200\n"
"Last-Translator: Kristjan SCHMIDT <kristjan.schmidt@googlemail.com>\n"
"Language-Team: Esperanto <ubuntu-l10n-eo@lists.launchpad.net>\n"
-"Language: eo\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2012-12-02 19:10+0100\n"
"Last-Translator: Daniel Mustieles <daniel.mustieles@gmail.com>\n"
"Language-Team: Español; Castellano <gnome-es-list@gnome.org>\n"
-"Language: es\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-03-23 18:10+0330\n"
"Last-Translator: Arash Mousavi <mousavi.arash@gmail.com>\n"
"Language-Team: Persian\n"
-"Language: fa\n"
+"Language: fa_IR\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-02-25 20:13+0100\n"
"Last-Translator: Claude Paroz <claude@2xlibre.net>\n"
"Language-Team: GNOME French Team <gnomefr@traduc.org>\n"
-"Language: fr\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-04-08 06:55+0000\n"
-"PO-Revision-Date: 2016-04-08 18:19+0200\n"
+"POT-Creation-Date: 2013-03-25 12:43+0000\n"
+"PO-Revision-Date: 2013-03-26 13:02+0100\n"
"Last-Translator: Fabio Tomat <f.t.public@gmail.com>\n"
"Language-Team: Friulian <fur@li.org>\n"
"Language: fur\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.8.5\n"
+"X-Generator: Poedit 1.5.4\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
-msgstr "Erôr interni dal resolver proxy."
+msgstr ""
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Impussibil analizâ il certificât DER: %s"
+msgstr ""
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Impussibil analizâ il certificât PEM: %s"
+msgstr ""
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Impussibil analizâ la clâf privade DER: %s"
+msgstr ""
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Impussibil analizâ la clâf privade PEM: %s"
+msgstr ""
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgstr "Nissun dât di certificât dât"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "Il server al domande un certificât TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:323
+#: ../tls/gnutls/gtlsconnection-gnutls.c:258
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Impussibil creâ la conession TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:585
+#: ../tls/gnutls/gtlsconnection-gnutls.c:520
msgid "Connection is closed"
-msgstr "La conession e je sierade"
+msgstr "La conession a je sierade"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:658
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
+#: ../tls/gnutls/gtlsconnection-gnutls.c:582
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
msgid "Operation would block"
-msgstr "Le operazion e podarès blocâsi"
+msgstr "Le operazion a podares blocasi"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:808
-#: ../tls/gnutls/gtlsconnection-gnutls.c:847
+#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: ../tls/gnutls/gtlsconnection-gnutls.c:755
msgid "Peer failed to perform TLS handshake"
-msgstr "Il grop nol è rivât a eseguî il handshake TLS"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:826
+#: ../tls/gnutls/gtlsconnection-gnutls.c:729
msgid "Peer requested illegal TLS rehandshake"
-msgstr "Il grop al à domandât un rehandshake TLS no lecit"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+#: ../tls/gnutls/gtlsconnection-gnutls.c:761
msgid "TLS connection closed unexpectedly"
-msgstr "Sieradure inspietade de conession TLS"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:863
+#: ../tls/gnutls/gtlsconnection-gnutls.c:771
msgid "TLS connection peer did not send a certificate"
-msgstr "Il grop di conession TLS nol à inviât un certificât"
+msgstr "Il grop di conession TLS nol a inviât un certificât"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Erôr tal eseguî il handshake TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
msgid "Server did not return a valid TLS certificate"
-msgstr "Il server nol à tornât un certificât TLS valit"
+msgstr "Il server nol a tornât un certificât TLS valit"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
msgid "Unacceptable TLS certificate"
-msgstr "certificât TLS no acetabil"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Erôr tal lei dâts tal socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Erôr tal scrivi dâts tal socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
+msgid "Connection is already closed"
+msgstr "La conession a je za sierade"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
#, c-format
msgid "Error performing TLS close: %s"
-msgstr "Erôr tal sierâ TLS: %s"
+msgstr ""
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
-msgstr "Il certificât nol à une clâf privade"
+msgstr "Il certificât a nol a une clâf privade"
-#: ../tls/pkcs11/gpkcs11pin.c:111
+#: ../tls/pkcs11/gpkcs11pin.c:108
msgid ""
-"This is the last chance to enter the PIN correctly before the token is locked."
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
msgstr ""
-"Cheste e je la ultime pussibilitât par inserî il PIN coret prime che al vegni "
+"Cheste a je l'ultime pussibilitât par inserî il PIN coret prime che al vegni "
"blocât il token."
-#: ../tls/pkcs11/gpkcs11pin.c:113
+#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
"A son stâts fats une vore di tentatîfs par meti il PIN, il token al sarà "
"blocât dopo altris faliments."
-#: ../tls/pkcs11/gpkcs11pin.c:115
+#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
-msgstr "Il PIN dât nol è coret."
+msgstr "Il PIN dât a nol è coret."
-#: ../tls/pkcs11/gpkcs11slot.c:449
+#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
-msgstr "Modul"
+msgstr ""
-#: ../tls/pkcs11/gpkcs11slot.c:450
+#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
-msgstr "Pontadôr modul PKCS#11"
+msgstr ""
-#: ../tls/pkcs11/gpkcs11slot.c:457
+#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr "ID dal slot"
+msgstr ""
-#: ../tls/pkcs11/gpkcs11slot.c:458
+#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
-msgstr "Identificadôr Slot PKCS#11"
-
-#~ msgid "Connection is already closed"
-#~ msgstr "La conession a je za sierade"
+msgstr ""
+++ /dev/null
-# Scottish Gaelic translation for glib-networking.
-# Copyright (C) 2016 glib-networking's COPYRIGHT HOLDER
-# This file is distributed under the same license as the glib-networking package.
-# GunChleoc <fios@foramnagaidhlig.net>, 2016.
-msgid ""
-msgstr ""
-"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
-"eywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-04-28 06:59+0000\n"
-"PO-Revision-Date: 2016-04-28 15:01+0100\n"
-"Last-Translator: GunChleoc <fios@foramnagaidhlig.net>\n"
-"Language-Team: Fòram na Gàidhlig\n"
-"Language: gd\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=4; plural=(n==1 || n==11) ? 0 : (n==2 || n==12) ? 1 : "
-"(n > 2 && n < 20) ? 2 : 3;\n"
-"X-Generator: Virtaal 0.7.1\n"
-"X-Project-Style: gnome\n"
-
-#: ../proxy/libproxy/glibproxyresolver.c:157
-msgid "Proxy resolver internal error."
-msgstr "Mearachd taobh a-stagh an fhuasglaiche progsaidh."
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
-#, c-format
-msgid "Could not parse DER certificate: %s"
-msgstr "Cha deach leinn teisteanas DER a pharsadh: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
-#, c-format
-msgid "Could not parse PEM certificate: %s"
-msgstr "Cha deach leinn teisteanas PEM a pharsadh: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
-#, c-format
-msgid "Could not parse DER private key: %s"
-msgstr "Cha deach leinn iuchair phrìobhaideach DER a pharsadh: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
-#, c-format
-msgid "Could not parse PEM private key: %s"
-msgstr "Cha deach leinn iuchair phrìobhaideach PEM a pharsadh: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
-msgid "No certificate data provided"
-msgstr "Cha deach dàta teisteanais a thoirt seachad"
-
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "Dh'iarr am frithealaiche teisteanas TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:323
-#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Cha b' urrainn dhuinn ceangal TLS a chruthachadh: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:585
-msgid "Connection is closed"
-msgstr "Chaidh an ceangal a dhùnadh"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:658
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
-msgid "Operation would block"
-msgstr "Dhèanadh an t-obrachadh bacadh"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:808
-#: ../tls/gnutls/gtlsconnection-gnutls.c:847
-msgid "Peer failed to perform TLS handshake"
-msgstr "Cha do rinn an seise crathadh-làimhe TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:826
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Dh'iarr an seise ath-chrathadh-làimhe TLS mì-dhligheach"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:853
-msgid "TLS connection closed unexpectedly"
-msgstr "Chaidh an ceangal TLS a dhùnadh gun dùil"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:863
-msgid "TLS connection peer did not send a certificate"
-msgstr "Cha do chuir seise a' cheangail TLS teisteanas"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Mearachd le crathadh-làimhe TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
-msgid "Server did not return a valid TLS certificate"
-msgstr "Cha do thill am frithealaiche teisteanas TLS dligheach"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
-msgid "Unacceptable TLS certificate"
-msgstr "Teisteanas TLS ris nach gabhar"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
-#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Mearachd a' leughadh dàta on t-socaid TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
-#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Mearachd a' sgrìobhadh dàta dhan t-socaid TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
-#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Mearachd le dùnadh TLS: %s"
-
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
-msgid "Certificate has no private key"
-msgstr "Chan eil iuchair phrìobhaideach aig an teisteanas"
-
-#: ../tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Seo an cothrom mu dheireadh gus am PIN a chur a-steach mar bu chòir mus dèid "
-"an tòcan a ghlasadh."
-
-#: ../tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Chaidh iomadh oidhirp air a' PIN gu cearr agus thèid an tòcan a ghlasadh ma "
-"bhios e cearr a-rithist."
-
-#: ../tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Chan eil am PIN a chaidh a chur a-steach mar bu chòir."
-
-#: ../tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "Mòideal"
-
-#: ../tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "Tomhaire mòideil PKCS#11"
-
-#: ../tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "ID an t-slota"
-
-#: ../tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "Aithnichear an t-slota PKCS#11"
"PO-Revision-Date: 2011-02-08 12:18+0530\n"
"Last-Translator: Sweta Kothari <swkothar@redhat.com>\n"
"Language-Team: Gujarati\n"
-"Language: gu\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2012-12-31 19:04+0100\n"
"Last-Translator: Balázs Úr <urbalazs at gmail dot com>\n"
"Language-Team: Hungarian <gnome-hu-list at gnome dot org>\n"
-"Language: hu\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-01-24 22:41+0100\n"
"Last-Translator: Milo Casagrande <milo@ubuntu.com>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
-"Language: it\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8-bit\n"
# Takayuki KUSANO <AE5T-KSN@asahi-net.or.jp>, 2011-2012.
# Hideki Yamane <henrich@debian.org>, 2011-2012.
# Yoji TOYODA <bsyamato@sea.plala.or.jp>, 2012.
-# Jiro Matsuzawa <jmatsuzawa@gnome.org>, 2015.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2015-09-14 06:04+0000\n"
-"PO-Revision-Date: 2015-09-15 01:29+0900\n"
-"Last-Translator: Jiro Matsuzawa <jmatsuzawa@gnome.org>\n"
+"POT-Creation-Date: 2012-08-30 12:32+0000\n"
+"PO-Revision-Date: 2012-08-30 21:54+0900\n"
+"Last-Translator: Yoji TOYODA <bsyamato@sea.plala.or.jp>\n"
"Language-Team: Japanese <gnome-translation@gnome.gr.jp>\n"
"Language: ja\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "プロキシリゾルバーでの内部エラー。"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER 形式の証明書を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM 形式の証明書を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER 形式の秘密鍵を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM 形式の秘密鍵を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgstr "証明書のデータが与えられていません"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:340
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "サーバーが TLS 証明書を要求しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:311
+#: ../tls/gnutls/gtlsconnection-gnutls.c:254
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "TLS コネクションを確立できませんでした: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:578
+#: ../tls/gnutls/gtlsconnection-gnutls.c:514
msgid "Connection is closed"
msgstr "コネクションが切断されています"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:641
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1505
+#: ../tls/gnutls/gtlsconnection-gnutls.c:574
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1377
msgid "Operation would block"
msgstr "操作がブロックされます"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:780
-#: ../tls/gnutls/gtlsconnection-gnutls.c:819
+#: ../tls/gnutls/gtlsconnection-gnutls.c:701
msgid "Peer failed to perform TLS handshake"
msgstr "通信相手が TLS ハンドシェイクの実行に失敗しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:798
+#: ../tls/gnutls/gtlsconnection-gnutls.c:718
msgid "Peer requested illegal TLS rehandshake"
msgstr "通信相手が不当な TLS の再ハンドシェイクを要求しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:825
+#: ../tls/gnutls/gtlsconnection-gnutls.c:744
msgid "TLS connection closed unexpectedly"
msgstr "TLS コネクションが突然閉じられました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:835
-msgid "TLS connection peer did not send a certificate"
-msgstr "TLS の通信相手が証明書を送信しませんでした。"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1218
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1251
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1055
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1074
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "TLS ハンドシェイク実行中のエラー: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1261
-msgid "Server did not return a valid TLS certificate"
-msgstr "サーバーが有効な TLS 証明書を返しませんでした。"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1331
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1210
msgid "Unacceptable TLS certificate"
msgstr "受け付けられない TLS 証明書です"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1539
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
+msgid "Server did not return a valid TLS certificate"
+msgstr "サーバーが有効な TLS 証明書を返しませんでした。"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1400
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "TLS ソケットからのデータ読み込み中のエラー: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1568
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1429
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "TLS ソケットへのデータ書き出し中のエラー: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1620
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1473
+msgid "Connection is already closed"
+msgstr "コネクションはすでに切断されています"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1483
#, c-format
msgid "Error performing TLS close: %s"
msgstr "TLS クローズ実行中のエラー: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:106
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
msgstr "証明書に秘密鍵がありません"
-#: ../tls/pkcs11/gpkcs11pin.c:111
+#: ../tls/pkcs11/gpkcs11pin.c:108
msgid "This is the last chance to enter the PIN correctly before the token is locked."
msgstr "これがトークンがロックされる前に正しく PIN コードを入力する最後のチャンスです。"
-#: ../tls/pkcs11/gpkcs11pin.c:113
+#: ../tls/pkcs11/gpkcs11pin.c:110
msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
msgstr "正しくない PIN コードの入力が複数回行われたので、さらに失敗するとトークンはロックされます。"
-#: ../tls/pkcs11/gpkcs11pin.c:115
+#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
msgstr "入力された PIN コードが正しくありません。"
-#: ../tls/pkcs11/gpkcs11slot.c:449
+#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
msgstr "モジュール"
-#: ../tls/pkcs11/gpkcs11slot.c:450
+#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
msgstr "PKCS#11 モジュールポインター"
-#: ../tls/pkcs11/gpkcs11slot.c:457
+#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
msgstr "スロット ID"
-#: ../tls/pkcs11/gpkcs11slot.c:458
+#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
msgstr "PKCS#11 スロット ID"
+++ /dev/null
-# Kazakh translation for glib-networking.
-# Copyright (C) 2014 glib-networking's COPYRIGHT HOLDER
-# This file is distributed under the same license as the glib-networking package.
-# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2014.
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2014-11-06 18:42+0000\n"
-"PO-Revision-Date: 2014-11-07 09:12+0600\n"
-"Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
-"Language-Team: Kazakh <kk_KZ@googlegroups.com>\n"
-"Language: kk\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.6.9\n"
-
-#: ../proxy/libproxy/glibproxyresolver.c:157
-msgid "Proxy resolver internal error."
-msgstr "Прокси шешушісінің ішкі қатесі."
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
-#, c-format
-msgid "Could not parse DER certificate: %s"
-msgstr "DER сертификатын талдау қатесі: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
-#, c-format
-msgid "Could not parse PEM certificate: %s"
-msgstr "PEM сертификатын талдау қатесі: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
-#, c-format
-msgid "Could not parse DER private key: %s"
-msgstr "DER жеке кілтін талдау қатесі: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
-#, c-format
-msgid "Could not parse PEM private key: %s"
-msgstr "PEM жеке кілтін талдау қатесі: %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
-msgid "No certificate data provided"
-msgstr "Сертификат ұсынылмады"
-
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
-msgid "Server required TLS certificate"
-msgstr "Сервер TLS сертификатын талап етеді"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
-#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:539
-msgid "Connection is closed"
-msgstr "Байланыс жабылды"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:602
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1471
-msgid "Operation would block"
-msgstr "Әрекет блоктайды"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:741
-#: ../tls/gnutls/gtlsconnection-gnutls.c:780
-msgid "Peer failed to perform TLS handshake"
-msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:759
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:786
-msgid "TLS connection closed unexpectedly"
-msgstr "TLS байланысты күтпегенде жабылды"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:796
-msgid "TLS connection peer did not send a certificate"
-msgstr "TLS байланысының торабы сертификатты жібермеген"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1179
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1222
-msgid "Server did not return a valid TLS certificate"
-msgstr "Сервер жарамды TLS сертификатын қайтармады"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1297
-msgid "Unacceptable TLS certificate"
-msgstr "Жарамсыз TLS сертификаты"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1505
-#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS сокетінен деректерді оқу қатесі: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1534
-#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS сокетіне деректерді жазу қатесі: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1586
-#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "TLS жабу әрекетін орындау қатесі: %s"
-
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Сертификатта жеке кілт жоқ"
-
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды."
-
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз енгізілерде "
-"блокталатын болады."
-
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Енгізілген PIN коды дұрыс емес."
-
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Модуль"
-
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 модулі көрсеткіші"
-
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Слот ID-і"
-
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 слот идентификаторы"
"PO-Revision-Date: 2012-02-20 09:22+0700\n"
"Last-Translator: Seng Sutha <sutha@khmeros.info>\n"
"Language-Team: Khmer <support@khmeros.info>\n"
-"Language: km\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2011-03-31 22:40+0530\n"
"Last-Translator: Shankar Prasad <svenkate@redhat.com>\n"
"Language-Team: Kannada <kn@li.org>\n"
-"Language: kn\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2012-11-30 21:55+0300\n"
"Last-Translator: Aurimas Černius <aurisc4@gmail.com>\n"
"Language-Team: Lietuvių <>\n"
-"Language: lt\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-01-21 12:27+0100\n"
"Last-Translator: Kjartan Maraas <kmaraas@gnome.org>\n"
"Language-Team: Norwegian bokmål <i18n-nb@lister.ping.uio.no>\n"
-"Language: nb\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+++ /dev/null
-# Occitan translation for glib-networking.
-# Copyright (C) 2011-2012 Listed translators
-# This file is distributed under the same license as the glib-networking package.
-# Cédric Valmary <cvalmary@yahoo.fr>, 2015.
-# Cédric Valmary (Tot en òc) <cvalmary@yahoo.fr>, 2015.
-# Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>, 2016.
-msgid ""
-msgstr ""
-"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-05-19 06:54+0000\n"
-"PO-Revision-Date: 2016-05-05 21:48+0200\n"
-"Last-Translator: Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>\n"
-"Language-Team: Tot En Òc\n"
-"Language: oc\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Virtaal 0.7.1\n"
-"X-Launchpad-Export-Date: 2015-05-21 17:44+0000\n"
-"X-Project-Style: gnome\n"
-
-#: ../proxy/libproxy/glibproxyresolver.c:157
-msgid "Proxy resolver internal error."
-msgstr "Error intèrna del resolvedor de servidor mandatari."
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
-#, c-format
-msgid "Could not parse DER certificate: %s"
-msgstr "Impossible d'analisar lo certificat DER : %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
-#, c-format
-msgid "Could not parse PEM certificate: %s"
-msgstr "Impossible d'analisar lo certificat PEM : %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
-#, c-format
-msgid "Could not parse DER private key: %s"
-msgstr "Impossible d'analisar la clau privada DER : %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
-#, c-format
-msgid "Could not parse PEM private key: %s"
-msgstr "Impossible d'analisar la clau privada PEM : %s"
-
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
-msgid "No certificate data provided"
-msgstr "Cap de donada de certificat pas provesida"
-
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "Lo servidor requerís un certificat TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:323
-#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Impossible de crear una connexion TLS : %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:585
-msgid "Connection is closed"
-msgstr "La connexion es tampada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:658
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
-msgid "Operation would block"
-msgstr "L'operacion se poiriá blocar"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:808
-#: ../tls/gnutls/gtlsconnection-gnutls.c:847
-msgid "Peer failed to perform TLS handshake"
-msgstr "La negociacion TLS amb lo servidor par a fracassat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:826
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Lo servidor par a demandat una renegociacion TLS pas autorizada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:853
-msgid "TLS connection closed unexpectedly"
-msgstr "La connexion TLS es estada tampada d'un biais imprevist"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:863
-msgid "TLS connection peer did not send a certificate"
-msgstr "Lo par TLS a pas mandat cap de certificat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Error al moment de la negociacion TLS : %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
-msgid "Server did not return a valid TLS certificate"
-msgstr "Lo servidor a pas renviat cap de certificat TLS valid"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
-msgid "Unacceptable TLS certificate"
-msgstr "Certificat TLS inacceptable"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
-#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Error al moment de la lectura de donadas del connectador TLS : %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
-#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Error al moment de l'escritura de donadas sul connectador TLS : %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
-#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Error al moment de la tampadura TLS : %s"
-
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
-msgid "Certificate has no private key"
-msgstr "Lo certificat a pas cap de clau privada"
-
-#: ../tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de piuse "
-"siá verrolhada."
-
-#: ../tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo "
-"verrolhatge de la carta de piuse."
-
-#: ../tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Lo PIN picat es incorrècte."
-
-#: ../tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "Modul"
-
-#: ../tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "Puntador de modul PKCS#11"
-
-#: ../tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "ID del connectador"
-
-#: ../tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificant d'emplaçament PKCS#11"
-
-#~ msgid "Connection is already closed"
-#~ msgstr "La connexion es ja tampada"
"PO-Revision-Date: 2013-02-26 07:18+0530\n"
"Last-Translator: A S Alam <aalam@users.sf.net>\n"
"Language-Team: Punjabi/Panjabi <punjabi-users@lists.sf.net>\n"
-"Language: pa\n"
+"Language: paX-Generator: Lokalize 1.2\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-# Polish translation for glib-networking.
-# Copyright © 2011-2016 the glib-networking authors.
-# This file is distributed under the same license as the glib-networking package.
-# Piotr Drąg <piotrdrag@gmail.com>, 2011-2016.
-# Aviary.pl <community-poland@mozilla.org>, 2011-2016.
-#
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+# Aviary.pl
+# Jeśli masz jakiekolwiek uwagi odnoszące się do tłumaczenia lub chcesz
+# pomóc w jego rozwijaniu i pielęgnowaniu, napisz do nas:
+# gnomepl@aviary.pl
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+# Piotr Drąg <piotrdrag@gmail.com>, 2011-2012.
+# Aviary.pl <gnomepl@aviary.pl>, 2011-2012.
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-15 21:53+0000\n"
-"PO-Revision-Date: 2016-08-16 10:35+0200\n"
+"POT-Creation-Date: 2012-12-02 05:57+0100\n"
+"PO-Revision-Date: 2012-12-02 05:58+0100\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
-"Language-Team: Polish <community-poland@mozilla.org>\n"
+"Language-Team: Polish <gnomepl@aviary.pl>\n"
"Language: pl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
"|| n%100>=20) ? 1 : 2);\n"
+"X-Poedit-Language: Polish\n"
+"X-Poedit-Country: Poland\n"
-#: proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "Wewnętrzny błąd rozwiązywania pośrednika."
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nie można przetworzyć certyfikatu DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nie można przetworzyć certyfikatu PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nie można przetworzyć klucza prywatnego DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nie można przetworzyć klucza prywatnego PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgstr "Nie podano danych certyfikatu"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "Serwer wymaga certyfikatu TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:323
+#: ../tls/gnutls/gtlsconnection-gnutls.c:254
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Nie można utworzyć połączenia TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:585
+#: ../tls/gnutls/gtlsconnection-gnutls.c:514
msgid "Connection is closed"
msgstr "Połączenie jest zamknięte"
-#: tls/gnutls/gtlsconnection-gnutls.c:658
-#: tls/gnutls/gtlsconnection-gnutls.c:1537
+#: ../tls/gnutls/gtlsconnection-gnutls.c:577
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1383
msgid "Operation would block"
msgstr "Działanie zablokowałoby"
-#: tls/gnutls/gtlsconnection-gnutls.c:808
-#: tls/gnutls/gtlsconnection-gnutls.c:847
+#: ../tls/gnutls/gtlsconnection-gnutls.c:704
msgid "Peer failed to perform TLS handshake"
msgstr "Wykonanie powitania TLS przez partnera się nie powiodło"
-#: tls/gnutls/gtlsconnection-gnutls.c:826
+#: ../tls/gnutls/gtlsconnection-gnutls.c:721
msgid "Peer requested illegal TLS rehandshake"
msgstr "Partner zażądał niedozwolonego ponownego powitania TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: ../tls/gnutls/gtlsconnection-gnutls.c:747
msgid "TLS connection closed unexpectedly"
msgstr "Połączenie TLS zostało nieoczekiwanie zamknięte"
-#: tls/gnutls/gtlsconnection-gnutls.c:863
+#: ../tls/gnutls/gtlsconnection-gnutls.c:757
msgid "TLS connection peer did not send a certificate"
msgstr "Partner połączenia TLS nie wysłał certyfikatu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1250
-#: tls/gnutls/gtlsconnection-gnutls.c:1283
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1065
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1084
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Błąd podczas wykonywania powitania TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1293
-msgid "Server did not return a valid TLS certificate"
-msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1363
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1229
msgid "Unacceptable TLS certificate"
msgstr "Nieakceptowalny certyfikat TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1571
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1240
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1406
#, c-format
msgid "Error reading data from TLS socket: %s"
-msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
+msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1600
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1435
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Błąd podczas zapisywania danych do gniazda TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1664
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1479
+msgid "Connection is already closed"
+msgstr "Połączenie jest już zamknięte"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1489
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Błąd podczas wykonywania zamknięcia TLS: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
-msgstr "Certyfikat nie ma klucza prywatnego"
+msgstr "Certyfikat nie posiada klucza prywatnego"
-#: tls/pkcs11/gpkcs11pin.c:111
+#: ../tls/pkcs11/gpkcs11pin.c:108
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
"To jest ostatnia szansa na poprawne wpisanie kodu PIN przed zablokowaniem "
"tokena."
-#: tls/pkcs11/gpkcs11pin.c:113
+#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
"Przeprowadzono kilka niepoprawnych prób wpisania kodu PIN. Token zostanie "
"zablokowany po dalszych niepowodzeniach."
-#: tls/pkcs11/gpkcs11pin.c:115
+#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
msgstr "Wpisany kod PIN jest niepoprawny."
-#: tls/pkcs11/gpkcs11slot.c:449
+#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
msgstr "Moduł"
-#: tls/pkcs11/gpkcs11slot.c:450
+#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
msgstr "Wskaźnik modułu PKCS#11"
-#: tls/pkcs11/gpkcs11slot.c:457
+#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
msgstr "Identyfikator gniazda"
-#: tls/pkcs11/gpkcs11slot.c:458
+#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
msgstr "Identyfikator gniazda PKCS#11"
# This file is distributed under the same license as the glib-networking package.\r
# Duarte Loreto <happyguy_pt@hotmail.com>, 2011, 2012, 2013.\r
# \r
-# Pedro Albuquerque <palbuquerque73@openmailbox.com>, 2015.
-#
msgid ""
msgstr ""
"Project-Id-Version: 3.8\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2015-06-07 17:56+0000\n"
-"PO-Revision-Date: 2015-06-24 09:24+0100\n"
-"Last-Translator: Pedro Albuquerque <palbuquerque73@openmailbox.com>\n"
-"Language-Team: Português <palbuquerque73@openmailbox.com>\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2013-03-15 12:42+0000\n"
+"PO-Revision-Date: 2013-03-15 12:45+0000\n"
+"Last-Translator: Duarte Loreto <happyguy_pt@hotmail.com>\n"
+"Language-Team: Portuguese <gnome_pt@yahoogroups.com>\n"
"Language: pt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Gtranslator 2.91.6\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "Erro interno do solucionador de proxies."
#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Impossível processar o certificado DER: %s"
+msgstr "Incapaz de processar o certificado DER: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Impossível processar o certificado PEM: %s"
+msgstr "Incapaz de processar o certificado PEM: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Impossível processar a chave privada DER: %s"
+msgstr "Incapaz de processar a chave privada DER: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Impossível processar a chave privada PEM: %s"
+msgstr "Incapaz de processar a chave privada PEM: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgstr "Não foram indicados quaisquer dados de certificado"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:337
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "O servidor requer um certificado TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:305
+#: ../tls/gnutls/gtlsconnection-gnutls.c:258
#, c-format
msgid "Could not create TLS connection: %s"
-msgstr "Impossível criar uma ligação TLS: %s"
+msgstr "Incapaz de criar uma ligação TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:572
+#: ../tls/gnutls/gtlsconnection-gnutls.c:520
msgid "Connection is closed"
msgstr "A ligação está fechada"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:635
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1504
+#: ../tls/gnutls/gtlsconnection-gnutls.c:582
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
msgid "Operation would block"
msgstr "Operação iria bloquear"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:774
-#: ../tls/gnutls/gtlsconnection-gnutls.c:813
+#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: ../tls/gnutls/gtlsconnection-gnutls.c:755
msgid "Peer failed to perform TLS handshake"
-msgstr "O destino falhou ao estabelecer a ligação (handshake) TLS"
+msgstr "O destino falhao ao estabelecer a ligação (handshake) TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:792
+#: ../tls/gnutls/gtlsconnection-gnutls.c:729
msgid "Peer requested illegal TLS rehandshake"
msgstr "Destino requereu novo handshake TLS ilegal"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:819
+#: ../tls/gnutls/gtlsconnection-gnutls.c:761
msgid "TLS connection closed unexpectedly"
msgstr "Ligação TLS terminada inesperadamente"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:829
+#: ../tls/gnutls/gtlsconnection-gnutls.c:771
msgid "TLS connection peer did not send a certificate"
msgstr "O parceiro de ligação TLS não enviou um certificado"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1245
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Erro ao estabelecer a ligação TLS (handshake): %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1255
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
msgid "Server did not return a valid TLS certificate"
msgstr "O servidor não devolveu um certificado TLS válido"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1330
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
msgid "Unacceptable TLS certificate"
msgstr "Certificado TLS inaceitável"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1538
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Erro ao ler dados do socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1567
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Erro ao escrever dados no socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1619
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
+msgid "Connection is already closed"
+msgstr "A ligação já está fechada"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Erro ao terminar a ligação TLS: %s"
"locked."
msgstr ""
"Esta é a última oportunidade para introduzir corretamente o PIN antes de que "
-"o símbolo seja trancado."
