Imported Upstream version 2.60.1

Change-Id: Ie083e88c097c11d67e90a845536e271f6c4a73e4

diff --git a/.gitignore b/.gitignore
deleted file mode 100644 (file)
index ebf44ce..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,53 +0,0 @@
-# for all subdirectories
-Makefile.in
-Makefile
-.libs
-.deps
-*.o
-*.lo
-*.la
-*.test
-*.log
-*.trs
-
-# autofoo stuff here
-compile
-config.*
-configure
-depcomp
-aclocal.m4
-autom4te.cache
-stamp-*
-libtool
-ltmain.sh
-missing
-install-sh
-glib-gettextize
-glib-zip
-gtk-doc.make
-compile
-glib-lcov.info
-glib-lcov
-test-driver
-
-INSTALL
-ChangeLog
-m4/libtool.m4
-m4/lt*.m4
-
-proxy/libproxy/glib-pacrunner
-proxy/libproxy/glib-pacrunner.service
-proxy/libproxy/org.gtk.GLib.PACRunner.service
-proxy/tests/gnome
-proxy/tests/libproxy
-
-/tls/tests/certificate
-/tls/tests/file-database
-/tls/tests/connection
-/tls/tests/pkcs11
-/tls/tests/pkcs11-array
-/tls/tests/pkcs11-pin
-/tls/tests/pkcs11-slot
-/tls/tests/pkcs11-util
-/tls/tests/files/server-csr.pem
-/tls/tests/files/client-csr.pem

diff --git a/AUTHORS b/AUTHORS
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/COPYING b/COPYING
index 5bc8fb2..4362b49 100644 (file)
--- a/COPYING
+++ b/COPYING
@@ -1,13 +1,14 @@
-                  GNU LIBRARY GENERAL PUBLIC LICENSE
-                       Version 2, June 1991
+                  GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 2.1, February 1999
 
- Copyright (C) 1991 Free Software Foundation, Inc.
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-[This is the first released version of the library GPL.  It is
- numbered 2 because it goes with version 2 of the ordinary GPL.]
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
 
                             Preamble
 
@@ -16,97 +17,109 @@ freedom to share and change it.  By contrast, the GNU General Public
 Licenses are intended to guarantee your freedom to share and change
 free software--to make sure the software is free for all its users.
 
-  This license, the Library General Public License, applies to some
-specially designated Free Software Foundation software, and to any
-other libraries whose authors decide to use it.  You can use it for
-your libraries, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
 
   To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if
-you distribute copies of the library, or if you modify it.
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
 
   For example, if you distribute copies of the library, whether gratis
 or for a fee, you must give the recipients all the rights that we gave
 you.  You must make sure that they, too, receive or can get the source
-code.  If you link a program with the library, you must provide
-complete object files to the recipients so that they can relink them
-with the library, after making changes to the library and recompiling
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
 it.  And you must show them these terms so they know their rights.
 
-  Our method of protecting your rights has two steps: (1) copyright
-the library, and (2) offer you this license which gives you legal
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
 permission to copy, distribute and/or modify the library.
 
-  Also, for each distributor's protection, we want to make certain
-that everyone understands that there is no warranty for this free
-library.  If the library is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original
-version, so that any problems introduced by others will not reflect on
-the original authors' reputations.
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
 \f
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that companies distributing free
-software will individually obtain patent licenses, thus in effect
-transforming the program into proprietary software.  To prevent this,
-we have made it clear that any patent must be licensed for everyone's
-free use or not licensed at all.
-
-  Most GNU software, including some libraries, is covered by the ordinary
-GNU General Public License, which was designed for utility programs.  This
-license, the GNU Library General Public License, applies to certain
-designated libraries.  This license is quite different from the ordinary
-one; be sure to read it in full, and don't assume that anything in it is
-the same as in the ordinary license.
-
-  The reason we have a separate public license for some libraries is that
-they blur the distinction we usually make between modifying or adding to a
-program and simply using it.  Linking a program with a library, without
-changing the library, is in some sense simply using the library, and is
-analogous to running a utility program or application program.  However, in
-a textual and legal sense, the linked executable is a combined work, a
-derivative of the original library, and the ordinary General Public License
-treats it as such.
-
-  Because of this blurred distinction, using the ordinary General
-Public License for libraries did not effectively promote software
-sharing, because most developers did not use the libraries.  We
-concluded that weaker conditions might promote sharing better.
-
-  However, unrestricted linking of non-free programs would deprive the
-users of those programs of all benefit from the free status of the
-libraries themselves.  This Library General Public License is intended to
-permit developers of non-free programs to use free libraries, while
-preserving your freedom as a user of such programs to change the free
-libraries that are incorporated in them.  (We have not seen how to achieve
-this as regards changes in header files, but we have achieved it as regards
-changes in the actual functions of the Library.)  The hope is that this
-will lead to faster development of free libraries.
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard.  To achieve this, non-free programs must be
+allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
 
   The precise terms and conditions for copying, distribution and
 modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
-former contains code derived from the library, while the latter only
-works together with the library.
-
-  Note that it is possible for a library to be covered by the ordinary
-General Public License rather than by this special one.
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
 \f
-                  GNU LIBRARY GENERAL PUBLIC LICENSE
+                  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
-  0. This License Agreement applies to any software library which
-contains a notice placed by the copyright holder or other authorized
-party saying it may be distributed under the terms of this Library
-General Public License (also called "this License").  Each licensee is
-addressed as "you".
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
 
   A "library" means a collection of software functions and/or data
 prepared so as to be conveniently linked with application programs
@@ -133,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-  
+
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -255,7 +268,7 @@ distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
 \f
-  6. As an exception to the Sections above, you may also compile or
+  6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
 under terms of your choice, provided that the terms permit
@@ -282,23 +295,31 @@ of these things:
     Library will not necessarily be able to recompile the application
     to use the modified definitions.)
 
-    b) Accompany the work with a written offer, valid for at
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at
     least three years, to give the same user the materials
     specified in Subsection 6a, above, for a charge no more
     than the cost of performing this distribution.
 
-    c) If distribution of the work is made by offering access to copy
+    d) If distribution of the work is made by offering access to copy
     from a designated place, offer equivalent access to copy the above
     specified materials from the same place.
 
-    d) Verify that the user has already received a copy of these
+    e) Verify that the user has already received a copy of these
     materials or that you have already sent this user a copy.
 
   For an executable, the required form of the "work that uses the
 Library" must include any data and utility programs needed for
 reproducing the executable from it.  However, as a special exception,
-the source code distributed need not include anything that is normally
-distributed (in either source or binary form) with the major
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
 components (compiler, kernel, and so on) of the operating system on
 which the executable runs, unless that component itself accompanies
 the executable.
@@ -347,7 +368,7 @@ Library), the recipient automatically receives a license from the
 original licensor to copy, distribute, link with or modify the Library
 subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
+You are not responsible for enforcing compliance by third parties with
 this License.
 \f
   11. If, as a consequence of a court judgment or allegation of patent
@@ -390,7 +411,7 @@ excluded.  In such case, this License incorporates the limitation as if
 written in the body of this License.
 
   13. The Free Software Foundation may publish revised and/or new
-versions of the Library General Public License from time to time.
+versions of the Lesser General Public License from time to time.
 Such new versions will be similar in spirit to the present version,
 but may differ in detail to address new problems or concerns.
 
@@ -453,16 +474,16 @@ convey the exclusion of warranty; and each file should have at least the
     Copyright (C) <year>  <name of author>
 
     This library is free software; you can redistribute it and/or
-    modify it under the terms of the GNU Library General Public
+    modify it under the terms of the GNU Lesser General Public
     License as published by the Free Software Foundation; either
-    version 2 of the License, or (at your option) any later version.
+    version 2.1 of the License, or (at your option) any later version.
 
     This library is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    Library General Public License for more details.
+    Lesser General Public License for more details.
 
-    You should have received a copy of the GNU Library General Public
+    You should have received a copy of the GNU Lesser General Public
     License along with this library; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 

diff --git a/ChangeLog b/ChangeLog
deleted file mode 100644 (file)
index e69de29..0000000

diff --git a/LICENSE_EXCEPTION b/LICENSE_EXCEPTION
index dea39f5..6a4ea06 100644 (file)
--- a/LICENSE_EXCEPTION
+++ b/LICENSE_EXCEPTION
@@ -1,11 +1,10 @@
-
                LICENSE EXCEPTION FOR OPENSSL
 
  * In addition, as a special exception, the copyright holders give
  * permission to link the code of portions of this program with the
  * OpenSSL library, and distribute linked combinations
  * including the two.
- * You must obey the GNU Library General Public License in all respects
+ * You must obey the GNU Lesser General Public License in all respects
  * for all of the code used other than OpenSSL.  If you modify
  * file(s) with this exception, you may extend this exception to your
  * version of the file(s), but you are not obligated to do so.  If you

diff --git a/Makefile.am b/Makefile.am
deleted file mode 100644 (file)
index a9826c0..0000000
--- a/Makefile.am
+++ /dev/null
@@ -1,40 +0,0 @@
-## Process this file with automake to produce Makefile.in
-include $(top_srcdir)/glib-networking.mk
-
-ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
-
-SUBDIRS = po
-
-if HAVE_LIBPROXY
-SUBDIRS += proxy/libproxy
-endif
-
-if HAVE_GNOME_PROXY
-SUBDIRS += proxy/gnome
-endif
-
-SUBDIRS += proxy/tests
-
-if HAVE_PKCS11
-SUBDIRS += tls/pkcs11
-endif
-
-if HAVE_GNUTLS
-SUBDIRS += tls/gnutls
-SUBDIRS += tls/tests
-endif
-
-install-exec-hook:
-       if test -n "$(GIO_QUERYMODULES)" -a -z "$(DESTDIR)"; then \
-               $(GIO_QUERYMODULES) $(GIO_MODULE_DIR) ;           \
-       fi
-
-uninstall-hook:
-       if test -n "$(GIO_QUERYMODULES)" -a -z "$(DESTDIR)"; then \
-               $(GIO_QUERYMODULES) $(GIO_MODULE_DIR) ;           \
-       fi
-
-EXTRA_DIST +=          \
-       tap-driver.sh   \
-       tap-test        \
-       $(NULL)

diff --git a/NEWS b/NEWS
index 786a6b9..2e5b404 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,196 @@
+2.60.1 - April 1, 2019
+======================
+
+- Improve reliability of client auth failure tests (#66)
+- Fix excessive CPU usage after sync handshake (#69)
+
+2.60.0.1 - March 12, 2019
+=========================
+
+- Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan)
+
+2.60.0 - March 11, 2019
+=======================
+
+This is the first stable release featuring the new OpenSSL backend. Please be
+advised that this new backend is still experimental and known to not work on
+some systems, including Debian. Linux distributions are encouraged to stick to
+the default build options, where OpenSSL is not yet enabled.
+
+- Fix build with GnuTLS disabled (Nirbheek Chauhan)
+- Fix build on Windows (Chun-Wei Fan)
+
+2.59.92 - March 4, 2019
+=======================
+
+- Many OpenSSL backend fixes for Windows (Nirbheek Chauhan)
+- GnuTLS: reject sync operations during handshake to avoid deadlocks (#46)
+- Temporarily disable DTLS and OpenSSL tests due to #49 and #54
+
+2.59.91 - February 18, 2019
+===========================
+
+- Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot)
+- Fix tests build when GnuTLS is disabled (#59)
+- Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61)
+- Fix some problems with the connection tests (Fredrik Ternerot)
+
+2.59.90 - February 4, 2019
+==========================
+
+This release adds an OpenSSL backend, obsoleting the glib-openssl project.
+Credit to all the contributors to the glib-openssl project, especially
+Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the
+transition.
+
+The OpenSSL backend seems to be mature, though it is less well-tested for
+desktop usage than the GnuTLS backend. It will remain disabled by default at
+build time due to the GPL-incompatible nature of the OpenSSL license -- and the
+GPLv2-incompatible nature of the Apache license that will be used by future
+versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux
+distros.
+
+Use the OpenSSL backend if you are building an embedded system where
+(GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both
+dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL
+license. If the OpenSSL backend is enabled at build time, you should probably
+disable build of the GnuTLS backend, or it will take precedence over the OpenSSL
+backend at runtime. For example, you could configure with:
+
+$ mkdir build && cd build
+$ meson -Dgnutls=disabled -Dopenssl=enabled ..
+
+2.59.2 - January 7, 2019
+========================
+
+ - Add support for application layer protocol negotiation (#47, Scott Hutton)
+
+2.59.1 - November 11, 2018
+==========================
+
+This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2,
+due to lack of any feedback whatsoever regarding its disablement. If you think
+it is still useful to you, given that the normal gnutls backend now supports
+PKCS#11, speak up now.
+
+This release also includes several changes to properly support TLS 1.3.
+
+Other changes:
+
+ - Perform certificate verification during, not after, TLS handshake
+ - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.)
+ - Regenerate test certificates to prepare for OpenSSL support
+ - Several meson build system improvements to prepare for OpenSSL support
+
+2.58.0 - September 2, 2018
+==========================
+
+ - Updated translations
+
+2.57.92 - August 27, 2018
+=========================
+
+ - Revert fixes for #4 and #6 due to regression (#43)
+ - Fix installed tests (Sébastien Bacher, !7)
+
+2.57.90 - August 12, 2018
+=========================
+
+ - Properly check for server errors in connection tests (#4)
+ - Perform certificate verification during, not after, TLS handshake (#6)
+ - Avoid trailing dots in SNI hostnames (#11)
+ - Send fallback SCSV with fallback connection attempts
+ - Fail unsafe rehandshake attempts initiated by API request
+
+2.57.3 - July 16, 2018
+======================
+
+- Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
+- Use .so for modules on macOS instead of dylib (Nirbheek Chauhan)
+- Fix build with MSVCC (Nirbheek Chauhan)
+
+2.57.2 - May 21, 2018
+=====================
+
+This release disables build of the gnutls-pkcs11 backend by default. Please
+direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7
+
+- Several meson build system improvements
+  (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan)
+
+2.57.1 - April 16, 2018
+=======================
+
+- Use GnuTLS system trust and remove build option to specify cert bundle (#753260)
+- Fix criticals when child streams outlast the parent GTlsConnection (#792219)
+- Fix crash when setting client cert without private key (#793712)
+- Update tests for compatibility with GnuTLS 3.6.2 (#794286)
+- Never install GIO modules outside build prefix (#794358)
+- Don't install test files if installed tests are disabled (#794372)
+- Fix build with -Dpkcs11=false (#794292, Tom Schoonjans)
+- Allow building as meson subproject (#794709, Mathieu Duponchelle)
+
+- g_tls_certificate_verify() no longer manually verifies certificate
+  activation/expiration time, matching the current behavior of
+  g_tls_database_verify_chain().
+
+2.56.0 - March 20, 2018
+=======================
+
+- Updated translations
+
+2.55.90 - February 12, 2018
+===========================
+
+- Fix unit tests when SSLv3 is unavailable (#782853)
+- Allow static linking (#791100, Xavier Claessens)
+- Fix issues found by coverity (#792402, Philip Withnall)
+- Remove TLS build option; it is now mandatory
+- Try to ensure that GnuTLS is only initialized if TLS is actually used
+- Update use of GObject to follow current best practices
+- Use XDG_CURRENT_DESKTOP to determine which proxy module to load
+
+2.55.2 - December 13, 2017
+==========================
+
+ * Fix glib-pacrunner.service installation directory
+   [#790367, Michael Catanzaro]
+
+ * Updated translations: Hebrew, Indonesian, Spanish
+
+2.55.1 - November 13, 2017
+==========================
+
+ * Implement DTLS support [#697908, Philip Withnall and Olivier Crête]
+
+ * Fix using different client certs for different connections
+   [#781578, Martin Pitt]
+
+ * Port to Meson build system [#786639, Iñigo Martínez]
+
+ * Updated translations: Catalan (Valencian), Croatian, Czech, German,
+   Greek, Norwegian bokmål, Persian, Slovenian
+
+2.54.0
+======
+  * New/updated translations: Basque, Belarusian, Brazilian
+    Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish,
+    Dutch, French, Galician, Hungarian, Italian, Korean, Latvian,
+    Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish,
+    Turkish
+
+2.53.90
+=======
+  * gnutls: Stop using %LATEST_RECORD_VERSION in priority string,
+    since that gives better compatibility with current gnutls /
+    current real world. [#782218, Michael Catanzaro]
+
+  * gnutls: Provide a better error message when a TLS alert is
+    received. [#782218, Michael Catanzaro]
+
+  * New/updated translations: Croatian, Czech, Esperanto, Friulian,
+    German, Indonesian, Italian, Kazakh, Slovenian, Spanish
+
 2.50.0
 ======
   * New stable release.

diff --git a/README b/README
index c586dbc..6269242 100644 (file)
--- a/README
+++ b/README
@@ -1,4 +1,13 @@
-Network-related giomodules for glib.
+Network-related giomodules for glib
+
+glib-networking contains the implementations of certain GLib networking features
+that cannot be implemented directly in GLib itself because of their
+dependencies.
+
+Currently it contains GnuTLS and OpenSSL-based implementations of GTlsBackend, 
+a libproxy-based implementation of GProxyResolver, GLibproxyResolver,
+and a GNOME GProxyResolver that uses the proxy information from the GSettings
+schemas in gsettings-desktop-schemas.
 
 File bugs against
-http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network
+https://gitlab.gnome.org/GNOME/glib-networking/issues/new

diff --git a/autogen.sh b/autogen.sh
deleted file mode 100755 (executable)
index e8cfe3e..0000000
--- a/autogen.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/sh
-# Run this to generate all the initial makefiles, etc.
-
-test -n "$srcdir" || srcdir=`dirname "$0"`
-test -n "$srcdir" || srcdir=.
-
-olddir=`pwd`
-cd "$srcdir"
-
-AUTORECONF=`which autoreconf`
-if test -z $AUTORECONF; then
-        echo "*** No autoreconf found, please install it ***"
-        exit 1
-fi
-
-mkdir -p m4
-autoreconf --force --install --verbose || exit $?
-
-cd "$olddir"
-test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"

diff --git a/configure.ac b/configure.ac
deleted file mode 100644 (file)
index c6f49ca..0000000
--- a/configure.ac
+++ /dev/null
@@ -1,260 +0,0 @@
-AC_PREREQ(2.65)
-AC_CONFIG_MACRO_DIR([m4])
-
-AC_INIT([glib-networking],[2.50.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network])
-
-AC_CONFIG_SRCDIR([proxy/libproxy/glibproxyresolver.h])
-AC_CONFIG_HEADERS([config.h])
-
-dnl Other initialization
-AM_INIT_AUTOMAKE([1.11 no-dist-gzip dist-xz -Wno-portability])
-AM_MAINTAINER_MODE([enable])
-AM_SILENT_RULES([yes])
-LT_INIT
-
-dnl Checks for programs.
-AC_PROG_CC
-AM_PROG_CC_C_O
-AC_PROG_CPP
-
-dnl Checks for libraries.
-
-dnl ****************************
-dnl *** Checks for gettext   ***
-dnl ****************************
-AM_GNU_GETTEXT_VERSION([0.19.4])
-AM_GNU_GETTEXT([external])
-
-GETTEXT_PACKAGE=glib-networking
-AC_SUBST([GETTEXT_PACKAGE])
-AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[The gettext domain name])
-
-dnl *****************************
-dnl *** Check GLib GIO        ***
-dnl *****************************
-AM_PATH_GLIB_2_0(2.46.0,,AC_MSG_ERROR(GLIB not found),gio)
-GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_46"
-
-GIO_MODULE_DIR=$($PKG_CONFIG --variable giomoduledir gio-2.0)
-AS_IF([test "$GIO_MODULE_DIR" = ""],
-      [AC_MSG_FAILURE(GIO_MODULE_DIR is missing from gio-2.0.pc)])
-AC_SUBST(GIO_MODULE_DIR)
-
-AC_PATH_PROG(GIO_QUERYMODULES, gio-querymodules)
-AC_SUBST(GIO_QUERYMODULES)
-
-GLIB_TESTS
-
-dnl *****************************
-dnl *** Checks for LibProxy   ***
-dnl *****************************
-
-AC_ARG_WITH(libproxy,
-    [AC_HELP_STRING([--with-libproxy],
-                    [support for libproxy @<:@default=check@:>@])],
-    [],
-    [with_libproxy=check])
-AS_IF([test "$with_libproxy" != "no"],
-    [PKG_CHECK_MODULES(LIBPROXY, [libproxy-1.0 >= 0.3.1],
-        [with_libproxy=yes; proxy_support=libproxy],
-        [AS_IF([test "$with_libproxy" = "yes"],
-               [AC_MSG_FAILURE("$LIBPROXY_PKG_ERRORS")])])])
-AM_CONDITIONAL(HAVE_LIBPROXY, [test "$with_libproxy" = "yes"])
-AC_SUBST(LIBPROXY_CFLAGS)
-AC_SUBST(LIBPROXY_LIBS)
-
-dnl **************************************
-dnl *** Checks for GNOME proxy backend ***
-dnl **************************************
-AC_ARG_WITH(gnome-proxy,
-    [AC_HELP_STRING([--with-gnome-proxy],
-                    [support for GNOME proxy configuration @<:@default=check@:>@])],
-    [],
-    [with_gnome_proxy=check])
-AS_IF([test "$with_gnome_proxy" != "no"],
-    [PKG_CHECK_MODULES(GSETTINGS_DESKTOP_SCHEMAS, [gsettings-desktop-schemas],
-        [with_gnome_proxy=yes; proxy_support="gnome $proxy_support"],
-       [AS_IF([test "$with_gnome_proxy" = "yes"],
-               [AC_MSG_FAILURE("$GSETTINGS_DESKTOP_SCHEMAS_PKG_ERRORS")])])])
-AM_CONDITIONAL(HAVE_GNOME_PROXY, [test "$with_gnome_proxy" = "yes"])
-AC_SUBST(GSETTINGS_DESKTOP_SCHEMAS_CFLAGS)
-
-dnl *****************************
-dnl *** Checks for GNUTLS     ***
-dnl *****************************
-
-GNUTLS_MIN_REQUIRED=3.0
-
-AC_ARG_WITH(gnutls,
-    [AC_HELP_STRING([--with-gnutls],
-                    [support for GNUTLS @<:@default=yes@:>@])],
-    [],
-    [with_gnutls=yes])
-if test "$with_gnutls" != "no"; then
-       PKG_CHECK_MODULES(GNUTLS,
-                         [gnutls >= $GNUTLS_MIN_REQUIRED],
-                         [with_gnutls=yes
-                          tls_support="${tls_support}gnutls "],
-                         [AS_IF([test "$with_gnutls" = "yes"],
-                                [AC_MSG_FAILURE("$GNUTLS_PKG_ERRORS")])])
-fi
-AM_CONDITIONAL(HAVE_GNUTLS, [test "$with_gnutls" = "yes"])
-AC_SUBST(GNUTLS_CFLAGS)
-AC_SUBST(GNUTLS_LIBS)
-
-if test "$with_gnutls" = "yes"; then
-    AC_MSG_CHECKING([location of system Certificate Authority list])
-    AC_ARG_WITH(ca-certificates,
-               [AC_HELP_STRING([--with-ca-certificates=@<:@path@:>@],
-                               [path to system Certificate Authority list])])
-    if test "$with_ca_certificates" = "no"; then
-        AC_MSG_RESULT([disabled])
-    else
-        if test -z "$with_ca_certificates"; then
-           for f in /etc/pki/tls/certs/ca-bundle.crt \
-                    /etc/ssl/certs/ca-certificates.crt \
-                    /etc/ssl/ca-bundle.pem; do
-               if test -f "$f"; then
-                   with_ca_certificates="$f"
-               fi
-           done
-           if test -z "$with_ca_certificates"; then
-               AC_MSG_ERROR([could not find. Use --with-ca-certificates=path to set, or --without-ca-certificates to disable])
-           fi
-        fi
-
-        AC_MSG_RESULT($with_ca_certificates)
-        AC_DEFINE_UNQUOTED(GTLS_SYSTEM_CA_FILE, ["$with_ca_certificates"], [The system TLS CA list])
-    fi
-fi
-
-dnl *****************************
-dnl *** Checks for pkcs11    ***
-dnl *****************************
-
-P11_KIT_REQUIRED=0.8
-
-AC_ARG_WITH(pkcs11,
-       [AC_HELP_STRING([--with-pkcs11],
-                       [support for pkcs11 @<:@default=check@:>@])],
-                       [],
-                       [with_pkcs11=check])
-if test "$with_pkcs11" != "no"; then
-       PKG_CHECK_MODULES(PKCS11,
-                         [p11-kit-1 >= $P11_KIT_REQUIRED],
-                         [with_pkcs11=yes
-                          pkcs11_support=p11-kit
-                          tls_support="${tls_support}gnutls-pkcs11 "
-                          AC_DEFINE_UNQUOTED([HAVE_PKCS11], [1], [Building with PKCS#11 support])],
-                         [AS_IF([test "$with_pkcs11" = "yes"],
-                                [AC_MSG_FAILURE("$PKCS11_PKG_ERRORS")])
-                          pkcs11_support=no])
-else
-       pkcs11_support=no
-fi
-AM_CONDITIONAL(HAVE_PKCS11, [test "$with_pkcs11" = "yes"])
-AC_SUBST(PKCS11_CFLAGS)
-AC_SUBST(PKCS11_LIBS)
-
-dnl ************************************
-dnl *** Enable lcov coverage reports ***
-dnl ************************************
-
-AC_ARG_ENABLE(gcov,
-  AS_HELP_STRING([--enable-gcov],
-                [Enable gcov]),
-  [use_gcov=$enableval], [use_gcov=no])
-
-if test "$use_gcov" = "yes"; then
-  dnl we need gcc:
-  if test "$GCC" != "yes"; then
-    AC_MSG_ERROR([GCC is required for --enable-gcov])
-  fi
-
-  ltp_version_list="1.6 1.7 1.8 1.9"
-  AC_CHECK_PROG(LTP, lcov, lcov)
-  AC_CHECK_PROG(LTP_GENHTML, genhtml, genhtml)
-
-  if test "$LTP"; then
-    AC_CACHE_CHECK([for ltp version], glib_cv_ltp_version, [
-      glib_cv_ltp_version=invalid
-      ltp_version=`$LTP -v 2>/dev/null | $SED -e 's/^.* //'`
-      for ltp_check_version in $ltp_version_list; do
-        if test "$ltp_version" = "$ltp_check_version"; then
-          glib_cv_ltp_version="$ltp_check_version (ok)"
-        fi
-      done
-    ])
-  else
-    ltp_msg="To enable code coverage reporting you must have one of the following LTP versions installed: $ltp_version_list"
-    AC_MSG_ERROR([$ltp_msg])
-  fi
-
-  case $glib_cv_ltp_version in
-    ""|invalid[)]
-      ltp_msg="You must have one of the following versions of LTP: $ltp_version_list (found: $ltp_version)."
-      AC_MSG_ERROR([$ltp_msg])
-      LTP="exit 0;"
-      ;;
-  esac
-
-  if test -z "$LTP_GENHTML"; then
-    AC_MSG_ERROR([Could not find genhtml from the LTP package])
-  fi
-
-  AC_DEFINE(HAVE_GCOV, 1, [Whether you have gcov])
-
-  dnl Remove all optimization flags from CFLAGS
-  changequote({,})
-  CFLAGS=`echo "$CFLAGS" | $SED -e 's/-O[0-9]*//g'`
-  changequote([,])
-
-  dnl Add the special gcc flags
-  CFLAGS="$CFLAGS -O0 -fprofile-arcs -ftest-coverage"
-  LDFLAGS="$LDFLAGS -lgcov"
-fi
-
-dnl ****************************************************
-dnl *** Warnings to show if using GCC                ***
-dnl *** (do this last so -Werror won't mess up tests ***
-dnl ****************************************************
-
-AC_ARG_ENABLE(more-warnings,
-             AS_HELP_STRING([--disable-more-warnings], [Inhibit compiler warnings]),
-             set_more_warnings=no)
-
-if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then
-       CFLAGS="$CFLAGS \
-               -Wall -Wstrict-prototypes -Werror=missing-prototypes \
-               -Werror=implicit-function-declaration \
-               -Werror=pointer-arith -Werror=init-self -Werror=format=2 \
-               -Werror=missing-include-dirs \
-               -Werror=declaration-after-statement"
-fi
-
-dnl *****************************
-dnl *** done                  ***
-dnl *****************************
-AC_CONFIG_FILES([Makefile
-                 po/Makefile.in po/Makefile
-                 proxy/libproxy/Makefile
-                 proxy/gnome/Makefile
-                 proxy/tests/Makefile
-                 tls/gnutls/Makefile
-                 tls/pkcs11/Makefile
-                 tls/tests/Makefile
-                ])
-AC_OUTPUT
-
-echo ""
-echo     "  Proxy support:     ${proxy_support:-no}"
-echo     "  TLS support:       ${tls_support:-no}"
-if test "$tls_support" != "no"; then
-    echo "  PKCS#11 Support:   $pkcs11_support"
-    echo "  TLS CA file:       ${with_ca_certificates:-(none)}"
-    if test "x$with_ca_certificates" != xno -a -n "$with_ca_certificates"; then
-       if ! test -f "$with_ca_certificates"; then
-           AC_MSG_WARN([Specified certificate authority file '$with_ca_certificates' does not exist])
-       fi
-    fi
-fi

diff --git a/glib-networking.doap b/glib-networking.doap
index 5d687f6..f04e682 100644 (file)
--- a/glib-networking.doap
+++ b/glib-networking.doap
@@ -8,25 +8,27 @@
   <shortdesc xml:lang="en">Network extensions for GLib</shortdesc>
   <description xml:lang="en"> glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies.
 
-Currently it contains a GNUTLS-based implementation of GTlsBackend, a libproxy-based implementation of GProxyResolver, and a GNOME GProxyResolver that uses the proxy information from the GSettings schemas in gsettings-desktop-schemas.</description>
+Currently it contains GnuTLS- and OpenSSL-based implementations of GTlsBackend, a libproxy-based implementation of GProxyResolver, and a GNOME GProxyResolver that uses the proxy information from the GSettings schemas in gsettings-desktop-schemas.</description>
 
   <download-page rdf:resource="http://download.gnome.org/sources/glib-networking" />
-  <bug-database rdf:resource="http://bugzilla.gnome.org/browse.cgi?product=glib" />
+  <bug-database rdf:resource="https://gitlab.gnome.org/GNOME/glib-networking/issues" />
   <category rdf:resource="http://api.gnome.org/doap-extensions#core" />
   <programming-language>C</programming-language>
 
   <maintainer>
     <foaf:Person>
-      <foaf:name>Nicolas Dufresne</foaf:name>
-      <foaf:mbox rdf:resource="mailto:nicolas.dufresne@collabora.co.uk" />
-      <gnome:userid>nicolasd</gnome:userid>
+      <foaf:name>Michael Catanzaro</foaf:name>
+      <foaf:mbox rdf:resource="mailto:mcatanzaro@gnome.org" />
+      <gnome:userid>mcatanzaro</gnome:userid>
     </foaf:Person>
   </maintainer>
+
   <maintainer>
     <foaf:Person>
-      <foaf:name>Dan Winship</foaf:name>
-      <foaf:mbox rdf:resource="mailto:danw@gnome.org" />
-      <gnome:userid>danw</gnome:userid>
+      <foaf:name>Ignacio Casal Quinteiro</foaf:name>
+      <foaf:mbox rdf:resource="mailto:icq@gnome.org" />
+      <gnome:userid>icq</gnome:userid>
     </foaf:Person>
   </maintainer>
+
 </Project>

diff --git a/glib-networking.map b/glib-networking.map
new file mode 100644 (file)
index 0000000..2418609
--- /dev/null
+++ b/glib-networking.map
@@ -0,0 +1,9 @@
+{
+global:
+  g_io_*_load;
+  g_io_*_unload;
+  g_io_*_query;
+  _gnutls_global_init_skip;
+local:
+  *;
+};

diff --git a/glib-networking.mk b/glib-networking.mk
deleted file mode 100644 (file)
index f6b8253..0000000
--- a/glib-networking.mk
+++ /dev/null
@@ -1,14 +0,0 @@
-### glib-networking declarations
-
-module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex '^g_io_module_(load|unload|query)'
-
-giomoduledir = $(GIO_MODULE_DIR)
-
-AM_CPPFLAGS =                          \
-       -DG_LOG_DOMAIN=\"GLib-Net\"     \
-       -DLOCALE_DIR=\""$(localedir)"\" \
-       -DG_DISABLE_DEPRECATED          \
-       $(GLIB_CFLAGS)                  \
-       $(NULL)
-
-include $(top_srcdir)/glib.mk

diff --git a/glib.mk b/glib.mk
deleted file mode 100644 (file)
index 016cb91..0000000
--- a/glib.mk
+++ /dev/null
@@ -1,135 +0,0 @@
-# GLIB - Library of useful C routines
-
-TESTS_ENVIRONMENT= \
-       G_TEST_SRCDIR="$(abs_srcdir)"           \
-       G_TEST_BUILDDIR="$(abs_builddir)"       \
-       G_DEBUG=gc-friendly                     \
-       MALLOC_CHECK_=2                         \
-       MALLOC_PERTURB_=$$(($${RANDOM:-256} % 256))
-LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
-LOG_COMPILER = $(top_srcdir)/tap-test
-
-NULL =
-
-# initialize variables for unconditional += appending
-BUILT_SOURCES =
-BUILT_EXTRA_DIST =
-CLEANFILES = *.log *.trs
-DISTCLEANFILES =
-MAINTAINERCLEANFILES =
-EXTRA_DIST =
-TESTS =
-
-installed_test_LTLIBRARIES =
-installed_test_PROGRAMS =
-installed_test_SCRIPTS =
-nobase_installed_test_DATA =
-
-noinst_LTLIBRARIES =
-noinst_PROGRAMS =
-noinst_SCRIPTS =
-noinst_DATA =
-
-check_LTLIBRARIES =
-check_PROGRAMS =
-check_SCRIPTS =
-check_DATA =
-
-# We support a fairly large range of possible variables.  It is expected that all types of files in a test suite
-# will belong in exactly one of the following variables.
-#
-# First, we support the usual automake suffixes, but in lowercase, with the customary meaning:
-#
-#   test_programs, test_scripts, test_data, test_ltlibraries
-#
-# The above are used to list files that are involved in both uninstalled and installed testing.  The
-# test_programs and test_scripts are taken to be actual testcases and will be run as part of the test suite.
-# Note that _data is always used with the nobase_ automake variable name to ensure that installed test data is
-# installed in the same way as it appears in the package layout.
-#
-# In order to mark a particular file as being only for one type of testing, use 'installed' or 'uninstalled',
-# like so:
-#
-#   installed_test_programs, uninstalled_test_programs
-#   installed_test_scripts, uninstalled_test_scripts
-#   installed_test_data, uninstalled_test_data
-#   installed_test_ltlibraries, uninstalled_test_ltlibraries
-#
-# Additionally, we support 'extra' infixes for programs and scripts.  This is used for support programs/scripts
-# that should not themselves be run as testcases (but exist to be used from other testcases):
-#
-#   test_extra_programs, installed_test_extra_programs, uninstalled_test_extra_programs
-#   test_extra_scripts, installed_test_extra_scripts, uninstalled_test_extra_scripts
-#
-# Additionally, for _scripts and _data, we support the customary dist_ prefix so that the named script or data
-# file automatically end up in the tarball.
-#
-#   dist_test_scripts, dist_test_data, dist_test_extra_scripts
-#   dist_installed_test_scripts, dist_installed_test_data, dist_installed_test_extra_scripts
-#   dist_uninstalled_test_scripts, dist_uninstalled_test_data, dist_uninstalled_test_extra_scripts
-#
-# Note that no file is automatically disted unless it appears in one of the dist_ variables.  This follows the
-# standard automake convention of not disting programs scripts or data by default.
-#
-# test_programs, test_scripts, uninstalled_test_programs and uninstalled_test_scripts (as well as their disted
-# variants) will be run as part of the in-tree 'make check'.  These are all assumed to be runnable under
-# gtester.  That's a bit strange for scripts, but it's possible.
-
-TESTS += $(test_programs) $(test_scripts) $(uninstalled_test_programs) $(uninstalled_test_scripts) \
-         $(dist_test_scripts) $(dist_uninstalled_test_scripts)
-
-# Note: build even the installed-only targets during 'make check' to ensure that they still work.
-# We need to do a bit of trickery here and manage disting via EXTRA_DIST instead of using dist_ prefixes to
-# prevent automake from mistreating gmake functions like $(wildcard ...) and $(addprefix ...) as if they were
-# filenames, including removing duplicate instances of the opening part before the space, eg. '$(addprefix'.
-all_test_programs     = $(test_programs) $(uninstalled_test_programs) $(installed_test_programs) \
-                        $(test_extra_programs) $(uninstalled_test_extra_programs) $(installed_test_extra_programs)
-all_test_scripts      = $(test_scripts) $(uninstalled_test_scripts) $(installed_test_scripts) \
-                        $(test_extra_scripts) $(uninstalled_test_extra_scripts) $(installed_test_extra_scripts)
-all_dist_test_scripts = $(dist_test_scripts) $(dist_uninstalled_test_scripts) $(dist_installed_test_scripts) \
-                        $(dist_test_extra_scripts) $(dist_uninstalled_test_extra_scripts) $(dist_installed_test_extra_scripts)
-all_test_scripts     += $(all_dist_test_scripts)
-EXTRA_DIST           += $(all_dist_test_scripts)
-all_test_data         = $(test_data) $(uninstalled_test_data) $(installed_test_data)
-all_dist_test_data    = $(dist_test_data) $(dist_uninstalled_test_data) $(dist_installed_test_data)
-all_test_data        += $(all_dist_test_data)
-EXTRA_DIST           += $(all_dist_test_data)
-all_test_ltlibs       = $(test_ltlibraries) $(uninstalled_test_ltlibraries) $(installed_test_ltlibraries)
-
-if ENABLE_ALWAYS_BUILD_TESTS
-noinst_LTLIBRARIES += $(all_test_ltlibs)
-noinst_PROGRAMS += $(all_test_programs)
-noinst_SCRIPTS += $(all_test_scripts)
-noinst_DATA += $(all_test_data)
-else
-check_LTLIBRARIES += $(all_test_ltlibs)
-check_PROGRAMS += $(all_test_programs)
-check_SCRIPTS += $(all_test_scripts)
-check_DATA += $(all_test_data)
-endif
-
-if ENABLE_INSTALLED_TESTS
-installed_test_PROGRAMS += $(test_programs) $(installed_test_programs) \
-                          $(test_extra_programs) $(installed_test_extra_programs)
-installed_test_SCRIPTS += $(test_scripts) $(installed_test_scripts) \
-                          $(test_extra_scripts) $(test_installed_extra_scripts)
-installed_test_SCRIPTS += $(dist_test_scripts) $(dist_test_extra_scripts) \
-                          $(dist_installed_test_scripts) $(dist_installed_test_extra_scripts)
-nobase_installed_test_DATA += $(test_data) $(installed_test_data)
-nobase_installed_test_DATA += $(dist_test_data) $(dist_installed_test_data)
-installed_test_LTLIBRARIES += $(test_ltlibraries) $(installed_test_ltlibraries)
-installed_testcases = $(test_programs) $(installed_test_programs) \
-                      $(test_scripts) $(installed_test_scripts) \
-                      $(dist_test_scripts) $(dist_installed_test_scripts)
-
-installed_test_meta_DATA = $(installed_testcases:=.test)
-
-%.test: %$(EXEEXT) Makefile
-       $(AM_V_GEN) (echo '[Test]' > $@.tmp; \
-       echo 'Type=session' >> $@.tmp; \
-       echo 'Exec=$(installed_testdir)/$(notdir $<) --tap' >> $@.tmp; \
-       echo 'Output=TAP' >> $@.tmp; \
-       mv $@.tmp $@)
-
-CLEANFILES += $(installed_test_meta_DATA)
-endif

diff --git a/m4/glibtests.m4 b/m4/glibtests.m4
deleted file mode 100644 (file)
index 7d5920a..0000000
--- a/m4/glibtests.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl GLIB_TESTS
-dnl
-
-AC_DEFUN([GLIB_TESTS],
-[
-  AC_ARG_ENABLE(installed-tests,
-                AS_HELP_STRING([--enable-installed-tests],
-                               [Enable installation of some test cases]),
-                [case ${enableval} in
-                  yes) ENABLE_INSTALLED_TESTS="1"  ;;
-                  no)  ENABLE_INSTALLED_TESTS="" ;;
-                  *) AC_MSG_ERROR([bad value ${enableval} for --enable-installed-tests]) ;;
-                 esac])
-  AM_CONDITIONAL([ENABLE_INSTALLED_TESTS], test "$ENABLE_INSTALLED_TESTS" = "1")
-  AC_ARG_ENABLE(always-build-tests,
-                AS_HELP_STRING([--enable-always-build-tests],
-                               [Enable always building tests during 'make all']),
-                [case ${enableval} in
-                  yes) ENABLE_ALWAYS_BUILD_TESTS="1"  ;;
-                  no)  ENABLE_ALWAYS_BUILD_TESTS="" ;;
-                  *) AC_MSG_ERROR([bad value ${enableval} for --enable-always-build-tests]) ;;
-                 esac])
-  AM_CONDITIONAL([ENABLE_ALWAYS_BUILD_TESTS], test "$ENABLE_ALWAYS_BUILD_TESTS" = "1")
-  if test "$ENABLE_INSTALLED_TESTS" = "1"; then
-    AC_SUBST(installed_test_metadir, [${datadir}/installed-tests/]AC_PACKAGE_NAME)
-    AC_SUBST(installed_testdir, [${libexecdir}/installed-tests/]AC_PACKAGE_NAME)
-  fi
-])

diff --git a/meson.build b/meson.build
new file mode 100644 (file)
index 0000000..8d01f52
--- /dev/null
+++ b/meson.build
@@ -0,0 +1,197 @@
+project(
+  'glib-networking', 'c',
+  version: '2.60.1',
+  license: 'LGPL2.1+',
+  meson_version: '>= 0.47.0',
+  default_options: ['c_std=c11']
+)
+
+prefix = get_option('prefix')
+datadir = join_paths(prefix, get_option('datadir'))
+libdir = join_paths(prefix, get_option('libdir'))
+libexecdir = join_paths(prefix, get_option('libexecdir'))
+localedir = join_paths(prefix, get_option('localedir'))
+
+installed_tests_metadir = join_paths(datadir, 'installed-tests', meson.project_name())
+installed_tests_execdir = join_paths(libexecdir, 'installed-tests', meson.project_name())
+
+cc = meson.get_compiler('c')
+host_system = host_machine.system()
+
+config_h = configuration_data()
+
+config_h.set_quoted('GETTEXT_PACKAGE', meson.project_name())
+
+# compiler flags
+common_flags = [
+  '-DHAVE_CONFIG_H',
+  '-DG_LOG_DOMAIN="GLib-Net"',
+  '-DLOCALE_DIR="@0@"'.format(localedir),
+  '-DG_DISABLE_DEPRECATED',
+  '-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_56'
+]
+
+add_project_arguments(common_flags, language: 'c')
+
+symbol_map = join_paths(meson.current_source_dir(), meson.project_name() + '.map')
+
+module_ldflags = []
+
+if host_system.contains('linux')
+  test_ldflag = '-Wl,--version-script,' + symbol_map
+  module_ldflags += cc.get_supported_link_arguments(test_ldflag)
+endif
+
+# *** Check GLib GIO        ***
+glib_dep = dependency('glib-2.0', version: '>= 2.55.1',
+  fallback: ['glib', 'libglib_dep'])
+gio_dep = dependency('gio-2.0',
+  fallback: ['glib', 'libgio_dep'])
+gobject_dep = dependency('gio-2.0',
+  fallback: ['glib', 'libgobject_dep'])
+gmodule_dep = dependency('gmodule-2.0',
+  fallback: ['glib', 'libgmodule_dep'])
+
+if glib_dep.type_name() == 'internal'
+  glib_proj = subproject('glib')
+  gio_module_dir = glib_proj.get_variable('glib_giomodulesdir')
+else
+  gio_module_dir = gio_dep.get_pkgconfig_variable('giomoduledir',
+                                                  define_variable: ['libdir', join_paths(prefix, libdir)])
+endif
+
+assert(gio_module_dir.startswith(prefix), 'GIO_MODULE_DIR is missing from gio-2.0.pc')
+
+# *** Checks for LibProxy   ***
+libproxy_dep = dependency('libproxy-1.0', version: '>= 0.3.1', required: get_option('libproxy'))
+
+# *** Checks for GNOME      ***
+gsettings_desktop_schemas_dep = dependency('gsettings-desktop-schemas', required: get_option('gnome_proxy'))
+
+backends = []
+
+# *** Checks for GnuTLS     ***
+gnutls_dep = dependency('gnutls', version: '>= 3.4.6', required: get_option('gnutls'))
+
+if gnutls_dep.found()
+  backends += ['gnutls']
+endif
+
+# *** Checks for OpenSSL    ***
+openssl_option = get_option('openssl')
+if openssl_option.disabled()
+  openssl_dep = []
+else
+  # XXX: https://github.com/mesonbuild/meson/issues/2945
+  openssl_dep = dependency('openssl', required: openssl_option.enabled() and cc.get_id() != 'msvc')
+  if openssl_dep.found()
+    backends += ['openssl']
+  elif cc.get_id() == 'msvc' and not openssl_option.disabled()
+    # MSVC builds of OpenSSL does not generate pkg-config files,
+    # so we check for it manually here in this case, if we can't find those files
+    # Based on the CMake check for OpenSSL in CURL's CMakeLists.txt,
+    # on which headers we should check for
+    have_openssl = true
+    foreach h : ['crypto.h', 'engine.h', 'err.h', 'pem.h',
+                 'rsa.h', 'ssl.h', 'x509.h', 'rand.h', 'tls1.h']
+      header = 'openssl/' + h
+      if not cc.has_header(header)
+        have_openssl = false
+        if openssl_option.enabled()
+          error('openssl module is enabled and @0@ not found'.format(header))
+        endif
+      endif
+    endforeach
+
+    # OpenSSL 1.1.x and 1.0.x (or earlier) have different .lib names,
+    # so we need to look for the correct pair
+
+    # Find either libcrypto.lib (1.1.x) or libeay32.lib (1.0.x or earlier) first
+    libcrypto_dep = cc.find_library('libcrypto', required: false)
+    if libcrypto_dep.found()
+      libssl = 'libssl'
+    else
+      libcrypto_dep = cc.find_library('libeay32', required: openssl_option)
+      libssl = 'ssleay32'
+    endif
+
+    if libcrypto_dep.found()
+      # Find the corresponding SSL library depending on which crypto .lib we found
+      libssl_dep = cc.find_library(libssl, required: openssl_option)
+    endif
+
+    if libcrypto_dep.found() and have_openssl
+      openssl_dep = [libcrypto_dep, libssl_dep]
+      backends += ['openssl']
+    endif
+  endif
+endif
+
+if backends.length() == 0
+  error('No TLS backends enabled. Please enable at least one TLS backend')
+endif
+
+configure_file(
+  output: 'config.h',
+  configuration: config_h
+)
+
+gnome = import('gnome')
+i18n = import('i18n')
+pkg = import('pkgconfig')
+
+po_dir = join_paths(meson.source_root(), 'po')
+
+top_inc = include_directories('.')
+tls_inc = include_directories('tls')
+
+subdir('po')
+
+enable_installed_tests = get_option('installed_tests')
+test_template = files('template.test.in')
+
+module_suffix = []
+# Keep the autotools convention for shared module suffix because GModule
+# depends on it: https://gitlab.gnome.org/GNOME/glib/issues/520
+if ['darwin', 'ios'].contains(host_system)
+  module_suffix = 'so'
+endif
+
+if libproxy_dep.found() or gsettings_desktop_schemas_dep.found()
+  proxy_test_programs = []
+
+  if libproxy_dep.found()
+    subdir('proxy/libproxy')
+  endif
+
+  if gsettings_desktop_schemas_dep.found()
+    subdir('proxy/gnome')
+  endif
+
+  subdir('proxy/tests')
+endif
+
+subdir('tls/base')
+
+if gnutls_dep.found()
+  subdir('tls/gnutls')
+endif
+
+if backends.contains('openssl')
+  subdir('tls/openssl')
+endif
+
+subdir('tls/tests')
+
+# Will automatically pick it up from the cross file if defined
+gio_querymodules = find_program('gio-querymodules', required : false)
+if gio_querymodules.found()
+  meson.add_install_script('meson_post_install.py', gio_querymodules.path(), gio_module_dir)
+endif
+
+output = '\n\n'
+output += '  gnutls support:      ' + backends.contains('gnutls').to_string() + '\n'
+output += '  openssl support:     ' + backends.contains('openssl').to_string() + '\n'
+output += '  libproxy support:    ' + libproxy_dep.found().to_string() + '\n'
+output += '  GNOME proxy support: ' + gsettings_desktop_schemas_dep.found().to_string() + '\n'
+message(output)

diff --git a/meson_options.txt b/meson_options.txt
new file mode 100644 (file)
index 0000000..3a525dd
--- /dev/null
+++ b/meson_options.txt
@@ -0,0 +1,6 @@
+option('gnutls', type: 'feature', value: 'auto', description: 'support for GnuTLS networking configration')
+option('openssl', type: 'feature', value: 'disabled', description: 'support for OpenSSL networking configration')
+option('libproxy', type: 'feature', value: 'auto', description: 'support for libproxy proxy configration')
+option('gnome_proxy', type: 'feature', value: 'auto', description: 'support for GNOME desktop proxy configuration')
+option('installed_tests', type: 'boolean', value: false, description: 'enable installed tests')
+option('static_modules', type: 'boolean', value: false, description: 'build static modules')

diff --git a/meson_post_install.py b/meson_post_install.py
new file mode 100644 (file)
index 0000000..8960540
--- /dev/null
+++ b/meson_post_install.py
@@ -0,0 +1,9 @@
+#!/usr/bin/env python3
+
+import os
+import subprocess
+import sys
+
+if not os.environ.get('DESTDIR'):
+  print('GIO module cache creation...')
+  subprocess.call([sys.argv[1], sys.argv[2]])

diff --git a/po/.gitignore b/po/.gitignore
deleted file mode 100644 (file)
index e456549..0000000
--- a/po/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.gmo
-glib-networking.pot
-Makefile.in.in
-POTFILES

diff --git a/po/LINGUAS b/po/LINGUAS
index e8830a7..ef3f952 100644 (file)
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -26,6 +26,7 @@ gl
 gu
 he
 hi
+hr
 hu
 id
 it
@@ -39,6 +40,7 @@ lt
 ml
 mr
 nb
+ne
 nl
 oc
 or

diff --git a/po/Makevars b/po/Makevars
deleted file mode 100644 (file)
index 10357d6..0000000
--- a/po/Makevars
+++ /dev/null
@@ -1,78 +0,0 @@
-# Makefile variables for PO directory in any package using GNU gettext.
-
-# Usually the message domain is the same as the package name.
-DOMAIN = $(PACKAGE)
-
-# These two variables depend on the location of this directory.
-subdir = po
-top_builddir = ..
-
-# These options get passed to xgettext.
-XGETTEXT_OPTIONS = --from-code=UTF-8 --keyword=_ --keyword=N_ --keyword=C_:1c,2 --keyword=NC_:1c,2 --keyword=g_dngettext:2,3 --add-comments
-
-# This is the copyright holder that gets inserted into the header of the
-# $(DOMAIN).pot file.  Set this to the copyright holder of the surrounding
-# package.  (Note that the msgstr strings, extracted from the package's
-# sources, belong to the copyright holder of the package.)  Translators are
-# expected to transfer the copyright for their translations to this person
-# or entity, or to disclaim their copyright.  The empty string stands for
-# the public domain; in this case the translators are expected to disclaim
-# their copyright.
-COPYRIGHT_HOLDER = Free Software Foundation, Inc.
-
-# This tells whether or not to prepend "GNU " prefix to the package
-# name that gets inserted into the header of the $(DOMAIN).pot file.
-# Possible values are "yes", "no", or empty.  If it is empty, try to
-# detect it automatically by scanning the files in $(top_srcdir) for
-# "GNU packagename" string.
-PACKAGE_GNU =
-
-# This is the email address or URL to which the translators shall report
-# bugs in the untranslated strings:
-# - Strings which are not entire sentences, see the maintainer guidelines
-#   in the GNU gettext documentation, section 'Preparing Strings'.
-# - Strings which use unclear terms or require additional context to be
-#   understood.
-# - Strings which make invalid assumptions about notation of date, time or
-#   money.
-# - Pluralisation problems.
-# - Incorrect English spelling.
-# - Incorrect formatting.
-# It can be your email address, or a mailing list address where translators
-# can write to without being subscribed, or the URL of a web page through
-# which the translators can contact you.
-MSGID_BUGS_ADDRESS =
-
-# This is the list of locale categories, beyond LC_MESSAGES, for which the
-# message catalogs shall be used.  It is usually empty.
-EXTRA_LOCALE_CATEGORIES =
-
-# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt'
-# context.  Possible values are "yes" and "no".  Set this to yes if the
-# package uses functions taking also a message context, like pgettext(), or
-# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument.
-USE_MSGCTXT = no
-
-# These options get passed to msgmerge.
-# Useful options are in particular:
-#   --previous            to keep previous msgids of translated messages,
-#   --quiet               to reduce the verbosity.
-MSGMERGE_OPTIONS =
-
-# These options get passed to msginit.
-# If you want to disable line wrapping when writing PO files, add
-# --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and
-# MSGINIT_OPTIONS.
-MSGINIT_OPTIONS =
-
-# This tells whether or not to regenerate a PO file when $(DOMAIN).pot
-# has changed.  Possible values are "yes" and "no".  Set this to no if
-# the POT file is checked in the repository and the version control
-# program ignores timestamps.
-PO_DEPENDS_ON_POT = no
-
-# This tells whether or not to forcibly update $(DOMAIN).pot and
-# regenerate PO files on "make dist".  Possible values are "yes" and
-# "no".  Set this to no if the POT file and PO files are maintained
-# externally.
-DIST_DEPENDS_ON_UPDATE_PO = no

diff --git a/po/POTFILES.in b/po/POTFILES.in
index 4323e7f..dffd37e 100644 (file)
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -1,7 +1,15 @@
 proxy/libproxy/glibproxyresolver.c
+tls/base/gtlsconnection-base.c
+tls/base/gtlsinputstream-base.c
+tls/base/gtlsoutputstream-base.c
 tls/gnutls/gtlscertificate-gnutls.c
 tls/gnutls/gtlsclientconnection-gnutls.c
 tls/gnutls/gtlsconnection-gnutls.c
+tls/gnutls/gtlsdatabase-gnutls.c
+tls/gnutls/gtlsinputstream-gnutls.c
+tls/gnutls/gtlsoutputstream-gnutls.c
 tls/gnutls/gtlsserverconnection-gnutls.c
-tls/pkcs11/gpkcs11pin.c
-tls/pkcs11/gpkcs11slot.c
+tls/openssl/gtlscertificate-openssl.c
+tls/openssl/gtlsclientconnection-openssl.c
+tls/openssl/gtlsconnection-openssl.c
+tls/openssl/gtlsserverconnection-openssl.c

diff --git a/po/be.po b/po/be.po
index 1288c4c..3611dd5 100644 (file)
--- a/po/be.po
+++ b/po/be.po
@@ -1,13 +1,13 @@
 # Ihar Hrachyshka <ihar.hrachyshka@gmail.com>, 2011.
 # Kasia Bondarava <kasia.bondarava@gmail.com>, 2012.
+# Yuras Shumovich <shumovichy@gmail.com>, 2017.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2012-08-30 15:27+0300\n"
-"Last-Translator: Kasia Bondarava <kasia.bondarava@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2018-07-27 21:02+0000\n"
+"PO-Revision-Date: 2018-09-06 16:45+0300\n"
+"Last-Translator: Yuras Shumovich <shumovichy@gmail.com>\n"
 "Language-Team: Belarusian <i18n-bel-gnome@googlegroups.com>\n"
 "Language: be\n"
 "MIME-Version: 1.0\n"
@@ -15,115 +15,182 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Virtaal 0.7.0\n"
+"X-Generator: Poedit 2.1.1\n"
 "X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Унутраная памылка распазнавальніка проксі-сервера."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:182
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Не ўдалося разабраць DER-сертыфікат: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:203
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Не ўдалося разабраць PEM-сертыфікат: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:234
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Не ўдалося разабраць прыватны DER-ключ: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:265
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Не ўдалося разабраць прыватны PEM-ключ: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:304
 msgid "No certificate data provided"
 msgstr "Даныя сертыфіката не пададзеныя"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:447
 msgid "Server required TLS certificate"
 msgstr "Сервер запатрабаваў TLS-сертыфікат"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:398
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Не ўдалося стварыць TLS-злучэнне: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: tls/gnutls/gtlsconnection-gnutls.c:711
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
 msgid "Connection is closed"
 msgstr "Злучэнне закрыта"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Ð\90пеÑ\80аÑ\86Ñ\8bÑ\8f бÑ\83дзе заблакÑ\96Ñ\80авана"
+#: tls/gnutls/gtlsconnection-gnutls.c:828
+#: tls/gnutls/gtlsconnection-gnutls.c:1432
+msgid "Socket I/O timed out"
+msgstr "ТÑ\8dÑ\80мÑ\96н Ñ\87аканнÑ\8f Ñ\83водÑ\83/вÑ\8bвадÑ\83 з Ñ\81океÑ\82а вÑ\8bÑ\87аÑ\80панÑ\8b"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/gnutls/gtlsconnection-gnutls.c:1006
 msgid "Peer failed to perform TLS handshake"
 msgstr "Суразмоўцу не ўдалося выканаць вітанне TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:991
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Суразмоўца запытаў забароненае паўторнае вітанне TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1012
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-злучэнне нечакана закрылася"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
+#: tls/gnutls/gtlsconnection-gnutls.c:1022
 msgid "TLS connection peer did not send a certificate"
 msgstr "Партнёр па TLS-злучэнні не паслаў сертыфікат"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1028
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Ð\9fамÑ\8bлка вÑ\8bкананнÑ\8f вÑ\96Ñ\82аннÑ\8f TLS: %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "СÑ\83Ñ\80азмоÑ\9eÑ\86а паведамлÑ\8fе пÑ\80а памÑ\8bлкÑ\83 TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
-msgid "Unacceptable TLS certificate"
-msgstr "Ð\9dепÑ\80Ñ\8bмалÑ\8cнÑ\8b TLS-Ñ\81еÑ\80Ñ\82Ñ\8bÑ\84Ñ\96каÑ\82"
+#: tls/gnutls/gtlsconnection-gnutls.c:1040
+msgid "Protocol version downgrade attack detected"
+msgstr "Ð\92Ñ\8bÑ\8fÑ\9eлена аÑ\82ака панÑ\96жÑ\8dннÑ\8f веÑ\80Ñ\81Ñ\96Ñ\96 пÑ\80аÑ\82акола"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1047
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Паведамленне задоўгае для DTLS злучэння; дапускаецца не больш за %u байт"
+msgstr[1] ""
+"Паведамленне задоўгае для DTLS злучэння; дапускаецца не больш за %u байты"
+msgstr[2] ""
+"Паведамленне задоўгае для DTLS злучэння; дапускаецца не больш за %u байтаў"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1054
+msgid "The operation timed out"
+msgstr "Тэрмін чакання аперацыі вычарпаны"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1820
+msgid "Peer does not support safe renegotiation"
+msgstr "Суразмоўца не падтрымлівае бяспечнае пераўзгадненне."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1847
+#: tls/gnutls/gtlsconnection-gnutls.c:1899
+msgid "Error performing TLS handshake"
+msgstr "Памылка выканання вітання TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1909
 msgid "Server did not return a valid TLS certificate"
 msgstr "Сервер не вярнуў правільнага TLS-сертыфіката"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/gnutls/gtlsconnection-gnutls.c:1991
+msgid "Unacceptable TLS certificate"
+msgstr "Непрымальны TLS-сертыфікат"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2264
+#: tls/gnutls/gtlsconnection-gnutls.c:2356
+msgid "Error reading data from TLS socket"
+msgstr "Памылка чытання даных з TLS-сокета"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2386
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Ð\9fамÑ\8bлка Ñ\87Ñ\8bÑ\82аннÑ\8f данÑ\8bÑ\85 з TLS-Ñ\81океÑ\82а: %s"
+msgid "Receive flags are not supported"
+msgstr "Ð\90Ñ\82Ñ\80Ñ\8bманÑ\8bÑ\8f Ñ\81Ñ\86Ñ\8fжкÑ\96 не падÑ\82Ñ\80Ñ\8bмлÑ\96ваÑ\8eÑ\86Ñ\86а"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2463
+#: tls/gnutls/gtlsconnection-gnutls.c:2535
+msgid "Error writing data to TLS socket"
+msgstr "Памылка запісу даных у TLS-сокет"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2505
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Памылка запісу даных у TLS-сокет: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Паведамленне памеру %lu байт задоўгае для DTLS злучэння"
+msgstr[1] "Паведамленне памеру %lu байты задоўгае для DTLS злучэння"
+msgstr[2] "Паведамленне памеру %lu байтаў задоўгае для DTLS злучэння"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Злучэнне ўжо закрыта"
+#: tls/gnutls/gtlsconnection-gnutls.c:2507
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(максімум %u байт)"
+msgstr[1] "(максімум %u байты)"
+msgstr[2] "(максімум %u байтаў)"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/gnutls/gtlsconnection-gnutls.c:2566
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Ð\9fамÑ\8bлка закÑ\80Ñ\8bÑ\86Ñ\86Ñ\8f TLS-злÑ\83Ñ\87Ñ\8dннÑ\8f: %s"
+msgid "Send flags are not supported"
+msgstr "СÑ\86Ñ\8fжкÑ\96 не падÑ\82Ñ\80Ñ\8bмлÑ\96ваÑ\8eÑ\86Ñ\86а"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsconnection-gnutls.c:2669
+msgid "Error performing TLS close"
+msgstr "Памылка закрыцця TLS-злучэння"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Не ўдалося загрузіць сістэмнае даверанае сховішча: GnuTLS настроены без "
+"сістэмнага даверанага сховішча"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Не ўдалося загрузіць сістэмнае даверанае сховішча: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
 msgid "Certificate has no private key"
 msgstr "Сертыфікат не мае закрытага ключа"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
 msgstr "Гэта апошні шанец увесці правільны PIN-код да блакіравання доступу."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -131,22 +198,28 @@ msgstr ""
 "Вы некалькі разоў уводзілі хібны PIN-код, і калі вы працягнеце ўводзіць "
 "хібны PIN-код, дык будзеце заблакіраваны."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Уведзены няправільны PIN-код."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:447
 msgid "Module"
 msgstr "Модуль"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:448
 msgid "PKCS#11 Module Pointer"
 msgstr "Паказальнік модуля PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:455
 msgid "Slot ID"
 msgstr "Ідэнтыфікатар слота"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:456
 msgid "PKCS#11 Slot Identifier"
 msgstr "Ідэнтыфікатар слота PKCS#11"
+
+#~ msgid "Operation would block"
+#~ msgstr "Аперацыя будзе заблакіравана"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Злучэнне ўжо закрыта"

diff --git a/po/bg.po b/po/bg.po
index 1bc33e8..ffeba15 100644 (file)
--- a/po/bg.po
+++ b/po/bg.po
@@ -1,14 +1,15 @@
 # Bulgarian translation of glib-networking po-file.
-# Copyright (C) 2011, 2012, 2013 Free Software Foundation
+# Copyright (C) 2011, 2012, 2013, 2017 Free Software Foundation
 # This file is distributed under the same license as the glib-networking package.
-# Alexander Shopov <ash@kambanaria.org>, 2011, 2012, 2013.
+# Alexander Shopov <ash@kambanaria.org>, 2011, 2012, 2013, 2017.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-01-08 21:50+0200\n"
-"PO-Revision-Date: 2013-01-08 21:50+0200\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-09-02 09:31+0300\n"
+"PO-Revision-Date: 2017-08-25 10:54+0200\n"
 "Last-Translator:  Alexander Shopov <ash@kambanaria.org>\n"
 "Language-Team: Bulgarian <dict@fsa-bg.org>\n"
 "Language: bg\n"
@@ -17,106 +18,108 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "Вътрешна грешка при откриването на сървъра-посредник."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: ../tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Сертификатът във формат DER не може да бъде анализиран: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: ../tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Сертификатът във формат PEM не може да бъде анализиран: %s<"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: ../tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Частният ключ във формат DER не може да бъде анализиран: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: ../tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Частният ключ във формат PEM не може да бъде анализиран: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: ../tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "Липсват данни за сертификат"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
 msgstr "Сървърът изисква сертификат за TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:257
+#: ../tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Не може да се създаде връзка по TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:518
+#: ../tls/gnutls/gtlsconnection-gnutls.c:572
 msgid "Connection is closed"
 msgstr "Връзката е прекъсната"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:580
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1417
+#: ../tls/gnutls/gtlsconnection-gnutls.c:645
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
 msgid "Operation would block"
 msgstr "Операцията ще блокира"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:710
+#: ../tls/gnutls/gtlsconnection-gnutls.c:792
+#: ../tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
 msgstr "Отсрещната страна не осъществи ръкостискане по TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:727
+#: ../tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Отсрещната страна изиска неправилно ново ръкостискане по TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:753
+#: ../tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "Връзката по TLS неочаквано прекъсна"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:763
+#: ../tls/gnutls/gtlsconnection-gnutls.c:847
 msgid "TLS connection peer did not send a certificate"
 msgstr "Отсрещната страна за TLS не върна сертификат"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1144
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1163
+#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Отсрещната страна изпрати фатално съобщение за TLS: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1241
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Грешка при ръкостискане по TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1173
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1284
 msgid "Server did not return a valid TLS certificate"
 msgstr "Сървърът върна неправилен сертификат за TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1248
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1354
 msgid "Unacceptable TLS certificate"
 msgstr "Неприемлив сертификат за TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1440
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1562
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Грешка при четене на данни по TLS от гнездо: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1469
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1591
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Грешка при запис на данни по TLS към гнездо: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1513
-msgid "Connection is already closed"
-msgstr "Връзката вече е прекъсната"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1523
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Грешка при прекъсване на TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
 msgid "Certificate has no private key"
 msgstr "Сертификатът е без частен ключ"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: ../tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
@@ -124,7 +127,7 @@ msgstr ""
 "Това е последният ви шанс да въведете правилен ПИН. При грешка устройството "
 "ще бъде заключено."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: ../tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -132,22 +135,22 @@ msgstr ""
 "Няколко последователно въведени ПИН-а са били грешни. При поредна грешка "
 "устройството ще бъде заключено."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: ../tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Неправилен ПИН."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: ../tls/pkcs11/gpkcs11slot.c:449
 msgid "Module"
 msgstr "Модул"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: ../tls/pkcs11/gpkcs11slot.c:450
 msgid "PKCS#11 Module Pointer"
 msgstr "Указател към модул за PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: ../tls/pkcs11/gpkcs11slot.c:457
 msgid "Slot ID"
 msgstr "Идентификатор на гнездо"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: ../tls/pkcs11/gpkcs11slot.c:458
 msgid "PKCS#11 Slot Identifier"
 msgstr "Идентификатор на гнездо за PKCS#11"

diff --git a/po/ca.po b/po/ca.po
index a9fabcf..4e144f6 100644 (file)
--- a/po/ca.po
+++ b/po/ca.po
@@ -7,10 +7,9 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-03-05 15:28+0000\n"
-"PO-Revision-Date: 2012-08-16 19:02+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"PO-Revision-Date: 2018-07-01 08:56+0200\n"
 "Last-Translator: Gil Forcada <gilforcada@guifi.net>\n"
 "Language-Team: Catalan <gnome-dl@llistes.softcatala.org>\n"
 "Language: ca\n"
@@ -18,142 +17,233 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Poedit 2.0.6\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr ""
 "S'ha produït un error intern al sistema de resolució del servidor "
 "intermediari."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "La connexió està tancada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'operació bloquejaria"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "El servidor requereix un certificat TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "No s'ha pogut analitzar el certificat DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "No s'ha pogut analitzar el certificat PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "No s'ha pogut analitzar la clau privada DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "No s'ha pogut analitzar la clau privada PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "No s'ha proporcionat cap dada per al certificat"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "El servidor requereix un certificat TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:537
+#: tls/openssl/gtlsserverconnection-openssl.c:401
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "No s'ha pogut crear una connexió TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "La connexió està tancada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
-msgid "Operation would block"
-msgstr "L'operació bloquejaria"
+#: tls/gnutls/gtlsconnection-gnutls.c:858
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+msgid "Socket I/O timed out"
+msgstr "S'ha excedit el temps d'espera d'entrada/sortida del sòcol"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1021
+#: tls/openssl/gtlsconnection-openssl.c:234
 msgid "Peer requested illegal TLS rehandshake"
 msgstr ""
 "L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:1042
 msgid "TLS connection closed unexpectedly"
 msgstr "La connexió TLS s'ha tancat de manera inesperada"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:171
 msgid "TLS connection peer did not send a certificate"
 msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:2160
+#: tls/openssl/gtlsconnection-openssl.c:416
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
-msgid "Server did not return a valid TLS certificate"
-msgstr "El servidor no ha retornat un certificat TLS vàlid"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
 msgid "Unacceptable TLS certificate"
 msgstr "No es pot acceptar el certificat TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/gnutls/gtlsconnection-gnutls.c:1064
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "L'altre extrem de la connexió ha enviat una alerta fatal TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1076
+msgid "Protocol version downgrade attack detected"
+msgstr "Atacat de rebaixa de la versió de protocol detectat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/gnutls/gtlsconnection-gnutls.c:1083
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"El missatge és massa gran per a una connexió DTLS; el màxim és %u byte"
+msgstr[1] ""
+"El missatge és massa gran per a una connexió DTLS; el màxim és %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+msgid "The operation timed out"
+msgstr "L'operació ha excedit el temps"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1981
+msgid "Peer does not support safe renegotiation"
+msgstr "L'altre extrem de la connexió no és compatible amb una negociació segura"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2008
+#: tls/gnutls/gtlsconnection-gnutls.c:2058
+msgid "Error performing TLS handshake"
+msgstr "S'ha produït un error en realitzar l'encaixada TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2510
+#: tls/gnutls/gtlsconnection-gnutls.c:2602
+msgid "Error reading data from TLS socket"
+msgstr "S'ha produït un error en llegir les dades del sòcol TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Els senyaladors de recepció no són compatibles"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "La connexió ja està tancada"
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2709
+#: tls/gnutls/gtlsconnection-gnutls.c:2781
+msgid "Error writing data to TLS socket"
+msgstr "S'ha produït un error en escriure les dades al sòcol TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/gnutls/gtlsconnection-gnutls.c:2751
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "El missatge de mida %lu byte és massa gran per a la connexió DTLS"
+msgstr[1] "El missatge de mida %lu bytes és massa gran per a la connexió DTLS"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "El certificat no té cap clau privada"
+#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(el màxim és %u byte)"
+msgstr[1] "(el màxim és %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Els senyaladors d'enviament no són compatibles"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/gnutls/gtlsconnection-gnutls.c:2915
+msgid "Error performing TLS close"
+msgstr "S'ha produït un error en realitzar el tancament TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
 msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
 msgstr ""
-"Aquesta és la darrera oportunitat per introduir el PIN de manera correcta "
-"abans de bloquejar el testimoni."
+"S'ha produït un error en carregar l'emmagatzematge del sistema de confiança: "
+"GnuTLS no està configurat amb un sistema de confiança"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
 msgstr ""
-"S'ha intentat introduir el PIN de manera incorrecta diverses vegades, i es "
-"bloquejarà el testimoni si es torna a fallar."
+"S'ha produït un error en carregar l'emmagatzematge del sistema de confiança: "
+"%s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgid "Certificate has no private key"
+msgstr "El certificat no té cap clau privada"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:486
+#: tls/openssl/gtlsserverconnection-openssl.c:292
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "No s'ha pogut crear un context TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:179
+msgid "Digest too big for RSA key"
+msgstr "Resum massa gran per la clau RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:243
+#: tls/openssl/gtlsconnection-openssl.c:376
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:386
+msgid "Server did not return a valid TLS certificate"
+msgstr "El servidor no ha retornat un certificat TLS vàlid"
+
+#: tls/openssl/gtlsconnection-openssl.c:500
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "S'ha introduït un PIN incorrecte."
+#: tls/openssl/gtlsconnection-openssl.c:526
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Mòdul"
+#: tls/openssl/gtlsconnection-openssl.c:552
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Punter del mòdul PKCS#11"
+#: tls/openssl/gtlsserverconnection-openssl.c:335
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Hi ha un problema amb el certificat de la clau privada: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Identificador de ranura"
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Hi ha un problema amb el certificat: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificador de la ranura PKCS#11"

diff --git a/po/ca@valencia.po b/po/ca@valencia.po
index 89319b4..627b9c5 100644 (file)
--- a/po/ca@valencia.po
+++ b/po/ca@valencia.po
@@ -7,129 +7,132 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-03-17 20:04+0100\n"
-"PO-Revision-Date: 2012-08-16 19:02+0200\n"
-"Last-Translator: Gil Forcada <gilforcada@guifi.net>\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-09-09 14:14+0000\n"
+"PO-Revision-Date: 2017-09-01 14:11+0200\n"
+"Last-Translator: Xavi Ivars <xavi.ivars@gmail.com>\n"
 "Language-Team: Catalan <gnome-dl@llistes.softcatala.org>\n"
-"Language: ca@valencia\n"
+"Language: ca-valencia\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Poedit 1.8.11\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr ""
 "S'ha produït un error intern al sistema de resolució del servidor "
 "intermediari."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "No s'ha pogut analitzar el certificat DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "No s'ha pogut analitzar el certificat PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "No s'ha pogut analitzar la clau privada DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "No s'ha pogut analitzar la clau privada PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "No s'ha proporcionat cap dada per al certificat"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
 msgstr "El servidor requereix un certificat TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "No s'ha pogut crear una connexió TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: tls/gnutls/gtlsconnection-gnutls.c:572
 msgid "Connection is closed"
 msgstr "La connexió està tancada"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
 msgid "Operation would block"
 msgstr "L'operació bloquejaria"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
 msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
 msgstr ""
 "L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "La connexió TLS s'ha tancat de manera inesperada"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:847
 msgid "TLS connection peer did not send a certificate"
 msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "L'altre extrem de la connexió ha enviat una alerta fatal TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
 msgid "Server did not return a valid TLS certificate"
 msgstr "El servidor no ha retornat un certificat TLS vàlid"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
 msgid "Unacceptable TLS certificate"
 msgstr "No es pot acceptar el certificat TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "La connexió ja està tancada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
 msgid "Certificate has no private key"
 msgstr "El certificat no té cap clau privada"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
 msgstr ""
-"Esta és la darrera oportunitat per introduir el PIN de manera correcta abans "
-"de bloquejar el testimoni."
+"Esta és la darrera oportunitat per introduir el PIN de manera correcta "
+"abans de bloquejar el testimoni."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -137,22 +140,25 @@ msgstr ""
 "S'ha intentat introduir el PIN de manera incorrecta diverses vegades, i es "
 "bloquejarà el testimoni si es torna a fallar."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "S'ha introduït un PIN incorrecte."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:449
 msgid "Module"
 msgstr "Mòdul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:450
 msgid "PKCS#11 Module Pointer"
 msgstr "Punter del mòdul PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:457
 msgid "Slot ID"
 msgstr "Identificador de ranura"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:458
 msgid "PKCS#11 Slot Identifier"
 msgstr "Identificador de la ranura PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connexió ja està tancada"

diff --git a/po/cs.po b/po/cs.po
index be201c1..af7be94 100644 (file)
--- a/po/cs.po
+++ b/po/cs.po
@@ -1,16 +1,14 @@
 # Czech translation for glib-networking.
 # Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
-#
-# Marek Černocký <marek@manet.cz>, 2011, 2012.
+# Marek Černocký <marek@manet.cz>, 2011, 2012, 2017, 2018, 2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2012-12-02 21:47+0100\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-03 21:03+0100\n"
 "Last-Translator: Marek Černocký <marek@manet.cz>\n"
 "Language-Team: čeština <gnome-cs-list@gnome.org>\n"
 "Language: cs\n"
@@ -18,138 +16,241 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-"X-Generator: Gtranslator 2.91.5\n"
+"X-Generator: Gtranslator 2.91.7\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Interní chyba zjišťování adres přes proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Připojení je uzavřeno"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operace by blokovala"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Server požaduje certifikát TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Nelze zpracovat certifikát DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Nelze zpracovat certifikát PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Nelze zpracovat soukromý klíč DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Nelze zpracovat soukromý klíč PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nebyla poskytnuta žádná data certifikátu"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Server požaduje certifikát TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Nelze vytvořit připojení TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Připojení je uzavřeno"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Během vyjednávání spojení TLS nelze provést blokující operaci"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Operace by blokovala"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Vypršel časový limit V/V operace soketu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Protějšek selhal při navazování spojení TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Protějšek požadoval neplatné znovunavázání spojení TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "Připojení TLS bylo neočekávaně zavřeno"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Protějšek připojení TLS neposlal certifikát"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Chyba při navazování spojení TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Nepřijatelný certifikát TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server nevrátil platný certifikát TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Protějšek zaslal kritické varování TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Zjištěn útok pomocí snížení verze protokolu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Chyba čtení dat ze soketu TLS: %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Zpráva je příliš velká pro připojení DTLS; maximum je %u bajt"
+msgstr[1] "Zpráva je příliš velká pro připojení DTLS; maximum jsou %u bajty"
+msgstr[2] "Zpráva je příliš velká pro připojení DTLS; maximum je %u bajtů"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Vypršel časový limit operace"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Protějšek nepodporuje bezpečné opětovné vyjednávání"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Chyba při vyjednávání spojení TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Chyba při čtení dat ze soketu TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Chyba zápisu dat do soketu TLS: %s"
+msgid "Receive flags are not supported"
+msgstr "Příznaky příjmu nejsou podporované"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Připojení je stále uzavřeno"
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Chyba při zápisu dat do soketu TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Chyba při zavírání TLS: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Zpráva o velikosti %lu bajt je příliš velká pro připojení DTLS"
+msgstr[1] "Zpráva o velikosti %lu bajty je příliš velká pro připojení DTLS"
+msgstr[2] "Zpráva o velikosti %lu bajtů je příliš velká pro připojení DTLS"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Certifikát nemá soukromý klíč"
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maximum je %u bajt)"
+msgstr[1] "(maximum jsou %u bajty)"
+msgstr[2] "(maximum je %u bajtů)"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "Máte poslední pokus zadat PIN správně, pak bude tiket zablokován."
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Příznaky odesílání nejsou podporované"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Chyba při zavírání TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
 msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
 msgstr ""
-"Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude tiket "
-"zablokován."
+"Selhalo načtení úložiště systému důvěry: GnuTLS není nastavené pro systém "
+"důvěry"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Selhalo načtení úložiště systému důvěry: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Certifikát nemá soukromý klíč"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nezdařilo se vytvořit kontext TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Haš je pro klíč RSA příliš velký"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Zadaný PIN je nesprávný."
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Chyba při vyjednávání spojení TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server nevrátil platný certifikát TLS"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Ukazatel na modul PKCS#11"
+#: tls/openssl/gtlsconnection-openssl.c:504
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Chyba při čtení dat ze soketu TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID slotu"
+#: tls/openssl/gtlsconnection-openssl.c:530
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Chyba při zápisu dat do soketu TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identifikátor slotu PKCS#11"
+#: tls/openssl/gtlsconnection-openssl.c:556
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Chyba při zavírání TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Je zde problém s certifikátem: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Je zde problém se soukromým klíčem certifikátu: %s"

diff --git a/po/da.po b/po/da.po
index cd003e8..5552e78 100644 (file)
--- a/po/da.po
+++ b/po/da.po
@@ -1,156 +1,290 @@
 # Danish translation for glib-networking.
-# Copyright (C) 2011-2013 glib-networking's COPYRIGHT HOLDER
+# Copyright (C) 2011-2013, 2017-2018 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
 #
 # Kris Thomsen <lakristho@gmail.com>, 2011.
-# Ask Hjorth Larsen <asklarsen@gmail.com>, 2012-2013.
+# Ask Hjorth Larsen <asklarsen@gmail.com>, 2012-2013, 2017-2018.
+# Alan Mortensen <alanmortensen.am@gmail.com>, 2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-03-17 14:55+0100\n"
-"PO-Revision-Date: 2013-03-16 17:43+0100\n"
-"Last-Translator: Ask Hjorth Larsen <asklarsen@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-02-14 20:11+0100\n"
+"Last-Translator: Alan Mortensen <alanmortensen.am@gmail.com>\n"
 "Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
 "Language: da\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.0.6\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Intern fejl i proxy-opløser."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Forbindelsen er lukket"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Forbindelsen ville blokere"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Server kræver et TLS-certifikat"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Kunne ikke fortolke DER-certifikat: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Kunne ikke fortolke PEM-certifikat: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Kunne ikke fortolke privat nøgle for DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Kunne ikke fortolke privat nøgle for PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Ingen certifikatdata angivet"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Server kræver et TLS-certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Kunne ikke oprette TLS-forbindelse: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "Forbindelsen er lukket"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Kan ikke udføre en blokerende operation under TLS-forhandling: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
-msgid "Operation would block"
-msgstr "Forbindelsen ville blokere"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Tidsudløb i sokkel-I/O"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Modpart mislykkedes i at udføre TLS-forhandling"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Modpart forspurgte illegalt TLS-genforhandling"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-forbindelse lukkede uventet ned"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS-modpart sendte ikke noget certifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Uacceptabelt TLS-certifikat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Peer sendte fatal TLS-alarm: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Detekterede angreb baseret på nedgradering af protokolversion"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Meddelelsen er for lang til DTLS-forbindelse; maksimum er %u byte"
+msgstr[1] "Meddelelsen er for lang til DTLS-forbindelse; maksimum er %u byte"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Tidsudløb under operation"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Modpart understøtter ikke sikker genforhandling"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Fejl under udførsel af TLS-forhandling: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Fejl under læsning af data fra TLS-sokkel"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Modtagelsesflag understøttes ikke"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Fejl under skrivning af data til TLS-sokkel"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Meddelelse af størrelse %lu byte er for stor til DTLS-forbindelse"
+msgstr[1] "Meddelelse af størrelse %lu byte er for stor til DTLS-forbindelse"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maksimum er %u byte)"
+msgstr[1] "(maksimum er %u byte)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Sendeflag understøttes ikke"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Fejl ved lukning af TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Kunne ikke indlæse systemets “trust store”: GnuTLS blev ikke konfigureret "
+"med en system-“trust”"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Kunne ikke indlæse systemets “trust store”: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Certifikatet har ingen privat nøgle"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kunne ikke oprette TLS-kontekst: %s"
+
+# Digest er oversat med digest i Network-modulerne i gnome extra
+# https://en.wikipedia.org/wiki/Cryptographic_hash_function
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Digest er for stor til RSA-nøglen"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
-msgstr "Fejl under udførsel af TLS-handshake: %s"
+msgstr "Fejl under udførsel af TLS-forhandling: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Serveren returnerede ikke et gyldigt TLS-certifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
-msgid "Unacceptable TLS certificate"
-msgstr "Uacceptabelt TLS-certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Fejl under læsning af data fra TLS-sokkel: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Fejl under skrivning af data til TLS-sokkel: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "Forbindelsen er allerede lukket"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
-msgstr "Fejl under nedlukning af TLS: %s"
+msgstr "Fejl ved lukning af TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Certifikatet har ingen privat nøgle"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Der er et problem med certifikatet: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Dette er sidste chance for at indtaste PIN korrekt, før det kryptografiske "
-"tegn (token) låses."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Der er et problem med certifikatets private nøgle: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Der er indtastet adskillige forkerte PIN, og det kryptografiske tegn (token) "
-"vil blive låst hvis der sker flere fejl."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dette er sidste chance for at indtaste PIN korrekt, før det "
+#~ "kryptografiske tegn (token) låses."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Der er indtastet adskillige forkerte PIN, og det kryptografiske tegn "
+#~ "(token) vil blive låst hvis der sker flere fejl."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Den indtastede PIN er forkert."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Den indtastede PIN er forkert."
+#~ msgid "Module"
+#~ msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-modulpointer"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11-modulpointer"
+#~ msgid "Slot ID"
+#~ msgstr "Plads-id"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Plads-id"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 plads-identifikation"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 plads-identifikation"
+#~ msgid "Connection is already closed"
+#~ msgstr "Forbindelsen er allerede lukket"

diff --git a/po/de.po b/po/de.po
index 4bcc3b1..3aaaa12 100644 (file)
--- a/po/de.po
+++ b/po/de.po
@@ -1,160 +1,290 @@
 # German translation for glib-networking.
 # Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
-# Mario Blättermann <mario.blaettermann@gmail.com>, 2011-2013.
-# Christian Kirbach <Christian.Kirbach@gmail.com>, 2011, 2012.
-# Wolfgang Stöggl <c72578@yahoo.de>, 2011, 2012.
+# Mario Blättermann <mario.blaettermann@gmail.com>, 2011-2013, 2017-2018.
+# Christian Kirbach <Christian.Kirbach@gmail.com>, 2011-2012.
+# Wolfgang Stöggl <c72578@yahoo.de>, 2011-2012.
+# Tim Sabsch <tim@sabsch.com>, 2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-03-04 08:30+0100\n"
-"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-05 20:17+0100\n"
+"Last-Translator: Tim Sabsch <tim@sabsch.com>\n"
 "Language-Team: Deutsch <gnome-de@gnome.org>\n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Poedit-Language: German\n"
-"X-Poedit-Country: GERMANY\n"
-"X-Generator: Gtranslator 2.91.5\n"
+"X-Generator: Poedit 2.2.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Interner Fehler in der Auflösung des Proxys."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Verbindung ist geschlossen"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operation würde blockieren"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Server benötigt ein TLS-Zertifikat"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "DER-Zertifikat konnte nicht verarbeitet werden: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "PEM-Zertifikat konnte nicht verarbeitet werden: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Geheimer DER-Schlüssel konnte nicht verarbeitet werden: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Geheimer PEM-Schlüssel konnte nicht verarbeitet werden: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Keine Zertifikatdaten bereitgestellt"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Server benötigt ein TLS-Zertifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "TLS-Verbindung konnte nicht erstellt werden: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Verbindung ist geschlossen"
+# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Block-Operation kann nicht während des TLS-Handshakes ausgeführt werden"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Vorgang würde blockieren"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Zeitüberschreitung bei Ein-/Ausgabeoperation des Sockets"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Gegenstelle scheiterte bei Ausführung der TLS-Begrüßung"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Gegenstelle fragte illegale erneute Begrüßung an"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-Verbindung wurde unerwartet geschlossen"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Gegenstelle der TLS-Verbindung gab kein gültiges Zertifikat zurück"
 