+"o token seja trancado."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Foram introduzidos vários PINs incorretos e o símbolo será trancado caso "
+"Foram introduzidos vários PINs incorretos e o token será trancado caso "
"ocorram mais falhas."
#: ../tls/pkcs11/gpkcs11pin.c:112
#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
-msgstr "Ponteiro de módulo PKCS#11"
+msgstr "Apontador de Módulo PKCS#11"
#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr "ID de slot"
+msgstr "ID de Slot"
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
-msgstr "Identificador de slot PKCS#11"
-
-#~ msgid "Connection is already closed"
-#~ msgstr "A ligação já está fechada"
+msgstr "Identificador de Slot PKCS#11"
"PO-Revision-Date: 2012-12-18 08:24+0100\n"
"Last-Translator: Matej Urbančič <mateju@svn.gnome.org>\n"
"Language-Team: Slovenian GNOME Translation Team <gnome-si@googlegroups.com>\n"
-"Language: sl\n"
+"Language: sl_SI\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-01-18 11:59+0200\n"
"Last-Translator: Miroslav Nikolić <miroslavnikolic@rocketmail.com>\n"
"Language-Team: Serbian <gnom@prevod.org>\n"
-"Language: sr@latin\n"
+"Language: sr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
# Swedish translation for glib-networking.
-# Copyright © 2011, 2014 Free Software Foundation, Inc.
+# Copyright (C) 2011 Free Software Foundation, Inc.
# This file is distributed under the same license as the glib-networking package.
# Daniel Nylander <po@danielnylander.se>, 2011.
-# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2014.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2014-05-16 17:51+0000\n"
-"PO-Revision-Date: 2014-05-17 00:56+0100\n"
-"Last-Translator: Anders Jonsson <anders.jonsson@norsjovallen.se>\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2011-11-25 09:51+0100\n"
+"PO-Revision-Date: 2011-11-25 09:54+0100\n"
+"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
-"Language: sv\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.6.4\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "Internt fel i proxyuppslag."
msgid "No certificate data provided"
msgstr "Inget certifikatdata tillhandahölls"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:385
msgid "Server required TLS certificate"
msgstr "Servern krävde TLS-certifikat"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: ../tls/gnutls/gtlsconnection-gnutls.c:279
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Kunde inte skapa TLS-anslutning: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:531
-msgid "Connection is closed"
-msgstr "Anslutningen är stängd"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1465
-msgid "Operation would block"
-msgstr "Operationen skulle blockera"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:733
-#: ../tls/gnutls/gtlsconnection-gnutls.c:772
+#: ../tls/gnutls/gtlsconnection-gnutls.c:558
msgid "Peer failed to perform TLS handshake"
msgstr "Motparten misslyckades med att genomföra TLS-handskakning"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:751
+#: ../tls/gnutls/gtlsconnection-gnutls.c:576
msgid "Peer requested illegal TLS rehandshake"
msgstr "Motparten begärde otillåten TLS-återhandskakning"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:778
+#: ../tls/gnutls/gtlsconnection-gnutls.c:594
msgid "TLS connection closed unexpectedly"
msgstr "TLS-anslutningen stängdes oväntat"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:788
-#| msgid "TLS connection closed unexpectedly"
-msgid "TLS connection peer did not send a certificate"
-msgstr "TLS-anslutningens motpart sände inte ett certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1178
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1211
+#: ../tls/gnutls/gtlsconnection-gnutls.c:888
+#: ../tls/gnutls/gtlsconnection-gnutls.c:914
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Fel vid genomförande av TLS-handskakning: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
-#| msgid "Server required TLS certificate"
-msgid "Server did not return a valid TLS certificate"
-msgstr "Servern returnerade inte ett giltigt TLS-certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1296
+#: ../tls/gnutls/gtlsconnection-gnutls.c:962
msgid "Unacceptable TLS certificate"
msgstr "Ej acceptabelt TLS-certifikat"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1499
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1099
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Fel vid läsning av data från TLS-uttag: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1125
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Fel vid skrivning av data till TLS-uttag: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1572
-msgid "Connection is already closed"
-msgstr "Anslutningen är redan stängd"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1582
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Fel vid genomförande av TLS-stängning: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:138
msgid "Certificate has no private key"
msgstr "Certifikatet har ingen privat nyckel"
#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+msgid "This is the last chance to enter the PIN correctly before the token is locked."
msgstr "Detta är sista försöket att ange PIN-koden korrekt innan kortet låses."
#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid "
-"ytterligare felaktiga försök."
+msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
+msgstr "Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid ytterligare felaktiga försök."
#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
msgstr "PKCS#11-platsidentifierare"
+
"Project-Id-Version: Tajik Gnome\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-07-22 13:02+0000\n"
-"PO-Revision-Date: 2013-10-09 14:52+0500\n"
+"POT-Creation-Date: 2013-03-05 15:28+0000\n"
+"PO-Revision-Date: 2013-01-21 18:03+0500\n"
"Last-Translator: Victor Ibragimov <victor.ibragimov@gmail.com>\n"
"Language-Team: \n"
"Language: tg\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.7\n"
+"X-Generator: Poedit 1.5.4\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
-msgstr "Хатои дарунии ислоҳкунандаи Proxy."
+msgstr ""
#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Гувоҳиномаи DER таҷзия карда нашуд: %s"
+msgstr ""
#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Гувоҳиномаи PEM таҷзия карда нашуд: %s"
+msgstr ""
#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Калиди шахсии DER таҷзия карда нашуд: %s"
+msgstr ""
#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Калиди шахсии PEM таҷзия карда нашуд: %s"
+msgstr ""
#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgid "Server required TLS certificate"
msgstr "Сервер гувоҳиномаи TLS-ро дархост кардааст"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:266
+#: ../tls/gnutls/gtlsconnection-gnutls.c:258
#, c-format
msgid "Could not create TLS connection: %s"
-msgstr "Пайвасти TLS эҷод карда нашуд: %s"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:530
+#: ../tls/gnutls/gtlsconnection-gnutls.c:520
msgid "Connection is closed"
-msgstr "Пайваст пӯшонида шудааст"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:593
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1445
+#: ../tls/gnutls/gtlsconnection-gnutls.c:582
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
msgid "Operation would block"
-msgstr "Амалиёт баста мешавад"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:723
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: ../tls/gnutls/gtlsconnection-gnutls.c:755
msgid "Peer failed to perform TLS handshake"
-msgstr "Ҳамсон даъвати TLS-ро иҷро карда натавонист"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:740
+#: ../tls/gnutls/gtlsconnection-gnutls.c:729
msgid "Peer requested illegal TLS rehandshake"
-msgstr "Ҳамсон даъвати дастнораси TLS-ро дархост кард"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:767
+#: ../tls/gnutls/gtlsconnection-gnutls.c:761
msgid "TLS connection closed unexpectedly"
-msgstr "Пайвасти TLS ногаҳон пӯшида шудааст"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:777
+#: ../tls/gnutls/gtlsconnection-gnutls.c:771
msgid "TLS connection peer did not send a certificate"
-msgstr "Ҳамсони пайвати TLS гувоҳиномаро фиристода накард"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1158
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1191
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
#, c-format
msgid "Error performing TLS handshake: %s"
-msgstr "Даъвати TLS бо хато иҷро карда шуд: %s"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1201
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
msgid "Server did not return a valid TLS certificate"
-msgstr "Сервер бо гувоҳиномаи TLS-и боэътибор ҷавоб надод"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1276
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
msgid "Unacceptable TLS certificate"
-msgstr "Гувоҳиномаи TLS-и нораво"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1479
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
#, c-format
msgid "Error reading data from TLS socket: %s"
-msgstr "Хатои хониши маълумот аз бастагоҳи TLS: %s"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1508
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
#, c-format
msgid "Error writing data to TLS socket: %s"
-msgstr "Хатои навишти маълумот ба бастагоҳи TLS: %s"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1552
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
msgid "Connection is already closed"
-msgstr "Пайваст аллакай пӯшида шудааст"
+msgstr ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1562
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
#, c-format
msgid "Error performing TLS close: %s"
-msgstr "Пӯшидани TLS бо хато иҷро карда шудааст: %s"
+msgstr ""
#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
-msgstr "Гувоҳинома калиди шахсӣ надрад"
+msgstr ""
#: ../tls/pkcs11/gpkcs11pin.c:108
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
msgstr ""
-"Ин маротибаи охирин барои вориди рамзи PIN-и дуруст пеш аз қулфи вуруд "
-"мебошад."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Баъзе кӯшишҳои вориди PIN бо хато иҷро шудаанд ва вуруд баъд аз кӯшишҳои "
-"нокомии навбатӣ қулф мешавад."
#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
-msgstr "Рамзи PIN-и воридшуда нодуруст аст."
+msgstr ""
#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
-msgstr "Нишондиҳандаи модули PKCS#11"
+msgstr ""
#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr "Ковокии рамзи ID"
+msgstr ""
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
-msgstr "Идентификатори ковокии PKCS#11"
+msgstr ""
"PO-Revision-Date: 2013-02-22 22:21+0900\n"
"Last-Translator: Gheyret Kenji <gheyret@gmail.com>\n"
"Language-Team: Uyghur Computer Science Association <UKIJ@yahoogroups.com>\n"
-"Language: ug\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-12-18 19:40+0000\n"
-"PO-Revision-Date: 2014-01-24 21:26+0800\n"
+"POT-Creation-Date: 2012-07-18 21:47+0000\n"
+"PO-Revision-Date: 2012-09-23 04:06+0800\n"
"Last-Translator: YunQiang Su <wzssyqa@gmail.com>\n"
"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
-"Language: zh_CN\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bits\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Generator: Gtranslator 2.91.5\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: ../proxy/libproxy/glibproxyresolver.c:150
msgid "Proxy resolver internal error."
msgstr "代理服务器解析器内部错误。"
msgid "No certificate data provided"
msgstr "没有提供证书数据"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
msgid "Server required TLS certificate"
msgstr "服务器需要 TLS 证书"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: ../tls/gnutls/gtlsconnection-gnutls.c:248
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "无法创建 TLS 连接:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:531
+#: ../tls/gnutls/gtlsconnection-gnutls.c:508
msgid "Connection is closed"
msgstr "连接被关闭"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1461
+#: ../tls/gnutls/gtlsconnection-gnutls.c:568
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1371
msgid "Operation would block"
msgstr "操作被阻塞"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:733
-#: ../tls/gnutls/gtlsconnection-gnutls.c:772
+#: ../tls/gnutls/gtlsconnection-gnutls.c:695
msgid "Peer failed to perform TLS handshake"
msgstr "执行 TLS 握手失败"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:751
+#: ../tls/gnutls/gtlsconnection-gnutls.c:712
msgid "Peer requested illegal TLS rehandshake"
msgstr "请求了无效的 TLS 再握手"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:778
+#: ../tls/gnutls/gtlsconnection-gnutls.c:738
msgid "TLS connection closed unexpectedly"
msgstr "TLS 连接被异常关闭"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:788
-#| msgid "Server did not return a valid TLS certificate"
-msgid "TLS connection peer did not send a certificate"
-msgstr "TLS 连接的对方未发送证书"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1174
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1207
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1049
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1068
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "执行 TLS 握手时出错:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1217
-msgid "Server did not return a valid TLS certificate"
-msgstr "服务器未返回有效的 TLS 证书"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1292
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1204
msgid "Unacceptable TLS certificate"
msgstr "无法接受的 TLS 证书"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1495
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1215
+#| msgid "Server required TLS certificate"
+msgid "Server did not return a valid TLS certificate"
+msgstr "服务器未返回有效的 TLS 证书"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1394
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "从 TLS 套接字读取数据时出错:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1524
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1423
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "向 TLS 套接字写入数据时出错:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1568
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1467
msgid "Connection is already closed"
msgstr "连接已经关闭"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1578
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
#, c-format
msgid "Error performing TLS close: %s"
msgstr "执行 TLS 关闭时出错:%s"
"PO-Revision-Date: 2013-03-01 22:24+0800\n"
"Last-Translator: Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>\n"
"Language-Team: Chinese (Hong Kong) <community@linuxhall.org>\n"
-"Language: zh_HK\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-02-28 09:41+0800\n"
"Last-Translator: Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>\n"
"Language-Team: Chinese (Taiwan) <chinese-l10n@googlegroups.com>\n"
-"Language: zh_TW\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#include "config.h"
-#include <glib/gi18n-lib.h>
-
#include "gproxyresolvergnome.h"
void
g_io_module_load (GIOModule *module)
{
- gchar *locale_dir;
-#ifdef G_OS_WIN32
- gchar *base_dir;
-#endif
-
g_proxy_resolver_gnome_register (module);
-
-#ifdef G_OS_WIN32
- base_dir = g_win32_get_package_installation_directory_of_module (NULL);
- locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
- g_free (base_dir);
-#else
- locale_dir = g_strdup (LOCALE_DIR);
-#endif
-
- bindtextdomain (GETTEXT_PACKAGE, locale_dir);
- bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
- g_free (locale_dir);
}
void
GError *error = NULL;
task = g_task_new (resolver, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_proxy_resolver_gnome_lookup_async);
if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri,
&proxies, &pacrunner, &autoconfig_url,
org.gtk.GLib.PACRunner.service: org.gtk.GLib.PACRunner.service.in Makefile
$(AM_V_GEN) sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
-
-systemd_userdir = $(prefix)/lib/systemd/user
-systemd_user_in_files = glib-pacrunner.service.in
-systemd_user_DATA = $(systemd_user_in_files:.service.in=.service)
-
-EXTRA_DIST += $(systemd_user_in_files)
-CLEANFILES += $(systemd_user_DATA)
-
-glib-pacrunner.service: glib-pacrunner.service.in Makefile
- $(AM_V_GEN) sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
+++ /dev/null
-[Unit]
-Description=GLib proxy auto-configuration service
-
-[Service]
-Type=dbus
-BusName=org.gtk.GLib.PACRunner
-ExecStart=@libexecdir@/glib-pacrunner
GError *error = NULL;
proxies = g_proxy_resolver_lookup_finish (resolver, result, &error);
- if (error)
- g_dbus_method_invocation_take_error (invocation, error);
- else
- {
- g_dbus_method_invocation_return_value (invocation,
- g_variant_new ("(^as)", proxies));
- g_strfreev (proxies);
- }
+ g_assert (!error);
+
+ g_dbus_method_invocation_return_value (invocation,
+ g_variant_new ("(^as)", proxies));
+ g_strfreev (proxies);
}
static void
gchar **proxies;
task = g_task_new (resolver, cancellable, NULL, NULL);
- g_task_set_source_tag (task, g_libproxy_resolver_lookup);
g_task_set_task_data (task, g_strdup (uri), g_free);
g_task_set_return_on_cancel (task, TRUE);
GTask *task;
task = g_task_new (resolver, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_libproxy_resolver_lookup_async);
g_task_set_task_data (task, g_strdup (uri), g_free);
g_task_set_return_on_cancel (task, TRUE);
g_task_run_in_thread (task, get_libproxy_proxies);
#include "config.h"
-#include <glib/gi18n-lib.h>
-
#include "glibproxyresolver.h"
void
g_io_module_load (GIOModule *module)
{
- gchar *locale_dir;
-#ifdef G_OS_WIN32
- gchar *base_dir;
-#endif
-
g_libproxy_resolver_register (module);
-
-#ifdef G_OS_WIN32
- base_dir = g_win32_get_package_installation_directory_of_module (NULL);
- locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
- g_free (base_dir);
-#else
- locale_dir = g_strdup (LOCALE_DIR);
-#endif
-
- bindtextdomain (GETTEXT_PACKAGE, locale_dir);
- bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
- g_free (locale_dir);
}
void
[D-BUS Service]
Name=org.gtk.GLib.PACRunner
Exec=@libexecdir@/glib-pacrunner
-SystemdService=glib-pacrunner.service
+++ /dev/null
-#! /bin/sh
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-scriptversion=2011-12-27.17; # UTC
-
-# Make unconditional expansion of undefined variables an error. This
-# helps a lot in preventing typo-related bugs.
-set -u
-
-me=tap-driver.sh
-
-fatal ()
-{
- echo "$me: fatal: $*" >&2
- exit 1
-}
-
-usage_error ()
-{
- echo "$me: $*" >&2
- print_usage >&2
- exit 2
-}
-
-print_usage ()
-{
- cat <<END
-Usage:
- tap-driver.sh --test-name=NAME --log-file=PATH --trs-file=PATH
- [--expect-failure={yes|no}] [--color-tests={yes|no}]
- [--enable-hard-errors={yes|no}] [--ignore-exit]
- [--diagnostic-string=STRING] [--merge|--no-merge]
- [--comments|--no-comments] [--] TEST-COMMAND
-The \`--test-name', \`--log-file' and \`--trs-file' options are mandatory.
-END
-}
-
-# TODO: better error handling in option parsing (in particular, ensure
-# TODO: $log_file, $trs_file and $test_name are defined).
-test_name= # Used for reporting.
-log_file= # Where to save the result and output of the test script.
-trs_file= # Where to save the metadata of the test run.
-expect_failure=0
-color_tests=0
-merge=0
-ignore_exit=0
-comments=0
-diag_string='#'
-while test $# -gt 0; do
- case $1 in
- --help) print_usage; exit $?;;
- --version) echo "$me $scriptversion"; exit $?;;
- --test-name) test_name=$2; shift;;
- --log-file) log_file=$2; shift;;
- --trs-file) trs_file=$2; shift;;
- --color-tests) color_tests=$2; shift;;
- --expect-failure) expect_failure=$2; shift;;
- --enable-hard-errors) shift;; # No-op.
- --merge) merge=1;;
- --no-merge) merge=0;;
- --ignore-exit) ignore_exit=1;;
- --comments) comments=1;;
- --no-comments) comments=0;;
- --diagnostic-string) diag_string=$2; shift;;
- --) shift; break;;
- -*) usage_error "invalid option: '$1'";;
- esac
- shift
-done
-
-test $# -gt 0 || usage_error "missing test command"
-
-case $expect_failure in
- yes) expect_failure=1;;
- *) expect_failure=0;;
-esac
-
-if test $color_tests = yes; then
- init_colors='
- color_map["red"]="\e[0;31m" # Red.
- color_map["grn"]="\e[0;32m" # Green.
- color_map["lgn"]="\e[1;32m" # Light green.
- color_map["blu"]="\e[1;34m" # Blue.
- color_map["mgn"]="\e[0;35m" # Magenta.
- color_map["std"]="\e[m" # No color.
- color_for_result["ERROR"] = "mgn"
- color_for_result["PASS"] = "grn"
- color_for_result["XPASS"] = "red"
- color_for_result["FAIL"] = "red"
- color_for_result["XFAIL"] = "lgn"
- color_for_result["SKIP"] = "blu"'
-else
- init_colors=''
-fi
-
-# :; is there to work around a bug in bash 3.2 (and earlier) which
-# does not always set '$?' properly on redirection failure.
-# See the Autoconf manual for more details.
-:;{
- (
- # Ignore common signals (in this subshell only!), to avoid potential
- # problems with Korn shells. Some Korn shells are known to propagate
- # to themselves signals that have killed a child process they were
- # waiting for; this is done at least for SIGINT (and usually only for
- # it, in truth). Without the `trap' below, such a behaviour could
- # cause a premature exit in the current subshell, e.g., in case the
- # test command it runs gets terminated by a SIGINT. Thus, the awk
- # script we are piping into would never seen the exit status it
- # expects on its last input line (which is displayed below by the
- # last `echo $?' statement), and would thus die reporting an internal
- # error.
- # For more information, see the Autoconf manual and the threads:
- # <http://lists.gnu.org/archive/html/bug-autoconf/2011-09/msg00004.html>
- # <http://mail.opensolaris.org/pipermail/ksh93-integration-discuss/2009-February/004121.html>
- trap : 1 3 2 13 15
- if test $merge -gt 0; then
- exec 2>&1
- else
- exec 2>&3
- fi
- "$@"
- echo $?
- ) | LC_ALL=C ${AM_TAP_AWK-awk} \
- -v me="$me" \
- -v test_script_name="$test_name" \
- -v log_file="$log_file" \
- -v trs_file="$trs_file" \
- -v expect_failure="$expect_failure" \
- -v merge="$merge" \
- -v ignore_exit="$ignore_exit" \
- -v comments="$comments" \
- -v diag_string="$diag_string" \
-'
-# FIXME: the usages of "cat >&3" below could be optimized when using
-# FIXME: GNU awk, and/on on systems that supports /dev/fd/.
-
-# Implementation note: in what follows, `result_obj` will be an
-# associative array that (partly) simulates a TAP result object
-# from the `TAP::Parser` perl module.
-
-## ----------- ##
-## FUNCTIONS ##
-## ----------- ##
-
-function fatal(msg)
-{
- print me ": " msg | "cat >&2"
- exit 1
-}
-
-function abort(where)
-{
- fatal("internal error " where)
-}
-
-# Convert a boolean to a "yes"/"no" string.
-function yn(bool)
-{
- return bool ? "yes" : "no";
-}
-
-function add_test_result(result)
-{
- if (!test_results_index)
- test_results_index = 0
- test_results_list[test_results_index] = result
- test_results_index += 1
- test_results_seen[result] = 1;
-}
-
-# Whether the test script should be re-run by "make recheck".
-function must_recheck()
-{
- for (k in test_results_seen)
- if (k != "XFAIL" && k != "PASS" && k != "SKIP")
- return 1
- return 0
-}
-
-# Whether the content of the log file associated to this test should
-# be copied into the "global" test-suite.log.
-function copy_in_global_log()
-{
- for (k in test_results_seen)
- if (k != "PASS")
- return 1
- return 0
-}
-
-# FIXME: this can certainly be improved ...
-function get_global_test_result()
-{
- if ("ERROR" in test_results_seen)
- return "ERROR"
- if ("FAIL" in test_results_seen || "XPASS" in test_results_seen)
- return "FAIL"
- all_skipped = 1
- for (k in test_results_seen)
- if (k != "SKIP")
- all_skipped = 0
- if (all_skipped)
- return "SKIP"
- return "PASS";
-}
-
-function stringify_result_obj(result_obj)
-{
- if (result_obj["is_unplanned"] || result_obj["number"] != testno)
- return "ERROR"
-
- if (plan_seen == LATE_PLAN)
- return "ERROR"
-
- if (result_obj["directive"] == "TODO")
- return result_obj["is_ok"] ? "XPASS" : "XFAIL"
-
- if (result_obj["directive"] == "SKIP")
- return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL;
-
- if (length(result_obj["directive"]))
- abort("in function stringify_result_obj()")
-
- return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL
-}
-
-function decorate_result(result)
-{
- color_name = color_for_result[result]
- if (color_name)
- return color_map[color_name] "" result "" color_map["std"]
- # If we are not using colorized output, or if we do not know how
- # to colorize the given result, we should return it unchanged.
- return result
-}
-
-function report(result, details)
-{
- if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/)
- {
- msg = ": " test_script_name
- add_test_result(result)
- }
- else if (result == "#")
- {
- msg = " " test_script_name ":"
- }
- else
- {
- abort("in function report()")
- }
- if (length(details))
- msg = msg " " details
- # Output on console might be colorized.
- print decorate_result(result) msg
- # Log the result in the log file too, to help debugging (this is
- # especially true when said result is a TAP error or "Bail out!").
- print result msg | "cat >&3";
-}
-
-function testsuite_error(error_message)
-{
- report("ERROR", "- " error_message)
-}
-
-function handle_tap_result()
-{
- details = result_obj["number"];
- if (length(result_obj["description"]))
- details = details " " result_obj["description"]
-
- if (plan_seen == LATE_PLAN)
- {
- details = details " # AFTER LATE PLAN";
- }
- else if (result_obj["is_unplanned"])
- {
- details = details " # UNPLANNED";
- }
- else if (result_obj["number"] != testno)
- {
- details = sprintf("%s # OUT-OF-ORDER (expecting %d)",
- details, testno);
- }
- else if (result_obj["directive"])
- {
- details = details " # " result_obj["directive"];
- if (length(result_obj["explanation"]))
- details = details " " result_obj["explanation"]
- }
-
- report(stringify_result_obj(result_obj), details)
-}
-
-# `skip_reason` should be empty whenever planned > 0.
-function handle_tap_plan(planned, skip_reason)
-{
- planned += 0 # Avoid getting confused if, say, `planned` is "00"
- if (length(skip_reason) && planned > 0)
- abort("in function handle_tap_plan()")
- if (plan_seen)
- {
- # Error, only one plan per stream is acceptable.
- testsuite_error("multiple test plans")
- return;
- }
- planned_tests = planned
- # The TAP plan can come before or after *all* the TAP results; we speak
- # respectively of an "early" or a "late" plan. If we see the plan line
- # after at least one TAP result has been seen, assume we have a late
- # plan; in this case, any further test result seen after the plan will
- # be flagged as an error.
- plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN)
- # If testno > 0, we have an error ("too many tests run") that will be
- # automatically dealt with later, so do not worry about it here. If
- # $plan_seen is true, we have an error due to a repeated plan, and that
- # has already been dealt with above. Otherwise, we have a valid "plan
- # with SKIP" specification, and should report it as a particular kind
- # of SKIP result.
- if (planned == 0 && testno == 0)
- {
- if (length(skip_reason))
- skip_reason = "- " skip_reason;
- report("SKIP", skip_reason);
- }
-}
-
-function extract_tap_comment(line)
-{
- if (index(line, diag_string) == 1)
- {
- # Strip leading `diag_string` from `line`.
- line = substr(line, length(diag_string) + 1)
- # And strip any leading and trailing whitespace left.
- sub("^[ \t]*", "", line)
- sub("[ \t]*$", "", line)
- # Return what is left (if any).
- return line;
- }
- return "";
-}
-
-# When this function is called, we know that line is a TAP result line,
-# so that it matches the (perl) RE "^(not )?ok\b".
-function setup_result_obj(line)
-{
- # Get the result, and remove it from the line.
- result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0)
- sub("^(not )?ok[ \t]*", "", line)
-
- # If the result has an explicit number, get it and strip it; otherwise,
- # automatically assing the next progresive number to it.
- if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
- {
- match(line, "^[0-9]+")
- # The final `+ 0` is to normalize numbers with leading zeros.
- result_obj["number"] = substr(line, 1, RLENGTH) + 0
- line = substr(line, RLENGTH + 1)
- }
- else
- {
- result_obj["number"] = testno
- }
-
- if (plan_seen == LATE_PLAN)
- # No further test results are acceptable after a "late" TAP plan
- # has been seen.
- result_obj["is_unplanned"] = 1
- else if (plan_seen && testno > planned_tests)
- result_obj["is_unplanned"] = 1
- else
- result_obj["is_unplanned"] = 0
-
- # Strip trailing and leading whitespace.
- sub("^[ \t]*", "", line)
- sub("[ \t]*$", "", line)
-
- # This will have to be corrected if we have a "TODO"/"SKIP" directive.
- result_obj["description"] = line
- result_obj["directive"] = ""
- result_obj["explanation"] = ""
-
- if (index(line, "#") == 0)
- return # No possible directive, nothing more to do.
-
- # Directives are case-insensitive.
- rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*"
-
- # See whether we have the directive, and if yes, where.
- pos = match(line, rx "$")
- if (!pos)
- pos = match(line, rx "[^a-zA-Z0-9_]")
-
- # If there was no TAP directive, we have nothing more to do.
- if (!pos)
- return
-
- # Let`s now see if the TAP directive has been escaped. For example:
- # escaped: ok \# SKIP
- # not escaped: ok \\# SKIP
- # escaped: ok \\\\\# SKIP
- # not escaped: ok \ # SKIP
- if (substr(line, pos, 1) == "#")
- {
- bslash_count = 0
- for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--)
- bslash_count += 1
- if (bslash_count % 2)
- return # Directive was escaped.
- }
-
- # Strip the directive and its explanation (if any) from the test
- # description.
- result_obj["description"] = substr(line, 1, pos - 1)
- # Now remove the test description from the line, that has been dealt
- # with already.
- line = substr(line, pos)
- # Strip the directive, and save its value (normalized to upper case).
- sub("^[ \t]*#[ \t]*", "", line)
- result_obj["directive"] = toupper(substr(line, 1, 4))
- line = substr(line, 5)
- # Now get the explanation for the directive (if any), with leading
- # and trailing whitespace removed.
- sub("^[ \t]*", "", line)
- sub("[ \t]*$", "", line)
- result_obj["explanation"] = line
-}
-
-function get_test_exit_message(status)
-{
- if (status == 0)
- return ""
- if (status !~ /^[1-9][0-9]*$/)
- abort("getting exit status")
- if (status < 127)
- exit_details = ""
- else if (status == 127)
- exit_details = " (command not found?)"
- else if (status >= 128 && status <= 255)
- exit_details = sprintf(" (terminated by signal %d?)", status - 128)
- else if (status > 256 && status <= 384)
- # We used to report an "abnormal termination" here, but some Korn
- # shells, when a child process die due to signal number n, can leave
- # in $? an exit status of 256+n instead of the more standard 128+n.
- # Apparently, both behaviours are allowed by POSIX (2008), so be
- # prepared to handle them both. See also Austing Group report ID
- # 0000051 <http://www.austingroupbugs.net/view.php?id=51>
- exit_details = sprintf(" (terminated by signal %d?)", status - 256)
- else
- # Never seen in practice.
- exit_details = " (abnormal termination)"
- return sprintf("exited with status %d%s", status, exit_details)
-}
-
-function write_test_results()
-{
- print ":global-test-result: " get_global_test_result() > trs_file
- print ":recheck: " yn(must_recheck()) > trs_file
- print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file
- for (i = 0; i < test_results_index; i += 1)
- print ":test-result: " test_results_list[i] > trs_file
- close(trs_file);
-}
-
-BEGIN {
-
-## ------- ##
-## SETUP ##
-## ------- ##
-
-'"$init_colors"'
-
-# Properly initialized once the TAP plan is seen.
-planned_tests = 0
-
-COOKED_PASS = expect_failure ? "XPASS": "PASS";
-COOKED_FAIL = expect_failure ? "XFAIL": "FAIL";
-
-# Enumeration-like constants to remember which kind of plan (if any)
-# has been seen. It is important that NO_PLAN evaluates "false" as
-# a boolean.
-NO_PLAN = 0
-EARLY_PLAN = 1
-LATE_PLAN = 2
-
-testno = 0 # Number of test results seen so far.
-bailed_out = 0 # Whether a "Bail out!" directive has been seen.
-
-# Whether the TAP plan has been seen or not, and if yes, which kind
-# it is ("early" is seen before any test result, "late" otherwise).
-plan_seen = NO_PLAN
-
-## --------- ##
-## PARSING ##
-## --------- ##
-
-is_first_read = 1
-
-while (1)
- {
- # Involutions required so that we are able to read the exit status
- # from the last input line.
- st = getline
- if (st < 0) # I/O error.
- fatal("I/O error while reading from input stream")
- else if (st == 0) # End-of-input
- {
- if (is_first_read)
- abort("in input loop: only one input line")
- break
- }
- if (is_first_read)
- {
- is_first_read = 0
- nextline = $0
- continue
- }
- else
- {
- curline = nextline
- nextline = $0
- $0 = curline
- }
- # Copy any input line verbatim into the log file.
- print | "cat >&3"
- # Parsing of TAP input should stop after a "Bail out!" directive.
- if (bailed_out)
- continue
-
- # TAP test result.
- if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/)
- {
- testno += 1
- setup_result_obj($0)
- handle_tap_result()
- }
- # TAP plan (normal or "SKIP" without explanation).
- else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/)
- {
- # The next two lines will put the number of planned tests in $0.
- sub("^1\\.\\.", "")
- sub("[^0-9]*$", "")
- handle_tap_plan($0, "")
- continue
- }
- # TAP "SKIP" plan, with an explanation.
- else if ($0 ~ /^1\.\.0+[ \t]*#/)
- {
- # The next lines will put the skip explanation in $0, stripping
- # any leading and trailing whitespace. This is a little more
- # tricky in truth, since we want to also strip a potential leading
- # "SKIP" string from the message.
- sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "")
- sub("[ \t]*$", "");
- handle_tap_plan(0, $0)
- }
- # "Bail out!" magic.
- # Older versions of prove and TAP::Harness (e.g., 3.17) did not
- # recognize a "Bail out!" directive when preceded by leading
- # whitespace, but more modern versions (e.g., 3.23) do. So we
- # emulate the latter, "more modern" behaviour.
- else if ($0 ~ /^[ \t]*Bail out!/)
- {
- bailed_out = 1
- # Get the bailout message (if any), with leading and trailing
- # whitespace stripped. The message remains stored in `$0`.
- sub("^[ \t]*Bail out![ \t]*", "");
- sub("[ \t]*$", "");
- # Format the error message for the
- bailout_message = "Bail out!"
- if (length($0))
- bailout_message = bailout_message " " $0
- testsuite_error(bailout_message)
- }
- # Maybe we have too look for dianogtic comments too.
- else if (comments != 0)
- {
- comment = extract_tap_comment($0);
- if (length(comment))
- report("#", comment);
- }
- }
-
-## -------- ##
-## FINISH ##
-## -------- ##
-
-# A "Bail out!" directive should cause us to ignore any following TAP
-# error, as well as a non-zero exit status from the TAP producer.
-if (!bailed_out)
- {
- if (!plan_seen)
- {
- testsuite_error("missing test plan")
- }
- else if (planned_tests != testno)
- {
- bad_amount = testno > planned_tests ? "many" : "few"
- testsuite_error(sprintf("too %s tests run (expected %d, got %d)",
- bad_amount, planned_tests, testno))
- }
- if (!ignore_exit)
- {
- # Fetch exit status from the last line.
- exit_message = get_test_exit_message(nextline)
- if (exit_message)
- testsuite_error(exit_message)
- }
- }
-
-write_test_results()
-
-exit 0
-
-} # End of "BEGIN" block.
-'
-
-# TODO: document that we consume the file descriptor 3 :-(
-} 3>"$log_file"
-
-test $? -eq 0 || fatal "I/O or internal error"
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
-# time-stamp-end: "; # UTC"
-# End:
+++ /dev/null
-#! /bin/sh
-
-# run a GTest in tap mode. The test binary is passed as $1
-
-$1 -k --tap
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
#include <gio/gio.h>
-#include <glib/gi18n-lib.h>
#include "gtlsbackend-gnutls.h"
#include "gtlsbackend-gnutls-pkcs11.h"
void
g_io_module_load (GIOModule *module)
{
- gchar *locale_dir;
-#ifdef G_OS_WIN32
- gchar *base_dir;
-#endif
-
g_tls_backend_gnutls_register (module);
#ifdef HAVE_PKCS11
g_tls_backend_gnutls_pkcs11_register (module);
#endif
-
-#ifdef G_OS_WIN32
- base_dir = g_win32_get_package_installation_directory_of_module (NULL);
- locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
- g_free (base_dir);
-#else
- locale_dir = g_strdup (LOCALE_DIR);
-#endif
-
- bindtextdomain (GETTEXT_PACKAGE, locale_dir);
- bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
- g_free (locale_dir);
}
void
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stef@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stef@collabora.co.uk>
*/
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_BACKEND_GNUTLS_H__
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <gio/gio.h>
#include <gnutls/gnutls.h>
-#include "gtlscertificate-gnutls.h"
-
G_BEGIN_DECLS
#define G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11 (g_tls_certificate_gnutls_pkcs11_get_type ())
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
gnutls_x509_crt_t *chain;
GTlsCertificateFlags gtls_flags;
time_t t, now;
-
+
cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
for (num_certs = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer)
num_certs++;
const gchar *interaction_id,
gnutls_retr2_st *st)
{
- GTlsCertificateGnutls *chain;
gnutls_x509_crt_t cert;
gnutls_datum_t data;
- guint num_certs = 0;
size_t size = 0;
- int status;
- /* We will do this loop twice. It's probably more efficient than
- * re-allocating memory.
- */
- chain = gnutls;
- while (chain != NULL)
- {
- num_certs++;
- chain = chain->priv->issuer;
- }
+ gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
+ NULL, &size);
+ data.data = g_malloc (size);
+ data.size = size;
+ gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
+ data.data, &size);
- st->ncerts = 0;
- st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t) * num_certs);
+ gnutls_x509_crt_init (&cert);
+ gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
+ g_free (data.data);
- /* Now do the actual copy of the whole chain. */
- chain = gnutls;
- while (chain != NULL)
- {
- gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
- NULL, &size);
- data.data = g_malloc (size);
- data.size = size;
- gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
- data.data, &size);
-
- gnutls_x509_crt_init (&cert);
- status = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
- g_warn_if_fail (status == 0);
- g_free (data.data);
-
- st->cert.x509[st->ncerts] = cert;
- st->ncerts++;
-
- chain = chain->priv->issuer;
- }
+ st->ncerts = 1;
+ st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t));
+ st->cert.x509[0] = cert;
if (gnutls->priv->key != NULL)
{
{ GNUTLS_CERT_NOT_ACTIVATED, G_TLS_CERTIFICATE_NOT_ACTIVATED },
{ GNUTLS_CERT_EXPIRED, G_TLS_CERTIFICATE_EXPIRED },
{ GNUTLS_CERT_REVOKED, G_TLS_CERTIFICATE_REVOKED },
- { GNUTLS_CERT_INSECURE_ALGORITHM, G_TLS_CERTIFICATE_INSECURE },
- { GNUTLS_CERT_UNEXPECTED_OWNER, G_TLS_CERTIFICATE_BAD_IDENTITY }
+ { GNUTLS_CERT_INSECURE_ALGORITHM, G_TLS_CERTIFICATE_INSECURE }
};
static const int flags_map_size = G_N_ELEMENTS (flags_map);
return gtls_flags;
}
-static gboolean
-verify_identity_hostname (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
+GTlsCertificateFlags
+g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
+ GSocketConnectable *identity)
{
const char *hostname;
else if (G_IS_NETWORK_SERVICE (identity))
hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
else
- return FALSE;
-
- return gnutls_x509_crt_check_hostname (gnutls->priv->cert, hostname);
-}
-
-static gboolean
-verify_identity_ip (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
-{
- GInetAddress *addr;
- int i, ret = 0;
- gsize addr_size;
- const guint8 *addr_bytes;
-
- if (G_IS_INET_SOCKET_ADDRESS (identity))
- addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)));
- else {
- const char *hostname;
-
- if (G_IS_NETWORK_ADDRESS (identity))
- hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
- else if (G_IS_NETWORK_SERVICE (identity))
- hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
- else
- return FALSE;
-
- addr = g_inet_address_new_from_string (hostname);
- if (!addr)
- return FALSE;
- }
+ hostname = NULL;
- addr_bytes = g_inet_address_to_bytes (addr);
- addr_size = g_inet_address_get_native_size (addr);
-
- for (i = 0; ret >= 0; i++)
+ if (hostname)
{
- char san[500];
- size_t san_size;
-
- san_size = sizeof (san);
- ret = gnutls_x509_crt_get_subject_alt_name (gnutls->priv->cert, i,
- san, &san_size, NULL);
-
- if ((ret == GNUTLS_SAN_IPADDRESS) && (addr_size == san_size))
- {
- if (memcmp (addr_bytes, san, addr_size) == 0)
- {
- g_object_unref (addr);
- return TRUE;
- }
- }
+ if (gnutls_x509_crt_check_hostname (gnutls->priv->cert, hostname))
+ return 0;
}
- g_object_unref (addr);
- return FALSE;
-}
-
-GTlsCertificateFlags
-g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
-{
- if (verify_identity_hostname (gnutls, identity))
- return 0;
- else if (verify_identity_ip (gnutls, identity))
- return 0;
-
/* FIXME: check sRVName and uniformResourceIdentifier
* subjectAltNames, if appropriate for @identity.
*/
g_object_get (gnutls, "certificate", &array, NULL);
return g_byte_array_free_to_bytes (array);
}
-
-static gnutls_x509_crt_t *
-convert_data_to_gnutls_certs (const gnutls_datum_t *certs,
- guint num_certs,
- gnutls_x509_crt_fmt_t format)
-{
- gnutls_x509_crt_t *gnutls_certs;
- guint i;
-
- gnutls_certs = g_new (gnutls_x509_crt_t, num_certs);
-
- for (i = 0; i < num_certs; i++)
- {
- if (gnutls_x509_crt_init (&gnutls_certs[i]) < 0)
- {
- i--;
- goto error;
- }
- }
-
- for (i = 0; i < num_certs; i++)
- {
- if (gnutls_x509_crt_import (gnutls_certs[i], &certs[i], format) < 0)
- {
- i = num_certs - 1;
- goto error;
- }
- }
-
- return gnutls_certs;
-
-error:
- for (; i != G_MAXUINT; i--)
- gnutls_x509_crt_deinit (gnutls_certs[i]);
- g_free (gnutls_certs);
- return NULL;
-}
-
-GTlsCertificateGnutls *
-g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs,
- guint num_certs,
- gnutls_x509_crt_fmt_t format)
-{
- GPtrArray *glib_certs;
- gnutls_x509_crt_t *gnutls_certs;
- GTlsCertificateGnutls *issuer;
- GTlsCertificateGnutls *result;
- guint i, j;
-
- g_return_val_if_fail (certs, NULL);
-
- gnutls_certs = convert_data_to_gnutls_certs (certs, num_certs, format);
- if (!gnutls_certs)
- return NULL;
-
- glib_certs = g_ptr_array_new_full (num_certs, g_object_unref);
- for (i = 0; i < num_certs; i++)
- g_ptr_array_add (glib_certs, g_tls_certificate_gnutls_new (&certs[i], NULL));
-
- /* Some servers send certs out of order, or will send duplicate
- * certs, so we need to be careful when assigning the issuer of
- * our new GTlsCertificateGnutls.
- */
- for (i = 0; i < num_certs; i++)
- {
- issuer = NULL;
-
- /* Check if the cert issued itself */
- if (gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i]))
- continue;
-
- if (i < num_certs - 1 &&
- gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i + 1]))
- {
- issuer = glib_certs->pdata[i + 1];
- }
- else
- {
- for (j = 0; j < num_certs; j++)
- {
- if (j != i &&
- gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[j]))
- {
- issuer = glib_certs->pdata[j];
- break;
- }
- }
- }
-
- if (issuer)
- g_tls_certificate_gnutls_set_issuer (glib_certs->pdata[i], issuer);
- }
-
- result = g_object_ref (glib_certs->pdata[0]);
- g_ptr_array_unref (glib_certs);
-
- for (i = 0; i < num_certs; i++)
- gnutls_x509_crt_deinit (gnutls_certs[i]);
- g_free (gnutls_certs);
-
- return result;
-}
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_CERTIFICATE_GNUTLS_H__
GTlsCertificateGnutls* g_tls_certificate_gnutls_steal_issuer (GTlsCertificateGnutls *gnutls);
-GTlsCertificateGnutls* g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs,
- guint num_certs,
- gnutls_x509_crt_fmt_t format);
-
G_END_DECLS
#endif /* __G_TLS_CERTIFICATE_GNUTLS_H___ */
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
PROP_ACCEPTED_CAS
};
-static void g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface);
-
static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface);
static int g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t session,
int pk_algos_length,
gnutls_retr2_st *st);
-static GInitableIface *g_tls_client_connection_gnutls_parent_initable_iface;
-
G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS,
- G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
- g_tls_client_connection_gnutls_initable_interface_init)
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
g_tls_client_connection_gnutls_client_connection_interface_init));
GTlsCertificateFlags validation_flags;
GSocketConnectable *server_identity;
gboolean use_ssl3;
- gboolean session_data_override;
GBytes *session_id;
- GBytes *session_data;
gboolean cert_requested;
- GError *cert_error;
GPtrArray *accepted_cas;
};
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
- g_clear_object (&gnutls->priv->server_identity);
- g_clear_pointer (&gnutls->priv->accepted_cas, g_ptr_array_unref);
- g_clear_pointer (&gnutls->priv->session_id, g_bytes_unref);
- g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
- g_clear_error (&gnutls->priv->cert_error);
+ if (gnutls->priv->server_identity)
+ g_object_unref (gnutls->priv->server_identity);
+ if (gnutls->priv->accepted_cas)
+ g_ptr_array_unref (gnutls->priv->accepted_cas);
+ if (gnutls->priv->session_id)
+ g_bytes_unref (gnutls->priv->session_id);
G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->finalize (object);
}
-static gboolean
-g_tls_client_connection_gnutls_initable_init (GInitable *initable,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
- gnutls_session_t session;
- const gchar *hostname;
-
- if (!g_tls_client_connection_gnutls_parent_initable_iface->
- init (initable, cancellable, error))
- return FALSE;
-
- session = g_tls_connection_gnutls_get_session (gnutls);
- hostname = get_server_identity (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
- if (hostname)
- {
- gnutls_server_name_set (session, GNUTLS_NAME_DNS,
- hostname, strlen (hostname));
- }
-
- return TRUE;
-}
-
static void
g_tls_client_connection_gnutls_get_property (GObject *object,
guint prop_id,
{
gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
- /* This will only be triggered if the identity is set after
- * initialization */
- if (session)
- {
- gnutls_server_name_set (session, GNUTLS_NAME_DNS,
- hostname, strlen (hostname));
- }
+ gnutls_server_name_set (session, GNUTLS_NAME_DNS,
+ hostname, strlen (hostname));
}
break;
gnutls_retr2_st *st)
{
GTlsClientConnectionGnutls *gnutls = gnutls_transport_get_ptr (session);
- GTlsConnectionGnutls *conn = G_TLS_CONNECTION_GNUTLS (gnutls);
GPtrArray *accepted_cas;
GByteArray *dn;
int i;
gnutls->priv->accepted_cas = accepted_cas;
g_object_notify (G_OBJECT (gnutls), "accepted-cas");
- g_tls_connection_gnutls_get_certificate (conn, st);
-
- if (st->ncerts == 0)
- {
- g_clear_error (&gnutls->priv->cert_error);
- if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->priv->cert_error))
- g_tls_connection_gnutls_get_certificate (conn, st);
- }
-
+ g_tls_connection_gnutls_get_certificate (G_TLS_CONNECTION_GNUTLS (gnutls), st);
return 0;
}
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
- gnutls->priv->session_data_override = FALSE;
- g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
if (gnutls->priv->session_id)
g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
}
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
/* Try to get a cached session */
- if (gnutls->priv->session_data_override)
- {
- gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
- g_bytes_get_data (gnutls->priv->session_data, NULL),
- g_bytes_get_size (gnutls->priv->session_data));
- }
- else if (gnutls->priv->session_id)
+ if (gnutls->priv->session_id)
{
GBytes *session_data;
gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
g_bytes_get_data (session_data, NULL),
g_bytes_get_size (session_data));
- g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
- gnutls->priv->session_data = session_data;
+ g_bytes_unref (session_data);
}
}
GError **inout_error)
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
- int resumed;
g_assert (inout_error != NULL);
gnutls->priv->cert_requested)
{
g_clear_error (inout_error);
- if (gnutls->priv->cert_error)
- {
- *inout_error = gnutls->priv->cert_error;
- gnutls->priv->cert_error = NULL;
- }
- else
- {
- g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
- _("Server required TLS certificate"));
- }
+ g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("Server required TLS certificate"));
}
- resumed = gnutls_session_is_resumed (g_tls_connection_gnutls_get_session (conn));
- if (*inout_error || !resumed)
- {
- /* Clear session data since the server did not accept what we provided. */
- gnutls->priv->session_data_override = FALSE;
- g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
- if (gnutls->priv->session_id)
- g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
- }
-
- if (!*inout_error && !resumed)
+ if (gnutls->priv->session_id)
{
gnutls_datum_t session_datum;
- if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
- &session_datum) == 0)
- {
- gnutls->priv->session_data = g_bytes_new_with_free_func (session_datum.data,
- session_datum.size,
- (GDestroyNotify)gnutls_free,
- session_datum.data);
-
- g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
- gnutls->priv->session_id,
- gnutls->priv->session_data);
- }
- }
-}
-
-static void
-g_tls_client_connection_gnutls_copy_session_state (GTlsClientConnection *conn,
- GTlsClientConnection *source)
-{
- GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
- GTlsClientConnectionGnutls *gnutls_source = G_TLS_CLIENT_CONNECTION_GNUTLS (source);
-
- if (gnutls_source->priv->session_data)
- {
- gnutls->priv->session_data_override = TRUE;
- gnutls->priv->session_data = g_bytes_ref (gnutls_source->priv->session_data);
+ if (!*inout_error &&
+ gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
+ &session_datum) == 0)
+ {
+ GBytes *session_data = g_bytes_new_with_free_func (session_datum.data, session_datum.size,
+ (GDestroyNotify)gnutls_free, session_datum.data);
- if (gnutls->priv->session_id)
- g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
- gnutls->priv->session_id,
- gnutls->priv->session_data);
+ g_tls_backend_gnutls_store_session (GNUTLS_CLIENT, gnutls->priv->session_id,
+ session_data);
+ g_bytes_unref (session_data);
+ }
+ else
+ g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
}
}
static void
g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface)
{
- iface->copy_session_state = g_tls_client_connection_gnutls_copy_session_state;
-}
-
-static void
-g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface)
-{
- g_tls_client_connection_gnutls_parent_initable_iface = g_type_interface_peek_parent (iface);
-
- iface->init = g_tls_client_connection_gnutls_initable_init;
}
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_CLIENT_CONNECTION_GNUTLS_H__
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
#include "glib.h"
#include <errno.h>
-#include <stdarg.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "pkcs11/gpkcs11pin.h"
#endif
-#ifdef G_OS_WIN32
-#include <winsock2.h>
-#include <winerror.h>
-
-/* It isn’t clear whether MinGW always defines EMSGSIZE. */
-#ifndef EMSGSIZE
-#define EMSGSIZE WSAEMSGSIZE
-#endif
-#endif
-
#include <glib/gi18n-lib.h>
static ssize_t g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t transport_data,
gboolean database_is_unset;
/* need_handshake means the next claim_op() will get diverted into
- * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
+ * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE).
* need_finish_handshake means the next claim_op() will get diverted
- * into finish_handshake() (unless it's an OP_CLOSE*).
+ * into finish_handshake() (unless it's an OP_CLOSE).
*
* handshaking is TRUE as soon as a handshake thread is queued. For
* a sync handshake it becomes FALSE after finish_handshake()
GError *handshake_error;
GByteArray *app_data_buf;
- /* read_closed means the read direction has closed; write_closed similarly.
- * If (and only if) both are set, the entire GTlsConnection is closed. */
- gboolean read_closing, read_closed;
- gboolean write_closing, write_closed;
+ gboolean closing, closed;
GInputStream *tls_istream;
GOutputStream *tls_ostream;
g_mutex_init (&gnutls->priv->op_mutex);
}
-/* First field is "fallback", second is "allow unsafe rehandshaking" */
+/* First field is "ssl3 only", second is "allow unsafe rehandshaking" */
static gnutls_priority_t priorities[2][2];
-#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT:%LATEST_RECORD_VERSION"
-
static void
g_tls_connection_gnutls_init_priorities (void)
{
const gchar *base_priority;
- gchar *fallback_priority, *unsafe_rehandshake_priority, *fallback_unsafe_rehandshake_priority;
- const guint *protos;
- int ret, i, nprotos, fallback_proto;
+ gchar *ssl3_priority, *unsafe_rehandshake_priority, *ssl3_unsafe_rehandshake_priority;
+ int ret;
base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY");
if (!base_priority)
- base_priority = DEFAULT_BASE_PRIORITY;
+ base_priority = "NORMAL:%COMPAT";
ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
if (ret == GNUTLS_E_INVALID_REQUEST)
{
g_warning ("G_TLS_GNUTLS_PRIORITY is invalid; ignoring!");
- base_priority = DEFAULT_BASE_PRIORITY;
- ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
- g_warn_if_fail (ret == 0);
+ base_priority = "NORMAL:%COMPAT";
+ gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
}
+ ssl3_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", base_priority);
unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", base_priority);
- ret = gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL);
- g_warn_if_fail (ret == 0);
- g_free (unsafe_rehandshake_priority);
-
- /* Figure out the lowest SSl/TLS version supported by base_priority */
- nprotos = gnutls_priority_protocol_list (priorities[FALSE][FALSE], &protos);
- fallback_proto = G_MAXUINT;
- for (i = 0; i < nprotos; i++)
- {
- if (protos[i] < fallback_proto)
- fallback_proto = protos[i];
- }
- if (fallback_proto == G_MAXUINT)
- {
- g_warning ("All GNUTLS protocol versions disabled?");
- fallback_priority = g_strdup (base_priority);
- }
- else
- {
- gchar *cleaned_base, *p, *rest;
-
- /* fallback_priority should be based on base_priority, except
- * that we don't want %LATEST_RECORD_VERSION in it.
- */
- cleaned_base = g_strdup (base_priority);
- p = strstr (cleaned_base, ":%LATEST_RECORD_VERSION");
- if (p)
- {
- rest = p + strlen (":%LATEST_RECORD_VERSION");
- memmove (p, rest, strlen (rest) + 1);
- }
+ ssl3_unsafe_rehandshake_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%%UNSAFE_RENEGOTIATION", base_priority);
- fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s",
- cleaned_base,
- gnutls_protocol_get_name (fallback_proto));
+ gnutls_priority_init (&priorities[TRUE][FALSE], ssl3_priority, NULL);
+ gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL);
+ gnutls_priority_init (&priorities[TRUE][TRUE], ssl3_unsafe_rehandshake_priority, NULL);
- g_free (cleaned_base);
- }
- fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION",
- fallback_priority);
-
- ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL);
- g_warn_if_fail (ret == 0);
- ret = gnutls_priority_init (&priorities[TRUE][TRUE], fallback_unsafe_rehandshake_priority, NULL);
- g_warn_if_fail (ret == 0);
- g_free (fallback_priority);
- g_free (fallback_unsafe_rehandshake_priority);
+ g_free (ssl3_priority);
+ g_free (unsafe_rehandshake_priority);
+ g_free (ssl3_unsafe_rehandshake_priority);
}
static void
g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
{
- gboolean fallback, unsafe_rehandshake;
+ gboolean use_ssl3, unsafe_rehandshake;
if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
- fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
+ use_ssl3 = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
else
- fallback = FALSE;
+ use_ssl3 = FALSE;
unsafe_rehandshake = (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
gnutls_priority_set (gnutls->priv->session,
- priorities[fallback][unsafe_rehandshake]);
+ priorities[use_ssl3][unsafe_rehandshake]);
}
static gboolean
GError **error)
{
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
- gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
- guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER;
int status;
g_return_val_if_fail (gnutls->priv->base_istream != NULL &&
gnutls->priv->base_ostream != NULL, FALSE);
- gnutls_init (&gnutls->priv->session, flags);
+ /* Make sure gnutls->priv->session has been initialized (it may have
+ * already been initialized by a construct-time property setter).
+ */
+ g_tls_connection_gnutls_get_session (gnutls);
status = gnutls_credentials_set (gnutls->priv->session,
GNUTLS_CRD_CERTIFICATE,
return FALSE;
}
+ /* Some servers (especially on embedded devices) use tiny keys that
+ * gnutls will reject by default. We want it to accept them.
+ */
+ gnutls_dh_set_prime_bits (gnutls->priv->session, 256);
+
gnutls_transport_set_push_function (gnutls->priv->session,
g_tls_connection_gnutls_push_func);
gnutls_transport_set_pull_function (gnutls->priv->session,
g_clear_error (&gnutls->priv->read_error);
g_clear_error (&gnutls->priv->write_error);
- /* This must always be NULL at this, as it holds a referehce to @gnutls as
- * its source object. However, we clear it anyway just in case this changes
- * in future. */
- g_clear_object (&gnutls->priv->implicit_handshake);
-
- g_clear_object (&gnutls->priv->read_cancellable);
- g_clear_object (&gnutls->priv->write_cancellable);
-
g_clear_object (&gnutls->priv->waiting_for_op);
g_mutex_clear (&gnutls->priv->op_mutex);
gnutls_session_t
g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *gnutls)
{
+ /* Ideally we would initialize gnutls->priv->session from
+ * g_tls_connection_gnutls_init(), but we can't tell if it's a
+ * client or server connection at that point... And
+ * g_tls_connection_gnutls_initiable_init() is too late, because
+ * construct-time property setters may need to modify it.