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nicht akzeptables TLS-Zertifikat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Gegenstelle sendete schwerwiegende TLS-Warnung: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Angriff durch Zurücksetzen der Protokollversion entdeckt"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Nachricht ist für DTLS-Verbindung zu groß; Maximum ist %u Byte"
+msgstr[1] "Nachricht ist für DTLS-Verbindung zu groß; Maximum ist %u Bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Zeitüberschreitung des Vorgangs"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Die Gegenstelle unterstützt keine sichere Neuverhandlung"
+
 # Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Fehler bei der Ausführung des TLS-Handshake"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Empfangen von Flags wird nicht unterstützt"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Fehler beim Schreiben der Daten in den TLS-Socket"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Nachricht der Größe %lu Byte ist für DTLS-Verbindung zu groß"
+msgstr[1] "Nachricht der Größe %lu Byte ist für DTLS-Verbindung zu groß"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(Maximum ist %u Byte)"
+msgstr[1] "(Maximum ist %u Bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Senden von Flags wird nicht unterstützt"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Fehler beim Schließen der TLS-Verbindung"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Vertrauenswürdigkeitsspeicher des Systems konnte nicht geladen werden: "
+"GnuTLS wurde nicht mit einer Systemvertrauenswürdigkeit eingerichtet"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
+"Vertrauenswürdigkeitsspeicher des Systems konnte nicht geladen werden: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Das Zertifikat hat keinen geheimen Schlüssel"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS-Kontext konnte nicht erstellt werden: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Auszug ist zu groß für RSA-Schlüssel"
+
+# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Fehler bei der Ausführung des TLS-Handshake: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
-msgid "Unacceptable TLS certificate"
-msgstr "Nicht akzeptables TLS-Zertifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Server gab kein gültiges TLS-Zertifikat zurück"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Fehler beim Schreiben der Daten in den TLS-Socket: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Verbindung ist bereits geschlossen"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Fehler beim Schließen der TLS-Verbindung: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Das Zertifikat hat keinen geheimen Schlüssel"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Es besteht ein Problem mit dem Zertifikat: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is locked."
-msgstr ""
-"Dies ist die letzte Möglichkeit, die PIN korrekt einzugeben, bevor das Token "
-"gesperrt wird."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Es besteht ein Problem mit dem privaten Schlüssel des Zertifikats: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Mehrere Versuche der PIN-Eingabe waren nicht korrekt. Das Token wird nach "
-"weiteren Fehlversuchen gesperrt."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dies ist die letzte Möglichkeit, die PIN korrekt einzugeben, bevor das "
+#~ "Token gesperrt wird."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Mehrere Versuche der PIN-Eingabe waren nicht korrekt. Das Token wird nach "
+#~ "weiteren Fehlversuchen gesperrt."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Die eingegebene PIN ist nicht korrekt."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Die eingegebene PIN ist nicht korrekt."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#~ msgid "Module"
+#~ msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11-Modulzeiger"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-Modulzeiger"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Slot-ID"
+#~ msgid "Slot ID"
+#~ msgstr "Slot-ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11-Slotkennung"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11-Slotkennung"

diff --git a/po/el.po b/po/el.po
index 6bc68a9..ebd5706 100644 (file)
--- a/po/el.po
+++ b/po/el.po
@@ -7,121 +7,122 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
 "product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2014-07-09 05:52+0000\n"
-"PO-Revision-Date: 2014-07-09 14:43+0200\n"
-"Last-Translator: Tom Tryfonidis <tomtryf@gmail.com>\n"
+"POT-Creation-Date: 2017-05-23 15:17+0000\n"
+"PO-Revision-Date: 2017-09-09 10:31+0200\n"
+"Last-Translator: Efstathios Iosifidis <iosifidis@opensuse.org>\n"
 "Language-Team: team@gnome.gr\n"
 "Language: el\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 1.6.5\n"
+"X-Generator: Poedit 1.5.7\n"
 "X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "Εσωτερικό σφάλμα επίλυσης διαμεσολαβητή."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Αδυναμία ανάλυσης πιστοποιητικού DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Αδυναμία ανάλυσης πιστοποιητικού PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Αδυναμία ανάλυσης ιδιωτικού κλειδιού DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Αδυναμία ανάλυσης ιδιωτικού κλειδιού PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "Δεν παρέχονται δεδομένα πιστοποιητικού"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
 msgstr "Ο διακομιστής απαίτησε πιστοποιητικό TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Αδύνατη η δημιουργία σύνδεσης TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:531
+#: tls/gnutls/gtlsconnection-gnutls.c:572
 msgid "Connection is closed"
 msgstr "Η σύνδεση έκλεισε"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1465
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
 msgid "Operation would block"
 msgstr "Η λειτουργία θα μπλοκαριστεί"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:733
-#: ../tls/gnutls/gtlsconnection-gnutls.c:772
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
 msgstr "Ο ομότιμος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:751
+#: tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Ο ομότιμος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:778
+#: tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "Η σύνδεση TLS τερματίστηκε απρόσμενα"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:788
+#: tls/gnutls/gtlsconnection-gnutls.c:847
 msgid "TLS connection peer did not send a certificate"
 msgstr "Η ομότιμη σύνδεση TLS δεν έστειλε πιστοποιητικό"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1178
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1211
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Το ομότιμο έστειλε ειδοποίηση μοιραίου σφάλματος TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Σφάλμα κατά τη «χειραψία» TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
 msgid "Server did not return a valid TLS certificate"
 msgstr "Ο διακομιστής δεν επέστρεψε ένα έγκυρο πιστοποιητικό TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1296
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
 msgid "Unacceptable TLS certificate"
 msgstr "Μη αποδεκτό πιστοποιητικό TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1499
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Σφάλμα κατά την ανάγνωση δεδομένων από την υποδοχή TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Σφάλμα κατά την εγγραφή δεδομένων στην υποδοχή TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1572
-msgid "Connection is already closed"
-msgstr "Η σύνδεση έχει ήδη κλείσει"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1582
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Σφάλμα κατά το κλείσιμο TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
 msgid "Certificate has no private key"
 msgstr "Το πιστοποιητικό δεν έχει ιδιωτικό κλειδί"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
@@ -129,7 +130,7 @@ msgstr ""
 "Αυτή είναι η τελευταία σας ευκαιρία να πληκτρολογήσετε σωστά το PIN πριν να "
 "κλειδωθεί το διακριτικό."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -137,22 +138,25 @@ msgstr ""
 "Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το διακριτικό θα κλειδωθεί μετά "
 "από περαιτέρω αποτυχίες."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Δεν είναι έγκυρο το PIN που πληκτρολογήσατε."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:449
 msgid "Module"
 msgstr "Άρθρωμα"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:450
 msgid "PKCS#11 Module Pointer"
 msgstr "Δείκτης αρθρώματος PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:457
 msgid "Slot ID"
 msgstr "Αναγνωριστικό υποδοχής"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:458
 msgid "PKCS#11 Slot Identifier"
 msgstr "Αναγνωριστικό θέσης PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Η σύνδεση έχει ήδη κλείσει"

diff --git a/po/eo.po b/po/eo.po
index a5e722d..e53c718 100644 (file)
--- a/po/eo.po
+++ b/po/eo.po
@@ -1,94 +1,160 @@
 # Esperanto translation for glib-networking.
 # Copyright (C) 2011 Free Software Foundation, Inc.
 # This file is distributed under the same license as the glib-networking package.
-# Kristjan SCHMIDT <kristjan.schmidt@googlemail.com>, 2011.
-#
+# Kristjan SCHMIDT <kristjan.schmidt@googlemail.com>, 2011, 2017.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&component=network\n"
-"POT-Creation-Date: 2011-02-15 22:47+0000\n"
-"PO-Revision-Date: 2011-05-15 15:54+0200\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
+"eywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-05-23 15:17+0000\n"
+"PO-Revision-Date: 2017-06-11 02:22+0200\n"
 "Last-Translator: Kristjan SCHMIDT <kristjan.schmidt@googlemail.com>\n"
-"Language-Team: Esperanto <ubuntu-l10n-eo@lists.launchpad.net>\n"
+"Language-Team: Esperanto <gnome-eo-list@gnome.org>\n"
 "Language: eo\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+"X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:142
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "Interna eraro en la solvilo de la prokurilo."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Ne eblis analizi la DER-atestilon: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Ne eblis analizi la PEM-atestilon: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:214
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Ne eblis analizi la privatan DER-ŝlosilon: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Ne eblis analizi la privatan PEM-ŝlosilon: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:275
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "Neniu atestilo etas provizita"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:356
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
 msgstr "Servilo bezonas TLS-atestilon"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:241
+#: tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Ne eblis krei TLS-konekton: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:479
+#: tls/gnutls/gtlsconnection-gnutls.c:572
+msgid "Connection is closed"
+msgstr "La konekto estas fermita"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
+#, fuzzy
+msgid "Operation would block"
+msgstr "La operacio estus haltigota"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
-msgstr "Samtavolano fiaskis efektivigi TLS-kvitancon"
+msgstr "Samtavolano malsukcesis efektivigi TLS-kvitancon"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:497
+#: tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Samtavolano petis kontraŭleĝan TLS-kvitancon"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:511
+#: tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-konekto fermiĝis senatendite"
 
+#: tls/gnutls/gtlsconnection-gnutls.c:847
+#, fuzzy
+#| msgid "TLS connection closed unexpectedly"
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-konekto ne sendis atestilon"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr ""
+
 # Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
-#: ../tls/gnutls/gtlsconnection-gnutls.c:799
-#: ../tls/gnutls/gtlsconnection-gnutls.c:825
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Eraro dum efektivigi TLS-kvitancon: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:876
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
+#| msgid "Server required TLS certificate"
+msgid "Server did not return a valid TLS certificate"
+msgstr "Servilo ne redonis validan TLS-atestilon"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
 msgid "Unacceptable TLS certificate"
 msgstr "Neakceptebla TLS-atestilo"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1023
-#, fuzzy, c-format
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
+#, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "Eraro dum legi de la datumoj el la TLS-ingo:%s\n"
+msgstr "Eraro dum legi datumojn el la TLS-ingo: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1049
-#, fuzzy, c-format
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
+#, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "Eraro dum skribi de la datumoj el la TLS-ingo:%s\n"
+msgstr "Eraro dum skribi datumojn al la TLS-ingo: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1095
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Eraro dum fermi la TLS-konekto: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+msgid "Certificate has no private key"
+msgstr "Atestilo ne havas privatan ŝlosilon"
+
+#: tls/pkcs11/gpkcs11pin.c:111
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr ""
+"Ĉi tiu estas la lasta ebleco enigi la pasvorton ĝuste antaŭ ol via aliro "
+"estos ŝlosita."
+
+#: tls/pkcs11/gpkcs11pin.c:113
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+
+#: tls/pkcs11/gpkcs11pin.c:115
+msgid "The PIN entered is incorrect."
+msgstr "La pasvorto enigita ne estas korekta."
+
+#: tls/pkcs11/gpkcs11slot.c:449
+msgid "Module"
+msgstr "Modulo"
+
+#: tls/pkcs11/gpkcs11slot.c:450
+msgid "PKCS#11 Module Pointer"
+msgstr ""
+
+#: tls/pkcs11/gpkcs11slot.c:457
+msgid "Slot ID"
+msgstr ""
+
+#: tls/pkcs11/gpkcs11slot.c:458
+msgid "PKCS#11 Slot Identifier"
+msgstr ""

diff --git a/po/es.po b/po/es.po
index 7ea986c..60c88b1 100644 (file)
--- a/po/es.po
+++ b/po/es.po
@@ -2,156 +2,290 @@
 # Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
 # Jorge González <jorgegonz@svn.gnome.org>, 2011.
-# Daniel Mustieles <daniel.mustieles@gmail.com>, 2011, 2012.
+# Daniel Mustieles <daniel.mustieles@gmail.com>, 2011-2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2012-12-02 19:10+0100\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-04 12:05+0100\n"
 "Last-Translator: Daniel Mustieles <daniel.mustieles@gmail.com>\n"
-"Language-Team: Español; Castellano <gnome-es-list@gnome.org>\n"
+"Language-Team: es <gnome-es-list@gnome.org>\n"
 "Language: es\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Gtranslator 2.91.5\n"
+"X-Generator: Gtranslator 3.31.90\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Error interno del proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "La conexión está cerrada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "La operación de bloqueará"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "El servidor requiere un certificado TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "No se pudo analizar el certificado DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "No se pudo analizar el certificado PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "No se pudo analizar la clave privada DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "No se pudo analizar la clave privada PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "No se han proporcionado datos del certificado"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "El servidor requiere un certificado TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "No se pudo crear la conexión TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "La conexión está cerrada"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "No se puede bloquear la operación durante la negociación de TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "La operación de bloqueará"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Expiró la E/S del socket"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "EL par falló al realizar la negociación TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "El par solicitó una renegociación TLS ilegal"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "La conexión TLS se cerró inesperadamente"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "El par de la conexión TLS no envió un certificado"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Error al realizar la negociación TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Certificado TLS inaceptable"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "El par ha enviado una alerta fatal de TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Detectado ataque de rebaja de versión de protocolo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"El mensaje es demasiado largo para una conexión DTLS; el máximo es %u byte"
+msgstr[1] ""
+"El mensaje es demasiado largo para una conexión DTLS; el máximo es %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "La operación ha agotado su tiempo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "El par no soporta renegociación segura"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Error al realizar la negociación TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Error al leer datos del socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "No se soporta recibir opciones"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Error al escribir datos en el socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+"El mensaje de tamaño %lu byte es demasiado largo para una conexión DTLS"
+msgstr[1] ""
+"El mensaje de tamaño %lu bytes es demasiado largo para una conexión DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(el máximo es %u byte)"
+msgstr[1] "(el máximo es %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "No se soporta enviar opciones"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Error al cerrar el TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Falló al cargar el almacén de confianza del sistema: GnuTLS no se ha "
+"configurado con un sistema de confianza"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Falló al cargar el almacén de confianza del sistema: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "El certificado no tiene clave privada"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "No se pudo crear el contexto TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Resumen demasiado grande para la clave RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error al realizar la negociación TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "El servidor no devolvió un certificado TLS válido"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Error al leer datos del socket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Error al escribir datos en el socket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "La conexión ya está cerrada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Error al cerrar el TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "El certificado no tiene clave privada"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Hay un problema con el certificado: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Esta es la última oportunidad para introducir el PIN correctamente antes de "
-"que se bloquee el «token»."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Hay un problema con la clave privada del certificado: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Varios intentos de introducir el PIN han sido incorrectos y el «token» se "
-"bloqueará después de más fallos."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta es la última oportunidad para introducir el PIN correctamente antes "
+#~ "de que se bloquee el «token»."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Varios intentos de introducir el PIN han sido incorrectos y el «token» se "
+#~ "bloqueará después de más fallos."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "El PIN introducido es incorrecto."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "El PIN introducido es incorrecto."
+#~ msgid "Module"
+#~ msgstr "Módulo"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Módulo"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Puntero del módulo PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Puntero del módulo PKCS#11"
+#~ msgid "Slot ID"
+#~ msgstr "ID de la ranura"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID de la ranura"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador de la ranura de PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificador de la ranura de PKCS#11"
+#~ msgid "Connection is already closed"
+#~ msgstr "La conexión ya está cerrada"

diff --git a/po/eu.po b/po/eu.po
index 0fecb7a..eca2324 100644 (file)
--- a/po/eu.po
+++ b/po/eu.po
@@ -3,153 +3,281 @@
 # This file is distributed under the same license as the PACKAGE package.
 #
 # Iñaki Larrañaga Murgoitio <dooteo@euskalgnu.org>, 2011, 2012.
-# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2013
+# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2013, 2017.
+# Asier Sarasua Garmendia <asier.sarasua@gmail.com>, 2019.
 msgid ""
-msgstr ""
-"Project-Id-Version: eu\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-03-20 09:36+0100\n"
-"PO-Revision-Date: 2013-03-04 23:35+0100\n"
-"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n"
-"Language-Team: Basque <itzulpena@euskalgnu.org>\n"
+msgstr "Project-Id-Version: eu\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-08 10:00+0100\n"
+"Last-Translator: Asier Sarasua Garmendia <asier.sarasua@gmail.com>\n"
+"Language-Team: Basque <librezale@librezale.eus>\n"
 "Language: eu\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 1.0\n"
+"X-Generator: OmegaT 4.1.5\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Proxyen ebaztailearen barneko errorea."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Konexioa itxi egin da"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Eragiketa blokea daiteke"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Zerbitzariak TLS ziurtagiria behar du"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Ezin izan da DER ziurtagiria analizatu: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Ezin izan da PEM ziurtagiria analizatu: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Ezin izan da DER gako pribatua analizatu: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Ezin izan da PEM gako pribatua analizatu: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Ez da ziurtagiriaren daturik eman"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Zerbitzariak TLS ziurtagiria behar du"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Ezin izan da TLS konexioa sortu: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "Konexioa itxi egin da"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ezin izan da blokeo-eragiketa gauzatu TLS diosalean"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
-msgid "Operation would block"
-msgstr "Eragiketa blokea daiteke"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "S/Iko socketaren denbora-muga gaindituta"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Parekoak huts egin du TLS diosala lantzean"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Parekoak TLSren diosala ilegala eskatu du"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS konexioa ustekabean itxi da"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS konexioaren parekoak ez du ziurtagiria bidali"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Onartu gabeko TLS ziurtagiria"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Parekoak TLS abisu larria bidali du: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Protokolo-bertsioaren zaharkitze-erasoa detektatu da"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Mezua luzeegia da DTLS konexiorako; gehienekoa %u byte da"
+msgstr[1] "Mezua luzeegia da DTLS konexiorako; gehienekoa %u byte dira"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Eragiketak denbora agortu du"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Parekoak ez du onartzen birnegoziazio segurua"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Errorea TLS diosala lantzean"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Errorea datuak TLS socketetik irakurtzean"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Banderak jasotzea ez dago onartuta"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Errorea datuak TLS socketera idaztean"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "%lu byte-ko mezua luzeegia da DTLS konexiorako"
+msgstr[1] "%lu byte-ko mezua luzeegia da DTLS konexiorako"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(gehienekoa %u byte da)"
+msgstr[1] "(gehienekoa %u byte dira)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Banderak bidaltzea ez dago onartuta"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Errorea TLSren itxiera lantzean"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr "Huts egin du sistema-konfiantzaren biltegia kargatzeak: GnuTLS ez dago konfiguratuta sistema-konfiantzarekin"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Huts egin du sistema-konfiantzaren biltegia kargatzeak: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Ziurtagiriak ez dauka gako pribaturik"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ezin izan da TLS testuingurua sortu: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Laburpena handiegia da RSA gakorako"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Errorea TLS diosala lantzean: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Zerbitzariak ez du baliozko TLS ziurtagiria itzuli"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
-msgid "Unacceptable TLS certificate"
-msgstr "Onartu gabeko TLS ziurtagiria"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Errorea TLS socketetik datuak irakurtzean: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Errorea TLS socketean datuak idaztean: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "Konexioa jadanik itxita dago"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Errorea TLSren itxiera lantzean: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Ziurtagiriak ez dauka gako pribaturik"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Arazoa dago ziurtagiriarekin: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "Hau azken aukera da PINa ongi sartzeko, tokena blokeatu aurretik."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Arazoa dago ziurtagiriaren gako pribatuarekin: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Sartu diren hainbat PIN ez dira zuzenak, eta tokena blokeatu egin da "
-"hutsegite gehiagoren ondoren."
-
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Sartutako PINa okerrekoa da."
-
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modulua"
-
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 moduluaren erakuslea"
-
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Erretenaren IDa"
-
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 erretenaren identifikatzailea"
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "Hau azken aukera da PINa ongi sartzeko, tokena blokeatu aurretik."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Sartu diren hainbat PIN ez dira zuzenak, eta tokena blokeatu egin da "
+#~ "hutsegite gehiagoren ondoren."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Sartutako PINa okerrekoa da."
+
+#~ msgid "Module"
+#~ msgstr "Modulua"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 moduluaren erakuslea"
+
+#~ msgid "Slot ID"
+#~ msgstr "Erretenaren IDa"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 erretenaren identifikatzailea"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Konexioa jadanik itxita dago"

diff --git a/po/fa.po b/po/fa.po
index cc45089..e58014b 100644 (file)
--- a/po/fa.po
+++ b/po/fa.po
@@ -6,10 +6,10 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
 "product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-03-23 18:10+0330\n"
+"POT-Creation-Date: 2017-05-23 15:17+0000\n"
+"PO-Revision-Date: 2017-09-30 00:38+0330\n"
 "Last-Translator: Arash Mousavi <mousavi.arash@gmail.com>\n"
 "Language-Team: Persian\n"
 "Language: fa\n"
@@ -17,116 +17,116 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-Poedit-SourceCharset: utf-8\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 2.0.4\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "خطای داخلی تحلیل‌گر پیشکار."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "تجزیه گواهینامه DER امکان‌پذیر نبود: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "تجزیه گواهینامه PEM امکان‌پذیر نبود: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "تجزیه کلید خصوصی DER امکان‌پذیر نبود: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "تجزیه کلید خصوصی PEM امکان‌پذیر نبود: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "هیچ اطلاعات گواهینامه‌ای ارائه نشده"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
 msgstr "کارگزار به گواهینامه TLS احتیاج دارد"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "نمی‌توان اتصال TLS ایجاد کرد: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: tls/gnutls/gtlsconnection-gnutls.c:572
 msgid "Connection is closed"
 msgstr "اتصال بسته شده است"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
 msgid "Operation would block"
 msgstr "عملیات می‌تواند بلوکه شود"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
 msgstr "برقراری TLS handshake توسط همتا شکست خورد"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "همتا درخواست یک TLS rehandshake غیرقانونی کرده است"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "اتصال TLS بطور غیر منتظره‌ای شکست خورد"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "TLS connection closed unexpectedly"
+#: tls/gnutls/gtlsconnection-gnutls.c:847
 msgid "TLS connection peer did not send a certificate"
 msgstr "همتا اتصال TLS گواهینامه‌ای ارسال نکرد"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "همتا یک هشدارِ جدی TLS ارسال کرد: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "خطا در هنگام انجام TLS handshake. خطا: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
-msgid "Unacceptable TLS certificate"
-msgstr "گواهینامه TLS غیر قابل پذیرش"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
-#| msgid "Server required TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
 msgid "Server did not return a valid TLS certificate"
 msgstr "کارگزار گواهینامه TLS معتبری ارسال نکرد"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
+msgid "Unacceptable TLS certificate"
+msgstr "گواهینامه TLS غیر قابل پذیرش"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "خطا در هنگام هواندن اطلاعات از طریق سوکت TLS. خط: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "خطا در هنگام نوشتن اطلاعات در سوکت TLS. خطا: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "اتصال از قبل بسته شده است"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "خطا در هنگام انجام بستن TLS. خطا: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
 msgid "Certificate has no private key"
 msgstr "گواهینامه هیچ کلید خصوصی‌ای ندارد"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
 msgstr "آخرین شانس برای صحیح وارد کردن PIN قبل از قفل شدن رمز است."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -134,22 +134,25 @@ msgstr ""
 "تعدادی از تلاش‌های برای وارد کردن PIN شکست خورده است، و رمز پس از شکست‌های "
 "بعدی قفل خواهد شد."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "عبارت PIN وارد شده نادرست است."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:449
 msgid "Module"
 msgstr "ماژول"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:450
 msgid "PKCS#11 Module Pointer"
 msgstr "نشانگر ماژول PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:457
 msgid "Slot ID"
 msgstr "شناسه‌ی جایگاه"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:458
 msgid "PKCS#11 Slot Identifier"
 msgstr "شناساگر جایگاه PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "اتصال از قبل بسته شده است"

diff --git a/po/fi.po b/po/fi.po
index 792afb8..96f9dec 100644 (file)
--- a/po/fi.po
+++ b/po/fi.po
@@ -9,10 +9,10 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-03-20 23:44+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"PO-Revision-Date: 2019-02-07 21:37+0200\n"
 "Last-Translator: Jiri Grönroos <jiri.gronroos+l10n@iki.fi>\n"
 "Language-Team: Finnish <gnome-fi-laatu@lists.sourceforge.net>\n"
 "Language: fi\n"
@@ -20,142 +20,253 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-POT-Import-Date: 2012-02-19 15:16:01+0000\n"
-"X-Generator: Lokalize 1.5\n"
+"X-Generator: Poedit 2.0.6\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Väliselvityspalvelimen sisäinen virhe."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Yhteys on suljettu"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Palvelin vaatii TLS-varmenteen"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "DER-varmennetta ei voitu jäsentää: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "PEM-varmennetta ei voitu jäsentää: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "DER-yksityisavainta ei voitu jäsentää: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "PEM-yksityisavainta ei voitu jäsentää: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Varmennetietoja ei tarjottu"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Palvelin vaatii TLS-varmenteen"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:537
+#: tls/openssl/gtlsserverconnection-openssl.c:401
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Ei voitu luoda TLS-yhteyttä: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Yhteys on suljettu"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
+#: tls/gnutls/gtlsconnection-gnutls.c:858
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+msgid "Socket I/O timed out"
 msgstr ""
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Vastapuoli ei kyennyt suoriutumaan TLS-kättelystä"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1021
+#: tls/openssl/gtlsconnection-openssl.c:234
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Vastapuoli pyysi laitonta TLS-uusintakättelyä"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1042
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-yhteys katkesi yllättäen"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:171
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS-yhteyden vertainen ei lähettänyt varmennetta"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:2160
+#: tls/openssl/gtlsconnection-openssl.c:416
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Virhe suoritettaessa TLS-kättelyä: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "TLS-varmenne ei ole hyväksyttävä"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Vertainen lähetti kohtalokkaan TLS-hälytyksen: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1076
+msgid "Protocol version downgrade attack detected"
+msgstr "Havaittiin yhteyskäytännön version alentamishyökkäys"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+msgid "The operation timed out"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1981
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2008
+#: tls/gnutls/gtlsconnection-gnutls.c:2058
+msgid "Error performing TLS handshake"
+msgstr "Virhe suoritettaessa TLS-kättelyä"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2510
+#: tls/gnutls/gtlsconnection-gnutls.c:2602
+msgid "Error reading data from TLS socket"
+msgstr "Virhe luettaessa tietoa TLS-pistokkeesta"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#, c-format
+msgid "Receive flags are not supported"
+msgstr ""
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2709
+#: tls/gnutls/gtlsconnection-gnutls.c:2781
+msgid "Error writing data to TLS socket"
+msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#, c-format
+msgid "Send flags are not supported"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2915
+msgid "Error performing TLS close"
+msgstr "Virhe suoritettaessa TLS-sulkemista"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgid "Certificate has no private key"
+msgstr "Varmenteella ei ole yksityistä avainta"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:486
+#: tls/openssl/gtlsserverconnection-openssl.c:292
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Ei voitu luoda TLS-kontekstia: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:179
+msgid "Digest too big for RSA key"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:243
+#: tls/openssl/gtlsconnection-openssl.c:376
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Virhe suoritettaessa TLS-kättelyä: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:386
 msgid "Server did not return a valid TLS certificate"
 msgstr "Palvelin ei palauttanut kelvollista TLS-varmennetta"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:500
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Virhe luettaessa tietoa TLS-pistokkeesta: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:526
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Yhteys on jo suljettu"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:552
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Virhe suoritettaessa TLS-sulkemista: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Varmenteella ei ole yksityistä avainta"
+#: tls/openssl/gtlsserverconnection-openssl.c:335
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Varmenteen yksityisen avaimen kanssa on ongelma: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Tämä on viimeinen mahdollisuus antaa oikea PIN, ennen kuin valtuus "
-"lukitaan."
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Varmenteen kanssa on ongelma: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Useat PIN-yritykset ovat epäonnistuneet, ja valtuus lukitaan seuraavien "
-"epäonnistumisten myötä."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Tämä on viimeinen mahdollisuus antaa oikea PIN, ennen kuin valtuus "
+#~ "lukitaan."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Syötetty PIN-koodi on virheellinen."
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Useat PIN-yritykset ovat epäonnistuneet, ja valtuus lukitaan seuraavien "
+#~ "epäonnistumisten myötä."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Moduuli"
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Syötetty PIN-koodi on virheellinen."
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr ""
+#~ msgid "Module"
+#~ msgstr "Moduuli"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Paikan tunniste"
+#~ msgid "Slot ID"
+#~ msgstr "Paikan tunniste"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11-paikan tunniste"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11-paikan tunniste"
 
+#~ msgid "Connection is already closed"
+#~ msgstr "Yhteys on jo suljettu"

diff --git a/po/fr.po b/po/fr.po
index 4d10ea0..326b549 100644 (file)
--- a/po/fr.po
+++ b/po/fr.po
@@ -1,15 +1,15 @@
 # French translation for glib-networking.
-# Copyright (C) 2011-2012 Listed translators
+# Copyright (C) 2011-2019 Listed translators
 # This file is distributed under the same license as the glib-networking package.
-# Claude Paroz <claude@2xlibre.net>, 2011-2012.
+# Claude Paroz <claude@2xlibre.net>, 2011-2019.
+# Charles Monzat <charles.monzat@numericable.fr>, 2018.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-02-22 13:25+0000\n"
-"PO-Revision-Date: 2013-02-25 20:13+0100\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"PO-Revision-Date: 2018-11-15 19:44+0100\n"
 "Last-Translator: Claude Paroz <claude@2xlibre.net>\n"
 "Language-Team: GNOME French Team <gnomefr@traduc.org>\n"
 "Language: fr\n"
@@ -18,137 +18,226 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Erreur interne du résolveur de serveur mandataire."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "La connexion est fermée"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L’opération serait bloquante"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Le serveur requiert un certificat TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
-msgstr "Impossible d'analyser le certificat DER : %s"
+msgstr "Impossible d’analyser le certificat DER : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
-msgstr "Impossible d'analyser le certificat PEM : %s"
+msgstr "Impossible d’analyser le certificat PEM : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
-msgstr "Impossible d'analyser la clé privée DER : %s"
+msgstr "Impossible d’analyser la clé privée DER : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
-msgstr "Impossible d'analyser la clé privée PEM : %s"
+msgstr "Impossible d’analyser la clé privée PEM : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Aucune donnée de certificat fournie"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Le serveur requiert un certificat TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:537
+#: tls/openssl/gtlsserverconnection-openssl.c:401
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Impossible de créer une connexion TLS : %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "La connexion est fermée"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1419
-msgid "Operation would block"
-msgstr "L'opération serait bloquée"
+#: tls/gnutls/gtlsconnection-gnutls.c:858
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+msgid "Socket I/O timed out"
+msgstr "Les entrées/sorties du connecteur ont expiré"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "La négociation TLS avec le serveur pair a échoué"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1021
+#: tls/openssl/gtlsconnection-openssl.c:234
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Le serveur pair a demandé une renégociation TLS non autorisée"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1042
 msgid "TLS connection closed unexpectedly"
 msgstr "La connexion TLS a été fermée de manière inattendue"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:765
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:171
 msgid "TLS connection peer did not send a certificate"
-msgstr "Le pair TLS n'a pas envoyé de certificat"
+msgstr "Le pair TLS n’a pas envoyé de certificat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1146
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1165
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:2160
+#: tls/openssl/gtlsconnection-openssl.c:416
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Erreur lors de la négociation TLS : %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1175
-msgid "Server did not return a valid TLS certificate"
-msgstr "Le serveur n'a pas renvoyé un certificat TLS valide"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
 msgid "Unacceptable TLS certificate"
 msgstr "Certificat TLS inacceptable"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1442
+#: tls/gnutls/gtlsconnection-gnutls.c:1064
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Erreur lors de la lecture de données du connecteur TLS : %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Le pair a envoyé une alerte TLS fatale : %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1076
+msgid "Protocol version downgrade attack detected"
+msgstr "Une attaque par régression de version de protocole a été détectée"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1471
+#: tls/gnutls/gtlsconnection-gnutls.c:1083
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Erreur lors de l'écriture de données sur le connecteur TLS : %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Le message est trop grand pour la connexion DTLS ; le maximum est de %u octet"
+msgstr[1] ""
+"Le message est trop grand pour la connexion DTLS ; le maximum est de %u "
+"octets"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+msgid "The operation timed out"
+msgstr "L’opération a expiré"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1981
+msgid "Peer does not support safe renegotiation"
+msgstr "Le pair ne prend pas en charge la renégociation sûre"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2008
+#: tls/gnutls/gtlsconnection-gnutls.c:2058
+msgid "Error performing TLS handshake"
+msgstr "Erreur lors de la négociation TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2510
+#: tls/gnutls/gtlsconnection-gnutls.c:2602
+msgid "Error reading data from TLS socket"
+msgstr "Erreur lors de la lecture de données du connecteur TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Les drapeaux de réception ne sont pas pris en charge"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1515
-msgid "Connection is already closed"
-msgstr "La connexion est déjà fermée"
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2709
+#: tls/gnutls/gtlsconnection-gnutls.c:2781
+msgid "Error writing data to TLS socket"
+msgstr "Erreur lors de l’écriture de données sur le connecteur TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1525
+#: tls/gnutls/gtlsconnection-gnutls.c:2751
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Erreur lors de la fermeture TLS : %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Un message de %lu octet est trop grand pour la connexion DTLS"
+msgstr[1] "Un message de %lu octets est trop grand pour la connexion DTLS"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Le certificat n'a pas de clé privée"
+#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(le maximum est de %u octet)"
+msgstr[1] "(le maximum est de %u octets)"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"C'est la dernière chance d'entrer le PIN correct avant que la carte à puce "
-"soit verrouillée."
+#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Les drapeaux d’envoi ne sont pas pris en charge"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/gnutls/gtlsconnection-gnutls.c:2915
+msgid "Error performing TLS close"
+msgstr "Erreur lors de la fermeture TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
 msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
 msgstr ""
-"Plusieurs PIN incorrects ont été saisis, toute nouvelle erreur provoquera le "
-"verrouillage de la carte à puce."
+"Impossible de charger le stockage de confiance système : GnuTLS n’a pas été "
+"configuré avec une confiance système"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Impossible de charger le stockage de confiance système : %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgid "Certificate has no private key"
+msgstr "Le certificat n’a pas de clé privée"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:486
+#: tls/openssl/gtlsserverconnection-openssl.c:292
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossible de créer un contexte TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:179
+msgid "Digest too big for RSA key"
+msgstr "L’empreinte est trop longue pour une clé RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:243
+#: tls/openssl/gtlsconnection-openssl.c:376
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erreur lors de la négociation TLS : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:386
+msgid "Server did not return a valid TLS certificate"
+msgstr "Le serveur n’a pas renvoyé un certificat TLS valide"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Le PIN saisi n'est pas correct."
+#: tls/openssl/gtlsconnection-openssl.c:500
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Erreur lors de la lecture de données du connecteur TLS : %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Module"
+#: tls/openssl/gtlsconnection-openssl.c:526
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Erreur lors de l’écriture de données sur le connecteur TLS : %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Pointeur de module PKCS#11"
+#: tls/openssl/gtlsconnection-openssl.c:552
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Erreur lors de la fermeture TLS : %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID d'emplacement"
+#: tls/openssl/gtlsserverconnection-openssl.c:335
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Il y a un problème avec la clé privée du certificat : %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identifiant d'emplacement PKCS#11"
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Il y a un problème avec le certificat : %s"

diff --git a/po/fur.po b/po/fur.po
index b4fcef4..39d8c2e 100644 (file)
--- a/po/fur.po
+++ b/po/fur.po
@@ -6,148 +6,283 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-04-08 06:55+0000\n"
-"PO-Revision-Date: 2016-04-08 18:19+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-04 13:31+0100\n"
 "Last-Translator: Fabio Tomat <f.t.public@gmail.com>\n"
 "Language-Team: Friulian <fur@li.org>\n"
 "Language: fur\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.8.5\n"
+"X-Generator: Poedit 2.2.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Erôr interni dal resolver proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "La conession e je sierade"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Le operazion e podarès blocâsi"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Il server al domande un certificât TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Impussibil analizâ il certificât DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Impussibil analizâ il certificât PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Impussibil analizâ la clâf privade DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Impussibil analizâ la clâf privade PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nissun dât di certificât dât"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "Il server al domande un certificât TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:323
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Impussibil creâ la conession TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:585
-msgid "Connection is closed"
-msgstr "La conession e je sierade"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Impussibil eseguî la operazion di bloc intant che si eseguìs il handshake TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:658
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
-msgid "Operation would block"
-msgstr "Le operazion e podarès blocâsi"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "I/O dal socket scjadût"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:808
-#: ../tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
-msgstr "Il grop nol è rivât a eseguî il handshake TLS"
+msgstr "Il pâr nol è rivât a eseguî il handshake TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:826
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
-msgstr "Il grop al à domandât un rehandshake TLS no lecit"
+msgstr "Il pâr al à domandât un rehandshake TLS no lecit"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "Sieradure inspietade de conession TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:863
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
-msgstr "Il grop di conession TLS nol à inviât un certificât"
+msgstr "Il pâr di conession TLS nol à inviât un certificât"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificât TLS no acetabil"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Il pâr al à inviât l'avîs TLS fatâl: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Scuviert atac pal passaç a une version inferiôr de version di protocol"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Il messaç al è masse grant pe conession DTLS; il massim al è di %u byte"
+msgstr[1] ""
+"Il messaç al è masse grant pe conession DTLS; il massim al è di %u byte"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "La operazion e je scjadude"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Il “peer” nol supuarte la rinegoziazion sigure"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Erôr tal eseguî il handshake TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Erôr tal lei dâts dal socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Lis opzions di ricezion no son supuartadis"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Erôr tal scrivi dâts al socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Il messaç di dimension %lu byte al è masse grant pe conession DTLS"
+msgstr[1] "Il messaç di dimension %lu byte al è masse grant pe conession DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(il massim al è %u byte)"
+msgstr[1] "(il massim al è %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Lis opzions par inviâ no son supuartadis"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Erôr tal sierâ TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"No si è rivâts a cjariâ l'archivi di fiducie dal sisteme: GnuTLS nol jere "
+"configurât cuntune fiducie di sisteme"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "No si è rivâts a cjariâ l'archivi di fiducie dal sisteme: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Il certificât nol à une clâf privade"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impussibil creâ il contest TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Digest masse grant pe clâf RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Erôr tal eseguî il handshake TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Il server nol à tornât un certificât TLS valit"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
-msgid "Unacceptable TLS certificate"
-msgstr "certificât TLS no acetabil"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "Erôr tal lei dâts tal socket TLS: %s"
+msgstr "Erôr tal lei dâts dal socket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "Erôr tal scrivi dâts tal socket TLS: %s"
+msgstr "Erôr tal scrivi dâts al socket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Erôr tal sierâ TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
-msgid "Certificate has no private key"
-msgstr "Il certificât nol à une clâf privade"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Si à un probleme cul certificât: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is locked."
-msgstr ""
-"Cheste e je la ultime pussibilitât par inserî il PIN coret prime che al vegni "
-"blocât il token."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Si à un probleme cun la clâf privade dal certificât: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"A son stâts fats une vore di tentatîfs par meti il PIN, il token al sarà "
-"blocât dopo altris faliments."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Cheste e je la ultime pussibilitât par inserî il PIN coret prime che al "
+#~ "vegni blocât il token."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "A son stâts fats une vore di tentatîfs par meti il PIN, il token al sarà "
+#~ "blocât dopo altris faliments."
 
-#: ../tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Il PIN dât nol è coret."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Il PIN dât nol è coret."
 
-#: ../tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "Modul"
+#~ msgid "Module"
+#~ msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "Pontadôr modul PKCS#11"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Pontadôr modul PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "ID dal slot"
+#~ msgid "Slot ID"
+#~ msgstr "ID dal slot"
 
-#: ../tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificadôr Slot PKCS#11"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificadôr Slot PKCS#11"
 
 #~ msgid "Connection is already closed"
 #~ msgstr "La conession a je za sierade"

diff --git a/po/gd.po b/po/gd.po
index a1ed032..db98bff 100644 (file)
--- a/po/gd.po
+++ b/po/gd.po
@@ -1,14 +1,14 @@
 # Scottish Gaelic translation for glib-networking.
 # Copyright (C) 2016 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
-# GunChleoc <fios@foramnagaidhlig.net>, 2016.
+# GunChleoc <fios@foramnagaidhlig.net>, 2016, 2018.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
-"eywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-04-28 06:59+0000\n"
-"PO-Revision-Date: 2016-04-28 15:01+0100\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&"
+"keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-10-17 22:59+0000\n"
+"PO-Revision-Date: 2018-03-01 10:39+0100\n"
 "Last-Translator: GunChleoc <fios@foramnagaidhlig.net>\n"
 "Language-Team: Fòram na Gàidhlig\n"
 "Language: gd\n"
@@ -20,103 +20,108 @@ msgstr ""
 "X-Generator: Virtaal 0.7.1\n"
 "X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "Mearachd taobh a-stagh an fhuasglaiche progsaidh."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Cha deach leinn teisteanas DER a pharsadh: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Cha deach leinn teisteanas PEM a pharsadh: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Cha deach leinn iuchair phrìobhaideach DER a pharsadh: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Cha deach leinn iuchair phrìobhaideach PEM a pharsadh: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "Cha deach dàta teisteanais a thoirt seachad"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
-msgstr "Dh'iarr am frithealaiche teisteanas TLS"
+msgstr "Dh’iarr am frithealaiche teisteanas TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:323
+#: tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
-msgstr "Cha b' urrainn dhuinn ceangal TLS a chruthachadh: %s"
+msgstr "Cha b’ urrainn dhuinn ceangal TLS a chruthachadh: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:585
+#: tls/gnutls/gtlsconnection-gnutls.c:572
 msgid "Connection is closed"
 msgstr "Chaidh an ceangal a dhùnadh"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:658
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
 msgid "Operation would block"
 msgstr "Dhèanadh an t-obrachadh bacadh"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:808
-#: ../tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
 msgstr "Cha do rinn an seise crathadh-làimhe TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:826
+#: tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
-msgstr "Dh'iarr an seise ath-chrathadh-làimhe TLS mì-dhligheach"
+msgstr "Dh’iarr an seise ath-chrathadh-làimhe TLS mì-dhligheach"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "Chaidh an ceangal TLS a dhùnadh gun dùil"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:863
+#: tls/gnutls/gtlsconnection-gnutls.c:847
 msgid "TLS connection peer did not send a certificate"
-msgstr "Cha do chuir seise a' cheangail TLS teisteanas"
+msgstr "Cha do chuir seise a’ cheangail TLS teisteanas"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Chuir an t-seise caismeachd TLS mharbhtach: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Mearachd le crathadh-làimhe TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
 msgid "Server did not return a valid TLS certificate"
 msgstr "Cha do thill am frithealaiche teisteanas TLS dligheach"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
 msgid "Unacceptable TLS certificate"
 msgstr "Teisteanas TLS ris nach gabhar"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
 #, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "Mearachd a' leughadh dàta on t-socaid TLS: %s"
+msgstr "Mearachd a’ leughadh dàta on t-socaid TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
 #, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "Mearachd a' sgrìobhadh dàta dhan t-socaid TLS: %s"
+msgstr "Mearachd a’ sgrìobhadh dàta dhan t-socaid TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Mearachd le dùnadh TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
 msgid "Certificate has no private key"
 msgstr "Chan eil iuchair phrìobhaideach aig an teisteanas"
 
-#: ../tls/pkcs11/gpkcs11pin.c:111
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
@@ -124,30 +129,30 @@ msgstr ""
 "Seo an cothrom mu dheireadh gus am PIN a chur a-steach mar bu chòir mus dèid "
 "an tòcan a ghlasadh."
 
-#: ../tls/pkcs11/gpkcs11pin.c:113
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
 msgstr ""
-"Chaidh iomadh oidhirp air a' PIN gu cearr agus thèid an tòcan a ghlasadh ma "
+"Chaidh iomadh oidhirp air a’ PIN gu cearr agus thèid an tòcan a ghlasadh ma "
 "bhios e cearr a-rithist."
 
-#: ../tls/pkcs11/gpkcs11pin.c:115
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Chan eil am PIN a chaidh a chur a-steach mar bu chòir."
 
-#: ../tls/pkcs11/gpkcs11slot.c:449
+#: tls/pkcs11/gpkcs11slot.c:449
 msgid "Module"
 msgstr "Mòideal"
 
-#: ../tls/pkcs11/gpkcs11slot.c:450
+#: tls/pkcs11/gpkcs11slot.c:450
 msgid "PKCS#11 Module Pointer"
 msgstr "Tomhaire mòideil PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:457
+#: tls/pkcs11/gpkcs11slot.c:457
 msgid "Slot ID"
 msgstr "ID an t-slota"
 
-#: ../tls/pkcs11/gpkcs11slot.c:458
+#: tls/pkcs11/gpkcs11slot.c:458
 msgid "PKCS#11 Slot Identifier"
 msgstr "Aithnichear an t-slota PKCS#11"

diff --git a/po/gl.po b/po/gl.po
index b85ee17..aa2f2bc 100644 (file)
--- a/po/gl.po
+++ b/po/gl.po
@@ -5,153 +5,292 @@
 # Proxecto Trasno - Adaptación do software libre á lingua galega:  Se desexas
 # colaborar connosco, podes atopar máis información en <http://trasno.net>
 # Fran Diéguez <frandieguez@ubuntu.com>, 2011.
-# Fran Dieguez <frandieguez@gnome.org>, 2011, 2012.
+# Fran Dieguez <frandieguez@gnome.org>, 2011, 2012, 2017, 2018, 2019.
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2012-12-24 22:51+0100\n"
-"PO-Revision-Date: 2012-12-24 22:52+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-03 21:41+0200\n"
 "Last-Translator: Fran Dieguez <frandieguez@gnome.org>\n"
-"Language-Team: gnome-l10n-gl@gnome.org\n"
+"Language-Team: Galician\n"
 "Language: gl\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Generator: Virtaal 0.7.1\n"
+"X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Erro interno do resolvedor de proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "A conexión está pechada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A operación bloquearase"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "O servidor require un certificado TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Non foi posíbel analizar o certificado DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Non foi posíbel analizar o certificado PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Non foi posíbel analizar a chave privada DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Non foi posíbel analizar a chave privada PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Non se forneceu ningún dato do certificado"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "O servidor require un certificado TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:257
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Non foi posíbel crear a conexión TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:518
-msgid "Connection is closed"
-msgstr "A conexión está pechada"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Produciuse un erro ao realizar a operación de bloqueo durante a negociación "
+"TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:580
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1417
-msgid "Operation would block"
-msgstr "A operación bloquearase"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Tempo de espera do Socket de E/S superado"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:710
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "O par fallou ao realizar a negociación TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:727
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "O par solicitou unha renegociación TLS inaceptábel"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:753
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "A conexión TLS pechouse de forma inesperada"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:763
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "O par da conexión TLS non enviou un certificado"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1144
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1163
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceptábel"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "O par envióu unha alerta TLS fatal: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Ataque de degradación de versión do protocolo detectada"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"O mensaxe é demasiado largo para a conexión DTLS; o máximo é %u byte"
+msgstr[1] ""
+"O mensaxe é demasiado largo para a conexión DTLS; o máximo é %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "A operación superou o tempo máximo permitido"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "O par non admite a renegociación segura"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Produciuse un erro ao realizar a negociación TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Produciuse un erro ao ler datos do socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "As bandeiras de recepción non se admiten"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Produciuse un erro ao escribir datos no socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+"O mensaxe de %lu byte de tamaño é demasiado largo para a conexión DTLS"
+msgstr[1] ""
+"O mensaxe de %lu bytes de tamaño é demasiado largo para a conexión DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(o máximo é %u byte)"
+msgstr[1] "(o máximo é %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "As bandeiras de envío non se admiten"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Produciuse un erro ao pechar o TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Produciuse un fallo ao cargar o almacén seguro do sitema: GnuTLS non foi "
+"configurada como unha confiaza do sistema"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Produciuse un fallo ao cargar o almacén de confianza do sistema: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "O certificado no ten unha chave privada"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Non foi posíbel crear o contexto de TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "O Digest é demasiado grande para unha chave RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Produciuse un erro ao realizar a negociación TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1173
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "O servidor non devolveu un certificado TLS válido"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1248
-msgid "Unacceptable TLS certificate"
-msgstr "Certificado TLS inaceptábel"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1440
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "Produciuse un erro ao ler datos do conectador TLS: %s"
+msgstr "Produciuse un erro ao ler datos do socket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1469
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "Produciuse un erro ao escribir datos no conectador TLS: %s"
+msgstr "Produciuse un erro ao escribir datos no socket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1513
-msgid "Connection is already closed"
-msgstr "A conexión está pechada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1523
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
-msgstr "Produciuse un erro ao realizar o peche de TLS: %s"
+msgstr "Produciuse un erro ao pechar o TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "O certificado no ten unha chave privada"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Hai un problema co certificado: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Esta é a última oportunidade para escribir o PIN correctamente antes de que "
-"o token está bloqueado."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Hai un problema coa chave privada do certificado: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Varios intentos de introducir o PIN foron incorrectos e o «token» "
-"bloquearase despois de máis fallos."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta é a última oportunidade para escribir o PIN correctamente antes de "
+#~ "que o token está bloqueado."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Varios intentos de introducir o PIN foron incorrectos e o «token» "
+#~ "bloquearase despois de máis fallos."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN escrito é incorrecto."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "O PIN escrito é incorrecto."
+#~ msgid "Module"
+#~ msgstr "Módulo"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Módulo"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Punteiro do módulo PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Punteiro do módulo PKCS#11"
+#~ msgid "Slot ID"
+#~ msgstr "ID da ranura"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID da ranura"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador da ranura PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificador da ranura PKCS#11"
+#~ msgid "Connection is already closed"
+#~ msgstr "A conexión está pechada"

diff --git a/po/he.po b/po/he.po
index 2760e5f..45fdb35 100644 (file)
--- a/po/he.po
+++ b/po/he.po
@@ -7,9 +7,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2012-11-30 10:53+0200\n"
-"PO-Revision-Date: 2012-11-30 10:53+0200\n"
-"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
+"POT-Creation-Date: 2017-11-26 16:17+0200\n"
+"PO-Revision-Date: 2017-11-26 16:22+0200\n"
+"Last-Translator: Yosef Or Boczko <yoseforb@gmail.com>\n"
 "Language-Team: Hebrew <sh.yaron@gmail.com>\n"
 "Language: he\n"
 "MIME-Version: 1.0\n"
@@ -20,130 +20,179 @@ msgstr ""
 "X-Poedit-Country: ISRAEL\n"
 "X-Poedit-SourceCharset: UTF-8\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "שגיאה פנימית בפתרון המתווך."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: ../tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "לא ניתן לפענח את אישור ה־DER:‏ %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: ../tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "לא ניתן לפענח את אישור ה־PEM:‏ %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: ../tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "לא ניתן לפענח את מפתח ה־DER הפרטי: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: ../tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "לא ניתן לפענח את מפתח ה־PEM הפרטי: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: ../tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "לא סופקו נתוני אישור"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:396
 msgid "Server required TLS certificate"
 msgstr "השרת דורש תעודת TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: ../tls/gnutls/gtlsconnection-gnutls.c:382
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "לא ניתן ליצור חיבור TLS:‏ %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: ../tls/gnutls/gtlsconnection-gnutls.c:677
 msgid "Connection is closed"
 msgstr "החיבור סגור"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:577
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1383
+#: ../tls/gnutls/gtlsconnection-gnutls.c:752
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2152
 msgid "Operation would block"
 msgstr "הפעולה תיחסם"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:704
+#: ../tls/gnutls/gtlsconnection-gnutls.c:793
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1374
+msgid "Socket I/O timed out"
+msgstr "אזל הזמן שהוקצב לקריאה/כתיבה לשקע"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:927
+#: ../tls/gnutls/gtlsconnection-gnutls.c:966
 msgid "Peer failed to perform TLS handshake"
 msgstr "העמית נכשל בלחיצת היד מסוג TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:721
+#: ../tls/gnutls/gtlsconnection-gnutls.c:945
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "העמית ביקש לחיצת יד חוזרת מסוג TLS בלתי חוקית"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:747
+#: ../tls/gnutls/gtlsconnection-gnutls.c:972
 msgid "TLS connection closed unexpectedly"
 msgstr "החיבור ל־TLS נסגר באופן בלתי צפוי"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:757
+#: ../tls/gnutls/gtlsconnection-gnutls.c:982
 msgid "TLS connection peer did not send a certificate"
 msgstr "הצד השני בחיבור ה־TLS לא החזיר תעודה"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1065
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1084
+#: ../tls/gnutls/gtlsconnection-gnutls.c:988
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "שגיאה בביצוע לחיצת יד מסוג TLS:‏ %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr ""
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1229
-msgid "Unacceptable TLS certificate"
-msgstr "אישור ה־TLS אינו מקובל"
+#: ../tls/gnutls/gtlsconnection-gnutls.c:996
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+msgstr[1] ""
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1003
+msgid "The operation timed out"
+msgstr "זמן הפעולה אזל."
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1240
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1780
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1831
+msgid "Error performing TLS handshake"
+msgstr "שגיאה בביצוע לחיצת יד מסוג TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1841
 msgid "Server did not return a valid TLS certificate"
 msgstr "השרת לא החזיר תעודת TLS תקפה"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1406
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1917
+msgid "Unacceptable TLS certificate"
+msgstr "אישור ה־TLS אינו מקובל"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2185
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2276
+msgid "Error reading data from TLS socket"
+msgstr "שגיאה בקריאת הנתונים משקע ה־TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2306
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "ש×\92×\99×\90×\94 ×\91קר×\99×\90ת ×\94× ×ª×\95× ×\99×\9d ×\9eשקע ×\94Ö¾TLS:â\80\8f %s"
+msgid "Receive flags are not supported"
+msgstr "ק×\91×\9cת ×\93×\92×\9c×\99×\9d ×\9c×\90 × ×ª×\9e×\9bת"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1435
+#. flags
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2382
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2453
+msgid "Error writing data to TLS socket"
+msgstr "שגיאה בכתיבת נתונים אל שקע ה־TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2423
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "שגיאה בכתיבת נתונים אל שקע ה־TLS:‏ %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+msgstr[1] ""
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1479
-msgid "Connection is already closed"
-msgstr "החיבור כבר סגור"
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2425
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] ""
+msgstr[1] ""
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1489
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2484
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "שגיאה בביצוע סגירת TLS:‏ %s"
+msgid "Send flags are not supported"
+msgstr "שליחת דגלים אינה נתמכת"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:2584
+msgid "Error performing TLS close"
+msgstr "שגיאה בביצוע סגירת TLS"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:109
 msgid "Certificate has no private key"
 msgstr "לאישור אין מפתח פרטי"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid "This is the last chance to enter the PIN correctly before the token is locked."
-msgstr "זוהי ההזדמנות האחרונה להזין את ה־PIN הנכון לפני שהאסימון ננעל."
-
 #: ../tls/pkcs11/gpkcs11pin.c:110
-msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
-msgstr "חלק מניסיונות הזנת ה־PIN עלו בתוהו והאסימון יינעל לאחר ניסיונות כושלים נוספים."
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr "זוהי ההזדמנות האחרונה להזין את ה־PIN הנכון לפני שהאסימון ננעל."
 
 #: ../tls/pkcs11/gpkcs11pin.c:112
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+"חלק מניסיונות הזנת ה־PIN עלו בתוהו והאסימון יינעל לאחר ניסיונות כושלים "
+"נוספים."
+
+#: ../tls/pkcs11/gpkcs11pin.c:114
 msgid "The PIN entered is incorrect."
 msgstr "ה־PIN שהוזן שגוי."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: ../tls/pkcs11/gpkcs11slot.c:448
 msgid "Module"
 msgstr "מודול"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: ../tls/pkcs11/gpkcs11slot.c:449
 msgid "PKCS#11 Module Pointer"
 msgstr "מצביע מודול PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: ../tls/pkcs11/gpkcs11slot.c:456
 msgid "Slot ID"
 msgstr "מזהה חריץ"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: ../tls/pkcs11/gpkcs11slot.c:457
 msgid "PKCS#11 Slot Identifier"
 msgstr "מזהה חריץ PKCS#11"
 
+#~ msgid "Connection is already closed"
+#~ msgstr "החיבור כבר סגור"

diff --git a/po/hr.po b/po/hr.po
new file mode 100644 (file)
index 0000000..8c45aba
--- /dev/null
+++ b/po/hr.po
@@ -0,0 +1,288 @@
+# Croatian translation for glib-networking
+# Copyright (c) 2015 Rosetta Contributors and Canonical Ltd 2015
+# This file is distributed under the same license as the glib-networking package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2015.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-networking\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-26 12:38+0100\n"
+"Last-Translator: gogo <trebelnik2@gmail.com>\n"
+"Language-Team: Croatian <hr@li.org>\n"
+"Language: hr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2017-04-10 14:16+0000\n"
+"X-Generator: Poedit 2.0.6\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#: proxy/libproxy/glibproxyresolver.c:159
+msgid "Proxy resolver internal error."
+msgstr "Unutrašnja greška proxy razrješitelja."
+
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Povezivanje je zatvoreno"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Radnja će blokirati"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Poslužitelj zahtijeva TLS vjerodajnicu"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Nemoguća analiza DER vjerodajnica: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Nemoguća analiza PEM vjerodajnica: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Nemoguća analiza DER privatnog ključa: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Nemoguća analiza PEM privatnog ključa: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
+msgid "No certificate data provided"
+msgstr "Nema pruženih podataka vjerodajnica"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nemoguće stvaranje TLS povezivanja: %s"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ne može se izvesti radnja blokiranja tijekom TLS rukovanja"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Istek vremena U/I priključnice"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
+msgid "Peer failed to perform TLS handshake"
+msgstr "Čvor je odbio izvesti TLS rukovanje"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
+msgid "Peer requested illegal TLS rehandshake"
+msgstr "Čvor zahtjeva ilegalno TLS ponovno rukovanje"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+msgid "TLS connection closed unexpectedly"
+msgstr "TLS povezivanje je neočekivano zatvoreno"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS čvor povezivanja nije poslao vjerodajnicu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljiva TLS vjerodajnica"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Kobno slanje točke TLS upozorenje: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Vraćena je starija inačica protokola, napad otkriven"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajt"
+msgstr[1] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta"
+msgstr[2] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Istek vremena radnje"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Točka ne podržava sigurne pregovore"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Greška izvođenja TLS rukovanja"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Greška čitanja podataka iz TLS priključnice"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Primanje oznaka nije podržano"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Greška zapisivanja podataka u TLS priključnicu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
+msgstr[1] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
+msgstr[2] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(najviše je %u bajt)"
+msgstr[1] "(najviše je %u bajta)"
+msgstr[2] "(najviše je %u bajta)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Slanje oznaka nije podržano"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Greška izvođenja TLS zatvaranja"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Neuspjelo učitavanje spremnika povjerenja sustava: GnuTLS nije podešen s "
+"povjerenjem sustava"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Neuspjelo učitavanje spremnika povjerenja sustava: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Vjerodajnica nema privatni ključ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nemoguće stvaranje TLS sadržaja: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Sadržaj je prevelik za RSA ključ"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška izvođenja TLS rukovanja: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "Poslužitelj nije vratio valjanu TLS vjerodajnicu"
+
+#: tls/openssl/gtlsconnection-openssl.c:504
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Greška čitanja podataka iz TLS priključnice: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:530
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Greška zapisivanja podataka u TLS priključnicu: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:556
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Greška izvođenja TLS zatvaranja: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Postoji problem s vjerodajnicom: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Postoji problem s privatnim ključem vjerodajnice: %s"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ovo je posljednja šansa za upis PIN-a ispravno prije nego što se token "
+#~ "zaključa."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Nekoliko PIN-ova je neispravno, i token će biti zaključan nakon budućih "
+#~ "neuspjeha."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Upisani PIN je neispravan."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 pokazivač modula"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID utora"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 identifikator utora"

diff --git a/po/hu.po b/po/hu.po
index f103912..36cc23f 100644 (file)
--- a/po/hu.po
+++ b/po/hu.po
@@ -1,158 +1,255 @@
-# Hungarian translation of glib-networking
-# Copyright (C) 2011, 2012. Free Software Foundation, Inc.
+# Hungarian translation for glib-networking.
+# Copyright (C) 2011, 2012, 2017, 2018, 2019. Free Software Foundation, Inc.
 # This file is distributed under the same license as the glib-networking package.
 #
 # Gabor Kelemen <kelemeng at gnome dot hu>, 2011, 2012.
-# Balázs Úr <urbalazs at gmail dot com>, 2012.
+# Balázs Úr <urbalazs at gmail dot com>, 2012, 2017, 2018, 2019.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2012-12-31 19:04+0100\n"
-"Last-Translator: Balázs Úr <urbalazs at gmail dot com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-03 20:37+0100\n"
+"Last-Translator: Meskó Balázs <mesko.balazs@fsf.hu>\n"
 "Language-Team: Hungarian <gnome-hu-list at gnome dot org>\n"
 "Language: hu\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 1.2\n"
-"Plural-Forms:  nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.2.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Proxyfeloldó belső hiba."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "A kapcsolat lezárva"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A művelet blokkoló lenne"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "A kiszolgáló TLS-tanúsítványt kért"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "A DER tanúsítvány nem dolgozható fel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "A PEM tanúsítvány nem dolgozható fel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "A DER személyes kulcs nem dolgozható fel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "A PEM személyes kulcs nem dolgozható fel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nincsenek megadva tanúsítványadatok"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "A kiszolgáló TLS-tanúsítványt kért"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Nem sikerült létrehozni TLS-kapcsolatot: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "A kapcsolat lezárva"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "A művelet blokkoló lenne"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "A blokkoló művelet nem végezhető el a TLS-kézfogás alatt"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "A foglalat túllépte az I/O időkorlátot"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "A partner nem tudta végrehajtani a TLS-kézfogást"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "A partner illegális ismételt TLS-kézfogást kért"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "A TLS-kapcsolat váratlanul befejeződött"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "A TLS kapcsolat partner nem küldött tanúsítványt"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Hiba a TLS-kézfogás végrehajtásakor: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Elfogadhatatlan TLS-tanúsítvány"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
-msgid "Server did not return a valid TLS certificate"
-msgstr "A kiszolgáló nem adott vissza érvényes TLS-tanúsítványt"
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "A partner végzetes TLS riasztást küldött: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Protokoll verzió visszaminősítéses támadás észlelve"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Hiba az adatok olvasásakor a TLS-foglalatból: %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Az üzenet túl nagy a DTLS kapcsolathoz; legfeljebb %u bájt lehet"
+msgstr[1] "Az üzenet túl nagy a DTLS kapcsolathoz; legfeljebb %u bájt lehet"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "A művelet túllépte az időkorlátot"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "A partner nem támogatja a biztonságos újratárgyalást"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Hiba a TLS-kézfogás végrehajtásakor"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Hiba az adatok olvasásakor a TLS-foglalatból"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "A fogadási jelzők nem támogatottak"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Hiba az adatok TLS-foglalatba írásakor"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Hiba az adatok TLS-foglalatba írásakor: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "A(z) %lu bájt méretű üzenet túl nagy a DTLS kapcsolathoz"
+msgstr[1] "A(z) %lu bájt méretű üzenet túl nagy a DTLS kapcsolathoz"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "A kapcsolat már le van zárva"
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(legfeljebb %u bájt)"
+msgstr[1] "(legfeljebb %u bájt)"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Hiba a TLS-lezárás végrehajtásakor: %s"
+msgid "Send flags are not supported"
+msgstr "A küldési jelzők nem támogatottak"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "A tanúsítványnak nincs személyes kulcsa"
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Hiba a TLS-lezárás végrehajtásakor"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
 msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
 msgstr ""
-"Ez az utolsó lehetősége a helyes PIN megadására, mielőtt a jelsor zárolásra "
-"kerül."
+"Nem sikerült betölteni a rendszer megbízhatósági tárát: a GnuTLS nem "
+"rendszer megbízhatósággal lett beállítva"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Több PiN-megadás sikertelen volt, és a további sikertelen próbálkozások után "
-"a jelsor zárolásra kerül."
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Nem sikerült betölteni a rendszer megbízhatósági tárát: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "A megadott PIN helytelen."
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "A tanúsítványnak nincs személyes kulcsa"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nem sikerült létrehozni TLS-környezetet: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 modulmutató"
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "A kivonat túl nagy az RSA kulcshoz"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Nyílásazonosító"
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Hiba a TLS-kézfogás végrehajtásakor: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 nyílásazonosító"
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "A kiszolgáló nem adott vissza érvényes TLS-tanúsítványt"
 
+#: tls/openssl/gtlsconnection-openssl.c:504
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Hiba az adatok olvasásakor a TLS-foglalatból: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:530
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Hiba az adatok TLS-foglalatba írásakor: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:556
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Hiba a TLS-lezárás végrehajtásakor: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Probléma van a tanúsítvánnyal: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Probléma van a tanúsítvány személyes kulcsával: %s"

diff --git a/po/id.po b/po/id.po
index e0d3bdc..f1f1efc 100644 (file)
--- a/po/id.po
+++ b/po/id.po
@@ -7,149 +7,280 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-03-29 08:57+0700\n"
-"Last-Translator: Andika Triwidada <andika@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-02 19:07+0700\n"
+"Last-Translator: Kukuh Syafaat <kukuhsyafaat@gnome.org>\n"
 "Language-Team: Indonesian <gnome@i15n.org>\n"
 "Language: id\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Poedit 1.5.5\n"
+"Plural-Forms: nplurals=2; plural= n!=1;\n"
+"X-Generator: Poedit 2.2.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Galat internal resolver proksi."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Koneksi ditutup"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operasi akan memblokir"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Server memerlukan sertifikat TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Tak bisa mengurai sertifikat DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Tak bisa mengurai sertifikat PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Tak bisa mengurai kunci privat DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Tak bisa mengurai kunci privat PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Data sertifikat tak disediakan"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Server memerlukan sertifikat TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Tak bisa membuat koneksi TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Koneksi ditutup"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Tak bisa melakukan operasi pemblokiran selama jabat tangan TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Operasi akan memblokir"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "I/O soket kehabisan waktu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Peer gagal melakukan jabat tangan TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Peer meminta jabat tangan ulang TLS yang ilegal"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "Koneksi TLS tertutup tak disangka-sangka"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Pasangan koneksi TLS tak mengembalikan sertifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Galat melakukan jabat tangan TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Sertifikat TLS tak dapat diterima"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Peer mengirim peringatan TLS yang fatal: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Serangan versi penurunan protokol terdeteksi"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Pesan terlalu besar untuk koneksi DTLS; maksimum adalah %u byte"
+msgstr[1] "Pesan terlalu besar untuk koneksi DTLS; maksimum adalah %u byte"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Waktu operasi habis"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Peer tidak mendukung renegosiasi yang aman"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Galat melakukan jabat tangan TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Galat saat membaca data dari soket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Menerima tanda tidak didukung"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Galat saat menulis data ke soket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Pesan ukuran %lu byte terlalu besar untuk koneksi DTLS"
+msgstr[1] "Pesan ukuran %lu byte terlalu besar untuk koneksi DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maksimum adalah %u byte)"
+msgstr[1] "(maksimum adalah %u byte)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Mengirim tanda tidak didukung"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Galat melaksanakan penutupan TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Gagal memuat penyimpanan terpercaya sistem: GnuTLS tidak dikonfigurasi "
+"dengan kepercayaan sistem"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Gagal memuat penyimpanan terpercaya sistem: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Sertifikatnya tidak memiliki kunci privat"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Tak bisa membuat konteks TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Digest terlalu besar untuk kunci RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Galat melakukan jabat tangan TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Server tak mengembalikan sertifikat TLS yang valid"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Galat saat membaca data dari soket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Galat saat menulis data ke soket TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Koneksi telah ditutup"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Galat melaksanakan penutupan TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Sertifikatnya tidak memiliki kunci privat"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Ada masalah dengan sertifikat: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Ini kesempatan terakhir memasukkan PIN yang benar sebelum token dikunci."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Ada masalah dengan kunci privat sertifikat: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Sudah beberapa kali PIN yang dimasukkan salah, token akan dikunci jika "
-"terulang."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ini kesempatan terakhir memasukkan PIN yang benar sebelum token dikunci."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Sudah beberapa kali PIN yang dimasukkan salah, token akan dikunci jika "
+#~ "terulang."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "PIN yang dimasukkan salah."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "PIN yang dimasukkan salah."
+#~ msgid "Module"
+#~ msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Pointer Modul PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Pointer Modul PKCS#11"
+#~ msgid "Slot ID"
+#~ msgstr "ID Slot"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID Slot"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identifair Slot PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identifair Slot PKCS#11"
+#~ msgid "Connection is already closed"
+#~ msgstr "Koneksi telah ditutup"

diff --git a/po/it.po b/po/it.po
index ad0bdf8..4f3b0e2 100644 (file)
--- a/po/it.po
+++ b/po/it.po
@@ -1,154 +1,257 @@
 # glib-networking Italian translation
-# Copyright (C) 2011, 2012, 2013 Free Software Foundation, Inc
+# Copyright (C) 2011, 2012, 2013, 2016, 2017, 2018, 2019 Free Software Foundation, Inc
 # This file is distributed under the same license as the glib-networking package.
 # Luca Ferretti <lferrett@gnome.org>, 2011, 2012.
-# Milo Casagrande <milo@ubuntu.com>, 2013.
+# Milo Casagrande <milo@ubuntu.com>, 2013, 2017, 2018, 2019.
+# Gianvito Cavasoli <gianvito@gmx.it>, 2016.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-01-24 22:40+0100\n"
-"PO-Revision-Date: 2013-01-24 22:41+0100\n"
-"Last-Translator: Milo Casagrande <milo@ubuntu.com>\n"
-"Language-Team: Italian <tp@lists.linux.it>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-04 09:43+0100\n"
+"Last-Translator: Milo Casagrande <milo@milo.name>\n"
+"Language-Team: Italiano <gnome-it-list@gnome.org>\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8-bit\n"
-"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.2.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Errore interno del resolver proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "La connessione è chiusa"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "L'operazione potrebbe bloccarsi"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Il server richiede un certificato TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Impossibile analizzare il certificato DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Impossibile analizzare il certificato PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Impossibile analizzare la chiave privata DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Impossibile analizzare la chiave privata PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nessun dato di certificato fornito"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Il server richiede un certificato TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:257
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Impossibile creare la connessione TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:518
-msgid "Connection is closed"
-msgstr "La connessione è chiusa"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Impossibile eseguire un'operazione bloccante durante l'handshake TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:580
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1417
-msgid "Operation would block"
-msgstr "L'operazione potrebbe bloccarsi"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "I/O sul socket scaduto"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:710
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
-msgstr "Il nono non è stato in grado di eseguire l'handshake TLS"
+msgstr "Il nodo non è stato in grado di eseguire l'handshake TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:727
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Il nodo ha richesto un re-handshake non lecito"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:753
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "La connessione TLS si è chiusa in modo inatteso"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:763
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Il nodo di connessione TLS non ha inviato un certificato"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1144
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1163
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Errore nell'eseguire l'handshake TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1173
-msgid "Server did not return a valid TLS certificate"
-msgstr "Il server non ha restituito un certificato TLS valido"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1248
 msgid "Unacceptable TLS certificate"
 msgstr "Certificato TLS inammissibile"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1440
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Errore nel leggere dati dal socket TLS: %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Il nodo ha inviato un avviso TLS fatale: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1469
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Rilevato attacco di declassamento del protocollo di versione"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Errore nello scrivere dati sul socket TLS: %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Il messaggio è troppo grande per una connessione DTLS (massimo %u byte)"
+msgstr[1] ""
+"Il messaggio è troppo grande per una connessione DTLS (massimo %u byte)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Tempo esaurito per l'operazione"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Il nodo non supporto la rinegoziazione sicura"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Errore nell'eseguire l'handshake TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1513
-msgid "Connection is already closed"
-msgstr "La connessione è già chiusa"
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Errore nel leggere dati dal socket TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1523
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Errore nell'eseguire la chiusura TLS: %s"
+msgid "Receive flags are not supported"
+msgstr "I flag di ricezione non sono supportati"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Il certificato non presenta chiave privata"
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Errore nello scrivere dati sul socket TLS"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Questa è l'ultima opportunità di inserire il PIN corretto prima che venga "
-"bloccato il token."
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Un messaggio di %lu byte è troppo grande per la connessione DTLS"
+msgstr[1] "Un messaggio di %lu byte è troppo grande per la connessione DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(massimo %u byte)"
+msgstr[1] "(massimo %u byte)"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "I flag di invio non sono supportati"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Errore nell'eseguire la chiusura TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
 msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
 msgstr ""
-"È stato inserito diverse volte un PIN non corretto, altri tentativi errati e "
-"il token verrà bloccato."
+"Caricamento dell'archivio di attendibilità di sistema non riuscito: GnuTLS "
+"non è stato configurato con un archivio di attendibilità di sistema"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Caricamento dell'archivio di attendibilità di sistema non riuscito: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Il certificato non presenta chiave privata"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossibile creare il contesto TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Digest troppo grande per una chiave RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Errore nell'eseguire l'handshake TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Il PIN inserito non è corretto."
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "Il server non ha restituito un certificato TLS valido"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modulo"
+#: tls/openssl/gtlsconnection-openssl.c:504
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Errore nel leggere dati dal socket TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Puntatore modulo PKCS#11"
+#: tls/openssl/gtlsconnection-openssl.c:530
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Errore nello scrivere dati sul socket TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:556
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Errore nell'eseguire la chiusura TLS: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID dello slot"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "C'è un problema con il certificato: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificatore slot PKCS#11"
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "C'è un problema con la chiave privata del certificato: %s"

diff --git a/po/kk.po b/po/kk.po
index 3ca90bb..59710b4 100644 (file)
--- a/po/kk.po
+++ b/po/kk.po
@@ -6,144 +6,262 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2014-11-06 18:42+0000\n"
-"PO-Revision-Date: 2014-11-07 09:12+0600\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"PO-Revision-Date: 2019-02-17 12:37+0500\n"
 "Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
 "Language-Team: Kazakh <kk_KZ@googlegroups.com>\n"
 "Language: kk\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.6.9\n"
+"X-Generator: Poedit 2.2.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Прокси шешушісінің ішкі қатесі."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Байланыс жабылды"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Әрекет блоктайды"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Сервер TLS сертификатын талап етеді"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "DER сертификатын талдау қатесі: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "PEM сертификатын талдау қатесі: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "DER жеке кілтін талдау қатесі: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "PEM жеке кілтін талдау қатесі: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Сертификат ұсынылмады"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
-msgid "Server required TLS certificate"
-msgstr "Сервер TLS сертификатын талап етеді"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:537
+#: tls/openssl/gtlsserverconnection-openssl.c:401
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Жаңа TLS  байланысын жасау мүмкін емес: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:539
-msgid "Connection is closed"
-msgstr "Байланыс жабылды"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:602
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1471
-msgid "Operation would block"
-msgstr "Әрекет блоктайды"
+#: tls/gnutls/gtlsconnection-gnutls.c:858
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+msgid "Socket I/O timed out"
+msgstr ""
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:741
-#: ../tls/gnutls/gtlsconnection-gnutls.c:780
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:759
+#: tls/gnutls/gtlsconnection-gnutls.c:1021
+#: tls/openssl/gtlsconnection-openssl.c:234
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:786
+#: tls/gnutls/gtlsconnection-gnutls.c:1042
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS байланысты күтпегенде жабылды"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:796
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:171
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS байланысының торабы сертификатты жібермеген"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1179
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:2160
+#: tls/openssl/gtlsconnection-openssl.c:416
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Жарамсыз TLS сертификаты"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Торап қатаң TLS ескертуін жіберді: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1076
+msgid "Protocol version downgrade attack detected"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+msgid "The operation timed out"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1981
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2008
+#: tls/gnutls/gtlsconnection-gnutls.c:2058
+msgid "Error performing TLS handshake"
+msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2510
+#: tls/gnutls/gtlsconnection-gnutls.c:2602
+msgid "Error reading data from TLS socket"
+msgstr "TLS сокетінен деректерді оқу қатесі"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#, c-format
+msgid "Receive flags are not supported"
+msgstr ""
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2709
+#: tls/gnutls/gtlsconnection-gnutls.c:2781
+msgid "Error writing data to TLS socket"
+msgstr "TLS сокетіне деректерді жазу қатесі"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(максимум %u байт)"
+msgstr[1] "(maximum is %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#, c-format
+msgid "Send flags are not supported"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2915
+msgid "Error performing TLS close"
+msgstr "TLS жабу әрекетін орындау қатесі"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgid "Certificate has no private key"
+msgstr "Сертификатта жеке кілт жоқ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:486
+#: tls/openssl/gtlsserverconnection-openssl.c:292
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS контекстін жасау мүмкін емес: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:179
+msgid "Digest too big for RSA key"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:243
+#: tls/openssl/gtlsconnection-openssl.c:376
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1222
+#: tls/openssl/gtlsconnection-openssl.c:386
 msgid "Server did not return a valid TLS certificate"
 msgstr "Сервер жарамды TLS сертификатын қайтармады"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1297
-msgid "Unacceptable TLS certificate"
-msgstr "Жарамсыз TLS сертификаты"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1505
+#: tls/openssl/gtlsconnection-openssl.c:500
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "TLS сокетінен деректерді оқу қатесі: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1534
+#: tls/openssl/gtlsconnection-openssl.c:526
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "TLS сокетіне деректерді жазу қатесі: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1586
+#: tls/openssl/gtlsconnection-openssl.c:552
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "TLS жабу әрекетін орындау қатесі: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Сертификатта жеке кілт жоқ"
-
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды."
+#: tls/openssl/gtlsserverconnection-openssl.c:335
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr ""
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "There is a problem with the certificate: %s"
 msgstr ""
-"Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз енгізілерде "
-"блокталатын болады."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Енгізілген PIN коды дұрыс емес."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз "
+#~ "енгізілерде блокталатын болады."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Енгізілген PIN коды дұрыс емес."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Модуль"
+#~ msgid "Module"
+#~ msgstr "Модуль"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 модулі көрсеткіші"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 модулі көрсеткіші"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Слот ID-і"
+#~ msgid "Slot ID"
+#~ msgstr "Слот ID-і"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 слот идентификаторы"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 слот идентификаторы"

diff --git a/po/ko.po b/po/ko.po
index fecabd5..5c28c65 100644 (file)
--- a/po/ko.po
+++ b/po/ko.po
@@ -1,16 +1,15 @@
 # Korean translation for glib-networking.
 # This file is distributed under the same license as the glib-networking package.
 #
-# Changwoo Ryu <cwryu@debian.org>, 2011-2013.
+# Changwoo Ryu <cwryu@debian.org>, 2011-2013, 2017-2019.
 #
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-03-12 02:31+0900\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-08 14:47+0900\n"
 "Last-Translator: Changwoo Ryu <cwryu@debian.org>\n"
 "Language-Team: Korean <gnome-kr@googlegroups.com>\n"
 "Language: ko\n"
@@ -19,135 +18,234 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "프록시 리졸버 내부 오류."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "연결이 닫혔습니다"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "작업이 중지됩니다"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "서버에 TLS 인증서가 필요합니다"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "DER 인증서를 파싱할 수 없습니다: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "PEM 인증서를 파싱할 수 없습니다: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "DER 개인 키를 파싱할 수 없습니다: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "PEM 개인 키를 파싱할 수 없습니다: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "인증서 데이터를 제공하지 않았습니다"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "서버에 TLS 인증서가 필요합니다"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "TLS 연결을 만들 수 없습니다: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "연결이 닫혔습니다"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "동작이 중단됩니다"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS 핸드셰이킹 중에 블로킹 동작을 수행할 수 없습니다."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "소켓 입출력 제한 시간이 넘었습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "상대편이 TLS 핸드셰이킹에 실패했습니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "상대편이 잘못된 TLS 핸드셰이킹을 요청했습니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS 연결이 예상치 못하게 닫혔습니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS 연결 상대가 인증서를 보내지 않았습니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "TLS 핸드셰이킹에 오류가 발생했습니다: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "TLS 핸드셰이킹을 받아들일 수 없습니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
-msgid "Server did not return a valid TLS certificate"
-msgstr "서버에서 올바른 TLS 인증서를 반환하지 않았습니다"
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "상대가 치명적인 TLS 알림을 보냈습니다: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "프로토콜 버전 다운그레이드 공격 감지됨"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다: %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"DTLS 연결에 사용하기에는 메시지 크기가 너무 큽니다: 최대는 %u바이트입니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "작업이 제한 시간을 넘었습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "상대가 안전한 재협상을 지원하지 않습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "TLS 핸드셰이킹에 오류가 발생했습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "받기 플래그를 지원하지 않습니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "크기가 %lu바이트인 메시지는 DTLS 연결에 사용하기에는 너무 큽니다"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "연결이 이미 닫혔습니다"
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(최대는 %u바이트입니다)"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "TLS를 닫는데 오류가 발생했습니다: %s"
+msgid "Send flags are not supported"
+msgstr "보내기 플래그를 지원하지 않습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "TLS 닫기에 오류가 발생했습니다"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"시스템 신뢰 정보를 읽어들이는데 실패했습니다: GnuTLS 설정에 시스템 신뢰 정보"
+"가 없습니다"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "시스템 신뢰 정보를 읽어들이는데 실패했습니다: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
 msgid "Certificate has no private key"
 msgstr "인증서에 개인 키가 없습니다"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "PIN 입력 마지막 기회입니다. 한 번 더 실패하면 토큰을 잠급니다."
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS 컨텍스트를 만들 수 없습니다: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"여러 번의 PIN 시도가 모두 틀렸으므로, 앞으로 더 실패하면 해당 토큰을 잠급니"
-"다."
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "다이제스트 값이 RSA 키에서 너무 큽니다"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "입력한 PIN이 올바르지 않습니다."
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS 핸드셰이킹에 오류가 발생했습니다: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "모듈"
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "서버에서 올바른 TLS 인증서를 반환하지 않았습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:504
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:530
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 모듈 포인터"
+#: tls/openssl/gtlsconnection-openssl.c:556
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS 닫기에 오류가 발생했습니다: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "슬롯 아이디"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "인증서에 문제가 있습니다: %s"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 슬롯 아이디"
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "인증서 비밀 키에 문제가 있습니다: %s"

diff --git a/po/lt.po b/po/lt.po
index e6d5e80..839dd30 100644 (file)
--- a/po/lt.po
+++ b/po/lt.po
@@ -1,148 +1,290 @@
 # Lithuanian translation for glib-networking.
 # Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
-# Aurimas Černius <aurisc4@gmail.com>, 2011.
 # Algimantas Margevičius <margevicius.algimantas@gmail.com>, 2011.
+# Aurimas Černius <aurisc4@gmail.com>, 2011-2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2012-11-30 21:55+0300\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-03 18:57+0200\n"
 "Last-Translator: Aurimas Černius <aurisc4@gmail.com>\n"
-"Language-Team: Lietuvių <>\n"
+"Language-Team: Lietuvių <gnome-lt@lists.akl.lt>\n"
 "Language: lt\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n"
+"%100<10 || n%100>=20) ? 1 : 2)\n"
+"X-Generator: Gtranslator 3.30.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Tarpininkų nustatytojo vidinė klaida."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Ryšys užvertas"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Veiksmas blokuosis"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Serveris reikalauja TLS liudijimo"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Nepavyko perskaityti DER liudijimo: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Nepavyko perskaityti PEM liudijimo: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Nepavyko perskaityti DER privataus rakto: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Nepavyko perskaityti PEM privataus rakto: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nėra pateiktų liudijimo duomenų"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Serveris reikalauja TLS liudijimo"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Nepavyko užmegsti TLS ryšio: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Ryšys užvertas"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS išankstinio suderinimo metu negalima vykdyti bloko operacijos"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Veiksmas blokuosis"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Baigėsi lizdo I/O skirtas laikas"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
-msgstr "Kita pusė neatliko TLS rankos paspaudimo"
+msgstr "Kita pusė neatliko TLS išankstinio suderinimo"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
-msgstr "Kita pusė paprašė neteisingo pakartotinio TLS rankos paspaudimo"
+msgstr "Kita pusė paprašė neteisingo pakartotinio TLS išankstinio suderinimo"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS ryšys netikėtai užsivėrė"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS ryšio porininkas neatsiuntė liudijimo"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Klaida atliekant TLS rankos paspaudimą: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Nepriimtinas TLS liudijimas"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Porininkas atsiuntė kritinį TLS perspėjimą: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Aptikta protokolo versijos pažeminimo ataka"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitas"
+msgstr[1] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitai"
+msgstr[2] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitų"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Baigėsi operacijai skirtas laikas"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Porininkas nepalaiko saugaus pakartotinio ryšio užmezgimo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Klaida atliekant TLS išankstinį suderinimą"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Klaida skaitant duomenis iš TLS lizdo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Požymių gavimas nėra palaikomas"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Klaida rašant duomenis į TLS lizdą"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Žinutė, kurios dydis %lu baitas, yra per didelė DTLS ryšiui"
+msgstr[1] "Žinutė, kurios dydis %lu baitai, yra per didelė DTLS ryšiui"
+msgstr[2] "Žinutė, kurios dydis %lu baitų, yra per didelė DTLS ryšiui"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(didžiausia yra %u baitas)"
+msgstr[1] "(didžiausia yra %u baitai)"
+msgstr[2] "(didžiausia yra %u baitų)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Požymių siuntimas nėra palaikomas"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Klaida atliekant TLS užvėrimą"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Nepavyko įkelti sistemos pasitikėjimo saugyklos: GnuTLS nebuvo "
+"sukonfigūruota su sistemos pasitikėjimu"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Nepavyko įkelti sistemos pasitikėjimo saugyklos: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Liudijimas neturi privataus rakto"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nepavyko sukurti TLS konteksto: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Santrauka per didelė RSA raktui"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Klaida užmezgant TLS ryšį: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Serveris negrąžino teisingo TLS liudijimo"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Klaida skaitant duomenis iš TLS lizdo: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Klaida rašant duomenis į TLS lizdą: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Ryšys jau užvertas"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Klaida atliekant TLS užvėrimą: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Liudijimas neturi privataus rakto"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Yra problema su liudijimu: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Yra problema su liudijimo privačiu raktu: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid "This is the last chance to enter the PIN correctly before the token is locked."
-msgstr "Tai yra paskutinis šansas įvesti teisingą PIN, kitaip jūsų prieiga bus užrakinta."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Tai yra paskutinis šansas įvesti teisingą PIN, kitaip jūsų prieiga bus "
+#~ "užrakinta."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
-msgstr "Keli PIN bandymai buvo neteisingi, jei taip ir toliau, bus užrakinta."
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Keli PIN bandymai buvo neteisingi, jei taip ir toliau, bus užrakinta."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Įvestas PIN yra neteisingas."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Įvestas PIN yra neteisingas."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modulis"
+#~ msgid "Module"
+#~ msgstr "Modulis"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 modulio rodyklė"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 modulio rodyklė"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Lizdo ID"
+#~ msgid "Slot ID"
+#~ msgstr "Lizdo ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 lizdo identifikatorius"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 lizdo identifikatorius"
 