+ */
+ if (!gnutls->priv->session)
+ {
+ gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
+ gnutls_init (&gnutls->priv->session, client ? GNUTLS_CLIENT : GNUTLS_SERVER);
+ }
+
return gnutls->priv->session;
}
G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE,
G_TLS_CONNECTION_GNUTLS_OP_READ,
G_TLS_CONNECTION_GNUTLS_OP_WRITE,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH,
+ G_TLS_CONNECTION_GNUTLS_OP_CLOSE,
} GTlsConnectionGnutlsOp;
static gboolean
g_mutex_lock (&gnutls->priv->op_mutex);
- if (((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
- op == G_TLS_CONNECTION_GNUTLS_OP_READ) &&
- (gnutls->priv->read_closing || gnutls->priv->read_closed)) ||
- ((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
- op == G_TLS_CONNECTION_GNUTLS_OP_WRITE) &&
- (gnutls->priv->write_closing || gnutls->priv->write_closed)))
+ if (gnutls->priv->closing || gnutls->priv->closed)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
_("Connection is closed"));
return FALSE;
}
- if (gnutls->priv->handshake_error &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
+ if (gnutls->priv->handshake_error && op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
{
if (error)
*error = g_error_copy (gnutls->priv->handshake_error);
return FALSE;
}
- if (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
+ if (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
{
- if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
- gnutls->priv->need_handshake)
+ if (gnutls->priv->need_handshake)
{
gnutls->priv->need_handshake = FALSE;
gnutls->priv->handshaking = TRUE;
g_clear_object (&gnutls->priv->implicit_handshake);
g_mutex_lock (&gnutls->priv->op_mutex);
- if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
- (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
+ if (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error))
{
g_propagate_error (error, my_error);
g_mutex_unlock (&gnutls->priv->op_mutex);
return FALSE;
}
-
- g_clear_error (&my_error);
}
}
nfds = 2;
else
nfds = 1;
-
g_poll (fds, nfds, -1);
-
- if (nfds > 1)
- g_cancellable_release_fd (cancellable);
+ g_cancellable_release_fd (cancellable);
goto try_again;
}
gnutls->priv->handshaking = TRUE;
gnutls->priv->need_handshake = FALSE;
}
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
- gnutls->priv->read_closing = TRUE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
- gnutls->priv->write_closing = TRUE;
+ if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
+ gnutls->priv->closing = TRUE;
if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
gnutls->priv->reading = TRUE;
if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
gnutls->priv->handshaking = FALSE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
- gnutls->priv->read_closing = FALSE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
- gnutls->priv->write_closing = FALSE;
+ if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
+ gnutls->priv->closing = FALSE;
if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
gnutls->priv->reading = FALSE;
static int
end_gnutls_io (GTlsConnectionGnutls *gnutls,
- GIOCondition direction,
- int status,
- GError **error,
- const char *err_fmt,
- ...) G_GNUC_PRINTF(5, 6);
-
-static int
-end_gnutls_io (GTlsConnectionGnutls *gnutls,
- GIOCondition direction,
- int status,
- GError **error,
- const char *err_fmt,
- ...)
+ GIOCondition direction,
+ int status,
+ const char *errmsg,
+ GError **error)
{
GError *my_error = NULL;
if (my_error)
{
- if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) &&
- !g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
+ if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
g_propagate_error (error, my_error);
return status;
if (error)
{
- va_list ap;
-
- va_start (ap, err_fmt);
- *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
- va_end (ap);
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ errmsg, gnutls_strerror (status));
}
return status;
}
do {
#define END_GNUTLS_IO(gnutls, direction, ret, errmsg, err) \
- } while ((ret = end_gnutls_io (gnutls, direction, ret, err, errmsg, gnutls_strerror (ret))) == GNUTLS_E_AGAIN);
+ } while ((ret = end_gnutls_io (gnutls, direction, ret, errmsg, err)) == GNUTLS_E_AGAIN);
gboolean
g_tls_connection_gnutls_check (GTlsConnectionGnutls *gnutls,
/* If a handshake or close is in progress, then tls_istream and
* tls_ostream are blocked, regardless of the base stream status.
*/
- if (gnutls->priv->handshaking)
- return FALSE;
-
- if (((condition & G_IO_IN) && gnutls->priv->read_closing) ||
- ((condition & G_IO_OUT) && gnutls->priv->write_closing))
+ if (gnutls->priv->handshaking || gnutls->priv->closing)
return FALSE;
if (condition & G_IO_IN)
GTlsConnectionGnutls *gnutls = gnutls_source->gnutls;
gboolean io_waiting, op_waiting;
- /* Was the source destroyed earlier in this main context iteration? */
- if (g_source_is_destroyed ((GSource *) gnutls_source))
- return;
-
g_mutex_lock (&gnutls->priv->op_mutex);
if (((gnutls_source->condition & G_IO_IN) && gnutls->priv->reading) ||
((gnutls_source->condition & G_IO_OUT) && gnutls->priv->writing) ||
gnutls_transport_set_errno (gnutls->priv->session, EINTR);
else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
gnutls_transport_set_errno (gnutls->priv->session, EINTR);
- else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
- gnutls_transport_set_errno (gnutls->priv->session, EINTR);
else
gnutls_transport_set_errno (gnutls->priv->session, EIO);
}
return ret;
}
+
static GTlsCertificate *
get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
{
+ GTlsCertificate *chain, *cert;
const gnutls_datum_t *certs;
- GTlsCertificateGnutls *chain;
unsigned int num_certs;
+ int i;
certs = gnutls_certificate_get_peers (gnutls->priv->session, &num_certs);
if (!certs || !num_certs)
return NULL;
- chain = g_tls_certificate_gnutls_build_chain (certs, num_certs, GNUTLS_X509_FMT_DER);
- if (!chain)
- return NULL;
+ chain = NULL;
+ for (i = num_certs - 1; i >= 0; i--)
+ {
+ cert = g_tls_certificate_gnutls_new (&certs[i], chain);
+ if (chain)
+ g_object_unref (chain);
+ chain = cert;
+ }
- return G_TLS_CERTIFICATE (chain);
+ return chain;
}
static GTlsCertificateFlags
GTlsCertificate *peer_certificate,
GTlsCertificateFlags peer_certificate_errors)
{
- gboolean accepted = FALSE;
+ gboolean accepted;
if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
{
if ((peer_certificate_errors & validation_flags) == 0)
accepted = TRUE;
+ else
+ {
+ accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
+ peer_certificate,
+ peer_certificate_errors);
+ }
}
-
- if (!accepted)
+ else
{
accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
peer_certificate,
GError *my_error = NULL;
task = g_task_new (conn, cancellable, NULL, NULL);
- g_task_set_source_tag (task, g_tls_connection_gnutls_handshake);
begin_handshake (gnutls);
g_task_run_in_thread_sync (task, handshake_thread);
success = finish_handshake (gnutls, task, &my_error);
GTask *thread_task, *caller_task;
caller_task = g_task_new (conn, cancellable, callback, user_data);
- g_task_set_source_tag (caller_task, g_tls_connection_gnutls_handshake_async);
g_task_set_priority (caller_task, io_priority);
begin_handshake (G_TLS_CONNECTION_GNUTLS (conn));
thread_task = g_task_new (conn, cancellable,
handshake_thread_completed, caller_task);
- g_task_set_source_tag (thread_task, g_tls_connection_gnutls_handshake_async);
g_task_set_priority (thread_task, io_priority);
g_task_run_in_thread (thread_task, async_handshake_thread);
g_object_unref (thread_task);
/* We have op_mutex */
gnutls->priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL);
- g_task_set_source_tag (gnutls->priv->implicit_handshake,
- do_implicit_handshake);
begin_handshake (gnutls);
return gnutls->priv->tls_ostream;
}
-gboolean
-g_tls_connection_gnutls_close_internal (GIOStream *stream,
- GTlsDirection direction,
- GCancellable *cancellable,
- GError **error)
+static gboolean
+g_tls_connection_gnutls_close (GIOStream *stream,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
- GTlsConnectionGnutlsOp op;
- gboolean success = TRUE;
+ gboolean success;
int ret = 0;
- GError *gnutls_error = NULL, *stream_error = NULL;
- /* This can be called from g_io_stream_close(), g_input_stream_close() or
- * g_output_stream_close(). In all cases, we only do the gnutls_bye() for
- * writing. The difference is how we set the flags on this class and how
- * the underlying stream is closed.
- */
-
- g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
-
- if (direction == G_TLS_DIRECTION_BOTH)
- op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH;
- else if (direction == G_TLS_DIRECTION_READ)
- op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ;
- else
- op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE;
-
- if (!claim_op (gnutls, op, TRUE, cancellable, error))
+ if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE,
+ TRUE, cancellable, error))
return FALSE;
- if (gnutls->priv->ever_handshaked && !gnutls->priv->write_closed &&
- direction & G_TLS_DIRECTION_WRITE)
+ if (gnutls->priv->closed)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+ _("Connection is already closed"));
+ yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE);
+ return FALSE;
+ }
+
+ if (gnutls->priv->ever_handshaked)
{
BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, TRUE, cancellable);
ret = gnutls_bye (gnutls->priv->session, GNUTLS_SHUT_WR);
END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
- _("Error performing TLS close: %s"), &gnutls_error);
-
- gnutls->priv->write_closed = TRUE;
+ _("Error performing TLS close: %s"), error);
}
- if (!gnutls->priv->read_closed && direction & G_TLS_DIRECTION_READ)
- gnutls->priv->read_closed = TRUE;
-
- /* Close the underlying streams. Do this even if the gnutls_bye() call failed,
- * as the parent GIOStream will have set its internal closed flag and hence
- * this implementation will never be called again. */
- if (direction == G_TLS_DIRECTION_BOTH)
- success = g_io_stream_close (gnutls->priv->base_io_stream,
- cancellable, &stream_error);
- else if (direction & G_TLS_DIRECTION_READ)
- success = g_input_stream_close (g_io_stream_get_input_stream (gnutls->priv->base_io_stream),
- cancellable, &stream_error);
- else if (direction & G_TLS_DIRECTION_WRITE)
- success = g_output_stream_close (g_io_stream_get_output_stream (gnutls->priv->base_io_stream),
- cancellable, &stream_error);
-
- yield_op (gnutls, op);
-
- /* Propagate errors. */
+ gnutls->priv->closed = TRUE;
+
if (ret != 0)
{
- g_propagate_error (error, gnutls_error);
- g_clear_error (&stream_error);
- }
- else if (!success)
- {
- g_propagate_error (error, stream_error);
- g_clear_error (&gnutls_error);
+ yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE);
+ return FALSE;
}
- return success && (ret == 0);
-}
-
-static gboolean
-g_tls_connection_gnutls_close (GIOStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- return g_tls_connection_gnutls_close_internal (stream,
- G_TLS_DIRECTION_BOTH,
- cancellable, error);
+ success = g_io_stream_close (gnutls->priv->base_io_stream,
+ cancellable, error);
+ yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE);
+ return success;
}
/* We do async close as synchronous-in-a-thread so we don't need to
GIOStream *stream = object;
GError *error = NULL;
- if (!g_tls_connection_gnutls_close_internal (stream, G_TLS_DIRECTION_BOTH,
- cancellable, &error))
+ if (!g_tls_connection_gnutls_close (stream, cancellable, &error))
g_task_return_error (task, error);
else
g_task_return_boolean (task, TRUE);
GTask *task;
task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_connection_gnutls_close_async);
g_task_set_priority (task, io_priority);
g_task_run_in_thread (task, close_thread);
g_object_unref (task);
pin = NULL;
break;
case G_TLS_INTERACTION_UNHANDLED:
- default:
pin = NULL;
break;
case G_TLS_INTERACTION_HANDLED:
{
iface->init = g_tls_connection_gnutls_initable_init;
}
-
-gboolean
-g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *self,
- GError **error)
-{
- GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
- GTlsInteraction *interaction;
- GTlsConnection *conn;
-
- g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (self), FALSE);
-
- conn = G_TLS_CONNECTION (self);
-
- interaction = g_tls_connection_get_interaction (conn);
- if (!interaction)
- return FALSE;
-
- res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
- self->priv->read_cancellable, error);
- return res != G_TLS_INTERACTION_FAILED;
-}
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_CONNECTION_GNUTLS_H__
gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
gnutls_session_t g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *connection);
-
-void g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
- gnutls_retr2_st *st);
-
-gboolean g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *gnutls,
- GError **error);
+void g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
+ gnutls_retr2_st *st);
gssize g_tls_connection_gnutls_read (GTlsConnectionGnutls *gnutls,
void *buffer,
GIOCondition condition,
GCancellable *cancellable);
-typedef enum {
- G_TLS_DIRECTION_NONE = 0,
- G_TLS_DIRECTION_READ = 1 << 0,
- G_TLS_DIRECTION_WRITE = 1 << 1,
-} GTlsDirection;
-
-#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
-
-gboolean g_tls_connection_gnutls_close_internal (GIOStream *stream,
- GTlsDirection direction,
- GCancellable *cancellable,
- GError **error);
-
G_END_DECLS
#endif /* __G_TLS_CONNECTION_GNUTLS_H___ */
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include "pkcs11/gpkcs11util.h"
#include "pkcs11/pkcs11-trust-assertions.h"
-static const CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = {
+const static CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = {
CKA_ID, CKA_LABEL, CKA_CLASS, CKA_VALUE
};
-static const CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = {
+const static CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = {
CKA_ID, CKA_LABEL, CKA_CLASS, CKA_KEY_TYPE
};
}
static GTlsCertificate *
-create_database_pkcs11_certificate (GPkcs11Slot *slot,
+create_database_pkcs11_certificate (GPkcs11Slot *slot,
GPkcs11Array *certificate_attrs,
GPkcs11Array *private_key_attrs)
{
return certificate;
}
-static const gchar *
+static const gchar*
calculate_peer_for_identity (GSocketConnectable *identity)
{
const char *peer;
}
static gboolean
-accumulate_stop (gpointer result,
- gpointer user_data)
+accumulate_stop (gpointer result,
+ gpointer user_data)
{
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_exists (gpointer result,
- gpointer user_data)
+accumulate_exists (gpointer result,
+ gpointer user_data)
{
- gboolean *exists = (gboolean *)user_data;
+ gboolean *exists = (gboolean*)user_data;
*exists = TRUE;
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_first_attributes (gpointer result,
- gpointer user_data)
+accumulate_first_attributes (gpointer result,
+ gpointer user_data)
{
- GPkcs11Array **attributes = (GPkcs11Array **)user_data;
+ GPkcs11Array** attributes = (GPkcs11Array**)user_data;
g_assert (attributes);
*attributes = g_pkcs11_array_ref (result);
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_list_attributes (gpointer result,
- gpointer user_data)
+accumulate_list_attributes (gpointer result,
+ gpointer user_data)
{
- GList **results = (GList **)user_data;
+ GList **results = (GList**)user_data;
g_assert (results);
*results = g_list_append (*results, g_pkcs11_array_ref (result));
return TRUE; /* continue enumeration */
}
static gboolean
-accumulate_first_object (gpointer result,
- gpointer user_data)
+accumulate_first_object (gpointer result,
+ gpointer user_data)
{
- GObject **object = (GObject **)user_data;
+ GObject** object = (GObject**)user_data;
g_assert (object);
*object = g_object_ref (result);
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_list_objects (gpointer result,
- gpointer user_data)
+accumulate_list_objects (gpointer result,
+ gpointer user_data)
{
- GList **results = (GList **)user_data;
+ GList **results = (GList**)user_data;
g_assert (results);
*results = g_list_append (*results, g_object_ref (result));
return TRUE; /* continue enumeration */
static GPkcs11EnumerateState
enumerate_call_accumulator (GPkcs11Accumulator accumulator,
- gpointer result,
- gpointer user_data)
+ gpointer result,
+ gpointer user_data)
{
g_assert (accumulator);
}
static GPkcs11EnumerateState
-enumerate_assertion_exists_in_slot (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- GPkcs11Array *match,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_assertion_exists_in_slot (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ GPkcs11Array *match,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
GPkcs11EnumerateState state;
}
static gboolean
-g_tls_database_gnutls_pkcs11_lookup_assertion (GTlsDatabaseGnutlsPkcs11 *self,
- GTlsCertificateGnutls *certificate,
- GTlsDatabaseGnutlsAssertion assertion,
- const gchar *purpose,
- GSocketConnectable *identity,
- GCancellable *cancellable,
- GError **error)
+g_tls_database_gnutls_pkcs11_lookup_assertion (GTlsDatabaseGnutls *database,
+ GTlsCertificateGnutls *certificate,
+ GTlsDatabaseGnutlsAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GByteArray *der = NULL;
gboolean found, ready;
GPkcs11Array *match;
}
static GPkcs11EnumerateState
-enumerate_keypair_for_certificate (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- GPkcs11Array *match_certificate,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_keypair_for_certificate (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ GPkcs11Array *match_certificate,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
GPkcs11Array *private_key_attrs = NULL;
}
static GPkcs11EnumerateState
-enumerate_keypairs_in_slot (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- CK_ATTRIBUTE_PTR match,
- CK_ULONG match_count,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_keypairs_in_slot (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ CK_ATTRIBUTE_PTR match,
+ CK_ULONG match_count,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
GPkcs11EnumerateState state;
GList *results = NULL;
}
static GPkcs11EnumerateState
-enumerate_certificates_in_slot (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- CK_ATTRIBUTE_PTR match,
- CK_ULONG match_count,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_certificates_in_slot (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ CK_ATTRIBUTE_PTR match,
+ CK_ULONG match_count,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
enumerate_certificates_closure closure = { accumulator, user_data, slot };
}
static GPkcs11EnumerateState
-enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11 *self,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- CK_ATTRIBUTE_PTR match,
- CK_ULONG match_count,
- P11KitUri *match_slot_to_uri,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11 *self,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ CK_ATTRIBUTE_PTR match,
+ CK_ULONG match_count,
+ P11KitUri *match_slot_to_uri,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE;
GPkcs11Slot *slot;
return state;
}
-static GTlsCertificate *
-g_tls_database_gnutls_pkcs11_lookup_certificate_issuer (GTlsDatabase *database,
- GTlsCertificate *certificate,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate*
+g_tls_database_gnutls_pkcs11_lookup_certificate_issuer (GTlsDatabase *database,
+ GTlsCertificate *certificate,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GTlsCertificate *result = NULL;
return result;
}
-static GList *
-g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by (GTlsDatabase *database,
- GByteArray *issuer_subject,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GList*
+g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by (GTlsDatabase *database,
+ GByteArray *issuer_subject,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GList *l, *results = NULL;
return results;
}
-static gchar *
-g_tls_database_gnutls_pkcs11_create_certificate_handle (GTlsDatabase *database,
- GTlsCertificate *certificate)
+static gchar*
+g_tls_database_gnutls_pkcs11_create_certificate_handle (GTlsDatabase *database,
+ GTlsCertificate *certificate)
{
GTlsCertificateGnutlsPkcs11 *pkcs11_cert;
return g_tls_certificate_gnutls_pkcs11_build_certificate_uri (pkcs11_cert, NULL);
}
-static GTlsCertificate *
-g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle (GTlsDatabase *database,
- const gchar *handle,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate*
+g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle (GTlsDatabase *database,
+ const gchar *handle,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GTlsCertificate *result = NULL;
return result;
}
-#define BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT 10
-
-enum {
- STATUS_FAILURE,
- STATUS_INCOMPLETE,
- STATUS_SELFSIGNED,
- STATUS_ANCHORED,
- STATUS_RECURSION_LIMIT_REACHED
-};
-
-static gboolean
-is_self_signed (GTlsCertificateGnutls *certificate)
-{
- const gnutls_x509_crt_t cert = g_tls_certificate_gnutls_get_cert (certificate);
- return (gnutls_x509_crt_check_issuer (cert, cert) > 0);
-}
-
-static gint
-build_certificate_chain (GTlsDatabaseGnutlsPkcs11 *self,
- GTlsCertificateGnutls *certificate,
- GTlsCertificateGnutls *previous,
- gboolean certificate_is_from_db,
- guint recursion_depth,
- const gchar *purpose,
- GSocketConnectable *identity,
- GTlsInteraction *interaction,
- GCancellable *cancellable,
- GTlsCertificateGnutls **anchor,
- GError **error)
-{
- GTlsCertificate *issuer;
- gint status;
-
- if (recursion_depth++ > BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT)
- return STATUS_RECURSION_LIMIT_REACHED;
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return STATUS_FAILURE;
-
- /* Look up whether this certificate is an anchor */
- if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate,
- G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE,
- purpose, identity, cancellable, error))
- {
- g_tls_certificate_gnutls_set_issuer (certificate, NULL);
- *anchor = certificate;
- return STATUS_ANCHORED;
- }
- else if (*error)
- {
- return STATUS_FAILURE;
- }
-
- /* Is it self-signed? */
- if (is_self_signed (certificate))
- {
- /*
- * Since at this point we would fail with 'self-signed', can we replace
- * this certificate with one from the database and do better?
- */
- if (previous && !certificate_is_from_db)
- {
- issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
- G_TLS_CERTIFICATE (previous),
- interaction,
- G_TLS_DATABASE_LOOKUP_NONE,
- cancellable, error);
- if (*error)
- {
- return STATUS_FAILURE;
- }
- else if (issuer)
- {
- /* Replaced with certificate in the db, restart step again with this certificate */
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
- g_tls_certificate_gnutls_set_issuer (previous, certificate);
- g_object_unref (issuer);
-
- return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth,
- purpose, identity, interaction, cancellable, anchor, error);
- }
- }
-
- g_tls_certificate_gnutls_set_issuer (certificate, NULL);
- return STATUS_SELFSIGNED;
- }
-
- previous = certificate;
-
- /* Bring over the next certificate in the chain */
- issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
- if (issuer)
- {
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
-
- status = build_certificate_chain (self, certificate, previous, FALSE, recursion_depth,
- purpose, identity, interaction, cancellable, anchor, error);
- if (status != STATUS_INCOMPLETE)
- {
- return status;
- }
- }
-
- /* Search for the next certificate in chain */
- issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
- G_TLS_CERTIFICATE (certificate),
- interaction,
- G_TLS_DATABASE_LOOKUP_NONE,
- cancellable, error);
- if (*error)
- return STATUS_FAILURE;
-
- if (!issuer)
- return STATUS_INCOMPLETE;
-
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
- g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer));
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
- g_object_unref (issuer);
-
- return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth,
- purpose, identity, interaction, cancellable, anchor, error);
-}
-
-static GTlsCertificateFlags
-double_check_before_after_dates (GTlsCertificateGnutls *chain)
-{
- GTlsCertificateFlags gtls_flags = 0;
- gnutls_x509_crt_t cert;
- time_t t, now;
-
- now = time (NULL);
- while (chain)
- {
- cert = g_tls_certificate_gnutls_get_cert (chain);
- t = gnutls_x509_crt_get_activation_time (cert);
- if (t == (time_t) -1 || t > now)
- gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
-
- t = gnutls_x509_crt_get_expiration_time (cert);
- if (t == (time_t) -1 || t < now)
- gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
-
- chain = G_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_get_issuer
- (G_TLS_CERTIFICATE (chain)));
- }
-
- return gtls_flags;
-}
-
-static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
- gnutls_x509_crt_t **gnutls_chain,
- guint *gnutls_chain_length)
-{
- GTlsCertificate *cert;
- guint i;
-
- g_assert (gnutls_chain);
- g_assert (gnutls_chain_length);
-
- for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert))
- ++(*gnutls_chain_length);
-
- *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
-
- for (i = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert), ++i)
- (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
-
- g_assert (i == *gnutls_chain_length);
-}
-
-static GTlsCertificateFlags
-g_tls_database_gnutls_pkcs11_verify_chain (GTlsDatabase *database,
- GTlsCertificate *chain,
- const gchar *purpose,
- GSocketConnectable *identity,
- GTlsInteraction *interaction,
- GTlsDatabaseVerifyFlags flags,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsDatabaseGnutlsPkcs11 *self;
- GTlsCertificateFlags result;
- GTlsCertificateGnutls *certificate;
- GError *err = NULL;
- GTlsCertificateGnutls *anchor;
- guint gnutls_result;
- gnutls_x509_crt_t *certs, *anchors;
- guint certs_length, anchors_length;
- gint status, gerr;
- guint recursion_depth = 0;
-
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
- G_TLS_CERTIFICATE_GENERIC_ERROR);
- g_assert (purpose);
-
- self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
- certificate = G_TLS_CERTIFICATE_GNUTLS (chain);
-
- /* First check for pinned certificate */
- if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate,
- G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE,
- purpose, identity, cancellable, &err))
- {
- /*
- * A pinned certificate is verified on its own, without any further
- * verification.
- */
- g_tls_certificate_gnutls_set_issuer (certificate, NULL);
- return 0;
- }
-
- if (err)
- {
- g_propagate_error (error, err);
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- }
-
- anchor = NULL;
- status = build_certificate_chain (self, certificate, NULL, FALSE, recursion_depth,
- purpose, identity, interaction, cancellable, &anchor, &err);
- if (status == STATUS_FAILURE)
- {
- g_propagate_error (error, err);
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- }
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
- &certs, &certs_length);
-
- if (anchor)
- {
- g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (anchor),
- &anchors, &anchors_length);
- }
- else
- {
- anchors = NULL;
- anchors_length = 0;
- }
-
- gerr = gnutls_x509_crt_list_verify (certs, certs_length,
- anchors, anchors_length,
- NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
- &gnutls_result);
-
- g_free (certs);
- g_free (anchors);
-
- if (gerr != 0)
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- else if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
-
- /*
- * We have to check these ourselves since gnutls_x509_crt_list_verify
- * won't bother if it gets an UNKNOWN_CA.
- */
- result |= double_check_before_after_dates (G_TLS_CERTIFICATE_GNUTLS (chain));
-
- if (identity)
- result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain),
- identity);
-
- return result;
-}
-
static void
g_tls_database_gnutls_pkcs11_class_init (GTlsDatabaseGnutlsPkcs11Class *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+ GTlsDatabaseGnutlsClass *gnutls_class = G_TLS_DATABASE_GNUTLS_CLASS (klass);
g_type_class_add_private (klass, sizeof (GTlsDatabaseGnutlsPkcs11Private));
database_class->lookup_certificate_issuer = g_tls_database_gnutls_pkcs11_lookup_certificate_issuer;
database_class->lookup_certificates_issued_by = g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by;
database_class->lookup_certificate_for_handle = g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle;
- database_class->verify_chain = g_tls_database_gnutls_pkcs11_verify_chain;
+ gnutls_class->lookup_assertion = g_tls_database_gnutls_pkcs11_lookup_assertion;
}
static gboolean
iface->init = g_tls_database_gnutls_pkcs11_initable_init;
}
-GTlsDatabase *
+GTlsDatabase*
g_tls_database_gnutls_pkcs11_new (GError **error)
{
g_return_val_if_fail (!error || !*error, NULL);
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include "config.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
#include "gtlsdatabase-gnutls.h"
+#include "gtlscertificate-gnutls.h"
+
+#include <glib/gi18n-lib.h>
+
G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G_TYPE_TLS_DATABASE);
+enum {
+ STATUS_FAILURE,
+ STATUS_INCOMPLETE,
+ STATUS_SELFSIGNED,
+ STATUS_PINNED,
+ STATUS_ANCHORED,
+};
+
static void
g_tls_database_gnutls_init (GTlsDatabaseGnutls *self)
{
+
+}
+
+static gboolean
+is_self_signed (GTlsCertificateGnutls *certificate)
+{
+ const gnutls_x509_crt_t cert = g_tls_certificate_gnutls_get_cert (certificate);
+ return (gnutls_x509_crt_check_issuer (cert, cert) > 0);
+}
+
+static gint
+build_certificate_chain (GTlsDatabaseGnutls *self,
+ GTlsCertificateGnutls *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GTlsCertificateGnutls **anchor,
+ GError **error)
+{
+
+ GTlsCertificateGnutls *certificate;
+ GTlsCertificateGnutls *previous;
+ GTlsCertificate *issuer;
+ gboolean certificate_is_from_db;
+
+ g_assert (anchor);
+ g_assert (chain);
+ g_assert (purpose);
+ g_assert (error);
+ g_assert (!*error);
+
+ /*
+ * Remember that the first certificate never changes in the chain.
+ * When we find a self-signed, pinned or anchored certificate, all
+ * issuers are truncated from the chain.
+ */
+
+ *anchor = NULL;
+ previous = NULL;
+ certificate = chain;
+ certificate_is_from_db = FALSE;
+
+ /* First check for pinned certificate */
+ if (g_tls_database_gnutls_lookup_assertion (self, certificate,
+ G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE,
+ purpose, identity, cancellable, error))
+ {
+ g_tls_certificate_gnutls_set_issuer (certificate, NULL);
+ return STATUS_PINNED;
+ }
+ else if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+
+ for (;;)
+ {
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return STATUS_FAILURE;
+
+ /* Look up whether this certificate is an anchor */
+ if (g_tls_database_gnutls_lookup_assertion (self, certificate,
+ G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE,
+ purpose, identity, cancellable, error))
+ {
+ g_tls_certificate_gnutls_set_issuer (certificate, NULL);
+ *anchor = certificate;
+ return STATUS_ANCHORED;
+ }
+ else if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+
+ /* Is it self-signed? */
+ if (is_self_signed (certificate))
+ {
+ /*
+ * Since at this point we would fail with 'self-signed', can we replace
+ * this certificate with one from the database and do better?
+ */
+ if (previous && !certificate_is_from_db)
+ {
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
+ G_TLS_CERTIFICATE (previous),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+ else if (issuer)
+ {
+ /* Replaced with certificate in the db, restart step again with this certificate */
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ g_tls_certificate_gnutls_set_issuer (previous, G_TLS_CERTIFICATE_GNUTLS (issuer));
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ certificate_is_from_db = TRUE;
+ continue;
+ }
+ }
+
+ g_tls_certificate_gnutls_set_issuer (certificate, NULL);
+ return STATUS_SELFSIGNED;
+ }
+
+ previous = certificate;
+
+ /* Bring over the next certificate in the chain */
+ issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
+ if (issuer)
+ {
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ certificate_is_from_db = FALSE;
+ }
+
+ /* Search for the next certificate in chain */
+ else
+ {
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
+ G_TLS_CERTIFICATE (certificate),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ return STATUS_FAILURE;
+ else if (!issuer)
+ return STATUS_INCOMPLETE;
+
+ /* Found a certificate in chain, use for next step */
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer));
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ certificate_is_from_db = TRUE;
+ g_object_unref (issuer);
+ }
+ }
+
+ g_assert_not_reached ();
+}
+
+static GTlsCertificateFlags
+double_check_before_after_dates (GTlsCertificateGnutls *chain)
+{
+ GTlsCertificateFlags gtls_flags = 0;
+ gnutls_x509_crt_t cert;
+ time_t t, now;
+
+ now = time (NULL);
+ while (chain)
+ {
+ cert = g_tls_certificate_gnutls_get_cert (chain);
+ t = gnutls_x509_crt_get_activation_time (cert);
+ if (t == (time_t) -1 || t > now)
+ gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
+
+ t = gnutls_x509_crt_get_expiration_time (cert);
+ if (t == (time_t) -1 || t < now)
+ gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
+
+ chain = G_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_get_issuer
+ (G_TLS_CERTIFICATE (chain)));
+ }
+
+ return gtls_flags;
+}
+
+static void
+convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
+ gnutls_x509_crt_t **gnutls_chain,
+ guint *gnutls_chain_length)
+{
+ GTlsCertificate *cert;
+ guint i;
+
+ g_assert (gnutls_chain);
+ g_assert (gnutls_chain_length);
+
+ for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
+ cert; cert = g_tls_certificate_get_issuer (cert))
+ ++(*gnutls_chain_length);
+
+ *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
+
+ for (i = 0, cert = G_TLS_CERTIFICATE (chain);
+ cert; cert = g_tls_certificate_get_issuer (cert), ++i)
+ (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
+
+ g_assert (i == *gnutls_chain_length);
+}
+
+static GTlsCertificateFlags
+g_tls_database_gnutls_verify_chain (GTlsDatabase *database,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDatabaseGnutls *self;
+ GTlsCertificateFlags result;
+ GError *err = NULL;
+ GTlsCertificateGnutls *anchor;
+ guint gnutls_result;
+ gnutls_x509_crt_t *certs, *anchors;
+ guint certs_length, anchors_length;
+ gint status, gerr;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
+ G_TLS_CERTIFICATE_GENERIC_ERROR);
+
+ self = G_TLS_DATABASE_GNUTLS (database);
+ anchor = NULL;
+
+ status = build_certificate_chain (self, G_TLS_CERTIFICATE_GNUTLS (chain), purpose,
+ identity, interaction, flags, cancellable, &anchor, &err);
+ if (status == STATUS_FAILURE)
+ {
+ g_propagate_error (error, err);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ /*
+ * A pinned certificate is verified on its own, without any further
+ * verification.
+ */
+ if (status == STATUS_PINNED)
+ return 0;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
+ &certs, &certs_length);
+
+ if (anchor)
+ {
+ g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
+ convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (anchor),
+ &anchors, &anchors_length);
+ }
+ else
+ {
+ anchors = NULL;
+ anchors_length = 0;
+ }
+
+ gerr = gnutls_x509_crt_list_verify (certs, certs_length,
+ anchors, anchors_length,
+ NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &gnutls_result);
+
+ g_free (certs);
+ g_free (anchors);
+
+ if (gerr != 0)
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ else if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
+
+ /*
+ * We have to check these ourselves since gnutls_x509_crt_list_verify
+ * won't bother if it gets an UNKNOWN_CA.
+ */
+ result |= double_check_before_after_dates (G_TLS_CERTIFICATE_GNUTLS (chain));
+
+ if (identity)
+ result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain),
+ identity);
+
+ return result;
}
static void
g_tls_database_gnutls_class_init (GTlsDatabaseGnutlsClass *klass)
{
+ GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+ database_class->verify_chain = g_tls_database_gnutls_verify_chain;
+}
+
+gboolean
+g_tls_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *self,
+ GTlsCertificateGnutls *certificate,
+ GTlsDatabaseGnutlsAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error)
+{
+ g_return_val_if_fail (G_IS_TLS_DATABASE_GNUTLS (self), FALSE);
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), FALSE);
+ g_return_val_if_fail (purpose, FALSE);
+ g_return_val_if_fail (!identity || G_IS_SOCKET_CONNECTABLE (identity), FALSE);
+ g_return_val_if_fail (!cancellable || G_IS_CANCELLABLE (cancellable), FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+ g_return_val_if_fail (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->lookup_assertion, FALSE);
+ return G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->lookup_assertion (self,
+ certificate,
+ assertion,
+ purpose,
+ identity,
+ cancellable,
+ error);
}
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
struct _GTlsDatabaseGnutlsClass
{
GTlsDatabaseClass parent_class;
+
+ gboolean (*lookup_assertion) (GTlsDatabaseGnutls *self,
+ GTlsCertificateGnutls *certificate,
+ GTlsDatabaseGnutlsAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error);
};
struct _GTlsDatabaseGnutls
{
GTlsDatabase parent_instance;
+ GTlsDatabaseGnutlsPrivate *priv;
};
GType g_tls_database_gnutls_get_type (void) G_GNUC_CONST;
+gboolean g_tls_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *self,
+ GTlsCertificateGnutls *certificate,
+ GTlsDatabaseGnutlsAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error);
+
G_END_DECLS
#endif /* __G_TLS_DATABASE_GNUTLS_H___ */
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <glib/gi18n-lib.h>
#include <gnutls/x509.h>
-#include "gtlscertificate-gnutls.h"
-
static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface);
static void g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface);
g_tls_file_database_gnutls_file_database_interface_init);
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_tls_file_database_gnutls_initable_interface_init);
- );
+);
enum
{
{
/* read-only after construct */
gchar *anchor_filename;
- gnutls_x509_trust_list_t trust_list;
/* protected by mutex */
GMutex mutex;
{
GPtrArray *multi;
GList *list = NULL;
- guint i;
+ gint i;
multi = g_hash_table_lookup (table, key);
if (multi == NULL)
}
static gboolean
-load_anchor_file (const gchar *filename,
- GHashTable *subjects,
- GHashTable *issuers,
- GHashTable *complete,
- GError **error)
+load_anchor_file (const gchar *filename,
+ GHashTable *subjects,
+ GHashTable *issuers,
+ GHashTable *complete,
+ GError **error)
{
GList *list, *l;
gnutls_x509_crt_t cert;
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object);
- g_clear_pointer (&self->priv->subjects, g_hash_table_destroy);
- g_clear_pointer (&self->priv->issuers, g_hash_table_destroy);
- g_clear_pointer (&self->priv->complete, g_hash_table_destroy);
- g_clear_pointer (&self->priv->handles, g_hash_table_destroy);
- if (self->priv->anchor_filename)
- {
- g_free (self->priv->anchor_filename);
- gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
- }
+ if (self->priv->subjects)
+ g_hash_table_destroy (self->priv->subjects);
+ self->priv->subjects = NULL;
+
+ if (self->priv->issuers)
+ g_hash_table_destroy (self->priv->issuers);
+ self->priv->issuers = NULL;
+
+ if (self->priv->complete)
+ g_hash_table_destroy (self->priv->complete);
+ self->priv->complete = NULL;
+
+ if (self->priv->handles)
+ g_hash_table_destroy (self->priv->handles);
+ self->priv->handles = NULL;
+
+ g_free (self->priv->anchor_filename);
+ self->priv->anchor_filename = NULL;
+
g_mutex_clear (&self->priv->mutex);
G_OBJECT_CLASS (g_tls_file_database_gnutls_parent_class)->finalize (object);
GParamSpec *pspec)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object);
- const char *anchor_path;
+ gchar *anchor_path;
switch (prop_id)
{
case PROP_ANCHORS:
- anchor_path = g_value_get_string (value);
+ anchor_path = g_value_dup_string (value);
if (anchor_path && !g_path_is_absolute (anchor_path))
- {
- g_warning ("The anchor file name used with a GTlsFileDatabase "
- "must be an absolute path, and not relative: %s", anchor_path);
- return;
- }
-
- if (self->priv->anchor_filename)
- {
- g_free (self->priv->anchor_filename);
- gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
- }
- self->priv->anchor_filename = g_strdup (anchor_path);
- gnutls_x509_trust_list_init (&self->priv->trust_list, 0);
- gnutls_x509_trust_list_add_trust_file (self->priv->trust_list,
- anchor_path, NULL,
- GNUTLS_X509_FMT_PEM, 0, 0);
+ {
+ g_warning ("The anchor file name for used with a GTlsFileDatabase "
+ "must be an absolute path, and not relative: %s", anchor_path);
+ }
+ else
+ {
+ self->priv->anchor_filename = anchor_path;
+ }
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
g_mutex_init (&self->priv->mutex);
}
-static gchar *
-g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase *database,
- GTlsCertificate *certificate)
+static gchar*
+g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase *database,
+ GTlsCertificate *certificate)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
GBytes *der;
return handle;
}
-static GTlsCertificate *
-g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase *database,
- const gchar *handle,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate*
+g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase *database,
+ const gchar *handle,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
GTlsCertificate *cert;
return cert;
}
-static GTlsCertificate *
-g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase *database,
- GTlsCertificate *certificate,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static gboolean
+g_tls_file_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *database,
+ GTlsCertificateGnutls *certificate,
+ GTlsDatabaseGnutlsAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
+ GBytes *der = NULL;
+ gboolean contains;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ /* We only have anchored certificate assertions here */
+ if (assertion != G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE)
+ return FALSE;
+
+ /*
+ * TODO: We should be parsing any Extended Key Usage attributes and
+ * comparing them to the purpose.
+ */
+
+ der = g_tls_certificate_gnutls_get_bytes (certificate);
+
+ g_mutex_lock (&self->priv->mutex);
+ contains = g_hash_table_lookup (self->priv->complete, der) ? TRUE : FALSE;
+ g_mutex_unlock (&self->priv->mutex);
+
+ g_bytes_unref (der);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ /* All certificates in our file are anchored certificates */
+ return contains;
+}
+
+static GTlsCertificate*
+g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase *database,
+ GTlsCertificate *certificate,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
gnutls_datum_t dn = { NULL, 0 };
return issuer;
}
-static GList *
-g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase *database,
- GByteArray *issuer_raw_dn,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GList*
+g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase *database,
+ GByteArray *issuer_raw_dn,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
GBytes *issuer;
}
static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
- gnutls_x509_crt_t **gnutls_chain,
- guint *gnutls_chain_length)
-{
- GTlsCertificate *cert;
- guint i;
-
- g_assert (gnutls_chain);
- g_assert (gnutls_chain_length);
-
- for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert))
- ++(*gnutls_chain_length);
-
- *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
-
- for (i = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert), ++i)
- (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
-
- g_assert (i == *gnutls_chain_length);
-}
-
-static GTlsCertificateFlags
-g_tls_file_database_gnutls_verify_chain (GTlsDatabase *database,
- GTlsCertificate *chain,
- const gchar *purpose,
- GSocketConnectable *identity,
- GTlsInteraction *interaction,
- GTlsDatabaseVerifyFlags flags,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsFileDatabaseGnutls *self;
- GTlsCertificateFlags result;
- guint gnutls_result;
- gnutls_x509_crt_t *certs;
- guint certs_length;
- const char *hostname = NULL;
- char *free_hostname = NULL;
- int gerr;
-
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
- G_TLS_CERTIFICATE_GENERIC_ERROR);
- g_assert (purpose);
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- self = G_TLS_FILE_DATABASE_GNUTLS (database);
-
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
- &certs, &certs_length);
- gerr = gnutls_x509_trust_list_verify_crt (self->priv->trust_list,
- certs, certs_length,
- 0, &gnutls_result, NULL);
-
- if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
- {
- g_free (certs);
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- }
-
- result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
-
- if (G_IS_NETWORK_ADDRESS (identity))
- hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
- else if (G_IS_NETWORK_SERVICE (identity))
- hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
- else if (G_IS_INET_SOCKET_ADDRESS (identity))
- {
- GInetAddress *addr;
-
- addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
- hostname = free_hostname = g_inet_address_to_string (addr);
- }
- if (hostname)
- {
- if (!gnutls_x509_crt_check_hostname (certs[0], hostname))
- result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
- g_free (free_hostname);
- }
-
- g_free (certs);
- return result;
-}
-
-static void
g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+ GTlsDatabaseGnutlsClass *gnutls_class = G_TLS_DATABASE_GNUTLS_CLASS (klass);
g_type_class_add_private (klass, sizeof (GTlsFileDatabaseGnutlsPrivate));
database_class->lookup_certificate_for_handle = g_tls_file_database_gnutls_lookup_certificate_for_handle;
database_class->lookup_certificate_issuer = g_tls_file_database_gnutls_lookup_certificate_issuer;
database_class->lookup_certificates_issued_by = g_tls_file_database_gnutls_lookup_certificates_issued_by;
- database_class->verify_chain = g_tls_file_database_gnutls_verify_chain;
+ gnutls_class->lookup_assertion = g_tls_file_database_gnutls_lookup_assertion;
g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
}
}
static gboolean
-g_tls_file_database_gnutls_initable_init (GInitable *initable,
- GCancellable *cancellable,
- GError **error)
+g_tls_file_database_gnutls_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (initable);
GHashTable *subjects, *issuers, *complete;
(GDestroyNotify)g_bytes_unref,
(GDestroyNotify)g_bytes_unref);
- if (self->priv->anchor_filename)
- result = load_anchor_file (self->priv->anchor_filename, subjects, issuers,
- complete, error);
- else
- result = TRUE;
+ result = load_anchor_file (self->priv->anchor_filename, subjects, issuers,
+ complete, error);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
result = FALSE;
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
struct _GTlsInputStreamGnutlsPrivate
{
- GWeakRef weak_conn;
+ GTlsConnectionGnutls *conn;
};
static void
{
GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
- g_weak_ref_set (&stream->priv->weak_conn, NULL);
+ if (stream->priv->conn)
+ {
+ g_object_remove_weak_pointer (G_OBJECT (stream->priv->conn),
+ (gpointer *)&stream->priv->conn);
+ stream->priv->conn = NULL;
+ }
G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->dispose (object);
}
-static void
-g_tls_input_stream_gnutls_finalize (GObject *object)
-{
- GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
-
- g_weak_ref_clear (&stream->priv->weak_conn);
-
- G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->finalize (object);
-}
-
static gssize
g_tls_input_stream_gnutls_read (GInputStream *stream,
void *buffer,
GError **error)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
- GTlsConnectionGnutls *conn;
- gssize ret;
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, -1);
+ g_return_val_if_fail (tls_stream->priv->conn != NULL, -1);
- ret = g_tls_connection_gnutls_read (conn,
- buffer, count, TRUE,
- cancellable, error);
- g_object_unref (conn);
- return ret;
+ return g_tls_connection_gnutls_read (tls_stream->priv->conn,
+ buffer, count, TRUE,
+ cancellable, error);
}
static gboolean
g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gboolean ret;
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, FALSE);
+ g_return_val_if_fail (tls_stream->priv->conn != NULL, FALSE);
- ret = g_tls_connection_gnutls_check (conn, G_IO_IN);
-
- g_object_unref (conn);
- return ret;
+ return g_tls_connection_gnutls_check (tls_stream->priv->conn, G_IO_IN);
}
static GSource *
GCancellable *cancellable)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- GSource *ret;
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, NULL);
+ g_return_val_if_fail (tls_stream->priv->conn != NULL, NULL);
- ret = g_tls_connection_gnutls_create_source (conn, G_IO_IN, cancellable);
- g_object_unref (conn);
- return ret;
+ return g_tls_connection_gnutls_create_source (tls_stream->priv->conn,
+ G_IO_IN,
+ cancellable);
}
static gssize
GError **error)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, -1);
-
- ret = g_tls_connection_gnutls_read (conn, buffer, size, FALSE, NULL, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_input_stream_gnutls_close (GInputStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
- GIOStream *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- /* Special case here because this is called by the finalize
- * of the main GTlsConnection object.
- */
- if (conn == NULL)
- return TRUE;
-
- ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_READ,
- cancellable, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
-static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsInputStreamGnutls *tls_stream = object;
- GError *error = NULL;
- GIOStream *conn;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- if (conn && !g_tls_connection_gnutls_close_internal (conn,
- G_TLS_DIRECTION_READ,
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-
- if (conn)
- g_object_unref (conn);
-}
-
-
-static void
-g_tls_input_stream_gnutls_close_async (GInputStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_input_stream_gnutls_close_async);
- g_task_set_priority (task, io_priority);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static gboolean
-g_tls_input_stream_gnutls_close_finish (GInputStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
- g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
- g_tls_input_stream_gnutls_close_async, FALSE);
- return g_task_propagate_boolean (G_TASK (result), error);
+ return g_tls_connection_gnutls_read (tls_stream->priv->conn,
+ buffer, size, FALSE,
+ NULL, error);
}
static void
g_type_class_add_private (klass, sizeof (GTlsInputStreamGnutlsPrivate));
gobject_class->dispose = g_tls_input_stream_gnutls_dispose;
- gobject_class->finalize = g_tls_input_stream_gnutls_finalize;
input_stream_class->read_fn = g_tls_input_stream_gnutls_read;
- input_stream_class->close_fn = g_tls_input_stream_gnutls_close;
- input_stream_class->close_async = g_tls_input_stream_gnutls_close_async;
- input_stream_class->close_finish = g_tls_input_stream_gnutls_close_finish;
}
static void
GTlsInputStreamGnutls *tls_stream;
tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_GNUTLS, NULL);
- g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+ tls_stream->priv->conn = conn;
+ g_object_add_weak_pointer (G_OBJECT (conn),
+ (gpointer *)&tls_stream->priv->conn);
return G_INPUT_STREAM (tls_stream);
}
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_INPUT_STREAM_GNUTLS_H__
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
struct _GTlsOutputStreamGnutlsPrivate
{
- GWeakRef weak_conn;
+ GTlsConnectionGnutls *conn;
};
static void
{
GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
- g_weak_ref_set (&stream->priv->weak_conn, NULL);
+ if (stream->priv->conn)
+ {
+ g_object_remove_weak_pointer (G_OBJECT (stream->priv->conn),
+ (gpointer *)&stream->priv->conn);
+ stream->priv->conn = NULL;
+ }
G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->dispose (object);
}
-static void
-g_tls_output_stream_gnutls_finalize (GObject *object)
-{
- GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
-
- g_weak_ref_clear (&stream->priv->weak_conn);
-
- G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->finalize (object);
-}
-
static gssize
g_tls_output_stream_gnutls_write (GOutputStream *stream,
const void *buffer,
GError **error)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
- GTlsConnectionGnutls *conn;
- gssize ret;
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, -1);
+ g_return_val_if_fail (tls_stream->priv->conn != NULL, -1);
- ret = g_tls_connection_gnutls_write (conn, buffer, count, TRUE,
- cancellable, error);
- g_object_unref (conn);
- return ret;
+ return g_tls_connection_gnutls_write (tls_stream->priv->conn,
+ buffer, count, TRUE,
+ cancellable, error);
}
static gboolean
g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, FALSE);
- ret = g_tls_connection_gnutls_check (conn, G_IO_OUT);
+ g_return_val_if_fail (tls_stream->priv->conn != NULL, FALSE);
- g_object_unref (conn);
-
- return ret;
+ return g_tls_connection_gnutls_check (tls_stream->priv->conn, G_IO_OUT);
}
static GSource *
GCancellable *cancellable)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- GSource *ret;
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, NULL);
+ g_return_val_if_fail (tls_stream->priv->conn != NULL, NULL);
- ret = g_tls_connection_gnutls_create_source (conn,
- G_IO_OUT,
- cancellable);
- g_object_unref (conn);
- return ret;
+ return g_tls_connection_gnutls_create_source (tls_stream->priv->conn,
+ G_IO_OUT,
+ cancellable);
}
static gssize
GError **error)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, -1);
-
- ret = g_tls_connection_gnutls_write (conn, buffer, size, FALSE, NULL, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_output_stream_gnutls_close (GOutputStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
- GIOStream *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- /* Special case here because this is called by the finalize
- * of the main GTlsConnection object.
- */
- if (conn == NULL)
- return TRUE;
-
- ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_WRITE,
- cancellable, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
-static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsOutputStreamGnutls *tls_stream = object;
- GError *error = NULL;
- GIOStream *conn;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- if (conn && !g_tls_connection_gnutls_close_internal (conn,
- G_TLS_DIRECTION_WRITE,
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-
- if (conn)
- g_object_unref (conn);
-}
-
-
-static void
-g_tls_output_stream_gnutls_close_async (GOutputStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_output_stream_gnutls_close_async);
- g_task_set_priority (task, io_priority);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static gboolean
-g_tls_output_stream_gnutls_close_finish (GOutputStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
- g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
- g_tls_output_stream_gnutls_close_async, FALSE);
- return g_task_propagate_boolean (G_TASK (result), error);
+ return g_tls_connection_gnutls_write (tls_stream->priv->conn,
+ buffer, size, FALSE,
+ NULL, error);
}
static void
g_type_class_add_private (klass, sizeof (GTlsOutputStreamGnutlsPrivate));
gobject_class->dispose = g_tls_output_stream_gnutls_dispose;
- gobject_class->finalize = g_tls_output_stream_gnutls_finalize;
output_stream_class->write_fn = g_tls_output_stream_gnutls_write;
- output_stream_class->close_fn = g_tls_output_stream_gnutls_close;
- output_stream_class->close_async = g_tls_output_stream_gnutls_close_async;
- output_stream_class->close_finish = g_tls_output_stream_gnutls_close_finish;
}
static void
GTlsOutputStreamGnutls *tls_stream;
tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, NULL);
- g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+ tls_stream->priv->conn = conn;
+ g_object_add_weak_pointer (G_OBJECT (conn),
+ (gpointer *)&tls_stream->priv->conn);
return G_OUTPUT_STREAM (tls_stream);
}
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_OUTPUT_STREAM_GNUTLS_H__
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls)
{
gnutls_certificate_credentials_t creds;
+ gnutls_session_t session;
gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsPrivate);
creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
gnutls_certificate_set_retrieve_function (creds, g_tls_server_connection_gnutls_retrieve_function);
+
+ session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
+ gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
+ gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
+ gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove);
}
static gboolean
GCancellable *cancellable,
GError **error)
{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
GTlsCertificate *cert;
- gnutls_session_t session;
if (!g_tls_server_connection_gnutls_parent_initable_iface->
init (initable, cancellable, error))
return FALSE;
- session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
- gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
- gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove);
-
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert)))
{
case G_TLS_AUTHENTICATION_REQUIRED:
req_mode = GNUTLS_CERT_REQUIRE;
break;
- case G_TLS_AUTHENTICATION_NONE:
default:
req_mode = GNUTLS_CERT_IGNORE;
break;
* your option) any later version.
*
* See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_SERVER_CONNECTION_GNUTLS_H__
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* WITHOUT ANY WARRANTY, to the extent permitted by law; without even
* the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
/*
include $(top_srcdir)/glib-networking.mk
AM_CPPFLAGS += \
- $(GNUTLS_CFLAGS) \
-I$(top_srcdir)/tls \
-I$(top_builddir)/tls \
-DSRCDIR=\""$(abs_srcdir)"\" \
-DTOP_BUILDDIR=\""$(top_builddir)"\"
LDADD = \
- $(GLIB_LIBS) \
- $(GNUTLS_LIBS)
+ $(GLIB_LIBS)
test_programs = \
certificate \
connection \
$(NULL)
-connection_SOURCES = connection.c \
- mock-interaction.c mock-interaction.h
-
if HAVE_PKCS11
test_programs += \
pkcs11-slot
AM_CPPFLAGS += \
- $(PKCS11_CFLAGS)
+ $(PKCS11_CFLAGS) \
+ $(GNUTLS_CFLAGS)
LDADD += $(top_builddir)/tls/pkcs11/libgiopkcs11.la $(PKCS11_LIBS)
endif
-testfiles_data = \
- files/ca.pem \
- files/ca-alternative.pem \
- files/ca-key.pem \
- files/ca-roots.pem \
- files/ca-roots-bad.pem \
- files/ca-verisign-sha1.pem \
- files/chain.pem \
- files/chain-with-verisign-md2.pem \
- files/client-and-key.pem \
- files/client-future.pem \
- files/client-past.pem \
- files/client.pem \
- files/intermediate-ca.pem \
- files/non-ca.pem \
- files/server-and-key.pem \
- files/server.der \
- files/server-intermediate.pem \
- files/server-intermediate-key.pem \
- files/server-key.der \
- files/server-key.pem \
- files/server.pem \
- files/server-self.pem \
+EXTRA_DIST += \
+ files \
$(NULL)
-
-if ENABLE_INSTALLED_TESTS
-testfilesdir = $(installed_testdir)/files
-testfiles_DATA = $(testfiles_data)
-endif
-
-EXTRA_DIST += $(testfiles_data)
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <sys/types.h>
#include <string.h>
-static const gchar *
-tls_test_file_path (const char *name)
-{
- const gchar *const_path;
- gchar *path;
-
- path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
- if (!g_path_is_absolute (path))
- {
- gchar *cwd, *abs;
-
- cwd = g_get_current_dir ();
- abs = g_build_filename (cwd, path, NULL);
- g_free (cwd);
- g_free (path);
- path = abs;
- }
-
- const_path = g_intern_string (path);
- g_free (path);
- return const_path;
-}
+#define TEST_FILE(name) (SRCDIR "/files/" name)
typedef struct {
GTlsBackend *backend;
test->backend = g_tls_backend_get_default ();
test->cert_gtype = g_tls_backend_get_certificate_type (test->backend);
- g_file_get_contents (tls_test_file_path ("server.pem"), &test->cert_pem,
+ g_file_get_contents (TEST_FILE ("server.pem"), &test->cert_pem,
&test->cert_pem_length, &error);
g_assert_no_error (error);
- g_file_get_contents (tls_test_file_path ("server.der"),
+ g_file_get_contents (TEST_FILE ("server.der"),
&contents, &length, &error);
g_assert_no_error (error);
g_byte_array_append (test->cert_der, (guint8 *)contents, length);
g_free (contents);
- g_file_get_contents (tls_test_file_path ("server-key.pem"), &test->key_pem,
+ g_file_get_contents (TEST_FILE ("server-key.pem"), &test->key_pem,
&test->key_pem_length, &error);
g_assert_no_error (error);
- g_file_get_contents (tls_test_file_path ("server-key.der"),
+ g_file_get_contents (TEST_FILE ("server-key.der"),
&contents, &length, &error);
g_assert_no_error (error);
GTlsCertificate *cert, *issuer, *check;
GError *error = NULL;
- issuer = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ issuer = g_tls_certificate_new_from_file (TEST_FILE ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (issuer));
g_assert (issuer == NULL);
}
-static void
-test_create_certificate_chain (void)
-{
- GTlsCertificate *cert, *intermediate, *root;
- GError *error = NULL;
-
- if (glib_check_version (2, 43, 0))
- {
- g_test_skip ("This test requires glib 2.43");
- return;
- }
-
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error);
- g_assert_no_error (error);
- g_assert (G_IS_TLS_CERTIFICATE (cert));
-
- intermediate = g_tls_certificate_get_issuer (cert);
- g_assert (G_IS_TLS_CERTIFICATE (intermediate));
-
- root = g_tls_certificate_get_issuer (intermediate);
- g_assert (G_IS_TLS_CERTIFICATE (root));
-
- g_assert (g_tls_certificate_get_issuer (root) == NULL);
-
- g_object_unref (cert);
-}
-
-static void
-test_create_certificate_no_chain (void)
-{
- GTlsCertificate *cert, *issuer;
- GError *error = NULL;
- gchar *cert_pem;
- gsize cert_pem_length;
-
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error);
- g_assert_no_error (error);
- g_assert (G_IS_TLS_CERTIFICATE (cert));
-
- issuer = g_tls_certificate_get_issuer (cert);
- g_assert (issuer == NULL);
- g_object_unref (cert);
-
- /* Truncate a valid chain certificate file. We should only get the
- * first certificate.