+#~ msgid "Connection is already closed"
+#~ msgstr "Ryšys jau užvertas"

diff --git a/po/lv.po b/po/lv.po
index 3bbea17..70b5181 100644 (file)
--- a/po/lv.po
+++ b/po/lv.po
@@ -1,156 +1,297 @@
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
 #
-# Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>, 2012, 2013.
+# Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>, 2012, 2013, 2017, 2018, 2019.
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-03-17 20:22+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-03 20:11+0200\n"
 "Last-Translator: Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>\n"
 "Language-Team: Latvian <lata-l10n@googlegroups.com>\n"
 "Language: lv\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 1.4\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : "
-"2);\n"
+"X-Generator: Lokalize 2.0\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 :"
+" 2);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Starpnieka risinātāja iekšēja kļūda."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Savienojums ir aizvērts"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Darbība bloķēs"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Serveris pieprasa TLS sertifikātu"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Nevarēju noparsēt DER sertifikātu — %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Nevarēju noparsēt PEM sertifikātu — %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Nevarēju noparsēt DER privāto atslēgu — %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Nevarēju noparsēt PEM privāto atslēgu — %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nav norādīti sertifikāta dati"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Serveris pieprasa TLS sertifikātu"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Neizdevās izveidot TLS savienojumu — %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Savienojums ir aizvērts"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Nevar veikt bloķējošu darbību TLS izaicinājumrokspiediena laikā"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Darbība bloķēs"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Ligzdai I/O iestājās noildze"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Dalībniekam neizdevās veikt TLS izaicinājumrokspiedienu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Dalībnieks pieprasīja neatļautu TLS izaicinājumrokspiedienu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS savienojums aizvērās negaidīti"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS savienojuma dalībnieks neatsūtīja sertifikātu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu — %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Nepieņemams TLS sertifikāts"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Biedrs nosūtīja fatālu TLS brīdinājumu: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Atklāts protokola versijas pazemināšanas uzbrukums"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baits"
+msgstr[1] ""
+"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baiti"
+msgstr[2] ""
+"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baitu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Darbībai iestājās noildze"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Biedrs neatbalsta drošas atkārtotas pārrunas"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Kļūda, lasot datus no TLS ligzdas"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Saņemšanas slēdži nav atbalstīti"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Kļūda, rakstot datus TLS ligzdā"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Ziņojums ar izmēru %lu baits ir pārāk garš DTLS savienojumam"
+msgstr[1] "Ziņojums ar izmēru %lu baiti ir pārāk garš DTLS savienojumam"
+msgstr[2] "Ziņojums ar izmēru %lu baiti ir pārāk garš DTLS savienojumam"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maksimums ir %u baits)"
+msgstr[1] "(maksimums ir %u baiti)"
+msgstr[2] "(maksimums ir %u baitu)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Sūtīšanas slēdži nav atbalstīti"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Kļūda, veicot TLS aizvēršanu"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Neizdevās ielādēt sistēmas uzticības krātuvi: GnuTLS nav konfigurēts ar "
+"sistēmas uzticību"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Neizdevās ielādēt sistēmas uzticības krātuvi: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Sertifikātam nav privātās atslēgas"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS context: %s"
+msgstr "Neizdevās izveidot TLS kontekstu — %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Kopsavilkums ir pārāk garš RSA atslēgai"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+#| msgid "Error performing TLS handshake"
+msgid "Error performing TLS handshake: %s"
+msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu — %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Serveris neatgrieza derīgu TLS sertifikātu"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
+#| msgid "Error reading data from TLS socket"
 msgid "Error reading data from TLS socket: %s"
 msgstr "Kļūda, lasot datus no TLS ligzdas — %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
+#| msgid "Error writing data to TLS socket"
 msgid "Error writing data to TLS socket: %s"
 msgstr "Kļūda, rakstot datus TLS ligzdā — %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Savienojums jau ir aizvērts"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
+#| msgid "Error performing TLS close"
 msgid "Error performing TLS close: %s"
 msgstr "Kļūda, veicot TLS aizvēršanu — %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Sertifikātam nav privātās atslēgas"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Ir problēma ar sertifikātu — %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Šī ir pēdējā iespēja ievadīt pareizu PIN, pirms marķierierīce tiek noslēgta."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Ir problēma ar sertifikāta privāto atslēgu — %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Vairāki ievadītie PIN kodi ir bijuši nepareizi, un marķierierīce tiks "
-"noslēgta pēc turpmākām neveiksmēm."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Šī ir pēdējā iespēja ievadīt pareizu PIN, pirms marķierierīce tiek "
+#~ "noslēgta."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Vairāki ievadītie PIN kodi ir bijuši nepareizi, un marķierierīce tiks "
+#~ "noslēgta pēc turpmākām neveiksmēm."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Ievadītais PIN kods ir nepareizs."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Ievadītais PIN kods ir nepareizs."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modulis"
+#~ msgid "Module"
+#~ msgstr "Modulis"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 moduļa rādītājs"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 moduļa rādītājs"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Ligzdas ID"
+#~ msgid "Slot ID"
+#~ msgstr "Ligzdas ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 ligzdas identifikators"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 ligzdas identifikators"
 
+#~ msgid "Connection is already closed"
+#~ msgstr "Savienojums jau ir aizvērts"

diff --git a/po/meson.build b/po/meson.build
new file mode 100644 (file)
index 0000000..e9b77d7
--- /dev/null
+++ b/po/meson.build
@@ -0,0 +1 @@
+i18n.gettext(meson.project_name(), preset: 'glib')

diff --git a/po/ml.po b/po/ml.po
index 4f7e279..6208fed 100644 (file)
--- a/po/ml.po
+++ b/po/ml.po
@@ -4,15 +4,16 @@
 # Manoj K <manojkmohanme03107@gmail.com>, 2012.
 # Balasankar Chelamattath <c.balasankar@gmail.com>, 2012
 # Anish A <aneesh.nl@gmail.com>, 2013.
+# Anish Sheela <aneesh.nl@gmail.com>, 2017.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-02-13 18:37+0000\n"
-"PO-Revision-Date: 2013-02-15 11:30+0530\n"
-"Last-Translator: Anish A <aneesh.nl@gmail.com>\n"
-"Language-Team: Swatantra Malayalam Computing\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
+"eywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-05-23 15:17+0000\n"
+"PO-Revision-Date: 2017-08-08 13:00+0530\n"
+"Last-Translator: Anish Sheela <aneesh.nl@gmail.com>\n"
+"Language-Team: Swatantra Malayalam Computing <discuss@lists.smc.org.in>\n"
 "Language: ml\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -21,134 +22,139 @@ msgstr ""
 "X-Generator: Virtaal 0.7.1\n"
 "X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "പ്രോക്സി റിസോള്‍വറിന്റെ ആന്തരിക പിഴവ്."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "%s :DER സാക്ഷ്യപത്രം പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "%s :PEM സാക്ഷ്യപത്രം പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "%s :DER രഹസ്യ കീ പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "%s :PEM രഹസ്യ കീ പാഴ്സ് ചെയ്യാന്‍ സാധിക്കുന്നില്ല."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "സാക്ഷ്യപത്രവിവരങ്ങള്‍ ലഭ്യമല്ല"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
 msgid "Server required TLS certificate"
 msgstr "സെര്‍വ്വരിന് TLS സാക്ഷ്യപത്രം ആവശ്യമാണ്. "
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:310
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "%s :TLS കണക്ഷന്‍ നിര്‍മ്മിക്കാന്‍ സാധിച്ചില്ല"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: tls/gnutls/gtlsconnection-gnutls.c:572
 msgid "Connection is closed"
 msgstr "ബന്ധം വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1419
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
 msgid "Operation would block"
 msgstr "പ്രക്രിയ തടസ്സപ്പെടും"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
 msgid "Peer failed to perform TLS handshake"
 msgstr "TLS ഹാന്‍ഡ്ഷെയ്ക്ക് കാരണം പിയര്‍  പ്രകടനം പരാജയപ്പെട്ടു"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:810
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "പിയര്‍ നിയമാനുസൃതമല്ലാത്ത TLS ഹസ്തദാനം ആവശ്യപ്പെട്ടിരിക്കുന്നു"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:837
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS ബന്ധം അപ്രതീക്ഷിതമായി വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:765
+#: tls/gnutls/gtlsconnection-gnutls.c:847
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS ബന്ധത്തിന്റെ പീയര്‍ സാക്ഷ്യപത്രം അയ്ച്ചില്ല"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1146
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1165
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "പിയര്‍ ഗുരുതരമായ TLS അറിയിപ്പ് അയച്ചു: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "%s: TLS ഹസ്തദാനം നടപ്പിലാക്കുന്നതില്‍ പിഴവ്"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1175
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
 msgid "Server did not return a valid TLS certificate"
 msgstr "സെര്‍വ്വര്‍ സാധുവായ TLS സാക്ഷ്യപത്രം തന്നില്ല."
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
 msgid "Unacceptable TLS certificate"
 msgstr "സ്വീകരിക്കാന്‍ പറ്റാത TLS സാക്ഷ്യപത്രം"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1442
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "%s: TLS സോക്കറ്റില്‍ നിന്നും ഡാറ്റ വായിക്കുന്നതില്‍ പിഴവ് "
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1471
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "%s: TLS സോക്കറ്റിലേക്ക് ഡാറ്റ എഴുതുന്നതില്‍ പിഴവ്"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1515
-msgid "Connection is already closed"
-msgstr "ബന്ധം ഇതിനകം തന്നെ വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1525
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "%s: TLS അടയ്ക്കുന്നതില്‍ പരാജയപ്പെട്ടിരിക്കുന്നു"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
 msgid "Certificate has no private key"
 msgstr "സാക്ഷ്യപത്രത്തിന്് സ്വകാര്യ താക്കോല്‍ ഇല്ല "
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
 msgstr "ഇത് ടോക്കണ്‍ പൂട്ടുന്നതിന് മുന്പായി PIN ശരിയായി കയറ്റാനുള്ള അവസാന അവസരമാണ്"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
 msgstr ""
 "ഒട്ടേറെ PIN ശ്രമങ്ങള്‍ പരാജയപ്പെട്ടു, അതിനാല് ഇനിയുള്ള പരാജയങ്ങള്ക്ക് ശേഷം ടോക്കണ്‍ പൂട്ടുന്നു"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "നല്‍കിയ അടയാളനമ്പര്‍ തെറ്റാണ്."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:449
 msgid "Module"
 msgstr "മൊഡ്യൂള്‍"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:450
 msgid "PKCS#11 Module Pointer"
 msgstr "PKCS#11 മൊഡ്യൂള്‍ പോയിന്റര്‍"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:457
 msgid "Slot ID"
 msgstr "സ്ലോട്ട് ഐഡി"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:458
 msgid "PKCS#11 Slot Identifier"
 msgstr "PKCS#11 സ്ലോട്ട് ഐഡന്റിഫയര്‍"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "ബന്ധം ഇതിനകം തന്നെ വിച്ഛേദിക്കപ്പെട്ടിരിക്കുന്നു"

diff --git a/po/nb.po b/po/nb.po
index a690491..3b2f711 100644 (file)
--- a/po/nb.po
+++ b/po/nb.po
@@ -1,127 +1,169 @@
 # Norwegian bokmål translation of glib-networking.
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the PACKAGE package.
-# Kjartan Maraas <kmaraas@gnome.org>, 2011-2013.
+# Kjartan Maraas <kmaraas@gnome.org>, 2011-2017.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking 2.35.x\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-01-21 12:27+0100\n"
-"PO-Revision-Date: 2013-01-21 12:27+0100\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-11-09 15:37+0000\n"
+"PO-Revision-Date: 2017-11-11 17:21+0100\n"
 "Last-Translator: Kjartan Maraas <kmaraas@gnome.org>\n"
 "Language-Team: Norwegian bokmål <i18n-nb@lister.ping.uio.no>\n"
 "Language: nb\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:157
 msgid "Proxy resolver internal error."
 msgstr "Intern feil i proxy-navneoppslag."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Kunne ikke lese DER-sertifikat: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Kunne ikke lese PEM-sertifikat: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Kunne ikke lese privat DER-nøkkel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Kunne ikke lese privat PEM-nøkkel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
 msgid "No certificate data provided"
 msgstr "Ingen sertifikatdata oppgitt"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:396
 msgid "Server required TLS certificate"
 msgstr "Tjener krever TLS-sertifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:257
+#: tls/gnutls/gtlsconnection-gnutls.c:382
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Kunne ikke lage TLS-tilkobling: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:518
+#: tls/gnutls/gtlsconnection-gnutls.c:677
 msgid "Connection is closed"
 msgstr "Tilkoblingen er lukket"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:580
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1417
+#: tls/gnutls/gtlsconnection-gnutls.c:752
+#: tls/gnutls/gtlsconnection-gnutls.c:2152
 msgid "Operation would block"
 msgstr "Operasjonen ville blokkere"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:710
+#: tls/gnutls/gtlsconnection-gnutls.c:793
+#: tls/gnutls/gtlsconnection-gnutls.c:1374
+msgid "Socket I/O timed out"
+msgstr "Tidsavbrudd for I/O på plugg"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:927
+#: tls/gnutls/gtlsconnection-gnutls.c:966
 msgid "Peer failed to perform TLS handshake"
 msgstr "Likemann feilet å utføre TLS-håndtrykk"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:727
+#: tls/gnutls/gtlsconnection-gnutls.c:945
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Likemann ba om ugyldig nytt TLS-håndtrykk"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:753
+#: tls/gnutls/gtlsconnection-gnutls.c:972
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-tilkobling ble lukket uventet"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:763
+#: tls/gnutls/gtlsconnection-gnutls.c:982
 msgid "TLS connection peer did not send a certificate"
 msgstr "Sidemann for TLS-tilkobling sendte ikke et sertifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1144
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1163
+#: tls/gnutls/gtlsconnection-gnutls.c:988
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:996
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Feil under utføring av TLS-håndtrykk: %s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+msgstr[1] ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+msgid "The operation timed out"
+msgstr "Tidsavbrudd for operasjonen"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1780
+#: tls/gnutls/gtlsconnection-gnutls.c:1831
+msgid "Error performing TLS handshake"
+msgstr "Feil under utføring av TLS-håndtrykk"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1173
+#: tls/gnutls/gtlsconnection-gnutls.c:1841
 msgid "Server did not return a valid TLS certificate"
 msgstr "Tjener returnerte ikke et gyldig TLS-sertifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1248
+#: tls/gnutls/gtlsconnection-gnutls.c:1917
 msgid "Unacceptable TLS certificate"
 msgstr "Uakseptabelt TLS-sertifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1440
+#: tls/gnutls/gtlsconnection-gnutls.c:2185
+#: tls/gnutls/gtlsconnection-gnutls.c:2276
+msgid "Error reading data from TLS socket"
+msgstr "Feil under lesing av data fra TLS-plugg"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2306
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Feil under lesing av data fra TLS-plugg: %s"
+msgid "Receive flags are not supported"
+msgstr ""
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2382
+#: tls/gnutls/gtlsconnection-gnutls.c:2453
+msgid "Error writing data to TLS socket"
+msgstr "Feil under skriving av data til TLS-plugg"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1469
+#: tls/gnutls/gtlsconnection-gnutls.c:2423
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Feil under skriving av data til TLS-plugg: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+msgstr[1] ""
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1513
-msgid "Connection is already closed"
-msgstr "Tilkoblingen er allerede lukket"
+#: tls/gnutls/gtlsconnection-gnutls.c:2425
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maksimum er %u byte)"
+msgstr[1] "(maksimum er %u bytes)"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1523
+#: tls/gnutls/gtlsconnection-gnutls.c:2484
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Feil under utføring av lukking av TLS-tilkobling: %s"
+msgid "Send flags are not supported"
+msgstr "Send-flagg er ikke støttet"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2584
+msgid "Error performing TLS close"
+msgstr "Feil under utføring av lukking av TLS-tilkobling"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:109
 msgid "Certificate has no private key"
 msgstr "Sertifikatet har ingen privat nøkkel"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:110
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
 msgstr "Dette er siste sjanse til å oppgi korrekt PIN-kode før tokenet låses."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:112
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -129,22 +171,22 @@ msgstr ""
 "Flere feilede forsøk med PIN oppdaget. Token vil bli låst ved flere feilede "
 "forsøk."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:114
 msgid "The PIN entered is incorrect."
 msgstr "Oppgitt PIN er feil."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:448
 msgid "Module"
 msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:449
 msgid "PKCS#11 Module Pointer"
 msgstr "PKCS#11-modulpeker"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:456
 msgid "Slot ID"
 msgstr "Plassidentifikator"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:457
 msgid "PKCS#11 Slot Identifier"
 msgstr "PKCS#11 plassidentifikator"

diff --git a/po/ne.po b/po/ne.po
new file mode 100644 (file)
index 0000000..bc0ea5b
--- /dev/null
+++ b/po/ne.po
@@ -0,0 +1,153 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Gnome Nepali Translation Project\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2017-08-09 22:34+0000\n"
+"PO-Revision-Date: 2017-08-21 12:59+0545\n"
+"Language-Team: Nepali Translation Team <chautari@gmail.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.0.3\n"
+"Last-Translator: Pawan Chitrakar <chautari@gmail.com>\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Language: ne\n"
+
+#: proxy/libproxy/glibproxyresolver.c:157
+msgid "Proxy resolver internal error."
+msgstr "प्रोक्सी हलकर्ता आन्तरिक त्रुटि।"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:176
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER प्रमाणपत्र पार्स गर्न सकेन:% s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:197
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM प्रमाणपत्र पार्स गर्न सकेन:% s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:228
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER निजी कुञ्जी पार्स गर्न सकेन:%s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:259
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr ""
+
+#: tls/gnutls/gtlscertificate-gnutls.c:299
+msgid "No certificate data provided"
+msgstr "प्रमाणपत्र डाटा उपलब्ध छैन"
+
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
+msgid "Server required TLS certificate"
+msgstr "सर्भर TLS प्रमाणपत्र आवश्यक "
+
+#: tls/gnutls/gtlsconnection-gnutls.c:310
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS जडान सिर्जना गर्न सकेन: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:572
+msgid "Connection is closed"
+msgstr "जडान बन्द भयो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:645
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
+msgid "Operation would block"
+msgstr "सञ्चालन ब्लक थियो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:792
+#: tls/gnutls/gtlsconnection-gnutls.c:831
+msgid "Peer failed to perform TLS handshake"
+msgstr "समान TLS ह्यान्डशेक गर्न असफल भयो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:810
+msgid "Peer requested illegal TLS rehandshake"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:837
+msgid "TLS connection closed unexpectedly"
+msgstr "TLS जडान अकस्मात बन्द भयो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:847
+msgid "TLS connection peer did not send a certificate"
+msgstr "समान TLS जडानले प्रमाणपत्र पठाएनन्"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:853
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1274
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS ह्यान्डशेक गर्दा त्रुटि: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1284
+msgid "Server did not return a valid TLS certificate"
+msgstr "सर्भरले वैध TLS प्रमाणपत्र फर्काउन सकेन"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1354
+msgid "Unacceptable TLS certificate"
+msgstr "अमान्य TLS प्रमाणपत्र"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS सकेटबाट डाटा पढ्दा त्रुटि: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1591
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS सकेटमा डाटा लेख्दा त्रुटि: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1655
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS बन्द गर्दा त्रुटि: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+msgid "Certificate has no private key"
+msgstr "प्रमाणपत्रमा निजी कुञ्जी छैन"
+
+#: tls/pkcs11/gpkcs11pin.c:111
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr "टोकन बन्द हुन यो पिन प्रविष्ट गर्न अन्तिम मौका हो।"
+
+#: tls/pkcs11/gpkcs11pin.c:113
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr "धेरै पिन प्रयास गलत छ, र अर्को असफलता पछि टोकन बन्द गरिनेछ।"
+
+#: tls/pkcs11/gpkcs11pin.c:115
+msgid "The PIN entered is incorrect."
+msgstr "प्रविष्ट पिन मिलेन"
+
+#: tls/pkcs11/gpkcs11slot.c:449
+msgid "Module"
+msgstr "मोड्युल"
+
+#: tls/pkcs11/gpkcs11slot.c:450
+msgid "PKCS#11 Module Pointer"
+msgstr ""
+
+#: tls/pkcs11/gpkcs11slot.c:457
+msgid "Slot ID"
+msgstr "स्लटआईडी"
+
+#: tls/pkcs11/gpkcs11slot.c:458
+msgid "PKCS#11 Slot Identifier"
+msgstr ""

diff --git a/po/nl.po b/po/nl.po
index d32c150..150f939 100644 (file)
--- a/po/nl.po
+++ b/po/nl.po
@@ -3,132 +3,284 @@
 #
 # Wouter Bolsterlee <wbolster@gnome.org>, 2011–2013
 # Rachid <rachidbm@ubuntu.com>, 2012.
+# Nathan Follens <nthn@unseen.is>, 2017.
 #
 # Peer - andere kant van de verbinding   (heel vrij vertaald)
 msgid ""
 msgstr ""
 "Project-Id-Version: gconf\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2012-06-18 21:07+0200\n"
-"PO-Revision-Date: 2012-06-18 21:07+0200\n"
-"Last-Translator: Wouter Bolsterlee <wbolster@gnome.org>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-03 11:12+0100\n"
+"Last-Translator: Nathan Follens <nthn@unseen.is>\n"
 "Language-Team: Dutch <vertaling@vrijschrift.org>\n"
 "Language: nl\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.2.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Interne fout in proxy-resolver."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Verbinding is gesloten"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Bewerking zou blokkeren"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Server vereiste een TLS-certificaat"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
-msgstr "Kon DER-certificaat niet parsen: %s"
+msgstr "Kon DER-certificaat niet parseren: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
-msgstr "Kon PEM-certificaat niet parsen: %s"
+msgstr "Kon PEM-certificaat niet parseren: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
-msgstr "Kon DER-privésleutel niet parsen: %s"
+msgstr "Kon DER-privésleutel niet parseren: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
-msgstr "Kon PEM-privésleutel niet parsen: %s"
+msgstr "Kon PEM-privésleutel niet parseren: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Geen certificaatgegevens opgegeven"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:349
-msgid "Server required TLS certificate"
-msgstr "Server vereiste een TLS-certificaat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:202
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Kon geen TLS-verbinding maken: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:482
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Kan blokkeerbewerking tijdens TLS-handshake niet uitvoeren"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Time-out bij socket-I/O"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Andere kant van de verbinding gaf geen TLS-handshake"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:502
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-verbinding onverwachts afgebroken"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:795
-#: ../tls/gnutls/gtlsconnection-gnutls.c:821
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-verbinding van andere kant stuurde geen certificaat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Onacceptabel TLS-certificaat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Andere kant van de verbinding stuurde fatale TLS-waarschuwing: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Downgrade-aanval op de protocolversie gedetecteerd"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Bericht is te groot voor DTLS-verbinding; maximaal %u byte"
+msgstr[1] "Bericht is te groot voor DTLS-verbinding, maximaal %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Time-out bij bewerking"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Peer ondersteunt geen veilige heronderhandeling"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Fout bij uitvoeren van TLS-handshake"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Fout bij het lezen van de TLS-socket"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Ontvangstvlaggen worden niet ondersteund"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Fout bij het schrijven naar de TLS-socket"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Bericht van grootte %lu byte is te groot voor DTLS-verbinding"
+msgstr[1] "Bericht van grootte %lu bytes is te groot voor DTLS-verbinding"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maximaal %u byte)"
+msgstr[1] "(maximaal %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Verstuurvlaggen worden niet ondersteund"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Fout bij sluiten van TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Laden van vertrouwensopslag van systeem mislukt: GnuTLS is niet "
+"geconfigureerd met een systeemvertrouwen"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Laden van vertrouwensopslag van systeem mislukt: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Certificaat heeft geen privésleutel"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kon geen TLS-context maken: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Digest te groot voor RSA-sleutel"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Fout bij uitvoeren van TLS-handshake: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:869
-msgid "Unacceptable TLS certificate"
-msgstr "Onacceptabel TLS-certificaat"
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server gaf geen geldig TLS-certificaat weer"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1008
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Fout bij het lezen van de TLS-socket: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1034
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Fout bij het schrijven naar de TLS-socket: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Fout bij sluiten van TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Certificaat heeft geen privésleutel"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Probleem met certificaat: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Dit is de laatste kans om het PIN correct in te voeren voordat de token "
-"ongeldig wordt."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Probleem met privésleutel van certificaat: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"U heeft meerdere malen een onjuiste PIN ingevoerd. Na verdere mislukte "
-"pogingen wordt de token ongeldig."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Dit is de laatste kans om de pincode correct in te voeren voordat de "
+#~ "token ongeldig wordt."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "U heeft meerdere malen een onjuiste pincode ingevoerd. Na verdere "
+#~ "mislukte pogingen wordt de token ongeldig."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Het ingevoerde PIN is onjuist."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "De ingevoerde pincode is onjuist."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Module"
+#~ msgid "Module"
+#~ msgstr "Module"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 Module Pointer"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Slot ID"
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 Slot Identifier"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"

diff --git a/po/oc.po b/po/oc.po
index 41a5201..880ba9f 100644 (file)
--- a/po/oc.po
+++ b/po/oc.po
@@ -3,122 +3,186 @@
 # This file is distributed under the same license as the glib-networking package.
 # Cédric Valmary <cvalmary@yahoo.fr>, 2015.
 # Cédric Valmary (Tot en òc) <cvalmary@yahoo.fr>, 2015.
-# Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>, 2016.
+# Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>, 2016, 2018.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-05-19 06:54+0000\n"
-"PO-Revision-Date: 2016-05-05 21:48+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2018-06-01 00:06+0000\n"
+"PO-Revision-Date: 2018-06-08 14:43+0200\n"
 "Last-Translator: Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>\n"
 "Language-Team: Tot En Òc\n"
 "Language: oc\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
 "X-Generator: Virtaal 0.7.1\n"
 "X-Launchpad-Export-Date: 2015-05-21 17:44+0000\n"
 "X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Error intèrna del resolvedor de servidor mandatari."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/gnutls/gtlscertificate-gnutls.c:182
 #, c-format
 msgid "Could not parse DER certificate: %s"
-msgstr "Impossible d'analisar lo certificat DER : %s"
+msgstr "Impossible d'analisar lo certificat DER : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:203
 #, c-format
 msgid "Could not parse PEM certificate: %s"
-msgstr "Impossible d'analisar lo certificat PEM : %s"
+msgstr "Impossible d'analisar lo certificat PEM : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:234
 #, c-format
 msgid "Could not parse DER private key: %s"
-msgstr "Impossible d'analisar la clau privada DER : %s"
+msgstr "Impossible d'analisar la clau privada DER : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:265
 #, c-format
 msgid "Could not parse PEM private key: %s"
-msgstr "Impossible d'analisar la clau privada PEM : %s"
+msgstr "Impossible d'analisar la clau privada PEM : %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:304
 msgid "No certificate data provided"
 msgstr "Cap de donada de certificat pas provesida"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
+#: tls/gnutls/gtlsclientconnection-gnutls.c:421
 msgid "Server required TLS certificate"
 msgstr "Lo servidor requerís un certificat TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:323
+#: tls/gnutls/gtlsconnection-gnutls.c:396
 #, c-format
 msgid "Could not create TLS connection: %s"
-msgstr "Impossible de crear una connexion TLS : %s"
+msgstr "Impossible de crear una connexion TLS : %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:585
+#: tls/gnutls/gtlsconnection-gnutls.c:709
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
 msgid "Connection is closed"
 msgstr "La connexion es tampada"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:658
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
+#: tls/gnutls/gtlsconnection-gnutls.c:784
+#: tls/gnutls/gtlsconnection-gnutls.c:2201
 msgid "Operation would block"
 msgstr "L'operacion se poiriá blocar"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:808
-#: ../tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:825
+#: tls/gnutls/gtlsconnection-gnutls.c:1412
+msgid "Socket I/O timed out"
+msgstr "Las entradas/sortidas del connector an expirat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:964
+#: tls/gnutls/gtlsconnection-gnutls.c:997
 msgid "Peer failed to perform TLS handshake"
-msgstr "La negociacion TLS amb lo servidor par a fracassat"
+msgstr "La negociacion TLS amb lo servidor per a fracassat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:826
+#: tls/gnutls/gtlsconnection-gnutls.c:982
 msgid "Peer requested illegal TLS rehandshake"
-msgstr "Lo servidor par a demandat una renegociacion TLS pas autorizada"
+msgstr "Lo servidor per a demandat una renegociacion TLS pas autorizada"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
 msgid "TLS connection closed unexpectedly"
 msgstr "La connexion TLS es estada tampada d'un biais imprevist"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:863
+#: tls/gnutls/gtlsconnection-gnutls.c:1013
 msgid "TLS connection peer did not send a certificate"
-msgstr "Lo par TLS a pas mandat cap de certificat"
+msgstr "Lo per TLS a pas mandat cap de certificat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Error al moment de la negociacion TLS : %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Lo par a enviat una alèrta TLS fatala : %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/gnutls/gtlsconnection-gnutls.c:1027
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Lo messatge es tròp grand per la connexion DTLS ; lo maximum es de %u octet"
+msgstr[1] ""
+"Lo messatge es tròp grand per la connexion DTLS ; lo maximum es de %u octets"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1034
+msgid "The operation timed out"
+msgstr "L’operacion a expirat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1820
+#: tls/gnutls/gtlsconnection-gnutls.c:1871
+#| msgid "Error performing TLS handshake: %s"
+msgid "Error performing TLS handshake"
+msgstr "Error al moment de la negociacion TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1881
 msgid "Server did not return a valid TLS certificate"
 msgstr "Lo servidor a pas renviat cap de certificat TLS valid"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
+#: tls/gnutls/gtlsconnection-gnutls.c:1963
 msgid "Unacceptable TLS certificate"
 msgstr "Certificat TLS inacceptable"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
+#: tls/gnutls/gtlsconnection-gnutls.c:2235
+#: tls/gnutls/gtlsconnection-gnutls.c:2327
+#| msgid "Error reading data from TLS socket: %s"
+msgid "Error reading data from TLS socket"
+msgstr "Error al moment de la lectura de donadas del connector TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2357
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Error al moment de la lectura de donadas del connectador TLS : %s"
+msgid "Receive flags are not supported"
+msgstr "Las bandièras de recepcion son pas presas en carga"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2434
+#: tls/gnutls/gtlsconnection-gnutls.c:2506
+#| msgid "Error writing data to TLS socket: %s"
+msgid "Error writing data to TLS socket"
+msgstr "Error al moment de l'escritura de donadas sul connector TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
+#: tls/gnutls/gtlsconnection-gnutls.c:2476
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Error al moment de l'escritura de donadas sul connectador TLS : %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Un messatge de %lu octet es tròp grand per la connexion DTLS"
+msgstr[1] "Un messatge de %lu octets es tròp grand per la connexion DTLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
+#: tls/gnutls/gtlsconnection-gnutls.c:2478
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Error al moment de la tampadura TLS : %s"
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(lo maximum es de %u octet)"
+msgstr[1] "(lo maximum es de %u octets)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2537
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Las bandièras de mandadís son pas presas en carga"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2640
+#| msgid "Error performing TLS close: %s"
+msgid "Error performing TLS close"
+msgstr "Error al moment de la tampadura TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: tls/gnutls/gtlsserverconnection-gnutls.c:113
 msgid "Certificate has no private key"
 msgstr "Lo certificat a pas cap de clau privada"
 
-#: ../tls/pkcs11/gpkcs11pin.c:111
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
@@ -126,7 +190,7 @@ msgstr ""
 "Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de piuse "
 "siá verrolhada."
 
-#: ../tls/pkcs11/gpkcs11pin.c:113
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -134,23 +198,23 @@ msgstr ""
 "Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo "
 "verrolhatge de la carta de piuse."
 
-#: ../tls/pkcs11/gpkcs11pin.c:115
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Lo PIN picat es incorrècte."
 
-#: ../tls/pkcs11/gpkcs11slot.c:449
+#: tls/pkcs11/gpkcs11slot.c:447
 msgid "Module"
 msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:450
+#: tls/pkcs11/gpkcs11slot.c:448
 msgid "PKCS#11 Module Pointer"
 msgstr "Puntador de modul PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:457
+#: tls/pkcs11/gpkcs11slot.c:455
 msgid "Slot ID"
 msgstr "ID del connectador"
 
-#: ../tls/pkcs11/gpkcs11slot.c:458
+#: tls/pkcs11/gpkcs11slot.c:456
 msgid "PKCS#11 Slot Identifier"
 msgstr "Identificant d'emplaçament PKCS#11"
 

diff --git a/po/pl.po b/po/pl.po
index 1c65377..a1e3390 100644 (file)
--- a/po/pl.po
+++ b/po/pl.po
@@ -1,15 +1,15 @@
 # Polish translation for glib-networking.
-# Copyright © 2011-2016 the glib-networking authors.
+# Copyright © 2011-2019 the glib-networking authors.
 # This file is distributed under the same license as the glib-networking package.
-# Piotr Drąg <piotrdrag@gmail.com>, 2011-2016.
-# Aviary.pl <community-poland@mozilla.org>, 2011-2016.
+# Piotr Drąg <piotrdrag@gmail.com>, 2011-2019.
+# Aviary.pl <community-poland@mozilla.org>, 2011-2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-15 21:53+0000\n"
-"PO-Revision-Date: 2016-08-16 10:35+0200\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-02 10:12+0100\n"
 "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
 "Language-Team: Polish <community-poland@mozilla.org>\n"
 "Language: pl\n"
@@ -19,134 +19,239 @@ msgstr ""
 "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2);\n"
 
-#: proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Wewnętrzny błąd rozwiązywania pośrednika."
 
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Połączenie jest zamknięte"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Działanie zablokowałoby"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Serwer wymaga certyfikatu TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Nie można przetworzyć certyfikatu DER: %s"
 
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Nie można przetworzyć certyfikatu PEM: %s"
 
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Nie można przetworzyć klucza prywatnego DER: %s"
 
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Nie można przetworzyć klucza prywatnego PEM: %s"
 
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nie podano danych certyfikatu"
 
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "Serwer wymaga certyfikatu TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:323
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Nie można utworzyć połączenia TLS: %s"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:585
-msgid "Connection is closed"
-msgstr "Połączenie jest zamknięte"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Nie można wykonać blokującego działania podczas powitania TLS"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:658
-#: tls/gnutls/gtlsconnection-gnutls.c:1537
-msgid "Operation would block"
-msgstr "Działanie zablokowałoby"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Wejście/wyjście gniazda przekroczyło czas oczekiwania"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:808
-#: tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Wykonanie powitania TLS przez partnera się nie powiodło"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:826
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Partner zażądał niedozwolonego ponownego powitania TLS"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "Połączenie TLS zostało nieoczekiwanie zamknięte"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:863
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Partner połączenia TLS nie wysłał certyfikatu"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:1250
-#: tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nieakceptowalny certyfikat TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Partner wysłał krytyczny alarm TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Wykryto atak typu zmniejszenie wersji protokołu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajt"
+msgstr[1] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajty"
+msgstr[2] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajtów"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Działanie przekroczyło czas oczekiwania"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Partner nie obsługuje zabezpieczonej ponownej negocjacji"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Błąd podczas wykonywania powitania TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Błąd podczas odczytywania danych z gniazda TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Flagi odbioru są nieobsługiwane"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Błąd podczas zapisywania danych do gniazda TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Komunikat o %lu bajcie jest za duży dla połączenia DTLS"
+msgstr[1] "Komunikat o %lu bajtach jest za duży dla połączenia DTLS"
+msgstr[2] "Komunikat o %lu bajtach jest za duży dla połączenia DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maksimum to %u bajt)"
+msgstr[1] "(maksimum to %u bajty)"
+msgstr[2] "(maksimum to %u bajtów)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Flagi wysyłki są nieobsługiwane"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Błąd podczas wykonywania zamknięcia TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Wczytanie przechowalni zaufania systemu się nie powiodło: biblioteka GnuTLS "
+"nie została skonfigurowana z zaufaniem systemu"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Wczytanie przechowalni zaufania systemu się nie powiodło: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Certyfikat nie ma klucza prywatnego"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nie można utworzyć kontekstu TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Skrót jest za duży dla klucza RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Błąd podczas wykonywania powitania TLS: %s"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:1363
-msgid "Unacceptable TLS certificate"
-msgstr "Nieakceptowalny certyfikat TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1571
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:1600
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Błąd podczas zapisywania danych do gniazda TLS: %s"
 
-#: tls/gnutls/gtlsconnection-gnutls.c:1664
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Błąd podczas wykonywania zamknięcia TLS: %s"
 
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
-msgid "Certificate has no private key"
-msgstr "Certyfikat nie ma klucza prywatnego"
-
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"To jest ostatnia szansa na poprawne wpisanie kodu PIN przed zablokowaniem "
-"tokena."
-
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Przeprowadzono kilka niepoprawnych prób wpisania kodu PIN. Token zostanie "
-"zablokowany po dalszych niepowodzeniach."
-
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Wpisany kod PIN jest niepoprawny."
-
-#: tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "Moduł"
-
-#: tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "Wskaźnik modułu PKCS#11"
-
-#: tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "Identyfikator gniazda"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Wystąpił problem z certyfikatem: %s"
 
-#: tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identyfikator gniazda PKCS#11"
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Wystąpił problem z kluczem prywatnym certyfikatu: %s"

diff --git a/po/pt_BR.po b/po/pt_BR.po
index d35cf97..d9173d1 100644 (file)
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -1,158 +1,292 @@
 # Brazilian Portuguese translation of glib-networking.
-# Copyright (C) 2012 glib-networking's COPYRIGHT HOLDER
+# Copyright (C) 2019 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
-#
 # André Gondim <In memoriam>, 2011.
 # Djavan Fagundes <djavan@comum.org>, 2011.
 # Jonh Wendell <jwendell@gnome.org>, 2012.
-# Rafael Ferreira <rafael.f.f1@gmail.com>, 2012.
+# Rafael Fontenelle <rafaelff@gnome.org>, 2012-2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-12-09 15:35+0000\n"
-"PO-Revision-Date: 2012-12-02 13:21-0300\n"
-"Last-Translator: Antonio Fernandes C. Neto <fernandesn@gnome.org>\n"
-"Language-Team: Brazilian Portuguese <gnome-pt_br-list@gnome.org>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-06 09:09-0300\n"
+"Last-Translator: Rafael Fontenelle <rafaelff@gnome.org>\n"
+"Language-Team: Portuguese - Brazil <gnome-pt_br-list@gnome.org>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"Plural-Forms: nplurals=2; plural=(n > 1)\n"
+"X-Generator: Gtranslator 3.31.90\n"
+"X-Project-Style: gnome\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Erro interno do resolvedor de proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "A conexão está encerrada"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "A operação bloquearia"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "O servidor requer certificado TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Não foi possível analisar certificado DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Não foi possível analisar certificado PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Não foi possível analisar chave privada DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Não foi possível analisar chave privada PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nenhum dado de certificado fornecido"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "O servidor requer certificado TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:257
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Não foi possível criar conexão TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:518
-msgid "Connection is closed"
-msgstr "A conexão está encerrada"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Não foi possível realizar operação de bloqueio durante negociação TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:580
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1417
-msgid "Operation would block"
-msgstr "A operação bloquearia"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Tempo de E/S do soquete foi esgotado"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:710
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Peer falhou ao realizar negociação TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:727
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "O peer requisitou uma negociação TLS ilegal"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:753
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "Conexão TLS fechou inesperadamente"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:763
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Conexão TLS não enviou um certificado"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1144
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1163
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceitável"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "O peer enviou alerta TLS fatal: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Detectado ataque de downgrade de versão de protocolo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "A mensagem é grande demais para conexão DTLS; máximo é %u byte"
+msgstr[1] "A mensagem é grande demais para conexão DTLS; máximo é %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Tempo da operação foi esgotado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "O peer não possui suporte a negociação segura"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Erro executando negociação TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Erro ao ler dados do soquete TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Não há suporte a recebimento de sinalizadores"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Erro ao gravar dados para o soquete TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+"Uma mensagem de tamanho %lu byte é grande demais para uma conexão DTLS"
+msgstr[1] ""
+"Uma mensagem de tamanho %lu bytes é grande demais para uma conexão DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(máximo é %u byte)"
+msgstr[1] "(máximo é %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Não há suporte a envio de sinalizadores"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Erro ao executar fechamento TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Falha ao carregar o armazenamento de confiança do sistema: GnuTLS não estava "
+"configurado com uma confiança de sistema"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Falha ao carregar armazenamento de confiança do sistema: %s "
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "O certificado não contém nenhuma chave privada"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Não foi possível criar contexto TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Digest grande demais para chave RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
-msgstr "Erro executando negociação TLS: %s"
+msgstr "Erro ao realizar negociação TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1173
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Servidor não retornou certificado TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1248
-msgid "Unacceptable TLS certificate"
-msgstr "Certificado TLS inaceitável"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1440
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "Erro ao ler dados do socket TLS: %s"
+msgstr "Erro ao ler dados do soquete TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1469
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "Erro ao gravar dados do socket TLS: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1513
-msgid "Connection is already closed"
-msgstr "A conexão já está encerrada"
+msgstr "Erro ao gravar dados para o soquete TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1523
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Erro ao executar fechamento TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "O certificado não contém nenhuma chave privada"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Há um problema com o certificado: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Esta é a última chance de digitar o PIN corretamente antes que o token seja "
-"bloqueado."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Há um problema com a chave privada do certificado: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"O PIN foi digitado várias vezes incorretamente, por isso o token será "
-"bloqueado agora."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta é a última chance de digitar o PIN corretamente antes que o token "
+#~ "seja bloqueado."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "O PIN foi digitado várias vezes incorretamente, por isso o token será "
+#~ "bloqueado agora."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN digitado está incorreto."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "O PIN digitado está incorreto."
+#~ msgid "Module"
+#~ msgstr "Módulo"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Módulo"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 Module Pointer"
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Slot ID"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 Slot Identifier"
+#~ msgid "Connection is already closed"
+#~ msgstr "A conexão já está encerrada"

diff --git a/po/ro.po b/po/ro.po
index b41df42..5486ea6 100644 (file)
--- a/po/ro.po
+++ b/po/ro.po
@@ -5,92 +5,288 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
-"eywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2011-03-13 17:14+0000\n"
-"PO-Revision-Date: 2011-03-14 02:02+0200\n"
-"Last-Translator: Lucian Adrian Grijincu <lucian.grijincu@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-02 16:43+0100\n"
+"Last-Translator: Daniel Șerbănescu <daniel [at] serbanescu [dot] dk>\n"
 "Language-Team: Romanian Gnome Team <gnomero-list@lists.sourceforge.net>\n"
 "Language: ro\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
-"20)) ? 1 : 2);;\n"
-"X-Generator: Virtaal 0.6.1\n"
+"20)) ? 1 : 2);\n"
+"X-Generator: Poedit 2.2.1\n"
+"X-Poedit-SourceCharset: UTF-8\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:142
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Eroare internă în rezolvantul proxy."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Conexiunea este închisă"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operația ar bloca"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Serverul necesită certificat TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Nu s-a putut parsa certificatul DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Nu s-a putut parsa certificatul PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:214
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Nu s-a putut parsa cheia privată DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Nu s-a putut parsa cheia privată PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:275
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Nu s-au furnizat date de certificat"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:356
-msgid "Server required TLS certificate"
-msgstr "Serverul necesită certificat TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:241
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Nu s-a putut crea conexiunea TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:479
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Nu se poate efectua operația de blocare în timpul handshake-ului TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "I/O de soclu a depășit limita de timp"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Celălalt capăt al conexiunii nu a reușit să efectueze handshake-ul TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:497
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr ""
 "Celălalt capăt al conexiunii a solicitat ilegal reefectuarea handshake-ului "
 "TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:511
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "Conexiunea TLS a fost închisă în mod neașteptat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:799
-#: ../tls/gnutls/gtlsconnection-gnutls.c:825
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Eroare în timp ce se efectua handshake-ul TLS: %s"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
+msgid "TLS connection peer did not send a certificate"
+msgstr "Partenerul conexiunii TLS nu a trimis un certificat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:876
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
 msgid "Unacceptable TLS certificate"
 msgstr "Certificat TLS inacceptabil"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1023
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Partenerul a trimis o alertă TLS fatală: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Atac de retrogradare a versiunii protocolului detectat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Mesajul este prea mare pentru conexiunea DTLS; maxim este %u octet"
+msgstr[1] "Mesajul este prea mare pentru conexiunea DTLS; maxim este %u octeți"
+msgstr[2] ""
+"Mesajul este prea mare pentru conexiunea DTLS; maxim este %u de octeți"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Operația a depășit limita de timp"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Partenerul nu suportă renegociere în siguranță"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Eroare la executarea handshake-ului TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Eroare la citirea datelor de la soclul TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Fanioanele de primire nu sunt suportate"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Eroare la scrierea datelor la soclul TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+"Mesajul de dimensiunea %lu octet este prea mare pentru conexiunea DTLS"
+msgstr[1] ""
+"Mesajul de dimensiunea %lu octeți este prea mare pentru conexiunea DTLS"
+msgstr[2] ""
+"Mesajul de dimensiunea %lu de octeți este prea mare pentru conexiunea DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maxim este %u octet)"
+msgstr[1] "(maxim este %u octeți)"
+msgstr[2] "(maxim este %u de octeți)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Trimite fanioanele care nu sunt suportate"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Eroare la executarea închiderii TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Nu s-a putut încărca stocarea de încredere a sistemului: GnuTLS nu a fost "
+"configurat cu o încredere de sistem"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Nu s-a putut încărca stocarea de încredere a sistemului: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Certificatul nu are nicio cheie privată"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nu s-a putut crea contextul TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Extras prea mare pentru cheia RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Eroare la executarea handshake-ului TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
+msgid "Server did not return a valid TLS certificate"
+msgstr "Serverul nu a întors un certificat TLS valid"
+
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "Eroare la citirea datelor din socketul TLS: %s"
+msgstr "Eroare la citirea datelor de la soclul TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1049
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "Eroare la scrierea datelor în socketul TLS: %s"
+msgstr "Eroare la scrierea datelor la soclul TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1095
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
-msgstr "Eroare la închiderea TLS: %s"
+msgstr "Eroare la executarea închiderii TLS: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Este o problemă la certificatul: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Este o problemă la cheia privată a certificatului: %s"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Aceasta este ultima șansă de a introduce PIN-ul corect înainte ca jetonul "
+#~ "să fie blocat."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Mai multe încercări de introducere a PIN-ului au fost incorecte, și "
+#~ "jetonul va fi blocat după alte eșecuri."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "PIN-ul introdus nu este corect."
+
+#~ msgid "Module"
+#~ msgstr "Modul"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Pointer de modul PKCS#11"
+
+#~ msgid "Slot ID"
+#~ msgstr "ID slot"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificator de slot PKCS#11"

diff --git a/po/ru.po b/po/ru.po
index aa4c676..ab6df08 100644 (file)
--- a/po/ru.po
+++ b/po/ru.po
@@ -3,156 +3,276 @@
 # This file is distributed under the same license as the glib-networking package.
 # Pavel Dmitriev <Kitchenknif@gmail.com>, 2011.
 # Yuri Myasoedov <omerta13@yandex.ru>, 2012.
+# Stas Solovey <whats_up@tut.by>, 2016, 2017, 2018.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-03-17 13:55+0000\n"
-"PO-Revision-Date: 2013-03-17 23:11+0400\n"
-"Last-Translator: Dmitriy S. Seregin <dseregin@59.ru>\n"
-"Language-Team: русский <gnome-cyr@gnome.org>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"PO-Revision-Date: 2019-02-28 20:29+0300\n"
+"Last-Translator: Stas Solovey <whats_up@tut.by>\n"
+"Language-Team: Русский <gnome-cyr@gnome.org>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Poedit 1.5.5\n"
+"X-Generator: Poedit 2.2.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Внутренняя ошибка распознавателя прокси."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Соединение закрыто"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Действие будет заблокировано"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Сервер требует сертификат TLS"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Не удалось обработать сертификат DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Не удалось обработать сертификат PER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Не удалось обработать личный ключ DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Не удалось обработать личный ключ PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Данные сертификата не предоставлены"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Сервер требует сертификат TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:537
+#: tls/openssl/gtlsserverconnection-openssl.c:401
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Не удалось создать соединение TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "Соединение закрыто"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
-msgid "Operation would block"
-msgstr "Действие будет заблокировано"
+#: tls/gnutls/gtlsconnection-gnutls.c:858
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+msgid "Socket I/O timed out"
+msgstr "Превышено время ожидания ввода-вывода сокета"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Узлу не удалось квитировать выполнение связи TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1021
+#: tls/openssl/gtlsconnection-openssl.c:234
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Узел запросил недопустимое повторное квитирование связи TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:1042
 msgid "TLS connection closed unexpectedly"
 msgstr "Соединение TLS неожиданно закрылось"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:171
 msgid "TLS connection peer did not send a certificate"
 msgstr "Узел, с которым производится TLS-соединение, не предоставил сертификат"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:2160
+#: tls/openssl/gtlsconnection-openssl.c:416
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Недопустимый сертификат TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Узел отправил фатальное предупреждение TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1076
+msgid "Protocol version downgrade attack detected"
+msgstr "Обнаружена атака основанная на понижении версии протокола"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Слишком большое сообщение для соединения DTLS; максимум %u байт"
+msgstr[1] "Слишком большое сообщение для соединения DTLS; максимум %u байта"
+msgstr[2] "Слишком большое сообщение для соединения DTLS; максимум %u байт"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+msgid "The operation timed out"
+msgstr "Превышено время ожидания операции"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1981
+msgid "Peer does not support safe renegotiation"
+msgstr "Пир не поддерживает безопасное песогласование"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2008
+#: tls/gnutls/gtlsconnection-gnutls.c:2058
+msgid "Error performing TLS handshake"
+msgstr "Ошибка выполнения квитирования связи TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2510
+#: tls/gnutls/gtlsconnection-gnutls.c:2602
+msgid "Error reading data from TLS socket"
+msgstr "Ошибка чтения данных из сокета TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Флаги приема не поддерживаются"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2709
+#: tls/gnutls/gtlsconnection-gnutls.c:2781
+msgid "Error writing data to TLS socket"
+msgstr "Ошибка записи данных в сокет TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Сообщение размером %lu байт слишком велико для соединения DTLS"
+msgstr[1] "Сообщение размером %lu байта слишком велико для соединения DTLS"
+msgstr[2] "Сообщение размером %lu байт слишком велико для соединения DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(максимум %u байт)"
+msgstr[1] "(максимум %u байта)"
+msgstr[2] "(максимум %u байт)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Флаги отправки не поддерживаются"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2915
+msgid "Error performing TLS close"
+msgstr "Ошибка закрытия TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Не удалось загрузить хранилище системного доверия: GnuTLS не было настроено "
+"с помощью системного доверия"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Не удалось загрузить хранилище системного доверия: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgid "Certificate has no private key"
+msgstr "У сертификата нет секретного ключа"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:486
+#: tls/openssl/gtlsserverconnection-openssl.c:292
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не удалось создать контекст TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:179
+msgid "Digest too big for RSA key"
+msgstr "Слишком большой дайджест для ключа RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:243
+#: tls/openssl/gtlsconnection-openssl.c:376
 #, c-format
 msgid "Error performing TLS handshake: %s"
-msgstr "Ð\9eÑ\88ибка вÑ\8bполнениÑ\8f квиÑ\82иÑ\80ованиÑ\8f Ñ\81вÑ\8fзи TLS: %s"
+msgstr "Ð\9eÑ\88ибка пÑ\80и вÑ\8bполнении квиÑ\82иÑ\80ованиÑ\8f TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: tls/openssl/gtlsconnection-openssl.c:386
 msgid "Server did not return a valid TLS certificate"
 msgstr "Сертификат TLS, возвращённый сервером, не является подлинным"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
-msgid "Unacceptable TLS certificate"
-msgstr "Недопустимый сертификат TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/openssl/gtlsconnection-openssl.c:500
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Ошибка чтения данных из сокета TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/openssl/gtlsconnection-openssl.c:526
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Ошибка записи данных в сокет TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "Соединение было закрыто ранее"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:552
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Ошибка закрытия TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "У сертификата нет секретного ключа"
+#: tls/openssl/gtlsserverconnection-openssl.c:335
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Возникла проблема с приватным ключом сертификата: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Это — последняя возможность ввести корректный PIN перед тем, как токен будет "
-"заблокирован."
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Возникла проблема с сертификатом: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"PIN был несколько раз введён неправильно, токен будет заблокирован после "
-"последующих неудачных попыток."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Это — последняя возможность ввести корректный PIN перед тем, как токен "
+#~ "будет заблокирован."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "PIN был несколько раз введён неправильно, токен будет заблокирован после "
+#~ "последующих неудачных попыток."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Введён неверный PIN."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Введён неверный PIN."
+#~ msgid "Module"
+#~ msgstr "Модуль"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Модуль"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Указатель модуля PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Указатель модуля PKCS#11"
+#~ msgid "Slot ID"
+#~ msgstr "ID слота"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID слота"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Идентификатор слота PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Идентификатор слота PKCS#11"
+#~ msgid "Connection is already closed"
+#~ msgstr "Соединение было закрыто ранее"

diff --git a/po/sk.po b/po/sk.po
index 24d5d47..6e2c46f 100644 (file)
--- a/po/sk.po
+++ b/po/sk.po
@@ -6,120 +6,188 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-03-23 16:43+0000\n"
-"PO-Revision-Date: 2013-03-24 13:14+0100\n"
-"Last-Translator: Richard Stanislavský <kenny.vv@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2018-07-27 21:02+0000\n"
+"PO-Revision-Date: 2018-11-04 12:28+0100\n"
+"Last-Translator: Dušan Kazik <prescott66@gmail.com>\n"
 "Language-Team: Slovak <gnome-sk-list@gnome.org>\n"
 "Language: sk\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1) ? 1 : (n>=2 && n<=4) ? 2 : 0;\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 2.2\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Vnútorná chyba sprostredkovateľa."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:182
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Nepodarilo sa analyzovať certifikát v kodovaní DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:203
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Nepodarilo sa analyzovať certifikát v kodovaní PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:234
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní DER: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:265
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní PEM: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:304
 msgid "No certificate data provided"
 msgstr "Nie sú dostupné údaje certifikátu"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:447
 msgid "Server required TLS certificate"
 msgstr "Server požaduje certifikát pre TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:398
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Nepodarilo sa vytvoriť pripojenie s použitím TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: tls/gnutls/gtlsconnection-gnutls.c:711
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
 msgid "Connection is closed"
 msgstr "Pripojenie je ukončené"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
-msgid "Operation would block"
-msgstr "Operácia by blokovala"
+#: tls/gnutls/gtlsconnection-gnutls.c:828
+#: tls/gnutls/gtlsconnection-gnutls.c:1432
+msgid "Socket I/O timed out"
+msgstr "Čas vstupno/výstupného soketu vypršal"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/gnutls/gtlsconnection-gnutls.c:1006
 msgid "Peer failed to perform TLS handshake"
 msgstr "Partner zlyhal pri vzájomnom spoznaní pomocou TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:991
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Partner žiadal nelegálne opätovné vzájomné spoznanie pomocou TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:1012
 msgid "TLS connection closed unexpectedly"
 msgstr "Pripojenie pomocou TLS bolo nečakane ukončené"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:1022
 msgid "TLS connection peer did not send a certificate"
 msgstr "Partner neposlal certifikát pre pripojenie TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:1028
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Chyba vzájomného spoznania s použitím TLS: %s"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Partner odoslal závažnú výstrahu TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: tls/gnutls/gtlsconnection-gnutls.c:1040
+msgid "Protocol version downgrade attack detected"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1047
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajtov."
+msgstr[1] ""
+"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajt."
+msgstr[2] ""
+"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum sú %u bajty."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1054
+msgid "The operation timed out"
+msgstr "Čas operácie vypršal"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1820
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1847
+#: tls/gnutls/gtlsconnection-gnutls.c:1899
+msgid "Error performing TLS handshake"
+msgstr "Chyba vzájomného spoznania s použitím TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1909
 msgid "Server did not return a valid TLS certificate"
 msgstr "Server nevrátil platný certifikát pre TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
+#: tls/gnutls/gtlsconnection-gnutls.c:1991
 msgid "Unacceptable TLS certificate"
 msgstr "Neprijateľný certifikát pre TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/gnutls/gtlsconnection-gnutls.c:2264
+#: tls/gnutls/gtlsconnection-gnutls.c:2356
+msgid "Error reading data from TLS socket"
+msgstr "Chyba pri čítaní údajov zo soketu s použitím TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2386
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Prijímanie značiek nie je podporované"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2463
+#: tls/gnutls/gtlsconnection-gnutls.c:2535
+msgid "Error writing data to TLS socket"
+msgstr "Chyba pri zapisovaní údajov do soketu s použitím TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2505
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Chyba pri čítaní údajov zo soketu s použitím TLS: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
+"Správa o veľkosti %lu bajtov je príliš veľká pre pripojenie s použitím DTLS"
+msgstr[1] ""
+"Správa o veľkosti %lu bajt je príliš veľká pre pripojenie s použitím DTLS"
+msgstr[2] ""
+"Správa o veľkosti %lu bajty je príliš veľká pre pripojenie s použitím DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2507
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maximum je %u bajtov)"
+msgstr[1] "(maximum je %u bajt)"
+msgstr[2] "(maximum sú %u bajty)"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/gnutls/gtlsconnection-gnutls.c:2566
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Chyba pri zapisovaní údajov do soketu s použitím TLS: %s"
+msgid "Send flags are not supported"
+msgstr "Odosielanie značiek nie je podporované"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2669
+msgid "Error performing TLS close"
+msgstr "Chyba pri uzatváraní spojenia s použitím TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "Pripojenie je už ukončené"
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Zlyhalo načítanie systémového dôveryhodného úložiska: GnuTLS nebolo "
+"nakonfigurované so systémovou dôveryhodnosťou"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Chyba pri uzatváraní spojenia s použitím TLS: %s"
+msgid "Failed to load system trust store: %s"
+msgstr "Zlyhalo načítanie systémového dôveryhodného úložiska: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
 msgid "Certificate has no private key"
 msgstr "Certifikát nemá súkromný kľúč"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
@@ -127,7 +195,7 @@ msgstr ""
 "Toto je posledná možnosť na vloženie správneho kódu PIN predtým, ako bude "
 "token uzamknutý."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -135,22 +203,28 @@ msgstr ""
 "Niekoľko pokusov zadať kód PIN bolo nesprávnych, po niekoľkých ďalších "
 "nesprávnych pokusoch bude token uzamknutý."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Vložený kód PIN je nesprávny."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:447
 msgid "Module"
 msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:448
 msgid "PKCS#11 Module Pointer"
 msgstr "Ukazovateľ na modul štandardu PKCS č.11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:455
 msgid "Slot ID"
 msgstr "Identifikátor slotu"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:456
 msgid "PKCS#11 Slot Identifier"
 msgstr "Idntifikátor slotu štandardu PKCS č.11"
+
+#~ msgid "Operation would block"
+#~ msgstr "Operácia by blokovala"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Pripojenie je už ukončené"

diff --git a/po/sl.po b/po/sl.po
index 0bae053..e6bcf2f 100644 (file)
--- a/po/sl.po
+++ b/po/sl.po
@@ -3,156 +3,298 @@
 # This file is distributed under the same license as the glib-networking package.
 #
 # Klemen Košir <klemen.kosir@gmx.com>, 2011.
+# Matej Urbančič <mateju@svn.gnome.org>, + 2017–2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-12-18 01:26+0000\n"
-"PO-Revision-Date: 2012-12-18 08:24+0100\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 16:15+0000\n"
+"PO-Revision-Date: 2019-03-02 21:04+0100\n"
 "Last-Translator: Matej Urbančič <mateju@svn.gnome.org>\n"
 "Language-Team: Slovenian GNOME Translation Team <gnome-si@googlegroups.com>\n"
-"Language: sl\n"
+"Language: sl_SI\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n"
 "%100==4 ? 3 : 0);\n"
 "X-Poedit-SourceCharset: utf-8\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 2.0.6\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Notranja napaka razreševalnika posredniškega strežnika."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Povezava je zaprta"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Opravilo bi zaustavilo delovanje"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Strežnik zahteva potrdilo TLS."
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
-msgstr "Zasebnega potrdila DER ni mogoče razčleniti: %s"
+msgstr "Potrdila DER ni mogoče razčleniti: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
-msgstr "Zasebnega potrdila PEM ni mogoče razčleniti: %s"
+msgstr "Potrdila PEM ni mogoče razčleniti: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Zasebnega ključa DER ni mogoče razčleniti: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Zasebnega ključa PEM ni mogoče razčleniti: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
-msgstr "Podatki o potrdilu niso bili podani"
+msgstr "Podatki potrdila niso podani"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Strežnik potrebuje potrdilo TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:257
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Povezave TLS ni mogoče ustvariti: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:518
-msgid "Connection is closed"
-msgstr "Povezava je zaprta"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ni mogoče izvesti opravila med izvajanjem izmenjave signalov TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:580
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1417
-msgid "Operation would block"
-msgstr "Opravilo bi zaustavilo delovanje"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Vtič V/I naprave je časovno potekel"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:710
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Soležniku ni uspelo izvesti izmenjave signalov TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:727
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Soležnik je zahteval nedovoljeno ponovno izmenjavo signalov TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:753
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
-msgstr "Povezava TLS se je nepričakovano zaprla"
+msgstr "Povezava TLS je nepričakovano končana"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:763
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Povezani soležnik ni vrnil veljavnega potrdila TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1144
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1163
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nesprejemljivo potrdilo TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Soležnik vrača usodno opozorilo TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Zaznan je napad ponižanja različice protokola"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u "
+"bajtov."
+msgstr[1] ""
+"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajt."
+msgstr[2] ""
+"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajta."
+msgstr[3] ""
+"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajti."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Opravilo je časovno poteklo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Soležnik ne omogoča varnega usklajevanja"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Napaka med izvajanjem izmenjave signalov TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Napaka med branjem podatkov iz vtiča TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Prejemanje zastavic ni podprto"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Napaka med zapisovanjem podatkov v vtič TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS."
+msgstr[1] "Sporočilo velikosti %lu bajta je preveliko za povezavo DTLS."
+msgstr[2] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS."
+msgstr[3] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(največ %u bajtov)"
+msgstr[1] "(največ %u bajt)"
+msgstr[2] "(največ %u bajta)"
+msgstr[3] "(največ %u bajti)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Pošiljanje zastavic ni podprto"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Napaka med izvajanjem zapiranja TLS"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Nalaganje varne sistemske shrambe je spodletelo: protokol GnuTLS ni ustrezno "
+"nastavljen"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Nalaganje varne sistemske shrambe je spodletelo: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Potrdilo nima določenega zasebnega ključa"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Povezave TLS ni mogoče ustvariti: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Povzetek je preobsežen za ključ RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Napaka med izvajanjem izmenjave signalov TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1173
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Strežnik ni vrnil veljavnega potrdila TLS"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1248
-msgid "Unacceptable TLS certificate"
-msgstr "Nesprejemljivo potrdilo TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1440
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Napaka med branjem podatkov iz vtiča TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1469
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Napaka med zapisovanjem podatkov v vtič TLS: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1513
-msgid "Connection is already closed"
-msgstr "Povezava je že zaprta"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1523
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Napaka med izvajanjem zapiranja TLS: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Potrdilo nima določenega zasebnega ključa"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Prišlo je do napake med uporabo potrdila: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"To je zadnja priložnost za pravilen vnos gesla PIN preden se dostop "
-"popolnoma zaklene."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Prišlo je do napake v zasebnem ključu potrdila: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Več poskusov vnosa gesla PIN je bilo neuspešnih. Vnos bo po ponovni napaki "
-"popolnoma zakljenjen."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "To je zadnja priložnost za pravilen vnos gesla PIN, preden se dostop "
+#~ "popolnoma zaklene."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Izvedenih je bilo več neuspešnih poskusov vnosa gesla PIN! Možnost vnosa "
+#~ "bo ob ponovni napaki popolnoma onemogočena."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Vneseno geslo PIN ni pravilno."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Vneseno geslo PIN je nepravilno."
+#~ msgid "Module"
+#~ msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Kazalnik odkodirnika PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Kazalnik odkodirnika PKCS#11"
+#~ msgid "Slot ID"
+#~ msgstr "ID odkodirnika"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID odkodirnika"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Določilo odkodirnika PKCS#11"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Določilo odkodirnika PKCS#11"
+#~ msgid "Connection is already closed"
+#~ msgstr "Povezava je že zaprta"

diff --git a/po/sr.po b/po/sr.po
index e79a843..cf3b8e5 100644 (file)
--- a/po/sr.po
+++ b/po/sr.po
@@ -1,156 +1,293 @@
 # Serbian translation of glib-networking
-# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2013.
+# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2017.
 # This file is distributed under the same license as the glib-networking package.
-# Мирослав Николић <miroslavnikolic@rocketmail.com>, 2011, 2012, 2013.
+# Мирослав Николић <miroslavnikolic@rocketmail.com>, 2011—2017.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
-"eywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-01-18 11:59+0200\n"
-"Last-Translator: Ð\9cиÑ\80оÑ\81лав Ð\9dиколиÑ\9b <miroslavnikolic@rocketmail.com>\n"
-"Language-Team: Serbian <gnom@prevod.org>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-02 22:37+0100\n"
+"Last-Translator: Ð\9cаÑ\80ко Ð\9c. Ð\9aоÑ\81Ñ\82иÑ\9b <marko.m.kostic@gmail.com>\n"
+"Language-Team: српски <gnome-sr@googlegroups.org>\n"
 "Language: sr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : "
-"n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n"
+"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
 "X-Project-Style: gnome\n"
+"X-Generator: Poedit 2.2\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Унутрашња грешка решавача посредника."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Веза је затворена"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Поступак би блокирао"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "ТЛС уверење које захтева сервер"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Не могу да обрадим ДЕР уверење: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Не могу да обрадим ПЕМ уверење: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Не могу да обрадим приватни ДЕР кључ: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Не могу да обрадим приватни ПЕМ кључ: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Нису обезбеђени подаци уверења"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "ТЛС уверење које захтева сервер"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Не могу да направим ТЛС везу: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
-msgid "Connection is closed"
-msgstr "Веза је затворена"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Не могу да извршим блокирајућу радњу током ТЛС руковања"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
-msgid "Operation would block"
-msgstr "Ð\9fоÑ\81Ñ\82Ñ\83пак би блокиÑ\80ао"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Ð\98Ñ\81Ñ\82екло вÑ\80еме У/Ð\98 Ñ\83Ñ\82иÑ\87ниÑ\86е"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Парњак није успео да изврши ТЛС руковање"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Парњак је затражио илегално ТЛС поновно руковање"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "ТЛС веза је неочекивано затворена"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "Парњак ТЛС везе није послао уверење"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Грешка у извршавању ТЛС руковања: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
 msgid "Unacceptable TLS certificate"
 msgstr "Неприхватљиво ТЛС уверење"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Парњак је послао кобно ТЛС упозорење: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Уочен је напад уназађивања издања протокола"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Порука је предугачка за ДТЛС везу, највише је дозвољен %u бајт"
+msgstr[1] "Порука је предугачка за ДТЛС везу, највише је дозвољено %u бајта"
+msgstr[2] "Порука је предугачка за ДТЛС везу, највише је дозвољено %u бајтова"
+msgstr[3] "Порука је предугачка за ДТЛС везу, највише је дозвољен један бајт"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Време извршавања радње је истекло"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Парњак не подржава безбедно поновно преговарање"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Грешка у извршавању ТЛС руковања"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Грешка приликом читања података са ТЛС прикључка"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Пријемне заставице нису подржане"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Грешка приликом уписивања података у ТЛС прикључак"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Порука од %lu бајт је предугачка за ДТЛС везу"
+msgstr[1] "Порука од %lu бајта је предугачка за ДТЛС везу"
+msgstr[2] "Порука од %lu бајтова је предугачка за ДТЛС везу"
+msgstr[3] "Порука од једног бајта је предугачка за ДТЛС везу"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(највише %u бајт)"
+msgstr[1] "(највише %u бајта)"
+msgstr[2] "(највише %u бајтова)"
+msgstr[3] "(највише један бајт)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Отпремне заставице нису подржане"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Грешка у извршавању ТЛС затварања"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Нисам успео да учитам системско складиште уверења: Гну-ТЛС није подешен са "
+"системским уверењем"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Нисам успео да учитам системско складиште уверења: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Уверење нема приватни кључ"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не могу да направим ТЛС контекст: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Збирка је превелика за РСА кључ"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Грешка у извршавању ТЛС руковања: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Сервер није вратио исправно ТЛС уверење"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Грешка приликом читања података са ТЛС прикључка: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Грешка приликом уписивања података у ТЛС прикључак: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Веза је већ затворена"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Грешка у извршавању ТЛС затварања: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Уверење нема приватни кључ"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Постоји проблем са сертификатом: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Ово је последња прилика да исправно унесете ПИН пре него што карика буде "
-"закључана."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Постоји проблем са приватним кључем сертификата: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Неколико унешених ПИН-ова је било неисправно, и зато ће карика бити "
-"закључана након будућих неуспеха."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Ово је последња прилика да исправно унесете ПИН пре него што карика буде "
+#~ "закључана."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Неколико унешених ПИН-ова је било неисправно, и зато ће карика бити "
+#~ "закључана након будућих неуспеха."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Унешени ПИН је погрешан."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Унешени ПИН је погрешан."
+#~ msgid "Module"
+#~ msgstr "Модул"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Модул"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Указивач ПКЦС#11 модула"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Указивач ПКЦС#11 модула"
+#~ msgid "Slot ID"
+#~ msgstr "ИБ слота"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ИБ слота"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Одредник ПКЦС#11 слота"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Одредник ПКЦС#11 слота"
+#~ msgid "Connection is already closed"
+#~ msgstr "Веза је већ затворена"

diff --git a/po/sr@latin.po b/po/sr@latin.po
index 5b7cb3d..37b865d 100644 (file)
--- a/po/sr@latin.po
+++ b/po/sr@latin.po
@@ -1,125 +1,172 @@
 # Serbian translation of glib-networking
-# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2013.
+# Courtesy of Prevod.org team (http://prevod.org/) -- 2012—2017.
 # This file is distributed under the same license as the glib-networking package.
-# Miroslav Nikolić <miroslavnikolic@rocketmail.com>, 2011, 2012, 2013.
+# Miroslav Nikolić <miroslavnikolic@rocketmail.com>, 2011—2017.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
-"eywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2013-01-18 11:59+0200\n"
-"Last-Translator: Miroslav Nikolić <miroslavnikolic@rocketmail.com>\n"
-"Language-Team: Serbian <gnom@prevod.org>\n"
-"Language: sr@latin\n"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2018-02-16 16:43+0000\n"
+"PO-Revision-Date: 2018-02-21 21:47+0100\n"
+"Last-Translator: Marko M. Kostić <marko.m.kostic@gmail.com>\n"
+"Language-Team: srpski <gnome-sr@googlegroups.org>\n"
+"Language: sr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : "
-"n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n"
+"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
 "X-Project-Style: gnome\n"
+"X-Generator: Poedit 2.0.6\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Unutrašnja greška rešavača posrednika."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:182
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Ne mogu da obradim DER uverenje: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:203
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Ne mogu da obradim PEM uverenje: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:234
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Ne mogu da obradim privatni DER ključ: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:265
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Ne mogu da obradim privatni PEM ključ: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:304
 msgid "No certificate data provided"
 msgstr "Nisu obezbeđeni podaci uverenja"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:398
 msgid "Server required TLS certificate"
 msgstr "TLS uverenje koje zahteva server"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:392
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Ne mogu da napravim TLS vezu: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: tls/gnutls/gtlsconnection-gnutls.c:697
 msgid "Connection is closed"
 msgstr "Veza je zatvorena"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
+#: tls/gnutls/gtlsconnection-gnutls.c:772
+#: tls/gnutls/gtlsconnection-gnutls.c:2184
 msgid "Operation would block"
 msgstr "Postupak bi blokirao"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: tls/gnutls/gtlsconnection-gnutls.c:813
+#: tls/gnutls/gtlsconnection-gnutls.c:1400
+msgid "Socket I/O timed out"
+msgstr "Isteklo vreme U/I utičnice"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:952
+#: tls/gnutls/gtlsconnection-gnutls.c:985
 msgid "Peer failed to perform TLS handshake"
 msgstr "Parnjak nije uspeo da izvrši TLS rukovanje"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: tls/gnutls/gtlsconnection-gnutls.c:970
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Parnjak je zatražio ilegalno TLS ponovno rukovanje"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: tls/gnutls/gtlsconnection-gnutls.c:991
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS veza je neočekivano zatvorena"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1001
 msgid "TLS connection peer did not send a certificate"
 msgstr "Parnjak TLS veze nije poslao uverenje"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:1007
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Greška u izvršavanju TLS rukovanja: %s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
-msgid "Unacceptable TLS certificate"
-msgstr "Neprihvatljivo TLS uverenje"
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Parnjak je poslao kobno TLS upozorenje: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: tls/gnutls/gtlsconnection-gnutls.c:1015
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Poruka je predugačka za DTLS vezu, najviše je dozvoljen %u bajt"
+msgstr[1] "Poruka je predugačka za DTLS vezu, najviše je dozvoljeno %u bajta"
+msgstr[2] "Poruka je predugačka za DTLS vezu, najviše je dozvoljeno %u bajtova"
+msgstr[3] "Poruka je predugačka za DTLS vezu, najviše je dozvoljen jedan bajt"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1022
+msgid "The operation timed out"
+msgstr "Vreme izvršavanja radnje je isteklo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1808
+#: tls/gnutls/gtlsconnection-gnutls.c:1859
+msgid "Error performing TLS handshake"
+msgstr "Greška u izvršavanju TLS rukovanja"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1869
 msgid "Server did not return a valid TLS certificate"
 msgstr "Server nije vratio ispravno TLS uverenje"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
-#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Greška prilikom čitanja podataka sa TLS priključka: %s"
+#: tls/gnutls/gtlsconnection-gnutls.c:1946
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljivo TLS uverenje"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2218
+#: tls/gnutls/gtlsconnection-gnutls.c:2310
+msgid "Error reading data from TLS socket"
+msgstr "Greška prilikom čitanja podataka sa TLS priključka"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: tls/gnutls/gtlsconnection-gnutls.c:2340
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Greška prilikom upisivanja podataka u TLS priključak: %s"
+msgid "Receive flags are not supported"
+msgstr "Prijemne zastavice nisu podržane"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
-msgid "Connection is already closed"
-msgstr "Veza je već zatvorena"
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2417
+#: tls/gnutls/gtlsconnection-gnutls.c:2489
+msgid "Error writing data to TLS socket"
+msgstr "Greška prilikom upisivanja podataka u TLS priključak"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: tls/gnutls/gtlsconnection-gnutls.c:2459
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Poruka od %lu bajt je predugačka za DTLS vezu"
+msgstr[1] "Poruka od %lu bajta je predugačka za DTLS vezu"
+msgstr[2] "Poruka od %lu bajtova je predugačka za DTLS vezu"
+msgstr[3] "Poruka od jednog bajta je predugačka za DTLS vezu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2461
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Greška u izvršavanju TLS zatvaranja: %s"
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(najviše %u bajt)"
+msgstr[1] "(najviše %u bajta)"
+msgstr[2] "(najviše %u bajtova)"
+msgstr[3] "(najviše jedan bajt)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2520
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Otpremne zastavice nisu podržane"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2623
+msgid "Error performing TLS close"
+msgstr "Greška u izvršavanju TLS zatvaranja"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:111
 msgid "Certificate has no private key"
 msgstr "Uverenje nema privatni ključ"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
@@ -127,7 +174,7 @@ msgstr ""
 "Ovo je poslednja prilika da ispravno unesete PIN pre nego što karika bude "
 "zaključana."
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
@@ -135,22 +182,25 @@ msgstr ""
 "Nekoliko unešenih PIN-ova je bilo neispravno, i zato će karika biti "
 "zaključana nakon budućih neuspeha."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "Unešeni PIN je pogrešan."
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:447
 msgid "Module"
 msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:448
 msgid "PKCS#11 Module Pointer"
 msgstr "Ukazivač PKCS#11 modula"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:455
 msgid "Slot ID"
 msgstr "IB slota"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:456
 msgid "PKCS#11 Slot Identifier"
 msgstr "Odrednik PKCS#11 slota"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Veza je već zatvorena"

diff --git a/po/sv.po b/po/sv.po
index 8888e86..6d23c8e 100644 (file)
--- a/po/sv.po
+++ b/po/sv.po
@@ -1,156 +1,288 @@
 # Swedish translation for glib-networking.
-# Copyright © 2011, 2014 Free Software Foundation, Inc.
+# Copyright © 2011, 2014, 2017, 2018, 2019 Free Software Foundation, Inc.
 # This file is distributed under the same license as the glib-networking package.
 # Daniel Nylander <po@danielnylander.se>, 2011.
-# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2014.
+# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2014, 2017, 2018, 2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2014-05-16 17:51+0000\n"
-"PO-Revision-Date: 2014-05-17 00:56+0100\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-02 17:14+0100\n"
 "Last-Translator: Anders Jonsson <anders.jonsson@norsjovallen.se>\n"
 "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
 "Language: sv\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.6.4\n"
+"X-Generator: Poedit 2.2.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "Internt fel i proxyuppslag."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Anslutningen är stängd"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Operationen skulle blockera"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Servern krävde TLS-certifikat"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "Kunde inte tolka DER-certifikat: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "Kunde inte tolka PEM-certifikat: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "Kunde inte tolka privat DER-nyckel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "Kunde inte tolka privat PEM-nyckel: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
-msgstr "Inget certifikatdata tillhandahölls"
-
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
-msgid "Server required TLS certificate"
-msgstr "Servern krävde TLS-certifikat"
+msgstr "Inga certifikatdata tillhandahölls"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "Kunde inte skapa TLS-anslutning: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:531
-msgid "Connection is closed"
-msgstr "Anslutningen är stängd"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Kan inte utföra blockerande åtgärd under TLS-handskakning"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1465
-msgid "Operation would block"
-msgstr "Operationen skulle blockera"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "Tidsgräns för in/ut på uttaget överskreds"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:733
-#: ../tls/gnutls/gtlsconnection-gnutls.c:772
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
 msgstr "Motparten misslyckades med att genomföra TLS-handskakning"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:751
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "Motparten begärde otillåten TLS-återhandskakning"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:778
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS-anslutningen stängdes oväntat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:788
-#| msgid "TLS connection closed unexpectedly"
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS-anslutningens motpart sände inte ett certifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1178
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1211
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Ej acceptabelt TLS-certifikat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Motparten sände ödesdiger TLS-varning: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "Protokollversionsnedgraderingsattack upptäcktes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Meddelandet är för stort för DTLS-anslutning, max är %u byte"
+msgstr[1] "Meddelandet är för stort för DTLS-anslutning, max är %u byte"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "Åtgärdens tidsgräns överskreds"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Motparten stöder inte säker omförhandling"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "Fel vid genomförande av TLS-handskakning"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "Fel vid läsning av data från TLS-uttag"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Mottagningsflaggor stöds inte"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "Fel vid skrivning av data till TLS-uttag"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Meddelande med storleken %lu byte är för stort för DTLS-anslutning"
+msgstr[1] "Meddelande med storleken %lu byte är för stort för DTLS-anslutning"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maximum är %u byte)"
+msgstr[1] "(maximum är %u byte)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Sändflaggor stöds inte"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "Fel vid genomförande av TLS-stängning"
+
+# osäker
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Misslyckades med att läsa in systemets trust store: GnuTLS konfigurerades "
+"inte med en system trust"
+
+# osäker
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Misslyckades med att läsa in systemets trust store: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Certifikatet har ingen privat nyckel"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Kunde inte skapa TLS-kontext: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "Sammandrag för stort för RSA-nyckel"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "Fel vid genomförande av TLS-handskakning: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
-#| msgid "Server required TLS certificate"
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Servern returnerade inte ett giltigt TLS-certifikat"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1296
-msgid "Unacceptable TLS certificate"
-msgstr "Ej acceptabelt TLS-certifikat"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1499
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
 msgstr "Fel vid läsning av data från TLS-uttag: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
 msgstr "Fel vid skrivning av data till TLS-uttag: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1572
-msgid "Connection is already closed"
-msgstr "Anslutningen är redan stängd"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1582
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "Fel vid genomförande av TLS-stängning: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Certifikatet har ingen privat nyckel"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Det har uppstått ett problem med certifikatet: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "Detta är sista försöket att ange PIN-koden korrekt innan kortet låses."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Det har uppstått ett problem med certifikatets privata nyckel: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid "
-"ytterligare felaktiga försök."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Detta är sista försöket att ange PIN-koden korrekt innan kortet låses."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid "
+#~ "ytterligare felaktiga försök."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Angiven PIN-kod är felaktig."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Angiven PIN-kod är felaktig."
+#~ msgid "Module"
+#~ msgstr "Modul"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modul"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11-modulpekare"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11-modulpekare"
+#~ msgid "Slot ID"
+#~ msgstr "Plats-id"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Plats-id"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11-platsidentifierare"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11-platsidentifierare"
+#~ msgid "Connection is already closed"
+#~ msgstr "Anslutningen är redan stängd"

diff --git a/po/tr.po b/po/tr.po
index 5b7d948..99a150a 100644 (file)
--- a/po/tr.po
+++ b/po/tr.po
@@ -5,153 +5,282 @@
 # Muhammed Eken <gnome@m-eken.com>, 2011.
 # Ozan Çağlayan <ozancag@gmail.com>, 2013.
 # Muhammet Kara <muhammetk@gmail.com>, 2011, 2012, 2013.
+# Furkan Tokaç <developmentft@gmail.com>, 2017.
+# Emin Tufan Çetin <etcetin@gmail.com>, 2017-2019.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-04-03 16:39+0000\n"
-"PO-Revision-Date: 2013-04-08 12:09+0300\n"
-"Last-Translator: Muhammet Kara <muhammetk@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-03-02 02:19+0000\n"
+"PO-Revision-Date: 2019-03-02 09:36+0300\n"
+"Last-Translator: Emin Tufan Çetin <etcetin@gmail.com>\n"
 "Language-Team: Türkçe <gnome-turk@gnome.org>\n"
 "Language: tr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Gtranslator 2.91.5\n"
+"Plural-Forms: nplurals=1; plural=0\n"
+"X-Generator: Gtranslator 3.30.1\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
-msgstr "Proxy çözücü iç hatası."
+msgstr "Vekil çözücü iç hatası."
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "Bağlantı kapalı"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "Bloke eden işlem"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "Sunucu, TLS sertifikası istedi"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "DER sertifikası ayrıştırılamadı: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "PEM sertifikası ayrıştırılamadı: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "DER özel anahtarı ayrıştırılamadı: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "PEM özel anahtarı ayrıştırılamadı: %s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "Sertifika verisi sağlanmadı"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "Sunucu TLS sertifikası talep etti"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:536
+#: tls/openssl/gtlsserverconnection-openssl.c:425
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "TLS bağlantısı oluşturulamadı: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "Bağlantı kapalı"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/gnutls/gtlsconnection-gnutls.c:811
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS el sıkışması sırasında engelleme işlemi gerçekleştirilemez"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
-msgid "Operation would block"
-msgstr "Bloke eden işlem"
+#: tls/gnutls/gtlsconnection-gnutls.c:874
+#: tls/gnutls/gtlsconnection-gnutls.c:1484
+msgid "Socket I/O timed out"
+msgstr "G/Ç yuvası zaman aşımına uğradı"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
-msgstr "Uç, TLS el sıkışmasını başaramadı"
+msgstr "Eş, TLS el sıkışmasını başaramadı"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1037
+#: tls/openssl/gtlsconnection-openssl.c:238
 msgid "Peer requested illegal TLS rehandshake"
-msgstr "Uç, kural dışı TLS el sıkışması talep etti"
+msgstr "Eş, kural dışı bir TLS yeniden el sıkışması istedi"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
 msgid "TLS connection closed unexpectedly"
-msgstr "TLS bağlantısı beklenmedik şekilde sonlandı"
+msgstr "TLS bağlantısı beklenmedik biçimde sonlandı"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: tls/gnutls/gtlsconnection-gnutls.c:1068
+#: tls/openssl/gtlsconnection-openssl.c:175
 msgid "TLS connection peer did not send a certificate"
-msgstr "TLS bağlantı ucu sertifika göndermedi"
+msgstr "TLS bağlantısı eşi sertifika göndermedi"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:2176
+#: tls/openssl/gtlsconnection-openssl.c:420
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Kabul edilemez bir TLS sertifikası"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Eş, ölümcül TLS uyarısı gönderdi: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: tls/gnutls/gtlsconnection-gnutls.c:1092
+msgid "Protocol version downgrade attack detected"
+msgstr "İletişim kuralı sürümünü düşürme saldırısı saptandı"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "İleti, DTLS bağlantısı için çok büyük; azami %u bayt"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1106
+msgid "The operation timed out"
+msgstr "İşlem zaman aşımına uğradı"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1997
+msgid "Peer does not support safe renegotiation"
+msgstr "Eş, güvenli yeniden anlaşmayı desteklemiyor"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2024
+#: tls/gnutls/gtlsconnection-gnutls.c:2074
+msgid "Error performing TLS handshake"
+msgstr "TLS el sıkışması sırasında hata"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2526
+#: tls/gnutls/gtlsconnection-gnutls.c:2618
+msgid "Error reading data from TLS socket"
+msgstr "TLS yuvasından veri okurken hata"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Bayrak alma desteklenmiyor"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2725
+#: tls/gnutls/gtlsconnection-gnutls.c:2797
+msgid "Error writing data to TLS socket"
+msgstr "TLS yuvasına veri yazarken hata"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "%lu bayt ileti boyutu DTLS bağlantısı için çok büyük"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(azami %u bayt)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Bayrak gönderme desteklenmiyor"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2931
+msgid "Error performing TLS close"
+msgstr "TLS kapatma işleminde hata"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Sistem güven deposu yüklenemedi: GnuTLS, bir sistem güveniyle "
+"yapılandırılmamış"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Sistem güven deposu yüklenemedi: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:91
+msgid "Certificate has no private key"
+msgstr "Sertifikanın özel anahtarı yok"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:417
+#: tls/openssl/gtlsclientconnection-openssl.c:483
+#: tls/openssl/gtlsserverconnection-openssl.c:305
+#: tls/openssl/gtlsserverconnection-openssl.c:365
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS bağlamı oluşturulamadı: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:183
+msgid "Digest too big for RSA key"
+msgstr "RSA anahtarı için çok büyük özet"
+
+#: tls/openssl/gtlsconnection-openssl.c:247
+#: tls/openssl/gtlsconnection-openssl.c:380
 #, c-format
 msgid "Error performing TLS handshake: %s"
 msgstr "TLS el sıkışması sırasında hata: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: tls/openssl/gtlsconnection-openssl.c:390
 msgid "Server did not return a valid TLS certificate"
 msgstr "Sunucu geçerli bir TLS sertifikası döndürmedi"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
-msgid "Unacceptable TLS certificate"
-msgstr "TLS sertifikası kabul edilemez"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: tls/openssl/gtlsconnection-openssl.c:504
 #, c-format
 msgid "Error reading data from TLS socket: %s"
-msgstr "TLS soketinden veri okurken hata: %s"
+msgstr "TLS yuvasından veri okurken hata: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: tls/openssl/gtlsconnection-openssl.c:530
 #, c-format
 msgid "Error writing data to TLS socket: %s"
-msgstr "TLS soketine veri yazarken hata: %s"
+msgstr "TLS yuvasına veri yazarken hata: %s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "Bağlantı zaten kapalı"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:556
 #, c-format
 msgid "Error performing TLS close: %s"
 msgstr "TLS kapatma işleminde hata: %s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Sertifikanın özel anahtarı yok"
+#: tls/openssl/gtlsserverconnection-openssl.c:102
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Sertifikada sorun var: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Bu, simge (token) kilitlenmeden önce PIN kodunu doğru girmeniz için son "
-"şanstır."
+#: tls/openssl/gtlsserverconnection-openssl.c:110
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Sertifika özel anahtarında sorun var: %s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr "PIN daha fazla yanlış girilirse simge (token) kilitlenecektir."
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Bu, jeton (token) kilitlenmeden önce PIN kodunu doğru girmeniz için son "
+#~ "şanstır."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "PIN daha çok yanlış girilirse jeton (token) kilitlenecektir."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Girilen PIN hatalı."
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Girilen PIN hatalı."
+#~ msgid "Module"
+#~ msgstr "Modül"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Modül"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Modül İşaretçisi"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 Modül İşaretçisi"
+#~ msgid "Slot ID"
+#~ msgstr "Yuva Kimliği"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Yuva Kimliği (Slot ID)"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Yuva Tanımlayıcısı"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 Yuva Tanımlayıcısı"
+#~ msgid "Connection is already closed"
+#~ msgstr "Bağlantı zaten kapalı"

diff --git a/po/zh_CN.po b/po/zh_CN.po
index a52961a..9345a9f 100644 (file)
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -1,154 +1,210 @@
 # Chinese (China) translation for glib-networking.
-# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
+# Copyright (C) 2011-2018 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
 # Funda Wang <fundawang@gmail.com>, 2011
 # YunQiang Su <wzssyqa@gmail.com>, 2012.
+# Mingcong Bai <jeffbai@aosc.xyz>, 2017.
+# Dingzhong Chen <wsxy162@@gmail.com>, 2018.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
 "product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-12-18 19:40+0000\n"
-"PO-Revision-Date: 2014-01-24 21:26+0800\n"
-"Last-Translator: YunQiang Su <wzssyqa@gmail.com>\n"
-"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
+"POT-Creation-Date: 2018-04-22 05:27+0000\n"
+"PO-Revision-Date: 2018-05-10 12:10-0500\n"
+"Last-Translator: Mingcong Bai <jeffbai@aosc.xyz>\n"
+"Language-Team: Chinese (China) <i18n-zh@googlegroups.com>\n"
 "Language: zh_CN\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bits\n"
+"Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Gtranslator 2.91.5\n"
+"X-Generator: Poedit 2.0.6\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "代理服务器解析器内部错误。"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:182
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "无法分析 DER 证书：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:203
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "无法分析 PEM 证书：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:234
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "无法分析 DER 私钥：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:265
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "无法分析 PEM 私钥：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:304
 msgid "No certificate data provided"
 msgstr "没有提供证书数据"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+#: tls/gnutls/gtlsclientconnection-gnutls.c:421
 msgid "Server required TLS certificate"
 msgstr "服务器需要 TLS 证书"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#: tls/gnutls/gtlsconnection-gnutls.c:396
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "无法创建 TLS 连接：%s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:531
+#: tls/gnutls/gtlsconnection-gnutls.c:709
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
 msgid "Connection is closed"
 msgstr "连接被关闭"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1461
+#: tls/gnutls/gtlsconnection-gnutls.c:784
+#: tls/gnutls/gtlsconnection-gnutls.c:2201
 msgid "Operation would block"
 msgstr "操作被阻塞"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:733
-#: ../tls/gnutls/gtlsconnection-gnutls.c:772
+#: tls/gnutls/gtlsconnection-gnutls.c:825
+#: tls/gnutls/gtlsconnection-gnutls.c:1412
+msgid "Socket I/O timed out"
+msgstr "套接字 I/O 超时"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:964
+#: tls/gnutls/gtlsconnection-gnutls.c:997
 msgid "Peer failed to perform TLS handshake"
 msgstr "执行 TLS 握手失败"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:751
+#: tls/gnutls/gtlsconnection-gnutls.c:982
 msgid "Peer requested illegal TLS rehandshake"
 msgstr "请求了无效的 TLS 再握手"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:778
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS 连接被异常关闭"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:788
-#| msgid "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1013
 msgid "TLS connection peer did not send a certificate"
 msgstr "TLS 连接的对方未发送证书"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1174
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1207
+#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "对方发送了致命 TLS 警报：%s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1027
 #, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "执行 TLS 握手时出错：%s"
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "消息对于 DTLS 连接太长；最大为 %u 字节"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1034
+msgid "The operation timed out"
+msgstr "操作超时"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1217
+#: tls/gnutls/gtlsconnection-gnutls.c:1820
+#: tls/gnutls/gtlsconnection-gnutls.c:1871
+msgid "Error performing TLS handshake"
+msgstr "执行 TLS 握手时出错"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1881
 msgid "Server did not return a valid TLS certificate"
 msgstr "服务器未返回有效的 TLS 证书"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1292
+#: tls/gnutls/gtlsconnection-gnutls.c:1963
 msgid "Unacceptable TLS certificate"
 msgstr "无法接受的 TLS 证书"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1495
+#: tls/gnutls/gtlsconnection-gnutls.c:2235
+#: tls/gnutls/gtlsconnection-gnutls.c:2327
+msgid "Error reading data from TLS socket"
+msgstr "从 TLS 套接字读取数据时出错"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2357
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "不支持接收标志"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2434
+#: tls/gnutls/gtlsconnection-gnutls.c:2506
+msgid "Error writing data to TLS socket"
+msgstr "向 TLS 套接字写入数据时出错"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2476
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "%lu 字节大小的消息对于 DTLS 连接太大了"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2478
 #, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "从 TLS 套接字读取数据时出错：%s"
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "（最大为 %u 字节）"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1524
+#: tls/gnutls/gtlsconnection-gnutls.c:2537
 #, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "向 TLS 套接字写入数据时出错：%s"
+msgid "Send flags are not supported"
+msgstr "不支持发送标志"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1568
-msgid "Connection is already closed"
-msgstr "连接已经关闭"
+#: tls/gnutls/gtlsconnection-gnutls.c:2640
+msgid "Error performing TLS close"
+msgstr "执行 TLS 关闭时出错"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1578
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr "无法载入系统信任存储：GnuTLS 未配置系统信任库"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
 #, c-format
-msgid "Error performing TLS close: %s"
-msgstr "æ\89§è¡\8c TLS å\85³é\97­æ\97¶å\87ºé\94\99：%s"
+msgid "Failed to load system trust store: %s"
+msgstr "æ\97 æ³\95è½½å\85¥ç³»ç»\9fä¿¡ä»»å­\98å\82¨：%s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:113
 msgid "Certificate has no private key"
 msgstr "证书没有私钥"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
 msgid ""
 "This is the last chance to enter the PIN correctly before the token is "
 "locked."
 msgstr "这是最后一次输入正确 PIN 的机会，之后令牌会锁定。"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
 msgid ""
 "Several PIN attempts have been incorrect, and the token will be locked after "
 "further failures."
 msgstr "几次 PIN 尝试都不正确，如果再出错令牌将会锁定。"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
 msgid "The PIN entered is incorrect."
 msgstr "输入的 PIN 不正确。"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:447
 msgid "Module"
 msgstr "模块"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:448
 msgid "PKCS#11 Module Pointer"
 msgstr "PKCS#11 模块指针"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:455
 msgid "Slot ID"
 msgstr "槽 ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:456
 msgid "PKCS#11 Slot Identifier"
 msgstr "PKCS#11 槽标识符"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "连接已经关闭"

diff --git a/po/zh_TW.po b/po/zh_TW.po
index a231471..75a14e5 100644 (file)
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -1,149 +1,269 @@
 # Chinese (Taiwan) translation for glib-networking.
 # Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
 # This file is distributed under the same license as the glib-networking package.
-# Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>, 2011.
 #
+# Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>, 2011.
+# pan93412 <pan93412@gmail.com>, 2019.
 msgid ""
 msgstr ""
 "Project-Id-Version: glib-networking 2.31.6\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-03-01 22:24+0800\n"
-"PO-Revision-Date: 2013-02-28 09:41+0800\n"
-"Last-Translator: Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>\n"
-"Language-Team: Chinese (Taiwan) <chinese-l10n@googlegroups.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"PO-Revision-Date: 2019-02-17 23:32+0800\n"
+"Last-Translator: pan93412 <pan93412@gmail.com>\n"
+"Language-Team: Chinese <zh-l10n@linux.org.tw>\n"
 "Language: zh_TW\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Lokalize 18.12.2\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
 