- */
- g_file_get_contents (tls_test_file_path ("chain.pem"), &cert_pem,
- &cert_pem_length, &error);
- g_assert_no_error (error);
-
- cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error);
- g_free (cert_pem);
- g_assert_no_error (error);
- g_assert (G_IS_TLS_CERTIFICATE (cert));
-
- issuer = g_tls_certificate_get_issuer (cert);
- g_assert (issuer == NULL);
- g_object_unref (cert);
-}
-
-static void
-test_create_list (void)
-{
- GList *list;
- GError *error = NULL;
-
- list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots.pem"), &error);
- g_assert_no_error (error);
- g_assert_cmpint (g_list_length (list), ==, 8);
-
- g_list_free_full (list, g_object_unref);
-}
-
-static void
-test_create_list_bad (void)
-{
- GList *list;
- GError *error = NULL;
-
- list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots-bad.pem"), &error);
- g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
- g_assert_null (list);
- g_error_free (error);
-}
-
/* -----------------------------------------------------------------------------
* CERTIFICATE VERIFY
*/
{
GError *error = NULL;
- test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ test->cert = g_tls_certificate_new_from_file (TEST_FILE ("server.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (test->cert));
test->identity = g_network_address_new ("server.example.com", 80);
- test->anchor = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ test->anchor = g_tls_certificate_new_from_file (TEST_FILE ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (test->anchor));
- test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ test->database = g_tls_file_database_new (TEST_FILE ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (test->database));
}
test_verify_certificate_good (TestVerify *test,
gconstpointer data)
{
- GSocketConnectable *identity;
- GSocketAddress *addr;
GTlsCertificateFlags errors;
errors = g_tls_certificate_verify (test->cert, test->identity, test->anchor);
errors = g_tls_certificate_verify (test->cert, NULL, test->anchor);
g_assert_cmpuint (errors, ==, 0);
-
- identity = g_network_address_new ("192.168.1.10", 80);
- errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
- g_assert_cmpuint (errors, ==, 0);
- g_object_unref (identity);
-
- addr = g_inet_socket_address_new_from_string ("192.168.1.10", 80);
- errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor);
- g_assert_cmpuint (errors, ==, 0);
- g_object_unref (addr);
}
static void
{
GSocketConnectable *identity;
GTlsCertificateFlags errors;
- GSocketAddress *addr;
identity = g_network_address_new ("other.example.com", 80);
- errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
- g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
- g_object_unref (identity);
- identity = g_network_address_new ("127.0.0.1", 80);
errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
- g_object_unref (identity);
- addr = g_inet_socket_address_new_from_string ("127.0.0.1", 80);
- errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor);
- g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
- g_object_unref (addr);
+ g_object_unref (identity);
}
static void
GError *error = NULL;
/* Use a client certificate as the CA, which is wrong */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client-future.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client-past.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GTlsCertificateFlags errors;
GError *error = NULL;
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client-past.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
/* Unrelated cert used as certificate authority */
- cacert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
+ cacert = g_tls_certificate_new_from_file (TEST_FILE ("server-self.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cacert));
GTlsCertificate *three;
GError *error = NULL;
- one = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
+ one = g_tls_certificate_new_from_file (TEST_FILE ("client.pem"), &error);
g_assert_no_error (error);
- two = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+ two = g_tls_certificate_new_from_file (TEST_FILE ("client-and-key.pem"), &error);
g_assert_no_error (error);
- three = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ three = g_tls_certificate_new_from_file (TEST_FILE ("server.pem"), &error);
g_assert_no_error (error);
g_assert (g_tls_certificate_is_same (one, two) == TRUE);
setup_certificate, test_create_with_key_der, teardown_certificate);
g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
- g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
- g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
- g_test_add_func ("/tls/certificate/create-list", test_create_list);
- g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad);
g_test_add ("/tls/certificate/verify-good", TestVerify, NULL,
setup_verify, test_verify_certificate_good, teardown_verify);
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
-#include "config.h"
-
-#include "mock-interaction.h"
-
#include <gio/gio.h>
-#include <gnutls/gnutls.h>
#include <sys/types.h>
#include <string.h>
-static const gchar *
-tls_test_file_path (const char *name)
-{
- const gchar *const_path;
- gchar *path;
-
- path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
- if (!g_path_is_absolute (path))
- {
- gchar *cwd, *abs;
-
- cwd = g_get_current_dir ();
- abs = g_build_filename (cwd, path, NULL);
- g_free (cwd);
- g_free (path);
- path = abs;
- }
-
- const_path = g_intern_string (path);
- g_free (path);
- return const_path;
-}
+#define TEST_FILE(name) (SRCDIR "/files/" name)
#define TEST_DATA "You win again, gravity!\n"
#define TEST_DATA_LENGTH 24
typedef struct {
- GMainContext *context;
GMainLoop *loop;
GSocketService *service;
GTlsDatabase *database;
GError *read_error;
gboolean expect_server_error;
GError *server_error;
- gboolean server_should_close;
- gboolean server_running;
- GTlsCertificate *server_certificate;
+ gboolean server_closed;
char buf[128];
gssize nread, nwrote;
static void
setup_connection (TestConnection *test, gconstpointer data)
{
- test->context = g_main_context_default ();
- test->loop = g_main_loop_new (test->context, FALSE);
+ GInetAddress *inet;
+ guint16 port;
+
+ test->loop = g_main_loop_new (NULL, FALSE);
+
test->auth_mode = G_TLS_AUTHENTICATION_NONE;
-}
-/* Waits about 10 seconds for @var to be NULL/FALSE */
-#define WAIT_UNTIL_UNSET(var) \
- if (var) \
- { \
- int i; \
- \
- for (i = 0; i < 13 && (var); i++) \
- { \
- g_usleep (1000 * (1 << i)); \
- g_main_context_iteration (NULL, FALSE); \
- } \
- \
- g_assert (!(var)); \
- }
+ /* This is where the server listens and the client connects */
+ port = g_random_int_range (50000, 65000);
+ inet = g_inet_address_new_from_string ("127.0.0.1");
+ test->address = G_SOCKET_ADDRESS (g_inet_socket_address_new (inet, port));
+ g_object_unref (inet);
+
+ /* The identity matches the server certificate */
+ test->identity = g_network_address_new ("server.example.com", port);
+}
static void
teardown_connection (TestConnection *test, gconstpointer data)
*/
g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)&test->service);
g_object_unref (test->service);
- WAIT_UNTIL_UNSET (test->service);
+ while (test->service)
+ g_main_context_iteration (NULL, FALSE);
}
if (test->server_connection)
{
- WAIT_UNTIL_UNSET (test->server_running);
+ while (!test->server_closed)
+ g_main_context_iteration (NULL, FALSE);
+ g_assert (G_IS_TLS_SERVER_CONNECTION (test->server_connection));
g_object_add_weak_pointer (G_OBJECT (test->server_connection),
(gpointer *)&test->server_connection);
g_object_unref (test->server_connection);
- WAIT_UNTIL_UNSET (test->server_connection);
+ while (test->server_connection)
+ g_main_context_iteration (NULL, FALSE);
}
if (test->client_connection)
{
+ g_assert (G_IS_TLS_CLIENT_CONNECTION (test->client_connection));
g_object_add_weak_pointer (G_OBJECT (test->client_connection),
(gpointer *)&test->client_connection);
g_object_unref (test->client_connection);
- WAIT_UNTIL_UNSET (test->client_connection);
+ while (test->client_connection)
+ g_main_context_iteration (NULL, FALSE);
}
if (test->database)
{
+ g_assert (G_IS_TLS_DATABASE (test->database));
g_object_add_weak_pointer (G_OBJECT (test->database),
(gpointer *)&test->database);
g_object_unref (test->database);
- WAIT_UNTIL_UNSET (test->database);
+ while (test->database)
+ g_main_context_iteration (NULL, FALSE);
}
- g_clear_object (&test->address);
- g_clear_object (&test->identity);
- g_clear_object (&test->server_certificate);
+ g_object_unref (test->address);
+ g_object_unref (test->identity);
g_main_loop_unref (test->loop);
g_clear_error (&test->read_error);
g_clear_error (&test->server_error);
}
-static void
-start_server (TestConnection *test)
-{
- GInetAddress *inet;
- GSocketAddress *addr;
- GInetSocketAddress *iaddr;
- GError *error = NULL;
-
- inet = g_inet_address_new_from_string ("127.0.0.1");
- addr = g_inet_socket_address_new (inet, 0);
- g_object_unref (inet);
-
- g_socket_listener_add_address (G_SOCKET_LISTENER (test->service), addr,
- G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
- NULL, &test->address, &error);
- g_assert_no_error (error);
-
- g_object_unref (addr);
-
- /* The hostname in test->identity matches the server certificate. */
- iaddr = G_INET_SOCKET_ADDRESS (test->address);
- test->identity = g_network_address_new ("server.example.com",
- g_inet_socket_address_get_port (iaddr));
-
- test->server_running = TRUE;
-}
-
static gboolean
on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
GTlsCertificateFlags errors, gpointer user_data)
g_assert (error != NULL);
else
g_assert_no_error (error);
- test->server_running = FALSE;
-}
-
-static void
-close_server_connection (TestConnection *test)
-{
- g_io_stream_close_async (test->server_connection, G_PRIORITY_DEFAULT, NULL,
- on_server_close_finish, test);
+ test->server_closed = TRUE;
}
static void
return;
}
- if (test->server_should_close)
- close_server_connection (test);
+ g_io_stream_close_async (test->server_connection, G_PRIORITY_DEFAULT, NULL,
+ on_server_close_finish, test);
}
static gboolean
GTlsCertificate *cert;
GError *error = NULL;
- if (test->server_certificate)
- {
- cert = g_object_ref (test->server_certificate);
- }
- else
- {
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
- g_assert_no_error (error);
- }
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
cert, &error);
stream = g_io_stream_get_output_stream (test->server_connection);
g_output_stream_write_async (stream, TEST_DATA,
- test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
+ test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
G_PRIORITY_DEFAULT, NULL,
on_output_write_finish, test);
return FALSE;
}
static void
-start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode,
- gboolean should_close)
+start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode)
{
+ GError *error = NULL;
+
test->service = g_socket_service_new ();
- start_server (test);
+ g_socket_listener_add_address (G_SOCKET_LISTENER (test->service),
+ G_SOCKET_ADDRESS (test->address),
+ G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
+ NULL, NULL, &error);
+ g_assert_no_error (error);
test->auth_mode = auth_mode;
g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
-
- test->server_should_close = should_close;
}
static GIOStream *
-start_async_server_and_connect_to_it (TestConnection *test,
- GTlsAuthenticationMode auth_mode,
- gboolean should_close)
+start_async_server_and_connect_to_it (TestConnection *test, GTlsAuthenticationMode auth_mode)
{
GSocketClient *client;
GError *error = NULL;
GSocketConnection *connection;
- start_async_server_service (test, auth_mode, should_close);
+ start_async_server_service (test, auth_mode);
client = g_socket_client_new ();
connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
gssize nread, nwrote, total;
gchar buf[128];
- if (test->server_certificate)
- {
- cert = g_object_ref (test->server_certificate);
- }
- else
- {
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
- g_assert_no_error (error);
- }
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
cert, &error);
g_io_stream_close (test->server_connection, NULL, &error);
g_assert_no_error (error);
- test->server_running = FALSE;
+ test->server_closed = TRUE;
}
static void
start_echo_server_service (TestConnection *test)
{
+ GError *error = NULL;
+
test->service = g_threaded_socket_service_new (5);
- start_server (test);
+ g_socket_listener_add_address (G_SOCKET_LISTENER (test->service),
+ G_SOCKET_ADDRESS (test->address),
+ G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
+ NULL, NULL, &error);
+ g_assert_no_error (error);
g_signal_connect (test->service, "run", G_CALLBACK (run_echo_server), test);
}
}
g_io_stream_close_async (test->client_connection, G_PRIORITY_DEFAULT,
- NULL, on_client_connection_close_finish, test);
+ NULL, on_client_connection_close_finish, test);
}
static void
GIOStream *connection;
GError *error = NULL;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
GIOStream *connection;
GError *error = NULL;
- test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ test->database = g_tls_file_database_new (TEST_FILE ("ca-roots.pem"), &error);
g_assert_no_error (error);
g_assert (test->database);
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
}
static void
-test_verified_chain (TestConnection *test,
- gconstpointer data)
-{
- GTlsBackend *backend;
- GTlsCertificate *server_cert;
- GTlsCertificate *intermediate_cert;
- char *cert_data = NULL;
- char *key_data = NULL;
- GError *error = NULL;
-
- backend = g_tls_backend_get_default ();
-
- /* Prepare the intermediate cert. */
- intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
- g_assert_no_error (error);
- g_assert (intermediate_cert);
-
- /* Prepare the server cert. */
- g_clear_pointer (&cert_data, g_free);
- g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
- &key_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (key_data);
-
- server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", intermediate_cert,
- "certificate-pem", cert_data,
- "private-key-pem", key_data,
- NULL);
- g_assert_no_error (error);
- g_assert (server_cert);
-
- g_object_unref (intermediate_cert);
- g_free (cert_data);
- g_free (key_data);
-
- test->server_certificate = server_cert;
- test_verified_connection (test, data);
-}
-
-static void
-test_verified_chain_with_redundant_root_cert (TestConnection *test,
- gconstpointer data)
-{
- GTlsBackend *backend;
- GTlsCertificate *server_cert;
- GTlsCertificate *intermediate_cert;
- GTlsCertificate *root_cert;
- char *cert_data = NULL;
- char *key_data = NULL;
- GError *error = NULL;
-
- backend = g_tls_backend_get_default ();
-
- /* The root is redundant. It should not hurt anything. */
- root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
- g_assert_no_error (error);
- g_assert (root_cert);
-
- /* Prepare the intermediate cert. */
- g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", root_cert,
- "certificate-pem", cert_data,
- NULL);
- g_assert_no_error (error);
- g_assert (intermediate_cert);
-
- /* Prepare the server cert. */
- g_clear_pointer (&cert_data, g_free);
- g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
- &key_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (key_data);
-
- server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", intermediate_cert,
- "certificate-pem", cert_data,
- "private-key-pem", key_data,
- NULL);
- g_assert_no_error (error);
- g_assert (server_cert);
-
- g_object_unref (intermediate_cert);
- g_object_unref (root_cert);
- g_free (cert_data);
- g_free (key_data);
-
- test->server_certificate = server_cert;
- test_verified_connection (test, data);
-}
-
-static void
-test_verified_chain_with_duplicate_server_cert (TestConnection *test,
- gconstpointer data)
-{
- /* This is another common server misconfiguration. Apache reads certificates
- * from two configuration files: one for the server cert, and one for the rest
- * of the chain. If the server cert is pasted into both files, it will be sent
- * twice. We should be tolerant of this. */
-
- GTlsBackend *backend;
- GTlsCertificate *server_cert;
- GTlsCertificate *extra_server_cert;
- GTlsCertificate *intermediate_cert;
- char *cert_data = NULL;
- char *key_data = NULL;
- GError *error = NULL;
-
- backend = g_tls_backend_get_default ();
-
- /* Prepare the intermediate cert. */
- intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
- g_assert_no_error (error);
- g_assert (intermediate_cert);
-
- /* Prepare the server cert. */
- g_clear_pointer (&cert_data, g_free);
- g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
- &key_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (key_data);
-
- server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", intermediate_cert,
- "certificate-pem", cert_data,
- NULL);
- g_assert_no_error (error);
- g_assert (server_cert);
-
- /* Prepare the server cert... again. Private key must go on this one. */
- extra_server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", server_cert,
- "certificate-pem", cert_data,
- "private-key-pem", key_data,
- NULL);
- g_assert_no_error (error);
- g_assert (extra_server_cert);
-
- g_object_unref (intermediate_cert);
- g_object_unref (server_cert);
- g_free (cert_data);
- g_free (key_data);
-
- test->server_certificate = extra_server_cert;
- test_verified_connection (test, data);
-}
-
-static void
-test_verified_unordered_chain (TestConnection *test,
- gconstpointer data)
-{
- GTlsBackend *backend;
- GTlsCertificate *server_cert;
- GTlsCertificate *intermediate_cert;
- GTlsCertificate *root_cert;
- char *cert_data = NULL;
- char *key_data = NULL;
- GError *error = NULL;
-
- backend = g_tls_backend_get_default ();
-
- /* Prepare the intermediate cert (to be sent last, out of order)! */
- intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"),
- &error);
- g_assert_no_error (error);
- g_assert (intermediate_cert);
-
- g_file_get_contents (tls_test_file_path ("ca.pem"), &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- /* Prepare the root cert (to be sent in the middle of the chain). */
- root_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", intermediate_cert,
- "certificate-pem", cert_data,
- NULL);
- g_assert_no_error (error);
- g_assert (root_cert);
-
- g_clear_pointer (&cert_data, g_free);
- g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
- &key_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (key_data);
-
- /* Prepare the server cert. */
- server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", root_cert,
- "certificate-pem", cert_data,
- "private-key-pem", key_data,
- NULL);
- g_assert_no_error (error);
- g_assert (server_cert);
-
- g_object_unref (intermediate_cert);
- g_object_unref (root_cert);
- g_free (cert_data);
- g_free (key_data);
-
- test->server_certificate = server_cert;
- test_verified_connection (test, data);
-}
-
-static void
-test_verified_chain_with_alternative_ca_cert (TestConnection *test,
- gconstpointer data)
-{
- GTlsBackend *backend;
- GTlsCertificate *server_cert;
- GTlsCertificate *intermediate_cert;
- GTlsCertificate *root_cert;
- char *cert_data = NULL;
- char *key_data = NULL;
- GError *error = NULL;
-
- backend = g_tls_backend_get_default ();
-
- /* This "root" cert is issued by a CA that is not in the trust store. So it's
- * not really a root, but it has the same public key as a cert in the trust
- * store. If the client insists on a traditional chain of trust, this will
- * fail, since the issuer is untrusted. */
- root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
- g_assert_no_error (error);
- g_assert (root_cert);
-
- /* Prepare the intermediate cert. Modern TLS libraries are expected to notice
- * that it is signed by the same public key as a certificate in the root
- * store, and accept the certificate, ignoring the untrusted "root" sent next
- * in the chain, which servers send for compatibility with clients that don't
- * have the new CA cert in the trust store yet. (In this scenario, the old
- * client still trusts the old CA cert.) */
- g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", root_cert,
- "certificate-pem", cert_data,
- NULL);
- g_assert_no_error (error);
- g_assert (intermediate_cert);
-
- /* Prepare the server cert. */
- g_clear_pointer (&cert_data, g_free);
- g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
- &key_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (key_data);
-
- server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", intermediate_cert,
- "certificate-pem", cert_data,
- "private-key-pem", key_data,
- NULL);
- g_assert_no_error (error);
- g_assert (server_cert);
-
- g_object_unref (intermediate_cert);
- g_object_unref (root_cert);
- g_free (cert_data);
- g_free (key_data);
-
- test->server_certificate = server_cert;
- test_verified_connection (test, data);
-}
-
-static void
-test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
- gconstpointer data)
-{
- GTlsBackend *backend;
- GTlsCertificate *server_cert;
- GTlsCertificate *root_cert;
- GIOStream *connection;
- char *cert_data = NULL;
- char *key_data = NULL;
- GError *error = NULL;
-
- backend = g_tls_backend_get_default ();
-
- /* This certificate has the same public key as a certificate in the root store. */
- root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
- g_assert_no_error (error);
- g_assert (root_cert);
-
- /* The intermediate cert is not sent. The chain should be rejected, since without intermediate.pem
- * there is no proof that ca-alternative.pem signed server-intermediate.pem. */
- g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
- &cert_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (cert_data);
-
- g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
- &key_data, NULL, &error);
- g_assert_no_error (error);
- g_assert (key_data);
-
- server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
- NULL, &error,
- "issuer", root_cert,
- "certificate-pem", cert_data,
- "private-key-pem", key_data,
- NULL);
- g_assert_no_error (error);
- g_assert (server_cert);
-
- g_object_unref (root_cert);
- g_free (cert_data);
- g_free (key_data);
-
- test->server_certificate = server_cert;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
- test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
- g_assert_no_error (error);
- g_assert (test->client_connection);
- g_object_unref (connection);
-
- g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
-
- /* Make sure this test doesn't expire. */
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED);
-
- read_test_data_async (test);
- g_main_loop_run (test->loop);
-
- g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
- g_assert_no_error (test->server_error);
-}
-
-static void
on_notify_accepted_cas (GObject *obj,
GParamSpec *spec,
gpointer user_data)
GTlsCertificate *peer;
gboolean cas_changed;
- test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ test->database = g_tls_file_database_new (TEST_FILE ("ca-roots.pem"), &error);
g_assert_no_error (error);
g_assert (test->database);
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client-and-key.pem"), &error);
g_assert_no_error (error);
g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
GError *error = NULL;
gboolean accepted_changed;
- test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ test->database = g_tls_file_database_new (TEST_FILE ("ca-roots.pem"), &error);
g_assert_no_error (error);
g_assert (test->database);
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
}
static void
-test_client_auth_request_cert (TestConnection *test,
- gconstpointer data)
-{
- GIOStream *connection;
- GError *error = NULL;
- GTlsCertificate *cert;
- GTlsCertificate *peer;
- GTlsInteraction *interaction;
- gboolean cas_changed;
-
- test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
- g_assert_no_error (error);
- g_assert (test->database);
-
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
- test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
- g_assert_no_error (error);
- g_assert (test->client_connection);
- g_object_unref (connection);
-
- g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
-
- /* Have the interaction return a certificate */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
- g_assert_no_error (error);
- interaction = mock_interaction_new_static_certificate (cert);
- g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
- g_object_unref (interaction);
-
- /* All validation in this test */
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- G_TLS_CERTIFICATE_VALIDATE_ALL);
-
- cas_changed = FALSE;
- g_signal_connect (test->client_connection, "notify::accepted-cas",
- G_CALLBACK (on_notify_accepted_cas), &cas_changed);
-
- read_test_data_async (test);
- g_main_loop_run (test->loop);
-
- g_assert_no_error (test->read_error);
- g_assert_no_error (test->server_error);
-
- peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
- g_assert (peer != NULL);
- g_assert (g_tls_certificate_is_same (peer, cert));
- g_assert (cas_changed == TRUE);
-
- g_object_unref (cert);
-}
-
-static void
-test_client_auth_request_fail (TestConnection *test,
- gconstpointer data)
-{
- GIOStream *connection;
- GError *error = NULL;
- GTlsInteraction *interaction;
-
- test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
- g_assert_no_error (error);
- g_assert (test->database);
-
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
- test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
- g_assert_no_error (error);
- g_assert (test->client_connection);
- g_object_unref (connection);
-
- g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
-
- /* Have the interaction return an error */
- interaction = mock_interaction_new_static_error (G_FILE_ERROR, G_FILE_ERROR_ACCES, "Request message");
- g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
- g_object_unref (interaction);
-
- /* All validation in this test */
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- G_TLS_CERTIFICATE_VALIDATE_ALL);
-
- read_test_data_async (test);
- g_main_loop_run (test->loop);
-
- g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
-
- g_io_stream_close (test->server_connection, NULL, NULL);
- g_io_stream_close (test->client_connection, NULL, NULL);
-}
-
-static void
test_connection_no_database (TestConnection *test,
gconstpointer data)
{
GIOStream *connection;
GError *error = NULL;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
GError *error = NULL;
GSocketConnectable *bad_addr;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
bad_addr = g_network_address_new ("wrong.example.com", 80);
test->client_connection = g_tls_client_connection_new (connection, bad_addr, &error);
GIOStream *base;
GError *error = NULL;
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE);
client = g_socket_client_new ();
g_socket_client_set_tls (client, TRUE);
flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
{
GSocketClient *client;
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE);
client = g_socket_client_new ();
g_socket_client_set_tls (client, TRUE);
/* this time we don't adjust the validation flags */
}
static void
-socket_client_timed_out_write (GObject *source,
- GAsyncResult *result,
- gpointer user_data)
-{
- TestConnection *test = user_data;
- GSocketConnection *connection;
- GInputStream *input_stream;
- GOutputStream *output_stream;
- GError *error = NULL;
- gchar buffer[TEST_DATA_LENGTH];
- gssize size;
-
- connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
- result, &error);
- g_assert_no_error (error);
- test->client_connection = G_IO_STREAM (connection);
-
- input_stream = g_io_stream_get_input_stream (test->client_connection);
- output_stream = g_io_stream_get_output_stream (test->client_connection);
-
- /* read TEST_DATA_LENGTH once */
- size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
- NULL, &error);
- g_assert_no_error (error);
- g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
-
- /* read TEST_DATA_LENGTH again to cause the time out */
- size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
- NULL, &error);
- g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
- g_assert_cmpint (size, ==, -1);
- g_clear_error (&error);
-
- /* write after a timeout, session should still be valid */
- size = g_output_stream_write (output_stream, TEST_DATA, TEST_DATA_LENGTH,
- NULL, &error);
- g_assert_no_error (error);
- g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
-
- g_main_loop_quit (test->loop);
-}
-
-static void
-test_connection_read_time_out_write (TestConnection *test,
- gconstpointer data)
-{
- GSocketClient *client;
- GTlsCertificateFlags flags;
- GSocketConnection *connection;
- GIOStream *base;
- GError *error = NULL;
-
- /* Don't close the server connection after writing TEST_DATA. */
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, FALSE);
- client = g_socket_client_new ();
- /* Set a 1 second time out on the socket */
- g_socket_client_set_timeout (client, 1);
- g_socket_client_set_tls (client, TRUE);
- flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
- /* test->address doesn't match the server's cert */
- flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY;
- g_socket_client_set_tls_validation_flags (client, flags);
-
- g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
- NULL, socket_client_timed_out_write, test);
-
- g_main_loop_run (test->loop);
-
- /* Close the server now */
- close_server_connection (test);
-
- connection = (GSocketConnection *)test->client_connection;
- test->client_connection = NULL;
-
- g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection));
- base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection));
- g_assert (G_IS_TLS_CONNECTION (base));
-
- g_io_stream_close (G_IO_STREAM (connection), NULL, &error);
- g_assert_no_error (error);
- g_object_unref (connection);
-
- g_object_unref (client);
-}
-
-static void
simul_async_read_complete (GObject *object,
GAsyncResult *result,
gpointer user_data)
g_assert_cmpstr (test->buf, ==, TEST_DATA);
}
-static gboolean
-check_gnutls_has_rehandshaking_bug (void)
-{
- const char *version = gnutls_check_version (NULL);
-
- return (!strcmp (version, "3.1.27") ||
- !strcmp (version, "3.1.28") ||
- !strcmp (version, "3.2.19") ||
- !strcmp (version, "3.3.8") ||
- !strcmp (version, "3.3.9") ||
- !strcmp (version, "3.3.10"));
-}
-
static void
test_simultaneous_async_rehandshake (TestConnection *test,
gconstpointer data)
{
- if (check_gnutls_has_rehandshaking_bug ())
- {
- g_test_skip ("test would fail due to gnutls bug 108690");
- return;
- }
-
test->rehandshake = TRUE;
test_simultaneous_async (test, data);
}
test_simultaneous_sync_rehandshake (TestConnection *test,
gconstpointer data)
{
- if (check_gnutls_has_rehandshaking_bug ())
- {
- g_test_skip ("test would fail due to gnutls bug 108690");
- return;
- }
-
test->rehandshake = TRUE;
test_simultaneous_sync (test, data);
}
GIOStream *connection;
GError *error = NULL;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
}
static void
-handshake_completed (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
-{
- gboolean *complete = user_data;
-
- *complete = TRUE;
- return;
-}
-
-static void
test_close_during_handshake (TestConnection *test,
gconstpointer data)
{
GError *error = NULL;
GMainContext *context;
GMainLoop *loop;
- gboolean handshake_complete = FALSE;
g_test_bug ("688751");
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
test->expect_server_error = TRUE;
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
context = g_main_context_new ();
g_main_context_push_thread_default (context);
g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
- G_PRIORITY_DEFAULT, NULL,
- handshake_completed, &handshake_complete);
+ G_PRIORITY_DEFAULT,
+ NULL, NULL, NULL);
g_main_context_pop_thread_default (context);
/* Now run the (default GMainContext) loop, which is needed for
/* We have to let the handshake_async() call finish now, or
* teardown_connection() will assert.
*/
- while (!handshake_complete)
- g_main_context_iteration (context, TRUE);
- g_main_context_unref (context);
-}
-
-static void
-test_output_stream_close_during_handshake (TestConnection *test,
- gconstpointer data)
-{
- GIOStream *connection;
- GError *error = NULL;
- GMainContext *context;
- GMainLoop *loop;
- gboolean handshake_complete = FALSE;
-
- g_test_bug ("688751");
-
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
- test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
- g_assert_no_error (error);
- g_object_unref (connection);
-
- loop = g_main_loop_new (NULL, FALSE);
- g_signal_connect (test->client_connection, "notify::accepted-cas",
- G_CALLBACK (quit_loop_on_notify), loop);
-
- context = g_main_context_new ();
- g_main_context_push_thread_default (context);
- g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
- G_PRIORITY_DEFAULT, NULL,
- handshake_completed, &handshake_complete);
- g_main_context_pop_thread_default (context);
-
- /* Now run the (default GMainContext) loop, which is needed for
- * the server side of things. The client-side handshake will run in
- * a thread, but its callback will never be invoked because its
- * context isn't running.
- */
- g_main_loop_run (loop);
- g_main_loop_unref (loop);
-
- /* At this point handshake_thread() has started (and maybe
- * finished), but handshake_thread_completed() (and thus
- * finish_handshake()) has not yet run. Make sure close doesn't
- * block.
- */
- g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), NULL, &error);
- g_assert_no_error (error);
-
- /* We have to let the handshake_async() call finish now, or
- * teardown_connection() will assert.
- */
- while (!handshake_complete)
- g_main_context_iteration (context, TRUE);
+ g_main_context_iteration (context, TRUE);
g_main_context_unref (context);
}
-
static void
test_write_during_handshake (TestConnection *test,
gconstpointer data)
GMainContext *context;
GMainLoop *loop;
GOutputStream *ostream;
- gboolean handshake_complete = FALSE;
g_test_bug ("697754");
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
context = g_main_context_new ();
g_main_context_push_thread_default (context);
g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
- G_PRIORITY_DEFAULT, NULL,
- handshake_completed, &handshake_complete);
+ G_PRIORITY_DEFAULT,
+ NULL, NULL, NULL);
g_main_context_pop_thread_default (context);
/* Now run the (default GMainContext) loop, which is needed for
/* We have to let the handshake_async() call finish now, or
* teardown_connection() will assert.
*/
- while (!handshake_complete)
- g_main_context_iteration (context, TRUE);
+ g_main_context_iteration (context, TRUE);
g_main_context_unref (context);
}
-static gboolean
-async_implicit_handshake_dispatch (GPollableInputStream *stream,
- gpointer user_data)
-{
- TestConnection *test = user_data;
- GError *error = NULL;
- gchar buffer[TEST_DATA_LENGTH];
- gssize size;
- gboolean keep_running;
-
- size = g_pollable_input_stream_read_nonblocking (stream, buffer,
- TEST_DATA_LENGTH,
- NULL, &error);
-
- keep_running = (-1 == size);
-
- if (keep_running)
- {
- g_assert_error (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK);
- g_error_free (error);
- }
- else
- {
- g_assert_no_error (error);
- g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
- g_main_loop_quit (test->loop);
- }
-
- return keep_running;
-}
-
-static void
-test_async_implicit_handshake (TestConnection *test, gconstpointer data)
-{
- GTlsCertificateFlags flags;
- GIOStream *stream;
- GInputStream *input_stream;
- GSource *input_source;
- GError *error = NULL;
-
- g_test_bug ("710691");
-
- stream = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
- test->client_connection = g_tls_client_connection_new (stream, test->identity, &error);
- g_assert_no_error (error);
- g_object_unref (stream);
-
- flags = G_TLS_CERTIFICATE_VALIDATE_ALL &
- ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY);
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- flags);
-
- /**
- * Create a source from the client's input stream. The dispatch
- * callback will be called a first time, which will perform a
- * non-blocking read triggering the asynchronous implicit
- * handshaking.
- */
- input_stream = g_io_stream_get_input_stream (test->client_connection);
- input_source =
- g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (input_stream),
- NULL);
-
- g_source_set_callback (input_source,
- (GSourceFunc) async_implicit_handshake_dispatch,
- test, NULL);
-
- g_source_attach (input_source, NULL);
-
- g_main_loop_run (test->loop);
-
- g_io_stream_close (G_IO_STREAM (test->client_connection), NULL, &error);
- g_assert_no_error (error);
- g_object_unref (test->client_connection);
- test->client_connection = NULL;
-}
-
-static void
-quit_on_handshake_complete (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
-{
- TestConnection *test = user_data;
- GError *error = NULL;
-
- g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error);
- g_assert_no_error (error);
-
- g_main_loop_quit (test->loop);
- return;
-}
-
-#define PRIORITY_SSL_FALLBACK "NORMAL:+VERS-SSL3.0"
-#define PRIORITY_TLS_FALLBACK "NORMAL:+VERS-TLS-ALL:-VERS-SSL3.0"
-
-static void
-test_fallback (gconstpointer data)
-{
- const char *priority_string = (const char *) data;
- char *test_name;
-
- test_name = g_strdup_printf ("/tls/connection/fallback/subprocess/%s", priority_string);
- g_test_trap_subprocess (test_name, 0, 0);
- g_test_trap_assert_passed ();
- g_free (test_name);
-}
-
-static void
-test_fallback_subprocess (TestConnection *test,
- gconstpointer data)
-{
- GIOStream *connection;
- GTlsConnection *tlsconn;
- GError *error = NULL;
-
- connection = start_echo_server_and_connect_to_it (test);
- test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
- g_assert_no_error (error);
- tlsconn = G_TLS_CONNECTION (test->client_connection);
- g_object_unref (connection);
-
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- 0);
- g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection),
- TRUE);
- g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL,
- quit_on_handshake_complete, test);
- g_main_loop_run (test->loop);
-
- /* In 2.42 we don't have the API to test that the correct version was negotiated,
- * so we merely test that the connection succeeded at all.
- */
-
- g_io_stream_close (test->client_connection, NULL, &error);
- g_assert_no_error (error);
-}
-
-static void
-test_output_stream_close (TestConnection *test,
- gconstpointer data)
-{
- GIOStream *connection;
- GError *error = NULL;
- gboolean ret;
- gboolean handshake_complete = FALSE;
- gssize size;
-
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
- test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
- g_assert_no_error (error);
- g_object_unref (connection);
-
- /* No validation at all in this test */
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- 0);
-
- g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
- G_PRIORITY_DEFAULT, NULL,
- handshake_completed, &handshake_complete);
-
- while (!handshake_complete)
- g_main_context_iteration (NULL, TRUE);
-
- ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
- NULL, &error);
- g_assert_no_error (error);
- g_assert (ret);
-
-
- /* Verify that double close returns TRUE */
- ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
- NULL, &error);
- g_assert_no_error (error);
- g_assert (ret);
-
- size = g_output_stream_write (g_io_stream_get_output_stream (test->client_connection),
- "data", 4, NULL, &error);
- g_assert (size == -1);
- g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED);
- g_clear_error (&error);
-
- /* We closed the output stream, but not the input stream, so receiving
- * data should still work.
- */
- read_test_data_async (test);
- g_main_loop_run (test->loop);
-
- g_assert_no_error (test->read_error);
- g_assert_no_error (test->server_error);
-
- ret = g_io_stream_close (test->client_connection, NULL, &error);
- g_assert_no_error (error);
- g_assert (ret);
-}
-
int
main (int argc,
char *argv[])
{
int ret;
- int i;
-
- /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY
- * appropriately if so.
- */
- for (i = 1; i < argc - 1; i++)
- {
- if (!strcmp (argv[i], "-p"))
- {
- const char *priority = argv[i + 1];
-
- priority = strrchr (priority, '/');
- if (priority++ &&
- (g_str_has_prefix (priority, "NORMAL:") ||
- g_str_has_prefix (priority, "NONE:")))
- g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE);
- break;
- }
- }
g_test_init (&argc, &argv, NULL);
g_test_bug_base ("http://bugzilla.gnome.org/");
setup_connection, test_basic_connection, teardown_connection);
g_test_add ("/tls/connection/verified", TestConnection, NULL,
setup_connection, test_verified_connection, teardown_connection);
- g_test_add ("/tls/connection/verified-chain", TestConnection, NULL,
- setup_connection, test_verified_chain, teardown_connection);
- g_test_add ("/tls/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL,
- setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection);
- g_test_add ("/tls/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL,
- setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection);
- g_test_add ("/tls/connection/verified-unordered-chain", TestConnection, NULL,
- setup_connection, test_verified_unordered_chain, teardown_connection);
- g_test_add ("/tls/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL,
- setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection);
- g_test_add ("/tls/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL,
- setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection);
g_test_add ("/tls/connection/client-auth", TestConnection, NULL,
setup_connection, test_client_auth_connection, teardown_connection);
g_test_add ("/tls/connection/client-auth-rehandshake", TestConnection, NULL,
setup_connection, test_client_auth_rehandshake, teardown_connection);
g_test_add ("/tls/connection/client-auth-failure", TestConnection, NULL,
setup_connection, test_client_auth_failure, teardown_connection);
- g_test_add ("/tls/connection/client-auth-request-cert", TestConnection, NULL,
- setup_connection, test_client_auth_request_cert, teardown_connection);
- g_test_add ("/tls/connection/client-auth-request-fail", TestConnection, NULL,
- setup_connection, test_client_auth_request_fail, teardown_connection);
g_test_add ("/tls/connection/no-database", TestConnection, NULL,
setup_connection, test_connection_no_database, teardown_connection);
g_test_add ("/tls/connection/failed", TestConnection, NULL,
setup_connection, test_connection_socket_client, teardown_connection);
g_test_add ("/tls/connection/socket-client-failed", TestConnection, NULL,
setup_connection, test_connection_socket_client_failed, teardown_connection);
- g_test_add ("/tls/connection/read-time-out-then-write", TestConnection, NULL,
- setup_connection, test_connection_read_time_out_write, teardown_connection);
g_test_add ("/tls/connection/simultaneous-async", TestConnection, NULL,
setup_connection, test_simultaneous_async, teardown_connection);
g_test_add ("/tls/connection/simultaneous-sync", TestConnection, NULL,
- setup_connection, test_simultaneous_sync, teardown_connection);
+ setup_connection, test_simultaneous_sync, teardown_connection);
g_test_add ("/tls/connection/simultaneous-async-rehandshake", TestConnection, NULL,
setup_connection, test_simultaneous_async_rehandshake, teardown_connection);
g_test_add ("/tls/connection/simultaneous-sync-rehandshake", TestConnection, NULL,
- setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
+ setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
g_test_add ("/tls/connection/close-immediately", TestConnection, NULL,
setup_connection, test_close_immediately, teardown_connection);
g_test_add ("/tls/connection/close-during-handshake", TestConnection, NULL,
setup_connection, test_close_during_handshake, teardown_connection);
- g_test_add ("/tls/connection/close-output-stream-during-handshake", TestConnection, NULL,
- setup_connection, test_output_stream_close_during_handshake, teardown_connection);
g_test_add ("/tls/connection/write-during-handshake", TestConnection, NULL,
setup_connection, test_write_during_handshake, teardown_connection);
- g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL,
- setup_connection, test_async_implicit_handshake, teardown_connection);
- g_test_add ("/tls/connection/output-stream-close", TestConnection, NULL,
- setup_connection, test_output_stream_close, teardown_connection);
-
- g_test_add_data_func ("/tls/connection/fallback/SSL", PRIORITY_SSL_FALLBACK, test_fallback);
- g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_SSL_FALLBACK,
- TestConnection, NULL,
- setup_connection, test_fallback_subprocess, teardown_connection);
- g_test_add_data_func ("/tls/connection/fallback/TLS", PRIORITY_TLS_FALLBACK, test_fallback);
- g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_TLS_FALLBACK,
- TestConnection, NULL,
- setup_connection, test_fallback_subprocess, teardown_connection);
ret = g_test_run();
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <sys/types.h>
#include <string.h>
-static const gchar *
-tls_test_file_path (const char *name)
-{
- const gchar *const_path;
- gchar *path;
-
- path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
- if (!g_path_is_absolute (path))
- {
- gchar *cwd, *abs;
-
- cwd = g_get_current_dir ();
- abs = g_build_filename (cwd, path, NULL);
- g_free (cwd);
- g_free (path);
- path = abs;
- }
-
- const_path = g_intern_string (path);
- g_free (path);
- return const_path;
-}
+#define TEST_FILE(name) (SRCDIR "/files/" name)
/* -----------------------------------------------------------------------------
* CERTIFICATE VERIFY
{
GError *error = NULL;
- test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ test->cert = g_tls_certificate_new_from_file (TEST_FILE ("server.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (test->cert));
test->identity = g_network_address_new ("server.example.com", 80);
- test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ test->database = g_tls_file_database_new (TEST_FILE ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (test->database));
}
GError *error = NULL;
/* Use another certificate which isn't in our CA list */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("server-self.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client-future.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("client-past.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GTlsCertificateFlags errors;
GError *error = NULL;
- cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
+ cert = g_tls_certificate_new_from_file (TEST_FILE ("server-self.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError **error)
{
GList *certificates;
- GTlsCertificate *chain = NULL, *prev_chain = NULL;
+ GTlsCertificate *chain = NULL;
GTlsBackend *backend;
GByteArray *der;
GList *l;
certificates = g_list_reverse (certificates);
for (l = certificates; l != NULL; l = g_list_next (l))
{
- prev_chain = chain;
g_object_get (l->data, "certificate", &der, NULL);
chain = g_object_new (g_tls_backend_get_certificate_type (backend),
"certificate", der,
- "issuer", prev_chain,
+ "issuer", chain,
NULL);
g_byte_array_unref (der);
- g_clear_object (&prev_chain);
}
g_list_free_full (certificates, g_object_unref);
* This database contains a single anchor certificate of:
* C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
*/
- database = g_tls_file_database_new (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
+ database = g_tls_file_database_new (TEST_FILE ("ca-verisign-sha1.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (database));
- ca_verisign_sha1 = g_tls_certificate_new_from_file (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
+ ca_verisign_sha1 = g_tls_certificate_new_from_file (TEST_FILE ("ca-verisign-sha1.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
* verify this chain as valid, since the issuer fields and signatures should chain up
* to the certificate in our database.
*/
- chain = load_certificate_chain (tls_test_file_path ("chain-with-verisign-md2.pem"), &error);
+ chain = load_certificate_chain (TEST_FILE ("chain-with-verisign-md2.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (chain));
{
GError *error = NULL;
- test->path = tls_test_file_path ("ca-roots.pem");
+ test->path = TEST_FILE ("ca-roots.pem");
test->database = g_tls_file_database_new (test->path, &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (test->database));
* is 'in' the database.
*/
- certificate = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ certificate = g_tls_certificate_new_from_file (TEST_FILE ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (certificate));
gchar *anchor_filename = NULL;
GError *error = NULL;
- database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ database = g_tls_file_database_new (TEST_FILE ("ca.pem"), &error);
g_assert_no_error (error);
g_object_get (database, "anchors", &anchor_filename, NULL);
- g_assert_cmpstr (anchor_filename, ==, tls_test_file_path ("ca.pem"));
+ g_assert_cmpstr (anchor_filename, ==, TEST_FILE ("ca.pem"));
g_free (anchor_filename);
g_object_unref (database);
static void
test_lookup_certificates_issued_by (void)
{
- /* This data is generated from the frob-certificate test tool in gcr library.
- * To regenerate (from e.g. a directory containing gcr and glib-networking):
- *
- * $ gcr/frob-certificate glib-networking/tls/tests/files/ca.pem
- *
- * Then copy the hex that is printed after "subject" (not "issuer"!) and add
- * the missing 'x's.
- */
+ /* This data is generated from the frob-certificate test tool in gcr library */
const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2"
"\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A"
"\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41"
- "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15"
+ "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15"
"\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74"
"\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03"
- "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
+ "\x13\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
"\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09"
"\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63"
"\x6F\x6D";
GTlsDatabase *database;
GError *error = NULL;
- database = g_tls_file_database_new (tls_test_file_path ("non-ca.pem"), &error);
+ database = g_tls_file_database_new (TEST_FILE ("non-ca.pem"), &error);
g_assert_no_error (error);
issuer_dn = g_byte_array_new ();
g_assert_cmpuint (g_list_length (certificates), ==, 4);
- g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client.pem")));
- g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem")));
- g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem")));
- g_assert (certificate_is_in_list (certificates, tls_test_file_path ("server.pem")));
- g_assert (!certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem")));
+ g_assert (certificate_is_in_list (certificates, TEST_FILE ("client.pem")));
+ g_assert (certificate_is_in_list (certificates, TEST_FILE ("client-future.pem")));
+ g_assert (certificate_is_in_list (certificates, TEST_FILE ("client-past.pem")));
+ g_assert (certificate_is_in_list (certificates, TEST_FILE ("server.pem")));
+ g_assert (!certificate_is_in_list (certificates, TEST_FILE ("server-self.pem")));
g_list_free_full (certificates, g_object_unref);
g_object_unref (database);
+ g_byte_array_unref (issuer_dn);
}
static void
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBV
-bnRydXN0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndh
-cy5hLmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNv
-bTAeFw0xNTA4MzAwMDIyMzFaFw00NTA4MjIwMDIyMzFaMIGGMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsG
-CSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAL2qSsuOcbcaJ9+uvbKan/v5186d6u1i5kIk3dPu4etHegHpDG5baq+C
-IUdY1AyCcz6OL61J1lbB3Ksk6eyo9woKHHto0BJ9IVEb7K7pT+gau7QeS15MUK5m
-NfueUfIdXTCNpHez6Nzt4H57bgqJJrJnHnondOuEalEFgDtOBqilAgMBAAGjggFR
-MIIBTTAdBgNVHQ4EFgQUmAbQgRwBOJuIai3NygAtGQ9xlbEwgdQGA1UdIwSBzDCB
-yYAULu6rFocDkpwOJyAjyQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ
-FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50
-cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMu
-YS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22C
-CQD9kIwlfKYqXDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV
-HREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNv
-bTANBgkqhkiG9w0BAQUFAAOBgQA9CNpCI5kLKsccy73SZWyp2fEwMDrZHMJvChdv
-1CWaE1BYlLQWtr1bSy2aEPZujMVzUW5XtoRlLWpTBxUB7o888u7FJmFVhEv4Apq2
-DZ8yDlIy4yHFOShIQfmfdeDzYSoxXgoUINqxQDpfKXrQCB9OqQjI4yrJkw+lO7fs
-eIIk5w==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9qkrLjnG3Giffrr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6Qxu
-W2qvgiFHWNQMgnM+ji+tSdZWwdyrJOnsqPcKChx7aNASfSFRG+yu6U/oGru0Hkte
-TFCuZjX7nlHyHV0wjaR3s+jc7eB+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQAB
-AoGAY6BlA4HCV9TkZwnJ2VyBdwFpC75F3gYaP1pQL3gGsejsvL4m6n0YkDKBupF9
-aUjIsm5LuvHTJeVVPYz5V3f1syZr4fYYpmwoWjHkb6g55R9iAgmSd29gQwu0OdsP
-EhothysqPMvhWQi2gLHAz14U+EZVH9zKCZ50GW7bTrZoc20CQQD2LkPn6S2HQhPl
-Ks9HmPAsFkd0dKE0zE2IKvgsCiBsfvd4H1u0QO17ZWNR8AK9x16gnrDv0Xjpsw6H
-V9xaMsY7AkEAxTrzZKdaeu1BFDuLdgGuEj5YOUbhXjmldDwvw/xFXPU03MjCVDjo
-4V6MDZJ1HlpwWBCYO+pIyRd5NADXh33+nwJBAPT8d6FbYG6BKJFfd+V1YlVNWpCe
-3CpRwjpnII+bCEdQVu9YrYcFMhAhhqRs6B16QUYwhj4yRFS1VxkDK4srii8CQCdm
-U2D0HZsY8js8eeulAkUatz0Z78OG+Ipzy4b3SlP7mAfTAx8YD02WOZwsecEKiA7P
-odm2P7wMOGYvFN84SDkCQQCYg8rdrLdM1Wx+/k9aiFku1LmyHLZPtq39je4S/EJN
-ibWCMmhysz6cuIKykUYI7DKolQnxu4BWLnn9ff60T1xp
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
-IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
-IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
-Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
-BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
-MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
-ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
-8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
-zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
-fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
-w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
-G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
-epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
-laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
-QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
-fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
-YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
-ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
-gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
-MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
-IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
-dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
-czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
-dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
-aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
-AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
-b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
-ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
-nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
-18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
-gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
-Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
-sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
-SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
-CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
-GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
-zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
-omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
-IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
-IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
-Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
-BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
-cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
-4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
-Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
-0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
-FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
-bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
-SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
-6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
-m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
-eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
-kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
-6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
-CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
-aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
-gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
-aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
-tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
-nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
-77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
-These are some CA certificates
-
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAOpd4Em2fjp3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+CxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDEw5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDcxMjIwMTc1NjA2
+WhcNMzUwNTA4MTc1NjA2WjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5OjHuXXN2LG3s
+FHISaZZ6L1RSYgRdTenu1nvqkMn/xvzOz385oede1z/7f6BoXyM0kNWCf4SOXtXr
+EIGmQoeURhFfLCnoK8NHfNcel3IPyMPhdJUMJlc3gfpWm+QxjkyqVyMhyYxC9Pmg
+QC7zx4ZKcQrL3zVGYtg8wxmaKY2HwQIDAQABo4IBODCCATQwHQYDVR0OBBYEFNSE
+nYhMCPaaFynFeQ2R5y25+AcFMIG7BgNVHSMEgbMwgbCAFNSEnYhMCPaaFynFeQ2R
+5y25+AcFoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDEw5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDqXeBJtn46dzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQA6xjU2aPgMOh2yyz2KCb6d5gNNvfr4
+pLGpZWilbRkA36OOG43zxeRZoumh1ybyOvhm73cMvNihDUyOf7vQe75Qtp5koGPS
+V3mSruhsRGvOZxcV+SJnBj1exKyH3mdaZA74Xg4y5qkUkywPqnP5Y+E6UMJM7Nmw
+kHk2bKJC5vjxoA==
-----END CERTIFICATE-----
-
-GLib shouldn't care about this comment
-
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdni
TCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc=
-----END CERTIFICATE-----
-
-Thank you for loading this list of CA certificates.
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAOpd4Em2fjp3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+CxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDEw5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDcxMjIwMTc1NjA2
+WhcNMzUwNTA4MTc1NjA2WjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5OjHuXXN2LG3s
+FHISaZZ6L1RSYgRdTenu1nvqkMn/xvzOz385oede1z/7f6BoXyM0kNWCf4SOXtXr
+EIGmQoeURhFfLCnoK8NHfNcel3IPyMPhdJUMJlc3gfpWm+QxjkyqVyMhyYxC9Pmg
+QC7zx4ZKcQrL3zVGYtg8wxmaKY2HwQIDAQABo4IBODCCATQwHQYDVR0OBBYEFNSE
+nYhMCPaaFynFeQ2R5y25+AcFMIG7BgNVHSMEgbMwgbCAFNSEnYhMCPaaFynFeQ2R
+5y25+AcFoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDEw5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDqXeBJtn46dzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQA6xjU2aPgMOh2yyz2KCb6d5gNNvfr4
+pLGpZWilbRkA36OOG43zxeRZoumh1ybyOvhm73cMvNihDUyOf7vQe75Qtp5koGPS
+V3mSruhsRGvOZxcV+SJnBj1exKyH3mdaZA74Xg4y5qkUkywPqnP5Y+E6UMJM7Nmw
+kHk2bKJC5vjxoA==
-----END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
-bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
-aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
-LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
-SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
-urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
-ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
-rIGhqRjNMWRmaH1wgSCGRiE=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
-MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
-FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
-aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
-BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
-SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
-V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
-BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
-gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
-FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
-Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
-LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
-gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
-T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
-Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
------END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
-MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
-onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
-vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
-CWob7aQ/SlFQ+txnwJtOnA==
+MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
+MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
+IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
+zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
+itDUkYkssNCVivYwVvJoMg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
-5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
-asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
-SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
-AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
-XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
-+j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
-K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
-CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
-Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
-UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
-Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
-NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
-11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
-vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
-Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
-uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
-f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
-e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
-RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
-NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
-ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
-9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
-7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
-As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
+MIIEpQIBAAKCAQEAwSA0Mz92De30Mc0A/P9vzstLERoqGhnwBw0HKbcsQ50KdcYS
+cp/Rv2WRPlxpe7kYAzzhqFMInufv1FU2uoYozuNsF1Jf5lR+SolA+E5cPb7SeJhC
+Jwf3afPvyTGaOVuLO93d8zUGU74L/741Z/YQCE5FUCO8msc2iQmnc9M1EnVZa14d
+5T0/B8aZYcpVzUiC9EUwfTzrTghnNfkJzEiD9vnqDbsDsIE+H8o7+opMMsUU0ZzV
+PZqy9j8/f4943rL6V4UdK0JO7tEGL+XiFzNl2fCrcEZPqaeMQ3vBq7azukDTrtJe
+KY06RiLl+DCykweLx8laZjIHKlSZAFHPB+bvsQIDAQABAoIBAQCQUI1RYnHIdPFO
+qZ+8bvDQ+g8tR30ApjM8QZsBrDRyjg579bhhWVY2jSJdFFdqseTkvoDt9KZzgGQy
+Kj9MYOZru3xRbSfmiWsaLbiUFJJPPaIvpa+BVS2oSjX8BYn2pJbF9MRfclc5CsIS
+qMNl3XUbj8mx2hKdIpJ5EvLD1adKE4Se6peqSZAmEHONNCsrMrQ0GSQqV3viInJr
+tc3kp3HcPffSROWqmc6jAJ77Cs3ApgJavL5RGjx30Kd+dKVq4PXZ+IhWM8dOSput
+wcyxEosiP/W2g0rDgNW2mGOVOwa/D5SnOolicHifdV7idjwLAjkyYgvmBMNSsECj
+yKBkE0gxAoGBAN8iHMumyvriHuj9bSLZ1bcyYFz7jIwUxpHTT7VqN/j/Y1BoBIBy
+ZZLDGMa+ID/brpRHzJQAKSNtbFQ0S1HTSKcFud5OWE8Rp3pQJU+sdeO3pCMWAD1z
+Q4ggF07JjTSSnK+4fcXgEN9P2OdfXy7Rj3HFpSahql55Kp5udoUdzUVFAoGBAN2S
+krlcEuqsEYjqsCJw5pctIwPMvCM51JgirrdETwSGquMklSrobH0PHMlR67gsA/9I
+UGShT0LL4UWYpBn/4xLrLbua5aHIBfQQZp9K6jDZddWS+EFL5JkO/Up4/qM6fUbH
+CuweVv1gd6i2Ti35K60mgx6MqVunaB1k8Q9P3Pl9AoGALSVtxha9Qv21W1bLWh3R
+C/v5W1baHQ2nD6I9omsXYB3sLjydjI+Y1ZT70lptk/4S2JWeYuOVb0GYhYD/LFMf
+hAu4i642V+kuhaTpp7ExOR3S6/ZrngNQSp6TmLFXDKgNY9BkQkEPqN8y971oOMTV
+zSM8QxC6s9q4MM4Q1OYuvjECgYEAsO2V1AW95T45Ukd1FktpFlaomyQlJ0vKgyFO
+unEFV+vhETfpFTY7SzGCHxAXVh1vo62u5Gwayo/a9qQIhepa/IRnJGNv8luyxU1D
+ZPeBQjija0PMkPd1NvNNNuafDuBpoNbX1ev0MqeRZVsN2pAZXE5gbUiNA+8NqEsu
+Yre3EFECgYEA13rXE76zZgsefx+2spjqJDUWEmTDd1460xTtxCCgL9dy4rW5bgwo
+MvINphSUXOwSkn8Oja/IvpN28zSj9W/ci5wU52P5w4blkBmuj8UoCjP2FN1b1OBa
+86mkwVsCYUyyI2apuwrHP77yeb8jXZb+reqSns3hU+HyO/nUTVmnews=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
-MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
-RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
-ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
-dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
-jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
-ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
-qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
-gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
-rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
-s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
-nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
-cbRhKzUoJD6FBuUq7OXOO+4T30c=
+MIIC3DCCAkUCAQowDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAxMTgxNzI3MDNaFw0yMTAxMTcxNzI3
+MDNaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBvt8v930fQtxR7f7Vcb1Hg
+irq1CtffsBqtKYupYg6IgloiRA6U5wdU0e6faA3Ppsmd4SmNKb9ZavIgnDBfx8MP
+1/IpsNOkg0366bP/zzkAhcXspo7PU8yZIqep//wT4TOFz04N8Lshqm8HUejShFdA
+fB8C0LX5Y/2219ZVMaaEbw==
-----END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
-5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
-asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
-SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
-AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
-XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
-+j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
-K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
-CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
-Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
-UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
-Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
-NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
-11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
-vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
-Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
-uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
-f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
-e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
-RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
-NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
-ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
-9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
-7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
-As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
------END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
-MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
-VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
-hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
-Iy/P6Hx0b2bZ5H6v/y6bqw==
+MIIC3DCCAkUCAQswDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDAxMTgxNzI3NDdaFw0wMTAxMTcxNzI3
+NDdaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBC3BOULAOkRFLKLajHIIB2
+VB0tHOFWuflP/LXso3ogGA8ItqbjacqjRHdTGK79etbxSTdi7k8owMVMPavJnBYk
+TraOkf/xxHo2zWy3XES1lniTUfGgKpjYNlALB6K6DJseZorSOmGA4KllL46MYwNu
+jsLO+5HkS/uNxlKo2l+xGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
-MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
-onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
-vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
-CWob7aQ/SlFQ+txnwJtOnA==
+MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
+MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
+IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
+zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
+itDUkYkssNCVivYwVvJoMg==
-----END CERTIFICATE-----
+++ /dev/null
-#!/bin/sh
-
-msg() {
- echo
- echo "* $1 ..."
-}
-
-cd `dirname $0`
-
-echo
-echo "This script re-generates all private keys and certificates"
-echo "needed to run the Unit Test."
-echo
-echo " *** IMPORTANT ***"
-echo
-echo "This script will change the system date momentarily to generate"
-echo "a couple of certificates (sudo password will be requested). This"
-echo "is because it uses the OpenSSL x509 utility instead of the ca"
-echo "utility which allows to set a starting date for the certificates."
-echo
-echo "A few manual changes need to be made. The first certificate"
-echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by"
-echo "the contents of ca.pem."