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:159
 msgid "Proxy resolver internal error."
 msgstr "代理伺服器解析器內部錯誤。"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
+#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
+#: tls/gnutls/gtlsinputstream-gnutls.c:78
+#: tls/gnutls/gtlsinputstream-gnutls.c:141
+#: tls/gnutls/gtlsoutputstream-gnutls.c:78
+#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgid "Connection is closed"
+msgstr "連線已關閉"
+
+#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
+msgid "Operation would block"
+msgstr "操作會阻擋"
+
+#: tls/base/gtlsconnection-base.c:809
+#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+msgid "Server required TLS certificate"
+msgstr "伺服器要求的 TLS 憑證"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:177
 #, c-format
 msgid "Could not parse DER certificate: %s"
 msgstr "無法解析 DER 編碼的憑證：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:197
 #, c-format
 msgid "Could not parse PEM certificate: %s"
 msgstr "無法解析 PEM 編碼的憑證：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:216
 #, c-format
 msgid "Could not parse DER private key: %s"
 msgstr "無法解析 DER 編碼的私鑰：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:235
 #, c-format
 msgid "Could not parse PEM private key: %s"
 msgstr "無法解析 PEM 編碼的私鑰：%s"
 
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:273
 msgid "No certificate data provided"
 msgstr "沒有提供憑證資料"
 
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
-msgid "Server required TLS certificate"
-msgstr "伺服器要求的 TLS 憑證"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: tls/gnutls/gtlsconnection-gnutls.c:405
+#: tls/openssl/gtlsclientconnection-openssl.c:537
+#: tls/openssl/gtlsserverconnection-openssl.c:401
 #, c-format
 msgid "Could not create TLS connection: %s"
 msgstr "無法建立 TLS 連線：%s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
-msgid "Connection is closed"
-msgstr "連線已關閉"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1419
-msgid "Operation would block"
-msgstr "操作會阻擋"
+#: tls/gnutls/gtlsconnection-gnutls.c:858
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+msgid "Socket I/O timed out"
+msgstr "I/O 接口逾時"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#: tls/openssl/gtlsconnection-openssl.c:150
 msgid "Peer failed to perform TLS handshake"
-msgstr "執行 TLS 交握對等失敗"
+msgstr "目標主機執行 TLS 交握時失敗"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: tls/gnutls/gtlsconnection-gnutls.c:1021
+#: tls/openssl/gtlsconnection-openssl.c:234
 msgid "Peer requested illegal TLS rehandshake"
-msgstr "對等要求了不合法的 TLS 重交握"
+msgstr "目標主機要求了不合法的 TLS 重新交握"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: tls/gnutls/gtlsconnection-gnutls.c:1042
 msgid "TLS connection closed unexpectedly"
 msgstr "TLS 連線無預警的關閉了"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:765
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
+#: tls/openssl/gtlsconnection-openssl.c:171
 msgid "TLS connection peer did not send a certificate"
-msgstr "TLS 連線對等點沒有傳回憑證"
+msgstr "TLS 連線目標主機沒有傳回憑證"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:2160
+#: tls/openssl/gtlsconnection-openssl.c:416
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "不接受的 TLS 憑證"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "目標主機送出了重大 TLS 警告：%s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1076
+msgid "Protocol version downgrade attack detected"
+msgstr "偵測到協定版本降級攻擊"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "對於 DTLS 來說，訊息太大；最大值為 %u 位元組"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+msgid "The operation timed out"
+msgstr "動作逾時"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1981
+msgid "Peer does not support safe renegotiation"
+msgstr "目標主機不支援 safe renegotiation"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2008
+#: tls/gnutls/gtlsconnection-gnutls.c:2058
+msgid "Error performing TLS handshake"
+msgstr "執行 TLS 交握時發生錯誤"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2510
+#: tls/gnutls/gtlsconnection-gnutls.c:2602
+msgid "Error reading data from TLS socket"
+msgstr "從 TLS socket 讀取資料時發生錯誤"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1146
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1165
+#: tls/gnutls/gtlsconnection-gnutls.c:2632
 #, c-format
+msgid "Receive flags are not supported"
+msgstr "接收旗標不被支援"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:2709
+#: tls/gnutls/gtlsconnection-gnutls.c:2781
+msgid "Error writing data to TLS socket"
+msgstr "寫入資料到 TLS socket 時發生錯誤"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "訊息大小 %lu 位元組對於 DTLS 連線來說太大"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "（最大值為 %u 位元組）"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#, c-format
+msgid "Send flags are not supported"
+msgstr "傳送旗標不被支援"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:2915
+msgid "Error performing TLS close"
+msgstr "執行 TLS 關閉時發生錯誤"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr "載入系統信任儲存區失敗：GnuTLS 沒透過系統信任設定"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "載入系統信任儲存區失敗：%s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgid "Certificate has no private key"
+msgstr "憑證沒有私鑰"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:486
+#: tls/openssl/gtlsserverconnection-openssl.c:292
+#, c-format
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS context: %s"
+msgstr "無法建立 TLS 上下文：%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:179
+msgid "Digest too big for RSA key"
+msgstr "RSA 金鑰的摘要過長"
+
+#: tls/openssl/gtlsconnection-openssl.c:243
+#: tls/openssl/gtlsconnection-openssl.c:376
+#, c-format
+#| msgid "Error performing TLS handshake"
 msgid "Error performing TLS handshake: %s"
 msgstr "執行 TLS 交握時發生錯誤：%s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1175
+#: tls/openssl/gtlsconnection-openssl.c:386
 msgid "Server did not return a valid TLS certificate"
 msgstr "伺服器沒有回傳有效的 TLS 憑證"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
-msgid "Unacceptable TLS certificate"
-msgstr "不接受的 TLS 憑證"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1442
+#: tls/openssl/gtlsconnection-openssl.c:500
 #, c-format
+#| msgid "Error reading data from TLS socket"
 msgid "Error reading data from TLS socket: %s"
 msgstr "從 TLS socket 讀取資料時發生錯誤：%s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1471
+#: tls/openssl/gtlsconnection-openssl.c:526
 #, c-format
+#| msgid "Error writing data to TLS socket"
 msgid "Error writing data to TLS socket: %s"
-msgstr "當寫入資料到 TLS socket 時發生錯誤：%s"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1515
-msgid "Connection is already closed"
-msgstr "連線已經關閉"
+msgstr "寫入資料到 TLS socket 時發生錯誤：%s"
 
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1525
+#: tls/openssl/gtlsconnection-openssl.c:552
 #, c-format
+#| msgid "Error performing TLS close"
 msgid "Error performing TLS close: %s"
 msgstr "執行 TLS 關閉時發生錯誤：%s"
 
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "憑證沒有私鑰"
+#: tls/openssl/gtlsserverconnection-openssl.c:335
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "憑證私鑰發現問題：%s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "這是在您的智慧卡被鎖定之前最後輸入正確 PIN 的機會。"
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "憑證發現問題：%s"
 
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr "發生多次 PIN 嘗試錯誤，智慧卡會在下次錯誤時被鎖定。"
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "這是在您的智慧卡被鎖定之前最後輸入正確 PIN 的機會。"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr "發生多次 PIN 嘗試錯誤，智慧卡會在下次錯誤時被鎖定。"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "輸入的 PIN 是不正確的。"
 
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "輸入的 PIN 是不正確的。"
+#~ msgid "Module"
+#~ msgstr "模組"
 
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "模組"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 模組指標"
 
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 模組指標"
+#~ msgid "Slot ID"
+#~ msgstr "插槽 ID"
 
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "插槽 ID"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 插槽識別符"
 
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 插槽識別符"
+#~ msgid "Connection is already closed"
+#~ msgstr "連線已經關閉"

diff --git a/proxy/gnome/Makefile.am b/proxy/gnome/Makefile.am
deleted file mode 100644 (file)
index 458a8a8..0000000
--- a/proxy/gnome/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-include $(top_srcdir)/glib-networking.mk
-
-giomodule_LTLIBRARIES = libgiognomeproxy.la
-
-libgiognomeproxy_la_SOURCES =          \
-       gproxyresolvergnome.c           \
-       gproxyresolvergnome.h           \
-       gnome-proxy-module.c            \
-       $(NULL)
-
-AM_CPPFLAGS += $(GSETTINGS_DESKTOP_SCHEMAS_CFLAGS)
-
-libgiognomeproxy_la_LDFLAGS = $(module_flags)
-libgiognomeproxy_la_LIBADD =           \
-       $(GLIB_LIBS)                    \
-       $(NULL)

diff --git a/proxy/gnome/gnome-proxy-module.c b/proxy/gnome/gnome-proxy-module.c
index f5f2469..b125810 100644 (file)
--- a/proxy/gnome/gnome-proxy-module.c
+++ b/proxy/gnome/gnome-proxy-module.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -24,8 +26,8 @@
 #include "gproxyresolvergnome.h"
 
 
-void
-g_io_module_load (GIOModule *module)
+G_MODULE_EXPORT void
+g_io_gnomeproxy_load (GIOModule *module)
 {
   gchar *locale_dir;
 #ifdef G_OS_WIN32
@@ -47,13 +49,13 @@ g_io_module_load (GIOModule *module)
   g_free (locale_dir);
 }
 
-void
-g_io_module_unload (GIOModule *module)
+G_MODULE_EXPORT void
+g_io_gnomeproxy_unload (GIOModule *module)
 {
 }
 
-gchar **
-g_io_module_query (void)
+G_MODULE_EXPORT gchar **
+g_io_gnomeproxy_query (void)
 {
   gchar *eps[] = {
     G_PROXY_RESOLVER_EXTENSION_POINT_NAME,

diff --git a/proxy/gnome/gproxyresolvergnome.c b/proxy/gnome/gproxyresolvergnome.c
index 0f5559f..50b63cd 100644 (file)
--- a/proxy/gnome/gproxyresolvergnome.c
+++ b/proxy/gnome/gproxyresolvergnome.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -82,10 +84,10 @@ static GProxyResolverInterface *g_proxy_resolver_gnome_parent_iface;
 static void g_proxy_resolver_gnome_iface_init (GProxyResolverInterface *iface);
 
 G_DEFINE_DYNAMIC_TYPE_EXTENDED (GProxyResolverGnome,
-                               g_proxy_resolver_gnome,
-                               G_TYPE_OBJECT, 0,
-                               G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_PROXY_RESOLVER,
-                                                              g_proxy_resolver_gnome_iface_init))
+                                g_proxy_resolver_gnome,
+                                G_TYPE_OBJECT, 0,
+                                G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_PROXY_RESOLVER,
+                                                               g_proxy_resolver_gnome_iface_init))
 
 static void
 g_proxy_resolver_gnome_class_finalize (GProxyResolverGnomeClass *klass)
@@ -94,8 +96,8 @@ g_proxy_resolver_gnome_class_finalize (GProxyResolverGnomeClass *klass)
 
 static void
 gsettings_changed (GSettings   *settings,
-                  const gchar *key,
-                  gpointer     user_data)
+                   const gchar *key,
+                   gpointer     user_data)
 {
   GProxyResolverGnome *resolver = user_data;
 
@@ -112,28 +114,28 @@ g_proxy_resolver_gnome_finalize (GObject *object)
   if (resolver->proxy_settings)
     {
       g_signal_handlers_disconnect_by_func (resolver->proxy_settings,
-                                           (gpointer)gsettings_changed,
-                                           resolver);
+                                            (gpointer)gsettings_changed,
+                                            resolver);
       g_object_unref (resolver->proxy_settings);
 
       g_signal_handlers_disconnect_by_func (resolver->http_settings,
-                                           (gpointer)gsettings_changed,
-                                           resolver);
+                                            (gpointer)gsettings_changed,
+                                            resolver);
       g_object_unref (resolver->http_settings);
 
       g_signal_handlers_disconnect_by_func (resolver->https_settings,
-                                           (gpointer)gsettings_changed,
-                                           resolver);
+                                            (gpointer)gsettings_changed,
+                                            resolver);
       g_object_unref (resolver->https_settings);
 
       g_signal_handlers_disconnect_by_func (resolver->ftp_settings,
-                                           (gpointer)gsettings_changed,
-                                           resolver);
+                                            (gpointer)gsettings_changed,
+                                            resolver);
       g_object_unref (resolver->ftp_settings);
 
       g_signal_handlers_disconnect_by_func (resolver->socks_settings,
-                                           (gpointer)gsettings_changed,
-                                           resolver);
+                                            (gpointer)gsettings_changed,
+                                            resolver);
       g_object_unref (resolver->socks_settings);
     }
 
@@ -156,23 +158,23 @@ g_proxy_resolver_gnome_init (GProxyResolverGnome *resolver)
 
   resolver->proxy_settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA);
   g_signal_connect (resolver->proxy_settings, "changed",
-                   G_CALLBACK (gsettings_changed), resolver);
+                    G_CALLBACK (gsettings_changed), resolver);
   resolver->http_settings = g_settings_get_child (resolver->proxy_settings,
                                                   GNOME_PROXY_HTTP_CHILD_SCHEMA);
   g_signal_connect (resolver->http_settings, "changed",
-                   G_CALLBACK (gsettings_changed), resolver);
+                    G_CALLBACK (gsettings_changed), resolver);
   resolver->https_settings = g_settings_get_child (resolver->proxy_settings,
                                                    GNOME_PROXY_HTTPS_CHILD_SCHEMA);
   g_signal_connect (resolver->https_settings, "changed",
-                   G_CALLBACK (gsettings_changed), resolver);
+                    G_CALLBACK (gsettings_changed), resolver);
   resolver->ftp_settings = g_settings_get_child (resolver->proxy_settings,
                                                  GNOME_PROXY_FTP_CHILD_SCHEMA);
   g_signal_connect (resolver->ftp_settings, "changed",
-                   G_CALLBACK (gsettings_changed), resolver);
+                    G_CALLBACK (gsettings_changed), resolver);
   resolver->socks_settings = g_settings_get_child (resolver->proxy_settings,
                                                    GNOME_PROXY_SOCKS_CHILD_SCHEMA);
   g_signal_connect (resolver->socks_settings, "changed",
-                   G_CALLBACK (gsettings_changed), resolver);
+                    G_CALLBACK (gsettings_changed), resolver);
 
   resolver->need_update = TRUE;
 }
@@ -204,20 +206,20 @@ update_settings (GProxyResolverGnome *resolver)
     {
       GError *error = NULL;
       resolver->pacrunner =
-       g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SESSION,
-                                      G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
-                                      G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
-                                      NULL,
-                                      "org.gtk.GLib.PACRunner",
-                                      "/org/gtk/GLib/PACRunner",
-                                      "org.gtk.GLib.PACRunner",
-                                      NULL, &error);
+        g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SESSION,
+                                       G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+                                       G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+                                       NULL,
+                                       "org.gtk.GLib.PACRunner",
+                                       "/org/gtk/GLib/PACRunner",
+                                       "org.gtk.GLib.PACRunner",
+                                       NULL, &error);
       if (error)
-       {
-         g_warning ("Could not start proxy autoconfiguration helper:"
-                    "\n    %s\nProxy autoconfiguration will not work",
-                    error->message);
-       }
+        {
+          g_warning ("Could not start proxy autoconfiguration helper:"
+                     "\n    %s\nProxy autoconfiguration will not work",
+                     error->message);
+        }
     }
   else if (resolver->mode != G_DESKTOP_PROXY_MODE_AUTO && resolver->pacrunner)
     {
@@ -247,29 +249,29 @@ update_settings (GProxyResolverGnome *resolver)
   if (host && *host)
     {
       if (g_settings_get_boolean (resolver->http_settings, GNOME_PROXY_HTTP_USE_AUTH_KEY))
-       {
-         gchar *user, *password;
-         gchar *enc_user, *enc_password;
-
-         user = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_USER_KEY);
-         enc_user = g_uri_escape_string (user, NULL, TRUE);
-         g_free (user);
-         password = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_PASSWORD_KEY);
-         enc_password = g_uri_escape_string (password, NULL, TRUE);
-         g_free (password);
-
-         http_proxy = g_strdup_printf ("http://%s:%s@%s:%u",
-                                       enc_user, enc_password,
-                                       host, port);
-         g_free (enc_user);
-         g_free (enc_password);
-       }
+        {
+          gchar *user, *password;
+          gchar *enc_user, *enc_password;
+
+          user = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_USER_KEY);
+          enc_user = g_uri_escape_string (user, NULL, TRUE);
+          g_free (user);
+          password = g_settings_get_string (resolver->http_settings, GNOME_PROXY_HTTP_PASSWORD_KEY);
+          enc_password = g_uri_escape_string (password, NULL, TRUE);
+          g_free (password);
+
+          http_proxy = g_strdup_printf ("http://%s:%s@%s:%u",
+                                        enc_user, enc_password,
+                                        host, port);
+          g_free (enc_user);
+          g_free (enc_password);
+        }
       else
-       http_proxy = g_strdup_printf ("http://%s:%u", host, port);
+        http_proxy = g_strdup_printf ("http://%s:%u", host, port);
 
       g_simple_proxy_resolver_set_uri_proxy (simple, "http", http_proxy);
       if (g_settings_get_boolean (resolver->proxy_settings, GNOME_PROXY_USE_SAME_PROXY_KEY))
-       g_simple_proxy_resolver_set_default_proxy (simple, http_proxy);
+        g_simple_proxy_resolver_set_default_proxy (simple, http_proxy);
     }
   else
     http_proxy = NULL;
@@ -313,17 +315,17 @@ update_settings (GProxyResolverGnome *resolver)
 static gboolean
 g_proxy_resolver_gnome_is_supported (GProxyResolver *object)
 {
-  const char *session;
+  const char *desktops;
 
-  if (g_getenv ("GNOME_DESKTOP_SESSION_ID"))
-    return TRUE;
-
-  session = g_getenv ("DESKTOP_SESSION");
-  if (session == NULL)
+  desktops = g_getenv ("XDG_CURRENT_DESKTOP");
+  if (desktops == NULL)
     return FALSE;
 
-  return g_str_has_prefix (session, "gnome") ||
-         strcmp (session, "ubuntu") == 0;
+  /* Remember that XDG_CURRENT_DESKTOP is a list of strings. Desktops that
+   * pretend to be GNOME and want to use our proxy settings will list
+   * themselves alongside GNOME. That's fine; they'll get our proxy settings.
+   */
+  return strstr (desktops, "GNOME") != NULL;
 }
 
 static inline gchar **
@@ -345,12 +347,12 @@ make_proxies (const gchar *proxy)
  */
 static gboolean
 g_proxy_resolver_gnome_lookup_internal (GProxyResolverGnome   *resolver,
-                                       const gchar           *uri,
-                                       gchar               ***out_proxies,
-                                       GDBusProxy           **out_pacrunner,
-                                       gchar                **out_autoconfig_url,
-                                       GCancellable          *cancellable,
-                                       GError               **error)
+                                        const gchar           *uri,
+                                        gchar               ***out_proxies,
+                                        GDBusProxy           **out_pacrunner,
+                                        gchar                **out_autoconfig_url,
+                                        GCancellable          *cancellable,
+                                        GError               **error)
 {
   gchar **proxies = NULL;
 
@@ -363,7 +365,7 @@ g_proxy_resolver_gnome_lookup_internal (GProxyResolverGnome   *resolver,
     update_settings (resolver);
 
   proxies = g_proxy_resolver_lookup (resolver->base_resolver,
-                                    uri, cancellable, error);
+                                     uri, cancellable, error);
   if (!proxies)
     goto done;
 
@@ -395,17 +397,17 @@ g_proxy_resolver_gnome_lookup_internal (GProxyResolverGnome   *resolver,
 
 static gchar **
 g_proxy_resolver_gnome_lookup (GProxyResolver  *proxy_resolver,
-                              const gchar     *uri,
-                              GCancellable    *cancellable,
-                              GError         **error)
+                               const gchar     *uri,
+                               GCancellable    *cancellable,
+                               GError         **error)
 {
   GProxyResolverGnome *resolver = G_PROXY_RESOLVER_GNOME (proxy_resolver);
   GDBusProxy *pacrunner;
   gchar **proxies, *autoconfig_url;
 
   if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri,
-                                              &proxies, &pacrunner, &autoconfig_url,
-                                              cancellable, error))
+                                               &proxies, &pacrunner, &autoconfig_url,
+                                               cancellable, error))
     return NULL;
 
   if (pacrunner)
@@ -413,20 +415,20 @@ g_proxy_resolver_gnome_lookup (GProxyResolver  *proxy_resolver,
       GVariant *vproxies;
 
       vproxies = g_dbus_proxy_call_sync (pacrunner,
-                                        "Lookup",
-                                        g_variant_new ("(ss)",
-                                                       autoconfig_url,
-                                                       uri),
-                                        G_DBUS_CALL_FLAGS_NONE,
-                                        -1,
-                                        cancellable, error);
+                                         "Lookup",
+                                         g_variant_new ("(ss)",
+                                                        autoconfig_url,
+                                                        uri),
+                                         G_DBUS_CALL_FLAGS_NONE,
+                                         -1,
+                                         cancellable, error);
       if (vproxies)
-       {
-         g_variant_get (vproxies, "(^as)", &proxies);
-         g_variant_unref (vproxies);
-       }
+        {
+          g_variant_get (vproxies, "(^as)", &proxies);
+          g_variant_unref (vproxies);
+        }
       else
-       proxies = NULL;
+        proxies = NULL;
 
       g_object_unref (pacrunner);
       g_free (autoconfig_url);
@@ -437,8 +439,8 @@ g_proxy_resolver_gnome_lookup (GProxyResolver  *proxy_resolver,
 
 static void
 got_autoconfig_proxies (GObject      *source,
-                       GAsyncResult *result,
-                       gpointer      user_data)
+                        GAsyncResult *result,
+                        gpointer      user_data)
 {
   GTask *task = user_data;
   GVariant *vproxies;
@@ -446,7 +448,7 @@ got_autoconfig_proxies (GObject      *source,
   GError *error = NULL;
 
   vproxies = g_dbus_proxy_call_finish (G_DBUS_PROXY (source),
-                                      result, &error);
+                                       result, &error);
   if (vproxies)
     {
       g_variant_get (vproxies, "(^as)", &proxies);
@@ -460,10 +462,10 @@ got_autoconfig_proxies (GObject      *source,
 
 static void
 g_proxy_resolver_gnome_lookup_async (GProxyResolver      *proxy_resolver,
-                                    const gchar         *uri,
-                                    GCancellable        *cancellable,
-                                    GAsyncReadyCallback  callback,
-                                    gpointer             user_data)
+                                     const gchar         *uri,
+                                     GCancellable        *cancellable,
+                                     GAsyncReadyCallback  callback,
+                                     gpointer             user_data)
 {
   GProxyResolverGnome *resolver = G_PROXY_RESOLVER_GNOME (proxy_resolver);
   GTask *task;
@@ -475,8 +477,8 @@ g_proxy_resolver_gnome_lookup_async (GProxyResolver      *proxy_resolver,
   g_task_set_source_tag (task, g_proxy_resolver_gnome_lookup_async);
 
    if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri,
-                                               &proxies, &pacrunner, &autoconfig_url,
-                                               cancellable, &error))
+                                                &proxies, &pacrunner, &autoconfig_url,
+                                                cancellable, &error))
      {
        g_task_return_error (task, error);
        g_object_unref (task);
@@ -490,23 +492,23 @@ g_proxy_resolver_gnome_lookup_async (GProxyResolver      *proxy_resolver,
      }
 
    g_dbus_proxy_call (pacrunner,
-                     "Lookup",
-                     g_variant_new ("(ss)",
-                                    autoconfig_url,
-                                    uri),
-                     G_DBUS_CALL_FLAGS_NONE,
-                     -1,
-                     cancellable,
-                     got_autoconfig_proxies,
-                     task);
+                      "Lookup",
+                      g_variant_new ("(ss)",
+                                     autoconfig_url,
+                                     uri),
+                      G_DBUS_CALL_FLAGS_NONE,
+                      -1,
+                      cancellable,
+                      got_autoconfig_proxies,
+                      task);
    g_object_unref (pacrunner);
    g_free (autoconfig_url);
 }
 
 static gchar **
 g_proxy_resolver_gnome_lookup_finish (GProxyResolver  *resolver,
-                                     GAsyncResult    *result,
-                                     GError         **error)
+                                      GAsyncResult    *result,
+                                      GError         **error)
 {
   g_return_val_if_fail (g_task_is_valid (result, resolver), NULL);
 
@@ -537,8 +539,10 @@ void
 g_proxy_resolver_gnome_register (GIOModule *module)
 {
   g_proxy_resolver_gnome_register_type (G_TYPE_MODULE (module));
+  if (module == NULL)
+    g_io_extension_point_register (G_PROXY_RESOLVER_EXTENSION_POINT_NAME);
   g_io_extension_point_implement (G_PROXY_RESOLVER_EXTENSION_POINT_NAME,
-                                 g_proxy_resolver_gnome_get_type(),
-                                 "gnome",
-                                 80);
+                                  g_proxy_resolver_gnome_get_type(),
+                                  "gnome",
+                                  80);
 }

diff --git a/proxy/gnome/gproxyresolvergnome.h b/proxy/gnome/gproxyresolvergnome.h
index 06dc20d..415d679 100644 (file)
--- a/proxy/gnome/gproxyresolvergnome.h
+++ b/proxy/gnome/gproxyresolvergnome.h
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,20 +28,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_PROXY_RESOLVER_GNOME         (g_proxy_resolver_gnome_get_type ())
-#define G_PROXY_RESOLVER_GNOME(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), G_TYPE_PROXY_RESOLVER_GNOME, GProxyResolverGnome))
-#define G_PROXY_RESOLVER_GNOME_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), G_TYPE_PROXY_RESOLVER_GNOME, GProxyResolverGnomeClass))
-#define G_IS_PROXY_RESOLVER_GNOME(o)        (G_TYPE_CHECK_INSTANCE_TYPE ((o), G_TYPE_PROXY_RESOLVER_GNOME))
-#define G_IS_PROXY_RESOLVER_GNOME_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), G_TYPE_PROXY_RESOLVER_GNOME))
-#define G_PROXY_RESOLVER_GNOME_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), G_TYPE_PROXY_RESOLVER_GNOME, GProxyResolverGnomeClass))
 
-typedef struct _GProxyResolverGnome       GProxyResolverGnome;
-typedef struct _GProxyResolverGnomeClass  GProxyResolverGnomeClass;
+G_DECLARE_FINAL_TYPE (GProxyResolverGnome, g_proxy_resolver_gnome, G, PROXY_RESOLVER_GNOME, GObject)
 
-struct _GProxyResolverGnomeClass {
-  GObjectClass parent_class;
-};
-
-GType g_proxy_resolver_gnome_get_type (void);
 void  g_proxy_resolver_gnome_register (GIOModule *module);
 
 G_END_DECLS

diff --git a/proxy/gnome/meson.build b/proxy/gnome/meson.build
new file mode 100644 (file)
index 0000000..278ca32
--- /dev/null
+++ b/proxy/gnome/meson.build
@@ -0,0 +1,35 @@
+sources = files(
+  'gproxyresolvergnome.c',
+  'gnome-proxy-module.c'
+)
+
+deps = [
+  gio_dep,
+  glib_dep,
+  gmodule_dep,
+  gobject_dep,
+  gsettings_desktop_schemas_dep
+]
+
+module = shared_module(
+  'giognomeproxy',
+  sources: sources,
+  include_directories: top_inc,
+  dependencies: deps,
+  link_args: module_ldflags,
+  link_depends: symbol_map,
+  name_suffix: module_suffix,
+  install: true,
+  install_dir: gio_module_dir
+)
+
+if get_option('static_modules')
+  static_library('giognomeproxy',
+    objects: module.extract_all_objects(),
+    install: true,
+    install_dir: gio_module_dir
+  )
+  pkg.generate(module)
+endif
+
+proxy_test_programs += [['gnome', deps]]

diff --git a/proxy/libproxy/Makefile.am b/proxy/libproxy/Makefile.am
deleted file mode 100644 (file)
index a386827..0000000
--- a/proxy/libproxy/Makefile.am
+++ /dev/null
@@ -1,52 +0,0 @@
-include $(top_srcdir)/glib-networking.mk
-
-AM_CPPFLAGS += $(LIBPROXY_CFLAGS)
-
-giomodule_LTLIBRARIES = libgiolibproxy.la
-
-libgiolibproxy_la_SOURCES =            \
-       glibproxyresolver.c             \
-       glibproxyresolver.h             \
-       libproxy-module.c               \
-       $(NULL)
-
-libgiolibproxy_la_CFLAGS = -DGLIBPROXY_MODULE
-libgiolibproxy_la_LDFLAGS = $(module_flags)
-libgiolibproxy_la_LIBADD =             \
-       $(GLIB_LIBS)                    \
-       $(LIBPROXY_LIBS)                \
-       $(NULL)
-
-libexec_PROGRAMS = glib-pacrunner
-
-glib_pacrunner_SOURCES =               \
-       glibproxyresolver.c             \
-       glibproxyresolver.h             \
-       glibpacrunner.c                 \
-       $(NULL)
-
-glib_pacrunner_CFLAGS = -DGLIBPROXY_PACRUNNER
-glib_pacrunner_LDADD =                 \
-       $(GLIB_LIBS)                    \
-       $(LIBPROXY_LIBS)                \
-       $(NULL)
-
-servicedir = $(datadir)/dbus-1/services
-service_in_files = org.gtk.GLib.PACRunner.service.in
-service_DATA = $(service_in_files:.service.in=.service)
-
-EXTRA_DIST += $(service_in_files)
-CLEANFILES += $(service_DATA)
-
-org.gtk.GLib.PACRunner.service: org.gtk.GLib.PACRunner.service.in Makefile
-       $(AM_V_GEN) sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
-
-systemd_userdir = $(prefix)/lib/systemd/user
-systemd_user_in_files = glib-pacrunner.service.in
-systemd_user_DATA = $(systemd_user_in_files:.service.in=.service)
-
-EXTRA_DIST += $(systemd_user_in_files)
-CLEANFILES += $(systemd_user_DATA)
-
-glib-pacrunner.service: glib-pacrunner.service.in Makefile
-       $(AM_V_GEN) sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@

diff --git a/proxy/libproxy/glibpacrunner.c b/proxy/libproxy/glibpacrunner.c
index 2b88a1d..c72304f 100644 (file)
--- a/proxy/libproxy/glibpacrunner.c
+++ b/proxy/libproxy/glibpacrunner.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2011 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -40,8 +42,8 @@ static GMainLoop *loop;
 
 static void
 got_proxies (GObject      *source,
-            GAsyncResult *result,
-            gpointer      user_data)
+             GAsyncResult *result,
+             gpointer      user_data)
 {
   GDBusMethodInvocation *invocation = user_data;
   gchar **proxies;
@@ -53,7 +55,7 @@ got_proxies (GObject      *source,
   else
     {
       g_dbus_method_invocation_return_value (invocation,
-                                            g_variant_new ("(^as)", proxies));
+                                             g_variant_new ("(^as)", proxies));
       g_strfreev (proxies);
     }
 }
@@ -83,7 +85,7 @@ handle_method_call (GDBusConnection       *connection,
     g_setenv ("http_proxy", "wpad://", TRUE);
 
   g_proxy_resolver_lookup_async (resolver, lookup_url,
-                                NULL, got_proxies, invocation);
+                                 NULL, got_proxies, invocation);
 }
 
 static const GDBusInterfaceVTable interface_vtable =
@@ -103,12 +105,12 @@ on_bus_acquired (GDBusConnection *connection,
 
   introspection_data = g_dbus_node_info_new_for_xml (introspection_xml, NULL);
   g_dbus_connection_register_object (connection,
-                                    "/org/gtk/GLib/PACRunner",
-                                    introspection_data->interfaces[0],
-                                    &interface_vtable,
-                                    NULL,
-                                    NULL,
-                                    &error);
+                                     "/org/gtk/GLib/PACRunner",
+                                     introspection_data->interfaces[0],
+                                     &interface_vtable,
+                                     NULL,
+                                     NULL,
+                                     &error);
   if (error)
     g_error ("Could not register server: %s", error->message);
 }
@@ -138,6 +140,10 @@ main (int argc, char *argv[])
   g_unsetenv ("DESKTOP_SESSION");
   g_unsetenv ("KDE_FULL_SESSION");
 
+  /* Unset variables that libproxy would look at if it were smarter, and which
+   * it might possibly look at in the future. Just covering our bases. */
+  g_unsetenv ("XDG_CURRENT_DESKTOP");
+
   /* Unset static proxy settings */
   g_unsetenv ("http_proxy");
   g_unsetenv ("HTTP_PROXY");

diff --git a/proxy/libproxy/glibproxyresolver.c b/proxy/libproxy/glibproxyresolver.c
index edbda64..402d5a3 100644 (file)
--- a/proxy/libproxy/glibproxyresolver.c
+++ b/proxy/libproxy/glibproxyresolver.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -30,7 +32,7 @@
 #include <glib.h>
 #include <glib/gi18n-lib.h>
 
-struct _GLibProxyResolver {
+struct _GLibproxyResolver {
   GObject parent_instance;
   pxProxyFactory *factory;
 };
@@ -39,27 +41,27 @@ static void g_libproxy_resolver_iface_init (GProxyResolverInterface *iface);
 
 #ifdef GLIBPROXY_MODULE
 static void
-g_libproxy_resolver_class_finalize (GLibProxyResolverClass *klass)
+g_libproxy_resolver_class_finalize (GLibproxyResolverClass *klass)
 {
 }
 
-G_DEFINE_DYNAMIC_TYPE_EXTENDED (GLibProxyResolver,
-                               g_libproxy_resolver,
-                               G_TYPE_OBJECT, 0,
-                               G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_PROXY_RESOLVER,
-                                                              g_libproxy_resolver_iface_init))
+G_DEFINE_DYNAMIC_TYPE_EXTENDED (GLibproxyResolver,
+                                g_libproxy_resolver,
+                                G_TYPE_OBJECT, 0,
+                                G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_PROXY_RESOLVER,
+                                                               g_libproxy_resolver_iface_init))
 #else
-G_DEFINE_TYPE_EXTENDED (GLibProxyResolver,
-                       g_libproxy_resolver,
-                       G_TYPE_OBJECT, 0,
-                       G_IMPLEMENT_INTERFACE (G_TYPE_PROXY_RESOLVER,
-                                              g_libproxy_resolver_iface_init))
+G_DEFINE_TYPE_EXTENDED (GLibproxyResolver,
+                        g_libproxy_resolver,
+                        G_TYPE_OBJECT, 0,
+                        G_IMPLEMENT_INTERFACE (G_TYPE_PROXY_RESOLVER,
+                                               g_libproxy_resolver_iface_init))
 #endif
 
 static void
 g_libproxy_resolver_finalize (GObject *object)
 {
-  GLibProxyResolver *resolver = G_LIBPROXY_RESOLVER (object);
+  GLibproxyResolver *resolver = G_LIBPROXY_RESOLVER (object);
   
   if (resolver->factory)
     {
@@ -72,7 +74,7 @@ g_libproxy_resolver_finalize (GObject *object)
 }
 
 static void
-g_libproxy_resolver_init (GLibProxyResolver *resolver)
+g_libproxy_resolver_init (GLibproxyResolver *resolver)
 {
   resolver->factory = px_proxy_factory_new ();
 }
@@ -80,7 +82,7 @@ g_libproxy_resolver_init (GLibProxyResolver *resolver)
 static gboolean
 g_libproxy_resolver_is_supported (GProxyResolver *object)
 {
-  GLibProxyResolver *resolver = G_LIBPROXY_RESOLVER (object);
+  GLibproxyResolver *resolver = G_LIBPROXY_RESOLVER (object);
   return resolver->factory != NULL;
 }
 
@@ -130,11 +132,11 @@ free_libproxy_proxies (gchar **proxies)
 
 static void
 get_libproxy_proxies (GTask        *task,
-                     gpointer      source_object,
-                     gpointer      task_data,
-                     GCancellable *cancellable)
+                      gpointer      source_object,
+                      gpointer      task_data,
+                      GCancellable *cancellable)
 {
-  GLibProxyResolver *resolver = source_object;
+  GLibproxyResolver *resolver = source_object;
   const gchar *uri = task_data;
   GError *error = NULL;
   gchar **proxies;
@@ -154,18 +156,18 @@ get_libproxy_proxies (GTask        *task,
   else
     {
       g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                          _("Proxy resolver internal error."));
+                           _("Proxy resolver internal error."));
       g_task_return_error (task, error);
     }
 }
 
 static gchar **
 g_libproxy_resolver_lookup (GProxyResolver  *iresolver,
-                           const gchar     *uri,
-                           GCancellable    *cancellable,
-                           GError         **error)
+                            const gchar     *uri,
+                            GCancellable    *cancellable,
+                            GError         **error)
 {
-  GLibProxyResolver *resolver = G_LIBPROXY_RESOLVER (iresolver);
+  GLibproxyResolver *resolver = G_LIBPROXY_RESOLVER (iresolver);
   GTask *task;
   gchar **proxies;
 
@@ -183,10 +185,10 @@ g_libproxy_resolver_lookup (GProxyResolver  *iresolver,
 
 static void
 g_libproxy_resolver_lookup_async (GProxyResolver      *resolver,
-                                 const gchar         *uri,
-                                 GCancellable        *cancellable,
-                                 GAsyncReadyCallback  callback,
-                                 gpointer             user_data)
+                                  const gchar         *uri,
+                                  GCancellable        *cancellable,
+                                  GAsyncReadyCallback  callback,
+                                  gpointer             user_data)
 {
   GTask *task;
 
@@ -200,8 +202,8 @@ g_libproxy_resolver_lookup_async (GProxyResolver      *resolver,
 
 static gchar **
 g_libproxy_resolver_lookup_finish (GProxyResolver     *resolver,
-                                  GAsyncResult       *result,
-                                  GError            **error)
+                                   GAsyncResult       *result,
+                                   GError            **error)
 {
   g_return_val_if_fail (g_task_is_valid (result, resolver), NULL);
 
@@ -209,7 +211,7 @@ g_libproxy_resolver_lookup_finish (GProxyResolver     *resolver,
 }
 
 static void
-g_libproxy_resolver_class_init (GLibProxyResolverClass *resolver_class)
+g_libproxy_resolver_class_init (GLibproxyResolverClass *resolver_class)
 {
   GObjectClass *object_class;
   
@@ -231,9 +233,11 @@ void
 g_libproxy_resolver_register (GIOModule *module)
 {
   g_libproxy_resolver_register_type (G_TYPE_MODULE (module));
+  if (module == NULL)
+    g_io_extension_point_register (G_PROXY_RESOLVER_EXTENSION_POINT_NAME);
   g_io_extension_point_implement (G_PROXY_RESOLVER_EXTENSION_POINT_NAME,
-                                 g_libproxy_resolver_get_type(),
-                                 "libproxy",
-                                 0);
+                                  g_libproxy_resolver_get_type(),
+                                  "libproxy",
+                                  0);
 }
 #endif

diff --git a/proxy/libproxy/glibproxyresolver.h b/proxy/libproxy/glibproxyresolver.h
index 53e1bc9..bbb9315 100644 (file)
--- a/proxy/libproxy/glibproxyresolver.h
+++ b/proxy/libproxy/glibproxyresolver.h
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -28,20 +30,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_LIBPROXY_RESOLVER         (g_libproxy_resolver_get_type ())
-#define G_LIBPROXY_RESOLVER(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), G_TYPE_LIBPROXY_RESOLVER, GLibProxyResolver))
-#define G_LIBPROXY_RESOLVER_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), G_TYPE_LIBPROXY_RESOLVER, GLibProxyResolverClass))
-#define G_IS_LIBPROXY_RESOLVER(o)        (G_TYPE_CHECK_INSTANCE_TYPE ((o), G_TYPE_LIBPROXY_RESOLVER))
-#define G_IS_LIBPROXY_RESOLVER_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), G_TYPE_LIBPROXY_RESOLVER))
-#define G_LIBPROXY_RESOLVER_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), G_TYPE_LIBPROXY_RESOLVER, GLibProxyResolverClass))
 
-typedef struct _GLibProxyResolver       GLibProxyResolver;
-typedef struct _GLibProxyResolverClass  GLibProxyResolverClass;
+G_DECLARE_FINAL_TYPE (GLibproxyResolver, g_libproxy_resolver, G, LIBPROXY_RESOLVER, GObject)
 
-struct _GLibProxyResolverClass {
-  GObjectClass parent_class;
-};
-
-GType g_libproxy_resolver_get_type (void);
 void  g_libproxy_resolver_register (GIOModule *module);
 
 G_END_DECLS

diff --git a/proxy/libproxy/libproxy-module.c b/proxy/libproxy/libproxy-module.c
index 11f36f1..8fcaf9e 100644 (file)
--- a/proxy/libproxy/libproxy-module.c
+++ b/proxy/libproxy/libproxy-module.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -27,7 +29,7 @@
 
 
 void
-g_io_module_load (GIOModule *module)
+g_io_libproxy_load (GIOModule *module)
 {
   gchar *locale_dir;
 #ifdef G_OS_WIN32
@@ -50,12 +52,12 @@ g_io_module_load (GIOModule *module)
 }
 
 void
-g_io_module_unload (GIOModule *module)
+g_io_libproxy_unload (GIOModule *module)
 {
 }
 
 gchar **
-g_io_module_query (void)
+g_io_libproxy_query (void)
 {
   gchar *eps[] = {
     G_PROXY_RESOLVER_EXTENSION_POINT_NAME,

diff --git a/proxy/libproxy/meson.build b/proxy/libproxy/meson.build
new file mode 100644 (file)
index 0000000..e459bc1
--- /dev/null
+++ b/proxy/libproxy/meson.build
@@ -0,0 +1,74 @@
+service_conf = configuration_data()
+service_conf.set('libexecdir', libexecdir)
+
+service = 'org.gtk.GLib.PACRunner.service'
+
+configure_file(
+  input: service + '.in',
+  output: service,
+  install: true,
+  install_dir: join_paths(datadir, 'dbus-1', 'services'),
+  configuration: service_conf
+)
+
+service = 'glib-pacrunner.service'
+
+configure_file(
+  input: service + '.in',
+  output: service,
+  install: true,
+  install_dir: join_paths('lib', 'systemd', 'user'),
+  configuration: service_conf
+)
+
+sources = files(
+  'glibproxyresolver.c',
+  'libproxy-module.c'
+)
+
+deps = [
+  gio_dep,
+  glib_dep,
+  gmodule_dep,
+  gobject_dep,
+  libproxy_dep
+]
+
+module = shared_module(
+  'giolibproxy',
+  sources: sources,
+  include_directories: top_inc,
+  dependencies: deps,
+  c_args: '-DGLIBPROXY_MODULE',
+  link_args: module_ldflags,
+  link_depends: symbol_map,
+  name_suffix: module_suffix,
+  install: true,
+  install_dir: gio_module_dir
+)
+
+if get_option('static_modules')
+  static_library('giolibproxy',
+    objects: module.extract_all_objects(),
+    install: true,
+    install_dir: gio_module_dir
+  )
+  pkg.generate(module)
+endif
+
+sources = files(
+  'glibproxyresolver.c',
+  'glibpacrunner.c'
+)
+
+executable(
+  'glib-pacrunner',
+  sources,
+  include_directories: top_inc,
+  dependencies: deps,
+  c_args: '-DGLIBPROXY_PACRUNNER',
+  install: true,
+  install_dir: libexecdir
+)
+
+proxy_test_programs += [['libproxy', deps]]

diff --git a/proxy/tests/Makefile.am b/proxy/tests/Makefile.am
deleted file mode 100644 (file)
index 8155bce..0000000
--- a/proxy/tests/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-include $(top_srcdir)/glib-networking.mk
-
-AM_CPPFLAGS +=                                 \
-       $(GSETTINGS_DESKTOP_SCHEMAS_CFLAGS)     \
-       -I$(top_srcdir)/proxy                   \
-       -DSRCDIR=\""$(srcdir)"\"                \
-       -DTOP_BUILDDIR=\""$(top_builddir)"\"
-
-LDADD  = \
-       $(GLIB_LIBS)
-
-test_programs =
-
-if HAVE_GNOME_PROXY
-test_programs += gnome
-endif
-
-if HAVE_LIBPROXY
-test_programs += libproxy
-endif
-
-EXTRA_DIST += common.c

diff --git a/proxy/tests/common.c b/proxy/tests/common.c
index 23ebb20..cbeface 100644 (file)
--- a/proxy/tests/common.c
+++ b/proxy/tests/common.c
@@ -1,11 +1,13 @@
-/* GProxyResolver tests
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GProxyResolver tests
  *
  * Copyright 2011-2013 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -118,51 +120,51 @@ static const struct {
   const char *proxy;
   gboolean libproxy_fails;
 } ignore_tests[] = {
-  { "http://aaa.xx/",                   "http://localhost:8080" },
-  { "http://aaa.xx:8000/",              "http://localhost:8080" },
-  { "http://www.aaa.xx/",               "http://localhost:8080" },
-  { "http://www.aaa.xx:8000/",          "http://localhost:8080" },
-  { "https://aaa.xx/",                  "http://localhost:8080" },
-  { "http://bbb.xx/",                   "direct://", TRUE },
-  { "http://www.bbb.xx/",               "direct://" },
-  { "http://bbb.xx:8000/",              "direct://", TRUE },
-  { "http://www.bbb.xx:8000/",          "direct://" },
-  { "https://bbb.xx/",                  "direct://", TRUE },
+  { "http://aaa.xx/",                   "http://localhost:8080" },
+  { "http://aaa.xx:8000/",              "http://localhost:8080" },
+  { "http://www.aaa.xx/",               "http://localhost:8080" },
+  { "http://www.aaa.xx:8000/",          "http://localhost:8080" },
+  { "https://aaa.xx/",                  "http://localhost:8080" },
+  { "http://bbb.xx/",                   "direct://", TRUE },
+  { "http://www.bbb.xx/",               "direct://" },
+  { "http://bbb.xx:8000/",              "direct://", TRUE },
+  { "http://www.bbb.xx:8000/",          "direct://" },
+  { "https://bbb.xx/",                  "direct://", TRUE },
   { "http://nobbb.xx/",          "http://localhost:8080" },
   { "http://www.nobbb.xx/",      "http://localhost:8080" },
   { "http://nobbb.xx:8000/",     "http://localhost:8080" },
   { "http://www.nobbb.xx:8000/", "http://localhost:8080" },
   { "https://nobbb.xx/",         "http://localhost:8080" },
-  { "http://ccc.xx/",                   "direct://", TRUE },
-  { "http://www.ccc.xx/",               "direct://" },
-  { "http://ccc.xx:8000/",              "direct://", TRUE },
-  { "http://www.ccc.xx:8000/",          "direct://" },
-  { "https://ccc.xx/",                  "direct://", TRUE },
-  { "http://ddd.xx/",                   "direct://" },
-  { "http://ddd.xx:8000/",              "direct://" },
-  { "http://www.ddd.xx/",               "direct://", TRUE },
-  { "http://www.ddd.xx:8000/",          "direct://", TRUE },
-  { "https://ddd.xx/",                  "direct://" },
-  { "http://eee.xx/",                   "http://localhost:8080", TRUE },
-  { "http://eee.xx:8000/",              "direct://", TRUE },
-  { "http://www.eee.xx/",               "http://localhost:8080" },
-  { "http://www.eee.xx:8000/",          "direct://" },
-  { "https://eee.xx/",                  "http://localhost:8080", TRUE },
-  { "http://1.2.3.4/",                  "http://localhost:8080" },
-  { "http://127.0.0.1/",                "direct://" },
-  { "http://127.0.0.2/",                "direct://" },
-  { "http://127.0.0.255/",              "direct://" },
-  { "http://127.0.1.0/",                "http://localhost:8080" },
-  { "http://10.0.0.1/",                 "http://localhost:8080" },
-  { "http://10.0.0.1:8000/",            "direct://" },
-  { "http://[::1]/",                    "direct://", TRUE },
-  { "http://[::1]:80/",                 "direct://", TRUE },
-  { "http://[::1:1]/",                  "http://localhost:8080" },
-  { "http://[::1:1]:80/",               "http://localhost:8080" },
-  { "http://[fe80::1]/",                "direct://", TRUE },
-  { "http://[fe80::1]:80/",             "direct://", TRUE },
-  { "http://[fec0::1]/",                "http://localhost:8080" },
-  { "http://[fec0::1]:80/",             "http://localhost:8080" }
+  { "http://ccc.xx/",                   "direct://", TRUE },
+  { "http://www.ccc.xx/",               "direct://" },
+  { "http://ccc.xx:8000/",              "direct://", TRUE },
+  { "http://www.ccc.xx:8000/",          "direct://" },
+  { "https://ccc.xx/",                  "direct://", TRUE },
+  { "http://ddd.xx/",                   "direct://" },
+  { "http://ddd.xx:8000/",              "direct://" },
+  { "http://www.ddd.xx/",               "direct://", TRUE },
+  { "http://www.ddd.xx:8000/",          "direct://", TRUE },
+  { "https://ddd.xx/",                  "direct://" },
+  { "http://eee.xx/",                   "http://localhost:8080", TRUE },
+  { "http://eee.xx:8000/",              "direct://", TRUE },
+  { "http://www.eee.xx/",               "http://localhost:8080" },
+  { "http://www.eee.xx:8000/",          "direct://" },
+  { "https://eee.xx/",                  "http://localhost:8080", TRUE },
+  { "http://1.2.3.4/",                  "http://localhost:8080" },
+  { "http://127.0.0.1/",                "direct://" },
+  { "http://127.0.0.2/",                "direct://" },
+  { "http://127.0.0.255/",              "direct://" },
+  { "http://127.0.1.0/",                "http://localhost:8080" },
+  { "http://10.0.0.1/",                 "http://localhost:8080" },
+  { "http://10.0.0.1:8000/",            "direct://" },
+  { "http://[::1]/",                    "direct://", TRUE },
+  { "http://[::1]:80/",                 "direct://", TRUE },
+  { "http://[::1:1]/",                  "http://localhost:8080" },
+  { "http://[::1:1]:80/",               "http://localhost:8080" },
+  { "http://[fe80::1]/",                "direct://", TRUE },
+  { "http://[fe80::1]:80/",             "direct://", TRUE },
+  { "http://[fec0::1]/",                "http://localhost:8080" },
+  { "http://[fec0::1]:80/",             "http://localhost:8080" }
 };
 static const int n_ignore_tests = G_N_ELEMENTS (ignore_tests);
 
@@ -179,13 +181,13 @@ test_proxy_ignore_common (gboolean is_libproxy)
   for (i = 0; i < n_ignore_tests; i++)
     {
       proxies = g_proxy_resolver_lookup (resolver, ignore_tests[i].uri,
-                                        NULL, &error);
+                                         NULL, &error);
       g_assert_no_error (error);
 
       if (is_libproxy && ignore_tests[i].libproxy_fails)
-       g_assert_cmpstr (proxies[0], ==, "http://localhost:8080");
+        g_assert_cmpstr (proxies[0], ==, "http://localhost:8080");
       else
-       g_assert_cmpstr (proxies[0], ==, ignore_tests[i].proxy);
+        g_assert_cmpstr (proxies[0], ==, ignore_tests[i].proxy);
 
       g_strfreev (proxies);
     }

diff --git a/proxy/tests/gnome.c b/proxy/tests/gnome.c
index 578ac49..f76b094 100644 (file)
--- a/proxy/tests/gnome.c
+++ b/proxy/tests/gnome.c
@@ -1,11 +1,13 @@
-/* GProxyResolverGnome tests
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GProxyResolverGnome tests
  *
  * Copyright 2011 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -49,7 +51,7 @@
 
 static void
 reset_proxy_settings (gpointer      fixture,
-                     gconstpointer user_data)
+                      gconstpointer user_data)
 {
   GSettings *settings, *child;
 
@@ -82,7 +84,7 @@ reset_proxy_settings (gpointer      fixture,
 
 static void
 test_proxy_uri (gpointer      fixture,
-               gconstpointer user_data)
+                gconstpointer user_data)
 {
   GSettings *settings, *child;
 
@@ -112,7 +114,7 @@ test_proxy_uri (gpointer      fixture,
 
 static void
 test_proxy_socks (gpointer      fixture,
-                 gconstpointer user_data)
+                  gconstpointer user_data)
 {
   GSettings *settings, *child;
   const gchar *ignore_hosts[2] = { "127.0.0.1", NULL };
@@ -120,7 +122,7 @@ test_proxy_socks (gpointer      fixture,
   settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA);
   g_settings_set_enum (settings, GNOME_PROXY_MODE_KEY, G_DESKTOP_PROXY_MODE_MANUAL);
   g_settings_set (settings, GNOME_PROXY_IGNORE_HOSTS_KEY,
-                 "@as", g_variant_new_strv (ignore_hosts, -1));
+                  "@as", g_variant_new_strv (ignore_hosts, -1));
 
   child = g_settings_get_child (settings, GNOME_PROXY_SOCKS_CHILD_SCHEMA);
   g_settings_set_string (child, GNOME_PROXY_SOCKS_HOST_KEY, "proxy.example.com");
@@ -133,14 +135,14 @@ test_proxy_socks (gpointer      fixture,
 
 static void
 test_proxy_ignore (gpointer      fixture,
-                  gconstpointer user_data)
+                   gconstpointer user_data)
 {
   GSettings *settings, *http;
 
   settings = g_settings_new (GNOME_PROXY_SETTINGS_SCHEMA);
   g_settings_set_enum (settings, GNOME_PROXY_MODE_KEY, G_DESKTOP_PROXY_MODE_MANUAL);
   g_settings_set (settings, GNOME_PROXY_IGNORE_HOSTS_KEY,
-                 "@as", g_variant_new_strv (ignore_hosts, n_ignore_hosts));
+                  "@as", g_variant_new_strv (ignore_hosts, n_ignore_hosts));
 
   http = g_settings_get_child (settings, GNOME_PROXY_HTTP_CHILD_SCHEMA);
   g_settings_set_string (http, GNOME_PROXY_HTTP_HOST_KEY, "localhost");
@@ -158,17 +160,16 @@ main (int   argc,
 {
   g_test_init (&argc, &argv, NULL);
 
-  g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/proxy/gnome/.libs", TRUE);
   g_setenv ("GIO_USE_PROXY_RESOLVER", "gnome", TRUE);
   g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
-  g_setenv ("DESKTOP_SESSION", "gnome", TRUE);
+  g_setenv ("XDG_CURRENT_DESKTOP", "GNOME", TRUE);
 
   g_test_add_vtable ("/proxy/gnome/uri", 0, NULL,
-                    reset_proxy_settings, test_proxy_uri, NULL);
+                     reset_proxy_settings, test_proxy_uri, NULL);
   g_test_add_vtable ("/proxy/gnome/socks", 0, NULL,
-                    reset_proxy_settings, test_proxy_socks, NULL);
+                     reset_proxy_settings, test_proxy_socks, NULL);
   g_test_add_vtable ("/proxy/gnome/ignore", 0, NULL,
-                    reset_proxy_settings, test_proxy_ignore, NULL);
+                     reset_proxy_settings, test_proxy_ignore, NULL);
 
   return g_test_run();
 }

diff --git a/proxy/tests/libproxy.c b/proxy/tests/libproxy.c
index f46c27c..e92ca81 100644 (file)
--- a/proxy/tests/libproxy.c
+++ b/proxy/tests/libproxy.c
@@ -1,11 +1,13 @@
-/* GLibProxyResolver tests
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GLibProxyResolver tests
  *
  * Copyright 2011-2013 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,7 +25,7 @@
 
 static void
 reset_proxy_settings (gpointer      fixture,
-                     gconstpointer user_data)
+                      gconstpointer user_data)
 {
   g_unsetenv ("http_proxy");
   g_unsetenv ("HTTP_PROXY");
@@ -37,7 +39,7 @@ reset_proxy_settings (gpointer      fixture,
 
 static void
 test_proxy_uri (gpointer      fixture,
-               gconstpointer user_data)
+                gconstpointer user_data)
 {
   g_setenv ("http_proxy", "http://proxy.example.com:8080", TRUE);
   g_setenv ("https_proxy", "http://proxy-s.example.com:7070", TRUE);
@@ -48,7 +50,7 @@ test_proxy_uri (gpointer      fixture,
 
 static void
 test_proxy_socks (gpointer      fixture,
-                 gconstpointer user_data)
+                  gconstpointer user_data)
 {
   g_setenv ("http_proxy", "socks://proxy.example.com:1234", TRUE);
   g_setenv ("no_proxy", "127.0.0.1", TRUE);
@@ -58,9 +60,9 @@ test_proxy_socks (gpointer      fixture,
 
 static void
 test_proxy_ignore (gpointer      fixture,
-                  gconstpointer user_data)
+                   gconstpointer user_data)
 {
-  gchar *no_proxy = g_strjoinv (",", (gchar **) ignore_hosts);
+  gchar *no_proxy = g_strjoinv (",", (gchar **)ignore_hosts);
 
   g_setenv ("http_proxy", "http://localhost:8080", TRUE);
   g_setenv ("no_proxy", no_proxy, TRUE);
@@ -80,15 +82,12 @@ main (int   argc,
   g_unsetenv ("DESKTOP_SESSION");
   g_unsetenv ("KDE_FULL_SESSION");
 
-  /* Use the just-built libproxy module */
-  g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/proxy/libproxy/.libs", TRUE);
-
   g_test_add_vtable ("/proxy/libproxy/uri", 0, NULL,
-                    reset_proxy_settings, test_proxy_uri, NULL);
+                     reset_proxy_settings, test_proxy_uri, NULL);
   g_test_add_vtable ("/proxy/libproxy/socks", 0, NULL,
-                    reset_proxy_settings, test_proxy_socks, NULL);
+                     reset_proxy_settings, test_proxy_socks, NULL);
   g_test_add_vtable ("/proxy/libproxy/ignore", 0, NULL,
-                    reset_proxy_settings, test_proxy_ignore, NULL);
+                     reset_proxy_settings, test_proxy_ignore, NULL);
 
   return g_test_run();
 }

diff --git a/proxy/tests/meson.build b/proxy/tests/meson.build
new file mode 100644 (file)
index 0000000..4e0079f
--- /dev/null
+++ b/proxy/tests/meson.build
@@ -0,0 +1,41 @@
+cflags = [
+  '-DSRCDIR="@0@"'.format(meson.current_source_dir()),
+  '-DTOP_BUILDDIR="@0@"'.format(meson.build_root())
+]
+
+foreach program: proxy_test_programs
+  test_conf = configuration_data()
+  test_conf.set('installed_tests_dir', installed_tests_execdir)
+  test_conf.set('program', program[0])
+
+  if enable_installed_tests
+    configure_file(
+      input: test_template,
+      output: program[0] + '.test',
+      install_dir: installed_tests_metadir,
+      configuration: test_conf
+    )
+  endif
+
+  exe = executable(
+    program[0],
+    program[0] + '.c',
+    include_directories: top_inc,
+    dependencies: program[1],
+    c_args: cflags,
+    install: enable_installed_tests,
+    install_dir: installed_tests_execdir
+  )
+
+  envs = [
+    'G_TEST_SRCDIR=' + meson.current_source_dir(),
+    'G_TEST_BUILDDIR=' + meson.current_build_dir(),
+    'GIO_MODULE_DIR=' + join_paths(meson.build_root(), 'proxy', program[0])
+  ]
+
+  test(
+    program[0],
+    exe,
+    env: envs
+  )
+endforeach

diff --git a/tap-driver.sh b/tap-driver.sh
deleted file mode 100755 (executable)
index 19aa531..0000000
--- a/tap-driver.sh
+++ /dev/null
@@ -1,652 +0,0 @@
-#! /bin/sh
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-scriptversion=2011-12-27.17; # UTC
-
-# Make unconditional expansion of undefined variables an error.  This
-# helps a lot in preventing typo-related bugs.
-set -u
-
-me=tap-driver.sh
-
-fatal ()
-{
-  echo "$me: fatal: $*" >&2
-  exit 1
-}
-
-usage_error ()
-{
-  echo "$me: $*" >&2
-  print_usage >&2
-  exit 2
-}
-
-print_usage ()
-{
-  cat <<END
-Usage:
-  tap-driver.sh --test-name=NAME --log-file=PATH --trs-file=PATH
-                [--expect-failure={yes|no}] [--color-tests={yes|no}]
-                [--enable-hard-errors={yes|no}] [--ignore-exit]
-                [--diagnostic-string=STRING] [--merge|--no-merge]
-                [--comments|--no-comments] [--] TEST-COMMAND
-The \`--test-name', \`--log-file' and \`--trs-file' options are mandatory.
-END
-}
-
-# TODO: better error handling in option parsing (in particular, ensure
-# TODO: $log_file, $trs_file and $test_name are defined).
-test_name= # Used for reporting.
-log_file=  # Where to save the result and output of the test script.
-trs_file=  # Where to save the metadata of the test run.
-expect_failure=0
-color_tests=0
-merge=0
-ignore_exit=0
-comments=0
-diag_string='#'
-while test $# -gt 0; do
-  case $1 in
-  --help) print_usage; exit $?;;
-  --version) echo "$me $scriptversion"; exit $?;;
-  --test-name) test_name=$2; shift;;
-  --log-file) log_file=$2; shift;;
-  --trs-file) trs_file=$2; shift;;
-  --color-tests) color_tests=$2; shift;;
-  --expect-failure) expect_failure=$2; shift;;
-  --enable-hard-errors) shift;; # No-op.
-  --merge) merge=1;;
-  --no-merge) merge=0;;
-  --ignore-exit) ignore_exit=1;;
-  --comments) comments=1;;
-  --no-comments) comments=0;;
-  --diagnostic-string) diag_string=$2; shift;;
-  --) shift; break;;
-  -*) usage_error "invalid option: '$1'";;
-  esac
-  shift
-done
-
-test $# -gt 0 || usage_error "missing test command"
-
-case $expect_failure in
-  yes) expect_failure=1;;
-    *) expect_failure=0;;
-esac
-
-if test $color_tests = yes; then
-  init_colors='
-    color_map["red"]="\e[0;31m" # Red.
-    color_map["grn"]="\e[0;32m" # Green.
-    color_map["lgn"]="\e[1;32m" # Light green.
-    color_map["blu"]="\e[1;34m" # Blue.
-    color_map["mgn"]="\e[0;35m" # Magenta.
-    color_map["std"]="\e[m"     # No color.
-    color_for_result["ERROR"] = "mgn"
-    color_for_result["PASS"]  = "grn"
-    color_for_result["XPASS"] = "red"
-    color_for_result["FAIL"]  = "red"
-    color_for_result["XFAIL"] = "lgn"
-    color_for_result["SKIP"]  = "blu"'
-else
-  init_colors=''
-fi
-
-# :; is there to work around a bug in bash 3.2 (and earlier) which
-# does not always set '$?' properly on redirection failure.
-# See the Autoconf manual for more details.
-:;{
-  (
-    # Ignore common signals (in this subshell only!), to avoid potential
-    # problems with Korn shells.  Some Korn shells are known to propagate
-    # to themselves signals that have killed a child process they were
-    # waiting for; this is done at least for SIGINT (and usually only for
-    # it, in truth).  Without the `trap' below, such a behaviour could
-    # cause a premature exit in the current subshell, e.g., in case the
-    # test command it runs gets terminated by a SIGINT.  Thus, the awk
-    # script we are piping into would never seen the exit status it
-    # expects on its last input line (which is displayed below by the
-    # last `echo $?' statement), and would thus die reporting an internal
-    # error.
-    # For more information, see the Autoconf manual and the threads:
-    # <http://lists.gnu.org/archive/html/bug-autoconf/2011-09/msg00004.html>
-    # <http://mail.opensolaris.org/pipermail/ksh93-integration-discuss/2009-February/004121.html>
-    trap : 1 3 2 13 15
-    if test $merge -gt 0; then
-      exec 2>&1
-    else
-      exec 2>&3
-    fi
-    "$@"
-    echo $?
-  ) | LC_ALL=C ${AM_TAP_AWK-awk} \
-        -v me="$me" \
-        -v test_script_name="$test_name" \
-        -v log_file="$log_file" \
-        -v trs_file="$trs_file" \
-        -v expect_failure="$expect_failure" \
-        -v merge="$merge" \
-        -v ignore_exit="$ignore_exit" \
-        -v comments="$comments" \
-        -v diag_string="$diag_string" \
-'
-# FIXME: the usages of "cat >&3" below could be optimized when using
-# FIXME: GNU awk, and/on on systems that supports /dev/fd/.
-
-# Implementation note: in what follows, `result_obj` will be an
-# associative array that (partly) simulates a TAP result object
-# from the `TAP::Parser` perl module.
-
-## ----------- ##
-##  FUNCTIONS  ##
-## ----------- ##
-
-function fatal(msg)
-{
-  print me ": " msg | "cat >&2"
-  exit 1
-}
-
-function abort(where)
-{
-  fatal("internal error " where)
-}
-
-# Convert a boolean to a "yes"/"no" string.
-function yn(bool)
-{
-  return bool ? "yes" : "no";
-}
-
-function add_test_result(result)
-{
-  if (!test_results_index)
-    test_results_index = 0
-  test_results_list[test_results_index] = result
-  test_results_index += 1
-  test_results_seen[result] = 1;
-}
-
-# Whether the test script should be re-run by "make recheck".
-function must_recheck()
-{
-  for (k in test_results_seen)
-    if (k != "XFAIL" && k != "PASS" && k != "SKIP")
-      return 1
-  return 0
-}
-
-# Whether the content of the log file associated to this test should
-# be copied into the "global" test-suite.log.
-function copy_in_global_log()
-{
-  for (k in test_results_seen)
-    if (k != "PASS")
-      return 1
-  return 0
-}
-
-# FIXME: this can certainly be improved ...
-function get_global_test_result()
-{
-    if ("ERROR" in test_results_seen)
-      return "ERROR"
-    if ("FAIL" in test_results_seen || "XPASS" in test_results_seen)
-      return "FAIL"
-    all_skipped = 1
-    for (k in test_results_seen)
-      if (k != "SKIP")
-        all_skipped = 0
-    if (all_skipped)
-      return "SKIP"
-    return "PASS";
-}
-
-function stringify_result_obj(result_obj)
-{
-  if (result_obj["is_unplanned"] || result_obj["number"] != testno)
-    return "ERROR"
-
-  if (plan_seen == LATE_PLAN)
-    return "ERROR"
-
-  if (result_obj["directive"] == "TODO")
-    return result_obj["is_ok"] ? "XPASS" : "XFAIL"
-
-  if (result_obj["directive"] == "SKIP")
-    return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL;
-
-  if (length(result_obj["directive"]))
-      abort("in function stringify_result_obj()")
-
-  return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL
-}
-
-function decorate_result(result)
-{
-  color_name = color_for_result[result]
-  if (color_name)
-    return color_map[color_name] "" result "" color_map["std"]
-  # If we are not using colorized output, or if we do not know how
-  # to colorize the given result, we should return it unchanged.
-  return result
-}
-
-function report(result, details)
-{
-  if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/)
-    {
-      msg = ": " test_script_name
-      add_test_result(result)
-    }
-  else if (result == "#")
-    {
-      msg = " " test_script_name ":"
-    }
-  else
-    {
-      abort("in function report()")
-    }
-  if (length(details))
-    msg = msg " " details
-  # Output on console might be colorized.
-  print decorate_result(result) msg
-  # Log the result in the log file too, to help debugging (this is
-  # especially true when said result is a TAP error or "Bail out!").
-  print result msg | "cat >&3";
-}
-
-function testsuite_error(error_message)
-{
-  report("ERROR", "- " error_message)
-}
-
-function handle_tap_result()
-{
-  details = result_obj["number"];
-  if (length(result_obj["description"]))
-    details = details " " result_obj["description"]
-
-  if (plan_seen == LATE_PLAN)
-    {
-      details = details " # AFTER LATE PLAN";
-    }
-  else if (result_obj["is_unplanned"])
-    {
-       details = details " # UNPLANNED";
-    }
-  else if (result_obj["number"] != testno)
-    {
-       details = sprintf("%s # OUT-OF-ORDER (expecting %d)",
-                         details, testno);
-    }
-  else if (result_obj["directive"])
-    {
-      details = details " # " result_obj["directive"];
-      if (length(result_obj["explanation"]))
-        details = details " " result_obj["explanation"]
-    }
-
-  report(stringify_result_obj(result_obj), details)
-}
-
-# `skip_reason` should be empty whenever planned > 0.
-function handle_tap_plan(planned, skip_reason)
-{
-  planned += 0 # Avoid getting confused if, say, `planned` is "00"
-  if (length(skip_reason) && planned > 0)
-    abort("in function handle_tap_plan()")
-  if (plan_seen)
-    {
-      # Error, only one plan per stream is acceptable.
-      testsuite_error("multiple test plans")
-      return;
-    }
-  planned_tests = planned
-  # The TAP plan can come before or after *all* the TAP results; we speak
-  # respectively of an "early" or a "late" plan.  If we see the plan line
-  # after at least one TAP result has been seen, assume we have a late
-  # plan; in this case, any further test result seen after the plan will
-  # be flagged as an error.
-  plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN)
-  # If testno > 0, we have an error ("too many tests run") that will be
-  # automatically dealt with later, so do not worry about it here.  If
-  # $plan_seen is true, we have an error due to a repeated plan, and that
-  # has already been dealt with above.  Otherwise, we have a valid "plan
-  # with SKIP" specification, and should report it as a particular kind
-  # of SKIP result.
-  if (planned == 0 && testno == 0)
-    {
-      if (length(skip_reason))
-        skip_reason = "- "  skip_reason;
-      report("SKIP", skip_reason);
-    }
-}
-
-function extract_tap_comment(line)
-{
-  if (index(line, diag_string) == 1)
-    {
-      # Strip leading `diag_string` from `line`.
-      line = substr(line, length(diag_string) + 1)
-      # And strip any leading and trailing whitespace left.
-      sub("^[ \t]*", "", line)
-      sub("[ \t]*$", "", line)
-      # Return what is left (if any).
-      return line;
-    }
-  return "";
-}
-
-# When this function is called, we know that line is a TAP result line,
-# so that it matches the (perl) RE "^(not )?ok\b".
-function setup_result_obj(line)
-{
-  # Get the result, and remove it from the line.
-  result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0)
-  sub("^(not )?ok[ \t]*", "", line)
-
-  # If the result has an explicit number, get it and strip it; otherwise,
-  # automatically assing the next progresive number to it.
-  if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
-    {
-      match(line, "^[0-9]+")
-      # The final `+ 0` is to normalize numbers with leading zeros.
-      result_obj["number"] = substr(line, 1, RLENGTH) + 0
-      line = substr(line, RLENGTH + 1)
-    }
-  else
-    {
-      result_obj["number"] = testno
-    }
-
-  if (plan_seen == LATE_PLAN)
-    # No further test results are acceptable after a "late" TAP plan
-    # has been seen.
-    result_obj["is_unplanned"] = 1
-  else if (plan_seen && testno > planned_tests)
-    result_obj["is_unplanned"] = 1
-  else
-    result_obj["is_unplanned"] = 0
-
-  # Strip trailing and leading whitespace.
-  sub("^[ \t]*", "", line)
-  sub("[ \t]*$", "", line)
-
-  # This will have to be corrected if we have a "TODO"/"SKIP" directive.
-  result_obj["description"] = line
-  result_obj["directive"] = ""
-  result_obj["explanation"] = ""
-
-  if (index(line, "#") == 0)
-    return # No possible directive, nothing more to do.
-
-  # Directives are case-insensitive.
-  rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*"
-
-  # See whether we have the directive, and if yes, where.
-  pos = match(line, rx "$")
-  if (!pos)
-    pos = match(line, rx "[^a-zA-Z0-9_]")
-
-  # If there was no TAP directive, we have nothing more to do.
-  if (!pos)
-    return
-
-  # Let`s now see if the TAP directive has been escaped.  For example:
-  #  escaped:     ok \# SKIP
-  #  not escaped: ok \\# SKIP
-  #  escaped:     ok \\\\\# SKIP
-  #  not escaped: ok \ # SKIP
-  if (substr(line, pos, 1) == "#")
-    {
-      bslash_count = 0
-      for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--)
-        bslash_count += 1
-      if (bslash_count % 2)
-        return # Directive was escaped.
-    }
-
-  # Strip the directive and its explanation (if any) from the test
-  # description.
-  result_obj["description"] = substr(line, 1, pos - 1)
-  # Now remove the test description from the line, that has been dealt
-  # with already.
-  line = substr(line, pos)
-  # Strip the directive, and save its value (normalized to upper case).
-  sub("^[ \t]*#[ \t]*", "", line)
-  result_obj["directive"] = toupper(substr(line, 1, 4))
-  line = substr(line, 5)
-  # Now get the explanation for the directive (if any), with leading
-  # and trailing whitespace removed.
-  sub("^[ \t]*", "", line)
-  sub("[ \t]*$", "", line)
-  result_obj["explanation"] = line
-}
-
-function get_test_exit_message(status)
-{
-  if (status == 0)
-    return ""
-  if (status !~ /^[1-9][0-9]*$/)
-    abort("getting exit status")
-  if (status < 127)
-    exit_details = ""
-  else if (status == 127)
-    exit_details = " (command not found?)"
-  else if (status >= 128 && status <= 255)
-    exit_details = sprintf(" (terminated by signal %d?)", status - 128)
-  else if (status > 256 && status <= 384)
-    # We used to report an "abnormal termination" here, but some Korn
-    # shells, when a child process die due to signal number n, can leave
-    # in $? an exit status of 256+n instead of the more standard 128+n.
-    # Apparently, both behaviours are allowed by POSIX (2008), so be
-    # prepared to handle them both.  See also Austing Group report ID
-    # 0000051 <http://www.austingroupbugs.net/view.php?id=51>
-    exit_details = sprintf(" (terminated by signal %d?)", status - 256)
-  else
-    # Never seen in practice.
-    exit_details = " (abnormal termination)"
-  return sprintf("exited with status %d%s", status, exit_details)
-}
-
-function write_test_results()
-{
-  print ":global-test-result: " get_global_test_result() > trs_file
-  print ":recheck: "  yn(must_recheck()) > trs_file
-  print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file
-  for (i = 0; i < test_results_index; i += 1)
-    print ":test-result: " test_results_list[i] > trs_file
-  close(trs_file);
-}
-
-BEGIN {
-
-## ------- ##
-##  SETUP  ##
-## ------- ##
-
-'"$init_colors"'
-
-# Properly initialized once the TAP plan is seen.
-planned_tests = 0
-
-COOKED_PASS = expect_failure ? "XPASS": "PASS";
-COOKED_FAIL = expect_failure ? "XFAIL": "FAIL";
-
-# Enumeration-like constants to remember which kind of plan (if any)
-# has been seen.  It is important that NO_PLAN evaluates "false" as
-# a boolean.
-NO_PLAN = 0
-EARLY_PLAN = 1
-LATE_PLAN = 2
-
-testno = 0     # Number of test results seen so far.
-bailed_out = 0 # Whether a "Bail out!" directive has been seen.
-
-# Whether the TAP plan has been seen or not, and if yes, which kind
-# it is ("early" is seen before any test result, "late" otherwise).
-plan_seen = NO_PLAN
-
-## --------- ##
-##  PARSING  ##
-## --------- ##
-
-is_first_read = 1
-
-while (1)
-  {
-    # Involutions required so that we are able to read the exit status
-    # from the last input line.
-    st = getline
-    if (st < 0) # I/O error.
-      fatal("I/O error while reading from input stream")
-    else if (st == 0) # End-of-input
-      {
-        if (is_first_read)
-          abort("in input loop: only one input line")
-        break
-      }
-    if (is_first_read)
-      {
-        is_first_read = 0
-        nextline = $0
-        continue
-      }
-    else
-      {
-        curline = nextline
-        nextline = $0
-        $0 = curline
-      }
-    # Copy any input line verbatim into the log file.
-    print | "cat >&3"
-    # Parsing of TAP input should stop after a "Bail out!" directive.
-    if (bailed_out)
-      continue
-
-    # TAP test result.
-    if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/)
-      {
-        testno += 1
-        setup_result_obj($0)
-        handle_tap_result()
-      }
-    # TAP plan (normal or "SKIP" without explanation).
-    else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/)
-      {
-        # The next two lines will put the number of planned tests in $0.
-        sub("^1\\.\\.", "")
-        sub("[^0-9]*$", "")
-        handle_tap_plan($0, "")
-        continue
-      }
-    # TAP "SKIP" plan, with an explanation.
-    else if ($0 ~ /^1\.\.0+[ \t]*#/)
-      {
-        # The next lines will put the skip explanation in $0, stripping
-        # any leading and trailing whitespace.  This is a little more
-        # tricky in truth, since we want to also strip a potential leading
-        # "SKIP" string from the message.
-        sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "")
-        sub("[ \t]*$", "");
-        handle_tap_plan(0, $0)
-      }
-    # "Bail out!" magic.
-    # Older versions of prove and TAP::Harness (e.g., 3.17) did not
-    # recognize a "Bail out!" directive when preceded by leading
-    # whitespace, but more modern versions (e.g., 3.23) do.  So we
-    # emulate the latter, "more modern" behaviour.
-    else if ($0 ~ /^[ \t]*Bail out!/)
-      {
-        bailed_out = 1
-        # Get the bailout message (if any), with leading and trailing
-        # whitespace stripped.  The message remains stored in `$0`.
-        sub("^[ \t]*Bail out![ \t]*", "");
-        sub("[ \t]*$", "");
-        # Format the error message for the
-        bailout_message = "Bail out!"
-        if (length($0))
-          bailout_message = bailout_message " " $0
-        testsuite_error(bailout_message)
-      }
-    # Maybe we have too look for dianogtic comments too.
-    else if (comments != 0)
-      {
-        comment = extract_tap_comment($0);
-        if (length(comment))
-          report("#", comment);
-      }
-  }
-
-## -------- ##
-##  FINISH  ##
-## -------- ##
-
-# A "Bail out!" directive should cause us to ignore any following TAP
-# error, as well as a non-zero exit status from the TAP producer.
-if (!bailed_out)
-  {
-    if (!plan_seen)
-      {
-        testsuite_error("missing test plan")
-      }
-    else if (planned_tests != testno)
-      {
-        bad_amount = testno > planned_tests ? "many" : "few"
-        testsuite_error(sprintf("too %s tests run (expected %d, got %d)",
-                                bad_amount, planned_tests, testno))
-      }
-    if (!ignore_exit)
-      {
-        # Fetch exit status from the last line.
-        exit_message = get_test_exit_message(nextline)
-        if (exit_message)
-          testsuite_error(exit_message)
-      }
-  }
-
-write_test_results()
-
-exit 0
-
-} # End of "BEGIN" block.
-'
-
-# TODO: document that we consume the file descriptor 3 :-(
-} 3>"$log_file"
-
-test $? -eq 0 || fatal "I/O or internal error"
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
-# time-stamp-end: "; # UTC"
-# End:

diff --git a/tap-test b/tap-test
deleted file mode 100755 (executable)
index 481e333..0000000
--- a/tap-test
+++ /dev/null
@@ -1,5 +0,0 @@
-#! /bin/sh
-
-# run a GTest in tap mode. The test binary is passed as $1
-
-$1 -k --tap

diff --git a/template.test.in b/template.test.in
new file mode 100644 (file)
index 0000000..f701627
--- /dev/null
+++ b/template.test.in
@@ -0,0 +1,3 @@
+[Test]
+Type=session
+Exec=@installed_tests_dir@/@program@

diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
new file mode 100644 (file)
index 0000000..f180676
--- /dev/null
+++ b/tls/base/gtlsconnection-base.c
@@ -0,0 +1,1271 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2009-2011 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+
+#include "gtlsconnection-base.h"
+#include "gtlsinputstream-base.h"
+#include "gtlsoutputstream-base.h"
+
+#include <glib/gi18n-lib.h>
+
+static gboolean do_implicit_handshake (GTlsConnectionBase  *tls,
+                                      gboolean             blocking,
+                                      GCancellable        *cancellable,
+                                      GError             **error);
+static gboolean finish_handshake (GTlsConnectionBase  *tls,
+                                 GTask               *task,
+                                 GError             **error);
+
+G_DEFINE_ABSTRACT_TYPE (GTlsConnectionBase, g_tls_connection_base, G_TYPE_TLS_CONNECTION);
+
+enum
+{
+  PROP_0,
+  PROP_BASE_IO_STREAM,
+  PROP_REQUIRE_CLOSE_NOTIFY,
+  PROP_REHANDSHAKE_MODE,
+  PROP_USE_SYSTEM_CERTDB,
+  PROP_DATABASE,
+  PROP_CERTIFICATE,
+  PROP_INTERACTION,
+  PROP_PEER_CERTIFICATE,
+  PROP_PEER_CERTIFICATE_ERRORS
+};
+
+static void
+g_tls_connection_base_init (GTlsConnectionBase *tls)
+{
+  tls->need_handshake = TRUE;
+  tls->database_is_unset = TRUE;
+  tls->is_system_certdb = TRUE;
+
+  g_mutex_init (&tls->op_mutex);
+  tls->waiting_for_op = g_cancellable_new ();
+  g_cancellable_cancel (tls->waiting_for_op);
+}
+
+static void
+g_tls_connection_base_finalize (GObject *object)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+
+  g_clear_object (&tls->base_io_stream);
+
+  g_clear_object (&tls->tls_istream);
+  g_clear_object (&tls->tls_ostream);
+
+  g_clear_object (&tls->database);
+  g_clear_object (&tls->certificate);
+  g_clear_error (&tls->certificate_error);
+  g_clear_object (&tls->peer_certificate);
+
+  g_clear_object (&tls->interaction);
+
+  /* This must always be NULL at this, as it holds a referehce to @gnutls as
+   * its source object. However, we clear it anyway just in case this changes
+   * in future. */
+  g_clear_object (&tls->implicit_handshake);
+
+  g_clear_error (&tls->handshake_error);
+  g_clear_error (&tls->read_error);
+  g_clear_error (&tls->write_error);
+  g_clear_object (&tls->read_cancellable);
+  g_clear_object (&tls->write_cancellable);
+
+  g_clear_object (&tls->waiting_for_op);
+  g_mutex_clear (&tls->op_mutex);
+
+  g_clear_pointer (&tls->app_data_buf, g_byte_array_unref);
+
+  G_OBJECT_CLASS (g_tls_connection_base_parent_class)->finalize (object);
+}
+
+static void
+g_tls_connection_base_get_property (GObject    *object,
+                                   guint       prop_id,
+                                   GValue     *value,
+                                   GParamSpec *pspec)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+  GTlsBackend *backend;
+
+  switch (prop_id)
+    {
+    case PROP_BASE_IO_STREAM:
+      g_value_set_object (value, tls->base_io_stream);
+      break;
+
+    case PROP_REQUIRE_CLOSE_NOTIFY:
+      g_value_set_boolean (value, tls->require_close_notify);
+      break;
+
+    case PROP_REHANDSHAKE_MODE:
+      g_value_set_enum (value, tls->rehandshake_mode);
+      break;
+
+    case PROP_USE_SYSTEM_CERTDB:
+      g_value_set_boolean (value, tls->is_system_certdb);
+      break;
+
+    case PROP_DATABASE:
+      if (tls->database_is_unset)
+        {
+          backend = g_tls_backend_get_default ();
+          tls->database =  g_tls_backend_get_default_database (backend);
+          tls->database_is_unset = FALSE;
+        }
+      g_value_set_object (value, tls->database);
+      break;
+
+    case PROP_CERTIFICATE:
+      g_value_set_object (value, tls->certificate);
+      break;
+
+    case PROP_INTERACTION:
+      g_value_set_object (value, tls->interaction);
+      break;
+
+    case PROP_PEER_CERTIFICATE:
+      g_value_set_object (value, tls->peer_certificate);
+      break;
+
+    case PROP_PEER_CERTIFICATE_ERRORS:
+      g_value_set_flags (value, tls->peer_certificate_errors);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_connection_base_set_property (GObject      *object,
+                                   guint         prop_id,
+                                   const GValue *value,
+                                   GParamSpec   *pspec)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+  GInputStream *istream;
+  GOutputStream *ostream;
+  gboolean system_certdb;
+  GTlsBackend *backend;
+
+  switch (prop_id)
+    {
+    case PROP_BASE_IO_STREAM:
+      if (tls->base_io_stream)
+       {
+         g_object_unref (tls->base_io_stream);
+         tls->base_istream = NULL;
+         tls->base_ostream = NULL;
+       }
+      tls->base_io_stream = g_value_dup_object (value);
+      if (!tls->base_io_stream)
+       return;
+
+      istream = g_io_stream_get_input_stream (tls->base_io_stream);
+      ostream = g_io_stream_get_output_stream (tls->base_io_stream);
+
+      if (G_IS_POLLABLE_INPUT_STREAM (istream) &&
+         g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
+       {
+         tls->base_istream = G_POLLABLE_INPUT_STREAM (istream);
+         tls->tls_istream = g_tls_input_stream_base_new (tls);
+       }
+      if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) &&
+         g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
+       {
+         tls->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
+         tls->tls_ostream = g_tls_output_stream_base_new (tls);
+       }
+      break;
+
+    case PROP_REQUIRE_CLOSE_NOTIFY:
+      tls->require_close_notify = g_value_get_boolean (value);
+      break;
+
+    case PROP_REHANDSHAKE_MODE:
+      tls->rehandshake_mode = g_value_get_enum (value);
+      break;
+
+    case PROP_USE_SYSTEM_CERTDB:
+      system_certdb = g_value_get_boolean (value);
+      if (system_certdb != tls->is_system_certdb)
+        {
+          g_clear_object (&tls->database);
+          if (system_certdb)
+            {
+              backend = g_tls_backend_get_default ();
+              tls->database = g_tls_backend_get_default_database (backend);
+            }
+          tls->is_system_certdb = system_certdb;
+         tls->database_is_unset = FALSE;
+        }
+      break;
+
+    case PROP_DATABASE:
+      g_clear_object (&tls->database);
+      tls->database = g_value_dup_object (value);
+      tls->is_system_certdb = FALSE;
+      tls->database_is_unset = FALSE;
+      break;
+
+    case PROP_CERTIFICATE:
+      if (tls->certificate)
+       g_object_unref (tls->certificate);
+      tls->certificate = g_value_dup_object (value);
+      break;
+
+    case PROP_INTERACTION:
+      g_clear_object (&tls->interaction);
+      tls->interaction = g_value_dup_object (value);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+typedef enum {
+  G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+  G_TLS_CONNECTION_BASE_OP_READ,
+  G_TLS_CONNECTION_BASE_OP_WRITE,
+  G_TLS_CONNECTION_BASE_OP_CLOSE_READ,
+  G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE,
+  G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH,
+} GTlsConnectionBaseOp;
+
+static gboolean
+claim_op (GTlsConnectionBase    *tls,
+         GTlsConnectionBaseOp   op,
+         gboolean               blocking,
+         GCancellable          *cancellable,
+         GError               **error)
+{
+ try_again:
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return FALSE;
+
+  g_mutex_lock (&tls->op_mutex);
+
+  if (((op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE ||
+        op == G_TLS_CONNECTION_BASE_OP_READ) &&
+       (tls->read_closing || tls->read_closed)) ||
+      ((op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE ||
+        op == G_TLS_CONNECTION_BASE_OP_WRITE) &&
+       (tls->write_closing || tls->write_closed)))
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                          _("Connection is closed"));
+      g_mutex_unlock (&tls->op_mutex);
+      return FALSE;
+    }
+
+  if (tls->handshake_error &&
+      op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+      op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+      op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
+    {
+      if (error)
+       *error = g_error_copy (tls->handshake_error);
+      g_mutex_unlock (&tls->op_mutex);
+      return FALSE;
+    }
+
+  if (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
+    {
+      if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+          op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+          op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
+          tls->need_handshake && !tls->handshaking)
+       {
+         tls->handshaking = TRUE;
+         if (!do_implicit_handshake (tls, blocking, cancellable, error))
+           {
+             g_cancellable_reset (tls->waiting_for_op);
+             g_mutex_unlock (&tls->op_mutex);
+             return FALSE;
+           }
+       }
+
+      if (tls->need_finish_handshake &&
+         tls->implicit_handshake)
+       {
+         GError *my_error = NULL;
+         gboolean success;
+
+         tls->need_finish_handshake = FALSE;
+
+         g_mutex_unlock (&tls->op_mutex);
+         success = finish_handshake (tls, tls->implicit_handshake, &my_error);
+         g_clear_object (&tls->implicit_handshake);
+         g_mutex_lock (&tls->op_mutex);
+
+         if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+             op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+             op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
+             (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
+           {
+             g_propagate_error (error, my_error);
+             g_mutex_unlock (&tls->op_mutex);
+             return FALSE;
+           }
+
+         g_clear_error (&my_error);
+       }
+    }
+
+  if ((op != G_TLS_CONNECTION_BASE_OP_WRITE && tls->reading) ||
+      (op != G_TLS_CONNECTION_BASE_OP_READ && tls->writing) ||
+      (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE && tls->handshaking))
+    {
+      GPollFD fds[2];
+      int nfds;
+
+      g_cancellable_reset (tls->waiting_for_op);
+
+      g_mutex_unlock (&tls->op_mutex);
+
+      if (!blocking)
+       {
+         g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
+                              _("Operation would block"));
+         return FALSE;
+       }
+
+      g_cancellable_make_pollfd (tls->waiting_for_op, &fds[0]);
+      if (g_cancellable_make_pollfd (cancellable, &fds[1]))
+       nfds = 2;
+      else
+       nfds = 1;
+
+      g_poll (fds, nfds, -1);
+
+      if (nfds > 1)
+        g_cancellable_release_fd (cancellable);
+
+      goto try_again;
+    }
+
+  if (op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
+    tls->handshaking = TRUE;
+  if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+      op == G_TLS_CONNECTION_BASE_OP_CLOSE_READ)
+    tls->read_closing = TRUE;
+  if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+      op == G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
+    tls->write_closing = TRUE;
+
+  if (op != G_TLS_CONNECTION_BASE_OP_WRITE)
+    tls->reading = TRUE;
+  if (op != G_TLS_CONNECTION_BASE_OP_READ)
+    tls->writing = TRUE;
+
+  g_mutex_unlock (&tls->op_mutex);
+  return TRUE;
+}
+
+static void
+yield_op (GTlsConnectionBase       *tls,
+         GTlsConnectionBaseOp      op,
+         GTlsConnectionBaseStatus  status)
+{
+  g_mutex_lock (&tls->op_mutex);
+
+  if (op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
+    tls->handshaking = FALSE;
+  else if (status == G_TLS_CONNECTION_BASE_REHANDSHAKE && !tls->handshaking)
+    tls->need_handshake = TRUE;
+
+  if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+      op == G_TLS_CONNECTION_BASE_OP_CLOSE_READ)
+    tls->read_closing = FALSE;
+  if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
+      op == G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
+    tls->write_closing = FALSE;
+
+  if (op != G_TLS_CONNECTION_BASE_OP_WRITE)
+    tls->reading = FALSE;
+  if (op != G_TLS_CONNECTION_BASE_OP_READ)
+    tls->writing = FALSE;
+
+  g_cancellable_cancel (tls->waiting_for_op);
+  g_mutex_unlock (&tls->op_mutex);
+}
+
+static void
+g_tls_connection_base_real_push_io (GTlsConnectionBase *tls,
+                                    GIOCondition        direction,
+                                    gboolean            blocking,
+                                    GCancellable       *cancellable)
+{
+  if (direction & G_IO_IN)
+    {
+      tls->read_blocking = blocking;
+      tls->read_cancellable = cancellable;
+      g_clear_error (&tls->read_error);
+    }
+
+  if (direction & G_IO_OUT)
+    {
+      tls->write_blocking = blocking;
+      tls->write_cancellable = cancellable;
+      g_clear_error (&tls->write_error);
+    }
+}
+
+void
+g_tls_connection_base_push_io (GTlsConnectionBase *tls,
+                               GIOCondition        direction,
+                               gboolean            blocking,
+                               GCancellable       *cancellable)
+{
+  g_assert (direction & (G_IO_IN | G_IO_OUT));
+  g_return_if_fail (G_IS_TLS_CONNECTION_BASE (tls));
+
+  G_TLS_CONNECTION_BASE_GET_CLASS (tls)->push_io (tls, direction,
+                                                  blocking, cancellable);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_base_real_pop_io (GTlsConnectionBase  *tls,
+                                   GIOCondition         direction,
+                                   gboolean             success,
+                                   GError             **error)
+{
+  GError *my_error = NULL;
+
+  if (direction & G_IO_IN)
+    {
+      tls->read_cancellable = NULL;
+      if (!success)
+       {
+         my_error = tls->read_error;
+         tls->read_error = NULL;
+       }
+      else
+       g_clear_error (&tls->read_error);
+    }
+  if (direction & G_IO_OUT)
+    {
+      tls->write_cancellable = NULL;
+      if (!success && !my_error)
+       {
+         my_error = tls->write_error;
+         tls->write_error = NULL;
+       }
+      else
+       g_clear_error (&tls->write_error);
+    }
+
+  if (success)
+    return G_TLS_CONNECTION_BASE_OK;
+
+  if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+    {
+      g_propagate_error (error, my_error);
+      return G_TLS_CONNECTION_BASE_WOULD_BLOCK;
+    }
+  else if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
+    {
+      g_propagate_error (error, my_error);
+      return G_TLS_CONNECTION_BASE_TIMED_OUT;
+    }
+  else if (my_error)
+    g_propagate_error (error, my_error);
+
+  return G_TLS_CONNECTION_BASE_ERROR;
+}
+
+GTlsConnectionBaseStatus
+g_tls_connection_base_pop_io (GTlsConnectionBase  *tls,
+                              GIOCondition         direction,
+                              gboolean             success,
+                              GError             **error)
+{
+  g_assert (direction & (G_IO_IN | G_IO_OUT));
+  g_assert (!error || !*error);
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_BASE (tls), G_TLS_CONNECTION_BASE_ERROR);
+
+  return G_TLS_CONNECTION_BASE_GET_CLASS (tls)->pop_io (tls, direction,
+                                                        success, error);
+}
+
+gboolean
+g_tls_connection_base_check (GTlsConnectionBase  *tls,
+                            GIOCondition         condition)
+{
+  /* Racy, but worst case is that we just get WOULD_BLOCK back */
+  if (tls->need_finish_handshake)
+    return TRUE;
+
+  /* If a handshake or close is in progress, then tls_istream and
+   * tls_ostream are blocked, regardless of the base stream status.
+   */
+  if (tls->handshaking)
+    return FALSE;
+
+  if (((condition & G_IO_IN) && tls->read_closing) ||
+      ((condition & G_IO_OUT) && tls->write_closing))
+    return FALSE;
+
+  if (condition & G_IO_IN)
+    return g_pollable_input_stream_is_readable (tls->base_istream);
+  else
+    return g_pollable_output_stream_is_writable (tls->base_ostream);
+}
+
+typedef struct {
+  GSource             source;
+
+  GTlsConnectionBase *tls;
+  GObject            *stream;
+
+  GSource            *child_source;
+  GIOCondition        condition;
+
+  gboolean            io_waiting;
+  gboolean            op_waiting;
+} GTlsConnectionBaseSource;
+
+static gboolean
+tls_source_prepare (GSource *source,
+                    gint    *timeout)
+{
+  *timeout = -1;
+  return FALSE;
+}
+
+static gboolean
+tls_source_check (GSource *source)
+{
+  return FALSE;
+}
+
+static void
+tls_source_sync (GTlsConnectionBaseSource *tls_source)
+{
+  GTlsConnectionBase *tls = tls_source->tls;
+  gboolean io_waiting, op_waiting;
+
+  /* Was the source destroyed earlier in this main context iteration? */
+  if (g_source_is_destroyed ((GSource *) tls_source))
+    return;
+
+  g_mutex_lock (&tls->op_mutex);
+  if (((tls_source->condition & G_IO_IN) && tls->reading) ||
+      ((tls_source->condition & G_IO_OUT) && tls->writing) ||
+      (tls->handshaking && !tls->need_finish_handshake))
+    op_waiting = TRUE;
+  else
+    op_waiting = FALSE;
+
+  if (!op_waiting && !tls->need_handshake &&
+      !tls->need_finish_handshake)
+    io_waiting = TRUE;
+  else
+    io_waiting = FALSE;
+  g_mutex_unlock (&tls->op_mutex);
+
+  if (op_waiting == tls_source->op_waiting &&
+      io_waiting == tls_source->io_waiting)
+    return;
+  tls_source->op_waiting = op_waiting;
+  tls_source->io_waiting = io_waiting;
+
+  if (tls_source->child_source)
+    {
+      g_source_remove_child_source ((GSource *)tls_source,
+                                   tls_source->child_source);
+      g_source_unref (tls_source->child_source);
+    }
+
+  if (op_waiting)
+    tls_source->child_source = g_cancellable_source_new (tls->waiting_for_op);
+  else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (tls_source->stream))
+    tls_source->child_source = g_pollable_input_stream_create_source (tls->base_istream, NULL);
+  else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (tls_source->stream))
+    tls_source->child_source = g_pollable_output_stream_create_source (tls->base_ostream, NULL);
+  else
+    tls_source->child_source = g_timeout_source_new (0);
+
+  g_source_set_dummy_callback (tls_source->child_source);
+  g_source_add_child_source ((GSource *)tls_source, tls_source->child_source);
+}
+
+static gboolean
+tls_source_dispatch (GSource     *source,
+                     GSourceFunc  callback,
+                     gpointer     user_data)
+{
+  GPollableSourceFunc func = (GPollableSourceFunc)callback;
+  GTlsConnectionBaseSource *tls_source = (GTlsConnectionBaseSource *)source;
+  gboolean ret;
+
+  ret = (*func) (tls_source->stream, user_data);
+  if (ret)
+    tls_source_sync (tls_source);
+
+  return ret;
+}
+
+static void
+tls_source_finalize (GSource *source)
+{
+  GTlsConnectionBaseSource *tls_source = (GTlsConnectionBaseSource *)source;
+
+  g_object_unref (tls_source->tls);
+  g_source_unref (tls_source->child_source);
+}
+
+static gboolean
+g_tls_connection_tls_source_closure_callback (GObject  *stream,
+                                              gpointer  data)
+{
+  GClosure *closure = data;
+
+  GValue param = { 0, };
+  GValue result_value = { 0, };
+  gboolean result;
+
+  g_value_init (&result_value, G_TYPE_BOOLEAN);
+
+  g_value_init (&param, G_TYPE_OBJECT);
+  g_value_set_object (&param, stream);
+
+  g_closure_invoke (closure, &result_value, 1, &param, NULL);
+
+  result = g_value_get_boolean (&result_value);
+  g_value_unset (&result_value);
+  g_value_unset (&param);
+
+  return result;
+}
+
+static GSourceFuncs tls_source_funcs =
+{
+  tls_source_prepare,
+  tls_source_check,
+  tls_source_dispatch,
+  tls_source_finalize,
+  (GSourceFunc)g_tls_connection_tls_source_closure_callback,
+  (GSourceDummyMarshal)g_cclosure_marshal_generic
+};
+
+GSource *
+g_tls_connection_base_create_source (GTlsConnectionBase  *tls,
+                                    GIOCondition         condition,
+                                    GCancellable        *cancellable)
+{
+  GSource *source, *cancellable_source;
+  GTlsConnectionBaseSource *tls_source;
+
+  source = g_source_new (&tls_source_funcs, sizeof (GTlsConnectionBaseSource));
+  g_source_set_name (source, "GTlsConnectionBaseSource");
+  tls_source = (GTlsConnectionBaseSource *)source;
+  tls_source->tls = g_object_ref (tls);
+  tls_source->condition = condition;
+  if (condition & G_IO_IN)
+    tls_source->stream = G_OBJECT (tls->tls_istream);
+  else if (condition & G_IO_OUT)
+    tls_source->stream = G_OBJECT (tls->tls_ostream);
+
+  tls_source->op_waiting = (gboolean) -1;
+  tls_source->io_waiting = (gboolean) -1;
+  tls_source_sync (tls_source);
+
+  if (cancellable)
+    {
+      cancellable_source = g_cancellable_source_new (cancellable);
+      g_source_set_dummy_callback (cancellable_source);
+      g_source_add_child_source (source, cancellable_source);
+      g_source_unref (cancellable_source);
+    }
+
+  return source;
+}
+
+gboolean
+g_tls_connection_base_accept_peer_certificate (GTlsConnectionBase   *tls,
+                                               GTlsCertificate      *peer_certificate,
+                                               GTlsCertificateFlags  peer_certificate_errors)
+{
+  gboolean accepted = FALSE;
+
+  if (G_IS_TLS_CLIENT_CONNECTION (tls))
+    {
+      GTlsCertificateFlags validation_flags =
+        g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (tls));
+
+      if ((peer_certificate_errors & validation_flags) == 0)
+        accepted = TRUE;
+    }
+
+  if (!accepted)
+    {
+      accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (tls),
+                                                           peer_certificate,
+                                                           peer_certificate_errors);
+    }
+
+  return accepted;
+}
+
+void
+g_tls_connection_base_set_peer_certificate (GTlsConnectionBase   *tls,
+                                           GTlsCertificate      *peer_certificate,
+                                           GTlsCertificateFlags  peer_certificate_errors)
+{
+  g_set_object (&tls->peer_certificate, peer_certificate);
+
+  tls->peer_certificate_errors = peer_certificate_errors;
+
+  g_object_notify (G_OBJECT (tls), "peer-certificate");
+  g_object_notify (G_OBJECT (tls), "peer-certificate-errors");
+}
+
+static void
+handshake_thread (GTask        *task,
+                 gpointer      object,
+                 gpointer      task_data,
+                 GCancellable *cancellable)
+{
+  GTlsConnectionBase *tls = object;
+  GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+  GError *error = NULL;
+
+  tls->started_handshake = FALSE;
+  tls->certificate_requested = FALSE;
+
+  if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+                TRUE, cancellable, &error))
+    {
+      g_task_return_error (task, error);
+      return;
+    }
+
+  g_clear_error (&tls->handshake_error);
+
+  if (tls->ever_handshaked && !tls->need_handshake)
+    {
+      GTlsConnectionBaseStatus status;
+
+      status = tls_class->request_rehandshake (tls, cancellable, &error);
+      if (status != G_TLS_CONNECTION_BASE_OK)
+       {
+         g_task_return_error (task, error);
+         return;
+       }
+    }
+
+  g_clear_object (&tls->peer_certificate);
+  tls->peer_certificate_errors = 0;
+
+  tls->started_handshake = TRUE;
+  tls_class->handshake (tls, cancellable, &error);
+  tls->need_handshake = FALSE;
+
+  if (error)
+    {
+      if ((g_error_matches (error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
+#if GLIB_CHECK_VERSION (2, 35, 3)
+          g_error_matches (error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
+#endif
+          g_error_matches (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS)) &&
+         tls->certificate_requested)
+       {
+         g_clear_error (&error);
+         if (tls->certificate_error)
+           {
+             error = tls->certificate_error;
+             tls->certificate_error = NULL;
+           }
+         else
+           {
+             g_set_error_literal (&error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+                                  _("Server required TLS certificate"));
+           }
+       }
+      g_task_return_error (task, error);
+    }
+  else
+    {
+      tls->ever_handshaked = TRUE;
+      g_task_return_boolean (task, TRUE);
+    }
+}
+
+static gboolean
+finish_handshake (GTlsConnectionBase  *tls,
+                 GTask               *task,
+                 GError             **error)
+{
+  GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+  GError *my_error = NULL;
+
+  if (g_task_propagate_boolean (task, &my_error))
+    tls_class->complete_handshake (tls, &my_error);
+
+  if (my_error && tls->started_handshake)
+    tls->handshake_error = g_error_copy (my_error);
+
+  if (!my_error)
+    return TRUE;
+
+  g_propagate_error (error, my_error);
+  return FALSE;
+}
+
+static gboolean
+g_tls_connection_base_handshake (GTlsConnection   *conn,
+                                GCancellable     *cancellable,
+                                GError          **error)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+  GTask *task;
+  gboolean success;
+  GError *my_error = NULL;
+
+  task = g_task_new (conn, cancellable, NULL, NULL);
+  g_task_set_source_tag (task, g_tls_connection_base_handshake);
+  g_task_run_in_thread_sync (task, handshake_thread);
+  success = finish_handshake (tls, task, &my_error);
+  g_object_unref (task);
+
+  yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+           G_TLS_CONNECTION_BASE_OK);
+
+  if (my_error)
+    g_propagate_error (error, my_error);
+  return success;
+}
+
+/* In the async version we use two GTasks; one to run
+ * handshake_thread() and then call handshake_thread_completed(), and
+ * a second to call the caller's original callback after we call
+ * finish_handshake().
+ */
+
+static void
+handshake_thread_completed (GObject      *object,
+                           GAsyncResult *result,
+                           gpointer      user_data)
+{
+  GTask *caller_task = user_data;
+  GTlsConnectionBase *tls = g_task_get_source_object (caller_task);
+  GError *error = NULL;
+  gboolean need_finish_handshake, success;
+
+  g_mutex_lock (&tls->op_mutex);
+  if (tls->need_finish_handshake)
+    {
+      need_finish_handshake = TRUE;
+      tls->need_finish_handshake = FALSE;
+    }
+  else
+    need_finish_handshake = FALSE;
+  g_mutex_unlock (&tls->op_mutex);
+
+  if (need_finish_handshake)
+    {
+      success = finish_handshake (tls, G_TASK (result), &error);
+      if (success)
+       g_task_return_boolean (caller_task, TRUE);
+      else
+       g_task_return_error (caller_task, error);
+    }
+  else if (tls->handshake_error)
+    g_task_return_error (caller_task, g_error_copy (tls->handshake_error));
+  else
+    g_task_return_boolean (caller_task, TRUE);
+
+  g_object_unref (caller_task);
+}
+
+static void
+async_handshake_thread (GTask        *task,
+                       gpointer      object,
+                       gpointer      task_data,
+                       GCancellable *cancellable)
+{
+  GTlsConnectionBase *tls = object;
+
+  handshake_thread (task, object, task_data, cancellable);
+
+  g_mutex_lock (&tls->op_mutex);
+  tls->need_finish_handshake = TRUE;
+  /* yield_op will clear handshaking too, but we don't want the
+   * connection to be briefly "handshaking && need_finish_handshake"
+   * after we unlock the mutex.
+   */
+  tls->handshaking = FALSE;
+  g_mutex_unlock (&tls->op_mutex);
+
+  yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+           G_TLS_CONNECTION_BASE_OK);
+}
+
+static void
+g_tls_connection_base_handshake_async (GTlsConnection       *conn,
+                                      int                   io_priority,
+                                      GCancellable         *cancellable,
+                                      GAsyncReadyCallback   callback,
+                                      gpointer              user_data)
+{
+  GTask *thread_task, *caller_task;
+
+  caller_task = g_task_new (conn, cancellable, callback, user_data);
+  g_task_set_source_tag (caller_task, g_tls_connection_base_handshake_async);
+  g_task_set_priority (caller_task, io_priority);
+  thread_task = g_task_new (conn, cancellable, handshake_thread_completed, caller_task);
+  g_task_set_source_tag (thread_task, g_tls_connection_base_handshake_async);
+  g_task_set_priority (thread_task, io_priority);
+
+  g_task_run_in_thread (thread_task, async_handshake_thread);
+  g_object_unref (thread_task);
+}
+
+static gboolean
+g_tls_connection_base_handshake_finish (GTlsConnection       *conn,
+                                       GAsyncResult         *result,
+                                       GError              **error)
+{
+  g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
+
+  return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+implicit_handshake_completed (GObject      *object,
+                             GAsyncResult *result,
+                             gpointer      user_data)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+
+  g_mutex_lock (&tls->op_mutex);
+  tls->need_finish_handshake = TRUE;
+  g_mutex_unlock (&tls->op_mutex);
+
+  yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+           G_TLS_CONNECTION_BASE_OK);
+}
+
+static gboolean
+do_implicit_handshake (GTlsConnectionBase  *tls,
+                      gboolean             blocking,
+                      GCancellable        *cancellable,
+                      GError             **error)
+{
+  /* We have op_mutex */
+
+  tls->implicit_handshake = g_task_new (tls, cancellable,
+                                       implicit_handshake_completed,
+                                       NULL);
+  g_task_set_source_tag (tls->implicit_handshake, do_implicit_handshake);
+
+  if (blocking)
+    {
+      GError *my_error = NULL;
+      gboolean success;
+
+      g_mutex_unlock (&tls->op_mutex);
+      g_task_run_in_thread_sync (tls->implicit_handshake,
+                                handshake_thread);
+      success = finish_handshake (tls,
+                                 tls->implicit_handshake,
+                                 &my_error);
+      g_clear_object (&tls->implicit_handshake);
+      yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+               G_TLS_CONNECTION_BASE_OK);
+      g_mutex_lock (&tls->op_mutex);
+
+      if (my_error)
+       g_propagate_error (error, my_error);
+      return success;
+    }
+  else
+    {
+      g_task_run_in_thread (tls->implicit_handshake,
+                           handshake_thread);
+
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
+                          _("Operation would block"));
+      return FALSE;
+    }
+}
+
+gssize
+g_tls_connection_base_read (GTlsConnectionBase  *tls,
+                           void                *buffer,
+                           gsize                count,
+                           gboolean             blocking,
+                           GCancellable        *cancellable,
+                           GError             **error)
+{
+  GTlsConnectionBaseStatus status;
+  gssize nread;
+
+  do
+    {
+      if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_READ,
+                    blocking, cancellable, error))
+       return -1;
+
+      if (tls->app_data_buf && !tls->handshaking)
+       {
+         nread = MIN (count, tls->app_data_buf->len);
+         memcpy (buffer, tls->app_data_buf->data, nread);
+         if (nread == tls->app_data_buf->len)
+           g_clear_pointer (&tls->app_data_buf, g_byte_array_unref);
+         else
+           g_byte_array_remove_range (tls->app_data_buf, 0, nread);
+         status = G_TLS_CONNECTION_BASE_OK;
+       }
+      else
+       {
+         status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+           read_fn (tls, buffer, count, blocking, &nread, cancellable, error);
+       }
+
+      yield_op (tls, G_TLS_CONNECTION_BASE_OP_READ, status);
+    }
+  while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
+
+  if (status == G_TLS_CONNECTION_BASE_OK)
+    return nread;
+  else
+    return -1;
+}
+
+gssize
+g_tls_connection_base_write (GTlsConnectionBase  *tls,
+                            const void          *buffer,
+                            gsize                count,
+                            gboolean             blocking,
+                            GCancellable        *cancellable,
+                            GError             **error)
+{
+  GTlsConnectionBaseStatus status;
+  gssize nwrote;
+
+  do
+    {
+      if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE,
+                    blocking, cancellable, error))
+       return -1;
+
+      status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+       write_fn (tls, buffer, count, blocking, &nwrote, cancellable, error);
+
+      yield_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE, status);
+    }
+  while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
+
+  if (status == G_TLS_CONNECTION_BASE_OK)
+    return nwrote;
+  else
+    return -1;
+}
+
+static GInputStream *
+g_tls_connection_base_get_input_stream (GIOStream *stream)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+
+  return tls->tls_istream;
+}
+
+static GOutputStream *
+g_tls_connection_base_get_output_stream (GIOStream *stream)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+
+  return tls->tls_ostream;
+}
+
+gboolean
+g_tls_connection_base_close_internal (GIOStream     *stream,
+                                      GTlsDirection  direction,
+                                      GCancellable  *cancellable,
+                                      GError       **error)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+  GTlsConnectionBaseOp op;
+  GTlsConnectionBaseStatus status;
+  gboolean success = TRUE;
+  GError *close_error = NULL, *stream_error = NULL;
+
+  /* This can be called from g_io_stream_close(), g_input_stream_close() or
+   * g_output_stream_close(). In all cases, we only do the close_fn() for
+   * writing. The difference is how we set the flags on this class and how
+   * the underlying stream is closed.
+   */
+
+  g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
+
+  if (direction == G_TLS_DIRECTION_BOTH)
+    op = G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH;
+  else if (direction == G_TLS_DIRECTION_READ)
+    op = G_TLS_CONNECTION_BASE_OP_CLOSE_READ;
+  else
+    op = G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE;
+
+  if (!claim_op (tls, op, TRUE, cancellable, error))
+    return FALSE;
+
+  if (tls->ever_handshaked && !tls->write_closed &&
+      direction & G_TLS_DIRECTION_WRITE)
+    {
+      status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+       close_fn (tls, cancellable, &close_error);
+
+      tls->write_closed = TRUE;
+    }
+  else
+    status = G_TLS_CONNECTION_BASE_OK;
+
+  if (!tls->read_closed && direction & G_TLS_DIRECTION_READ)
+    tls->read_closed = TRUE;
+
+  /* Close the underlying streams. Do this even if the close_fn() call failed,
+   * as the parent GIOStream will have set its internal closed flag and hence
+   * this implementation will never be called again. */
+  if (direction == G_TLS_DIRECTION_BOTH)
+    success = g_io_stream_close (tls->base_io_stream,
+                                 cancellable, &stream_error);
+  else if (direction & G_TLS_DIRECTION_READ)
+    success = g_input_stream_close (g_io_stream_get_input_stream (tls->base_io_stream),
+                                    cancellable, &stream_error);
+  else if (direction & G_TLS_DIRECTION_WRITE)
+    success = g_output_stream_close (g_io_stream_get_output_stream (tls->base_io_stream),
+                                     cancellable, &stream_error);
+
+  yield_op (tls, op, status);
+
+  /* Propagate errors. */
+  if (status != G_TLS_CONNECTION_BASE_OK)
+    {
+      g_propagate_error (error, close_error);
+      g_clear_error (&stream_error);
+    }
+  else if (!success)
+    {
+      g_propagate_error (error, stream_error);
+      g_clear_error (&close_error);
+    }
+
+  return success && status == G_TLS_CONNECTION_BASE_OK;
+}
+
+static gboolean
+g_tls_connection_base_close (GIOStream     *stream,
+                             GCancellable  *cancellable,
+                             GError       **error)
+{
+  return g_tls_connection_base_close_internal (stream,
+                                               G_TLS_DIRECTION_BOTH,
+                                               cancellable, error);
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask        *task,
+             gpointer      object,
+             gpointer      task_data,
+             GCancellable *cancellable)
+{
+  GIOStream *stream = object;
+  GError *error = NULL;
+
+  if (!g_tls_connection_base_close (stream, cancellable, &error))
+    g_task_return_error (task, error);
+  else
+    g_task_return_boolean (task, TRUE);
+}
+
+static void
+g_tls_connection_base_close_async (GIOStream           *stream,
+                                  int                  io_priority,
+                                  GCancellable        *cancellable,
+                                  GAsyncReadyCallback  callback,
+                                  gpointer             user_data)
+{
+  GTask *task;
+
+  task = g_task_new (stream, cancellable, callback, user_data);
+  g_task_set_source_tag (task, g_tls_connection_base_close_async);
+  g_task_set_priority (task, io_priority);
+  g_task_run_in_thread (task, close_thread);
+  g_object_unref (task);
+}
+
+static gboolean
+g_tls_connection_base_close_finish (GIOStream           *stream,
+                                   GAsyncResult        *result,
+                                   GError             **error)
+{
+  g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+
+  return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_connection_base_class_init (GTlsConnectionBaseClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsConnectionClass *connection_class = G_TLS_CONNECTION_CLASS (klass);
+  GIOStreamClass *iostream_class = G_IO_STREAM_CLASS (klass);
+
+  gobject_class->get_property = g_tls_connection_base_get_property;
+  gobject_class->set_property = g_tls_connection_base_set_property;
+  gobject_class->finalize     = g_tls_connection_base_finalize;
+
+  connection_class->handshake        = g_tls_connection_base_handshake;
+  connection_class->handshake_async  = g_tls_connection_base_handshake_async;
+  connection_class->handshake_finish = g_tls_connection_base_handshake_finish;
+
+  iostream_class->get_input_stream  = g_tls_connection_base_get_input_stream;
+  iostream_class->get_output_stream = g_tls_connection_base_get_output_stream;
+  iostream_class->close_fn          = g_tls_connection_base_close;
+  iostream_class->close_async       = g_tls_connection_base_close_async;
+  iostream_class->close_finish      = g_tls_connection_base_close_finish;
+
+  klass->push_io = g_tls_connection_base_real_push_io;
+  klass->pop_io = g_tls_connection_base_real_pop_io;
+
+  g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
+  g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
+  g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
+  g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
+  g_object_class_override_property (gobject_class, PROP_DATABASE, "database");
+  g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
+  g_object_class_override_property (gobject_class, PROP_INTERACTION, "interaction");
+  g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE, "peer-certificate");
+  g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
+}

diff --git a/tls/base/gtlsconnection-base.h b/tls/base/gtlsconnection-base.h
new file mode 100644 (file)
index 0000000..0809644
--- /dev/null
+++ b/tls/base/gtlsconnection-base.h
@@ -0,0 +1,215 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2009-2011 Red Hat, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_CONNECTION_BASE_H__
+#define __G_TLS_CONNECTION_BASE_H__
+
+#include <gio/gio.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CONNECTION_BASE            (g_tls_connection_base_get_type ())
+#define G_TLS_CONNECTION_BASE(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBase))
+#define G_TLS_CONNECTION_BASE_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBaseClass))
+#define G_IS_TLS_CONNECTION_BASE(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CONNECTION_BASE))
+#define G_IS_TLS_CONNECTION_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CONNECTION_BASE))
+#define G_TLS_CONNECTION_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBaseClass))
+
+typedef struct _GTlsConnectionBasePrivate                   GTlsConnectionBasePrivate;
+typedef struct _GTlsConnectionBaseClass                     GTlsConnectionBaseClass;
+typedef struct _GTlsConnectionBase                          GTlsConnectionBase;
+
+typedef enum {
+  G_TLS_CONNECTION_BASE_OK,
+  G_TLS_CONNECTION_BASE_WOULD_BLOCK,
+  G_TLS_CONNECTION_BASE_TIMED_OUT,
+  G_TLS_CONNECTION_BASE_REHANDSHAKE,
+  G_TLS_CONNECTION_BASE_TRY_AGAIN,
+  G_TLS_CONNECTION_BASE_ERROR,
+} GTlsConnectionBaseStatus;
+
+struct _GTlsConnectionBaseClass
+{
+  GTlsConnectionClass parent_class;
+
+  GTlsConnectionBaseStatus (*request_rehandshake)  (GTlsConnectionBase  *tls,
+                                                   GCancellable        *cancellable,
+                                                   GError             **error);
+  GTlsConnectionBaseStatus (*handshake)            (GTlsConnectionBase  *tls,
+                                                   GCancellable        *cancellable,
+                                                   GError             **error);
+  GTlsConnectionBaseStatus (*complete_handshake)   (GTlsConnectionBase  *tls,
+                                                   GError             **error);
+
+  void                     (*push_io)              (GTlsConnectionBase  *tls,
+                                                    GIOCondition         direction,
+                                                    gboolean             blocking,
+                                                    GCancellable        *cancellable);
+  GTlsConnectionBaseStatus (*pop_io)               (GTlsConnectionBase  *tls,
+                                                    GIOCondition         direction,
+                                                    gboolean             success,
+                                                    GError             **error);
+
+  GTlsConnectionBaseStatus (*read_fn)              (GTlsConnectionBase  *tls,
+                                                   void                *buffer,
+                                                   gsize                count,
+                                                   gboolean             blocking,
+                                                   gssize              *nread,
+                                                   GCancellable        *cancellable,
+                                                   GError             **error);
+  GTlsConnectionBaseStatus (*write_fn)             (GTlsConnectionBase  *tls,
+                                                   const void          *buffer,
+                                                   gsize                count,
+                                                   gboolean             blocking,
+                                                   gssize              *nwrote,
+                                                   GCancellable        *cancellable,
+                                                   GError             **error);
+
+  GTlsConnectionBaseStatus (*close_fn)             (GTlsConnectionBase  *tls,
+                                                   GCancellable        *cancellable,
+                                                   GError             **error);
+};
+
+struct _GTlsConnectionBase
+{
+  GTlsConnection         parent_instance;
+
+  GIOStream             *base_io_stream;
+  GPollableInputStream  *base_istream;
+  GPollableOutputStream *base_ostream;
+
+  GTlsDatabase          *database;
+  GTlsInteraction       *interaction;
+
+  GTlsCertificate       *certificate;
+  gboolean               certificate_requested;
+  GError                *certificate_error;
+  GTlsCertificate       *peer_certificate;
+  GTlsCertificateFlags   peer_certificate_errors;
+
+  gboolean               require_close_notify;
+  GTlsRehandshakeMode    rehandshake_mode;
+
+  /* need_handshake means the next claim_op() will get diverted into
+   * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
+   * need_finish_handshake means the next claim_op() will get diverted
+   * into finish_handshake() (unless it's an OP_CLOSE*).
+   *
+   * handshaking is TRUE as soon as a handshake thread is queued. For
+   * a sync handshake it becomes FALSE after finish_handshake()
+   * completes in the calling thread, but for an async implicit
+   * handshake, it becomes FALSE (and need_finish_handshake becomes
+   * TRUE) at the end of the handshaking thread (and then the next
+   * non-close op will call finish_handshake()). We can't just wait
+   * for handshake_thread_completed() to run, because it's possible
+   * that its main loop is being blocked by a synchronous op which is
+   * waiting for handshaking to become FALSE...
+   *
+   * started_handshake indicates that the current handshake attempt
+   * got at least as far as sending the first handshake packet (and so
+   * any error should be copied to handshake_error and returned on all
+   * future operations). ever_handshaked indicates that TLS has been
+   * successfully negotiated at some point.
+   */
+  gboolean       need_handshake;
+  gboolean       need_finish_handshake;
+  gboolean       started_handshake;
+  gboolean       handshaking;
+  gboolean       ever_handshaked;
+  GTask         *implicit_handshake;
+  GError        *handshake_error;
+  GByteArray    *app_data_buf;
+
+  /* read_closed means the read direction has closed; write_closed similarly.
+   * If (and only if) both are set, the entire GTlsConnection is closed. */
+  gboolean       read_closing, read_closed;
+  gboolean       write_closing, write_closed;
+
+  gboolean       reading;
+  gboolean       read_blocking;
+  GError        *read_error;
+  GCancellable  *read_cancellable;
+
+  gboolean       writing;
+  gboolean       write_blocking;
+  GError        *write_error;
+  GCancellable  *write_cancellable;
+
+  /*< private >*/
+  gboolean       is_system_certdb;
+  gboolean       database_is_unset;
+
+  GInputStream  *tls_istream;
+  GOutputStream *tls_ostream;
+
+  GMutex         op_mutex;
+  GCancellable  *waiting_for_op;
+};
+
+GType g_tls_connection_base_get_type (void) G_GNUC_CONST;
+
+gboolean g_tls_connection_base_accept_peer_certificate (GTlsConnectionBase   *tls,
+                                                        GTlsCertificate      *peer_certificate,
+                                                        GTlsCertificateFlags  peer_certificate_errors);
+
+void g_tls_connection_base_set_peer_certificate (GTlsConnectionBase   *tls,
+                                                GTlsCertificate      *peer_certificate,
+                                                GTlsCertificateFlags  peer_certificate_errors);
+
+void     g_tls_connection_base_push_io       (GTlsConnectionBase *tls,
+                                             GIOCondition        direction,
+                                             gboolean            blocking,
+                                             GCancellable       *cancellable);
+GTlsConnectionBaseStatus
+         g_tls_connection_base_pop_io        (GTlsConnectionBase  *tls,
+                                             GIOCondition         direction,
+                                             gboolean             success,
+                                             GError             **error);
+
+gssize   g_tls_connection_base_read          (GTlsConnectionBase  *tls,
+                                             void                *buffer,
+                                             gsize                size,
+                                             gboolean             blocking,
+                                             GCancellable        *cancellable,
+                                             GError             **error);
+gssize   g_tls_connection_base_write         (GTlsConnectionBase  *tls,
+                                             const void          *buffer,
+                                             gsize                size,
+                                             gboolean             blocking,
+                                             GCancellable        *cancellable,
+                                             GError             **error);
+
+gboolean g_tls_connection_base_check         (GTlsConnectionBase  *tls,
+                                             GIOCondition         condition);
+GSource *g_tls_connection_base_create_source (GTlsConnectionBase  *tls,
+                                             GIOCondition         condition,
+                                             GCancellable        *cancellable);
+
+typedef enum {
+       G_TLS_DIRECTION_NONE = 0,
+       G_TLS_DIRECTION_READ = 1 << 0,
+       G_TLS_DIRECTION_WRITE = 1 << 1,
+} GTlsDirection;
+
+#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
+
+gboolean g_tls_connection_base_close_internal (GIOStream     *stream,
+                                               GTlsDirection  direction,
+                                               GCancellable  *cancellable,
+                                               GError       **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_CONNECTION_BASE_H___ */

diff --git a/tls/base/gtlsinputstream-base.c b/tls/base/gtlsinputstream-base.c
new file mode 100644 (file)
index 0000000..6f257de
--- /dev/null
+++ b/tls/base/gtlsinputstream-base.c
@@ -0,0 +1,256 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "gtlsinputstream-base.h"
+
+#include <glib/gi18n.h>
+
+static void g_tls_input_stream_base_pollable_iface_init (GPollableInputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamBase, g_tls_input_stream_base, G_TYPE_INPUT_STREAM,
+                        G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_base_pollable_iface_init)
+                        )
+
+struct _GTlsInputStreamBasePrivate
+{
+  GWeakRef weak_conn;
+};
+
+static void
+g_tls_input_stream_base_dispose (GObject *object)
+{
+  GTlsInputStreamBase *stream = G_TLS_INPUT_STREAM_BASE (object);
+
+  g_weak_ref_set (&stream->priv->weak_conn, NULL);
+
+  G_OBJECT_CLASS (g_tls_input_stream_base_parent_class)->dispose (object);
+}
+
+static void
+g_tls_input_stream_base_finalize (GObject *object)
+{
+  GTlsInputStreamBase *stream = G_TLS_INPUT_STREAM_BASE (object);
+
+  g_weak_ref_clear (&stream->priv->weak_conn);
+
+  G_OBJECT_CLASS (g_tls_input_stream_base_parent_class)->finalize (object);
+}
+
+static gssize
+g_tls_input_stream_base_read (GInputStream  *stream,
+                             void          *buffer,
+                             gsize          count,
+                             GCancellable  *cancellable,
+                             GError       **error)
+{
+  GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (stream);
+  GTlsConnectionBase *conn;
+  gssize ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  if (conn == NULL)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                           _("Connection is closed"));
+      return -1;
+    }
+
+  ret = g_tls_connection_base_read (conn,
+                                    buffer, count, TRUE,
+                                    cancellable, error);
+  g_object_unref (conn);
+  return ret;
+}
+
+static gboolean
+g_tls_input_stream_base_pollable_is_readable (GPollableInputStream *pollable)
+{
+  GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
+  GTlsConnectionBase *conn;
+  gboolean ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  g_return_val_if_fail (conn != NULL, FALSE);
+
+  ret = g_tls_connection_base_check (conn, G_IO_IN);
+
+  g_object_unref (conn);
+  return ret;
+}
+
+static GSource *
+g_tls_input_stream_base_pollable_create_source (GPollableInputStream *pollable,
+                                               GCancellable         *cancellable)
+{
+  GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
+  GTlsConnectionBase *conn;
+  GSource *ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  g_return_val_if_fail (conn != NULL, NULL);
+
+  ret = g_tls_connection_base_create_source (conn, G_IO_IN, cancellable);
+  g_object_unref (conn);
+  return ret;
+}
+
+static gssize
+g_tls_input_stream_base_pollable_read_nonblocking (GPollableInputStream  *pollable,
+                                                  void                  *buffer,
+                                                  gsize                  size,
+                                                  GError               **error)
+{
+  GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
+  GTlsConnectionBase *conn;
+  gssize ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  g_return_val_if_fail (conn != NULL, -1);
+
+  ret = g_tls_connection_base_read (conn, buffer, size, FALSE, NULL, error);
+
+  g_object_unref (conn);
+  return ret;
+}
+
+static gboolean
+g_tls_input_stream_base_close (GInputStream            *stream,
+                               GCancellable             *cancellable,
+                               GError                  **error)
+{
+  GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (stream);
+  GIOStream *conn;
+  gboolean ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+  /* Special case here because this is called by the finalize
+   * of the main GTlsConnection object.
+   */
+  if (conn == NULL)
+    return TRUE;
+
+  ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_READ,
+                                              cancellable, error);
+
+  g_object_unref (conn);
+  return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask        *task,
+              gpointer      object,
+              gpointer      task_data,
+              GCancellable *cancellable)
+{
+  GTlsInputStreamBase *tls_stream = object;
+  GError *error = NULL;
+  GIOStream *conn;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+  if (conn && !g_tls_connection_base_close_internal (conn,
+                                                     G_TLS_DIRECTION_READ,
+                                                     cancellable, &error))
+    g_task_return_error (task, error);
+  else
+    g_task_return_boolean (task, TRUE);
+
+  if (conn)
+    g_object_unref (conn);
+}
+
+
+static void
+g_tls_input_stream_base_close_async (GInputStream            *stream,
+                                     int                       io_priority,
+                                     GCancellable             *cancellable,
+                                     GAsyncReadyCallback       callback,
+                                     gpointer                  user_data)
+{
+  GTask *task;
+
+  task = g_task_new (stream, cancellable, callback, user_data);
+  g_task_set_source_tag (task, g_tls_input_stream_base_close_async);
+  g_task_set_priority (task, io_priority);
+  g_task_run_in_thread (task, close_thread);
+  g_object_unref (task);
+}
+
+static gboolean
+g_tls_input_stream_base_close_finish (GInputStream            *stream,
+                                      GAsyncResult             *result,
+                                      GError                  **error)
+{
+  g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+  g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
+                        g_tls_input_stream_base_close_async, FALSE);
+
+  return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_input_stream_base_class_init (GTlsInputStreamBaseClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
+
+  g_type_class_add_private (klass, sizeof (GTlsInputStreamBasePrivate));
+
+  gobject_class->dispose = g_tls_input_stream_base_dispose;
+  gobject_class->finalize = g_tls_input_stream_base_finalize;
+
+  input_stream_class->read_fn = g_tls_input_stream_base_read;
+  input_stream_class->close_fn = g_tls_input_stream_base_close;
+  input_stream_class->close_async = g_tls_input_stream_base_close_async;
+  input_stream_class->close_finish = g_tls_input_stream_base_close_finish;
+}
+
+static void
+g_tls_input_stream_base_pollable_iface_init (GPollableInputStreamInterface *iface)
+{
+  iface->is_readable = g_tls_input_stream_base_pollable_is_readable;
+  iface->create_source = g_tls_input_stream_base_pollable_create_source;
+  iface->read_nonblocking = g_tls_input_stream_base_pollable_read_nonblocking;
+}
+
+static void
+g_tls_input_stream_base_init (GTlsInputStreamBase *stream)
+{
+  stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBasePrivate);
+}
+
+GInputStream *
+g_tls_input_stream_base_new (GTlsConnectionBase *conn)
+{
+  GTlsInputStreamBase *tls_stream;
+
+  tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_BASE, NULL);
+  g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+
+  return G_INPUT_STREAM (tls_stream);
+}

diff --git a/tls/base/gtlsinputstream-base.h b/tls/base/gtlsinputstream-base.h
new file mode 100644 (file)
index 0000000..5f0694e
--- /dev/null
+++ b/tls/base/gtlsinputstream-base.h
@@ -0,0 +1,51 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_INPUT_STREAM_BASE_H__
+#define __G_TLS_INPUT_STREAM_BASE_H__
+
+#include <gio/gio.h>
+#include "gtlsconnection-base.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_INPUT_STREAM_BASE            (g_tls_input_stream_base_get_type ())
+#define G_TLS_INPUT_STREAM_BASE(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBase))
+#define G_TLS_INPUT_STREAM_BASE_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBaseClass))
+#define G_IS_TLS_INPUT_STREAM_BASE(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_INPUT_STREAM_BASE))
+#define G_IS_TLS_INPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_INPUT_STREAM_BASE))
+#define G_TLS_INPUT_STREAM_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBaseClass))
+
+typedef struct _GTlsInputStreamBasePrivate GTlsInputStreamBasePrivate;
+typedef struct _GTlsInputStreamBaseClass   GTlsInputStreamBaseClass;
+typedef struct _GTlsInputStreamBase        GTlsInputStreamBase;
+
+struct _GTlsInputStreamBaseClass
+{
+  GInputStreamClass parent_class;
+};
+
+struct _GTlsInputStreamBase
+{
+  GInputStream parent_instance;
+  GTlsInputStreamBasePrivate *priv;
+};
+
+GType         g_tls_input_stream_base_get_type (void) G_GNUC_CONST;
+GInputStream *g_tls_input_stream_base_new      (GTlsConnectionBase *conn);
+
+G_END_DECLS
+
+#endif /* __G_TLS_INPUT_STREAM_BASE_H___ */

diff --git a/tls/base/gtlsoutputstream-base.c b/tls/base/gtlsoutputstream-base.c
new file mode 100644 (file)
index 0000000..8400efd
--- /dev/null
+++ b/tls/base/gtlsoutputstream-base.c
@@ -0,0 +1,258 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "gtlsoutputstream-base.h"
+
+#include <glib/gi18n.h>
+
+static void g_tls_output_stream_base_pollable_iface_init (GPollableOutputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamBase, g_tls_output_stream_base, G_TYPE_OUTPUT_STREAM,
+                        G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_base_pollable_iface_init)
+                        )
+
+struct _GTlsOutputStreamBasePrivate
+{
+  GWeakRef weak_conn;
+};
+
+static void
+g_tls_output_stream_base_dispose (GObject *object)
+{
+  GTlsOutputStreamBase *stream = G_TLS_OUTPUT_STREAM_BASE (object);
+
+  g_weak_ref_set (&stream->priv->weak_conn, NULL);
+
+  G_OBJECT_CLASS (g_tls_output_stream_base_parent_class)->dispose (object);
+}
+
+static void
+g_tls_output_stream_base_finalize (GObject *object)
+{
+  GTlsOutputStreamBase *stream = G_TLS_OUTPUT_STREAM_BASE (object);
+
+  g_weak_ref_clear (&stream->priv->weak_conn);
+
+  G_OBJECT_CLASS (g_tls_output_stream_base_parent_class)->finalize (object);
+}
+
+static gssize
+g_tls_output_stream_base_write (GOutputStream  *stream,
+                               const void     *buffer,
+                               gsize           count,
+                               GCancellable   *cancellable,
+                               GError        **error)
+{
+  GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (stream);
+  GTlsConnectionBase *conn;
+  gssize ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  if (conn == NULL)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                           _("Connection is closed"));
+      return -1;
+    }
+
+  ret = g_tls_connection_base_write (conn, buffer, count, TRUE,
+                                     cancellable, error);
+  g_object_unref (conn);
+  return ret;
+}
+
+static gboolean
+g_tls_output_stream_base_pollable_is_writable (GPollableOutputStream *pollable)
+{
+  GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
+  GTlsConnectionBase *conn;
+  gboolean ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  g_return_val_if_fail (conn != NULL, FALSE);
+
+  ret = g_tls_connection_base_check (conn, G_IO_OUT);
+
+  g_object_unref (conn);
+
+  return ret;
+}
+
+static GSource *
+g_tls_output_stream_base_pollable_create_source (GPollableOutputStream *pollable,
+                                                GCancellable         *cancellable)
+{
+  GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
+  GTlsConnectionBase *conn;
+  GSource *ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  g_return_val_if_fail (conn != NULL, NULL);
+
+  ret = g_tls_connection_base_create_source (conn,
+                                             G_IO_OUT,
+                                             cancellable);
+  g_object_unref (conn);
+  return ret;
+}
+
+static gssize
+g_tls_output_stream_base_pollable_write_nonblocking (GPollableOutputStream  *pollable,
+                                                    const void             *buffer,
+                                                    gsize                   size,
+                                                    GError                **error)
+{
+  GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
+  GTlsConnectionBase *conn;
+  gssize ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  g_return_val_if_fail (conn != NULL, -1);
+
+  ret = g_tls_connection_base_write (conn, buffer, size, FALSE, NULL, error);
+
+  g_object_unref (conn);
+  return ret;
+}
+
+static gboolean
+g_tls_output_stream_base_close (GOutputStream            *stream,
+                                  GCancellable             *cancellable,
+                                  GError                  **error)
+{
+  GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (stream);
+  GIOStream *conn;
+  gboolean ret;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+  /* Special case here because this is called by the finalize
+   * of the main GTlsConnection object.
+   */
+  if (conn == NULL)
+    return TRUE;
+
+  ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_WRITE,
+                                              cancellable, error);
+
+  g_object_unref (conn);
+  return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask        *task,
+             gpointer      object,
+             gpointer      task_data,
+             GCancellable *cancellable)
+{
+  GTlsOutputStreamBase *tls_stream = object;
+  GError *error = NULL;
+  GIOStream *conn;
+
+  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+  if (conn && !g_tls_connection_base_close_internal (conn,
+                                                     G_TLS_DIRECTION_WRITE,
+                                                     cancellable, &error))
+    g_task_return_error (task, error);
+  else
+    g_task_return_boolean (task, TRUE);
+
+  if (conn)
+    g_object_unref (conn);
+}
+
+
+static void
+g_tls_output_stream_base_close_async (GOutputStream            *stream,
+                                      int                       io_priority,
+                                      GCancellable             *cancellable,
+                                      GAsyncReadyCallback       callback,
+                                      gpointer                  user_data)
+{
+  GTask *task;
+
+  task = g_task_new (stream, cancellable, callback, user_data);
+  g_task_set_source_tag (task, g_tls_output_stream_base_close_async);
+  g_task_set_priority (task, io_priority);
+  g_task_run_in_thread (task, close_thread);
+  g_object_unref (task);
+}
+
+static gboolean
+g_tls_output_stream_base_close_finish (GOutputStream            *stream,
+                                         GAsyncResult             *result,
+                                         GError                  **error)
+{
+  g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+  g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
+                        g_tls_output_stream_base_close_async, FALSE);
+
+  return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_output_stream_base_class_init (GTlsOutputStreamBaseClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
+
+  g_type_class_add_private (klass, sizeof (GTlsOutputStreamBasePrivate));
+
+  gobject_class->dispose = g_tls_output_stream_base_dispose;
+  gobject_class->finalize = g_tls_output_stream_base_finalize;
+
+  output_stream_class->write_fn = g_tls_output_stream_base_write;
+  output_stream_class->close_fn = g_tls_output_stream_base_close;
+  output_stream_class->close_async = g_tls_output_stream_base_close_async;
+  output_stream_class->close_finish = g_tls_output_stream_base_close_finish;
+}
+
+static void
+g_tls_output_stream_base_pollable_iface_init (GPollableOutputStreamInterface *iface)
+{
+  iface->is_writable = g_tls_output_stream_base_pollable_is_writable;
+  iface->create_source = g_tls_output_stream_base_pollable_create_source;
+  iface->write_nonblocking = g_tls_output_stream_base_pollable_write_nonblocking;
+}
+
+static void
+g_tls_output_stream_base_init (GTlsOutputStreamBase *stream)
+{
+  stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBasePrivate);
+}
+
+GOutputStream *
+g_tls_output_stream_base_new (GTlsConnectionBase *conn)
+{
+  GTlsOutputStreamBase *tls_stream;
+
+  tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_BASE, NULL);
+  g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+
+  return G_OUTPUT_STREAM (tls_stream);
+}

diff --git a/tls/base/gtlsoutputstream-base.h b/tls/base/gtlsoutputstream-base.h
new file mode 100644 (file)
index 0000000..b0a25e1
--- /dev/null
+++ b/tls/base/gtlsoutputstream-base.h
@@ -0,0 +1,51 @@
+/* GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; either version 2 of the licence or (at
+ * your option) any later version.
+ *
+ * See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_OUTPUT_STREAM_BASE_H__
+#define __G_TLS_OUTPUT_STREAM_BASE_H__
+
+#include <gio/gio.h>
+#include "gtlsconnection-base.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_OUTPUT_STREAM_BASE            (g_tls_output_stream_base_get_type ())
+#define G_TLS_OUTPUT_STREAM_BASE(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBase))
+#define G_TLS_OUTPUT_STREAM_BASE_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBaseClass))
+#define G_IS_TLS_OUTPUT_STREAM_BASE(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_OUTPUT_STREAM_BASE))
+#define G_IS_TLS_OUTPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_OUTPUT_STREAM_BASE))
+#define G_TLS_OUTPUT_STREAM_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBaseClass))
+
+typedef struct _GTlsOutputStreamBasePrivate GTlsOutputStreamBasePrivate;
+typedef struct _GTlsOutputStreamBaseClass   GTlsOutputStreamBaseClass;
+typedef struct _GTlsOutputStreamBase        GTlsOutputStreamBase;
+
+struct _GTlsOutputStreamBaseClass
+{
+  GOutputStreamClass parent_class;
+};
+
+struct _GTlsOutputStreamBase
+{
+  GOutputStream parent_instance;
+  GTlsOutputStreamBasePrivate *priv;
+};
+
+GType          g_tls_output_stream_base_get_type (void) G_GNUC_CONST;
+GOutputStream *g_tls_output_stream_base_new      (GTlsConnectionBase *conn);
+
+G_END_DECLS
+
+#endif /* __G_TLS_OUTPUT_STREAM_BASE_H___ */

diff --git a/tls/base/meson.build b/tls/base/meson.build
new file mode 100644 (file)
index 0000000..69d907a
--- /dev/null
+++ b/tls/base/meson.build
@@ -0,0 +1,20 @@
+tlsbase_headers = files(
+  'gtlsconnection-base.h',
+  'gtlsinputstream-base.h',
+  'gtlsoutputstream-base.h',
+)
+
+tlsbase_sources = files(
+  'gtlsconnection-base.c',
+  'gtlsinputstream-base.c',
+  'gtlsoutputstream-base.c',
+)
+
+tlsbase = static_library('tlsbase',
+                         tlsbase_sources + tlsbase_headers,
+                         dependencies: gio_dep,
+                         include_directories: top_inc)
+
+tlsbase_dep = declare_dependency(link_with: tlsbase,
+                                 include_directories: include_directories('.'),
+                                 dependencies: gio_dep)

diff --git a/tls/gnutls/Makefile.am b/tls/gnutls/Makefile.am
deleted file mode 100644 (file)
index 2fb482f..0000000
--- a/tls/gnutls/Makefile.am
+++ /dev/null
@@ -1,60 +0,0 @@
-include $(top_srcdir)/glib-networking.mk
-
-giomodule_LTLIBRARIES = libgiognutls.la
-
-if HAVE_PKCS11
-P11_SRCS = \
-       gtlsbackend-gnutls-pkcs11.c     \
-       gtlsbackend-gnutls-pkcs11.h     \
-       gtlscertificate-gnutls-pkcs11.c \
-       gtlscertificate-gnutls-pkcs11.h \
-       gtlsdatabase-gnutls-pkcs11.c    \
-       gtlsdatabase-gnutls-pkcs11.h    \
-       $(NULL)
-P11_LIBADD =                           \
-       $(top_builddir)/tls/pkcs11/libgiopkcs11.la \
-       $(PKCS11_LIBS)                  \
-       $(NULL)
-P11_CFLAGS =                           \
-       -I$(top_srcdir)/tls/            \
-       $(PKCS11_CFLAGS)
-else
-P11_SRCS =
-P11_LIBADD =
-P11_CFLAGS =
-endif
-
-libgiognutls_la_SOURCES =              \
-       gnutls-module.c                 \
-       gtlsbackend-gnutls.c            \
-       gtlsbackend-gnutls.h            \
-       gtlscertificate-gnutls.c        \
-       gtlscertificate-gnutls.h        \
-       gtlsclientconnection-gnutls.c   \
-       gtlsclientconnection-gnutls.h   \
-       gtlsconnection-gnutls.c         \
-       gtlsconnection-gnutls.h         \
-       gtlsdatabase-gnutls.c           \
-       gtlsdatabase-gnutls.h           \
-       gtlsfiledatabase-gnutls.c       \
-       gtlsfiledatabase-gnutls.h       \
-       gtlsinputstream-gnutls.c        \
-       gtlsinputstream-gnutls.h        \
-       gtlsoutputstream-gnutls.c       \
-       gtlsoutputstream-gnutls.h       \
-       gtlsserverconnection-gnutls.c   \
-       gtlsserverconnection-gnutls.h   \
-       $(P11_SRCS)                     \
-       $(NULL)
-
-AM_CPPFLAGS +=                         \
-       $(P11_CFLAGS)                   \
-       $(GNUTLS_CFLAGS)                \
-       $(NULL)
-
-libgiognutls_la_LDFLAGS = $(module_flags)
-libgiognutls_la_LIBADD =               \
-       $(P11_LIBADD)                   \
-       $(GLIB_LIBS)                    \
-       $(GNUTLS_LIBS)                  \
-       $(NULL)

diff --git a/tls/gnutls/gnutls-module.c b/tls/gnutls/gnutls-module.c
index 6a56a9a..8dd09ca 100644 (file)
--- a/tls/gnutls/gnutls-module.c
+++ b/tls/gnutls/gnutls-module.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,11 +28,10 @@
 #include <glib/gi18n-lib.h>
 
 #include "gtlsbackend-gnutls.h"
-#include "gtlsbackend-gnutls-pkcs11.h"
 
 
-void
-g_io_module_load (GIOModule *module)
+G_MODULE_EXPORT void
+g_io_gnutls_load (GIOModule *module)
 {
   gchar *locale_dir;
 #ifdef G_OS_WIN32
@@ -38,9 +39,6 @@ g_io_module_load (GIOModule *module)
 #endif
 
   g_tls_backend_gnutls_register (module);
-#ifdef HAVE_PKCS11
-  g_tls_backend_gnutls_pkcs11_register (module);
-#endif
 
 #ifdef G_OS_WIN32
   base_dir = g_win32_get_package_installation_directory_of_module (NULL);
@@ -55,13 +53,13 @@ g_io_module_load (GIOModule *module)
   g_free (locale_dir);
 }
 
-void
-g_io_module_unload (GIOModule *module)
+G_MODULE_EXPORT void
+g_io_gnutls_unload (GIOModule *module)
 {
 }
 
-gchar **
-g_io_module_query (void)
+G_MODULE_EXPORT gchar **
+g_io_gnutls_query (void)
 {
   gchar *eps[] = {
     G_TLS_BACKEND_EXTENSION_POINT_NAME,

diff --git a/tls/gnutls/gtlsbackend-gnutls-pkcs11.c b/tls/gnutls/gtlsbackend-gnutls-pkcs11.c
deleted file mode 100644 (file)
index 680ab08..0000000
--- a/tls/gnutls/gtlsbackend-gnutls-pkcs11.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright © 2011 Collabora, Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stef@collabora.co.uk>
- */
-
-#include "config.h"
-#include "glib.h"
-
-#include "gtlsbackend-gnutls-pkcs11.h"
-#include "gtlsdatabase-gnutls-pkcs11.h"
-
-G_DEFINE_DYNAMIC_TYPE (GTlsBackendGnutlsPkcs11, g_tls_backend_gnutls_pkcs11, G_TYPE_TLS_BACKEND_GNUTLS);
-
-static void
-g_tls_backend_gnutls_pkcs11_init (GTlsBackendGnutlsPkcs11 *backend)
-{
-
-}
-
-static GTlsDatabase*
-g_tls_backend_gnutls_pkcs11_create_database (GTlsBackendGnutls  *backend,
-                                             GError            **error)
-{
-  return g_tls_database_gnutls_pkcs11_new (error);
-}
-
-static void
-g_tls_backend_gnutls_pkcs11_class_init (GTlsBackendGnutlsPkcs11Class *backend_class)
-{
-  GTlsBackendGnutlsClass *gnutls_class = G_TLS_BACKEND_GNUTLS_CLASS (backend_class);
-  gnutls_class->create_database = g_tls_backend_gnutls_pkcs11_create_database;
-}
-
-static void
-g_tls_backend_gnutls_pkcs11_class_finalize (GTlsBackendGnutlsPkcs11Class *backend_class)
-{
-
-}
-
-void
-g_tls_backend_gnutls_pkcs11_register (GIOModule *module)
-{
-  g_tls_backend_gnutls_pkcs11_register_type (G_TYPE_MODULE (module));
-  g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
-                                 g_tls_backend_gnutls_pkcs11_get_type(),
-                                 "gnutls-pkcs11",
-                                 -5);
-}

diff --git a/tls/gnutls/gtlsbackend-gnutls-pkcs11.h b/tls/gnutls/gtlsbackend-gnutls-pkcs11.h
deleted file mode 100644 (file)
index f26d6ce..0000000
--- a/tls/gnutls/gtlsbackend-gnutls-pkcs11.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* GIO - GLib Backend, Output and Gnutlsing Library
- *
- * Copyright © 2011 Collabora, Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stef@collabora.co.uk>
- */
-
-#ifndef __G_TLS_BACKEND_GNUTLS_PKCS11_H__
-#define __G_TLS_BACKEND_GNUTLS_PKCS11_H__
-
-#include <gio/gio.h>
-#include <gnutls/gnutls.h>
-
-#include "gtlsbackend-gnutls.h"
-
-G_BEGIN_DECLS
-
-#define G_TYPE_TLS_BACKEND_GNUTLS_PKCS11            (g_tls_backend_gnutls_pkcs11get_type ())
-#define G_TLS_BACKEND_GNUTLS_PKCS11(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutlsPkcs11))
-#define G_TLS_BACKEND_GNUTLS_PKCS11_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutlsPkcs11Class))
-#define G_IS_TLS_BACKEND_GNUTLS_PKCS11(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_BACKEND_GNUTLS_PKCS11))
-#define G_IS_TLS_BACKEND_GNUTLS_PKCS11_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_BACKEND_GNUTLS_PKCS11))
-#define G_TLS_BACKEND_GNUTLS_PKCS11_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutlsPkcs11Class))
-
-typedef struct _GTlsBackendGnutlsPkcs11        GTlsBackendGnutlsPkcs11;
-typedef struct _GTlsBackendGnutlsPkcs11Class   GTlsBackendGnutlsPkcs11Class;
-
-struct _GTlsBackendGnutlsPkcs11Class
-{
-  GTlsBackendGnutlsClass parent_class;
-};
-
-struct _GTlsBackendGnutlsPkcs11
-{
-  GTlsBackendGnutls parent_instance;
-};
-
-GType        g_tls_backend_gnutls_pkcs11_get_type           (void) G_GNUC_CONST;
-
-void         g_tls_backend_gnutls_pkcs11_register           (GIOModule *module);
-
-G_END_DECLS
-
-#endif /* __G_TLS_BACKEND_GNUTLS_H___ */

diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
index 332ca05..c955327 100644 (file)
--- a/tls/gnutls/gtlsbackend-gnutls.c
+++ b/tls/gnutls/gtlsbackend-gnutls.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -34,8 +36,10 @@
 #include "gtlsfiledatabase-gnutls.h"
 #include "gtlsserverconnection-gnutls.h"
 
-struct _GTlsBackendGnutlsPrivate
+struct _GTlsBackendGnutls
 {
+  GObject parent_instance;
+
   GMutex mutex;
   GTlsDatabase *default_database;
 };
@@ -43,8 +47,8 @@ struct _GTlsBackendGnutlsPrivate
 static void g_tls_backend_gnutls_interface_init (GTlsBackendInterface *iface);
 
 G_DEFINE_DYNAMIC_TYPE_EXTENDED (GTlsBackendGnutls, g_tls_backend_gnutls, G_TYPE_OBJECT, 0,
-                               G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND,
-                                                              g_tls_backend_gnutls_interface_init);)
+                                G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND,
+                                                               g_tls_backend_gnutls_interface_init);)
 
 #ifdef GTLS_GNUTLS_DEBUG
 static void
@@ -57,6 +61,8 @@ gtls_log_func (int level, const char *msg)
 static gpointer
 gtls_gnutls_init (gpointer data)
 {
+  GTypePlugin *plugin;
+
   gnutls_global_init ();
 
 #ifdef GTLS_GNUTLS_DEBUG
@@ -65,10 +71,14 @@ gtls_gnutls_init (gpointer data)
 #endif
 
   /* Leak the module to keep it from being unloaded. */
-  g_type_plugin_use (g_type_get_plugin (G_TYPE_TLS_BACKEND_GNUTLS));
+  plugin = g_type_get_plugin (G_TYPE_TLS_BACKEND_GNUTLS);
+  if (plugin != NULL)
+    g_type_plugin_use (plugin);
   return NULL;
 }
 
+GNUTLS_SKIP_GLOBAL_INIT
+
 static GOnce gnutls_inited = G_ONCE_INIT;
 
 static void
@@ -83,8 +93,7 @@ g_tls_backend_gnutls_init (GTlsBackendGnutls *backend)
    */
   g_once (&gnutls_inited, gtls_gnutls_init, NULL);
 
-  backend->priv = G_TYPE_INSTANCE_GET_PRIVATE (backend, G_TYPE_TLS_BACKEND_GNUTLS, GTlsBackendGnutlsPrivate);
-  g_mutex_init (&backend->priv->mutex);
+  g_mutex_init (&backend->mutex);
 }
 
 static void
@@ -92,31 +101,18 @@ g_tls_backend_gnutls_finalize (GObject *object)
 {
   GTlsBackendGnutls *backend = G_TLS_BACKEND_GNUTLS (object);
 
-  if (backend->priv->default_database)
-    g_object_unref (backend->priv->default_database);
-  g_mutex_clear (&backend->priv->mutex);
+  g_clear_object (&backend->default_database);
+  g_mutex_clear (&backend->mutex);
 
   G_OBJECT_CLASS (g_tls_backend_gnutls_parent_class)->finalize (object);
 }
 
-static GTlsDatabase*
-g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls  *self,
-                                           GError            **error)
-{
-  const gchar *anchor_file = NULL;
-#ifdef GTLS_SYSTEM_CA_FILE
-  anchor_file = GTLS_SYSTEM_CA_FILE;
-#endif
-  return g_tls_file_database_new (anchor_file, error);
-}
-
 static void
 g_tls_backend_gnutls_class_init (GTlsBackendGnutlsClass *backend_class)
 {
   GObjectClass *gobject_class = G_OBJECT_CLASS (backend_class);
+
   gobject_class->finalize = g_tls_backend_gnutls_finalize;
-  backend_class->create_database = g_tls_backend_gnutls_real_create_database;
-  g_type_class_add_private (backend_class, sizeof (GTlsBackendGnutlsPrivate));
 }
 
 static void
@@ -131,30 +127,28 @@ g_tls_backend_gnutls_get_default_database (GTlsBackend *backend)
   GTlsDatabase *result;
   GError *error = NULL;
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
 
-  if (self->priv->default_database)
+  if (self->default_database)
     {
-      result = g_object_ref (self->priv->default_database);
+      result = g_object_ref (self->default_database);
     }
   else
     {
-      g_assert (G_TLS_BACKEND_GNUTLS_GET_CLASS (self)->create_database);
-      result = G_TLS_BACKEND_GNUTLS_GET_CLASS (self)->create_database (self, &error);
+      result = G_TLS_DATABASE (g_tls_database_gnutls_new (&error));
       if (error)
         {
-          g_warning ("couldn't load TLS file database: %s",
-                     error->message);
+          g_warning ("Failed to load TLS database: %s", error->message);
           g_clear_error (&error);
         }
       else
         {
           g_assert (result);
-          self->priv->default_database = g_object_ref (result);
+          self->default_database = g_object_ref (result);
         }
     }
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&self->mutex);
 
   return result;
 }
@@ -167,6 +161,8 @@ g_tls_backend_gnutls_interface_init (GTlsBackendInterface *iface)
   iface->get_server_connection_type = g_tls_server_connection_gnutls_get_type;
   iface->get_file_database_type =     g_tls_file_database_gnutls_get_type;
   iface->get_default_database =       g_tls_backend_gnutls_get_default_database;
+  iface->get_dtls_client_connection_type = g_tls_client_connection_gnutls_get_type;
+  iface->get_dtls_server_connection_type = g_tls_server_connection_gnutls_get_type;
 }
 
 /* Session cache support; all the details are sort of arbitrary. Note
@@ -200,7 +196,7 @@ session_cache_cleanup (GHashTable *cache)
     {
       cache_data = value;
       if (cache_data->last_used < expired)
-       g_hash_table_iter_remove (&iter);
+        g_hash_table_iter_remove (&iter);
     }
 }
 
@@ -211,12 +207,12 @@ cache_data_free (gpointer data)
 
   g_bytes_unref (cache_data->session_id);
   g_bytes_unref (cache_data->session_data);
-  g_slice_free (GTlsBackendGnutlsCacheData, cache_data);
+  g_free (cache_data);
 }
 
 static GHashTable *
 get_session_cache (unsigned int            type,
-                  gboolean                create)
+                   gboolean                create)
 {
   GHashTable **cache_p;
 
@@ -224,15 +220,15 @@ get_session_cache (unsigned int            type,
   if (!*cache_p && create)
     {
       *cache_p = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
-                                       NULL, cache_data_free);
+                                        NULL, cache_data_free);
     }
   return *cache_p;
 }
 
 void
 g_tls_backend_gnutls_store_session (unsigned int             type,
-                                   GBytes                  *session_id,
-                                   GBytes                  *session_data)
+                                    GBytes                  *session_id,
+                                    GBytes                  *session_data)
 {
   GTlsBackendGnutlsCacheData *cache_data;
   GHashTable *cache;
@@ -244,17 +240,17 @@ g_tls_backend_gnutls_store_session (unsigned int             type,
   if (cache_data)
     {
       if (!g_bytes_equal (cache_data->session_data, session_data))
-       {
-         g_bytes_unref (cache_data->session_data);
-         cache_data->session_data = g_bytes_ref (session_data);
-       }
+        {
+          g_bytes_unref (cache_data->session_data);
+          cache_data->session_data = g_bytes_ref (session_data);
+        }
     }
   else
     {
       if (g_hash_table_size (cache) >= SESSION_CACHE_MAX_SIZE)
-       session_cache_cleanup (cache);
+        session_cache_cleanup (cache);
 
-      cache_data = g_slice_new (GTlsBackendGnutlsCacheData);
+      cache_data = g_new (GTlsBackendGnutlsCacheData, 1);
       cache_data->session_id = g_bytes_ref (session_id);
       cache_data->session_data = g_bytes_ref (session_data);
 
@@ -267,7 +263,7 @@ g_tls_backend_gnutls_store_session (unsigned int             type,
 
 void
 g_tls_backend_gnutls_remove_session (unsigned int             type,
-                                    GBytes                  *session_id)
+                                     GBytes                  *session_id)
 {
   GHashTable *cache;
 
@@ -282,7 +278,7 @@ g_tls_backend_gnutls_remove_session (unsigned int             type,
 
 GBytes *
 g_tls_backend_gnutls_lookup_session (unsigned int             type,
-                                    GBytes                  *session_id)
+                                     GBytes                  *session_id)
 {
   GTlsBackendGnutlsCacheData *cache_data;
   GBytes *session_data = NULL;
@@ -295,10 +291,10 @@ g_tls_backend_gnutls_lookup_session (unsigned int             type,
     {
       cache_data = g_hash_table_lookup (cache, session_id);
       if (cache_data)
-       {
-         cache_data->last_used = time (NULL);
-         session_data = g_bytes_ref (cache_data->session_data);
-       }
+        {
+          cache_data->last_used = time (NULL);
+          session_data = g_bytes_ref (cache_data->session_data);
+        }
     }
 
   G_UNLOCK (session_cache_lock);
@@ -310,8 +306,10 @@ void
 g_tls_backend_gnutls_register (GIOModule *module)
 {
   g_tls_backend_gnutls_register_type (G_TYPE_MODULE (module));
+  if (module == NULL)
+    g_io_extension_point_register (G_TLS_BACKEND_EXTENSION_POINT_NAME);
   g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
-                                 g_tls_backend_gnutls_get_type(),
-                                 "gnutls",
-                                 0);
+                                  g_tls_backend_gnutls_get_type(),
+                                  "gnutls",
+                                  0);
 }

diff --git a/tls/gnutls/gtlsbackend-gnutls.h b/tls/gnutls/gtlsbackend-gnutls.h
index 4d6f24c..c9d2244 100644 (file)
--- a/tls/gnutls/gtlsbackend-gnutls.h
+++ b/tls/gnutls/gtlsbackend-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -22,40 +31,18 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_BACKEND_GNUTLS            (g_tls_backend_gnutls_get_type ())
-#define G_TLS_BACKEND_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_BACKEND_GNUTLS, GTlsBackendGnutls))
-#define G_TLS_BACKEND_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_BACKEND_GNUTLS, GTlsBackendGnutlsClass))
-#define G_IS_TLS_BACKEND_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_BACKEND_GNUTLS))
-#define G_IS_TLS_BACKEND_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_BACKEND_GNUTLS))
-#define G_TLS_BACKEND_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_BACKEND_GNUTLS, GTlsBackendGnutlsClass))
-
-typedef struct _GTlsBackendGnutls        GTlsBackendGnutls;
-typedef struct _GTlsBackendGnutlsClass   GTlsBackendGnutlsClass;
-typedef struct _GTlsBackendGnutlsPrivate GTlsBackendGnutlsPrivate;
-
-struct _GTlsBackendGnutlsClass
-{
-  GObjectClass parent_class;
-
-  GTlsDatabase*   (*create_database)      (GTlsBackendGnutls          *self,
-                                           GError                    **error);
-};
-
-struct _GTlsBackendGnutls
-{
-  GObject parent_instance;
-  GTlsBackendGnutlsPrivate *priv;
-};
-
-GType g_tls_backend_gnutls_get_type (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsBackendGnutls, g_tls_backend_gnutls, G, TLS_BACKEND_GNUTLS, GObject)
+
 void  g_tls_backend_gnutls_register (GIOModule *module);
 
 void    g_tls_backend_gnutls_store_session  (unsigned int             type,
-                                            GBytes                  *session_id,
-                                            GBytes                  *session_data);
+                                             GBytes                  *session_id,
+                                             GBytes                  *session_data);
 void    g_tls_backend_gnutls_remove_session (unsigned int             type,
-                                            GBytes                  *session_id);
+                                             GBytes                  *session_id);
 GBytes *g_tls_backend_gnutls_lookup_session (unsigned int             type,
-                                            GBytes                  *session_id);
+                                             GBytes                  *session_id);
 
 G_END_DECLS
 

diff --git a/tls/gnutls/gtlscertificate-gnutls-pkcs11.c b/tls/gnutls/gtlscertificate-gnutls-pkcs11.c
deleted file mode 100644 (file)
index 993bd5c..0000000
--- a/tls/gnutls/gtlscertificate-gnutls-pkcs11.c
+++ /dev/null
@@ -1,222 +0,0 @@
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright © 2011 Collabora Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include <gnutls/gnutls.h>
-#include <gnutls/pkcs11.h>
-#include <string.h>
-
-#include "gtlscertificate-gnutls.h"
-#include "gtlscertificate-gnutls-pkcs11.h"
-
-G_DEFINE_TYPE (GTlsCertificateGnutlsPkcs11, g_tls_certificate_gnutls_pkcs11,
-               G_TYPE_TLS_CERTIFICATE_GNUTLS);
-
-enum
-{
-  PROP_0,
-
-  PROP_CERTIFICATE_URI,
-  PROP_PRIVATE_KEY_URI
-};
-
-struct _GTlsCertificateGnutlsPkcs11Private
-{
-  gchar *certificate_uri;
-  gchar *private_key_uri;
-};
-
-static void
-g_tls_certificate_gnutls_pkcs11_finalize (GObject *object)
-{
-  GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object);
-
-  g_free (self->priv->certificate_uri);
-  g_free (self->priv->private_key_uri);
-
-  G_OBJECT_CLASS (g_tls_certificate_gnutls_pkcs11_parent_class)->finalize (object);
-}
-
-static void
-g_tls_certificate_gnutls_pkcs11_get_property (GObject    *object,
-                                              guint       prop_id,
-                                              GValue     *value,
-                                              GParamSpec *pspec)
-{
-  GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object);
-
-  switch (prop_id)
-    {
-    case PROP_CERTIFICATE_URI:
-      g_value_set_string (value, self->priv->certificate_uri);
-      break;
-    case PROP_PRIVATE_KEY_URI:
-      g_value_set_string (value, self->priv->private_key_uri);
-      break;
-    default:
-      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
-    }
-}
-
-static void
-g_tls_certificate_gnutls_pkcs11_set_property (GObject      *object,
-                                              guint         prop_id,
-                                              const GValue *value,
-                                              GParamSpec   *pspec)
-{
-  GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object);
-
-  switch (prop_id)
-    {
-    case PROP_CERTIFICATE_URI:
-      g_free (self->priv->certificate_uri);
-      self->priv->certificate_uri = g_value_dup_string (value);
-      break;
-    case PROP_PRIVATE_KEY_URI:
-      g_free (self->priv->private_key_uri);
-      self->priv->private_key_uri = g_value_dup_string (value);
-      break;
-    default:
-      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
-    }
-}
-
-static void
-g_tls_certificate_gnutls_pkcs11_init (GTlsCertificateGnutlsPkcs11 *self)
-{
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11,
-                                            GTlsCertificateGnutlsPkcs11Private);
-}
-
-static void
-g_tls_certificate_gnutls_pkcs11_copy (GTlsCertificateGnutls    *gnutls,
-                                      const gchar              *interaction_id,
-                                      gnutls_retr2_st          *st)
-{
-  GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (gnutls);
-  gchar *uri;
-
-  st->key.x509 = NULL;
-
-  /* Let the base class copy certificate in */
-  G_TLS_CERTIFICATE_GNUTLS_CLASS (g_tls_certificate_gnutls_pkcs11_parent_class)->copy (gnutls,
-                                                                                       interaction_id,
-                                                                                       st);
-
-  /* This is the allocation behavior we expect from base class */
-  g_assert (st->deinit_all);
-
-  /* If the base class somehow put a key in, then respect that */
-  if (st->key.x509 == NULL)
-    {
-      uri = g_tls_certificate_gnutls_pkcs11_build_private_key_uri (self, interaction_id);
-      if (uri != NULL)
-        {
-          gnutls_pkcs11_privkey_init (&st->key.pkcs11);
-          gnutls_pkcs11_privkey_import_url (st->key.pkcs11, uri, GNUTLS_PKCS11_URL_GENERIC);
-          st->key_type = GNUTLS_PRIVKEY_PKCS11;
-          g_free (uri);
-        }
-    }
-}
-
-static void
-g_tls_certificate_gnutls_pkcs11_class_init (GTlsCertificateGnutlsPkcs11Class *klass)
-{
-  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-  GTlsCertificateGnutlsClass *gnutls_class = G_TLS_CERTIFICATE_GNUTLS_CLASS (klass);
-
-  g_type_class_add_private (klass, sizeof (GTlsCertificateGnutlsPkcs11Private));
-
-  gobject_class->get_property = g_tls_certificate_gnutls_pkcs11_get_property;
-  gobject_class->set_property = g_tls_certificate_gnutls_pkcs11_set_property;
-  gobject_class->finalize     = g_tls_certificate_gnutls_pkcs11_finalize;
-
-  gnutls_class->copy = g_tls_certificate_gnutls_pkcs11_copy;
-
-  g_object_class_install_property (gobject_class, PROP_CERTIFICATE_URI,
-                  g_param_spec_string ("certificate-uri", "Certificate URI",
-                                       "PKCS#11 URI of Certificate", NULL,
-                                       G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
-
-  g_object_class_install_property (gobject_class, PROP_PRIVATE_KEY_URI,
-                  g_param_spec_string ("private-key-uri", "Private Key URI",
-                                       "PKCS#11 URI of Private Key", NULL,
-                                       G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
-}
-
-GTlsCertificate *
-g_tls_certificate_gnutls_pkcs11_new (gpointer certificate_data,
-                                     gsize certificate_data_length,
-                                     const gchar *certificate_uri,
-                                     const gchar *private_key_uri,
-                                     GTlsCertificate    *issuer)
-{
-  GTlsCertificate *certificate;
-  gnutls_datum_t datum;
-
-  g_return_val_if_fail (certificate_data, NULL);
-  g_return_val_if_fail (certificate_uri, NULL);
-
-  datum.data = certificate_data;
-  datum.size = certificate_data_length;
-
-  certificate = g_object_new (G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11,
-                              "issuer", issuer,
-                              "certificate-uri", certificate_uri,
-                              "private-key-uri", private_key_uri,
-                              NULL);
-
-  g_tls_certificate_gnutls_set_data (G_TLS_CERTIFICATE_GNUTLS (certificate), &datum);
-
-  return certificate;
-}
-
-gchar *
-g_tls_certificate_gnutls_pkcs11_build_certificate_uri (GTlsCertificateGnutlsPkcs11 *self,
-                                                       const gchar *interaction_id)
-{
-  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11 (self), NULL);
-  if (self->priv->certificate_uri == NULL)
-    return NULL;
-  else if (interaction_id)
-    return g_strdup_printf ("%s;pinfile=%s", self->priv->certificate_uri, interaction_id);
-  else
-    return g_strdup (self->priv->certificate_uri);
-}
-
-gchar *
-g_tls_certificate_gnutls_pkcs11_build_private_key_uri (GTlsCertificateGnutlsPkcs11 *self,
-                                                       const gchar *interaction_id)
-{
-  if (self->priv->private_key_uri == NULL)
-    return NULL;
-  else if (interaction_id)
-    return g_strdup_printf ("%s;pinfile=%s", self->priv->private_key_uri, interaction_id);
-  else
-    return g_strdup (self->priv->private_key_uri);
-}

diff --git a/tls/gnutls/gtlscertificate-gnutls-pkcs11.h b/tls/gnutls/gtlscertificate-gnutls-pkcs11.h
deleted file mode 100644 (file)
index aaac044..0000000
--- a/tls/gnutls/gtlscertificate-gnutls-pkcs11.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* GIO - GLib Certificate, Output and Gnutlsing Library
- *
- * Copyright © 2011 Collabora Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __G_TLS_CERTIFICATE_GNUTLS_PKCS11_H__
-#define __G_TLS_CERTIFICATE_GNUTLS_PKCS11_H__
-
-#include <gio/gio.h>
-#include <gnutls/gnutls.h>
-
-#include "gtlscertificate-gnutls.h"
-
-G_BEGIN_DECLS
-
-#define G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11            (g_tls_certificate_gnutls_pkcs11_get_type ())
-#define G_TLS_CERTIFICATE_GNUTLS_PKCS11(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutlsPkcs11))
-#define G_TLS_CERTIFICATE_GNUTLS_PKCS11_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutlsPkcs11Class))
-#define G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11))
-#define G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11))
-#define G_TLS_CERTIFICATE_GNUTLS_PKCS11_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutlsPkcs11Class))
-
-typedef struct _GTlsCertificateGnutlsPkcs11Private                   GTlsCertificateGnutlsPkcs11Private;
-typedef struct _GTlsCertificateGnutlsPkcs11Class                     GTlsCertificateGnutlsPkcs11Class;
-typedef struct _GTlsCertificateGnutlsPkcs11                          GTlsCertificateGnutlsPkcs11;
-
-struct _GTlsCertificateGnutlsPkcs11Class
-{
-  GTlsCertificateGnutlsClass parent_class;
-};
-
-struct _GTlsCertificateGnutlsPkcs11
-{
-  GTlsCertificateGnutls parent_instance;
-  GTlsCertificateGnutlsPkcs11Private *priv;
-};
-
-GType              g_tls_certificate_gnutls_pkcs11_get_type              (void) G_GNUC_CONST;
-
-GTlsCertificate *  g_tls_certificate_gnutls_pkcs11_new                   (gpointer        certificate_der,
-                                                                          gsize           certificate_der_length,
-                                                                          const gchar     *certificate_uri,
-                                                                          const gchar     *private_key_uri,
-                                                                          GTlsCertificate *issuer);
-
-gchar *            g_tls_certificate_gnutls_pkcs11_build_certificate_uri (GTlsCertificateGnutlsPkcs11 *self,
-                                                                          const gchar *interaction_id);
-
-gchar *            g_tls_certificate_gnutls_pkcs11_build_private_key_uri (GTlsCertificateGnutlsPkcs11 *self,
-                                                                          const gchar *interaction_id);
-
-G_END_DECLS
-
-#endif /* __G_TLS_CERTIFICATE_GNUTLS_PKCS11_H___ */

diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 8dd0544..ff18c46 100644 (file)
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2009 Red Hat, Inc
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -29,12 +31,6 @@
 #include "gtlscertificate-gnutls.h"
 #include <glib/gi18n-lib.h>
 
-static void     g_tls_certificate_gnutls_initable_iface_init (GInitableIface  *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G_TYPE_TLS_CERTIFICATE,
-                        G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                               g_tls_certificate_gnutls_initable_iface_init);)
-
 enum
 {
   PROP_0,
@@ -46,8 +42,10 @@ enum
   PROP_ISSUER
 };
 
-struct _GTlsCertificateGnutlsPrivate
+struct _GTlsCertificateGnutls
 {
+  GTlsCertificate parent_instance;
+
   gnutls_x509_crt_t cert;
   gnutls_x509_privkey_t key;
 
@@ -59,28 +57,32 @@ struct _GTlsCertificateGnutlsPrivate
   guint have_key  : 1;
 };
 
+static void     g_tls_certificate_gnutls_initable_iface_init (GInitableIface  *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G_TYPE_TLS_CERTIFICATE,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_certificate_gnutls_initable_iface_init);)
+
 static void
 g_tls_certificate_gnutls_finalize (GObject *object)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
 
-  gnutls_x509_crt_deinit (gnutls->priv->cert);
-  if (gnutls->priv->key)
-    gnutls_x509_privkey_deinit (gnutls->priv->key);
+  g_clear_pointer (&gnutls->cert, gnutls_x509_crt_deinit);
+  g_clear_pointer (&gnutls->key, gnutls_x509_privkey_deinit);
 
-  if (gnutls->priv->issuer)
-    g_object_unref (gnutls->priv->issuer);
+  g_clear_object (&gnutls->issuer);
 
-  g_clear_error (&gnutls->priv->construct_error);
+  g_clear_error (&gnutls->construct_error);
 
   G_OBJECT_CLASS (g_tls_certificate_gnutls_parent_class)->finalize (object);
 }
 
 static void
 g_tls_certificate_gnutls_get_property (GObject    *object,
-                                      guint       prop_id,
-                                      GValue     *value,
-                                      GParamSpec *pspec)
+                                       guint       prop_id,
+                                       GValue     *value,
+                                       GParamSpec *pspec)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
   GByteArray *certificate;
@@ -92,51 +94,51 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
     {
     case PROP_CERTIFICATE:
       size = 0;
-      status = gnutls_x509_crt_export (gnutls->priv->cert,
-                                      GNUTLS_X509_FMT_DER,
-                                      NULL, &size);
+      status = gnutls_x509_crt_export (gnutls->cert,
+                                       GNUTLS_X509_FMT_DER,
+                                       NULL, &size);
       if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
-       certificate = NULL;
+        certificate = NULL;
       else
-       {
-         certificate = g_byte_array_sized_new (size);
-         certificate->len = size;
-         status = gnutls_x509_crt_export (gnutls->priv->cert,
-                                          GNUTLS_X509_FMT_DER,
-                                          certificate->data, &size);
-         if (status != 0)
-           {
-             g_byte_array_free (certificate, TRUE);
-             certificate = NULL;
-           }
-       }
+        {
+          certificate = g_byte_array_sized_new (size);
+          certificate->len = size;
+          status = gnutls_x509_crt_export (gnutls->cert,
+                                           GNUTLS_X509_FMT_DER,
+                                           certificate->data, &size);
+          if (status != 0)
+            {
+              g_byte_array_free (certificate, TRUE);
+              certificate = NULL;
+            }
+        }
       g_value_take_boxed (value, certificate);
       break;
 
     case PROP_CERTIFICATE_PEM:
       size = 0;
-      status = gnutls_x509_crt_export (gnutls->priv->cert,
-                                      GNUTLS_X509_FMT_PEM,
-                                      NULL, &size);
+      status = gnutls_x509_crt_export (gnutls->cert,
+                                       GNUTLS_X509_FMT_PEM,
+                                       NULL, &size);
       if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
-       certificate_pem = NULL;
+        certificate_pem = NULL;
       else
-       {
-         certificate_pem = g_malloc (size);
-         status = gnutls_x509_crt_export (gnutls->priv->cert,
-                                          GNUTLS_X509_FMT_PEM,
-                                          certificate_pem, &size);
-         if (status != 0)
-           {
-             g_free (certificate_pem);
-             certificate_pem = NULL;
-           }
-       }
+        {
+          certificate_pem = g_malloc (size);
+          status = gnutls_x509_crt_export (gnutls->cert,
+                                           GNUTLS_X509_FMT_PEM,
+                                           certificate_pem, &size);
+          if (status != 0)
+            {
+              g_free (certificate_pem);
+              certificate_pem = NULL;
+            }
+        }
       g_value_take_string (value, certificate_pem);
       break;
 
     case PROP_ISSUER:
-      g_value_set_object (value, gnutls->priv->issuer);
+      g_value_set_object (value, gnutls->issuer);
       break;
 
     default:
@@ -146,9 +148,9 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
 
 static void
 g_tls_certificate_gnutls_set_property (GObject      *object,
-                                      guint         prop_id,
-                                      const GValue *value,
-                                      GParamSpec   *pspec)
+                                       guint         prop_id,
+                                       const GValue *value,
+                                       GParamSpec   *pspec)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
   GByteArray *bytes;
@@ -161,108 +163,108 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
     case PROP_CERTIFICATE:
       bytes = g_value_get_boxed (value);
       if (!bytes)
-       break;
-      g_return_if_fail (gnutls->priv->have_cert == FALSE);
+        break;
+      g_return_if_fail (gnutls->have_cert == FALSE);
       data.data = bytes->data;
       data.size = bytes->len;
-      status = gnutls_x509_crt_import (gnutls->priv->cert, &data,
-                                      GNUTLS_X509_FMT_DER);
+      status = gnutls_x509_crt_import (gnutls->cert, &data,
+                                       GNUTLS_X509_FMT_DER);
       if (status == 0)
-       gnutls->priv->have_cert = TRUE;
-      else if (!gnutls->priv->construct_error)
-       {
-         gnutls->priv->construct_error =
-           g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                        _("Could not parse DER certificate: %s"),
-                        gnutls_strerror (status));
-       }
+        gnutls->have_cert = TRUE;
+      else if (!gnutls->construct_error)
+        {
+          gnutls->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse DER certificate: %s"),
+                         gnutls_strerror (status));
+        }
 
       break;
 
     case PROP_CERTIFICATE_PEM:
       string = g_value_get_string (value);
       if (!string)
-       break;
-      g_return_if_fail (gnutls->priv->have_cert == FALSE);
+        break;
+      g_return_if_fail (gnutls->have_cert == FALSE);
       data.data = (void *)string;
       data.size = strlen (string);
-      status = gnutls_x509_crt_import (gnutls->priv->cert, &data,
-                                      GNUTLS_X509_FMT_PEM);
+      status = gnutls_x509_crt_import (gnutls->cert, &data,
+                                       GNUTLS_X509_FMT_PEM);
       if (status == 0)
-       gnutls->priv->have_cert = TRUE;
-      else if (!gnutls->priv->construct_error)
-       {
-         gnutls->priv->construct_error =
-           g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                        _("Could not parse PEM certificate: %s"),
-                        gnutls_strerror (status));
-       }
+        gnutls->have_cert = TRUE;
+      else if (!gnutls->construct_error)
+        {
+          gnutls->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse PEM certificate: %s"),
+                         gnutls_strerror (status));
+        }
       break;
 
     case PROP_PRIVATE_KEY:
       bytes = g_value_get_boxed (value);
       if (!bytes)
-       break;
-      g_return_if_fail (gnutls->priv->have_key == FALSE);
+        break;
+      g_return_if_fail (gnutls->have_key == FALSE);
       data.data = bytes->data;
       data.size = bytes->len;
-      if (!gnutls->priv->key)
-        gnutls_x509_privkey_init (&gnutls->priv->key);
-      status = gnutls_x509_privkey_import (gnutls->priv->key, &data,
-                                          GNUTLS_X509_FMT_DER);
+      if (!gnutls->key)
+        gnutls_x509_privkey_init (&gnutls->key);
+      status = gnutls_x509_privkey_import (gnutls->key, &data,
+                                           GNUTLS_X509_FMT_DER);
       if (status != 0)
-       {
-         int pkcs8_status =
-           gnutls_x509_privkey_import_pkcs8 (gnutls->priv->key, &data,
-                                             GNUTLS_X509_FMT_DER, NULL,
-                                             GNUTLS_PKCS_PLAIN);
-         if (pkcs8_status == 0)
-           status = 0;
-       }
+        {
+          int pkcs8_status =
+            gnutls_x509_privkey_import_pkcs8 (gnutls->key, &data,
+                                              GNUTLS_X509_FMT_DER, NULL,
+                                              GNUTLS_PKCS_PLAIN);
+          if (pkcs8_status == 0)
+            status = 0;
+        }
       if (status == 0)
-       gnutls->priv->have_key = TRUE;
-      else if (!gnutls->priv->construct_error)
-       {
-         gnutls->priv->construct_error =
-           g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                        _("Could not parse DER private key: %s"),
-                        gnutls_strerror (status));
-       }
+        gnutls->have_key = TRUE;
+      else if (!gnutls->construct_error)
+        {
+          gnutls->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse DER private key: %s"),
+                         gnutls_strerror (status));
+        }
       break;
 
     case PROP_PRIVATE_KEY_PEM:
       string = g_value_get_string (value);
       if (!string)
-       break;
-      g_return_if_fail (gnutls->priv->have_key == FALSE);
+        break;
+      g_return_if_fail (gnutls->have_key == FALSE);
       data.data = (void *)string;
       data.size = strlen (string);
-      if (!gnutls->priv->key)
-        gnutls_x509_privkey_init (&gnutls->priv->key);
-      status = gnutls_x509_privkey_import (gnutls->priv->key, &data,
-                                          GNUTLS_X509_FMT_PEM);
+      if (!gnutls->key)
+        gnutls_x509_privkey_init (&gnutls->key);
+      status = gnutls_x509_privkey_import (gnutls->key, &data,
+                                           GNUTLS_X509_FMT_PEM);
       if (status != 0)
-       {
-         int pkcs8_status =
-           gnutls_x509_privkey_import_pkcs8 (gnutls->priv->key, &data,
-                                             GNUTLS_X509_FMT_PEM, NULL,
-                                             GNUTLS_PKCS_PLAIN);
-         if (pkcs8_status == 0)
-           status = 0;
-       }
+        {
+          int pkcs8_status =
+            gnutls_x509_privkey_import_pkcs8 (gnutls->key, &data,
+                                              GNUTLS_X509_FMT_PEM, NULL,
+                                              GNUTLS_PKCS_PLAIN);
+          if (pkcs8_status == 0)
+            status = 0;
+        }
       if (status == 0)
-       gnutls->priv->have_key = TRUE;
-      else if (!gnutls->priv->construct_error)
-       {
-         gnutls->priv->construct_error =
-           g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                        _("Could not parse PEM private key: %s"),
-                        gnutls_strerror (status));
-       }
+        gnutls->have_key = TRUE;
+      else if (!gnutls->construct_error)
+        {
+          gnutls->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse PEM private key: %s"),
+                         gnutls_strerror (status));
+        }
       break;
 
     case PROP_ISSUER:
-      gnutls->priv->issuer = g_value_dup_object (value);
+      gnutls->issuer = g_value_dup_object (value);
       break;
 
     default:
@@ -273,30 +275,26 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
 static void
 g_tls_certificate_gnutls_init (GTlsCertificateGnutls *gnutls)
 {
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls,
-                                             G_TYPE_TLS_CERTIFICATE_GNUTLS,
-                                             GTlsCertificateGnutlsPrivate);
-
-  gnutls_x509_crt_init (&gnutls->priv->cert);
+  gnutls_x509_crt_init (&gnutls->cert);
 }
 
 static gboolean
 g_tls_certificate_gnutls_initable_init (GInitable       *initable,
-                                       GCancellable    *cancellable,
-                                       GError         **error)
+                                        GCancellable    *cancellable,
+                                        GError         **error)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (initable);
 
-  if (gnutls->priv->construct_error)
+  if (gnutls->construct_error)
     {
-      g_propagate_error (error, gnutls->priv->construct_error);
-      gnutls->priv->construct_error = NULL;
+      g_propagate_error (error, gnutls->construct_error);
+      gnutls->construct_error = NULL;
       return FALSE;
     }
-  else if (!gnutls->priv->have_cert)
+  else if (!gnutls->have_cert)
     {
       g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                          _("No certificate data provided"));
+                           _("No certificate data provided"));
       return FALSE;
     }
   else
@@ -305,22 +303,31 @@ g_tls_certificate_gnutls_initable_init (GInitable       *initable,
 
 static GTlsCertificateFlags
 g_tls_certificate_gnutls_verify (GTlsCertificate     *cert,
-                                GSocketConnectable  *identity,
-                                GTlsCertificate     *trusted_ca)
+                                 GSocketConnectable  *identity,
+                                 GTlsCertificate     *trusted_ca)
 {
   GTlsCertificateGnutls *cert_gnutls;
   guint num_certs, i;
   gnutls_x509_crt_t *chain;
   GTlsCertificateFlags gtls_flags;
-  time_t t, now;
 
   cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
-  for (num_certs = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer)
-    num_certs++;
+  num_certs = 0;
+  do
+    {
+      cert_gnutls = cert_gnutls->issuer;
+      num_certs++;
+    }
+  while (cert_gnutls);
+
   chain = g_new (gnutls_x509_crt_t, num_certs);
   cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
-  for (i = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer, i++)
-    chain[i] = cert_gnutls->priv->cert;
+  for (i = 0; i < num_certs; i++)
+    {
+      chain[i] = cert_gnutls->cert;
+      cert_gnutls = cert_gnutls->issuer;
+    }
+  g_assert (!cert_gnutls);
 
   if (trusted_ca)
     {
@@ -328,38 +335,22 @@ g_tls_certificate_gnutls_verify (GTlsCertificate     *cert,
       guint gnutls_flags;
       int status;
 
-      ca = G_TLS_CERTIFICATE_GNUTLS (trusted_ca)->priv->cert;
+      ca = G_TLS_CERTIFICATE_GNUTLS (trusted_ca)->cert;
       status = gnutls_x509_crt_list_verify (chain, num_certs,
-                                           &ca, 1,
-                                           NULL, 0,
-                                           GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
-                                           &gnutls_flags);
+                                            &ca, 1,
+                                            NULL, 0, 0,
+                                            &gnutls_flags);
       if (status != 0)
-       {
-         g_free (chain);
-         return G_TLS_CERTIFICATE_GENERIC_ERROR;
-       }
+        {
+          g_free (chain);
+          return G_TLS_CERTIFICATE_GENERIC_ERROR;
+        }
 
       gtls_flags = g_tls_certificate_gnutls_convert_flags (gnutls_flags);
     }
   else
     gtls_flags = 0;
 
-  /* We have to check these ourselves since gnutls_x509_crt_list_verify
-   * won't bother if it gets an UNKNOWN_CA.
-   */
-  now = time (NULL);
-  for (i = 0; i < num_certs; i++)
-    {
-      t = gnutls_x509_crt_get_activation_time (chain[i]);
-      if (t == (time_t) -1 || t > now)
-       gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
-
-      t = gnutls_x509_crt_get_expiration_time (chain[i]);
-      if (t == (time_t) -1 || t < now)
-       gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
-    }
-
   g_free (chain);
 
   if (identity)
@@ -369,78 +360,17 @@ g_tls_certificate_gnutls_verify (GTlsCertificate     *cert,
 }
 
 static void
-g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls    *gnutls,
-                                    const gchar              *interaction_id,
-                                    gnutls_retr2_st          *st)
-{
-  GTlsCertificateGnutls *chain;
-  gnutls_x509_crt_t cert;
-  gnutls_datum_t data;
-  guint num_certs = 0;
-  size_t size = 0;
-  int status;
-
-  /* We will do this loop twice. It's probably more efficient than
-   * re-allocating memory.
-   */
-  chain = gnutls;
-  while (chain != NULL)
-    {
-      num_certs++;
-      chain = chain->priv->issuer;
-    }
-
-  st->ncerts = 0;
-  st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t) * num_certs);
-
-  /* Now do the actual copy of the whole chain. */
-  chain = gnutls;
-  while (chain != NULL)
-    {
-      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
-                              NULL, &size);
-      data.data = g_malloc (size);
-      data.size = size;
-      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
-                              data.data, &size);
-
-      gnutls_x509_crt_init (&cert);
-      status = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
-      g_warn_if_fail (status == 0);
-      g_free (data.data);
-
-      st->cert.x509[st->ncerts] = cert;
-      st->ncerts++;
-
-      chain = chain->priv->issuer;
-    }
-
-  if (gnutls->priv->key != NULL)
-    {
-      gnutls_x509_privkey_init (&st->key.x509);
-      gnutls_x509_privkey_cpy (st->key.x509, gnutls->priv->key);
-      st->key_type = GNUTLS_PRIVKEY_X509;
-    }
-
-  st->deinit_all = TRUE;
-}
-
-static void
 g_tls_certificate_gnutls_class_init (GTlsCertificateGnutlsClass *klass)
 {
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsCertificateClass *certificate_class = G_TLS_CERTIFICATE_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsCertificateGnutlsPrivate));
-
   gobject_class->get_property = g_tls_certificate_gnutls_get_property;
   gobject_class->set_property = g_tls_certificate_gnutls_set_property;
   gobject_class->finalize     = g_tls_certificate_gnutls_finalize;
 
   certificate_class->verify = g_tls_certificate_gnutls_verify;
 
-  klass->copy = g_tls_certificate_gnutls_real_copy;
-
   g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
   g_object_class_override_property (gobject_class, PROP_CERTIFICATE_PEM, "certificate-pem");
   g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
@@ -456,13 +386,13 @@ g_tls_certificate_gnutls_initable_iface_init (GInitableIface  *iface)
 
 GTlsCertificate *
 g_tls_certificate_gnutls_new (const gnutls_datum_t *datum,
-                             GTlsCertificate      *issuer)
+                              GTlsCertificate      *issuer)
 {
   GTlsCertificateGnutls *gnutls;
 
   gnutls = g_object_new (G_TYPE_TLS_CERTIFICATE_GNUTLS,
-                        "issuer", issuer,
-                        NULL);
+                         "issuer", issuer,
+                         NULL);
   g_tls_certificate_gnutls_set_data (gnutls, datum);
 
   return G_TLS_CERTIFICATE (gnutls);
@@ -473,34 +403,108 @@ g_tls_certificate_gnutls_set_data (GTlsCertificateGnutls *gnutls,
                                    const gnutls_datum_t  *datum)
 {
   g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls));
-  g_return_if_fail (!gnutls->priv->have_cert);
+  g_return_if_fail (!gnutls->have_cert);
 
-  if (gnutls_x509_crt_import (gnutls->priv->cert, datum,
+  if (gnutls_x509_crt_import (gnutls->cert, datum,
                               GNUTLS_X509_FMT_DER) == 0)
-    gnutls->priv->have_cert = TRUE;
+    gnutls->have_cert = TRUE;
 }
 
 const gnutls_x509_crt_t
 g_tls_certificate_gnutls_get_cert (GTlsCertificateGnutls *gnutls)
 {
-  return gnutls->priv->cert;
+  return gnutls->cert;
 }
 
 gboolean
 g_tls_certificate_gnutls_has_key (GTlsCertificateGnutls *gnutls)
 {
-  return gnutls->priv->have_key;
+  return gnutls->have_key;
 }
 
 void
-g_tls_certificate_gnutls_copy  (GTlsCertificateGnutls *gnutls,
-                                const gchar           *interaction_id,
-                                gnutls_retr2_st       *st)
+g_tls_certificate_gnutls_copy  (GTlsCertificateGnutls  *gnutls,
+                                const gchar            *interaction_id,
+                                gnutls_pcert_st       **pcert,
+                                unsigned int           *pcert_length,
+                                gnutls_privkey_t       *pkey)
 {
+  GTlsCertificateGnutls *chain;
+  guint num_certs = 0;
+  int status;
+
   g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls));
-  g_return_if_fail (st != NULL);
-  g_return_if_fail (G_TLS_CERTIFICATE_GNUTLS_GET_CLASS (gnutls)->copy);
-  G_TLS_CERTIFICATE_GNUTLS_GET_CLASS (gnutls)->copy (gnutls, interaction_id, st);
+  g_return_if_fail (pcert != NULL);
+  g_return_if_fail (pcert_length != NULL);
+  g_return_if_fail (pkey != NULL);
+
+  /* We will do this loop twice. It's probably more efficient than
+   * re-allocating memory.
+   */
+  chain = gnutls;
+  while (chain != NULL)
+    {
+      num_certs++;
+      chain = chain->issuer;
+    }
+
+  *pcert_length = 0;
+  *pcert = g_malloc (sizeof (gnutls_pcert_st) * num_certs);
+
+  /* Now do the actual copy of the whole chain. */
+  chain = gnutls;
+  while (chain != NULL)
+    {
+      gnutls_x509_crt_t cert;
+      gnutls_datum_t data;
+
+      gnutls_x509_crt_export2 (chain->cert, GNUTLS_X509_FMT_DER, &data);
+
+      gnutls_x509_crt_init (&cert);
+      status = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
+      g_warn_if_fail (status == 0);
+      gnutls_free (data.data);
+
+      gnutls_pcert_import_x509 (*pcert + *pcert_length, cert, 0);
+      gnutls_x509_crt_deinit (cert);
+      (*pcert_length)++;
+
+      chain = chain->issuer;
+    }
+
+    if (gnutls->key != NULL)
+      {
+        gnutls_x509_privkey_t x509_privkey;
+        gnutls_privkey_t privkey;
+
+        gnutls_x509_privkey_init (&x509_privkey);
+        gnutls_x509_privkey_cpy (x509_privkey, gnutls->key);
+
+        gnutls_privkey_init (&privkey);
+        gnutls_privkey_import_x509 (privkey, x509_privkey, GNUTLS_PRIVKEY_IMPORT_COPY);
+        *pkey = privkey;
+        gnutls_x509_privkey_deinit (x509_privkey);
+      }
+    else
+      {
+        *pkey = NULL;
+      }
+}
+
+void
+g_tls_certificate_gnutls_copy_free (gnutls_pcert_st  *pcert,
+                                    unsigned int      pcert_length,
+                                    gnutls_privkey_t  pkey)
+{
+  if (pcert != NULL)
+    {
+      for (unsigned int i = 0; i < pcert_length; i++)
+        gnutls_pcert_deinit (&pcert[i]);
+      g_free (pcert);
+    }
+
+  if (pkey != NULL)
+    gnutls_privkey_deinit (pkey);
 }
 
 static const struct {
@@ -535,10 +539,10 @@ g_tls_certificate_gnutls_convert_flags (guint gnutls_flags)
   for (i = 0; i < flags_map_size && gnutls_flags != 0; i++)
     {
       if (gnutls_flags & flags_map[i].gnutls_flag)
-       {
-         gnutls_flags &= ~flags_map[i].gnutls_flag;
-         gtls_flags |= flags_map[i].gtls_flag;
-       }
+        {
+          gnutls_flags &= ~flags_map[i].gnutls_flag;
+          gtls_flags |= flags_map[i].gtls_flag;
+        }
     }
   if (gnutls_flags)
     gtls_flags |= G_TLS_CERTIFICATE_GENERIC_ERROR;
@@ -548,7 +552,7 @@ g_tls_certificate_gnutls_convert_flags (guint gnutls_flags)
 
 static gboolean
 verify_identity_hostname (GTlsCertificateGnutls *gnutls,
-                         GSocketConnectable    *identity)
+                          GSocketConnectable    *identity)
 {
   const char *hostname;
 
@@ -559,12 +563,12 @@ verify_identity_hostname (GTlsCertificateGnutls *gnutls,
   else
     return FALSE;
 
-  return gnutls_x509_crt_check_hostname (gnutls->priv->cert, hostname);
+  return gnutls_x509_crt_check_hostname (gnutls->cert, hostname);
 }
 
 static gboolean
 verify_identity_ip (GTlsCertificateGnutls *gnutls,
-                   GSocketConnectable    *identity)
+                    GSocketConnectable    *identity)
 {
   GInetAddress *addr;
   int i, ret = 0;
@@ -597,17 +601,17 @@ verify_identity_ip (GTlsCertificateGnutls *gnutls,
       size_t san_size;
 
       san_size = sizeof (san);
-      ret = gnutls_x509_crt_get_subject_alt_name (gnutls->priv->cert, i,
-                                                 san, &san_size, NULL);
+      ret = gnutls_x509_crt_get_subject_alt_name (gnutls->cert, i,
+                                                  san, &san_size, NULL);
 
       if ((ret == GNUTLS_SAN_IPADDRESS) && (addr_size == san_size))
-       {
-         if (memcmp (addr_bytes, san, addr_size) == 0)
-           {
-             g_object_unref (addr);
-             return TRUE;
-           }
-       }
+        {
+          if (memcmp (addr_bytes, san, addr_size) == 0)
+            {
+              g_object_unref (addr);
+              return TRUE;
+            }
+        }
     }
 
   g_object_unref (addr);
@@ -616,7 +620,7 @@ verify_identity_ip (GTlsCertificateGnutls *gnutls,
 
 GTlsCertificateFlags
 g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
-                                         GSocketConnectable    *identity)
+                                          GSocketConnectable    *identity)
 {
   if (verify_identity_hostname (gnutls, identity))
     return 0;
@@ -639,9 +643,9 @@ g_tls_certificate_gnutls_set_issuer (GTlsCertificateGnutls *gnutls,
 
   if (issuer)
     g_object_ref (issuer);
-  if (gnutls->priv->issuer)
-    g_object_unref (gnutls->priv->issuer);
-  gnutls->priv->issuer = issuer;
+  if (gnutls->issuer)
+    g_object_unref (gnutls->issuer);
+  gnutls->issuer = issuer;
   g_object_notify (G_OBJECT (gnutls), "issuer");
 }
 

diff --git a/tls/gnutls/gtlscertificate-gnutls.h b/tls/gnutls/gtlscertificate-gnutls.h
index d1439e7..c5aff43 100644 (file)
--- a/tls/gnutls/gtlscertificate-gnutls.h
+++ b/tls/gnutls/gtlscertificate-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2009 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -17,37 +26,14 @@
 #define __G_TLS_CERTIFICATE_GNUTLS_H__
 
 #include <gio/gio.h>
+#include <gnutls/abstract.h>
 #include <gnutls/gnutls.h>
 
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CERTIFICATE_GNUTLS            (g_tls_certificate_gnutls_get_type ())
-#define G_TLS_CERTIFICATE_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CERTIFICATE_GNUTLS, GTlsCertificateGnutls))
-#define G_TLS_CERTIFICATE_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CERTIFICATE_GNUTLS, GTlsCertificateGnutlsClass))
-#define G_IS_TLS_CERTIFICATE_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CERTIFICATE_GNUTLS))
-#define G_IS_TLS_CERTIFICATE_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CERTIFICATE_GNUTLS))
-#define G_TLS_CERTIFICATE_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CERTIFICATE_GNUTLS, GTlsCertificateGnutlsClass))
-
-typedef struct _GTlsCertificateGnutlsPrivate                   GTlsCertificateGnutlsPrivate;
-typedef struct _GTlsCertificateGnutlsClass                     GTlsCertificateGnutlsClass;
-typedef struct _GTlsCertificateGnutls                          GTlsCertificateGnutls;
-
-struct _GTlsCertificateGnutlsClass
-{
-  GTlsCertificateClass parent_class;
 
-  void              (*copy)               (GTlsCertificateGnutls    *gnutls,
-                                           const gchar              *interaction_id,
-                                           gnutls_retr2_st          *st);
-};
-
-struct _GTlsCertificateGnutls
-{
-  GTlsCertificate parent_instance;
-  GTlsCertificateGnutlsPrivate *priv;
-};
-
-GType g_tls_certificate_gnutls_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G, TLS_CERTIFICATE_GNUTLS, GTlsCertificate)
 
 GTlsCertificate *            g_tls_certificate_gnutls_new             (const gnutls_datum_t  *datum,
                                                                        GTlsCertificate       *issuer);
@@ -60,12 +46,18 @@ void                         g_tls_certificate_gnutls_set_data        (GTlsCerti
 const gnutls_x509_crt_t      g_tls_certificate_gnutls_get_cert        (GTlsCertificateGnutls *gnutls);
 gboolean                     g_tls_certificate_gnutls_has_key         (GTlsCertificateGnutls *gnutls);
 
-void                         g_tls_certificate_gnutls_copy            (GTlsCertificateGnutls *gnutls,
-                                                                       const gchar           *interaction_id,
-                                                                       gnutls_retr2_st       *st);
+void                         g_tls_certificate_gnutls_copy            (GTlsCertificateGnutls  *gnutls,
+                                                                       const gchar            *interaction_id,
+                                                                       gnutls_pcert_st       **pcert,
+                                                                       unsigned int           *pcert_length,
+                                                                       gnutls_privkey_t       *pkey);
+
+void                         g_tls_certificate_gnutls_copy_free       (gnutls_pcert_st        *pcert,
+                                                                       unsigned int            pcert_length,
+                                                                       gnutls_privkey_t        pkey);
 
 GTlsCertificateFlags         g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
-                                                                      GSocketConnectable    *identity);
+                                                                       GSocketConnectable    *identity);
 
 GTlsCertificateFlags         g_tls_certificate_gnutls_convert_flags   (guint                  gnutls_flags);
 

diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index d5d63fa..cac2deb 100644 (file)
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -42,27 +44,10 @@ enum
   PROP_ACCEPTED_CAS
 };
 
-static void     g_tls_client_connection_gnutls_initable_interface_init (GInitableIface  *iface);
-
-static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface);
-
-static int g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t             session,
-                                                            const gnutls_datum_t        *req_ca_rdn,
-                                                            int                          nreqs,
-                                                            const gnutls_pk_algorithm_t *pk_algos,
-                                                            int                          pk_algos_length,
-                                                            gnutls_retr2_st             *st);
-
-static GInitableIface *g_tls_client_connection_gnutls_parent_initable_iface;
-
-G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS,
-                        G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                               g_tls_client_connection_gnutls_initable_interface_init)
-                        G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
-                                               g_tls_client_connection_gnutls_client_connection_interface_init));
-
-struct _GTlsClientConnectionGnutlsPrivate
+struct _GTlsClientConnectionGnutls
 {
+  GTlsConnectionGnutls parent_instance;
+
   GTlsCertificateFlags validation_flags;
   GSocketConnectable *server_identity;
   gboolean use_ssl3;
@@ -71,38 +56,72 @@ struct _GTlsClientConnectionGnutlsPrivate
   GBytes *session_id;
   GBytes *session_data;
 
-  gboolean cert_requested;
+  gboolean requested_cert_missing;
   GError *cert_error;
   GPtrArray *accepted_cas;
+
+  gnutls_pcert_st *pcert;
+  unsigned int pcert_length;
+  gnutls_privkey_t pkey;
 };
 
+static void     g_tls_client_connection_gnutls_initable_interface_init (GInitableIface  *iface);
+
+static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface);
+static void g_tls_client_connection_gnutls_dtls_client_connection_interface_init (GDtlsClientConnectionInterface *iface);
+
+static int g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t              session,
+                                                             const gnutls_datum_t         *req_ca_rdn,
+                                                             int                           nreqs,
+                                                             const gnutls_pk_algorithm_t  *pk_algos,
+                                                             int                           pk_algos_length,
+                                                             gnutls_pcert_st             **pcert,
+                                                             unsigned int                 *pcert_length,
+                                                             gnutls_privkey_t             *pkey);
+
+static GInitableIface *g_tls_client_connection_gnutls_parent_initable_iface;
+
+G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_client_connection_gnutls_initable_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
+                                                g_tls_client_connection_gnutls_client_connection_interface_init);
+                         G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CLIENT_CONNECTION,
+                                                g_tls_client_connection_gnutls_dtls_client_connection_interface_init));
+
+static void
+clear_gnutls_certificate_copy (GTlsClientConnectionGnutls *gnutls)
+{
+  g_tls_certificate_gnutls_copy_free (gnutls->pcert, gnutls->pcert_length, gnutls->pkey);
+
+  gnutls->pcert = NULL;
+  gnutls->pcert_length = 0;
+  gnutls->pkey = NULL;
+}
 
 static void
 g_tls_client_connection_gnutls_init (GTlsClientConnectionGnutls *gnutls)
 {
   gnutls_certificate_credentials_t creds;
 
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutlsPrivate);
-
   creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
-  gnutls_certificate_set_retrieve_function (creds, g_tls_client_connection_gnutls_retrieve_function);
+  gnutls_certificate_set_retrieve_function2 (creds, g_tls_client_connection_gnutls_retrieve_function);
 }
 
 static const gchar *
 get_server_identity (GTlsClientConnectionGnutls *gnutls)
 {
-  if (G_IS_NETWORK_ADDRESS (gnutls->priv->server_identity))
-    return g_network_address_get_hostname (G_NETWORK_ADDRESS (gnutls->priv->server_identity));
-  else if (G_IS_NETWORK_SERVICE (gnutls->priv->server_identity))
-    return g_network_service_get_domain (G_NETWORK_SERVICE (gnutls->priv->server_identity));
+  if (G_IS_NETWORK_ADDRESS (gnutls->server_identity))
+    return g_network_address_get_hostname (G_NETWORK_ADDRESS (gnutls->server_identity));
+  else if (G_IS_NETWORK_SERVICE (gnutls->server_identity))
+    return g_network_service_get_domain (G_NETWORK_SERVICE (gnutls->server_identity));
   else
     return NULL;
 }
 
 static void
-g_tls_client_connection_gnutls_constructed (GObject *object)
+g_tls_client_connection_gnutls_compute_session_id (GTlsClientConnectionGnutls *gnutls)
 {
-  GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
   GSocketConnection *base_conn;
   GSocketAddress *remote_addr;
   GInetAddress *iaddr;
@@ -120,28 +139,45 @@ g_tls_client_connection_gnutls_constructed (GObject *object)
     {
       remote_addr = g_socket_connection_get_remote_address (base_conn, NULL);
       if (G_IS_INET_SOCKET_ADDRESS (remote_addr))
-       {
-         GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr);
-         const gchar *server_hostname;
-         gchar *addrstr, *session_id;
-
-         iaddr = g_inet_socket_address_get_address (isaddr);
-         port = g_inet_socket_address_get_port (isaddr);
-
-         addrstr = g_inet_address_to_string (iaddr);
-         server_hostname = get_server_identity (gnutls);
-         session_id = g_strdup_printf ("%s/%s/%d", addrstr,
-                                       server_hostname ? server_hostname : "",
-                                       port);
-         gnutls->priv->session_id = g_bytes_new_take (session_id, strlen (session_id));
-         g_free (addrstr);
-       }
+        {
+          GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr);
+          const gchar *server_hostname;
+          gchar *addrstr, *session_id;
+          GTlsCertificate *cert = NULL;
+          gchar *cert_hash = NULL;
+
+          iaddr = g_inet_socket_address_get_address (isaddr);
+          port = g_inet_socket_address_get_port (isaddr);
+
+          addrstr = g_inet_address_to_string (iaddr);
+          server_hostname = get_server_identity (gnutls);
+
+          /* If we have a certificate, make its hash part of the session ID, so
+           * that different connections to the same server can use different
+           * certificates. */
+          g_object_get (G_OBJECT (gnutls), "certificate", &cert, NULL);
+          if (cert)
+            {
+              GByteArray *der = NULL;
+              g_object_get (G_OBJECT (cert), "certificate", &der, NULL);
+              if (der)
+                {
+                  cert_hash = g_compute_checksum_for_data (G_CHECKSUM_SHA256, der->data, der->len);
+                  g_byte_array_unref (der);
+                }
+              g_object_unref (cert);
+            }
+          session_id = g_strdup_printf ("%s/%s/%d/%s", addrstr,
+                                        server_hostname ? server_hostname : "",
+                                        port,
+                                        cert_hash ? cert_hash : "");
+          gnutls->session_id = g_bytes_new_take (session_id, strlen (session_id));
+          g_free (addrstr);
+          g_free (cert_hash);
+        }
       g_object_unref (remote_addr);
     }
-  g_object_unref (base_conn);
-
-  if (G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->constructed)
-    G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->constructed (object);
+  g_clear_object (&base_conn);
 }
 
 static void
@@ -149,19 +185,21 @@ g_tls_client_connection_gnutls_finalize (GObject *object)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
 
-  g_clear_object (&gnutls->priv->server_identity);
-  g_clear_pointer (&gnutls->priv->accepted_cas, g_ptr_array_unref);
-  g_clear_pointer (&gnutls->priv->session_id, g_bytes_unref);
-  g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-  g_clear_error (&gnutls->priv->cert_error);
+  g_clear_object (&gnutls->server_identity);
+  g_clear_pointer (&gnutls->accepted_cas, g_ptr_array_unref);
+  g_clear_pointer (&gnutls->session_id, g_bytes_unref);
+  g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+  g_clear_error (&gnutls->cert_error);
+
+  clear_gnutls_certificate_copy (gnutls);
 
   G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->finalize (object);
 }
 
 static gboolean
 g_tls_client_connection_gnutls_initable_init (GInitable       *initable,
-                                             GCancellable    *cancellable,
-                                             GError         **error)
+                                              GCancellable    *cancellable,
+                                              GError         **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
   gnutls_session_t session;
@@ -175,8 +213,15 @@ g_tls_client_connection_gnutls_initable_init (GInitable       *initable,
   hostname = get_server_identity (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
   if (hostname)
     {
+      gchar *normalized_hostname = g_strdup (hostname);
+
+      if (hostname[strlen (hostname) - 1] == '.')
+        normalized_hostname[strlen (hostname) - 1] = '\0';
+
       gnutls_server_name_set (session, GNUTLS_NAME_DNS,
-                              hostname, strlen (hostname));
+                              normalized_hostname, strlen (normalized_hostname));
+
+      g_free (normalized_hostname);
     }
 
   return TRUE;
@@ -184,9 +229,9 @@ g_tls_client_connection_gnutls_initable_init (GInitable       *initable,
 
 static void
 g_tls_client_connection_gnutls_get_property (GObject    *object,
-                                            guint       prop_id,
-                                            GValue     *value,
-                                            GParamSpec *pspec)
+                                             guint       prop_id,
+                                             GValue     *value,
+                                             GParamSpec *pspec)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
   GList *accepted_cas;
@@ -195,25 +240,25 @@ g_tls_client_connection_gnutls_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_VALIDATION_FLAGS:
-      g_value_set_flags (value, gnutls->priv->validation_flags);
+      g_value_set_flags (value, gnutls->validation_flags);
       break;
 
     case PROP_SERVER_IDENTITY:
-      g_value_set_object (value, gnutls->priv->server_identity);
+      g_value_set_object (value, gnutls->server_identity);
       break;
 
     case PROP_USE_SSL3:
-      g_value_set_boolean (value, gnutls->priv->use_ssl3);
+      g_value_set_boolean (value, gnutls->use_ssl3);
       break;
 
     case PROP_ACCEPTED_CAS:
       accepted_cas = NULL;
-      if (gnutls->priv->accepted_cas)
+      if (gnutls->accepted_cas)
         {
-          for (i = 0; i < gnutls->priv->accepted_cas->len; ++i)
+          for (i = 0; i < gnutls->accepted_cas->len; ++i)
             {
               accepted_cas = g_list_prepend (accepted_cas, g_byte_array_ref (
-                                             gnutls->priv->accepted_cas->pdata[i]));
+                                             gnutls->accepted_cas->pdata[i]));
             }
           accepted_cas = g_list_reverse (accepted_cas);
         }
@@ -227,9 +272,9 @@ g_tls_client_connection_gnutls_get_property (GObject    *object,
 
 static void
 g_tls_client_connection_gnutls_set_property (GObject      *object,
-                                            guint         prop_id,
-                                            const GValue *value,
-                                            GParamSpec   *pspec)
+                                             guint         prop_id,
+                                             const GValue *value,
+                                             GParamSpec   *pspec)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
   const char *hostname;
@@ -237,31 +282,31 @@ g_tls_client_connection_gnutls_set_property (GObject      *object,
   switch (prop_id)
     {
     case PROP_VALIDATION_FLAGS:
-      gnutls->priv->validation_flags = g_value_get_flags (value);
+      gnutls->validation_flags = g_value_get_flags (value);
       break;
 
     case PROP_SERVER_IDENTITY:
-      if (gnutls->priv->server_identity)
-       g_object_unref (gnutls->priv->server_identity);
-      gnutls->priv->server_identity = g_value_dup_object (value);
+      if (gnutls->server_identity)
+        g_object_unref (gnutls->server_identity);
+      gnutls->server_identity = g_value_dup_object (value);
 
       hostname = get_server_identity (gnutls);
       if (hostname)
-       {
-         gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
+        {
+          gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
 
-         /* This will only be triggered if the identity is set after
-          * initialization */
-         if (session)
+          /* This will only be triggered if the identity is set after
+           * initialization */
+          if (session)
             {
               gnutls_server_name_set (session, GNUTLS_NAME_DNS,
                                       hostname, strlen (hostname));
             }
-       }
+        }
       break;
 
     case PROP_USE_SSL3:
-      gnutls->priv->use_ssl3 = g_value_get_boolean (value);
+      gnutls->use_ssl3 = g_value_get_boolean (value);
       break;
 
     default:
@@ -270,12 +315,14 @@ g_tls_client_connection_gnutls_set_property (GObject      *object,
 }
 
 static int
-g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t             session,
-                                                 const gnutls_datum_t        *req_ca_rdn,
-                                                 int                          nreqs,
-                                                 const gnutls_pk_algorithm_t *pk_algos,
-                                                 int                          pk_algos_length,
-                                                 gnutls_retr2_st             *st)
+g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t              session,
+                                                  const gnutls_datum_t         *req_ca_rdn,
+                                                  int                           nreqs,
+                                                  const gnutls_pk_algorithm_t  *pk_algos,
+                                                  int                           pk_algos_length,
+                                                  gnutls_pcert_st             **pcert,
+                                                  unsigned int                 *pcert_length,
+                                                  gnutls_privkey_t             *pkey)
 {
   GTlsClientConnectionGnutls *gnutls = gnutls_transport_get_ptr (session);
   GTlsConnectionGnutls *conn = G_TLS_CONNECTION_GNUTLS (gnutls);
@@ -283,7 +330,9 @@ g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t             s
   GByteArray *dn;
   int i;
 
-  gnutls->priv->cert_requested = TRUE;
+  /* FIXME: Here we are supposed to ensure that the certificate supports one of
+   * the algorithms given in pk_algos.
+   */
 
   accepted_cas = g_ptr_array_new_with_free_func ((GDestroyNotify)g_byte_array_unref);
   for (i = 0; i < nreqs; i++)
@@ -293,20 +342,49 @@ g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t             s
       g_ptr_array_add (accepted_cas, dn);
     }
 
-  if (gnutls->priv->accepted_cas)
-    g_ptr_array_unref (gnutls->priv->accepted_cas);
-  gnutls->priv->accepted_cas = accepted_cas;
+  if (gnutls->accepted_cas)
+    g_ptr_array_unref (gnutls->accepted_cas);
+  gnutls->accepted_cas = accepted_cas;
   g_object_notify (G_OBJECT (gnutls), "accepted-cas");
 
-  g_tls_connection_gnutls_get_certificate (conn, st);
+  clear_gnutls_certificate_copy (gnutls);
+  g_tls_connection_gnutls_get_certificate (conn, pcert, pcert_length, pkey);
+
+  if (*pcert_length == 0)
+    {
+      g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
+      g_clear_error (&gnutls->cert_error);
+
+      if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->cert_error))
+        g_tls_connection_gnutls_get_certificate (conn, pcert, pcert_length, pkey);
+
+      if (*pcert_length == 0)
+        {
+          g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
+
+          /* If there is still no client certificate, this connection will
+           * probably fail, but no reason to give up: let's try anyway.
+           */
+          gnutls->requested_cert_missing = TRUE;
+          return 0;
+        }
+    }
 
-  if (st->ncerts == 0)
+  if (*pkey == NULL)
     {
-      g_clear_error (&gnutls->priv->cert_error);
-      if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->priv->cert_error))
-        g_tls_connection_gnutls_get_certificate (conn, st);
+      g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
+
+      /* No private key. GnuTLS expects it to be non-null if pcert_length is
+       * nonzero, so we have to abort now.
+       */
+      gnutls->requested_cert_missing = TRUE;
+      return -1;
     }
 
+  gnutls->pcert = *pcert;
+  gnutls->pcert_length = *pcert_length;
+  gnutls->pkey = *pkey;
+
   return 0;
 }
 
@@ -315,10 +393,10 @@ g_tls_client_connection_gnutls_failed (GTlsConnectionGnutls *conn)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
 
-  gnutls->priv->session_data_override = FALSE;
-  g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-  if (gnutls->priv->session_id)
-    g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+  gnutls->session_data_override = FALSE;
+  g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+  if (gnutls->session_id)
+    g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id);
 }
 
 static void
@@ -326,64 +404,65 @@ g_tls_client_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
 
+  g_tls_client_connection_gnutls_compute_session_id (gnutls);
+
   /* Try to get a cached session */
-  if (gnutls->priv->session_data_override)
+  if (gnutls->session_data_override)
     {
       gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
-                               g_bytes_get_data (gnutls->priv->session_data, NULL),
-                               g_bytes_get_size (gnutls->priv->session_data));
+                               g_bytes_get_data (gnutls->session_data, NULL),
+                               g_bytes_get_size (gnutls->session_data));
     }
-  else if (gnutls->priv->session_id)
+  else if (gnutls->session_id)
     {
       GBytes *session_data;
 
-      session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+      session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_CLIENT, gnutls->session_id);
       if (session_data)
-       {
-         gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
-                                  g_bytes_get_data (session_data, NULL),
-                                  g_bytes_get_size (session_data));
-          g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-          gnutls->priv->session_data = session_data;
-       }
+        {
+          gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
+                                   g_bytes_get_data (session_data, NULL),
+                                   g_bytes_get_size (session_data));
+          g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+          gnutls->session_data = session_data;
+        }
     }
 
-  gnutls->priv->cert_requested = FALSE;
+  gnutls->requested_cert_missing = FALSE;
 }
 
 static void
 g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *conn,
-                                                GError               **inout_error)
+                                                 GError               **inout_error)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
   int resumed;
 
   g_assert (inout_error != NULL);
 
-  if (g_error_matches (*inout_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS) &&
-      gnutls->priv->cert_requested)
+  if (*inout_error != NULL && gnutls->requested_cert_missing)
     {
       g_clear_error (inout_error);
-      if (gnutls->priv->cert_error)
-       {
-         *inout_error = gnutls->priv->cert_error;
-         gnutls->priv->cert_error = NULL;
-       }
+      if (gnutls->cert_error)
+        {
+          *inout_error = gnutls->cert_error;
+          gnutls->cert_error = NULL;
+        }
       else
-       {
-         g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
-                              _("Server required TLS certificate"));
-       }
+        {
+          g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+                               _("Server required TLS certificate"));
+        }
     }
 
   resumed = gnutls_session_is_resumed (g_tls_connection_gnutls_get_session (conn));
   if (*inout_error || !resumed)
     {
       /* Clear session data since the server did not accept what we provided. */
-      gnutls->priv->session_data_override = FALSE;
-      g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-      if (gnutls->priv->session_id)
-        g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+      gnutls->session_data_override = FALSE;
+      g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+      if (gnutls->session_id)
+        g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id);
     }
 
   if (!*inout_error && !resumed)
@@ -393,14 +472,15 @@ g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *conn,
       if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
                                     &session_datum) == 0)
         {
-          gnutls->priv->session_data = g_bytes_new_with_free_func (session_datum.data,
-                                                                   session_datum.size,
-                                                                   (GDestroyNotify)gnutls_free,
-                                                                   session_datum.data);
-
-          g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
-                                              gnutls->priv->session_id,
-                                              gnutls->priv->session_data);
+          gnutls->session_data = g_bytes_new_with_free_func (session_datum.data,
+                                                             session_datum.size,
+                                                             (GDestroyNotify)gnutls_free,
+                                                             session_datum.data);
+
+          if (gnutls->session_id)
+            g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
+                                                gnutls->session_id,
+                                                gnutls->session_data);
         }
     }
 }
@@ -412,15 +492,15 @@ g_tls_client_connection_gnutls_copy_session_state (GTlsClientConnection *conn,
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
   GTlsClientConnectionGnutls *gnutls_source = G_TLS_CLIENT_CONNECTION_GNUTLS (source);
 
-  if (gnutls_source->priv->session_data)
+  if (gnutls_source->session_data)
     {
-      gnutls->priv->session_data_override = TRUE;
-      gnutls->priv->session_data = g_bytes_ref (gnutls_source->priv->session_data);
+      gnutls->session_data_override = TRUE;
+      gnutls->session_data = g_bytes_ref (gnutls_source->session_data);
 
-      if (gnutls->priv->session_id)
+      if (gnutls->session_id)
         g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
-                                            gnutls->priv->session_id,
-                                            gnutls->priv->session_data);
+                                            gnutls->session_id,
+                                            gnutls->session_data);
     }
 }
 
@@ -430,11 +510,8 @@ g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klas
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsClientConnectionGnutlsPrivate));
-
   gobject_class->get_property = g_tls_client_connection_gnutls_get_property;
   gobject_class->set_property = g_tls_client_connection_gnutls_set_property;
-  gobject_class->constructed  = g_tls_client_connection_gnutls_constructed;
   gobject_class->finalize     = g_tls_client_connection_gnutls_finalize;
 
   connection_gnutls_class->failed           = g_tls_client_connection_gnutls_failed;
@@ -460,3 +537,9 @@ g_tls_client_connection_gnutls_initable_interface_init (GInitableIface  *iface)
 
   iface->init = g_tls_client_connection_gnutls_initable_init;
 }
+
+static void
+g_tls_client_connection_gnutls_dtls_client_connection_interface_init (GDtlsClientConnectionInterface *iface)
+{
+  /* Nothing here. */
+}

diff --git a/tls/gnutls/gtlsclientconnection-gnutls.h b/tls/gnutls/gtlsclientconnection-gnutls.h
index b8898ae..87b88fc 100644 (file)
--- a/tls/gnutls/gtlsclientconnection-gnutls.h
+++ b/tls/gnutls/gtlsclientconnection-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -21,28 +30,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS            (g_tls_client_connection_gnutls_get_type ())
-#define G_TLS_CLIENT_CONNECTION_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutls))
-#define G_TLS_CLIENT_CONNECTION_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutlsClass))
-#define G_IS_TLS_CLIENT_CONNECTION_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS))
-#define G_IS_TLS_CLIENT_CONNECTION_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS))
-#define G_TLS_CLIENT_CONNECTION_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutlsClass))
-
-typedef struct _GTlsClientConnectionGnutlsPrivate GTlsClientConnectionGnutlsPrivate;
-typedef struct _GTlsClientConnectionGnutlsClass   GTlsClientConnectionGnutlsClass;
-typedef struct _GTlsClientConnectionGnutls        GTlsClientConnectionGnutls;
-
-struct _GTlsClientConnectionGnutlsClass
-{
-  GTlsConnectionGnutlsClass parent_class;
-};
-
-struct _GTlsClientConnectionGnutls
-{
-  GTlsConnectionGnutls parent_instance;
-  GTlsClientConnectionGnutlsPrivate *priv;
-};
 
-GType g_tls_client_connection_gnutls_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G, TLS_CLIENT_CONNECTION_GNUTLS, GTlsConnectionGnutls)
 
 G_END_DECLS
 

diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index ca4730b..27bbbcd 100644 (file)
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -1,11 +1,14 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2009 Red Hat, Inc
+ * Copyright 2015, 2016 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -25,21 +28,18 @@
 
 #include <errno.h>
 #include <stdarg.h>
+#include <gnutls/dtls.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 
 #include "gtlsconnection-gnutls.h"
 #include "gtlsbackend-gnutls.h"
 #include "gtlscertificate-gnutls.h"
+#include "gtlsclientconnection-gnutls.h"
 #include "gtlsinputstream-gnutls.h"
 #include "gtlsoutputstream-gnutls.h"
 #include "gtlsserverconnection-gnutls.h"
 
-#ifdef HAVE_PKCS11
-#include <p11-kit/pin.h>
-#include "pkcs11/gpkcs11pin.h"
-#endif
-
 #ifdef G_OS_WIN32
 #include <winsock2.h>
 #include <winerror.h>
@@ -51,48 +51,77 @@
 #endif
 
 #include <glib/gi18n-lib.h>
+#include <glib/gprintf.h>
+
+/*
+ * GTlsConnectionGnutls is the base abstract implementation of TLS and DTLS
+ * support, for both the client and server side of a connection. The choice
+ * between TLS and DTLS is made by setting the base-io-stream or
+ * base-socket properties — exactly one of them must be set at
+ * construction time.
+ *
+ * Client and server specific code is in the GTlsClientConnectionGnutls and
+ * GTlsServerConnectionGnutls concrete subclasses, although the line about where
+ * code is put is a little blurry, and there are various places in
+ * GTlsConnectionGnutls which check G_IS_TLS_CLIENT_CONNECTION(self) to switch
+ * to a client-only code path.
+ *
+ * This abstract class implements a lot of interfaces:
+ *  • Derived from GTlsConnection (itself from GIOStream), for TLS and streaming
+ *    communications.
+ *  • Implements GDtlsConnection and GDatagramBased, for DTLS and datagram
+ *    communications.
+ *  • Implements GInitable for failable GnuTLS initialisation.
+ *
+ * The GTlsClientConnectionGnutls and GTlsServerConnectionGnutls subclasses are
+ * both derived from GTlsConnectionGnutls (and hence GIOStream), and both
+ * implement the relevant TLS and DTLS interfaces:
+ *  • GTlsClientConnection
+ *  • GDtlsClientConnection
+ *  • GTlsServerConnection
+ *  • GDtlsServerConnection
+ */
 
 static ssize_t g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t  transport_data,
-                                                 const void             *buf,
-                                                 size_t                  buflen);
+                                                  const void             *buf,
+                                                  size_t                  buflen);
+static ssize_t g_tls_connection_gnutls_vec_push_func (gnutls_transport_ptr_t  transport_data,
+                                                      const giovec_t         *iov,
+                                                      int                     iovcnt);
 static ssize_t g_tls_connection_gnutls_pull_func (gnutls_transport_ptr_t  transport_data,
-                                                 void                   *buf,
-                                                 size_t                  buflen);
+                                                  void                   *buf,
+                                                  size_t                  buflen);
+
+static int     g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data,
+                                                          unsigned int           ms);
+
 
 static void     g_tls_connection_gnutls_initable_iface_init (GInitableIface  *iface);
 static gboolean g_tls_connection_gnutls_initable_init       (GInitable       *initable,
-                                                            GCancellable    *cancellable,
-                                                            GError         **error);
-
-#ifdef HAVE_PKCS11
-static P11KitPin*    on_pin_prompt_callback  (const char     *pinfile,
-                                              P11KitUri      *pin_uri,
-                                              const char     *pin_description,
-                                              P11KitPinFlags  pin_flags,
-                                              void           *callback_data);
-#endif
+                                                             GCancellable    *cancellable,
+                                                             GError         **error);
+static void     g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface);
+static void     g_tls_connection_gnutls_datagram_based_iface_init  (GDatagramBasedInterface  *iface);
 
 static void g_tls_connection_gnutls_init_priorities (void);
 
+static int verify_certificate_cb (gnutls_session_t session);
+
 static gboolean do_implicit_handshake (GTlsConnectionGnutls  *gnutls,
-                                      gboolean               blocking,
-                                      GCancellable          *cancellable,
-                                      GError               **error);
+                                       gint64                 timeout,
+                                       GCancellable          *cancellable,
+                                       GError               **error);
 static gboolean finish_handshake (GTlsConnectionGnutls  *gnutls,
-                                 GTask                 *thread_task,
-                                 GError               **error);
-
-G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION,
-                                 G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                        g_tls_connection_gnutls_initable_iface_init);
-                                 g_tls_connection_gnutls_init_priorities ();
-                                 );
-
+                                  GTask                 *task,
+                                  GError               **error);
 
 enum
 {
   PROP_0,
+  /* For this class: */
   PROP_BASE_IO_STREAM,
+  PROP_BASE_SOCKET,
+  /* For GTlsConnection and GDtlsConnection: */
   PROP_REQUIRE_CLOSE_NOTIFY,
   PROP_REHANDSHAKE_MODE,
   PROP_USE_SYSTEM_CERTDB,
@@ -100,22 +129,52 @@ enum
   PROP_CERTIFICATE,
   PROP_INTERACTION,
   PROP_PEER_CERTIFICATE,
-  PROP_PEER_CERTIFICATE_ERRORS
+  PROP_PEER_CERTIFICATE_ERRORS,
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  PROP_ADVERTISED_PROTOCOLS,
+  PROP_NEGOTIATED_PROTOCOL,
+#endif
 };
 
-struct _GTlsConnectionGnutlsPrivate
+typedef struct
 {
+  /* When operating in stream mode, as a GTlsConnection. These are
+   * mutually-exclusive with base_socket. There are two different
+   * GIOStreams here: (a) base_io_stream and (b) the GTlsConnectionGnutls
+   * itself. base_io_stream is the GIOStream used to create the GTlsConnection,
+   * and corresponds to the GTlsConnection::base-io-stream property.
+   * base_istream and base_ostream are the GInputStream and GOutputStream,
+   * respectively, of base_io_stream. These are for the underlying sockets that
+   * don't know about TLS.
+   *
+   * Then the GTlsConnectionGnutls also has tls_istream and tls_ostream which
+   * wrap the aforementioned base streams with a TLS session.
+   *
+   * When operating in datagram mode, none of these are used.
+   */
   GIOStream *base_io_stream;
   GPollableInputStream *base_istream;
   GPollableOutputStream *base_ostream;
+  GInputStream *tls_istream;
+  GOutputStream *tls_ostream;
+
+  /* When operating in datagram mode, as a GDtlsConnection, the
+   * GTlsConnectionGnutls is itself the DTLS GDatagramBased. It uses base_socket
+   * for the underlying I/O. It is mutually-exclusive with base_io_stream and
+   * the other streams.
+   */
+  GDatagramBased *base_socket;
 
   gnutls_certificate_credentials_t creds;
   gnutls_session_t session;
 
   GTlsCertificate *certificate, *peer_certificate;
   GTlsCertificateFlags peer_certificate_errors;
-  GTlsCertificate *peer_certificate_tmp;
-  GTlsCertificateFlags peer_certificate_errors_tmp;
+
+  GMutex verify_certificate_mutex;
+  GCond verify_certificate_condition;
+  gboolean peer_certificate_accepted;
+  gboolean peer_certificate_examined;
 
   gboolean require_close_notify;
   GTlsRehandshakeMode rehandshake_mode;
@@ -144,8 +203,9 @@ struct _GTlsConnectionGnutlsPrivate
    * future operations). ever_handshaked indicates that TLS has
    * been successfully negotiated at some point.
    */
-  gboolean need_handshake, need_finish_handshake;
+  gboolean need_handshake, need_finish_handshake, sync_handshake_completed;
   gboolean started_handshake, handshaking, ever_handshaked;
+  GMainContext *handshake_context;
   GTask *implicit_handshake;
   GError *handshake_error;
   GByteArray *app_data_buf;
@@ -155,65 +215,72 @@ struct _GTlsConnectionGnutlsPrivate
   gboolean read_closing, read_closed;
   gboolean write_closing, write_closed;
 
-  GInputStream *tls_istream;
-  GOutputStream *tls_ostream;
-
   GTlsInteraction *interaction;
   gchar *interaction_id;
 
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  gchar **advertised_protocols;
+  gchar *negotiated_protocol;
+#endif
+
   GMutex        op_mutex;
   GCancellable *waiting_for_op;
 
   gboolean      reading;
-  gboolean      read_blocking;
+  gint64        read_timeout;
   GError       *read_error;
   GCancellable *read_cancellable;
 
   gboolean      writing;
-  gboolean      write_blocking;
+  gint64        write_timeout;
   GError       *write_error;
   GCancellable *write_cancellable;
+} GTlsConnectionGnutlsPrivate;
 
-#ifndef GNUTLS_E_PREMATURE_TERMINATION
-  gboolean eof;
-#endif
-};
+G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION,
+                                  G_ADD_PRIVATE (GTlsConnectionGnutls);
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                         g_tls_connection_gnutls_initable_iface_init);
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED,
+                                                         g_tls_connection_gnutls_datagram_based_iface_init);
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION,
+                                                         g_tls_connection_gnutls_dtls_connection_iface_init);
+                                  g_tls_connection_gnutls_init_priorities ();
+                                  );
 
 static gint unique_interaction_id = 0;
 
 static void
 g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gint unique_id;
 
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutlsPrivate);
+  gnutls_certificate_allocate_credentials (&priv->creds);
 
-  gnutls_certificate_allocate_credentials (&gnutls->priv->creds);
-  gnutls_certificate_set_verify_flags (gnutls->priv->creds,
-                                      GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+  g_mutex_init (&priv->verify_certificate_mutex);
+  g_cond_init (&priv->verify_certificate_condition);
 
-  gnutls->priv->need_handshake = TRUE;
+  priv->need_handshake = TRUE;
 
-  gnutls->priv->database_is_unset = TRUE;
-  gnutls->priv->is_system_certdb = TRUE;
+  priv->database_is_unset = TRUE;
+  priv->is_system_certdb = TRUE;
 
   unique_id = g_atomic_int_add (&unique_interaction_id, 1);
-  gnutls->priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
-
-#ifdef HAVE_PKCS11
-  p11_kit_pin_register_callback (gnutls->priv->interaction_id,
-                                 on_pin_prompt_callback, gnutls, NULL);
-#endif
+  priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
 
-  gnutls->priv->waiting_for_op = g_cancellable_new ();
-  g_cancellable_cancel (gnutls->priv->waiting_for_op);
-  g_mutex_init (&gnutls->priv->op_mutex);
+  priv->waiting_for_op = g_cancellable_new ();
+  g_cancellable_cancel (priv->waiting_for_op);
+  g_mutex_init (&priv->op_mutex);
 }
 
 /* First field is "fallback", second is "allow unsafe rehandshaking" */
 static gnutls_priority_t priorities[2][2];
 
-#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT:%LATEST_RECORD_VERSION"
+/* TODO: Get rid of this in favor of gnutls_set_default_priority_append()
+ * when upgrading to GnuTLS 3.6.3.
+ */
+#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT"
 
 static void
 g_tls_connection_gnutls_init_priorities (void)
@@ -246,7 +313,7 @@ g_tls_connection_gnutls_init_priorities (void)
   for (i = 0; i < nprotos; i++)
     {
       if (protos[i] < fallback_proto)
-       fallback_proto = protos[i];
+        fallback_proto = protos[i];
     }
   if (fallback_proto == G_MAXUINT)
     {
@@ -255,27 +322,14 @@ g_tls_connection_gnutls_init_priorities (void)
     }
   else
     {
-      gchar *cleaned_base, *p, *rest;
-
-      /* fallback_priority should be based on base_priority, except
-       * that we don't want %LATEST_RECORD_VERSION in it.
-       */
-      cleaned_base = g_strdup (base_priority);
-      p = strstr (cleaned_base, ":%LATEST_RECORD_VERSION");
-      if (p)
-       {
-         rest = p + strlen (":%LATEST_RECORD_VERSION");
-         memmove (p, rest, strlen (rest) + 1);
-       }
-
-      fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s",
-                                          cleaned_base,
-                                          gnutls_protocol_get_name (fallback_proto));
-
-      g_free (cleaned_base);
+      /* %COMPAT is intentionally duplicated here, to ensure it gets added for
+       * the fallback even if the default priority has been changed. */
+      fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s:%%FALLBACK_SCSV",
+                                           DEFAULT_BASE_PRIORITY,
+                                           gnutls_protocol_get_name (fallback_proto));
     }
   fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION",
-                                                         fallback_priority);
+                                                          fallback_priority);
 
   ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL);
   g_warn_if_fail (ret == 0);
@@ -288,51 +342,96 @@ g_tls_connection_gnutls_init_priorities (void)
 static void
 g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean fallback, unsafe_rehandshake;
 
   if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
-    fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
+    {
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+      fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+    }
   else
     fallback = FALSE;
-  unsafe_rehandshake = (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
-  gnutls_priority_set (gnutls->priv->session,
-                      priorities[fallback][unsafe_rehandshake]);
+  unsafe_rehandshake = (priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
+  gnutls_priority_set (priv->session,
+                       priorities[fallback][unsafe_rehandshake]);
+}
+
+static gboolean
+g_tls_connection_gnutls_is_dtls (GTlsConnectionGnutls *gnutls)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return (priv->base_socket != NULL);
 }
 
 static gboolean
 g_tls_connection_gnutls_initable_init (GInitable     *initable,
-                                      GCancellable  *cancellable,
-                                      GError       **error)
+                                       GCancellable  *cancellable,
+                                       GError       **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
   guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER;
   int status;
 
-  g_return_val_if_fail (gnutls->priv->base_istream != NULL &&
-                       gnutls->priv->base_ostream != NULL, FALSE);
+  g_return_val_if_fail ((priv->base_istream == NULL) ==
+                        (priv->base_ostream == NULL), FALSE);
+  g_return_val_if_fail ((priv->base_socket == NULL) !=
+                        (priv->base_istream == NULL), FALSE);
+
+  /* Check whether to use DTLS or TLS. */
+  if (g_tls_connection_gnutls_is_dtls (gnutls))
+    flags |= GNUTLS_DATAGRAM;
+
+  gnutls_init (&priv->session, flags);
 
-  gnutls_init (&gnutls->priv->session, flags);
+  gnutls_session_set_ptr (priv->session, gnutls);
+  gnutls_session_set_verify_function (priv->session, verify_certificate_cb);
 
-  status = gnutls_credentials_set (gnutls->priv->session,
-                                  GNUTLS_CRD_CERTIFICATE,
-                                  gnutls->priv->creds);
+  status = gnutls_credentials_set (priv->session,
+                                   GNUTLS_CRD_CERTIFICATE,
+                                   priv->creds);
   if (status != 0)
     {
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
-                  _("Could not create TLS connection: %s"),
-                  gnutls_strerror (status));
+                   _("Could not create TLS connection: %s"),
+                   gnutls_strerror (status));
       return FALSE;
     }
 
-  gnutls_transport_set_push_function (gnutls->priv->session,
-                                     g_tls_connection_gnutls_push_func);
-  gnutls_transport_set_pull_function (gnutls->priv->session,
-                                     g_tls_connection_gnutls_pull_func);
-  gnutls_transport_set_ptr (gnutls->priv->session, gnutls);
+  gnutls_transport_set_push_function (priv->session,
+                                      g_tls_connection_gnutls_push_func);
+  gnutls_transport_set_pull_function (priv->session,
+                                      g_tls_connection_gnutls_pull_func);
+  gnutls_transport_set_pull_timeout_function (priv->session,
+                                              g_tls_connection_gnutls_pull_timeout_func);
+  gnutls_transport_set_ptr (priv->session, gnutls);
 
-  gnutls->priv->tls_istream = g_tls_input_stream_gnutls_new (gnutls);
-  gnutls->priv->tls_ostream = g_tls_output_stream_gnutls_new (gnutls);
+  /* GDatagramBased supports vectored I/O; GPollableOutputStream does not. */
+  if (priv->base_socket != NULL)
+    {
+      gnutls_transport_set_vec_push_function (priv->session,
+                                              g_tls_connection_gnutls_vec_push_func);
+    }
+
+  /* Set reasonable MTU */
+  if (flags & GNUTLS_DATAGRAM)
+    gnutls_dtls_set_mtu (priv->session, 1400);
+
+  /* Create output streams if operating in streaming mode. */
+  if (!(flags & GNUTLS_DATAGRAM))
+    {
+      priv->tls_istream = g_tls_input_stream_gnutls_new (gnutls);
+      priv->tls_ostream = g_tls_output_stream_gnutls_new (gnutls);
+    }
 
   return TRUE;
 }
@@ -341,101 +440,123 @@ static void
 g_tls_connection_gnutls_finalize (GObject *object)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  g_clear_object (&priv->base_io_stream);
+  g_clear_object (&priv->base_socket);
+
+  g_clear_object (&priv->tls_istream);
+  g_clear_object (&priv->tls_ostream);
 
-  g_clear_object (&gnutls->priv->base_io_stream);
+  if (priv->session)
+    gnutls_deinit (priv->session);
+  if (priv->creds)
+    gnutls_certificate_free_credentials (priv->creds);
 
-  g_clear_object (&gnutls->priv->tls_istream);
-  g_clear_object (&gnutls->priv->tls_ostream);
+  g_clear_object (&priv->database);
+  g_clear_object (&priv->certificate);
+  g_clear_object (&priv->peer_certificate);
 
-  if (gnutls->priv->session)
-    gnutls_deinit (gnutls->priv->session);
-  if (gnutls->priv->creds)
-    gnutls_certificate_free_credentials (gnutls->priv->creds);
+  g_mutex_clear (&priv->verify_certificate_mutex);
+  g_cond_clear (&priv->verify_certificate_condition);
 
-  g_clear_object (&gnutls->priv->database);
-  g_clear_object (&gnutls->priv->certificate);
-  g_clear_object (&gnutls->priv->peer_certificate);
-  g_clear_object (&gnutls->priv->peer_certificate_tmp);
+  g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
 
-  g_clear_pointer (&gnutls->priv->app_data_buf, g_byte_array_unref);
+  g_free (priv->interaction_id);
+  g_clear_object (&priv->interaction);
 
-#ifdef HAVE_PKCS11
-  p11_kit_pin_unregister_callback (gnutls->priv->interaction_id,
-                                   on_pin_prompt_callback, gnutls);
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  g_clear_pointer (&priv->advertised_protocols, g_strfreev);
+  g_clear_pointer (&priv->negotiated_protocol, g_free);
 #endif
-  g_free (gnutls->priv->interaction_id);
-  g_clear_object (&gnutls->priv->interaction);
 
-  g_clear_error (&gnutls->priv->handshake_error);
-  g_clear_error (&gnutls->priv->read_error);
-  g_clear_error (&gnutls->priv->write_error);
+  g_clear_error (&priv->handshake_error);
+  g_clear_error (&priv->read_error);
+  g_clear_error (&priv->write_error);
 
-  /* This must always be NULL at this, as it holds a referehce to @gnutls as
+  g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+
+  /* This must always be NULL here, as it holds a reference to @gnutls as
    * its source object. However, we clear it anyway just in case this changes
    * in future. */
-  g_clear_object (&gnutls->priv->implicit_handshake);
+  g_clear_object (&priv->implicit_handshake);
 
-  g_clear_object (&gnutls->priv->read_cancellable);
-  g_clear_object (&gnutls->priv->write_cancellable);
+  g_clear_object (&priv->read_cancellable);
+  g_clear_object (&priv->write_cancellable);
 
-  g_clear_object (&gnutls->priv->waiting_for_op);
-  g_mutex_clear (&gnutls->priv->op_mutex);
+  g_clear_object (&priv->waiting_for_op);
+  g_mutex_clear (&priv->op_mutex);
 
   G_OBJECT_CLASS (g_tls_connection_gnutls_parent_class)->finalize (object);
 }
 
 static void
 g_tls_connection_gnutls_get_property (GObject    *object,
-                                     guint       prop_id,
-                                     GValue     *value,
-                                     GParamSpec *pspec)
+                                      guint       prop_id,
+                                      GValue     *value,
+                                      GParamSpec *pspec)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsBackend *backend;
 
   switch (prop_id)
     {
     case PROP_BASE_IO_STREAM:
-      g_value_set_object (value, gnutls->priv->base_io_stream);
+      g_value_set_object (value, priv->base_io_stream);
+      break;
+
+    case PROP_BASE_SOCKET:
+      g_value_set_object (value, priv->base_socket);
       break;
 
     case PROP_REQUIRE_CLOSE_NOTIFY:
-      g_value_set_boolean (value, gnutls->priv->require_close_notify);
+      g_value_set_boolean (value, priv->require_close_notify);
       break;
 
     case PROP_REHANDSHAKE_MODE:
-      g_value_set_enum (value, gnutls->priv->rehandshake_mode);
+      g_value_set_enum (value, priv->rehandshake_mode);
       break;
 
     case PROP_USE_SYSTEM_CERTDB:
-      g_value_set_boolean (value, gnutls->priv->is_system_certdb);
+      g_value_set_boolean (value, priv->is_system_certdb);
       break;
 
     case PROP_DATABASE:
-      if (gnutls->priv->database_is_unset)
+      if (priv->database_is_unset)
         {
           backend = g_tls_backend_get_default ();
-          gnutls->priv->database =  g_tls_backend_get_default_database (backend);
-          gnutls->priv->database_is_unset = FALSE;
+          priv->database =  g_tls_backend_get_default_database (backend);
+          priv->database_is_unset = FALSE;
         }
-      g_value_set_object (value, gnutls->priv->database);
+      g_value_set_object (value, priv->database);
       break;
 
     case PROP_CERTIFICATE:
-      g_value_set_object (value, gnutls->priv->certificate);
+      g_value_set_object (value, priv->certificate);
       break;
 
     case PROP_INTERACTION:
-      g_value_set_object (value, gnutls->priv->interaction);
+      g_value_set_object (value, priv->interaction);
       break;
 
     case PROP_PEER_CERTIFICATE:
-      g_value_set_object (value, gnutls->priv->peer_certificate);
+      g_value_set_object (value, priv->peer_certificate);
       break;
 
     case PROP_PEER_CERTIFICATE_ERRORS:
-      g_value_set_flags (value, gnutls->priv->peer_certificate_errors);
+      g_value_set_flags (value, priv->peer_certificate_errors);
+      break;
+
+#if GLIB_CHECK_VERSION(2, 60, 0)
+    case PROP_ADVERTISED_PROTOCOLS:
+      g_value_set_boxed (value, priv->advertised_protocols);
+      break;
+
+    case PROP_NEGOTIATED_PROTOCOL:
+      g_value_set_string (value, priv->negotiated_protocol);
       break;
+#endif
 
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -444,11 +565,12 @@ g_tls_connection_gnutls_get_property (GObject    *object,
 
 static void
 g_tls_connection_gnutls_set_property (GObject      *object,
-                                     guint         prop_id,
-                                     const GValue *value,
-                                     GParamSpec   *pspec)
+                                      guint         prop_id,
+                                      const GValue *value,
+                                      GParamSpec   *pspec)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GInputStream *istream;
   GOutputStream *ostream;
   gboolean system_certdb;
@@ -457,67 +579,85 @@ g_tls_connection_gnutls_set_property (GObject      *object,
   switch (prop_id)
     {
     case PROP_BASE_IO_STREAM:
-      if (gnutls->priv->base_io_stream)
-       {
-         g_object_unref (gnutls->priv->base_io_stream);
-         gnutls->priv->base_istream = NULL;
-         gnutls->priv->base_ostream = NULL;
-       }
-      gnutls->priv->base_io_stream = g_value_dup_object (value);
-      if (!gnutls->priv->base_io_stream)
-       return;
-
-      istream = g_io_stream_get_input_stream (gnutls->priv->base_io_stream);
-      ostream = g_io_stream_get_output_stream (gnutls->priv->base_io_stream);
+      g_assert (g_value_get_object (value) == NULL ||
+                priv->base_socket == NULL);
+
+      if (priv->base_io_stream)
+        {
+          g_object_unref (priv->base_io_stream);
+          priv->base_istream = NULL;
+          priv->base_ostream = NULL;
+        }
+      priv->base_io_stream = g_value_dup_object (value);
+      if (!priv->base_io_stream)
+        return;
+
+      istream = g_io_stream_get_input_stream (priv->base_io_stream);
+      ostream = g_io_stream_get_output_stream (priv->base_io_stream);
 
       if (G_IS_POLLABLE_INPUT_STREAM (istream) &&
-         g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
-       gnutls->priv->base_istream = G_POLLABLE_INPUT_STREAM (istream);
+          g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
+        priv->base_istream = G_POLLABLE_INPUT_STREAM (istream);
       if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) &&
-         g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
-       gnutls->priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
+          g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
+        priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
+      break;
+
+    case PROP_BASE_SOCKET:
+      g_assert (g_value_get_object (value) == NULL ||
+                priv->base_io_stream == NULL);
+
+      g_clear_object (&priv->base_socket);
+      priv->base_socket = g_value_dup_object (value);
       break;
 
     case PROP_REQUIRE_CLOSE_NOTIFY:
-      gnutls->priv->require_close_notify = g_value_get_boolean (value);
+      priv->require_close_notify = g_value_get_boolean (value);
       break;
 
     case PROP_REHANDSHAKE_MODE:
-      gnutls->priv->rehandshake_mode = g_value_get_enum (value);
+      priv->rehandshake_mode = g_value_get_enum (value);
       break;
 
     case PROP_USE_SYSTEM_CERTDB:
       system_certdb = g_value_get_boolean (value);
-      if (system_certdb != gnutls->priv->is_system_certdb)
+      if (system_certdb != priv->is_system_certdb)
         {
-          g_clear_object (&gnutls->priv->database);
+          g_clear_object (&priv->database);
           if (system_certdb)
             {
               backend = g_tls_backend_get_default ();
-              gnutls->priv->database = g_tls_backend_get_default_database (backend);
+              priv->database = g_tls_backend_get_default_database (backend);
             }
-          gnutls->priv->is_system_certdb = system_certdb;
-          gnutls->priv->database_is_unset = FALSE;
+          priv->is_system_certdb = system_certdb;
+          priv->database_is_unset = FALSE;
         }
       break;
 
     case PROP_DATABASE:
-      g_clear_object (&gnutls->priv->database);
-      gnutls->priv->database = g_value_dup_object (value);
-      gnutls->priv->is_system_certdb = FALSE;
-      gnutls->priv->database_is_unset = FALSE;
+      g_clear_object (&priv->database);
+      priv->database = g_value_dup_object (value);
+      priv->is_system_certdb = FALSE;
+      priv->database_is_unset = FALSE;
       break;
 
     case PROP_CERTIFICATE:
-      if (gnutls->priv->certificate)
-       g_object_unref (gnutls->priv->certificate);
-      gnutls->priv->certificate = g_value_dup_object (value);
+      if (priv->certificate)
+        g_object_unref (priv->certificate);
+      priv->certificate = g_value_dup_object (value);
       break;
 
     case PROP_INTERACTION:
-      g_clear_object (&gnutls->priv->interaction);
-      gnutls->priv->interaction = g_value_dup_object (value);
+      g_clear_object (&priv->interaction);
+      priv->interaction = g_value_dup_object (value);
+      break;
+
+#if GLIB_CHECK_VERSION(2, 60, 0)
+    case PROP_ADVERTISED_PROTOCOLS:
+      g_clear_pointer (&priv->advertised_protocols, g_strfreev);
+      priv->advertised_protocols = g_value_dup_boxed (value);
       break;
+#endif
 