-echo
-echo "Also, file-database.c:test_lookup_certificates_issued_by has"
-echo "an ISSUER variable that needs to be changed by the CA identifier"
-echo "(read the comment in that function) if you modify this script."
-echo
-echo " *** IMPORTANT ***"
-echo
-
-read -p "Press [Enter] key to continue..." key
-
-#######################################################################
-### Obsolete/Untrusted Root CA
-#######################################################################
-
-echo "00" > serial
-
-msg "Creating CA private key for obsolete/untrusted CA"
-openssl genrsa -out old-ca-key.pem 1024
-
-msg "Creating CA certificate for obsolete/untrusted CA"
-openssl req -x509 -new -config ssl/old-ca.conf -days 10950 -key old-ca-key.pem -out old-ca.pem
-
-#######################################################################
-### New Root CA
-#######################################################################
-
-msg "Creating CA private key"
-openssl genrsa -out ca-key.pem 1024
-
-msg "Creating CA certificate"
-openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem
-
-#######################################################################
-### New Root CA, issued by Obsolete/Untrusted Root CA
-#######################################################################
-
-msg "Creating CA certificate request"
-openssl req -config ssl/ca.conf -key ca-key.pem -new -out root-ca-csr.pem
-
-msg "Creating alternative certificate with same keys as CA"
-openssl x509 -req -in root-ca-csr.pem -days 10950 -CA old-ca.pem -CAkey old-ca-key.pem -CAserial serial -extfile ssl/ca.conf -extensions v3_req_ext -out ca-alternative.pem
-
-#######################################################################
-### Server
-#######################################################################
-
-msg "Creating server private key"
-openssl genrsa -out server-key.pem 512
-
-msg "Creating server certificate request"
-openssl req -config ssl/server.conf -key server-key.pem -new -out server-csr.pem
-
-msg "Creating server certificate"
-openssl x509 -req -in server-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/server.conf -extensions v3_req_ext -out server.pem
-
-msg "Concatenating server certificate and private key into a single file"
-cat server.pem > server-and-key.pem
-cat server-key.pem >> server-and-key.pem
-
-msg "Converting server certificate from PEM to DER"
-openssl x509 -in server.pem -outform DER -out server.der
-
-msg "Converting server private key from PEM to DER"
-openssl rsa -in server-key.pem -outform DER -out server-key.der
-
-#######################################################################
-### Server (self-signed)
-#######################################################################
-
-msg "Creating server self-signed certificate"
-openssl x509 -req -days 9125 -in server-csr.pem -signkey server-key.pem -out server-self.pem
-
-#######################################################################
-### Client
-#######################################################################
-
-msg "Creating client private key"
-openssl genrsa -out client-key.pem 2048
-
-msg "Creating client certificate request"
-openssl req -config ssl/client.conf -key client-key.pem -new -out client-csr.pem
-
-msg "Creating client certificate"
-openssl x509 -req -in client-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client.pem
-
-msg "Concatenating client certificate and private key into a single file"
-cat client.pem > client-and-key.pem
-cat client-key.pem >> client-and-key.pem
-
-# It is not possible to specify the start and end date using the "x509" tool.
-# It would be better to use the "ca" tool. Sorry!
-msg "Creating client certificate (past)"
-sudo date -s "17 JUL 2000 18:00:00"
-openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-past.pem
-sudo hwclock -s
-touch client-past.pem
-
-msg "Creating client certificate (future)"
-sudo date -s "17 JUL 2060 18:00:00"
-openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-future.pem
-sudo hwclock -s
-touch client-future.pem
-
-#######################################################################
-### Concatenate all non-CA certificates
-#######################################################################
-
-msg "Concatenating all non-CA certificates into a single file"
-echo "client.pem:" > non-ca.pem
-cat client.pem >> non-ca.pem
-echo >> non-ca.pem
-echo "client-future.pem:" >> non-ca.pem
-cat client-future.pem >> non-ca.pem
-echo >> non-ca.pem
-echo "client-past.pem:" >> non-ca.pem
-cat client-past.pem >> non-ca.pem
-echo >> non-ca.pem
-echo "server.pem:" >> non-ca.pem
-cat server.pem >> non-ca.pem
-echo >> non-ca.pem
-echo "server-self.pem:" >> non-ca.pem
-cat server-self.pem >> non-ca.pem
-
-#######################################################################
-### Intermediate CA
-#######################################################################
-
-echo "00" > intermediate-serial
-
-msg "Creating intermediate CA private key"
-openssl genrsa -out intermediate-ca-key.pem 512
-
-msg "Creating intermediate CA certificate request"
-openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem
-
-msg "Creating intermediate CA certificate"
-openssl x509 -req -in intermediate-ca-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/intermediate-ca.conf -extensions v3_req_ext -out intermediate-ca.pem
-
-#######################################################################
-### Server (signed by Intermediate CA)
-#######################################################################
-
-msg "Creating server (intermediate CA) private key"
-openssl genrsa -out server-intermediate-key.pem 512
-
-msg "Creating server (intermediate CA) certificate request"
-openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out server-intermediate-csr.pem
-
-msg "Creating server (intermediate CA) certificate"
-openssl x509 -req -in server-intermediate-csr.pem -days 9125 -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem -CAserial intermediate-serial -extfile ssl/server-intermediate.conf -extensions v3_req_ext -out server-intermediate.pem
-
-msg "Concatenating server (intermediate CA) chain into a file"
-cat server-intermediate.pem > chain.pem
-cat intermediate-ca.pem >> chain.pem
-cat ca.pem >> chain.pem
-
-#######################################################################
-### Cleanup
-#######################################################################
-
-# We don't need the serial files anymore
-rm -f serial
-rm -f intermediate-serial
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBujCCAWQCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
-ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg
-QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x
-KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0G
-CSqGSIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDN
-L2JuV7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGgUTBPBgkq
-hkiG9w0BCQ4xQjBAMB0GA1UdDgQWBBRd9ylgHXCCZmIH9Y3sRbfjbCVnATAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAANBAIp7
-2/fnWAYyd4QxpW8qqajTKyuGiS5rwm5knLZvriM3qR6mAtuI3vluk431YcQ1G/jn
-QdPf5uYuttJC1GzrZDE=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBANEyJ2u0kBnbu0j2ADeGEg/tLkS1+OEwdSLyYM0vYm5XucwMagAR
-R8dXfH/4Rv9N7Ka8GJHOVQPpgZBEr7YLz4sCAwEAAQJAUPmw+Kfz/45meF+Axf1H
-kJKmjkJCDCjNrrFTdxkYaM0pCDPjHeclMHZ9mhtKQs2/8ER4tvdNIUCba/f9n4lI
-QQIhAO6s3jWb4JVobvpC0r5OE/HLOLgnnieQPQGl/sBoqL6fAiEA4GF+A8XaSF/C
-V5tFTFMDN1hw9bvOxhwaVAgcBNzHA5UCIFI5t+wcIYkXi3QoZVYuq+xXKNk4vOHA
-bWQN/e/nnordAiEA26qWU9s+99vHxzybez1JyMUs0WYr6IdavymxRJFfxIECIEra
-zEU8vYbm02cECN2fB6SRAlyD8Gb6KAMP+A4RXVWO
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
-MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
-FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
-aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
-BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
-SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
-V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
-BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
-gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
-FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
-Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
-LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
-gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
-T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
-Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
------END CERTIFICATE-----
client.pem:
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
-MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
-onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
-vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
-CWob7aQ/SlFQ+txnwJtOnA==
+MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
+MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
+IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
+zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
+itDUkYkssNCVivYwVvJoMg==
-----END CERTIFICATE-----
client-future.pem:
-----BEGIN CERTIFICATE-----
-MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
-MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
-RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
-ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
-dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
-jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
-ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
-qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
-gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
-rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
-s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
-nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
-cbRhKzUoJD6FBuUq7OXOO+4T30c=
+MIIC3DCCAkUCAQowDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAxMTgxNzI3MDNaFw0yMTAxMTcxNzI3
+MDNaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBvt8v930fQtxR7f7Vcb1Hg
+irq1CtffsBqtKYupYg6IgloiRA6U5wdU0e6faA3Ppsmd4SmNKb9ZavIgnDBfx8MP
+1/IpsNOkg0366bP/zzkAhcXspo7PU8yZIqep//wT4TOFz04N8Lshqm8HUejShFdA
+fB8C0LX5Y/2219ZVMaaEbw==
-----END CERTIFICATE-----
client-past.pem:
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
-MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
-VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
-hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
-Iy/P6Hx0b2bZ5H6v/y6bqw==
+MIIC3DCCAkUCAQswDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDAxMTgxNzI3NDdaFw0wMTAxMTcxNzI3
+NDdaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
+9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
+79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
+C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
+ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
+Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
+mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBC3BOULAOkRFLKLajHIIB2
+VB0tHOFWuflP/LXso3ogGA8ItqbjacqjRHdTGK79etbxSTdi7k8owMVMPavJnBYk
+TraOkf/xxHo2zWy3XES1lniTUfGgKpjYNlALB6K6DJseZorSOmGA4KllL46MYwNu
+jsLO+5HkS/uNxlKo2l+xGw==
-----END CERTIFICATE-----
server.pem:
-----BEGIN CERTIFICATE-----
-MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
-MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
-crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
-9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
-YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
-JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+MIICJjCCAY+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTExMDExNzE5NDcxN1oXDTIxMDEx
+NDE5NDcxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbf
+hRoAalKVluG9jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAGjIjAgMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAYx6fMqT1
+Gvo0jq88E8mc+bmp4LfXD4wJ7KxYeadQxt75HFRpj4FhFO3DOpVRFgzHlOEo3Fwk
+PZOKjvkT0cbcoEq5whLH25dHoQxGoVQgFyAP5s+7Vp5AlHh8Y/vAoXeEVyy/RCIH
+QkhUlAflfDMcrrYjsmwoOPSjhx6Mm/AopX4=
-----END CERTIFICATE-----
+
server-self.pem:
-----BEGIN CERTIFICATE-----
-MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
+MIIBiDCCATICCQDJ4QeFpYPYljANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAxMSc2Vy
+dmVyLmV4YW1wbGUuY29tMB4XDTExMDExOTAzMTYzOFoXDTIxMDExNjAzMTYzOFow
SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
-gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
-pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
-6JR2XOHSot4zsr68
+GzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbfhRoAalKVluG9
+jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAEwDQYJKoZIhvcNAQEFBQADQQAagc2P
+/lCfDwT3max+D2M7++KMDfGqiO3gI+hMarf/jAaQpcKO/9G95AnNo4lTd6W6/7yj
+YYvUupv+0vi4CtQG
-----END CERTIFICATE-----
+
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDAcmBlQzZO0JXytrD6hG7mLM4UOcv/Mq0Spdko3VfLkBXMJKF5
-TC8gJYFw5/YhWH5rQ3hQoSUq/GbaHZh1XrJpHBYHQn4sS0m4Nlrd/q1pyvSMNr0s
-Ywe+McBw9TFqGgimV6rgDGsjqz3uxqOlo5goovOS7BT9XxcHMBW3/uQuIQIDAQAB
-AoGBAIxYXTg8BfUAZPo2hWaNAhtWfYt+gui/WjyJOo90rDxF/b98z02YY527/GQM
-phC3aqpq7+lNO7/XhmJ2xuKBhvWgw7sVjhEG5bqigofH8Rc3W/SvNyo1xh658HDF
-3IgpUVAMKVb3puvZNOqBn+3WxfFP7cawSPH+gU2GTdk+e5nJAkEA4LWOlU3vlVnp
-Rd3ngQNrfrh0MR2tD34Pu0xvvpNq9KWUjREVtcNGCFx0M4WYl1caiwtmWUtmdfhy
-Yd49v0E1VwJBANs+ujWmjh8hfwAZ1lQ5DfJROAvmxYrrn98sdj9RzuhnGdFoE+Ld
-BkpAQU1PvTPp2ot60633pwEDLZzd7tfb1UcCQDUcdIDxlMkWIT60Pj2OE2A2NLBP
-NVJOF2XLoTXIHiWI5V2aRilZ6DmdsJFk6DYNDmcC4MQGQEdt24sqPinwPa0CQE6S
-kWtu0FpJx9kCaXRvqhbgkqR5ROx/eyEhLxOMPwm9AVyx3wabzYhItN5/KEB1m7QH
-Bdu/+GL9f5hLVTCZATsCQQCyc9HNvPb2V4q4ksn+RuQH7VHI/cOtqTvldBXm1HhV
-XlM4brBTQjS1WbSmjlTcnzwfaLQXk+pGsqThOgbLwDvq
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEETCCA3qgAwIBAgIJAP2QjCV8pipcMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UE
-CwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMM
-GW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQ1MDgyMjAwMjIzMVowgZ8xEzAR
-BgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYD
-VQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UE
-AwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA
-ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMByYGVDNk7Q
-lfK2sPqEbuYszhQ5y/8yrRKl2SjdV8uQFcwkoXlMLyAlgXDn9iFYfmtDeFChJSr8
-ZtodmHVesmkcFgdCfixLSbg2Wt3+rWnK9Iw2vSxjB74xwHD1MWoaCKZXquAMayOr
-Pe7Go6WjmCii85LsFP1fFwcwFbf+5C4hAgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU
-Lu6rFocDkpwOJyAjyQrCxuefLW8wgdQGA1UdIwSBzDCByYAULu6rFocDkpwOJyAj
-yQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ
-k/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmlj
-YXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQD9kIwlfKYqXDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFt
-cGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUF
-AAOBgQAQLX3HpbnxH3gLf6rhj7IQEizZhAEGpvLMURlDdUdoH9ZYPsQ49rZ2kcjD
-FFUKa4Y9/smcBOkF1Za9xepinsftz8ALhsfyo3azXUJTm7sRcQzQkwaSsAh0smIv
-UbmMskbCbFVDwW8xu+SCRJac/+NAuxjxkgrytZksJPvQB545XQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIICGDCCAYECAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
-ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV
-BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl
-LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvapKy45xtxon3669spqf
-+/nXzp3q7WLmQiTd0+7h60d6AekMbltqr4IhR1jUDIJzPo4vrUnWVsHcqyTp7Kj3
-Cgoce2jQEn0hURvsrulP6Bq7tB5LXkxQrmY1+55R8h1dMI2kd7Po3O3gfntuCokm
-smceeid064RqUQWAO04GqKUCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O
-BBYEFJgG0IEcATibiGotzcoALRkPcZWxMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
-AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBACd9IesNyKrVhriex7hMBZv+1M1A
-9/1ZPstHARbjRJ4AhOKQGvu3Bz7yiuzWUyVaY+naMYlu1rPcA01588xbKdBCGF9Z
-noOeVHlTZwu1OOV57KjwoilRBtjNNbmUUl3t4nlw6+sz5pPjyVYPBunMiig3n1Ke
-8jYPdl0bW/kX+8ve
------END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
-MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
-MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
-crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
-9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
-YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
-JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+MIICJjCCAY+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTExMDExNzE5NDcxN1oXDTIxMDEx
+NDE5NDcxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbf
+hRoAalKVluG9jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAGjIjAgMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAYx6fMqT1
+Gvo0jq88E8mc+bmp4LfXD4wJ7KxYeadQxt75HFRpj4FhFO3DOpVRFgzHlOEo3Fwk
+PZOKjvkT0cbcoEq5whLH25dHoQxGoVQgFyAP5s+7Vp5AlHh8Y/vAoXeEVyy/RCIH
+QkhUlAflfDMcrrYjsmwoOPSjhx6Mm/AopX4=
-----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
-7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
-hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
-YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
-DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
-8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
-c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA2EnE8ZOeVwZmwzPc
+88DvoK1ckhOK7nVrsx9j6TmyKJ6m34UaAGpSlZbhvY72xyPNXl8QnUjm79SgT9bG
+zeUc6QIDAQABAkBRFJZ32VbqWMP9OVwDJLiwC01AlYLnka0mIQZbT/2xq9dUc9GW
+U3kiVw4lL8v/+sPjtTPCYYdzHHOyDen6znVhAiEA9qJT7BtQvRxCvGrAhr9MS022
+tTdPbW829BoUtIeH64cCIQDggG5i48v7HPacPBIH1RaSVhXl8qHCpQD3qrIw3FMw
+DwIga8PqH5Sf5sHedy2+CiK0V4MRfoU4c3zQ6kArI+bEgSkCIQCLA1vXBiE31B5s
+bdHoYa1BXebfZVd+1Hd95IfEM5mbRwIgSkDuQwV55BBlvWph3U8wVIMIb4GStaH8
+W535W8UBbEg=
+-----END PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE REQUEST-----
-MIIBNjCB4QIBADBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
-GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFwwDQYJKoZI
-hvcNAQEBBQADSwAwSAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/A
-jUg3gVFKw+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAaAxMC8GCSqGSIb3
-DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
-9w0BAQUFAANBADtTaSyvJDUzCuim8Wlk8MVVsGQzC2czFRshO5JcPgjq08gN9FXM
-KUYeUQYLGGVnVXkTqWdAOog769XukpDGv2g=
------END CERTIFICATE REQUEST-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/AjUg3gVFK
-w+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAQJACu1/RMIenHYnmaOOgDrU
-/0q+a/QnwZqx3JWzJyJsYhZmAJRw7/0MjsrD+UoPggvliu77FmnYihYEPxdlM39D
-QQIhAPE0Lu0W1vhiXxuEwIP7w7ix/IlTgZ/xIhoOltfwKSMPAiEA2itd/y6MvNgq
-39ZZDiAn5mjyDoSNJuafRi1FNY4fP+kCIGcNRH9HItE8NiYrsZSyHAzs/lgttVQA
-UfGQCiJ4GRtBAiBc+I4d6KBg+V2L9bQNqPZX4fEE7seYBD9rkG8l22LFwQIgOKPr
-BUkGlw/IMHWVXhQkPKSAPoSLHEvGiQCIyIckCMc=
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
-bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
-aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
-LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
-SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
-urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
-ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
-rIGhqRjNMWRmaH1wgSCGRiE=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
-7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
-hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
-YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
-DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
-8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
-c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA2EnE8ZOeVwZmwzPc
+88DvoK1ckhOK7nVrsx9j6TmyKJ6m34UaAGpSlZbhvY72xyPNXl8QnUjm79SgT9bG
+zeUc6QIDAQABAkBRFJZ32VbqWMP9OVwDJLiwC01AlYLnka0mIQZbT/2xq9dUc9GW
+U3kiVw4lL8v/+sPjtTPCYYdzHHOyDen6znVhAiEA9qJT7BtQvRxCvGrAhr9MS022
+tTdPbW829BoUtIeH64cCIQDggG5i48v7HPacPBIH1RaSVhXl8qHCpQD3qrIw3FMw
+DwIga8PqH5Sf5sHedy2+CiK0V4MRfoU4c3zQ6kArI+bEgSkCIQCLA1vXBiE31B5s
+bdHoYa1BXebfZVd+1Hd95IfEM5mbRwIgSkDuQwV55BBlvWph3U8wVIMIb4GStaH8
+W535W8UBbEg=
+-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
+MIIBiDCCATICCQDJ4QeFpYPYljANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAxMSc2Vy
+dmVyLmV4YW1wbGUuY29tMB4XDTExMDExOTAzMTYzOFoXDTIxMDExNjAzMTYzOFow
SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
-gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
-pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
-6JR2XOHSot4zsr68
+GzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbfhRoAalKVluG9
+jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAEwDQYJKoZIhvcNAQEFBQADQQAagc2P
+/lCfDwT3max+D2M7++KMDfGqiO3gI+hMarf/jAaQpcKO/9G95AnNo4lTd6W6/7yj
+YYvUupv+0vi4CtQG
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
-MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
-crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
-9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
-YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
-JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+MIICJjCCAY+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTExMDExNzE5NDcxN1oXDTIxMDEx
+NDE5NDcxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbf
+hRoAalKVluG9jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAGjIjAgMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAYx6fMqT1
+Gvo0jq88E8mc+bmp4LfXD4wJ7KxYeadQxt75HFRpj4FhFO3DOpVRFgzHlOEo3Fwk
+PZOKjvkT0cbcoEq5whLH25dHoQxGoVQgFyAP5s+7Vp5AlHh8Y/vAoXeEVyy/RCIH
+QkhUlAflfDMcrrYjsmwoOPSjhx6Mm/AopX4=
-----END CERTIFICATE-----
+++ /dev/null
-# Root CA
-
-[ req ]
-default_md = sha1
-utf8 = yes
-string_mask = utf8only
-prompt = no
-distinguished_name = req_dn
-req_extensions = req_ext
-x509_extensions = v3_req_ext
-
-[ req_dn ]
-0.domainComponent = "COM"
-1.domainComponent = "EXAMPLE"
-organizationalUnitName = "Certificate Authority"
-commonName = "ca.example.com"
-emailAddress = "ca@example.com"
-
-[ req_ext ]
-subjectKeyIdentifier = hash
-#authorityKeyIdentifier = keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = critical,keyCertSign,cRLSign
-
-[ v3_req_ext ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = critical,keyCertSign,cRLSign
-subjectAltName = email:ca@example.com
-issuerAltName = issuer:copy
+++ /dev/null
-# Client
-
-[ req ]
-default_md = sha1
-utf8 = yes
-string_mask = utf8only
-prompt = no
-distinguished_name = req_dn
-
-[ req_dn ]
-0.domainComponent = "COM"
-1.domainComponent = "EXAMPLE"
-commonName = "Client"
-emailAddress = client@example.com
+++ /dev/null
-# Intermediate Root CA
-
-[ req ]
-default_md = sha1
-utf8 = yes
-string_mask = utf8only
-prompt = no
-distinguished_name = req_dn
-req_extensions = req_ext
-x509_extensions = v3_req_ext
-
-[ req_dn ]
-0.domainComponent = "COM"
-1.domainComponent = "EXAMPLE"
-organizationalUnitName = "Intermediate Certificate Authority"
-commonName = "intermediate-ca.example.com"
-emailAddress = "intermediate-ca@example.com"
-
-[ req_ext ]
-subjectKeyIdentifier = hash
-#authorityKeyIdentifier = keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = critical,keyCertSign,cRLSign
-
-[ v3_req_ext ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = critical,keyCertSign,cRLSign
-subjectAltName = email:intermediate-ca@example.com
-issuerAltName = issuer:copy
+++ /dev/null
-# Root CA
-
-[ req ]
-default_md = sha1
-utf8 = yes
-string_mask = utf8only
-prompt = no
-distinguished_name = req_dn
-req_extensions = req_ext
-x509_extensions = v3_req_ext
-
-[ req_dn ]
-0.domainComponent = "COM"
-1.domainComponent = "EXAMPLE"
-organizationalUnitName = "Old Untrusted Certificate Authority"
-commonName = "once.was.a.ca.example.com"
-emailAddress = "ca@example.com"
-
-[ req_ext ]
-subjectKeyIdentifier = hash
-#authorityKeyIdentifier = keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = critical,keyCertSign,cRLSign
-
-[ v3_req_ext ]
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = critical,keyCertSign,cRLSign
-subjectAltName = email:ca@example.com
-issuerAltName = issuer:copy
+++ /dev/null
-# Server
-
-[ req ]
-default_md = sha1
-utf8 = yes
-string_mask = utf8only
-prompt = no
-distinguished_name = req_dn
-req_extensions = req_ext
-x509_extensions = v3_req_ext
-
-[ req_dn ]
-0.domainComponent = "COM"
-1.domainComponent = "EXAMPLE"
-commonName = "server.example.com"
-
-[ req_ext ]
-basicConstraints = CA:false
-extendedKeyUsage = serverAuth
-
-[ v3_req_ext ]
-basicConstraints = CA:false
-extendedKeyUsage = serverAuth
-subjectAltName = @alt_names
-
-[ alt_names ]
-IP.0 = 192.168.1.22
+++ /dev/null
-# Server
-
-[ req ]
-default_md = sha1
-utf8 = yes
-string_mask = utf8only
-prompt = no
-distinguished_name = req_dn
-req_extensions = req_ext
-x509_extensions = v3_req_ext
-
-[ req_dn ]
-0.domainComponent = "COM"
-1.domainComponent = "EXAMPLE"
-commonName = "server.example.com"
-
-[ req_ext ]
-basicConstraints = CA:false
-extendedKeyUsage = serverAuth
-
-[ v3_req_ext ]
-basicConstraints = CA:false
-extendedKeyUsage = serverAuth
-subjectAltName = @alt_names
-
-[ alt_names ]
-IP.0 = 192.168.1.10
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
task = g_task_new (interaction, cancellable, callback, user_data);
- if (self->static_error)
- g_task_return_error (task, g_error_copy (self->static_error));
- else
- g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
+ g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
g_task_return_boolean (task, TRUE);
- g_object_unref (task);
}
static GTlsInteractionResult
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_INTERACTION_FAILED;
- if (self->static_error)
- {
- g_propagate_error (error, g_error_copy (self->static_error));
- return G_TLS_INTERACTION_FAILED;
- }
- else
- {
- g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
- return G_TLS_INTERACTION_HANDLED;
- }
-}
-
-static void
-mock_interaction_request_certificate_async (GTlsInteraction *interaction,
- GTlsConnection *connection,
- GTlsCertificateRequestFlags flags,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- MockInteraction *self = MOCK_INTERACTION (interaction);
- GTask *task;
-
- task = g_task_new (interaction, cancellable, callback, user_data);
-
- if (self->static_error)
- g_task_return_error (task, g_error_copy (self->static_error));
- else
- {
- g_tls_connection_set_certificate (connection, self->static_certificate);
- g_task_return_boolean (task, TRUE);
- }
- g_object_unref (task);
-}
-
-static GTlsInteractionResult
-mock_interaction_request_certificate_finish (GTlsInteraction *interaction,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, interaction),
- G_TLS_INTERACTION_UNHANDLED);
-
- if (!g_task_propagate_boolean (G_TASK (result), error))
- return G_TLS_INTERACTION_FAILED;
- else
- return G_TLS_INTERACTION_HANDLED;
-}
-
-static GTlsInteractionResult
-mock_interaction_request_certificate (GTlsInteraction *interaction,
- GTlsConnection *connection,
- GTlsCertificateRequestFlags flags,
- GCancellable *cancellable,
- GError **error)
-{
- MockInteraction *self = MOCK_INTERACTION (interaction);
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_INTERACTION_FAILED;
-
- if (self->static_error)
- {
- g_propagate_error (error, g_error_copy (self->static_error));
- return G_TLS_INTERACTION_FAILED;
- }
- else
- {
- g_tls_connection_set_certificate (connection, self->static_certificate);
- return G_TLS_INTERACTION_HANDLED;
- }
+ g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
+ return G_TLS_INTERACTION_HANDLED;
}
static void
MockInteraction *self = MOCK_INTERACTION (object);
g_free (self->static_password);
- g_clear_object (&self->static_certificate);
- g_clear_error (&self->static_error);
G_OBJECT_CLASS (mock_interaction_parent_class)->finalize (object);
}
interaction_class->ask_password = mock_interaction_ask_password;
interaction_class->ask_password_async = mock_interaction_ask_password_async;
interaction_class->ask_password_finish = mock_interaction_ask_password_finish;
- interaction_class->request_certificate = mock_interaction_request_certificate;
- interaction_class->request_certificate_async = mock_interaction_request_certificate_async;
- interaction_class->request_certificate_finish = mock_interaction_request_certificate_finish;
-}
-GTlsInteraction *
-mock_interaction_new_static_password (const gchar *password)
-{
- MockInteraction *self;
-
- self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
-
- self->static_password = g_strdup (password);
- return G_TLS_INTERACTION (self);
}
GTlsInteraction *
-mock_interaction_new_static_certificate (GTlsCertificate *cert)
+mock_interaction_new_static (const gchar *password)
{
MockInteraction *self;
self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
- self->static_certificate = cert ? g_object_ref (cert) : NULL;
- return G_TLS_INTERACTION (self);
-}
-
-GTlsInteraction *
-mock_interaction_new_static_error (GQuark domain,
- gint code,
- const gchar *message)
-{
- MockInteraction *self;
-
- self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
-
- self->static_error = g_error_new (domain, code, "%s", message);
+ self->static_password = g_strdup (password);
return G_TLS_INTERACTION (self);
}
{
GTlsInteraction parent_instance;
gchar *static_password;
- GTlsCertificate *static_certificate;
- GError *static_error;
};
struct _MockInteractionClass
GType mock_interaction_get_type (void);
-
-GTlsInteraction *mock_interaction_new_static_password (const gchar *password);
-
-GTlsInteraction *mock_interaction_new_static_certificate (GTlsCertificate *cert);
-
-GTlsInteraction *mock_interaction_new_static_error (GQuark domain,
- gint code,
- const gchar *message);
+GTlsInteraction *mock_interaction_new_static (const gchar *password);
G_END_DECLS
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
/* This time we log in, and should have a match */
results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref);
- interaction = mock_interaction_new_static_password (MOCK_SLOT_ONE_PIN);
+ interaction = mock_interaction_new_static (MOCK_SLOT_ONE_PIN);
state = g_pkcs11_slot_enumerate (test->slot, interaction,
match->attrs, match->count, TRUE,
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
* Author: Stef Walter <stefw@collabora.co.uk>
*/