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -527,29 +667,42 @@ g_tls_connection_gnutls_set_property (GObject      *object,
 gnutls_certificate_credentials_t
 g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *gnutls)
 {
-  return gnutls->priv->creds;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return priv->creds;
 }
 
 gnutls_session_t
 g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *gnutls)
 {
-  return gnutls->priv->session;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return priv->session;
 }
 
 void
-g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
-                                         gnutls_retr2_st      *st)
+g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls  *gnutls,
+                                         gnutls_pcert_st      **pcert,
+                                         unsigned int          *pcert_length,
+                                         gnutls_privkey_t      *pkey)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsCertificate *cert;
 
   cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (gnutls));
 
-  st->cert_type = GNUTLS_CRT_X509;
-  st->ncerts = 0;
-
   if (cert)
+    {
       g_tls_certificate_gnutls_copy (G_TLS_CERTIFICATE_GNUTLS (cert),
-                                     gnutls->priv->interaction_id, st);
+                                     priv->interaction_id,
+                                     pcert, pcert_length, pkey);
+    }
+  else
+    {
+      *pcert = NULL;
+      *pcert_length = 0;
+      *pkey = NULL;
+    }
 }
 
 typedef enum {
@@ -563,38 +716,40 @@ typedef enum {
 
 static gboolean
 claim_op (GTlsConnectionGnutls    *gnutls,
-         GTlsConnectionGnutlsOp   op,
-         gboolean                 blocking,
-         GCancellable            *cancellable,
-         GError                 **error)
+          GTlsConnectionGnutlsOp   op,
+          gint64                   timeout,
+          GCancellable            *cancellable,
+          GError                 **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
  try_again:
   if (g_cancellable_set_error_if_cancelled (cancellable, error))
     return FALSE;
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
+  g_mutex_lock (&priv->op_mutex);
 
   if (((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
         op == G_TLS_CONNECTION_GNUTLS_OP_READ) &&
-       (gnutls->priv->read_closing || gnutls->priv->read_closed)) ||
+       (priv->read_closing || priv->read_closed)) ||
       ((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
         op == G_TLS_CONNECTION_GNUTLS_OP_WRITE) &&
-       (gnutls->priv->write_closing || gnutls->priv->write_closed)))
+       (priv->write_closing || priv->write_closed)))
     {
       g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
-                          _("Connection is closed"));
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+                           _("Connection is closed"));
+      g_mutex_unlock (&priv->op_mutex);
       return FALSE;
     }
 
-  if (gnutls->priv->handshake_error &&
+  if (priv->handshake_error &&
       op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
       op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
       op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
     {
       if (error)
-       *error = g_error_copy (gnutls->priv->handshake_error);
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+        *error = g_error_copy (priv->handshake_error);
+      g_mutex_unlock (&priv->op_mutex);
       return FALSE;
     }
 
@@ -603,141 +758,195 @@ claim_op (GTlsConnectionGnutls    *gnutls,
       if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
           op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
           op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
-          gnutls->priv->need_handshake)
-       {
-         gnutls->priv->need_handshake = FALSE;
-         gnutls->priv->handshaking = TRUE;
-         if (!do_implicit_handshake (gnutls, blocking, cancellable, error))
-           {
-             g_mutex_unlock (&gnutls->priv->op_mutex);
-             return FALSE;
-           }
-       }
-
-      if (gnutls->priv->need_finish_handshake &&
-         gnutls->priv->implicit_handshake)
-       {
-         GError *my_error = NULL;
-         gboolean success;
-
-         gnutls->priv->need_finish_handshake = FALSE;
-
-         g_mutex_unlock (&gnutls->priv->op_mutex);
-         success = finish_handshake (gnutls, gnutls->priv->implicit_handshake, &my_error);
-         g_clear_object (&gnutls->priv->implicit_handshake);
-         g_mutex_lock (&gnutls->priv->op_mutex);
-
-         if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
-             op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
-             op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
-             (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
-           {
-             g_propagate_error (error, my_error);
-             g_mutex_unlock (&gnutls->priv->op_mutex);
-             return FALSE;
-           }
+          priv->need_handshake)
+        {
+          priv->need_handshake = FALSE;
+          priv->handshaking = TRUE;
+          if (!do_implicit_handshake (gnutls, timeout, cancellable, error))
+            {
+              g_mutex_unlock (&priv->op_mutex);
+              return FALSE;
+            }
+        }
+
+      if (priv->need_finish_handshake &&
+          priv->implicit_handshake)
+        {
+          GError *my_error = NULL;
+          gboolean success;
+
+          priv->need_finish_handshake = FALSE;
+
+          g_mutex_unlock (&priv->op_mutex);
+          success = finish_handshake (gnutls, priv->implicit_handshake, &my_error);
+          g_clear_object (&priv->implicit_handshake);
+          g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+          g_mutex_lock (&priv->op_mutex);
+
+          if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
+              op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
+              op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
+              (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
+            {
+              g_propagate_error (error, my_error);
+              g_mutex_unlock (&priv->op_mutex);
+              return FALSE;
+            }
 
           g_clear_error (&my_error);
-       }
+        }
+    }
+
+  if (priv->handshaking &&
+      timeout != 0 &&
+      g_main_context_is_owner (priv->handshake_context))
+    {
+      /* Cannot perform a blocking operation during a handshake on the
+       * same thread that triggered the handshake. The only way this can
+       * occur is if the application is doing something weird in its
+       * accept-certificate callback. Allowing a blocking op would stall
+       * the handshake (forever, if there's no timeout). Even a close
+       * op would deadlock here.
+       */
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _("Cannot perform blocking operation during TLS handshake"));
+      g_mutex_unlock (&priv->op_mutex);
+      return FALSE;
     }
 
-  if ((op != G_TLS_CONNECTION_GNUTLS_OP_WRITE && gnutls->priv->reading) ||
-      (op != G_TLS_CONNECTION_GNUTLS_OP_READ && gnutls->priv->writing) ||
-      (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE && gnutls->priv->handshaking))
+  if ((op != G_TLS_CONNECTION_GNUTLS_OP_WRITE && priv->reading) ||
+      (op != G_TLS_CONNECTION_GNUTLS_OP_READ && priv->writing) ||
+      (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE && priv->handshaking))
     {
       GPollFD fds[2];
       int nfds;
+      gint64 start_time;
+      gint result = 1;  /* if the loop is never entered, it’s as if we cancelled early */
 
-      g_cancellable_reset (gnutls->priv->waiting_for_op);
+      g_cancellable_reset (priv->waiting_for_op);
 
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+      g_mutex_unlock (&priv->op_mutex);
 
-      if (!blocking)
-       {
-         g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
-                              _("Operation would block"));
-         return FALSE;
-       }
+      if (timeout == 0)
+        {
+          /* Intentionally not translated because this is not a fatal error to be
+           * presented to the user, and to avoid this showing up in profiling. */
+          g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, "Operation would block");
+          return FALSE;
+        }
 
-      g_cancellable_make_pollfd (gnutls->priv->waiting_for_op, &fds[0]);
+      g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
       if (g_cancellable_make_pollfd (cancellable, &fds[1]))
-       nfds = 2;
+        nfds = 2;
       else
-       nfds = 1;
+        nfds = 1;
+
+      /* Convert from microseconds to milliseconds. */
+      if (timeout != -1)
+        timeout = timeout / 1000;
+
+      /* Poll until cancellation or the timeout is reached. */
+      start_time = g_get_monotonic_time ();
 
-      g_poll (fds, nfds, -1);
+      while (!g_cancellable_is_cancelled (priv->waiting_for_op) &&
+             !g_cancellable_is_cancelled (cancellable))
+        {
+          result = g_poll (fds, nfds, timeout);
+
+          if (result == 0)
+            break;
+          if (result != -1 || errno != EINTR)
+            continue;
+
+          if (timeout != -1)
+            {
+              timeout -= (g_get_monotonic_time () - start_time) / 1000;
+              if (timeout < 0)
+                timeout = 0;
+            }
+        }
 
       if (nfds > 1)
         g_cancellable_release_fd (cancellable);
 
+      if (result == 0)
+        {
+          g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
+                               _("Socket I/O timed out"));
+          return FALSE;
+        }
+
       goto try_again;
     }
 
   if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
     {
-      gnutls->priv->handshaking = TRUE;
-      gnutls->priv->need_handshake = FALSE;
+      priv->handshaking = TRUE;
+      priv->need_handshake = FALSE;
     }
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
-    gnutls->priv->read_closing = TRUE;
+    priv->read_closing = TRUE;
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
-    gnutls->priv->write_closing = TRUE;
+    priv->write_closing = TRUE;
 
   if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
-    gnutls->priv->reading = TRUE;
+    priv->reading = TRUE;
   if (op != G_TLS_CONNECTION_GNUTLS_OP_READ)
-    gnutls->priv->writing = TRUE;
+    priv->writing = TRUE;
 
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_mutex_unlock (&priv->op_mutex);
   return TRUE;
 }
 
 static void
 yield_op (GTlsConnectionGnutls   *gnutls,
-         GTlsConnectionGnutlsOp  op)
+          GTlsConnectionGnutlsOp  op)
 {
-  g_mutex_lock (&gnutls->priv->op_mutex);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  g_mutex_lock (&priv->op_mutex);
 
   if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
-    gnutls->priv->handshaking = FALSE;
+    priv->handshaking = FALSE;
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
-    gnutls->priv->read_closing = FALSE;
+    priv->read_closing = FALSE;
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
-    gnutls->priv->write_closing = FALSE;
+    priv->write_closing = FALSE;
 
   if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
-    gnutls->priv->reading = FALSE;
+    priv->reading = FALSE;
   if (op != G_TLS_CONNECTION_GNUTLS_OP_READ)
-    gnutls->priv->writing = FALSE;
+    priv->writing = FALSE;
 
-  g_cancellable_cancel (gnutls->priv->waiting_for_op);
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_cancellable_cancel (priv->waiting_for_op);
+  g_mutex_unlock (&priv->op_mutex);
 }
 
 static void
 begin_gnutls_io (GTlsConnectionGnutls  *gnutls,
-                GIOCondition           direction,
-                gboolean               blocking,
-                GCancellable          *cancellable)
+                 GIOCondition           direction,
+                 gint64                 timeout,
+                 GCancellable          *cancellable)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   g_assert (direction & (G_IO_IN | G_IO_OUT));
 
   if (direction & G_IO_IN)
     {
-      gnutls->priv->read_blocking = blocking;
-      gnutls->priv->read_cancellable = cancellable;
-      g_clear_error (&gnutls->priv->read_error);
+      priv->read_timeout = timeout;
+      priv->read_cancellable = cancellable;
+      g_clear_error (&priv->read_error);
     }
 
   if (direction & G_IO_OUT)
     {
-      gnutls->priv->write_blocking = blocking;
-      gnutls->priv->write_cancellable = cancellable;
-      g_clear_error (&gnutls->priv->write_error);
+      priv->write_timeout = timeout;
+      priv->write_cancellable = cancellable;
+      g_clear_error (&priv->write_error);
     }
 }
 
@@ -746,116 +955,112 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
                GIOCondition           direction,
                int                    status,
                GError               **error,
-               const char            *err_fmt,
-               ...) G_GNUC_PRINTF(5, 6);
+               const char            *err_prefix);
 
 static int
 end_gnutls_io (GTlsConnectionGnutls  *gnutls,
                GIOCondition           direction,
                int                    status,
                GError               **error,
-               const char            *err_fmt,
-               ...)
+               const char            *err_prefix)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GError *my_error = NULL;
 
   g_assert (direction & (G_IO_IN | G_IO_OUT));
   g_assert (!error || !*error);
 
+  /* We intentionally do not check for GNUTLS_E_INTERRUPTED here
+   * Instead, the caller may poll for the source to become ready again.
+   * (Note that GTlsOutputStreamGnutls and GTlsInputStreamGnutls inherit
+   * from GPollableOutputStream and GPollableInputStream, respectively.)
+   * See also the comment in set_gnutls_error().
+   */
   if (status == GNUTLS_E_AGAIN ||
       status == GNUTLS_E_WARNING_ALERT_RECEIVED)
     return GNUTLS_E_AGAIN;
 
   if (direction & G_IO_IN)
     {
-      gnutls->priv->read_cancellable = NULL;
+      priv->read_cancellable = NULL;
       if (status < 0)
-       {
-         my_error = gnutls->priv->read_error;
-         gnutls->priv->read_error = NULL;
-       }
+        {
+          my_error = priv->read_error;
+          priv->read_error = NULL;
+        }
       else
-       g_clear_error (&gnutls->priv->read_error);
+        g_clear_error (&priv->read_error);
     }
   if (direction & G_IO_OUT)
     {
-      gnutls->priv->write_cancellable = NULL;
+      priv->write_cancellable = NULL;
       if (status < 0 && !my_error)
-       {
-         my_error = gnutls->priv->write_error;
-         gnutls->priv->write_error = NULL;
-       }
+        {
+          my_error = priv->write_error;
+          priv->write_error = NULL;
+        }
       else
-       g_clear_error (&gnutls->priv->write_error);
+        g_clear_error (&priv->write_error);
     }
 
   if (status >= 0)
     return status;
 
-  if (gnutls->priv->handshaking && !gnutls->priv->ever_handshaked)
+  if (priv->handshaking && !priv->ever_handshaked)
     {
       if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
-#if GLIB_CHECK_VERSION (2, 35, 3)
-         g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
-#endif
-         status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH ||
-         status == GNUTLS_E_FATAL_ALERT_RECEIVED ||
-         status == GNUTLS_E_DECRYPTION_FAILED ||
-         status == GNUTLS_E_UNSUPPORTED_VERSION_PACKET)
-       {
-         g_clear_error (&my_error);
-         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
-                              _("Peer failed to perform TLS handshake"));
-         return GNUTLS_E_PULL_ERROR;
-       }
+          g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
+          status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH ||
+          status == GNUTLS_E_DECRYPTION_FAILED ||
+          status == GNUTLS_E_UNSUPPORTED_VERSION_PACKET)
+        {
+          g_clear_error (&my_error);
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+                               _("Peer failed to perform TLS handshake"));
+          return GNUTLS_E_PULL_ERROR;
+        }
     }
 
   if (my_error)
     {
       if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) &&
           !g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
-       G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
+        G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
       g_propagate_error (error, my_error);
       return status;
     }
   else if (status == GNUTLS_E_REHANDSHAKE)
     {
-      if (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
-       {
-         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
-                              _("Peer requested illegal TLS rehandshake"));
-         return GNUTLS_E_PULL_ERROR;
-       }
-
-      g_mutex_lock (&gnutls->priv->op_mutex);
-      if (!gnutls->priv->handshaking)
-       gnutls->priv->need_handshake = TRUE;
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+      if (priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
+        {
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                               _("Peer requested illegal TLS rehandshake"));
+          return GNUTLS_E_PULL_ERROR;
+        }
+
+      g_mutex_lock (&priv->op_mutex);
+      if (!priv->handshaking)
+        priv->need_handshake = TRUE;
+      g_mutex_unlock (&priv->op_mutex);
       return status;
     }
-  else if (
-#ifdef GNUTLS_E_PREMATURE_TERMINATION
-          status == GNUTLS_E_PREMATURE_TERMINATION
-#else
-          status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH && gnutls->priv->eof
-#endif
-          )
-    {
-      if (gnutls->priv->handshaking && !gnutls->priv->ever_handshaked)
-       {
-         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
-                              _("Peer failed to perform TLS handshake"));
-         return GNUTLS_E_PULL_ERROR;
-       }
-      else if (gnutls->priv->require_close_notify)
-       {
-         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF,
-                              _("TLS connection closed unexpectedly"));
-         G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
-         return status;
-       }
+  else if (status == GNUTLS_E_PREMATURE_TERMINATION)
+    {
+      if (priv->handshaking && !priv->ever_handshaked)
+        {
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+                               _("Peer failed to perform TLS handshake"));
+          return GNUTLS_E_PULL_ERROR;
+        }
+      else if (priv->require_close_notify)
+        {
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF,
+                               _("TLS connection closed unexpectedly"));
+          G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
+          return status;
+        }
       else
-       return 0;
+        return 0;
     }
   else if (status == GNUTLS_E_NO_CERTIFICATE_FOUND)
     {
@@ -863,54 +1068,113 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
                            _("TLS connection peer did not send a certificate"));
       return status;
     }
+  else if (status == GNUTLS_E_CERTIFICATE_ERROR)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                   _("Unacceptable TLS certificate"));
+      return status;
+    }
+  else if (status == GNUTLS_E_FATAL_ALERT_RECEIVED)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Peer sent fatal TLS alert: %s"),
+                   gnutls_alert_get_name (gnutls_alert_get (priv->session)));
+      return status;
+    }
+  else if (status == GNUTLS_E_INAPPROPRIATE_FALLBACK)
+    {
+      g_set_error_literal (error, G_TLS_ERROR,
+#if GLIB_CHECK_VERSION(2, 60, 0)
+                           G_TLS_ERROR_INAPPROPRIATE_FALLBACK,
+#else
+                           G_TLS_ERROR_MISC,
+#endif
+                           _("Protocol version downgrade attack detected"));
+      return status;
+    }
+  else if (status == GNUTLS_E_LARGE_PACKET)
+    {
+      guint mtu = gnutls_dtls_get_data_mtu (priv->session);
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE,
+                   ngettext ("Message is too large for DTLS connection; maximum is %u byte",
+                             "Message is too large for DTLS connection; maximum is %u bytes", mtu), mtu);
+      return status;
+    }
+  else if (status == GNUTLS_E_TIMEDOUT)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
+                           _("The operation timed out"));
+      return status;
+    }
 
   if (error)
     {
-      va_list ap;
-
-      va_start (ap, err_fmt);
-      *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
-      va_end (ap);
+      *error = g_error_new (G_TLS_ERROR, G_TLS_ERROR_MISC, "%s: %s",
+          err_prefix, gnutls_strerror (status));
     }
   return status;
 }
 
-#define BEGIN_GNUTLS_IO(gnutls, direction, blocking, cancellable)      \
-  begin_gnutls_io (gnutls, direction, blocking, cancellable);          \
+#define BEGIN_GNUTLS_IO(gnutls, direction, timeout, cancellable)        \
+  begin_gnutls_io (gnutls, direction, timeout, cancellable);            \
   do {
 
-#define END_GNUTLS_IO(gnutls, direction, ret, errmsg, err)             \
-  } while ((ret = end_gnutls_io (gnutls, direction, ret, err, errmsg, gnutls_strerror (ret))) == GNUTLS_E_AGAIN);
+#define END_GNUTLS_IO(gnutls, direction, ret, errmsg, err)              \
+  } while ((ret = end_gnutls_io (gnutls, direction, ret, err, errmsg)) == GNUTLS_E_AGAIN);
+
+/* Checks whether the underlying base stream or GDatagramBased meets
+ * @condition. */
+static gboolean
+g_tls_connection_gnutls_base_check (GTlsConnectionGnutls  *gnutls,
+                                    GIOCondition           condition)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  if (g_tls_connection_gnutls_is_dtls (gnutls))
+    return g_datagram_based_condition_check (priv->base_socket,
+                                             condition);
+  else if (condition & G_IO_IN)
+    return g_pollable_input_stream_is_readable (priv->base_istream);
+  else if (condition & G_IO_OUT)
+    return g_pollable_output_stream_is_writable (priv->base_ostream);
+  else
+    g_assert_not_reached ();
+}
 
+/* Checks whether the (D)TLS stream meets @condition; not the underlying base
+ * stream or GDatagramBased. */
 gboolean
 g_tls_connection_gnutls_check (GTlsConnectionGnutls  *gnutls,
-                              GIOCondition           condition)
+                               GIOCondition           condition)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   /* Racy, but worst case is that we just get WOULD_BLOCK back */
-  if (gnutls->priv->need_finish_handshake)
+  if (priv->need_finish_handshake)
     return TRUE;
 
   /* If a handshake or close is in progress, then tls_istream and
    * tls_ostream are blocked, regardless of the base stream status.
    */
-  if (gnutls->priv->handshaking)
+  if (priv->handshaking)
     return FALSE;
 
-  if (((condition & G_IO_IN) && gnutls->priv->read_closing) ||
-      ((condition & G_IO_OUT) && gnutls->priv->write_closing))
+  if (((condition & G_IO_IN) && priv->read_closing) ||
+      ((condition & G_IO_OUT) && priv->write_closing))
     return FALSE;
 
-  if (condition & G_IO_IN)
-    return g_pollable_input_stream_is_readable (gnutls->priv->base_istream);
-  else
-    return g_pollable_output_stream_is_writable (gnutls->priv->base_ostream);
+  /* Defer to the base stream or GDatagramBased. */
+  return g_tls_connection_gnutls_base_check (gnutls, condition);
 }
 
 typedef struct {
   GSource               source;
 
   GTlsConnectionGnutls *gnutls;
-  GObject              *stream;
+  /* Either a GDatagramBased (datagram mode), or a GPollableInputStream or
+   * GPollableOutputStream (streaming mode):
+   */
+  GObject              *base;
 
   GSource              *child_source;
   GIOCondition          condition;
@@ -921,7 +1185,7 @@ typedef struct {
 
 static gboolean
 gnutls_source_prepare (GSource *source,
-                      gint    *timeout)
+                       gint    *timeout)
 {
   *timeout = -1;
   return FALSE;
@@ -933,30 +1197,40 @@ gnutls_source_check (GSource *source)
   return FALSE;
 }
 
+/* Use a custom dummy callback instead of g_source_set_dummy_callback(), as that
+ * uses a GClosure and is slow. (The GClosure is necessary to deal with any
+ * function prototype.) */
+static gboolean
+dummy_callback (gpointer data)
+{
+  return G_SOURCE_CONTINUE;
+}
+
 static void
 gnutls_source_sync (GTlsConnectionGnutlsSource *gnutls_source)
 {
   GTlsConnectionGnutls *gnutls = gnutls_source->gnutls;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean io_waiting, op_waiting;
 
   /* Was the source destroyed earlier in this main context iteration? */
-  if (g_source_is_destroyed ((GSource *) gnutls_source))
+  if (g_source_is_destroyed ((GSource *)gnutls_source))
     return;
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
-  if (((gnutls_source->condition & G_IO_IN) && gnutls->priv->reading) ||
-      ((gnutls_source->condition & G_IO_OUT) && gnutls->priv->writing) ||
-      (gnutls->priv->handshaking && !gnutls->priv->need_finish_handshake))
+  g_mutex_lock (&priv->op_mutex);
+  if (((gnutls_source->condition & G_IO_IN) && priv->reading) ||
+      ((gnutls_source->condition & G_IO_OUT) && priv->writing) ||
+      (priv->handshaking && !priv->need_finish_handshake))
     op_waiting = TRUE;
   else
     op_waiting = FALSE;
 
-  if (!op_waiting && !gnutls->priv->need_handshake &&
-      !gnutls->priv->need_finish_handshake)
+  if (!op_waiting && !priv->need_handshake &&
+      !priv->need_finish_handshake)
     io_waiting = TRUE;
   else
     io_waiting = FALSE;
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_mutex_unlock (&priv->op_mutex);
 
   if (op_waiting == gnutls_source->op_waiting &&
       io_waiting == gnutls_source->io_waiting)
@@ -967,33 +1241,41 @@ gnutls_source_sync (GTlsConnectionGnutlsSource *gnutls_source)
   if (gnutls_source->child_source)
     {
       g_source_remove_child_source ((GSource *)gnutls_source,
-                                   gnutls_source->child_source);
+                                    gnutls_source->child_source);
       g_source_unref (gnutls_source->child_source);
     }
 
   if (op_waiting)
-    gnutls_source->child_source = g_cancellable_source_new (gnutls->priv->waiting_for_op);
-  else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (gnutls_source->stream))
-    gnutls_source->child_source = g_pollable_input_stream_create_source (gnutls->priv->base_istream, NULL);
-  else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (gnutls_source->stream))
-    gnutls_source->child_source = g_pollable_output_stream_create_source (gnutls->priv->base_ostream, NULL);
+    gnutls_source->child_source = g_cancellable_source_new (priv->waiting_for_op);
+  else if (io_waiting && G_IS_DATAGRAM_BASED (gnutls_source->base))
+    gnutls_source->child_source = g_datagram_based_create_source (priv->base_socket, gnutls_source->condition, NULL);
+  else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (gnutls_source->base))
+    gnutls_source->child_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
+  else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (gnutls_source->base))
+    gnutls_source->child_source = g_pollable_output_stream_create_source (priv->base_ostream, NULL);
   else
     gnutls_source->child_source = g_timeout_source_new (0);
 
-  g_source_set_dummy_callback (gnutls_source->child_source);
+  g_source_set_callback (gnutls_source->child_source, dummy_callback, NULL, NULL);
   g_source_add_child_source ((GSource *)gnutls_source, gnutls_source->child_source);
 }
 
 static gboolean
 gnutls_source_dispatch (GSource     *source,
-                       GSourceFunc  callback,
-                       gpointer     user_data)
+                        GSourceFunc  callback,
+                        gpointer     user_data)
 {
-  GPollableSourceFunc func = (GPollableSourceFunc)callback;
+  GDatagramBasedSourceFunc datagram_based_func = (GDatagramBasedSourceFunc)callback;
+  GPollableSourceFunc pollable_func = (GPollableSourceFunc)callback;
   GTlsConnectionGnutlsSource *gnutls_source = (GTlsConnectionGnutlsSource *)source;
   gboolean ret;
 
-  ret = (*func) (gnutls_source->stream, user_data);
+  if (G_IS_DATAGRAM_BASED (gnutls_source->base))
+    ret = (*datagram_based_func) (G_DATAGRAM_BASED (gnutls_source->base),
+                                  gnutls_source->condition, user_data);
+  else
+    ret = (*pollable_func) (gnutls_source->base, user_data);
+
   if (ret)
     gnutls_source_sync (gnutls_source);
 
@@ -1011,7 +1293,7 @@ gnutls_source_finalize (GSource *source)
 
 static gboolean
 g_tls_connection_gnutls_source_closure_callback (GObject  *stream,
-                                                gpointer  data)
+                                                 gpointer  data)
 {
   GClosure *closure = data;
 
@@ -1033,7 +1315,35 @@ g_tls_connection_gnutls_source_closure_callback (GObject  *stream,
   return result;
 }
 
-static GSourceFuncs gnutls_source_funcs =
+static gboolean
+g_tls_connection_gnutls_source_dtls_closure_callback (GObject  *stream,
+                                                      GIOCondition condition,
+                                                      gpointer  data)
+{
+  GClosure *closure = data;
+
+  GValue param[2] = { G_VALUE_INIT, G_VALUE_INIT };
+  GValue result_value = G_VALUE_INIT;
+  gboolean result;
+
+  g_value_init (&result_value, G_TYPE_BOOLEAN);
+
+  g_value_init (&param[0], G_TYPE_DATAGRAM_BASED);
+  g_value_set_object (&param[0], stream);
+  g_value_init (&param[1], G_TYPE_IO_CONDITION);
+  g_value_set_flags (&param[1], condition);
+
+  g_closure_invoke (closure, &result_value, 2, param, NULL);
+
+  result = g_value_get_boolean (&result_value);
+  g_value_unset (&result_value);
+  g_value_unset (&param[0]);
+  g_value_unset (&param[1]);
+
+  return result;
+}
+
+static GSourceFuncs gnutls_tls_source_funcs =
 {
   gnutls_source_prepare,
   gnutls_source_check,
@@ -1043,23 +1353,47 @@ static GSourceFuncs gnutls_source_funcs =
   (GSourceDummyMarshal)g_cclosure_marshal_generic
 };
 
+static GSourceFuncs gnutls_dtls_source_funcs =
+{
+  gnutls_source_prepare,
+  gnutls_source_check,
+  gnutls_source_dispatch,
+  gnutls_source_finalize,
+  (GSourceFunc)g_tls_connection_gnutls_source_dtls_closure_callback,
+  (GSourceDummyMarshal)g_cclosure_marshal_generic
+};
+
 GSource *
 g_tls_connection_gnutls_create_source (GTlsConnectionGnutls  *gnutls,
-                                      GIOCondition           condition,
-                                      GCancellable          *cancellable)
+                                       GIOCondition           condition,
+                                       GCancellable          *cancellable)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GSource *source, *cancellable_source;
   GTlsConnectionGnutlsSource *gnutls_source;
 
-  source = g_source_new (&gnutls_source_funcs, sizeof (GTlsConnectionGnutlsSource));
+  if (g_tls_connection_gnutls_is_dtls (gnutls))
+    {
+      source = g_source_new (&gnutls_dtls_source_funcs,
+                             sizeof (GTlsConnectionGnutlsSource));
+    }
+  else
+    {
+      source = g_source_new (&gnutls_tls_source_funcs,
+                             sizeof (GTlsConnectionGnutlsSource));
+    }
   g_source_set_name (source, "GTlsConnectionGnutlsSource");
   gnutls_source = (GTlsConnectionGnutlsSource *)source;
   gnutls_source->gnutls = g_object_ref (gnutls);
   gnutls_source->condition = condition;
-  if (condition & G_IO_IN)
-    gnutls_source->stream = G_OBJECT (gnutls->priv->tls_istream);
-  else if (condition & G_IO_OUT)
-    gnutls_source->stream = G_OBJECT (gnutls->priv->tls_ostream);
+  if (g_tls_connection_gnutls_is_dtls (gnutls))
+    gnutls_source->base = G_OBJECT (gnutls);
+  else if (priv->tls_istream != NULL && condition & G_IO_IN)
+    gnutls_source->base = G_OBJECT (priv->tls_istream);
+  else if (priv->tls_ostream != NULL && condition & G_IO_OUT)
+    gnutls_source->base = G_OBJECT (priv->tls_ostream);
+  else
+    g_assert_not_reached ();
 
   gnutls_source->op_waiting = (gboolean) -1;
   gnutls_source->io_waiting = (gboolean) -1;
@@ -1076,10 +1410,90 @@ g_tls_connection_gnutls_create_source (GTlsConnectionGnutls  *gnutls,
   return source;
 }
 
+static GSource *
+g_tls_connection_gnutls_dtls_create_source (GDatagramBased  *datagram_based,
+                                            GIOCondition     condition,
+                                            GCancellable    *cancellable)
+{
+  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
+
+  return g_tls_connection_gnutls_create_source (gnutls, condition, cancellable);
+}
+
+static GIOCondition
+g_tls_connection_gnutls_condition_check (GDatagramBased  *datagram_based,
+                                         GIOCondition     condition)
+{
+  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
+
+  return (g_tls_connection_gnutls_check (gnutls, condition)) ? condition : 0;
+}
+
+static gboolean
+g_tls_connection_gnutls_condition_wait (GDatagramBased  *datagram_based,
+                                        GIOCondition     condition,
+                                        gint64           timeout,
+                                        GCancellable    *cancellable,
+                                        GError         **error)
+{
+  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  GPollFD fds[2];
+  guint n_fds;
+  gint result = 1;  /* if the loop is never entered, it’s as if we cancelled early */
+  gint64 start_time;
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return FALSE;
+
+  /* Convert from microseconds to milliseconds. */
+  if (timeout != -1)
+    timeout = timeout / 1000;
+
+  start_time = g_get_monotonic_time ();
+
+  g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
+  n_fds = 1;
+
+  if (g_cancellable_make_pollfd (cancellable, &fds[1]))
+    n_fds++;
+
+  while (!g_tls_connection_gnutls_condition_check (datagram_based, condition) &&
+         !g_cancellable_is_cancelled (cancellable))
+    {
+      result = g_poll (fds, n_fds, timeout);
+      if (result == 0)
+        break;
+      if (result != -1 || errno != EINTR)
+        continue;
+
+      if (timeout != -1)
+        {
+          timeout -= (g_get_monotonic_time () - start_time) / 1000;
+          if (timeout < 0)
+            timeout = 0;
+        }
+    }
+
+  if (n_fds > 1)
+    g_cancellable_release_fd (cancellable);
+
+  if (result == 0)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
+                           _("Socket I/O timed out"));
+      return FALSE;
+    }
+
+  return !g_cancellable_set_error_if_cancelled (cancellable, error);
+}
+
 static void
 set_gnutls_error (GTlsConnectionGnutls *gnutls,
-                 GError               *error)
+                  GError               *error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   /* We set EINTR rather than EAGAIN for G_IO_ERROR_WOULD_BLOCK so
    * that GNUTLS_E_AGAIN only gets returned for gnutls-internal
    * reasons, not for actual socket EAGAINs (and we have access
@@ -1088,77 +1502,277 @@ set_gnutls_error (GTlsConnectionGnutls *gnutls,
    */
 
   if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
-    gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+    gnutls_transport_set_errno (priv->session, EINTR);
   else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
-    gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+    {
+      /* Return EAGAIN while handshaking so that GnuTLS handles retries for us
+       * internally in its handshaking code. */
+      if (priv->base_socket && priv->handshaking)
+        gnutls_transport_set_errno (priv->session, EAGAIN);
+      else
+        gnutls_transport_set_errno (priv->session, EINTR);
+    }
   else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
-    gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+    gnutls_transport_set_errno (priv->session, EINTR);
+  else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE))
+    gnutls_transport_set_errno (priv->session, EMSGSIZE);
   else
-    gnutls_transport_set_errno (gnutls->priv->session, EIO);
+    gnutls_transport_set_errno (priv->session, EIO);
 }
 
 static ssize_t
 g_tls_connection_gnutls_pull_func (gnutls_transport_ptr_t  transport_data,
-                                  void                   *buf,
-                                  size_t                  buflen)
+                                   void                   *buf,
+                                   size_t                  buflen)
 {
   GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   ssize_t ret;
 
-  /* If gnutls->priv->read_error is non-%NULL when we're called, it means
+  /* If priv->read_error is non-%NULL when we're called, it means
    * that an error previously occurred, but gnutls decided not to
    * propagate it. So it's correct for us to just clear it. (Usually
    * this means it ignored an EAGAIN after a short read, and now
    * we'll return EAGAIN again, which it will obey this time.)
    */
-  g_clear_error (&gnutls->priv->read_error);
+  g_clear_error (&priv->read_error);
+
+  if (g_tls_connection_gnutls_is_dtls (gnutls))
+    {
+      GInputVector vector = { buf, buflen };
+      GInputMessage message = { NULL, &vector, 1, 0, 0, NULL, NULL };
+
+      ret = g_datagram_based_receive_messages (priv->base_socket,
+                                               &message, 1, 0,
+                                               priv->handshaking ? 0 : priv->read_timeout,
+                                               priv->read_cancellable,
+                                               &priv->read_error);
 
-  ret = g_pollable_stream_read (G_INPUT_STREAM (gnutls->priv->base_istream),
-                               buf, buflen,
-                               gnutls->priv->read_blocking,
-                               gnutls->priv->read_cancellable,
-                               &gnutls->priv->read_error);
+      if (ret > 0)
+        ret = message.bytes_received;
+    }
+  else
+    {
+      ret = g_pollable_stream_read (G_INPUT_STREAM (priv->base_istream),
+                                    buf, buflen,
+                                    (priv->read_timeout != 0),
+                                    priv->read_cancellable,
+                                    &priv->read_error);
+    }
 
   if (ret < 0)
-    set_gnutls_error (gnutls, gnutls->priv->read_error);
-#ifndef GNUTLS_E_PREMATURE_TERMINATION
-  else if (ret == 0)
-    gnutls->priv->eof = TRUE;
-#endif
+    set_gnutls_error (gnutls, priv->read_error);
 
   return ret;
 }
 
 static ssize_t
 g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t  transport_data,
-                                  const void             *buf,
-                                  size_t                  buflen)
+                                   const void             *buf,
+                                   size_t                  buflen)
 {
   GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   ssize_t ret;
 
   /* See comment in pull_func. */
-  g_clear_error (&gnutls->priv->write_error);
+  g_clear_error (&priv->write_error);
+
+  if (g_tls_connection_gnutls_is_dtls (gnutls))
+    {
+      GOutputVector vector = { buf, buflen };
+      GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 };
+
+      ret = g_datagram_based_send_messages (priv->base_socket,
+                                            &message, 1, 0,
+                                            priv->write_timeout,
+                                            priv->write_cancellable,
+                                            &priv->write_error);
+
+      if (ret > 0)
+        ret = message.bytes_sent;
+    }
+  else
+    {
+      ret = g_pollable_stream_write (G_OUTPUT_STREAM (priv->base_ostream),
+                                     buf, buflen,
+                                     (priv->write_timeout != 0),
+                                     priv->write_cancellable,
+                                     &priv->write_error);
+    }
 
-  ret = g_pollable_stream_write (G_OUTPUT_STREAM (gnutls->priv->base_ostream),
-                                buf, buflen,
-                                gnutls->priv->write_blocking,
-                                gnutls->priv->write_cancellable,
-                                &gnutls->priv->write_error);
   if (ret < 0)
-    set_gnutls_error (gnutls, gnutls->priv->write_error);
+    set_gnutls_error (gnutls, priv->write_error);
 
   return ret;
 }
 
-static GTlsCertificate *
-get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
+static ssize_t
+g_tls_connection_gnutls_vec_push_func (gnutls_transport_ptr_t  transport_data,
+                                       const giovec_t         *iov,
+                                       int                     iovcnt)
 {
-  const gnutls_datum_t *certs;
-  GTlsCertificateGnutls *chain;
+  GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  ssize_t ret;
+  GOutputMessage message = { NULL, };
+  GOutputVector *vectors;
+
+  /* This function should only be set if we’re using base_socket. */
+  g_assert (priv->base_socket != NULL);
+
+  /* See comment in pull_func. */
+  g_clear_error (&priv->write_error);
+
+  /* this entire expression will be evaluated at compile time */
+  if (sizeof *iov == sizeof *vectors &&
+      sizeof iov->iov_base == sizeof vectors->buffer &&
+      G_STRUCT_OFFSET (giovec_t, iov_base) ==
+      G_STRUCT_OFFSET (GOutputVector, buffer) &&
+      sizeof iov->iov_len == sizeof vectors->size &&
+      G_STRUCT_OFFSET (giovec_t, iov_len) ==
+      G_STRUCT_OFFSET (GOutputVector, size))
+    /* ABI is compatible */
+    {
+      message.vectors = (GOutputVector *)iov;
+      message.num_vectors = iovcnt;
+    }
+  else
+    /* ABI is incompatible */
+    {
+      gint i;
+
+      message.vectors = g_newa (GOutputVector, iovcnt);
+      for (i = 0; i < iovcnt; i++)
+        {
+          message.vectors[i].buffer = (void *)iov[i].iov_base;
+          message.vectors[i].size = iov[i].iov_len;
+        }
+      message.num_vectors = iovcnt;
+    }
+
+  ret = g_datagram_based_send_messages (priv->base_socket,
+                                        &message, 1, 0,
+                                        priv->write_timeout,
+                                        priv->write_cancellable,
+                                        &priv->write_error);
+
+  if (ret > 0)
+    ret = message.bytes_sent;
+  else if (ret < 0)
+    set_gnutls_error (gnutls, priv->write_error);
+
+  return ret;
+}
+
+static gboolean
+read_pollable_cb (GPollableInputStream *istream,
+                  gpointer              user_data)
+{
+  gboolean *read_done = user_data;
+
+  *read_done = TRUE;
+
+  return G_SOURCE_CONTINUE;
+}
+
+static gboolean
+read_datagram_based_cb (GDatagramBased *datagram_based,
+                        GIOCondition    condition,
+                        gpointer        user_data)
+{
+  gboolean *read_done = user_data;
+
+  *read_done = TRUE;
+
+  return G_SOURCE_CONTINUE;
+}
+
+static gboolean
+read_timeout_cb (gpointer user_data)
+{
+  gboolean *timed_out = user_data;
+
+  *timed_out = TRUE;
+
+  return G_SOURCE_REMOVE;
+}
+
+static int
+g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data,
+                                           unsigned int           ms)
+{
+  GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  /* Fast path. */
+  if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) ||
+      g_cancellable_is_cancelled (priv->read_cancellable))
+    return 1;
+
+  /* If @ms is 0, GnuTLS wants an instant response, so there’s no need to
+   * construct and query a #GSource. */
+  if (ms > 0)
+    {
+      GMainContext *ctx = NULL;
+      GSource *read_source = NULL, *timeout_source = NULL;
+      gboolean read_done = FALSE, timed_out = FALSE;
+
+      ctx = g_main_context_new ();
+
+      /* Create a timeout source. */
+      timeout_source = g_timeout_source_new (ms);
+      g_source_set_callback (timeout_source, (GSourceFunc)read_timeout_cb,
+                             &timed_out, NULL);
+
+      /* Create a read source. We cannot use g_source_set_ready_time() on this
+       * to combine it with the @timeout_source, as that could mess with the
+       * internals of the #GDatagramBased’s #GSource implementation. */
+      if (g_tls_connection_gnutls_is_dtls (gnutls))
+        {
+          read_source = g_datagram_based_create_source (priv->base_socket, G_IO_IN, NULL);
+          g_source_set_callback (read_source, (GSourceFunc)read_datagram_based_cb,
+                                 &read_done, NULL);
+        }
+      else
+        {
+          read_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
+          g_source_set_callback (read_source, (GSourceFunc)read_pollable_cb,
+                                 &read_done, NULL);
+        }
+
+      g_source_attach (read_source, ctx);
+      g_source_attach (timeout_source, ctx);
+
+      while (!read_done && !timed_out)
+        g_main_context_iteration (ctx, TRUE);
+
+      g_source_destroy (read_source);
+      g_source_destroy (timeout_source);
+
+      g_main_context_unref (ctx);
+      g_source_unref (read_source);
+      g_source_unref (timeout_source);
+
+      /* If @read_source was dispatched due to cancellation, the resulting error
+       * will be handled in g_tls_connection_gnutls_pull_func(). */
+      if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) ||
+          g_cancellable_is_cancelled (priv->read_cancellable))
+        return 1;
+    }
+
+  return 0;
+}
+
+static GTlsCertificate *
+get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  const gnutls_datum_t *certs;
+  GTlsCertificateGnutls *chain;
   unsigned int num_certs;
 
-  certs = gnutls_certificate_get_peers (gnutls->priv->session, &num_certs);
+  certs = gnutls_certificate_get_peers (priv->session, &num_certs);
   if (!certs || !num_certs)
     return NULL;
 
@@ -1171,7 +1785,7 @@ get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
 
 static GTlsCertificateFlags
 verify_peer_certificate (GTlsConnectionGnutls *gnutls,
-                        GTlsCertificate      *peer_certificate)
+                         GTlsCertificate      *peer_certificate)
 {
   GTlsConnection *conn = G_TLS_CONNECTION (gnutls);
   GSocketConnectable *peer_identity;
@@ -1180,10 +1794,13 @@ verify_peer_certificate (GTlsConnectionGnutls *gnutls,
   gboolean is_client;
 
   is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
-  if (is_client)
+
+  if (!is_client)
+    peer_identity = NULL;
+  else if (!g_tls_connection_gnutls_is_dtls (gnutls))
     peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (gnutls));
   else
-    peer_identity = NULL;
+    peer_identity = g_dtls_client_connection_get_server_identity (G_DTLS_CLIENT_CONNECTION (gnutls));
 
   errors = 0;
 
@@ -1198,102 +1815,258 @@ verify_peer_certificate (GTlsConnectionGnutls *gnutls,
       GError *error = NULL;
 
       errors |= g_tls_database_verify_chain (database, peer_certificate,
-                                            is_client ?
-                                            G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
-                                            G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
-                                            peer_identity,
-                                            g_tls_connection_get_interaction (conn),
-                                            G_TLS_DATABASE_VERIFY_NONE,
-                                            NULL, &error);
+                                             is_client ?
+                                             G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
+                                             G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
+                                             peer_identity,
+                                             g_tls_connection_get_interaction (conn),
+                                             G_TLS_DATABASE_VERIFY_NONE,
+                                             NULL, &error);
       if (error)
-       {
-         g_warning ("failure verifying certificate chain: %s",
-                    error->message);
-         g_assert (errors != 0);
-         g_clear_error (&error);
-       }
+        {
+          g_warning ("failure verifying certificate chain: %s",
+                     error->message);
+          g_assert (errors != 0);
+          g_clear_error (&error);
+        }
     }
 
   return errors;
 }
 
 static void
+update_peer_certificate_and_compute_errors (GTlsConnectionGnutls *gnutls)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  /* This function must be called from the handshake context thread
+   * (probably the main thread, NOT the handshake thread) because it
+   * emits notifies that are application-visible.
+   *
+   * verify_certificate_mutex should be locked.
+   */
+  g_assert (priv->handshake_context);
+  g_assert (g_main_context_is_owner (priv->handshake_context));
+
+  g_clear_object (&priv->peer_certificate);
+  priv->peer_certificate_errors = 0;
+
+  if (gnutls_certificate_type_get (priv->session) == GNUTLS_CRT_X509)
+    {
+      priv->peer_certificate = get_peer_certificate_from_session (gnutls);
+      if (priv->peer_certificate)
+        priv->peer_certificate_errors = verify_peer_certificate (gnutls, priv->peer_certificate);
+    }
+
+  g_object_notify (G_OBJECT (gnutls), "peer-certificate");
+  g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
+}
+
+static gboolean
+accept_or_reject_peer_certificate (gpointer user_data)
+{
+  GTlsConnectionGnutls *gnutls = user_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  gboolean accepted = FALSE;
+
+  g_assert (g_main_context_is_owner (priv->handshake_context));
+
+  g_mutex_lock (&priv->verify_certificate_mutex);
+
+  update_peer_certificate_and_compute_errors (gnutls);
+
+  if (G_IS_TLS_CLIENT_CONNECTION (gnutls) && priv->peer_certificate != NULL)
+    {
+      GTlsCertificateFlags validation_flags;
+
+      if (!g_tls_connection_gnutls_is_dtls (gnutls))
+        validation_flags =
+          g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (gnutls));
+      else
+        validation_flags =
+          g_dtls_client_connection_get_validation_flags (G_DTLS_CLIENT_CONNECTION (gnutls));
+
+      if ((priv->peer_certificate_errors & validation_flags) == 0)
+        accepted = TRUE;
+    }
+
+  if (!accepted)
+    {
+      g_main_context_pop_thread_default (priv->handshake_context);
+      accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
+                                                           priv->peer_certificate,
+                                                           priv->peer_certificate_errors);
+      g_main_context_push_thread_default (priv->handshake_context);
+    }
+
+  priv->peer_certificate_accepted = accepted;
+
+  /* This has to be the very last statement before signaling the
+   * condition variable because otherwise the code could spuriously
+   * wakeup and continue before we are done here.
+   */
+  priv->peer_certificate_examined = TRUE;
+
+  g_cond_signal (&priv->verify_certificate_condition);
+  g_mutex_unlock (&priv->verify_certificate_mutex);
+
+  g_object_notify (G_OBJECT (gnutls), "peer-certificate");
+  g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
+
+  return G_SOURCE_REMOVE;
+}
+
+static int
+verify_certificate_cb (gnutls_session_t session)
+{
+  GTlsConnectionGnutls *gnutls = gnutls_session_get_ptr (session);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  gboolean accepted;
+
+  g_mutex_lock (&priv->verify_certificate_mutex);
+  priv->peer_certificate_examined = FALSE;
+  priv->peer_certificate_accepted = FALSE;
+  g_mutex_unlock (&priv->verify_certificate_mutex);
+
+  /* Invoke the callback on the handshake context's thread. This is
+   * necessary because we need to ensure the accept-certificate signal
+   * is emitted on the original thread.
+   */
+  g_assert (priv->handshake_context);
+  g_main_context_invoke (priv->handshake_context, accept_or_reject_peer_certificate, gnutls);
+
+  /* We'll block the handshake thread until the original thread has
+   * decided whether to accept the certificate.
+   */
+  g_mutex_lock (&priv->verify_certificate_mutex);
+  while (!priv->peer_certificate_examined)
+    g_cond_wait (&priv->verify_certificate_condition, &priv->verify_certificate_mutex);
+  accepted = priv->peer_certificate_accepted;
+  g_mutex_unlock (&priv->verify_certificate_mutex);
+
+  /* Return 0 for the handshake to continue, non-zero to terminate. */
+  return !accepted;
+}
+
+static void
 handshake_thread (GTask        *task,
-                 gpointer      object,
-                 gpointer      task_data,
-                 GCancellable *cancellable)
+                  gpointer      object,
+                  gpointer      task_data,
+                  GCancellable *cancellable)
 {
   GTlsConnectionGnutls *gnutls = object;
-  gboolean is_client;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GError *error = NULL;
   int ret;
+  gint64 start_time;
+  gint64 timeout;
 
-  gnutls->priv->started_handshake = FALSE;
+  /* A timeout, in microseconds, must be provided as a gint64* task_data. */
+  g_assert (task_data != NULL);
+
+  timeout = *((gint64 *)task_data);
+  start_time = g_get_monotonic_time ();
+  priv->started_handshake = FALSE;
 
   if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE,
-                TRUE, cancellable, &error))
+                 timeout, cancellable, &error))
     {
       g_task_return_error (task, error);
       return;
     }
 
-  g_clear_error (&gnutls->priv->handshake_error);
+  g_clear_error (&priv->handshake_error);
 
-  is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
-
-  if (!is_client && gnutls->priv->ever_handshaked &&
-      !gnutls->priv->implicit_handshake)
+  if (priv->ever_handshaked && !priv->implicit_handshake)
     {
-      BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, TRUE, cancellable);
-      ret = gnutls_rehandshake (gnutls->priv->session);
-      END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
-                    _("Error performing TLS handshake: %s"), &error);
+      if (priv->rehandshake_mode != G_TLS_REHANDSHAKE_UNSAFELY &&
+          !gnutls_safe_renegotiation_status (priv->session))
+        {
+          g_task_return_new_error (task, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                                   _("Peer does not support safe renegotiation"));
+          return;
+        }
 
-      if (error)
-       {
-         g_task_return_error (task, error);
-         return;
-       }
+      if (!G_IS_TLS_CLIENT_CONNECTION (gnutls))
+        {
+          /* Adjust the timeout for the next operation in the sequence. */
+          if (timeout > 0)
+            {
+              unsigned int timeout_ms;
+
+              timeout -= (g_get_monotonic_time () - start_time);
+              if (timeout <= 0)
+                timeout = 1;
+
+              /* Convert from microseconds to milliseconds, but ensure the timeout
+               * remains positive. */
+              timeout_ms = (timeout + 999) / 1000;
+
+              gnutls_handshake_set_timeout (priv->session, timeout_ms);
+              gnutls_dtls_set_timeouts (priv->session, 1000 /* default */,
+                                        timeout_ms);
+            }
+
+          BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
+          ret = gnutls_rehandshake (priv->session);
+          END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
+                         _("Error performing TLS handshake"), &error);
+
+          if (error)
+            {
+              g_task_return_error (task, error);
+              return;
+            }
+        }
     }
 
-  gnutls->priv->started_handshake = TRUE;
+  priv->started_handshake = TRUE;
 
-  g_clear_object (&gnutls->priv->peer_certificate);
-  gnutls->priv->peer_certificate_errors = 0;
+  if (!priv->ever_handshaked)
+    g_tls_connection_gnutls_set_handshake_priority (gnutls);
 
-  g_tls_connection_gnutls_set_handshake_priority (gnutls);
+  /* Adjust the timeout for the next operation in the sequence. */
+  if (timeout > 0)
+    {
+      unsigned int timeout_ms;
+
+      timeout -= (g_get_monotonic_time () - start_time);
+      if (timeout <= 0)
+        timeout = 1;
 
-  BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, TRUE, cancellable);
-  ret = gnutls_handshake (gnutls->priv->session);
+      /* Convert from microseconds to milliseconds, but ensure the timeout
+       * remains positive. */
+      timeout_ms = (timeout + 999) / 1000;
+
+      gnutls_handshake_set_timeout (priv->session, timeout_ms);
+      gnutls_dtls_set_timeouts (priv->session, 1000 /* default */,
+                                timeout_ms);
+    }
+
+  BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
+  ret = gnutls_handshake (priv->session);
   if (ret == GNUTLS_E_GOT_APPLICATION_DATA)
     {
       guint8 buf[1024];
 
       /* Got app data while waiting for rehandshake; buffer it and try again */
-      ret = gnutls_record_recv (gnutls->priv->session, buf, sizeof (buf));
+      ret = gnutls_record_recv (priv->session, buf, sizeof (buf));
       if (ret > -1)
-       {
-         if (!gnutls->priv->app_data_buf)
-           gnutls->priv->app_data_buf = g_byte_array_new ();
-         g_byte_array_append (gnutls->priv->app_data_buf, buf, ret);
-         ret = GNUTLS_E_AGAIN;
-       }
+        {
+          if (!priv->app_data_buf)
+            priv->app_data_buf = g_byte_array_new ();
+          g_byte_array_append (priv->app_data_buf, buf, ret);
+          ret = GNUTLS_E_AGAIN;
+        }
     }
   END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
-                _("Error performing TLS handshake: %s"), &error);
-
-  if (ret == 0 && gnutls_certificate_type_get (gnutls->priv->session) == GNUTLS_CRT_X509)
-    {
-      gnutls->priv->peer_certificate_tmp = get_peer_certificate_from_session (gnutls);
-      if (gnutls->priv->peer_certificate_tmp)
-       gnutls->priv->peer_certificate_errors_tmp = verify_peer_certificate (gnutls, gnutls->priv->peer_certificate_tmp);
-      else if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
-       {
-         g_set_error_literal (&error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                              _("Server did not return a valid TLS certificate"));
-       }
-    }
+                 _("Error performing TLS handshake"), &error);
 
+  /* This calls the finish_handshake code of GTlsClientConnectionGnutls
+   * or GTlsServerConnectionGnutls. It has nothing to do with
+   * GTlsConnectionGnutls's own finish_handshake function, which still
+   * needs to be called at this point.
+   */
   G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, &error);
 
   if (error)
@@ -1302,94 +2075,179 @@ handshake_thread (GTask        *task,
     }
   else
     {
-      gnutls->priv->ever_handshaked = TRUE;
+      priv->ever_handshaked = TRUE;
       g_task_return_boolean (task, TRUE);
     }
 }
 
-static gboolean
-accept_peer_certificate (GTlsConnectionGnutls *gnutls,
-                        GTlsCertificate      *peer_certificate,
-                        GTlsCertificateFlags  peer_certificate_errors)
+static void
+begin_handshake (GTlsConnectionGnutls *gnutls)
 {
-  gboolean accepted = FALSE;
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
-  if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
+  if (priv->advertised_protocols)
     {
-      GTlsCertificateFlags validation_flags =
-       g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (gnutls));
+      gnutls_datum_t *protocols;
+      int n_protos, i;
 
-      if ((peer_certificate_errors & validation_flags) == 0)
-       accepted = TRUE;
-    }
-
-  if (!accepted)
-    {
-      accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
-                                                          peer_certificate,
-                                                          peer_certificate_errors);
+      n_protos = g_strv_length (priv->advertised_protocols);
+      protocols = g_new (gnutls_datum_t, n_protos);
+      for (i = 0; priv->advertised_protocols[i]; i++)
+        {
+          protocols[i].size = strlen (priv->advertised_protocols[i]);
+          protocols[i].data = g_memdup (priv->advertised_protocols[i], protocols[i].size);
+        }
+      gnutls_alpn_set_protocols (priv->session, protocols, n_protos, 0);
+      g_free (protocols);
     }
+#endif
 
-  return accepted;
+  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->begin_handshake (gnutls);
 }
 
+#if GLIB_CHECK_VERSION(2, 60, 0)
 static void
-begin_handshake (GTlsConnectionGnutls *gnutls)
+update_negotiated_protocol (GTlsConnectionGnutls *gnutls)
 {
-  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->begin_handshake (gnutls);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  gchar *orig_negotiated_protocol;
+  gnutls_datum_t protocol;
+
+  /*
+   * Preserve the prior negotiated protocol before clearing it
+   */
+  orig_negotiated_protocol = g_steal_pointer (&priv->negotiated_protocol);
+
+
+  if (gnutls_alpn_get_selected_protocol (priv->session, &protocol) == 0 && protocol.size > 0)
+    priv->negotiated_protocol = g_strndup ((gchar *)protocol.data, protocol.size);
+
+  /*
+   * Notify only if the negotiated protocol changed
+   */
+  if (g_strcmp0 (orig_negotiated_protocol, priv->negotiated_protocol) != 0)
+    g_object_notify (G_OBJECT (gnutls), "negotiated-protocol");
+
+  g_free (orig_negotiated_protocol);
 }
+#endif
 
 static gboolean
 finish_handshake (GTlsConnectionGnutls  *gnutls,
-                 GTask                 *task,
-                 GError               **error)
+                  GTask                 *task,
+                  GError               **error)
 {
-  GTlsCertificate *peer_certificate;
-  GTlsCertificateFlags peer_certificate_errors;
-
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   g_assert (error != NULL);
 
-  peer_certificate = gnutls->priv->peer_certificate_tmp;
-  gnutls->priv->peer_certificate_tmp = NULL;
-  peer_certificate_errors = gnutls->priv->peer_certificate_errors_tmp;
-  gnutls->priv->peer_certificate_errors_tmp = 0;
-
-  if (g_task_propagate_boolean (task, error) && peer_certificate)
+  if (gnutls_session_is_resumed (priv->session))
     {
-      if (!accept_peer_certificate (gnutls, peer_certificate,
-                                   peer_certificate_errors))
-       {
-         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                              _("Unacceptable TLS certificate"));
-       }
+      /* Because this session was resumed, we skipped certificate
+       * verification on this handshake, so we missed our earlier
+       * chance to set peer_certificate and peer_certificate_errors.
+       * Do so here instead.
+       *
+       * The certificate has already been accepted, so we don't do
+       * anything with the result here.
+       */
+      g_mutex_lock (&priv->verify_certificate_mutex);
+      update_peer_certificate_and_compute_errors (gnutls);
+      priv->peer_certificate_examined = TRUE;
+      priv->peer_certificate_accepted = TRUE;
+      g_mutex_unlock (&priv->verify_certificate_mutex);
+    }
 
-      gnutls->priv->peer_certificate = peer_certificate;
-      gnutls->priv->peer_certificate_errors = peer_certificate_errors;
-      g_object_notify (G_OBJECT (gnutls), "peer-certificate");
-      g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
+  if (g_task_propagate_boolean (task, error) &&
+      priv->peer_certificate && !priv->peer_certificate_accepted)
+    {
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                           _("Unacceptable TLS certificate"));
     }
 
-  if (*error && gnutls->priv->started_handshake)
-    gnutls->priv->handshake_error = g_error_copy (*error);
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  if (!*error && priv->advertised_protocols)
+    update_negotiated_protocol (gnutls);
+#endif
+
+  if (*error && priv->started_handshake)
+    priv->handshake_error = g_error_copy (*error);
 
   return (*error == NULL);
 }
 
+static void
+sync_handshake_thread_completed (GObject      *object,
+                                 GAsyncResult *result,
+                                 gpointer      user_data)
+{
+  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  g_assert (g_main_context_is_owner (priv->handshake_context));
+
+  g_mutex_lock (&priv->op_mutex);
+  priv->sync_handshake_completed = TRUE;
+  g_mutex_unlock (&priv->op_mutex);
+
+  g_main_context_wakeup (priv->handshake_context);
+}
+
+static void
+crank_sync_handshake_context (GTlsConnectionGnutls *gnutls,
+                              GCancellable         *cancellable)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  /* need_finish_handshake will be set inside sync_handshake_thread_completed(),
+   * which should only ever be invoked while iterating the handshake context
+   * here. So need_finish_handshake should only change on this thread.
+   */
+  g_mutex_lock (&priv->op_mutex);
+  priv->sync_handshake_completed = FALSE;
+  while (!priv->sync_handshake_completed && !g_cancellable_is_cancelled (cancellable))
+    {
+      g_mutex_unlock (&priv->op_mutex);
+      g_main_context_iteration (priv->handshake_context, TRUE);
+      g_mutex_lock (&priv->op_mutex);
+    }
+  g_mutex_unlock (&priv->op_mutex);
+}
+
 static gboolean
 g_tls_connection_gnutls_handshake (GTlsConnection   *conn,
-                                  GCancellable     *cancellable,
-                                  GError          **error)
+                                   GCancellable     *cancellable,
+                                   GError          **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (conn);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTask *task;
   gboolean success;
+  gint64 *timeout = NULL;
   GError *my_error = NULL;
 
-  task = g_task_new (conn, cancellable, NULL, NULL);
-  g_task_set_source_tag (task, g_tls_connection_gnutls_handshake);
+  g_assert (priv->handshake_context == NULL);
+  priv->handshake_context = g_main_context_new ();
+
+  g_main_context_push_thread_default (priv->handshake_context);
+
   begin_handshake (gnutls);
-  g_task_run_in_thread_sync (task, handshake_thread);
+
+  task = g_task_new (conn, cancellable, sync_handshake_thread_completed, NULL);
+  g_task_set_source_tag (task, g_tls_connection_gnutls_handshake);
+  g_task_set_return_on_cancel (task, TRUE);
+
+  timeout = g_new0 (gint64, 1);
+  *timeout = -1;  /* blocking */
+  g_task_set_task_data (task, timeout, g_free);
+
+  g_task_run_in_thread (task, handshake_thread);
+  crank_sync_handshake_context (gnutls, cancellable);
+
   success = finish_handshake (gnutls, task, &my_error);
+
+  g_main_context_pop_thread_default (priv->handshake_context);
+  g_clear_pointer (&priv->handshake_context, g_main_context_unref);
   g_object_unref (task);
 
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
@@ -1399,6 +2257,15 @@ g_tls_connection_gnutls_handshake (GTlsConnection   *conn,
   return success;
 }
 
+static gboolean
+g_tls_connection_gnutls_dtls_handshake (GDtlsConnection       *conn,
+                                        GCancellable          *cancellable,
+                                        GError               **error)
+{
+  return g_tls_connection_gnutls_handshake (G_TLS_CONNECTION (conn),
+                                            cancellable, error);
+}
+
 /* In the async version we use two GTasks; one to run handshake_thread() and
  * then call handshake_thread_completed(), and a second to call the caller's
  * original callback after we call finish_handshake().
@@ -1406,70 +2273,78 @@ g_tls_connection_gnutls_handshake (GTlsConnection   *conn,
 
 static void
 handshake_thread_completed (GObject      *object,
-                           GAsyncResult *result,
-                           gpointer      user_data)
+                            GAsyncResult *result,
+                            gpointer      user_data)
 {
   GTask *caller_task = user_data;
   GTlsConnectionGnutls *gnutls = g_task_get_source_object (caller_task);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GError *error = NULL;
   gboolean need_finish_handshake, success;
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
-  if (gnutls->priv->need_finish_handshake)
+  g_mutex_lock (&priv->op_mutex);
+  if (priv->need_finish_handshake)
     {
       need_finish_handshake = TRUE;
-      gnutls->priv->need_finish_handshake = FALSE;
+      priv->need_finish_handshake = FALSE;
     }
   else
     need_finish_handshake = FALSE;
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_mutex_unlock (&priv->op_mutex);
 
   if (need_finish_handshake)
     {
       success = finish_handshake (gnutls, G_TASK (result), &error);
       if (success)
-       g_task_return_boolean (caller_task, TRUE);
+        g_task_return_boolean (caller_task, TRUE);
       else
-       g_task_return_error (caller_task, error);
+        g_task_return_error (caller_task, error);
     }
-  else if (gnutls->priv->handshake_error)
-    g_task_return_error (caller_task, g_error_copy (gnutls->priv->handshake_error));
+  else if (priv->handshake_error)
+    g_task_return_error (caller_task, g_error_copy (priv->handshake_error));
   else
     g_task_return_boolean (caller_task, TRUE);
 
+  g_clear_pointer (&priv->handshake_context, g_main_context_unref);
   g_object_unref (caller_task);
 }
 
 static void
 async_handshake_thread (GTask        *task,
-                       gpointer      object,
-                       gpointer      task_data,
-                       GCancellable *cancellable)
+                        gpointer      object,
+                        gpointer      task_data,
+                        GCancellable *cancellable)
 {
   GTlsConnectionGnutls *gnutls = object;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
   handshake_thread (task, object, task_data, cancellable);
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
-  gnutls->priv->need_finish_handshake = TRUE;
+  g_mutex_lock (&priv->op_mutex);
+  priv->need_finish_handshake = TRUE;
   /* yield_op will clear handshaking too, but we don't want the
    * connection to be briefly "handshaking && need_finish_handshake"
    * after we unlock the mutex.
    */
-  gnutls->priv->handshaking = FALSE;
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  priv->handshaking = FALSE;
+  g_mutex_unlock (&priv->op_mutex);
 
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
 }
 
 static void
 g_tls_connection_gnutls_handshake_async (GTlsConnection       *conn,
-                                        int                   io_priority,
-                                        GCancellable         *cancellable,
-                                        GAsyncReadyCallback   callback,
-                                        gpointer              user_data)
+                                         int                   io_priority,
+                                         GCancellable         *cancellable,
+                                         GAsyncReadyCallback   callback,
+                                         gpointer              user_data)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (G_TLS_CONNECTION_GNUTLS (conn));
   GTask *thread_task, *caller_task;
+  gint64 *timeout = NULL;
+
+  g_assert (!priv->handshake_context);
+  priv->handshake_context = g_main_context_ref_thread_default ();
 
   caller_task = g_task_new (conn, cancellable, callback, user_data);
   g_task_set_source_tag (caller_task, g_tls_connection_gnutls_handshake_async);
@@ -1478,97 +2353,258 @@ g_tls_connection_gnutls_handshake_async (GTlsConnection       *conn,
   begin_handshake (G_TLS_CONNECTION_GNUTLS (conn));
 
   thread_task = g_task_new (conn, cancellable,
-                           handshake_thread_completed, caller_task);
+                            handshake_thread_completed, caller_task);
   g_task_set_source_tag (thread_task, g_tls_connection_gnutls_handshake_async);
   g_task_set_priority (thread_task, io_priority);
+
+  timeout = g_new0 (gint64, 1);
+  *timeout = -1;  /* blocking */
+  g_task_set_task_data (thread_task, timeout, g_free);
+
   g_task_run_in_thread (thread_task, async_handshake_thread);
   g_object_unref (thread_task);
 }
 
 static gboolean
 g_tls_connection_gnutls_handshake_finish (GTlsConnection       *conn,
-                                         GAsyncResult         *result,
-                                         GError              **error)
+                                          GAsyncResult         *result,
+                                          GError              **error)
 {
   g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
 
   return g_task_propagate_boolean (G_TASK (result), error);
 }
 
+static void
+g_tls_connection_gnutls_dtls_handshake_async (GDtlsConnection       *conn,
+                                              int                    io_priority,
+                                              GCancellable          *cancellable,
+                                              GAsyncReadyCallback    callback,
+                                              gpointer               user_data)
+{
+  g_tls_connection_gnutls_handshake_async (G_TLS_CONNECTION (conn), io_priority,
+                                           cancellable, callback, user_data);
+}
+
+static gboolean
+g_tls_connection_gnutls_dtls_handshake_finish (GDtlsConnection       *conn,
+                                               GAsyncResult          *result,
+                                               GError               **error)
+{
+  return g_tls_connection_gnutls_handshake_finish (G_TLS_CONNECTION (conn),
+                                                   result, error);
+}
+
 static gboolean
 do_implicit_handshake (GTlsConnectionGnutls  *gnutls,
-                      gboolean               blocking,
-                      GCancellable          *cancellable,
-                      GError               **error)
+                       gint64                 timeout,
+                       GCancellable          *cancellable,
+                       GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  gint64 *thread_timeout = NULL;
+
   /* We have op_mutex */
 
-  gnutls->priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL);
-  g_task_set_source_tag (gnutls->priv->implicit_handshake,
+  g_assert (priv->handshake_context == NULL);
+  if (timeout != 0)
+    {
+      priv->handshake_context = g_main_context_new ();
+      g_main_context_push_thread_default (priv->handshake_context);
+    }
+  else
+    {
+      priv->handshake_context = g_main_context_ref_thread_default ();
+    }
+
+  g_assert (priv->implicit_handshake == NULL);
+  priv->implicit_handshake = g_task_new (gnutls, cancellable,
+                                         timeout ? sync_handshake_thread_completed : NULL,
+                                         NULL);
+  g_task_set_source_tag (priv->implicit_handshake,
                          do_implicit_handshake);
 
+  thread_timeout = g_new0 (gint64, 1);
+  g_task_set_task_data (priv->implicit_handshake,
+                        thread_timeout, g_free);
+
   begin_handshake (gnutls);
 
-  if (blocking)
+  if (timeout != 0)
     {
       GError *my_error = NULL;
       gboolean success;
 
-      g_mutex_unlock (&gnutls->priv->op_mutex);
-      g_task_run_in_thread_sync (gnutls->priv->implicit_handshake,
-                                handshake_thread);
+      /* In the blocking case, run the handshake operation synchronously in
+       * another thread, and delegate handling the timeout to that thread; it
+       * should return G_IO_ERROR_TIMED_OUT iff (timeout > 0) and the operation
+       * times out. If (timeout < 0) it should block indefinitely until the
+       * operation is complete or errors. */
+      *thread_timeout = timeout;
+
+      g_mutex_unlock (&priv->op_mutex);
+
+      g_task_set_return_on_cancel (priv->implicit_handshake, TRUE);
+      g_task_run_in_thread (priv->implicit_handshake, handshake_thread);
+
+      crank_sync_handshake_context (gnutls, cancellable);
+
       success = finish_handshake (gnutls,
-                                 gnutls->priv->implicit_handshake,
-                                 &my_error);
-      g_clear_object (&gnutls->priv->implicit_handshake);
+                                  priv->implicit_handshake,
+                                  &my_error);
+
+      g_main_context_pop_thread_default (priv->handshake_context);
+      g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+      g_clear_object (&priv->implicit_handshake);
+
       yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
-      g_mutex_lock (&gnutls->priv->op_mutex);
+
+      g_mutex_lock (&priv->op_mutex);
 
       if (my_error)
-       g_propagate_error (error, my_error);
+        g_propagate_error (error, my_error);
       return success;
     }
   else
     {
-      g_task_run_in_thread (gnutls->priv->implicit_handshake,
-                           async_handshake_thread);
-
-      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
-                          _("Operation would block"));
-
+      /* In the non-blocking case, start the asynchronous handshake operation
+       * and return EWOULDBLOCK to the caller, who will handle polling for
+       * completion of the handshake and whatever operation they actually cared
+       * about. Run the actual operation as blocking in its thread. */
+      *thread_timeout = -1;  /* blocking */
+
+      g_task_run_in_thread (priv->implicit_handshake,
+                            async_handshake_thread);
+
+      /* Intentionally not translated because this is not a fatal error to be
+       * presented to the user, and to avoid this showing up in profiling. */
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, "Operation would block");
       return FALSE;
     }
 }
 
 gssize
 g_tls_connection_gnutls_read (GTlsConnectionGnutls  *gnutls,
-                             void                  *buffer,
-                             gsize                  count,
-                             gboolean               blocking,
-                             GCancellable          *cancellable,
-                             GError               **error)
+                              void                  *buffer,
+                              gsize                  count,
+                              gint64                 timeout,
+                              GCancellable          *cancellable,
+                              GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gssize ret;
 
-  if (gnutls->priv->app_data_buf && !gnutls->priv->handshaking)
+  if (priv->app_data_buf && !priv->handshaking)
     {
-      ret = MIN (count, gnutls->priv->app_data_buf->len);
-      memcpy (buffer, gnutls->priv->app_data_buf->data, ret);
-      if (ret == gnutls->priv->app_data_buf->len)
-       g_clear_pointer (&gnutls->priv->app_data_buf, g_byte_array_unref);
+      ret = MIN (count, priv->app_data_buf->len);
+      memcpy (buffer, priv->app_data_buf->data, ret);
+      if (ret == priv->app_data_buf->len)
+        g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
       else
-       g_byte_array_remove_range (gnutls->priv->app_data_buf, 0, ret);
+        g_byte_array_remove_range (priv->app_data_buf, 0, ret);
+      return ret;
+    }
+
+ again:
+  if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ,
+                 timeout, cancellable, error))
+    return -1;
+
+  BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable);
+  ret = gnutls_record_recv (priv->session, buffer, count);
+  END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error);
+
+  yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ);
+
+  if (ret >= 0)
+    return ret;
+  else if (ret == GNUTLS_E_REHANDSHAKE)
+    goto again;
+  else
+    return -1;
+}
+
+static gsize
+input_vectors_from_gnutls_datum_t (GInputVector          *vectors,
+                                   guint                  num_vectors,
+                                   const gnutls_datum_t  *datum)
+{
+  guint i;
+  gsize total = 0;
+
+  /* Copy into the receive vectors. */
+  for (i = 0; i < num_vectors && total < datum->size; i++)
+    {
+      gsize count;
+      GInputVector *vec = &vectors[i];
+
+      count = MIN (vec->size, datum->size - total);
+
+      memcpy (vec->buffer, datum->data + total, count);
+      total += count;
+    }
+
+  g_assert (total <= datum->size);
+
+  return total;
+}
+
+static gssize
+g_tls_connection_gnutls_read_message (GTlsConnectionGnutls  *gnutls,
+                                      GInputVector          *vectors,
+                                      guint                  num_vectors,
+                                      gint64                 timeout,
+                                      GCancellable          *cancellable,
+                                      GError               **error)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  guint i;
+  gssize ret;
+  gnutls_packet_t packet = { 0, };
+
+  /* Copy data out of the app data buffer first. */
+  if (priv->app_data_buf && !priv->handshaking)
+    {
+      ret = 0;
+
+      for (i = 0; i < num_vectors; i++)
+        {
+          gsize count;
+          GInputVector *vec = &vectors[i];
+
+          count = MIN (vec->size, priv->app_data_buf->len);
+          ret += count;
+
+          memcpy (vec->buffer, priv->app_data_buf->data, count);
+          if (count == priv->app_data_buf->len)
+            g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
+          else
+            g_byte_array_remove_range (priv->app_data_buf, 0, count);
+        }
+
       return ret;
     }
 
  again:
   if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ,
-                blocking, cancellable, error))
+                 timeout, cancellable, error))
     return -1;
 
-  BEGIN_GNUTLS_IO (gnutls, G_IO_IN, blocking, cancellable);
-  ret = gnutls_record_recv (gnutls->priv->session, buffer, count);
-  END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket: %s"), error);
+  BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable);
+
+  /* Receive the entire datagram (zero-copy). */
+  ret = gnutls_record_recv_packet (priv->session, &packet);
+
+  if (ret > 0)
+    {
+      gnutls_datum_t data = { 0, };
+
+      gnutls_packet_get (packet, &data, NULL);
+      ret = input_vectors_from_gnutls_datum_t (vectors, num_vectors, &data);
+      gnutls_packet_deinit (packet);
+    }
+
+  END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error);
 
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ);
 
@@ -1580,25 +2616,176 @@ g_tls_connection_gnutls_read (GTlsConnectionGnutls  *gnutls,
     return -1;
 }
 
+static gint
+g_tls_connection_gnutls_receive_messages (GDatagramBased  *datagram_based,
+                                          GInputMessage   *messages,
+                                          guint            num_messages,
+                                          gint             flags,
+                                          gint64           timeout,
+                                          GCancellable    *cancellable,
+                                          GError         **error)
+{
+  GTlsConnectionGnutls *gnutls;
+  guint i;
+  GError *child_error = NULL;
+
+  gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
+
+  if (flags != G_SOCKET_MSG_NONE)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+                   _("Receive flags are not supported"));
+      return -1;
+    }
+
+  for (i = 0; i < num_messages && child_error == NULL; i++)
+    {
+      GInputMessage *message = &messages[i];
+      gssize n_bytes_read;
+
+      n_bytes_read = g_tls_connection_gnutls_read_message (gnutls,
+                                                           message->vectors,
+                                                           message->num_vectors,
+                                                           timeout,
+                                                           cancellable,
+                                                           &child_error);
+
+      if (message->address != NULL)
+        *message->address = NULL;
+      message->flags = G_SOCKET_MSG_NONE;
+      if (message->control_messages != NULL)
+        *message->control_messages = NULL;
+      message->num_control_messages = 0;
+
+      if (n_bytes_read > 0)
+        {
+          message->bytes_received = n_bytes_read;
+        }
+      else if (n_bytes_read == 0)
+        {
+          /* EOS. */
+          break;
+        }
+      else if (i > 0 &&
+               (g_error_matches (child_error,
+                                 G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) ||
+                g_error_matches (child_error,
+                                 G_IO_ERROR, G_IO_ERROR_TIMED_OUT)))
+        {
+          /* Blocked or timed out after receiving some messages successfully. */
+          g_clear_error (&child_error);
+          break;
+        }
+      else
+        {
+          /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT on
+           * the first message; or G_IO_ERROR_CANCELLED at any time. */
+          break;
+        }
+    }
+
+  if (child_error != NULL)
+    {
+      g_propagate_error (error, child_error);
+      return -1;
+    }
+
+  return i;
+}
+
 gssize
 g_tls_connection_gnutls_write (GTlsConnectionGnutls  *gnutls,
-                              const void            *buffer,
-                              gsize                  count,
-                              gboolean               blocking,
-                              GCancellable          *cancellable,
-                              GError               **error)
+                               const void            *buffer,
+                               gsize                  count,
+                               gint64                 timeout,
+                               GCancellable          *cancellable,
+                               GError               **error)
+{
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+  gssize ret;
+
+ again:
+  if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE,
+                 timeout, cancellable, error))
+    return -1;
+
+  BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable);
+  ret = gnutls_record_send (priv->session, buffer, count);
+  END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error);
+
+  yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE);
+
+  if (ret >= 0)
+    return ret;
+  else if (ret == GNUTLS_E_REHANDSHAKE)
+    goto again;
+  else
+    return -1;
+}
+
+static gssize
+g_tls_connection_gnutls_write_message (GTlsConnectionGnutls  *gnutls,
+                                       GOutputVector         *vectors,
+                                       guint                  num_vectors,
+                                       gint64                 timeout,
+                                       GCancellable          *cancellable,
+                                       GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gssize ret;
+  guint i;
+  gsize total_message_size;
 
  again:
   if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE,
-                blocking, cancellable, error))
+                 timeout, cancellable, error))
     return -1;
 
-  BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, blocking, cancellable);
-  ret = gnutls_record_send (gnutls->priv->session, buffer, count);
-  END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket: %s"), error);
+  /* Calculate the total message size and check it’s not too big. */
+  for (i = 0, total_message_size = 0; i < num_vectors; i++)
+    total_message_size += vectors[i].size;
+
+  if (priv->base_socket != NULL &&
+      gnutls_dtls_get_data_mtu (priv->session) < total_message_size)
+    {
+      char *message;
+      guint mtu = gnutls_dtls_get_data_mtu (priv->session);
+
+      ret = GNUTLS_E_LARGE_PACKET;
+      message = g_strdup_printf("%s %s",
+                                ngettext ("Message of size %lu byte is too large for DTLS connection",
+                                          "Message of size %lu bytes is too large for DTLS connection", total_message_size),
+                                ngettext ("(maximum is %u byte)", "(maximum is %u bytes)", mtu));
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE,
+                   message,
+                   total_message_size,
+                   mtu);
+      g_free (message);
+
+      goto done;
+    }
+
+  /* Queue up the data from all the vectors. */
+  gnutls_record_cork (priv->session);
+
+  for (i = 0; i < num_vectors; i++)
+    {
+      ret = gnutls_record_send (priv->session,
+                                vectors[i].buffer, vectors[i].size);
+
+      if (ret < 0 || ret < vectors[i].size)
+        {
+          /* Uncork to restore state, then bail. The peer will receive a
+           * truncated datagram. */
+          break;
+        }
+    }
 
+  BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable);
+  ret = gnutls_record_uncork (priv->session, 0  /* flags */);
+  END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error);
+
+ done:
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE);
 
   if (ret >= 0)
@@ -1609,38 +2796,107 @@ g_tls_connection_gnutls_write (GTlsConnectionGnutls  *gnutls,
     return -1;
 }
 
+static gint
+g_tls_connection_gnutls_send_messages (GDatagramBased  *datagram_based,
+                                       GOutputMessage  *messages,
+                                       guint            num_messages,
+                                       gint             flags,
+                                       gint64           timeout,
+                                       GCancellable    *cancellable,
+                                       GError         **error)
+{
+  GTlsConnectionGnutls *gnutls;
+  guint i;
+  GError *child_error = NULL;
+
+  gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
+
+  if (flags != G_SOCKET_MSG_NONE)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+                   _("Send flags are not supported"));
+      return -1;
+    }
+
+  for (i = 0; i < num_messages && child_error == NULL; i++)
+    {
+      GOutputMessage *message = &messages[i];
+      gssize n_bytes_sent;
+
+      n_bytes_sent = g_tls_connection_gnutls_write_message (gnutls,
+                                                            message->vectors,
+                                                            message->num_vectors,
+                                                            timeout,
+                                                            cancellable,
+                                                            &child_error);
+
+      if (n_bytes_sent >= 0)
+        {
+          message->bytes_sent = n_bytes_sent;
+        }
+      else if (i > 0 &&
+               (g_error_matches (child_error,
+                                 G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) ||
+                g_error_matches (child_error,
+                                 G_IO_ERROR, G_IO_ERROR_TIMED_OUT)))
+        {
+          /* Blocked or timed out after sending some messages successfully. */
+          g_clear_error (&child_error);
+          break;
+        }
+      else
+        {
+          /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT
+           * on the first message; or G_IO_ERROR_CANCELLED at any time. */
+          break;
+        }
+    }
+
+  if (child_error != NULL)
+    {
+      g_propagate_error (error, child_error);
+      return -1;
+    }
+
+  return i;
+}
+
 static GInputStream  *
 g_tls_connection_gnutls_get_input_stream (GIOStream *stream)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
-  return gnutls->priv->tls_istream;
+  return priv->tls_istream;
 }
 
 static GOutputStream *
 g_tls_connection_gnutls_get_output_stream (GIOStream *stream)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
-  return gnutls->priv->tls_ostream;
+  return priv->tls_ostream;
 }
 
 gboolean
 g_tls_connection_gnutls_close_internal (GIOStream     *stream,
                                         GTlsDirection  direction,
+                                        gint64         timeout,
                                         GCancellable  *cancellable,
                                         GError       **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsConnectionGnutlsOp op;
   gboolean success = TRUE;
   int ret = 0;
   GError *gnutls_error = NULL, *stream_error = NULL;
 
-  /* This can be called from g_io_stream_close(), g_input_stream_close() or
-   * g_output_stream_close(). In all cases, we only do the gnutls_bye() for
-   * writing. The difference is how we set the flags on this class and how
-   * the underlying stream is closed.
+  /* This can be called from g_io_stream_close(), g_input_stream_close(),
+   * g_output_stream_close() or g_tls_connection_close(). In all cases, we only
+   * do the gnutls_bye() for writing. The difference is how we set the flags on
+   * this class and how the underlying stream is closed.
    */
 
   g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
@@ -1652,35 +2908,49 @@ g_tls_connection_gnutls_close_internal (GIOStream     *stream,
   else
     op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE;
 
-  if (!claim_op (gnutls, op, TRUE, cancellable, error))
+  if (!claim_op (gnutls, op, timeout, cancellable, error))
     return FALSE;
 
-  if (gnutls->priv->ever_handshaked && !gnutls->priv->write_closed &&
+  if (priv->ever_handshaked && !priv->write_closed &&
       direction & G_TLS_DIRECTION_WRITE)
     {
-      BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, TRUE, cancellable);
-      ret = gnutls_bye (gnutls->priv->session, GNUTLS_SHUT_WR);
+      BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
+      ret = gnutls_bye (priv->session, GNUTLS_SHUT_WR);
       END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
-                    _("Error performing TLS close: %s"), &gnutls_error);
+                     _("Error performing TLS close"), &gnutls_error);
 
-      gnutls->priv->write_closed = TRUE;
+      priv->write_closed = TRUE;
     }
 
-  if (!gnutls->priv->read_closed && direction & G_TLS_DIRECTION_READ)
-    gnutls->priv->read_closed = TRUE;
+  if (!priv->read_closed && direction & G_TLS_DIRECTION_READ)
+    priv->read_closed = TRUE;
 
   /* Close the underlying streams. Do this even if the gnutls_bye() call failed,
    * as the parent GIOStream will have set its internal closed flag and hence
    * this implementation will never be called again. */
-  if (direction == G_TLS_DIRECTION_BOTH)
-    success = g_io_stream_close (gnutls->priv->base_io_stream,
-                                 cancellable, &stream_error);
-  else if (direction & G_TLS_DIRECTION_READ)
-    success = g_input_stream_close (g_io_stream_get_input_stream (gnutls->priv->base_io_stream),
-                                    cancellable, &stream_error);
-  else if (direction & G_TLS_DIRECTION_WRITE)
-    success = g_output_stream_close (g_io_stream_get_output_stream (gnutls->priv->base_io_stream),
+  if (priv->base_io_stream != NULL)
+    {
+      if (direction == G_TLS_DIRECTION_BOTH)
+        success = g_io_stream_close (priv->base_io_stream,
                                      cancellable, &stream_error);
+      else if (direction & G_TLS_DIRECTION_READ)
+        success = g_input_stream_close (g_io_stream_get_input_stream (priv->base_io_stream),
+                                        cancellable, &stream_error);
+      else if (direction & G_TLS_DIRECTION_WRITE)
+        success = g_output_stream_close (g_io_stream_get_output_stream (priv->base_io_stream),
+                                         cancellable, &stream_error);
+    }
+  else if (g_tls_connection_gnutls_is_dtls (gnutls))
+    {
+      /* We do not close underlying #GDatagramBaseds. There is no
+       * g_datagram_based_close() method since different datagram-based
+       * protocols vary wildly in how they close. */
+      success = TRUE;
+    }
+  else
+    {
+      g_assert_not_reached ();
+    }
 
   yield_op (gnutls, op);
 
@@ -1704,9 +2974,30 @@ g_tls_connection_gnutls_close (GIOStream     *stream,
                                GCancellable  *cancellable,
                                GError       **error)
 {
-       return g_tls_connection_gnutls_close_internal (stream,
-                                                      G_TLS_DIRECTION_BOTH,
-                                                      cancellable, error);
+  return g_tls_connection_gnutls_close_internal (stream,
+                                                 G_TLS_DIRECTION_BOTH,
+                                                 -1,  /* blocking */
+                                                 cancellable, error);
+}
+
+static gboolean
+g_tls_connection_gnutls_dtls_shutdown (GDtlsConnection  *conn,
+                                       gboolean          shutdown_read,
+                                       gboolean          shutdown_write,
+                                       GCancellable     *cancellable,
+                                       GError          **error)
+{
+  GTlsDirection direction = G_TLS_DIRECTION_NONE;
+
+  if (shutdown_read)
+    direction |= G_TLS_DIRECTION_READ;
+  if (shutdown_write)
+    direction |= G_TLS_DIRECTION_WRITE;
+
+  return g_tls_connection_gnutls_close_internal (G_IO_STREAM (conn),
+                                                 direction,
+                                                 -1,  /* blocking */
+                                                 cancellable, error);
 }
 
 /* We do async close as synchronous-in-a-thread so we don't need to
@@ -1715,14 +3006,18 @@ g_tls_connection_gnutls_close (GIOStream     *stream,
  */
 static void
 close_thread (GTask        *task,
-             gpointer      object,
-             gpointer      task_data,
-             GCancellable *cancellable)
+              gpointer      object,
+              gpointer      task_data,
+              GCancellable *cancellable)
 {
   GIOStream *stream = object;
+  GTlsDirection direction;
   GError *error = NULL;
 
-  if (!g_tls_connection_gnutls_close_internal (stream, G_TLS_DIRECTION_BOTH,
+  direction = GPOINTER_TO_INT (g_task_get_task_data (task));
+
+  if (!g_tls_connection_gnutls_close_internal (stream, direction,
+                                               -1,  /* blocking */
                                                cancellable, &error))
     g_task_return_error (task, error);
   else
@@ -1730,83 +3025,93 @@ close_thread (GTask        *task,
 }
 
 static void
-g_tls_connection_gnutls_close_async (GIOStream           *stream,
-                                    int                  io_priority,
-                                    GCancellable        *cancellable,
-                                    GAsyncReadyCallback  callback,
-                                    gpointer             user_data)
+g_tls_connection_gnutls_close_internal_async (GIOStream           *stream,
+                                              GTlsDirection        direction,
+                                              int                  io_priority,
+                                              GCancellable        *cancellable,
+                                              GAsyncReadyCallback  callback,
+                                              gpointer             user_data)
 {
   GTask *task;
 
   task = g_task_new (stream, cancellable, callback, user_data);
-  g_task_set_source_tag (task, g_tls_connection_gnutls_close_async);
+  g_task_set_source_tag (task, g_tls_connection_gnutls_close_internal_async);
   g_task_set_priority (task, io_priority);
+  g_task_set_task_data (task, GINT_TO_POINTER (direction), NULL);
   g_task_run_in_thread (task, close_thread);
   g_object_unref (task);
 }
 
+static void
+g_tls_connection_gnutls_close_async (GIOStream           *stream,
+                                     int                  io_priority,
+                                     GCancellable        *cancellable,
+                                     GAsyncReadyCallback  callback,
+                                     gpointer             user_data)
+{
+  g_tls_connection_gnutls_close_internal_async (stream, G_TLS_DIRECTION_BOTH,
+                                                io_priority, cancellable,
+                                                callback, user_data);
+}
+
 static gboolean
 g_tls_connection_gnutls_close_finish (GIOStream           *stream,
-                                     GAsyncResult        *result,
-                                     GError             **error)
+                                      GAsyncResult        *result,
+                                      GError             **error)
 {
   g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
 
   return g_task_propagate_boolean (G_TASK (result), error);
 }
 
-#ifdef HAVE_PKCS11
-
-static P11KitPin*
-on_pin_prompt_callback (const char     *pinfile,
-                        P11KitUri      *pin_uri,
-                        const char     *pin_description,
-                        P11KitPinFlags  pin_flags,
-                        void           *callback_data)
+static void
+g_tls_connection_gnutls_dtls_shutdown_async (GDtlsConnection     *conn,
+                                             gboolean             shutdown_read,
+                                             gboolean             shutdown_write,
+                                             int                  io_priority,
+                                             GCancellable        *cancellable,
+                                             GAsyncReadyCallback  callback,
+                                             gpointer             user_data)
 {
-  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (callback_data);
-  GTlsInteractionResult result;
-  GTlsPasswordFlags flags = 0;
-  GTlsPassword *password;
-  P11KitPin *pin = NULL;
-  GError *error = NULL;
+  GTlsDirection direction = G_TLS_DIRECTION_NONE;
 
-  if (!gnutls->priv->interaction)
-    return NULL;
-
-  if (pin_flags & P11_KIT_PIN_FLAGS_RETRY)
-    flags |= G_TLS_PASSWORD_RETRY;
-  if (pin_flags & P11_KIT_PIN_FLAGS_MANY_TRIES)
-    flags |= G_TLS_PASSWORD_MANY_TRIES;
-  if (pin_flags & P11_KIT_PIN_FLAGS_FINAL_TRY)
-    flags |= G_TLS_PASSWORD_FINAL_TRY;
+  if (shutdown_read)
+    direction |= G_TLS_DIRECTION_READ;
+  if (shutdown_write)
+    direction |= G_TLS_DIRECTION_WRITE;
 
-  password = g_pkcs11_pin_new (flags, pin_description);
+  g_tls_connection_gnutls_close_internal_async (G_IO_STREAM (conn), direction,
+                                                io_priority, cancellable,
+                                                callback, user_data);
+}
 
-  result = g_tls_interaction_ask_password (gnutls->priv->interaction, password,
-                                           g_cancellable_get_current (), &error);
+static gboolean
+g_tls_connection_gnutls_dtls_shutdown_finish (GDtlsConnection  *conn,
+                                              GAsyncResult     *result,
+                                              GError          **error)
+{
+  g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
 
-  switch (result)
-    {
-    case G_TLS_INTERACTION_FAILED:
-      if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
-        g_warning ("couldn't ask for password: %s", error->message);
-      pin = NULL;
-      break;
-    case G_TLS_INTERACTION_UNHANDLED:
-    default:
-      pin = NULL;
-      break;
-    case G_TLS_INTERACTION_HANDLED:
-      pin = g_pkcs11_pin_steal_internal (G_PKCS11_PIN (password));
-      break;
-    }
+  return g_task_propagate_boolean (G_TASK (result), error);
+}
 
-  g_object_unref (password);
-  return pin;
+#if GLIB_CHECK_VERSION(2, 60, 0)
+static void
+g_tls_connection_gnutls_dtls_set_advertised_protocols (GDtlsConnection     *conn,
+                                                       const gchar * const *protocols)
+{
+  g_object_set (conn, "advertised-protocols", protocols, NULL);
 }
 
-#endif /* HAVE_PKCS11 */
+const gchar *
+g_tls_connection_gnutls_dtls_get_negotiated_protocol (GDtlsConnection *conn)
+{
+  GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (conn);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return priv->negotiated_protocol;
+}
+#endif
 
 static void
 g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
@@ -1815,8 +3120,6 @@ g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
   GTlsConnectionClass *connection_class = G_TLS_CONNECTION_CLASS (klass);
   GIOStreamClass *iostream_class = G_IO_STREAM_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsConnectionGnutlsPrivate));
-
   gobject_class->get_property = g_tls_connection_gnutls_get_property;
   gobject_class->set_property = g_tls_connection_gnutls_set_property;
   gobject_class->finalize     = g_tls_connection_gnutls_finalize;
@@ -1831,7 +3134,9 @@ g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
   iostream_class->close_async       = g_tls_connection_gnutls_close_async;
   iostream_class->close_finish      = g_tls_connection_gnutls_close_finish;
 
+  /* For GTlsConnection and GDtlsConnection: */
   g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
+  g_object_class_override_property (gobject_class, PROP_BASE_SOCKET, "base-socket");
   g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
   g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
   g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
@@ -1840,6 +3145,10 @@ g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
   g_object_class_override_property (gobject_class, PROP_INTERACTION, "interaction");
   g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE, "peer-certificate");
   g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  g_object_class_override_property (gobject_class, PROP_ADVERTISED_PROTOCOLS, "advertised-protocols");
+  g_object_class_override_property (gobject_class, PROP_NEGOTIATED_PROTOCOL, "negotiated-protocol");
+#endif
 }
 
 static void
@@ -1848,23 +3157,80 @@ g_tls_connection_gnutls_initable_iface_init (GInitableIface *iface)
   iface->init = g_tls_connection_gnutls_initable_init;
 }
 
+static void
+g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface)
+{
+  iface->handshake = g_tls_connection_gnutls_dtls_handshake;
+  iface->handshake_async = g_tls_connection_gnutls_dtls_handshake_async;
+  iface->handshake_finish = g_tls_connection_gnutls_dtls_handshake_finish;
+  iface->shutdown = g_tls_connection_gnutls_dtls_shutdown;
+  iface->shutdown_async = g_tls_connection_gnutls_dtls_shutdown_async;
+  iface->shutdown_finish = g_tls_connection_gnutls_dtls_shutdown_finish;
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  iface->set_advertised_protocols = g_tls_connection_gnutls_dtls_set_advertised_protocols;
+  iface->get_negotiated_protocol = g_tls_connection_gnutls_dtls_get_negotiated_protocol;
+#endif
+}
+
+static void
+g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *iface)
+{
+  iface->receive_messages = g_tls_connection_gnutls_receive_messages;
+  iface->send_messages = g_tls_connection_gnutls_send_messages;
+  iface->create_source = g_tls_connection_gnutls_dtls_create_source;
+  iface->condition_check = g_tls_connection_gnutls_condition_check;
+  iface->condition_wait = g_tls_connection_gnutls_condition_wait;
+}
+
 gboolean
-g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls  *self,
-                                            GError               **error)
+g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls  *gnutls,
+                                             GError               **error)
 {
   GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsInteraction *interaction;
   GTlsConnection *conn;
 
-  g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (self), FALSE);
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (gnutls), FALSE);
 
-  conn = G_TLS_CONNECTION (self);
+  conn = G_TLS_CONNECTION (gnutls);
 
   interaction = g_tls_connection_get_interaction (conn);
   if (!interaction)
     return FALSE;
 
   res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
-                                                     self->priv->read_cancellable, error);
+                                                      priv->read_cancellable, error);
   return res != G_TLS_INTERACTION_FAILED;
 }
+
+void
+GTLS_DEBUG (gpointer    gnutls,
+            const char *message,
+            ...)
+{
+  char *result = NULL;
+  int ret;
+
+  g_assert (G_IS_TLS_CONNECTION (gnutls));
+
+  va_list args;
+  va_start (args, message);
+
+  ret = g_vasprintf (&result, message, args);
+  g_assert (ret > 0);
+
+  if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
+    g_printf ("CLIENT %p: ", gnutls);
+  else if (G_IS_TLS_SERVER_CONNECTION (gnutls))
+    g_printf ("SERVER %p: ", gnutls);
+  else
+    g_assert_not_reached ();
+
+  g_printf ("%s\n", result);
+
+  fflush (stdout);
+
+  g_free (result);
+  va_end (args);
+}

diff --git a/tls/gnutls/gtlsconnection-gnutls.h b/tls/gnutls/gtlsconnection-gnutls.h
index a7323a8..028960b 100644 (file)
--- a/tls/gnutls/gtlsconnection-gnutls.h
+++ b/tls/gnutls/gtlsconnection-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2009 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -17,20 +26,14 @@
 #define __G_TLS_CONNECTION_GNUTLS_H__
 
 #include <gio/gio.h>
+#include <gnutls/abstract.h>
 #include <gnutls/gnutls.h>
 
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CONNECTION_GNUTLS            (g_tls_connection_gnutls_get_type ())
-#define G_TLS_CONNECTION_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutls))
-#define G_TLS_CONNECTION_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutlsClass))
-#define G_IS_TLS_CONNECTION_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CONNECTION_GNUTLS))
-#define G_IS_TLS_CONNECTION_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CONNECTION_GNUTLS))
-#define G_TLS_CONNECTION_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutlsClass))
 
-typedef struct _GTlsConnectionGnutlsPrivate                   GTlsConnectionGnutlsPrivate;
-typedef struct _GTlsConnectionGnutlsClass                     GTlsConnectionGnutlsClass;
-typedef struct _GTlsConnectionGnutls                          GTlsConnectionGnutls;
+G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_CONNECTION_GNUTLS, GTlsConnection)
 
 struct _GTlsConnectionGnutlsClass
 {
@@ -40,58 +43,57 @@ struct _GTlsConnectionGnutlsClass
 
   void     (*begin_handshake)  (GTlsConnectionGnutls  *gnutls);
   void     (*finish_handshake) (GTlsConnectionGnutls  *gnutls,
-                               GError               **inout_error);
-};
-
-struct _GTlsConnectionGnutls
-{
-  GTlsConnection parent_instance;
-  GTlsConnectionGnutlsPrivate *priv;
+                                GError               **inout_error);
 };
 
-GType g_tls_connection_gnutls_get_type (void) G_GNUC_CONST;
-
 gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
 gnutls_session_t                 g_tls_connection_gnutls_get_session     (GTlsConnectionGnutls *connection);
 
 void     g_tls_connection_gnutls_get_certificate     (GTlsConnectionGnutls  *gnutls,
-                                                     gnutls_retr2_st       *st);
+                                                      gnutls_pcert_st      **pcert,
+                                                      unsigned int          *pcert_length,
+                                                      gnutls_privkey_t      *pkey);
 
 gboolean g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls  *gnutls,
-                                                     GError               **error);
+                                                      GError               **error);
 
 gssize   g_tls_connection_gnutls_read          (GTlsConnectionGnutls  *gnutls,
-                                               void                  *buffer,
-                                               gsize                  size,
-                                               gboolean               blocking,
-                                               GCancellable          *cancellable,
-                                               GError               **error);
+                                                void                  *buffer,
+                                                gsize                  size,
+                                                gint64                 timeout,
+                                                GCancellable          *cancellable,
+                                                GError               **error);
 gssize   g_tls_connection_gnutls_write         (GTlsConnectionGnutls  *gnutls,
-                                               const void            *buffer,
-                                               gsize                  size,
-                                               gboolean               blocking,
-                                               GCancellable          *cancellable,
-                                               GError               **error);
+                                                const void            *buffer,
+                                                gsize                  size,
+                                                gint64                 timeout,
+                                                GCancellable          *cancellable,
+                                                GError               **error);
 
 gboolean g_tls_connection_gnutls_check         (GTlsConnectionGnutls  *gnutls,
-                                               GIOCondition           condition);
+                                                GIOCondition           condition);
 GSource *g_tls_connection_gnutls_create_source (GTlsConnectionGnutls  *gnutls,
-                                               GIOCondition           condition,
-                                               GCancellable          *cancellable);
+                                                GIOCondition           condition,
+                                                GCancellable          *cancellable);
 
 typedef enum {
-       G_TLS_DIRECTION_NONE = 0,
-       G_TLS_DIRECTION_READ = 1 << 0,
-       G_TLS_DIRECTION_WRITE = 1 << 1,
+        G_TLS_DIRECTION_NONE = 0,
+        G_TLS_DIRECTION_READ = 1 << 0,
+        G_TLS_DIRECTION_WRITE = 1 << 1,
 } GTlsDirection;
 
 #define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
 
 gboolean g_tls_connection_gnutls_close_internal (GIOStream            *stream,
                                                  GTlsDirection         direction,
+                                                 gint64                timeout,
                                                  GCancellable         *cancellable,
                                                  GError              **error);
 
+void GTLS_DEBUG (gpointer    gnutls,
+                 const char *message,
+                 ...);
+
 G_END_DECLS
 
 #endif /* __G_TLS_CONNECTION_GNUTLS_H___ */

diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
deleted file mode 100644 (file)
index 919eccd..0000000
--- a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
+++ /dev/null
@@ -1,1147 +0,0 @@
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2011 Collabora, Ltd
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "gtlsdatabase-gnutls-pkcs11.h"
-#include "gtlscertificate-gnutls-pkcs11.h"
-
-#include <gio/gio.h>
-#include <glib/gi18n-lib.h>
-#include <gnutls/x509.h>
-
-#include <p11-kit/p11-kit.h>
-#include <stdlib.h>
-
-#include "pkcs11/gpkcs11pin.h"
-#include "pkcs11/gpkcs11slot.h"
-#include "pkcs11/gpkcs11util.h"
-#include "pkcs11/pkcs11-trust-assertions.h"
-
-static const CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = {
-    CKA_ID, CKA_LABEL, CKA_CLASS, CKA_VALUE
-};
-
-static const CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = {
-    CKA_ID, CKA_LABEL, CKA_CLASS, CKA_KEY_TYPE
-};
-
-static void g_tls_database_gnutls_pkcs11_initable_iface_init (GInitableIface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11,
-                         G_TYPE_TLS_DATABASE_GNUTLS,
-                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                g_tls_database_gnutls_pkcs11_initable_iface_init));
-
-struct _GTlsDatabaseGnutlsPkcs11Private
-{
-  /* no changes after construction */
-  GList *pkcs11_slots;
-  GList *trust_uris;
-  gboolean initialized_registered;
-};
-
-static gboolean
-discover_module_slots_and_options (GTlsDatabaseGnutlsPkcs11   *self,
-                                   CK_FUNCTION_LIST_PTR        module,
-                                   GError                    **error)
-{
-  CK_ULONG i, count = 0;
-  CK_SLOT_ID *list;
-  GPkcs11Slot *slot;
-  P11KitUri *uri;
-  char *string;
-  guint uri_type;
-  int ret;
-  CK_RV rv;
-
-  /*
-   * Ask module for the number of slots. We include slots without tokens
-   * since we want to be able to use them if the user inserts a token
-   * later.
-   */
-
-  rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count);
-  if (rv != CKR_OK)
-    {
-      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
-                   "Couldn't load list of slots in PKCS#11 module: %s",
-                   p11_kit_strerror (rv));
-      return FALSE;
-    }
-
-  if (count == 0)
-    return TRUE;
-
-  /* Actually retrieve the slot ids */
-  list = g_new0 (CK_SLOT_ID, count);
-  rv = (module->C_GetSlotList) (CK_FALSE, list, &count);
-  if (rv != CKR_OK)
-    {
-      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
-                   "Couldn't load list of slots in PKCS#11 module: %s",
-                   p11_kit_strerror (rv));
-      g_free (list);
-      return FALSE;
-    }
-
-  for (i = 0; i < count; ++i)
-    {
-      slot = g_object_new (G_TYPE_PKCS11_SLOT,
-                           "slot-id", list[i],
-                           "module", module,
-                           NULL);
-      self->priv->pkcs11_slots = g_list_append (self->priv->pkcs11_slots, slot);
-    }
-
-  /*
-   * Load up relevant options. We use the x-trust-lookup option to determine
-   * which slots we can use for looking up trust assertionts.
-   */
-
-  string = p11_kit_registered_option (module, "x-trust-lookup");
-  if (string != NULL)
-    {
-      uri = p11_kit_uri_new ();
-      uri_type = P11_KIT_URI_FOR_TOKEN | P11_KIT_URI_FOR_MODULE_WITH_VERSION;
-      ret = p11_kit_uri_parse (string, uri_type, uri);
-
-      if (ret < 0)
-        {
-          g_message ("couldn't parse configured uri for trust lookups: %s: %s",
-                     string, p11_kit_uri_message (ret));
-          p11_kit_uri_free (uri);
-        }
-      else
-        {
-          self->priv->trust_uris = g_list_append (self->priv->trust_uris, uri);
-        }
-
-      free (string);
-    }
-
-  return TRUE;
-}
-
-static GTlsCertificate *
-create_database_pkcs11_certificate (GPkcs11Slot  *slot,
-                                    GPkcs11Array *certificate_attrs,
-                                    GPkcs11Array *private_key_attrs)
-{
-  GTlsCertificate *certificate;
-  gchar *certificate_uri = NULL;
-  gchar *private_key_uri = NULL;
-  const CK_ATTRIBUTE *value_attr;
-  P11KitUri *uri;
-  int ret;
-
-  value_attr = g_pkcs11_array_find (certificate_attrs, CKA_VALUE);
-  if (value_attr == NULL)
-    return NULL;
-
-  uri = p11_kit_uri_new ();
-
-  /*
-   * The PKCS#11 URIs we create for certificates and keys are not bound to
-   * the module. They are bound to the token.
-   *
-   * For example the user could have keys on a smart card token. He could insert
-   * this smart card into a different slot, or perhaps change the driver
-   * (through an OS upgrade). So the key and certificate should still be
-   * referenceable through the URI.
-   *
-   * We also set a 'pinfile' prompting id, so that users of p11-kit like
-   * gnutls can call our callback.
-   */
-
-  if (!g_pkcs11_slot_get_token_info (slot, p11_kit_uri_get_token_info (uri)))
-    g_return_val_if_reached (NULL);
-
-  ret = p11_kit_uri_set_attributes (uri, certificate_attrs->attrs,
-                                    certificate_attrs->count);
-  g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL);
-
-  ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, &certificate_uri);
-  g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL);
-
-  if (private_key_attrs != NULL)
-    {
-
-      /* The URI will keep the token info above, so we just change attributes */
-
-      ret = p11_kit_uri_set_attributes (uri, private_key_attrs->attrs,
-                                        private_key_attrs->count);
-      g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL);
-
-      ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, &private_key_uri);
-      g_return_val_if_fail (ret == P11_KIT_URI_OK, NULL);
-    }
-
-  certificate = g_tls_certificate_gnutls_pkcs11_new (value_attr->pValue,
-                                                     value_attr->ulValueLen,
-                                                     certificate_uri,
-                                                     private_key_uri,
-                                                     NULL);
-
-  p11_kit_uri_free (uri);
-  g_free (certificate_uri);
-  g_free (private_key_uri);
-
-  return certificate;
-}
-
-static const gchar *
-calculate_peer_for_identity (GSocketConnectable *identity)
-{
-  const char *peer;
-
-  if (G_IS_NETWORK_ADDRESS (identity))
-    peer = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
-  else if (G_IS_NETWORK_SERVICE (identity))
-    peer = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
-  else
-    peer = NULL;
-
-  return peer;
-}
-
-static void
-g_tls_database_gnutls_pkcs11_finalize (GObject *object)
-{
-  GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (object);
-  GList *l;
-
-  for (l = self->priv->pkcs11_slots; l; l = g_list_next (l))
-      g_object_unref (l->data);
-  g_list_free (self->priv->pkcs11_slots);
-
-  for (l = self->priv->trust_uris; l; l = g_list_next (l))
-    p11_kit_uri_free (l->data);
-  g_list_free (self->priv->trust_uris);
-
-  if (self->priv->initialized_registered)
-    p11_kit_finalize_registered ();
-
-  G_OBJECT_CLASS (g_tls_database_gnutls_pkcs11_parent_class)->finalize (object);
-}
-
-static void
-g_tls_database_gnutls_pkcs11_init (GTlsDatabaseGnutlsPkcs11 *self)
-{
-
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_TLS_DATABASE_GNUTLS_PKCS11,
-                                            GTlsDatabaseGnutlsPkcs11Private);
-
-}
-
-static gboolean
-accumulate_stop (gpointer result,
-                 gpointer user_data)
-{
-  return FALSE; /* stop enumeration */
-}
-
-static gboolean
-accumulate_exists (gpointer result,
-                   gpointer user_data)
-{
-  gboolean *exists = (gboolean *)user_data;
-  *exists = TRUE;
-  return FALSE; /* stop enumeration */
-}
-
-static gboolean
-accumulate_first_attributes (gpointer result,
-                             gpointer user_data)
-{
-  GPkcs11Array **attributes = (GPkcs11Array **)user_data;
-  g_assert (attributes);
-  *attributes = g_pkcs11_array_ref (result);
-  return FALSE; /* stop enumeration */
-}
-
-static gboolean
-accumulate_list_attributes (gpointer result,
-                            gpointer user_data)
-{
-  GList **results = (GList **)user_data;
-  g_assert (results);
-  *results = g_list_append (*results, g_pkcs11_array_ref (result));
-  return TRUE; /* continue enumeration */
-}
-
-static gboolean
-accumulate_first_object (gpointer result,
-                         gpointer user_data)
-{
-  GObject **object = (GObject **)user_data;
-  g_assert (object);
-  *object = g_object_ref (result);
-  return FALSE; /* stop enumeration */
-}
-
-static gboolean
-accumulate_list_objects (gpointer result,
-                         gpointer user_data)
-{
-  GList **results = (GList **)user_data;
-  g_assert (results);
-  *results = g_list_append (*results, g_object_ref (result));
-  return TRUE; /* continue enumeration */
-}
-
-static GPkcs11EnumerateState
-enumerate_call_accumulator (GPkcs11Accumulator accumulator,
-                            gpointer           result,
-                            gpointer           user_data)
-{
-  g_assert (accumulator);
-
-  if (!(accumulator) (result, user_data))
-    return G_PKCS11_ENUMERATE_STOP;
-
-  return G_PKCS11_ENUMERATE_CONTINUE;
-}
-
-static GPkcs11EnumerateState
-enumerate_assertion_exists_in_slot (GPkcs11Slot         *slot,
-                                    GTlsInteraction     *interaction,
-                                    GPkcs11Array        *match,
-                                    GPkcs11Accumulator   accumulator,
-                                    gpointer             user_data,
-                                    GCancellable        *cancellable,
-                                    GError             **error)
-{
-  GPkcs11EnumerateState state;
-
-  state = g_pkcs11_slot_enumerate (slot, interaction, match->attrs, match->count,
-                                   FALSE, NULL, 0, accumulate_stop, NULL,
-                                   cancellable, error);
-
-  /* A stop means that something matched */
-  if (state == G_PKCS11_ENUMERATE_STOP)
-    return enumerate_call_accumulator (accumulator, NULL, user_data);
-
-  return state;
-}
-
-static GPkcs11EnumerateState
-enumerate_assertion_exists_in_database (GTlsDatabaseGnutlsPkcs11   *self,
-                                        GTlsInteraction            *interaction,
-                                        GPkcs11Array               *match,
-                                        GPkcs11Accumulator          accumulator,
-                                        gpointer                    user_data,
-                                        GCancellable               *cancellable,
-                                        GError                    **error)
-{
-  GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE;
-  gboolean slot_matched;
-  GPkcs11Slot *slot;
-  GList *l, *t;
-
-  for (l = self->priv->pkcs11_slots; l != NULL; l = g_list_next (l))
-    {
-      if (g_cancellable_set_error_if_cancelled (cancellable, error))
-        return G_PKCS11_ENUMERATE_FAILED;
-
-      slot = l->data;
-
-      /* We only search for assertions on slots that match the trust-lookup uris */
-      slot_matched = FALSE;
-      for (t = self->priv->trust_uris; !slot_matched && t != NULL; t = g_list_next (t))
-          slot_matched = g_pkcs11_slot_matches_uri (slot, t->data);
-      if (!slot_matched)
-        continue;
-
-      state = enumerate_assertion_exists_in_slot (slot, interaction, match, accumulator,
-                                                  user_data, cancellable, error);
-      if (state != G_PKCS11_ENUMERATE_CONTINUE)
-        break;
-  }
-
-  return state;
-}
-
-static gboolean
-g_tls_database_gnutls_pkcs11_lookup_assertion (GTlsDatabaseGnutlsPkcs11     *self,
-                                               GTlsCertificateGnutls        *certificate,
-                                               GTlsDatabaseGnutlsAssertion   assertion,
-                                               const gchar                  *purpose,
-                                               GSocketConnectable           *identity,
-                                               GCancellable                 *cancellable,
-                                               GError                      **error)
-{
-  GByteArray *der = NULL;
-  gboolean found, ready;
-  GPkcs11Array *match;
-  const gchar *peer;
-
-  ready = FALSE;
-  found = FALSE;
-  match = g_pkcs11_array_new ();
-
-  if (assertion == G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE ||
-      assertion == G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE)
-    {
-      g_object_get (certificate, "certificate", &der, NULL);
-      g_return_val_if_fail (der, FALSE);
-      g_pkcs11_array_add_value (match, CKA_X_CERTIFICATE_VALUE, der->data, der->len);
-      g_byte_array_unref (der);
-
-      g_pkcs11_array_add_value (match, CKA_X_PURPOSE, purpose, -1);
-
-      if (assertion == G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE)
-        {
-          g_pkcs11_array_add_ulong (match, CKA_X_ASSERTION_TYPE, CKT_X_ANCHORED_CERTIFICATE);
-          ready = TRUE;
-        }
-      else if (assertion == G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE)
-        {
-          g_pkcs11_array_add_ulong (match, CKA_X_ASSERTION_TYPE, CKT_X_PINNED_CERTIFICATE);
-          peer = calculate_peer_for_identity (identity);
-          if (peer)
-            {
-              g_pkcs11_array_add_value (match, CKA_X_PEER, peer, -1);
-              ready = TRUE;
-            }
-        }
-    }
-
-  if (ready == TRUE)
-      enumerate_assertion_exists_in_database (self, NULL, match, accumulate_exists,
-                                              &found, cancellable, error);
-
-  g_pkcs11_array_unref (match);
-  return found;
-}
-
-static GPkcs11EnumerateState
-enumerate_keypair_for_certificate (GPkcs11Slot         *slot,
-                                   GTlsInteraction     *interaction,
-                                   GPkcs11Array        *match_certificate,
-                                   GPkcs11Accumulator   accumulator,
-                                   gpointer             user_data,
-                                   GCancellable        *cancellable,
-                                   GError             **error)
-{
-  static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
-  GPkcs11Array *private_key_attrs = NULL;
-  const CK_ATTRIBUTE *id_attribute;
-  CK_ATTRIBUTE match[2];
-  GTlsCertificate *certificate;
-  GPkcs11EnumerateState state;
-
-  /*
-   * We need to find a private key that matches the certificate.
-   *
-   * The PKCS#11 standard strongly suggests the norm that matching certificates
-   * and keys have the same CKA_ID. This is how we lookup the key that matches
-   * a certificate.
-   */
-
-  id_attribute = g_pkcs11_array_find (match_certificate, CKA_ID);
-  if (id_attribute == NULL)
-    return TRUE;
-
-  match[0].type = CKA_ID;
-  match[0].pValue = id_attribute->pValue;
-  match[0].ulValueLen = id_attribute->ulValueLen;
-  match[1].type = CKA_CLASS;
-  match[1].pValue = &key_class;
-  match[1].ulValueLen = sizeof (key_class);
-
-  g_assert (private_key_attrs == NULL);
-  state = g_pkcs11_slot_enumerate (slot, interaction, match, G_N_ELEMENTS (match), TRUE,
-                                   KEY_ATTRIBUTE_TYPES, G_N_ELEMENTS (KEY_ATTRIBUTE_TYPES),
-                                   accumulate_first_attributes, &private_key_attrs,
-                                   cancellable, error);
-
-  if (state == G_PKCS11_ENUMERATE_FAILED)
-    return state;
-
-  state = G_PKCS11_ENUMERATE_CONTINUE;
-  if (private_key_attrs)
-    {
-      /* We searched for public key (see above) so change attributes to look like private */
-      g_pkcs11_array_set_ulong (private_key_attrs, CKA_CLASS, CKO_PRIVATE_KEY);
-      certificate = create_database_pkcs11_certificate (slot, match_certificate,
-                                                        private_key_attrs);
-      g_pkcs11_array_unref (private_key_attrs);
-
-      if (certificate)
-        {
-          state = enumerate_call_accumulator (accumulator, certificate, user_data);
-          g_object_unref (certificate);
-        }
-    }
-
-  return state;
-}
-
-static GPkcs11EnumerateState
-enumerate_keypairs_in_slot (GPkcs11Slot         *slot,
-                            GTlsInteraction     *interaction,
-                            CK_ATTRIBUTE_PTR     match,
-                            CK_ULONG             match_count,
-                            GPkcs11Accumulator   accumulator,
-                            gpointer             user_data,
-                            GCancellable        *cancellable,
-                            GError             **error)
-{
-  GPkcs11EnumerateState state;
-  GList *results = NULL;
-  GList *l;
-
-  /*
-   * Find all the certificates that match for this slot, and then below
-   * we lookup to see if there's a private key for any of them.
-   *
-   * Note that we shouldn't be doing two find operations at once, because
-   * this may use too many sessions on smart cards and fragile drivers. So
-   * that's why we list all certificates, complete that find operation, and
-   * then do more find ops looking for private keys.
-   */
-
-  state = g_pkcs11_slot_enumerate (slot, interaction, match, match_count, FALSE,
-                                   CERTIFICATE_ATTRIBUTE_TYPES,
-                                   G_N_ELEMENTS (CERTIFICATE_ATTRIBUTE_TYPES),
-                                   accumulate_list_attributes, &results,
-                                   cancellable, error);
-  if (state == G_PKCS11_ENUMERATE_CONTINUE)
-    {
-      for (l = results; l != NULL; l = g_list_next (l))
-        {
-          state = enumerate_keypair_for_certificate (slot, interaction, l->data, accumulator,
-                                                     user_data, cancellable, error);
-          if (state != G_PKCS11_ENUMERATE_CONTINUE)
-            break;
-        }
-    }
-
-  for (l = results; l != NULL; l = g_list_next (l))
-    g_pkcs11_array_unref (l->data);
-  g_list_free (results);
-
-  return state;
-}
-
-typedef struct {
-  GPkcs11Accumulator accumulator;
-  gpointer user_data;
-  GPkcs11Slot *slot;
-} enumerate_certificates_closure;
-
-static gboolean
-accumulate_wrap_into_certificate (gpointer result,
-                                  gpointer user_data)
-{
-  GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE;
-  enumerate_certificates_closure *closure = user_data;
-  GTlsCertificate *certificate;
-
-  certificate = create_database_pkcs11_certificate (closure->slot,
-                                                    result, NULL);
-  if (certificate)
-    {
-      state = enumerate_call_accumulator (closure->accumulator, certificate,
-                                          closure->user_data);
-      g_object_unref (certificate);
-    }
-
-  return (state == G_PKCS11_ENUMERATE_CONTINUE);
-}
-
-static GPkcs11EnumerateState
-enumerate_certificates_in_slot (GPkcs11Slot         *slot,
-                                GTlsInteraction     *interaction,
-                                CK_ATTRIBUTE_PTR     match,
-                                CK_ULONG             match_count,
-                                GPkcs11Accumulator   accumulator,
-                                gpointer             user_data,
-                                GCancellable        *cancellable,
-                                GError             **error)
-{
-  enumerate_certificates_closure closure = { accumulator, user_data, slot };
-
-  /*
-   * We create the certificates inline, so we can stop the enumeration early
-   * if only one certificate is necessary, but a whole bunch match. We provide
-   * our own accumulator here, turning the attributes into certificates and
-   * then calling the original accumulator.
-   */
-
-  return g_pkcs11_slot_enumerate (slot, interaction, match, match_count, FALSE,
-                                  CERTIFICATE_ATTRIBUTE_TYPES,
-                                  G_N_ELEMENTS (CERTIFICATE_ATTRIBUTE_TYPES),
-                                  accumulate_wrap_into_certificate,
-                                  &closure, cancellable, error);
-}
-
-static GPkcs11EnumerateState
-enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11  *self,
-                                    GTlsInteraction           *interaction,
-                                    GTlsDatabaseLookupFlags    flags,
-                                    CK_ATTRIBUTE_PTR           match,
-                                    CK_ULONG                   match_count,
-                                    P11KitUri                 *match_slot_to_uri,
-                                    GPkcs11Accumulator         accumulator,
-                                    gpointer                   user_data,
-                                    GCancellable              *cancellable,
-                                    GError                   **error)
-{
-  GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE;
-  GPkcs11Slot *slot;
-  GList *l;
-
-  /* These are the flags we support */
-  if (flags & ~(G_TLS_DATABASE_LOOKUP_KEYPAIR))
-    return G_PKCS11_ENUMERATE_CONTINUE;
-
-  for (l = self->priv->pkcs11_slots; l; l = g_list_next (l))
-    {
-      if (g_cancellable_set_error_if_cancelled (cancellable, error))
-        return G_PKCS11_ENUMERATE_FAILED;
-
-      slot = l->data;
-
-      /* If the slot doesn't match the URI (when one is present) nothing matches */
-      if (match_slot_to_uri && !g_pkcs11_slot_matches_uri (slot, match_slot_to_uri))
-        continue;
-
-      if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
-        {
-          state = enumerate_keypairs_in_slot (slot, interaction, match,
-                                              match_count, accumulator, user_data,
-                                              cancellable, error);
-
-        }
-      else
-        {
-          state = enumerate_certificates_in_slot (slot, interaction, match,
-                                                  match_count, accumulator,
-                                                  user_data, cancellable, error);
-        }
-
-      if (state != G_PKCS11_ENUMERATE_CONTINUE)
-        break;
-    }
-
-  return state;
-}
-
-static GTlsCertificate *
-g_tls_database_gnutls_pkcs11_lookup_certificate_issuer (GTlsDatabase             *database,
-                                                        GTlsCertificate          *certificate,
-                                                        GTlsInteraction          *interaction,
-                                                        GTlsDatabaseLookupFlags   flags,
-                                                        GCancellable             *cancellable,
-                                                        GError                  **error)
-{
-  GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
-  GTlsCertificate *result = NULL;
-  GPkcs11Array *match = NULL;
-  gnutls_x509_crt_t cert;
-  gnutls_datum_t dn;
-  int gerr;
-
-  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), NULL);
-
-  /* Dig out the issuer of this certificate */
-  cert = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (certificate));
-  gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
-  if (gerr < 0)
-    {
-      g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr));
-      return NULL;
-    }
-
-  match = g_pkcs11_array_new ();
-  g_pkcs11_array_add_ulong (match, CKA_CLASS, CKO_CERTIFICATE);
-  g_pkcs11_array_add_ulong (match, CKA_CERTIFICATE_TYPE, CKC_X_509);
-  g_pkcs11_array_add_value (match, CKA_SUBJECT, dn.data, dn.size);
-  gnutls_free (dn.data);
-
-  enumerate_certificates_in_database (self, interaction, flags, match->attrs,
-                                      match->count, NULL, accumulate_first_object,
-                                      &result, cancellable, error);
-  g_pkcs11_array_unref (match);
-  return result;
-}
-
-static GList *
-g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by (GTlsDatabase             *database,
-                                                            GByteArray               *issuer_subject,
-                                                            GTlsInteraction          *interaction,
-                                                            GTlsDatabaseLookupFlags   flags,
-                                                            GCancellable             *cancellable,
-                                                            GError                  **error)
-{
-  GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
-  GList *l, *results = NULL;
-  GPkcs11Array *match = NULL;
-  GPkcs11EnumerateState state;
-
-  g_return_val_if_fail (issuer_subject, NULL);
-
-  match = g_pkcs11_array_new ();
-  g_pkcs11_array_add_ulong (match, CKA_CLASS, CKO_CERTIFICATE);
-  g_pkcs11_array_add_ulong (match, CKA_CERTIFICATE_TYPE, CKC_X_509);
-  g_pkcs11_array_add_value (match, CKA_ISSUER, issuer_subject->data, issuer_subject->len);
-
-  state = enumerate_certificates_in_database (self, interaction, flags, match->attrs,
-                                              match->count, NULL, accumulate_list_objects,
-                                              &results, cancellable, error);
-
-  /* Could have had partial success, don't leak memory */
-  if (state == G_PKCS11_ENUMERATE_FAILED)
-    {
-      for (l = results; l != NULL; l = g_list_next (l))
-        g_object_unref (l->data);
-      g_list_free (results);
-      results = NULL;
-    }
-
-  g_pkcs11_array_unref (match);
-  return results;
-}
-
-static gchar *
-g_tls_database_gnutls_pkcs11_create_certificate_handle (GTlsDatabase    *database,
-                                                        GTlsCertificate *certificate)
-{
-  GTlsCertificateGnutlsPkcs11 *pkcs11_cert;
-
-  if (!G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11 (certificate))
-    return NULL;
-
-  pkcs11_cert = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (certificate);
-  return g_tls_certificate_gnutls_pkcs11_build_certificate_uri (pkcs11_cert, NULL);
-}
-
-static GTlsCertificate *
-g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle (GTlsDatabase             *database,
-                                                            const gchar              *handle,
-                                                            GTlsInteraction          *interaction,
-                                                            GTlsDatabaseLookupFlags   flags,
-                                                            GCancellable             *cancellable,
-                                                            GError                  **error)
-{
-  GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
-  GTlsCertificate *result = NULL;
-  P11KitUri *uri;
-  CK_ATTRIBUTE_PTR match;
-  CK_ULONG match_count;
-  int ret;
-
-  /* The handle is a PKCS#11 URI */
-
-  /* These are the flags we support */
-  if (flags & ~(G_TLS_DATABASE_LOOKUP_KEYPAIR))
-    return NULL;
-
-  uri = p11_kit_uri_new ();
-  if (uri == NULL)
-    g_error ("out of memory in p11_kit_uri_new()");
-
-  ret = p11_kit_uri_parse (handle, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE |
-                           P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-  if (ret == P11_KIT_URI_NO_MEMORY)
-    {
-      g_error ("out of memory in p11_kit_uri_parse()");
-    }
-  else if (ret != P11_KIT_URI_OK)
-    {
-      p11_kit_uri_free (uri);
-      g_set_error (error, G_PKCS11_ERROR, G_PKCS11_ERROR_BAD_URI,
-                   "Invalid PKCS#11 URI: %s", handle);
-      return NULL;
-    }
-
-  match = p11_kit_uri_get_attributes (uri, &match_count);
-  enumerate_certificates_in_database (self, interaction, flags, match, match_count,
-                                      uri, accumulate_first_object, &result,
-                                      cancellable, error);
-
-  p11_kit_uri_free (uri);
-  return result;
-}
-
-#define BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT 10
-
-enum {
-  STATUS_FAILURE,
-  STATUS_INCOMPLETE,
-  STATUS_SELFSIGNED,
-  STATUS_ANCHORED,
-  STATUS_RECURSION_LIMIT_REACHED
-};
-
-static gboolean
-is_self_signed (GTlsCertificateGnutls *certificate)
-{
-  const gnutls_x509_crt_t cert = g_tls_certificate_gnutls_get_cert (certificate);
-  return (gnutls_x509_crt_check_issuer (cert, cert) > 0);
-}
-
-static gint
-build_certificate_chain (GTlsDatabaseGnutlsPkcs11  *self,
-                         GTlsCertificateGnutls     *certificate,
-                         GTlsCertificateGnutls     *previous,
-                         gboolean                   certificate_is_from_db,
-                         guint                      recursion_depth,
-                         const gchar               *purpose,
-                         GSocketConnectable        *identity,
-                         GTlsInteraction           *interaction,
-                         GCancellable              *cancellable,
-                         GTlsCertificateGnutls    **anchor,
-                         GError                   **error)
-{
-  GTlsCertificate *issuer;
-  gint status;
-
-  if (recursion_depth++ > BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT)
-    return STATUS_RECURSION_LIMIT_REACHED;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return STATUS_FAILURE;
-
-  /* Look up whether this certificate is an anchor */
-  if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate,
-                                                    G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE,
-                                                    purpose, identity, cancellable, error))
-    {
-      g_tls_certificate_gnutls_set_issuer (certificate, NULL);
-      *anchor = certificate;
-      return STATUS_ANCHORED;
-    }
-  else if (*error)
-    {
-      return STATUS_FAILURE;
-    }
-
-  /* Is it self-signed? */
-  if (is_self_signed (certificate))
-    {
-      /*
-       * Since at this point we would fail with 'self-signed', can we replace
-       * this certificate with one from the database and do better?
-       */
-      if (previous && !certificate_is_from_db)
-        {
-          issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
-                                                             G_TLS_CERTIFICATE (previous),
-                                                             interaction,
-                                                             G_TLS_DATABASE_LOOKUP_NONE,
-                                                             cancellable, error);
-          if (*error)
-            {
-              return STATUS_FAILURE;
-            }
-          else if (issuer)
-            {
-              /* Replaced with certificate in the db, restart step again with this certificate */
-              g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
-              certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
-              g_tls_certificate_gnutls_set_issuer (previous, certificate);
-              g_object_unref (issuer);
-
-              return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth,
-                                              purpose, identity, interaction, cancellable, anchor, error);
-            }
-        }
-
-      g_tls_certificate_gnutls_set_issuer (certificate, NULL);
-      return STATUS_SELFSIGNED;
-    }
-
-  previous = certificate;
-
-  /* Bring over the next certificate in the chain */
-  issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
-  if (issuer)
-    {
-      g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
-      certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
-
-      status = build_certificate_chain (self, certificate, previous, FALSE, recursion_depth,
-                                        purpose, identity, interaction, cancellable, anchor, error);
-      if (status != STATUS_INCOMPLETE)
-        {
-          return status;
-        }
-    }
-
-  /* Search for the next certificate in chain */
-  issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
-                                                     G_TLS_CERTIFICATE (certificate),
-                                                     interaction,
-                                                     G_TLS_DATABASE_LOOKUP_NONE,
-                                                     cancellable, error);
-  if (*error)
-    return STATUS_FAILURE;
-
-  if (!issuer)
-    return STATUS_INCOMPLETE;
-
-  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
-  g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer));
-  certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
-  g_object_unref (issuer);
-
-  return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth,
-                                  purpose, identity, interaction, cancellable, anchor, error);
-}
-
-static GTlsCertificateFlags
-double_check_before_after_dates (GTlsCertificateGnutls *chain)
-{
-  GTlsCertificateFlags gtls_flags = 0;
-  gnutls_x509_crt_t cert;
-  time_t t, now;
-
-  now = time (NULL);
-  while (chain)
-    {
-      cert = g_tls_certificate_gnutls_get_cert (chain);
-      t = gnutls_x509_crt_get_activation_time (cert);
-      if (t == (time_t) -1 || t > now)
-        gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
-
-      t = gnutls_x509_crt_get_expiration_time (cert);
-      if (t == (time_t) -1 || t < now)
-        gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
-
-      chain = G_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_get_issuer
-                                        (G_TLS_CERTIFICATE (chain)));
-    }
-
-  return gtls_flags;
-}
-
-static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls  *chain,
-                                     gnutls_x509_crt_t     **gnutls_chain,
-                                     guint                  *gnutls_chain_length)
-{
-  GTlsCertificate *cert;
-  guint i;
-
-  g_assert (gnutls_chain);
-  g_assert (gnutls_chain_length);
-
-  for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
-       cert; cert = g_tls_certificate_get_issuer (cert))
-    ++(*gnutls_chain_length);
-
-  *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
-
-  for (i = 0, cert = G_TLS_CERTIFICATE (chain);
-       cert; cert = g_tls_certificate_get_issuer (cert), ++i)
-    (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
-
-  g_assert (i == *gnutls_chain_length);
-}
-
-static GTlsCertificateFlags
-g_tls_database_gnutls_pkcs11_verify_chain (GTlsDatabase             *database,
-                                          GTlsCertificate          *chain,
-                                          const gchar              *purpose,
-                                          GSocketConnectable       *identity,
-                                          GTlsInteraction          *interaction,
-                                          GTlsDatabaseVerifyFlags   flags,
-                                          GCancellable             *cancellable,
-                                          GError                  **error)
-{
-  GTlsDatabaseGnutlsPkcs11 *self;
-  GTlsCertificateFlags result;
-  GTlsCertificateGnutls *certificate;
-  GError *err = NULL;
-  GTlsCertificateGnutls *anchor;
-  guint gnutls_result;
-  gnutls_x509_crt_t *certs, *anchors;
-  guint certs_length, anchors_length;
-  gint status, gerr;
-  guint recursion_depth = 0;
-
-  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
-                        G_TLS_CERTIFICATE_GENERIC_ERROR);
-  g_assert (purpose);
-
-  self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
-  certificate = G_TLS_CERTIFICATE_GNUTLS (chain);
-
-  /* First check for pinned certificate */
-  if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate,
-                                                    G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE,
-                                                    purpose, identity, cancellable, &err))
-    {
-      /*
-       * A pinned certificate is verified on its own, without any further
-       * verification.
-       */
-      g_tls_certificate_gnutls_set_issuer (certificate, NULL);
-      return 0;
-    }
-
-  if (err)
-    {
-      g_propagate_error (error, err);
-      return G_TLS_CERTIFICATE_GENERIC_ERROR;
-    }
-
-  anchor = NULL;
-  status = build_certificate_chain (self, certificate, NULL, FALSE, recursion_depth,
-                                    purpose, identity, interaction, cancellable, &anchor, &err);
-  if (status == STATUS_FAILURE)
-    {
-      g_propagate_error (error, err);
-      return G_TLS_CERTIFICATE_GENERIC_ERROR;
-    }
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
-  convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
-                                       &certs, &certs_length);
-
-  if (anchor)
-    {
-      g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
-      convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (anchor),
-                                           &anchors, &anchors_length);
-    }
-  else
-    {
-      anchors = NULL;
-      anchors_length = 0;
-    }
-
-  gerr = gnutls_x509_crt_list_verify (certs, certs_length,
-                                      anchors, anchors_length,
-                                      NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
-                                      &gnutls_result);
-
-  g_free (certs);
-  g_free (anchors);
-
-  if (gerr != 0)
-    return G_TLS_CERTIFICATE_GENERIC_ERROR;
-  else if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
-  result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
-
-  /*
-   * We have to check these ourselves since gnutls_x509_crt_list_verify
-   * won't bother if it gets an UNKNOWN_CA.
-   */
-  result |= double_check_before_after_dates (G_TLS_CERTIFICATE_GNUTLS (chain));
-
-  if (identity)
-    result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain),
-                                                        identity);
-
-  return result;
-}
-
-static void
-g_tls_database_gnutls_pkcs11_class_init (GTlsDatabaseGnutlsPkcs11Class *klass)
-{
-  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-  GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
-
-  g_type_class_add_private (klass, sizeof (GTlsDatabaseGnutlsPkcs11Private));
-
-  gobject_class->finalize     = g_tls_database_gnutls_pkcs11_finalize;
-
-  database_class->create_certificate_handle = g_tls_database_gnutls_pkcs11_create_certificate_handle;
-  database_class->lookup_certificate_issuer = g_tls_database_gnutls_pkcs11_lookup_certificate_issuer;
-  database_class->lookup_certificates_issued_by = g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by;
-  database_class->lookup_certificate_for_handle = g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle;
-  database_class->verify_chain = g_tls_database_gnutls_pkcs11_verify_chain;
-}
-
-static gboolean
-g_tls_database_gnutls_pkcs11_initable_init (GInitable     *initable,
-                                            GCancellable  *cancellable,
-                                            GError       **error)
-{
-  GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (initable);
-  CK_FUNCTION_LIST_PTR_PTR modules;
-  GError *err = NULL;
-  gboolean any_success = FALSE;
-  gboolean any_failure = FALSE;
-  CK_RV rv;
-  guint i;
-
-  g_return_val_if_fail (!self->priv->initialized_registered, FALSE);
-
-  rv = p11_kit_initialize_registered ();
-  if (g_pkcs11_propagate_error (error, rv))
-      return FALSE;
-
-  self->priv->initialized_registered = TRUE;
-
-  modules = p11_kit_registered_modules ();
-  for (i = 0; modules[i] != NULL; i++)
-    {
-      if (g_cancellable_set_error_if_cancelled (cancellable, error))
-        {
-          any_failure = TRUE;
-          any_success = FALSE;
-          break;
-        }
-
-      if (discover_module_slots_and_options (self, modules[i], &err))
-        {
-          /* A module was setup correctly */
-          any_success = TRUE;
-          g_clear_error (error);
-        }
-      else
-        {
-          /* No module success, first module failure */
-          if (!any_success && !any_failure)
-            g_propagate_error (error, err);
-          any_failure = TRUE;
-        }
-    }
-
-  return (any_failure && !any_success) ? FALSE : TRUE;
-}
-
-static void
-g_tls_database_gnutls_pkcs11_initable_iface_init (GInitableIface *iface)
-{
-  iface->init = g_tls_database_gnutls_pkcs11_initable_init;
-}
-
-GTlsDatabase *
-g_tls_database_gnutls_pkcs11_new (GError **error)
-{
-  g_return_val_if_fail (!error || !*error, NULL);
-  return g_initable_new (G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, NULL, error, NULL);
-}

diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h
deleted file mode 100644 (file)
index a273d39..0000000
--- a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/* GIO - GLib Certificate, Output and Gnutlsing Library
- *
- * Copyright 2011 Collabora, Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __G_TLS_DATABASE_GNUTLS_PKCS11_H__
-#define __G_TLS_DATABASE_GNUTLS_PKCS11_H__
-
-#include <gio/gio.h>
-
-#include "gtlsdatabase-gnutls.h"
-
-G_BEGIN_DECLS
-
-#define G_TYPE_TLS_DATABASE_GNUTLS_PKCS11            (g_tls_database_gnutls_pkcs11_get_type ())
-#define G_TLS_DATABASE_GNUTLS_PKCS11(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutlsPkcs11))
-#define G_TLS_DATABASE_GNUTLS_PKCS11_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutlsPkcs11Class))
-#define G_IS_TLS_DATABASE_GNUTLS_PKCS11(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_DATABASE_GNUTLS_PKCS11))
-#define G_IS_TLS_DATABASE_GNUTLS_PKCS11_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_DATABASE_GNUTLS_PKCS11))
-#define G_TLS_DATABASE_GNUTLS_PKCS11_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutlsPkcs11Class))
-
-typedef struct _GTlsDatabaseGnutlsPkcs11Private                   GTlsDatabaseGnutlsPkcs11Private;
-typedef struct _GTlsDatabaseGnutlsPkcs11Class                     GTlsDatabaseGnutlsPkcs11Class;
-typedef struct _GTlsDatabaseGnutlsPkcs11                          GTlsDatabaseGnutlsPkcs11;
-
-struct _GTlsDatabaseGnutlsPkcs11Class
-{
-  GTlsDatabaseGnutlsClass parent_class;
-};
-
-struct _GTlsDatabaseGnutlsPkcs11
-{
-  GTlsDatabaseGnutls parent_instance;
-  GTlsDatabaseGnutlsPkcs11Private *priv;
-};
-
-GType                        g_tls_database_gnutls_pkcs11_get_type              (void) G_GNUC_CONST;
-
-GTlsDatabase*                g_tls_database_gnutls_pkcs11_new                   (GError **error);
-
-G_END_DECLS
-
-#endif /* __G_TLS_DATABASE_GNUTLS_PKCS11_H___ */

diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c
index 7d25f59..7704d56 100644 (file)
--- a/tls/gnutls/gtlsdatabase-gnutls.c
+++ b/tls/gnutls/gtlsdatabase-gnutls.c
@@ -1,11 +1,14 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd
+ * Copyright 2018 Igalia S.L.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,14 +29,641 @@
 
 #include "gtlsdatabase-gnutls.h"
 
-G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G_TYPE_TLS_DATABASE);
+#include <gio/gio.h>
+#include <glib/gi18n-lib.h>
+#include <gnutls/x509.h>
+
+#include "gtlscertificate-gnutls.h"
+
+typedef struct
+{
+  /*
+   * This class is protected by mutex because the default GTlsDatabase
+   * is a global singleton, accessible via the default GTlsBackend.
+   */
+  GMutex mutex;
+
+  /* read-only after construct */
+  gnutls_x509_trust_list_t trust_list;
+
+  /*
+   * These are hash tables of GBytes -> GPtrArray<GBytes>. The values of
+   * the ptr array are full DER encoded certificate values. The keys are byte
+   * arrays containing either subject DNs, issuer DNs, or full DER encoded certs
+   */
+  GHashTable *subjects;
+  GHashTable *issuers;
+
+  /*
+   * This is a table of GBytes -> GBytes. The values and keys are
+   * DER encoded certificate values.
+   */
+  GHashTable *complete;
+
+  /*
+   * This is a table of gchar * -> GPtrArray<GBytes>. The values of
+   * the ptr array are full DER encoded certificate values. The keys are the
+   * string handles. This array is populated on demand.
+   */
+  GHashTable *handles;
+} GTlsDatabaseGnutlsPrivate;
+
+static void g_tls_database_gnutls_initable_interface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseGnutls, g_tls_database_gnutls, G_TYPE_TLS_DATABASE,
+                         G_ADD_PRIVATE (GTlsDatabaseGnutls);
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_database_gnutls_initable_interface_init);
+                         );
+
+static GHashTable *
+bytes_multi_table_new (void)
+{
+  return g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
+                                (GDestroyNotify)g_bytes_unref,
+                                (GDestroyNotify)g_ptr_array_unref);
+}
+
+static void
+bytes_multi_table_insert (GHashTable *table,
+                          GBytes     *key,
+                          GBytes     *value)
+{
+  GPtrArray *multi;
+
+  multi = g_hash_table_lookup (table, key);
+  if (multi == NULL)
+    {
+      multi = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
+      g_hash_table_insert (table, g_bytes_ref (key), multi);
+    }
+  g_ptr_array_add (multi, g_bytes_ref (value));
+}
+
+static GBytes *
+bytes_multi_table_lookup_ref_one (GHashTable *table,
+                                  GBytes     *key)
+{
+  GPtrArray *multi;
+
+  multi = g_hash_table_lookup (table, key);
+  if (multi == NULL)
+    return NULL;
+
+  g_assert (multi->len > 0);
+  return g_bytes_ref (multi->pdata[0]);
+}
+
+static GList *
+bytes_multi_table_lookup_ref_all (GHashTable *table,
+                                  GBytes     *key)
+{
+  GPtrArray *multi;
+  GList *list = NULL;
+  guint i;
+
+  multi = g_hash_table_lookup (table, key);
+  if (multi == NULL)
+    return NULL;
+
+  for (i = 0; i < multi->len; i++)
+    list = g_list_prepend (list, g_bytes_ref (multi->pdata[i]));
+
+  return g_list_reverse (list);
+}
+
+static GHashTable *
+create_handles_array_unlocked (GTlsDatabaseGnutls *self,
+                               GHashTable         *complete)
+{
+  GHashTable *handles;
+  GHashTableIter iter;
+  GBytes *der;
+  gchar *handle;
+
+  handles = g_hash_table_new_full (g_str_hash, g_str_equal, g_free,
+                                   (GDestroyNotify)g_bytes_unref);
+
+  g_hash_table_iter_init (&iter, complete);
+  while (g_hash_table_iter_next (&iter, NULL, (gpointer *)&der))
+    {
+      g_assert (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->create_handle_for_certificate);
+      handle = G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->create_handle_for_certificate (self, der);
+      if (handle != NULL)
+        g_hash_table_insert (handles, handle, g_bytes_ref (der));
+    }
+
+  return handles;
+}
+
+static void
+initialize_tables (gnutls_x509_trust_list_t  trust_list,
+                   GHashTable               *subjects,
+                   GHashTable               *issuers,
+                   GHashTable               *complete)
+{
+  gnutls_x509_trust_list_iter_t iter = NULL;
+  gnutls_x509_crt_t cert = NULL;
+  gnutls_datum_t dn;
+  GBytes *der = NULL;
+  GBytes *subject = NULL;
+  GBytes *issuer = NULL;
+  gint gerr;
+
+  while ((gerr = gnutls_x509_trust_list_iter_get_ca (trust_list, &iter, &cert)) == 0)
+    {
+      gerr = gnutls_x509_crt_get_raw_dn (cert, &dn);
+      if (gerr < 0)
+        {
+          g_warning ("failed to get subject of anchor certificate: %s",
+                     gnutls_strerror (gerr));
+          goto next;
+        }
+      subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
+
+      gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
+      if (gerr < 0)
+        {
+          g_warning ("failed to get issuer of anchor certificate: %s",
+                     gnutls_strerror (gerr));
+          goto next;
+        }
+      issuer = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
+
+      gerr = gnutls_x509_crt_export2 (cert, GNUTLS_X509_FMT_DER, &dn);
+      if (gerr < 0)
+        {
+          g_warning ("failed to get certificate DER: %s",
+                     gnutls_strerror (gerr));
+          goto next;
+        }
+      der = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
+
+      /* Three different ways of looking up same certificate */
+      bytes_multi_table_insert (subjects, subject, der);
+      bytes_multi_table_insert (issuers, issuer, der);
+
+      g_hash_table_insert (complete, g_bytes_ref (der),
+                           g_bytes_ref (der));
+
+next:
+      g_clear_pointer (&der, g_bytes_unref);
+      g_clear_pointer (&subject, g_bytes_unref);
+      g_clear_pointer (&issuer, g_bytes_unref);
+      g_clear_pointer (&cert, gnutls_x509_crt_deinit);
+    }
+}
+
+static void
+g_tls_database_gnutls_finalize (GObject *object)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (object);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+
+  g_clear_pointer (&priv->subjects, g_hash_table_destroy);
+  g_clear_pointer (&priv->issuers, g_hash_table_destroy);
+  g_clear_pointer (&priv->complete, g_hash_table_destroy);
+  g_clear_pointer (&priv->handles, g_hash_table_destroy);
+
+  gnutls_x509_trust_list_deinit (priv->trust_list, 1);
+
+  g_mutex_clear (&priv->mutex);
+
+  G_OBJECT_CLASS (g_tls_database_gnutls_parent_class)->finalize (object);
+}
 
 static void
 g_tls_database_gnutls_init (GTlsDatabaseGnutls *self)
 {
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+
+  g_mutex_init (&priv->mutex);
+}
+
+static gchar *
+g_tls_database_gnutls_create_certificate_handle (GTlsDatabase    *database,
+                                                 GTlsCertificate *certificate)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (database);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+  GBytes *der;
+  gboolean contains;
+  gchar *handle = NULL;
+
+  der = g_tls_certificate_gnutls_get_bytes (G_TLS_CERTIFICATE_GNUTLS (certificate));
+  g_return_val_if_fail (der != NULL, FALSE);
+
+  g_mutex_lock (&priv->mutex);
+
+  /* At the same time look up whether this certificate is in list */
+  contains = g_hash_table_lookup (priv->complete, der) ? TRUE : FALSE;
+
+  g_mutex_unlock (&priv->mutex);
+
+  /* Certificate is in the database */
+  if (contains)
+    {
+      g_assert (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->create_handle_for_certificate);
+      handle = G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->create_handle_for_certificate (self, der);
+    }
+
+  g_bytes_unref (der);
+  return handle;
+}
+
+static GTlsCertificate *
+g_tls_database_gnutls_lookup_certificate_for_handle (GTlsDatabase             *database,
+                                                     const gchar              *handle,
+                                                     GTlsInteraction          *interaction,
+                                                     GTlsDatabaseLookupFlags   flags,
+                                                     GCancellable             *cancellable,
+                                                     GError                  **error)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (database);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+  GTlsCertificate *cert;
+  GBytes *der;
+  gnutls_datum_t datum;
+  gsize length;
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return NULL;
+
+  if (!handle)
+    return NULL;
+
+  g_mutex_lock (&priv->mutex);
+
+  /* Create the handles table if not already done */
+  if (!priv->handles)
+    priv->handles = create_handles_array_unlocked (self, priv->complete);
+
+  der = g_hash_table_lookup (priv->handles, handle);
+  if (der != NULL)
+    g_bytes_ref (der);
+
+  g_mutex_unlock (&priv->mutex);
+
+  if (der == NULL)
+    return NULL;
+
+  datum.data = (unsigned char *)g_bytes_get_data (der, &length);
+  datum.size = length;
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    cert = NULL;
+  else
+    cert = g_tls_certificate_gnutls_new (&datum, NULL);
+
+  g_bytes_unref (der);
+  return cert;
+}
+
+static GTlsCertificate *
+g_tls_database_gnutls_lookup_certificate_issuer (GTlsDatabase             *database,
+                                                 GTlsCertificate          *certificate,
+                                                 GTlsInteraction          *interaction,
+                                                 GTlsDatabaseLookupFlags   flags,
+                                                 GCancellable             *cancellable,
+                                                 GError                  **error)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (database);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+  gnutls_datum_t dn = { NULL, 0 };
+  GBytes *subject, *der;
+  gnutls_datum_t datum;
+  GTlsCertificate *issuer = NULL;
+  gnutls_x509_crt_t cert;
+  gsize length;
+  int gerr;
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), NULL);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return NULL;
+
+  if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+    return NULL;
+
+  /* Dig out the issuer of this certificate */
+  cert = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (certificate));
+  gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
+  if (gerr < 0)
+    {
+      g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr));
+      return NULL;
+    }
+
+  subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
+
+  /* Find the full DER value of the certificate */
+  g_mutex_lock (&priv->mutex);
+  der = bytes_multi_table_lookup_ref_one (priv->subjects, subject);
+  g_mutex_unlock (&priv->mutex);
+
+  g_bytes_unref (subject);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    {
+      issuer = NULL;
+    }
+  else if (der != NULL)
+    {
+      datum.data = (unsigned char *)g_bytes_get_data (der, &length);
+      datum.size = length;
+      issuer = g_tls_certificate_gnutls_new (&datum, NULL);
+    }
+
+  if (der != NULL)
+    g_bytes_unref (der);
+  return issuer;
+}
+
+static GList *
+g_tls_database_gnutls_lookup_certificates_issued_by (GTlsDatabase             *database,
+                                                     GByteArray               *issuer_raw_dn,
+                                                     GTlsInteraction          *interaction,
+                                                     GTlsDatabaseLookupFlags   flags,
+                                                     GCancellable             *cancellable,
+                                                     GError                  **error)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (database);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+  GBytes *issuer;
+  gnutls_datum_t datum;
+  GList *issued = NULL;
+  GList *ders;
+  gsize length;
+  GList *l;
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return NULL;
+
+  /* We don't have any private keys here */
+  if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+    return NULL;
+
+  issuer = g_bytes_new_static (issuer_raw_dn->data, issuer_raw_dn->len);
+
+  /* Find the full DER value of the certificate */
+  g_mutex_lock (&priv->mutex);
+  ders = bytes_multi_table_lookup_ref_all (priv->issuers, issuer);
+  g_mutex_unlock (&priv->mutex);
+
+  g_bytes_unref (issuer);
+
+  for (l = ders; l != NULL; l = g_list_next (l))
+    {
+      if (g_cancellable_set_error_if_cancelled (cancellable, error))
+        {
+          g_list_free_full (issued, g_object_unref);
+          issued = NULL;
+          break;
+        }
+
+      datum.data = (unsigned char *)g_bytes_get_data (l->data, &length);
+      datum.size = length;
+      issued = g_list_prepend (issued, g_tls_certificate_gnutls_new (&datum, NULL));
+    }
+
+  g_list_free_full (ders, (GDestroyNotify)g_bytes_unref);
+  return issued;
+}
+
+static void
+convert_certificate_chain_to_gnutls (GTlsCertificateGnutls  *chain,
+                                     gnutls_x509_crt_t     **gnutls_chain,
+                                     guint                  *gnutls_chain_length)
+{
+  GTlsCertificate *cert;
+  guint i;
+
+  g_assert (gnutls_chain);
+  g_assert (gnutls_chain_length);
+
+  for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
+       cert; cert = g_tls_certificate_get_issuer (cert))
+    ++(*gnutls_chain_length);
+
+  *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
+
+  for (i = 0, cert = G_TLS_CERTIFICATE (chain);
+       cert; cert = g_tls_certificate_get_issuer (cert), ++i)
+    (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
+
+  g_assert (i == *gnutls_chain_length);
+}
+
+static GTlsCertificateFlags
+g_tls_database_gnutls_verify_chain (GTlsDatabase             *database,
+                                    GTlsCertificate          *chain,
+                                    const gchar              *purpose,
+                                    GSocketConnectable       *identity,
+                                    GTlsInteraction          *interaction,
+                                    GTlsDatabaseVerifyFlags   flags,
+                                    GCancellable             *cancellable,
+                                    GError                  **error)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (database);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+  GTlsCertificateFlags result;
+  guint gnutls_result;
+  gnutls_x509_crt_t *certs;
+  guint certs_length;
+  const char *hostname = NULL;
+  char *free_hostname = NULL;
+  int gerr;
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
+                        G_TLS_CERTIFICATE_GENERIC_ERROR);
+  g_assert (purpose);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+  convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
+                                       &certs, &certs_length);
+  gerr = gnutls_x509_trust_list_verify_crt (priv->trust_list,
+                                            certs, certs_length,
+                                            0, &gnutls_result, NULL);
+
+  if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
+    {
+      g_free (certs);
+      return G_TLS_CERTIFICATE_GENERIC_ERROR;
+    }
+
+  result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
+
+  if (G_IS_NETWORK_ADDRESS (identity))
+    hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+  else if (G_IS_NETWORK_SERVICE (identity))
+    hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+  else if (G_IS_INET_SOCKET_ADDRESS (identity))
+    {
+      GInetAddress *addr;
+
+      addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
+      hostname = free_hostname = g_inet_address_to_string (addr);
+    }
+  if (hostname)
+    {
+      if (!gnutls_x509_crt_check_hostname (certs[0], hostname))
+        result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
+      g_free (free_hostname);
+    }
+
+  g_free (certs);
+  return result;
+}
+
+static gchar *
+g_tls_database_gnutls_create_handle_for_certificate (GTlsDatabaseGnutls *self,
+                                                     GBytes             *der)
+{
+  gchar *bookmark;
+  gchar *uri;
+
+  /*
+   * Here we create a URI that looks like
+   * system-trust:#11b2641821252596420e468c275771f5e51022c121a17bd7a89a2f37b6336c8f.
+   *
+   * system-trust is a meaningless URI scheme, and the handle does not
+   * even need to be a URI; this is just a nice stable way to uniquely
+   * identify a certificate.
+   */
+
+  bookmark = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, der);
+  uri = g_strconcat ("system-trust:#", bookmark, NULL);
+
+  g_free (bookmark);
+
+  return uri;
+}
+
+static gboolean
+g_tls_database_gnutls_populate_trust_list (GTlsDatabaseGnutls        *self,
+                                           gnutls_x509_trust_list_t   trust_list,
+                                           GError                   **error)
+{
+  int gerr = gnutls_x509_trust_list_add_system_trust (trust_list, 0, 0);
+  if (gerr == GNUTLS_E_UNIMPLEMENTED_FEATURE)
+    {
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                           _("Failed to load system trust store: GnuTLS was not configured with a system trust"));
+    }
+  else if (gerr < 0)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Failed to load system trust store: %s"),
+                   gnutls_strerror (gerr));
+    }
+  return gerr >= 0;
 }
 
 static void
 g_tls_database_gnutls_class_init (GTlsDatabaseGnutlsClass *klass)
 {
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+
+  gobject_class->finalize     = g_tls_database_gnutls_finalize;
+
+  database_class->create_certificate_handle = g_tls_database_gnutls_create_certificate_handle;
+  database_class->lookup_certificate_for_handle = g_tls_database_gnutls_lookup_certificate_for_handle;
+  database_class->lookup_certificate_issuer = g_tls_database_gnutls_lookup_certificate_issuer;
+  database_class->lookup_certificates_issued_by = g_tls_database_gnutls_lookup_certificates_issued_by;
+  database_class->verify_chain = g_tls_database_gnutls_verify_chain;
+
+  klass->create_handle_for_certificate = g_tls_database_gnutls_create_handle_for_certificate;
+  klass->populate_trust_list = g_tls_database_gnutls_populate_trust_list;
+}
+
+static gboolean
+g_tls_database_gnutls_initable_init (GInitable     *initable,
+                                     GCancellable  *cancellable,
+                                     GError       **error)
+{
+  GTlsDatabaseGnutls *self = G_TLS_DATABASE_GNUTLS (initable);
+  GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
+  gnutls_x509_trust_list_t trust_list = NULL;
+  GHashTable *subjects = NULL;
+  GHashTable *issuers = NULL;
+  GHashTable *complete = NULL;
+  gboolean result = TRUE;
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return FALSE;
+
+  gnutls_x509_trust_list_init (&trust_list, 0);
+
+  g_assert (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->populate_trust_list);
+  if (!G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->populate_trust_list (self, trust_list, error))
+    {
+      result = FALSE;
+      goto out;
+    }
+
+  subjects = bytes_multi_table_new ();
+  issuers = bytes_multi_table_new ();
+
+  complete = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
+                                    (GDestroyNotify)g_bytes_unref,
+                                    (GDestroyNotify)g_bytes_unref);
+
+  initialize_tables (trust_list, subjects, issuers, complete);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    result = FALSE;
+
+  if (result)
+    {
+      g_mutex_lock (&priv->mutex);
+      if (!priv->trust_list)
+        {
+          priv->trust_list = trust_list;
+          trust_list = NULL;
+        }
+      if (!priv->subjects)
+        {
+          priv->subjects = subjects;
+          subjects = NULL;
+        }
+      if (!priv->issuers)
+        {
+          priv->issuers = issuers;
+          issuers = NULL;
+        }
+      if (!priv->complete)
+        {
+          priv->complete = complete;
+          complete = NULL;
+        }
+      g_mutex_unlock (&priv->mutex);
+    }
+
+out:
+  if (trust_list != NULL)
+    gnutls_x509_trust_list_deinit (trust_list, 1);
+  if (subjects != NULL)
+    g_hash_table_unref (subjects);
+  if (issuers != NULL)
+    g_hash_table_unref (issuers);
+  if (complete != NULL)
+    g_hash_table_unref (complete);
+  return result;
+}
+
+static void
+g_tls_database_gnutls_initable_interface_init (GInitableIface *iface)
+{
+  iface->init = g_tls_database_gnutls_initable_init;
+}
+
+GTlsDatabaseGnutls *
+g_tls_database_gnutls_new (GError **error)
+{
+  g_return_val_if_fail (!error || !*error, NULL);
+
+  return g_initable_new (G_TYPE_TLS_DATABASE_GNUTLS, NULL, error, NULL);
 }

diff --git a/tls/gnutls/gtlsdatabase-gnutls.h b/tls/gnutls/gtlsdatabase-gnutls.h
index ce668ff..b4b72ce 100644 (file)
--- a/tls/gnutls/gtlsdatabase-gnutls.h
+++ b/tls/gnutls/gtlsdatabase-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -19,38 +28,28 @@
 #define __G_TLS_DATABASE_GNUTLS_H__
 
 #include <gio/gio.h>
+#include <gnutls/x509.h>
 
 #include "gtlscertificate-gnutls.h"
 
 G_BEGIN_DECLS
 
-typedef enum {
-  G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE = 1,
-  G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE = 2,
-} GTlsDatabaseGnutlsAssertion;
-
 #define G_TYPE_TLS_DATABASE_GNUTLS            (g_tls_database_gnutls_get_type ())
-#define G_TLS_DATABASE_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_DATABASE_GNUTLS, GTlsDatabaseGnutls))
-#define G_TLS_DATABASE_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE_GNUTLS, GTlsDatabaseGnutlsClass))
-#define G_IS_TLS_DATABASE_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_DATABASE_GNUTLS))
-#define G_IS_TLS_DATABASE_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_DATABASE_GNUTLS))
-#define G_TLS_DATABASE_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_DATABASE_GNUTLS, GTlsDatabaseGnutlsClass))
 
-typedef struct _GTlsDatabaseGnutlsPrivate                   GTlsDatabaseGnutlsPrivate;
-typedef struct _GTlsDatabaseGnutlsClass                     GTlsDatabaseGnutlsClass;
-typedef struct _GTlsDatabaseGnutls                          GTlsDatabaseGnutls;
+G_DECLARE_DERIVABLE_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G, TLS_DATABASE_GNUTLS, GTlsDatabase)
 
 struct _GTlsDatabaseGnutlsClass
 {
   GTlsDatabaseClass parent_class;
-};
 
-struct _GTlsDatabaseGnutls
-{
-  GTlsDatabase parent_instance;
+  gchar    *(*create_handle_for_certificate)  (GTlsDatabaseGnutls        *self,
+                                               GBytes                    *der);
+  gboolean  (*populate_trust_list)            (GTlsDatabaseGnutls        *self,
+                                               gnutls_x509_trust_list_t   trust_list,
+                                               GError                   **error);
 };
 
-GType          g_tls_database_gnutls_get_type              (void) G_GNUC_CONST;
+GTlsDatabaseGnutls *g_tls_database_gnutls_new (GError **error);
 
 G_END_DECLS
 

diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.c b/tls/gnutls/gtlsfiledatabase-gnutls.c
index f4d252f..6ab18d9 100644 (file)
--- a/tls/gnutls/gtlsfiledatabase-gnutls.c
+++ b/tls/gnutls/gtlsfiledatabase-gnutls.c
@@ -1,11 +1,14 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd
+ * Copyright 2018 Igalia S.L.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -27,248 +30,36 @@
 #include "gtlsfiledatabase-gnutls.h"
 
 #include <gio/gio.h>
-#include <glib/gi18n-lib.h>
-#include <gnutls/x509.h>
 
 #include "gtlscertificate-gnutls.h"
 
-static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface);
-
-static void g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G_TYPE_TLS_DATABASE_GNUTLS,
-                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
-                                                g_tls_file_database_gnutls_file_database_interface_init);
-                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                g_tls_file_database_gnutls_initable_interface_init);
-                        );
-
 enum
 {
   PROP_0,
   PROP_ANCHORS,
 };
 
-struct _GTlsFileDatabaseGnutlsPrivate
+struct _GTlsFileDatabaseGnutls
 {
+  GTlsDatabaseGnutls parent_instance;
+
   /* read-only after construct */
   gchar *anchor_filename;
-  gnutls_x509_trust_list_t trust_list;
-
-  /* protected by mutex */
-  GMutex mutex;
-
-  /*
-   * These are hash tables of GBytes -> GPtrArray<GBytes>. The values of
-   * the ptr array are full DER encoded certificate values. The keys are byte
-   * arrays containing either subject DNs, issuer DNs, or full DER encoded certs
-   */
-  GHashTable *subjects;
-  GHashTable *issuers;
-
-  /*
-   * This is a table of GBytes -> GBytes. The values and keys are
-   * DER encoded certificate values.
-   */
-  GHashTable *complete;
-
-  /*
-   * This is a table of gchar * -> GPtrArray<GBytes>. The values of
-   * the ptr array are full DER encoded certificate values. The keys are the
-   * string handles. This array is populated on demand.
-   */
-  GHashTable *handles;
 };
 
-static GHashTable *
-bytes_multi_table_new (void)
-{
-  return g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
-                                (GDestroyNotify)g_bytes_unref,
-                                (GDestroyNotify)g_ptr_array_unref);
-}
-
-static void
-bytes_multi_table_insert (GHashTable *table,
-                          GBytes     *key,
-                          GBytes     *value)
-{
-  GPtrArray *multi;
-
-  multi = g_hash_table_lookup (table, key);
-  if (multi == NULL)
-    {
-      multi = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
-      g_hash_table_insert (table, g_bytes_ref (key), multi);
-    }
-  g_ptr_array_add (multi, g_bytes_ref (value));
-}
-
-static GBytes *
-bytes_multi_table_lookup_ref_one (GHashTable *table,
-                                  GBytes     *key)
-{
-  GPtrArray *multi;
-
-  multi = g_hash_table_lookup (table, key);
-  if (multi == NULL)
-    return NULL;
-
-  g_assert (multi->len > 0);
-  return g_bytes_ref (multi->pdata[0]);
-}
-
-static GList *
-bytes_multi_table_lookup_ref_all (GHashTable *table,
-                                  GBytes     *key)
-{
-  GPtrArray *multi;
-  GList *list = NULL;
-  guint i;
-
-  multi = g_hash_table_lookup (table, key);
-  if (multi == NULL)
-    return NULL;
-
-  for (i = 0; i < multi->len; i++)
-    list = g_list_prepend (list, g_bytes_ref (multi->pdata[i]));
-
-  return g_list_reverse (list);
-}
-
-static gchar *
-create_handle_for_certificate (const gchar *filename,
-                               GBytes      *der)
-{
-  gchar *bookmark;
-  gchar *uri_part;
-  gchar *uri;
-
-  /*
-   * Here we create a URI that looks like:
-   * file:///etc/ssl/certs/ca-certificates.crt#11b2641821252596420e468c275771f5e51022c121a17bd7a89a2f37b6336c8f
-   */
-
-  uri_part = g_filename_to_uri (filename, NULL, NULL);
-  if (!uri_part)
-    return NULL;
-
-  bookmark = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, der);
-  uri = g_strconcat (uri_part, "#", bookmark, NULL);
-
-  g_free (bookmark);
-  g_free (uri_part);
-
-  return uri;
-}
-
-static GHashTable *
-create_handles_array_unlocked (const gchar *filename,
-                               GHashTable  *complete)
-{
-  GHashTable *handles;
-  GHashTableIter iter;
-  GBytes *der;
-  gchar *handle;
-
-  handles = g_hash_table_new_full (g_str_hash, g_str_equal, g_free,
-                                   (GDestroyNotify)g_bytes_unref);
-
-  g_hash_table_iter_init (&iter, complete);
-  while (g_hash_table_iter_next (&iter, NULL, (gpointer *)&der))
-    {
-      handle = create_handle_for_certificate (filename, der);
-      if (handle != NULL)
-        g_hash_table_insert (handles, handle, g_bytes_ref (der));
-    }
-
-  return handles;
-}
-
-static gboolean
-load_anchor_file (const gchar  *filename,
-                  GHashTable   *subjects,
-                  GHashTable   *issuers,
-                  GHashTable   *complete,
-                  GError      **error)
-{
-  GList *list, *l;
-  gnutls_x509_crt_t cert;
-  gnutls_datum_t dn;
-  GBytes *der;
-  GBytes *subject;
-  GBytes *issuer;
-  gint gerr;
-  GError *my_error = NULL;
-
-  list = g_tls_certificate_list_new_from_file (filename, &my_error);
-  if (my_error)
-    {
-      g_propagate_error (error, my_error);
-      return FALSE;
-    }
-
-  for (l = list; l; l = l->next)
-    {
-      cert = g_tls_certificate_gnutls_get_cert (l->data);
-      gerr = gnutls_x509_crt_get_raw_dn (cert, &dn);
-      if (gerr < 0)
-        {
-          g_warning ("failed to get subject of anchor certificate: %s",
-                     gnutls_strerror (gerr));
-          continue;
-        }
-
-      subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
-
-      gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
-      if (gerr < 0)
-        {
-          g_warning ("failed to get subject of anchor certificate: %s",
-                     gnutls_strerror (gerr));
-          continue;
-        }
-
-      issuer = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
-
-      der = g_tls_certificate_gnutls_get_bytes (l->data);
-      g_return_val_if_fail (der != NULL, FALSE);
-
-      /* Three different ways of looking up same certificate */
-      bytes_multi_table_insert (subjects, subject, der);
-      bytes_multi_table_insert (issuers, issuer, der);
-
-      g_hash_table_insert (complete, g_bytes_ref (der),
-                           g_bytes_ref (der));
-
-      g_bytes_unref (der);
-      g_bytes_unref (subject);
-      g_bytes_unref (issuer);
-
-      g_object_unref (l->data);
-    }
-  g_list_free (list);
-
-  return TRUE;
-}
-
+static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface);
 
+G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G_TYPE_TLS_DATABASE_GNUTLS,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
+                                                g_tls_file_database_gnutls_file_database_interface_init);
+                         );
 
 static void
 g_tls_file_database_gnutls_finalize (GObject *object)
 {
   GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object);
 
-  g_clear_pointer (&self->priv->subjects, g_hash_table_destroy);
-  g_clear_pointer (&self->priv->issuers, g_hash_table_destroy);
-  g_clear_pointer (&self->priv->complete, g_hash_table_destroy);
-  g_clear_pointer (&self->priv->handles, g_hash_table_destroy);
-  if (self->priv->anchor_filename)
-    {
-      g_free (self->priv->anchor_filename);
-      gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
-    }
-  g_mutex_clear (&self->priv->mutex);
+  g_clear_pointer (&self->anchor_filename, g_free);
 
   G_OBJECT_CLASS (g_tls_file_database_gnutls_parent_class)->finalize (object);
 }
@@ -284,7 +75,7 @@ g_tls_file_database_gnutls_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_ANCHORS:
-      g_value_set_string (value, self->priv->anchor_filename);
+      g_value_set_string (value, self->anchor_filename);
       break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -305,326 +96,75 @@ g_tls_file_database_gnutls_set_property (GObject      *object,
     case PROP_ANCHORS:
       anchor_path = g_value_get_string (value);
       if (anchor_path && !g_path_is_absolute (anchor_path))
-       {
-         g_warning ("The anchor file name used with a GTlsFileDatabase "
-                    "must be an absolute path, and not relative: %s", anchor_path);
-         return;
-       }
+        {
+          g_warning ("The anchor file name used with a GTlsFileDatabase "
+                     "must be an absolute path, and not relative: %s", anchor_path);
+          return;
+        }
 
-      if (self->priv->anchor_filename)
-       {
-         g_free (self->priv->anchor_filename);
-         gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
-       }
-      self->priv->anchor_filename = g_strdup (anchor_path);
-      gnutls_x509_trust_list_init (&self->priv->trust_list, 0);
-      gnutls_x509_trust_list_add_trust_file (self->priv->trust_list,
-                                            anchor_path, NULL,
-                                            GNUTLS_X509_FMT_PEM, 0, 0);
+      g_free (self->anchor_filename);
+      self->anchor_filename = g_strdup (anchor_path);
       break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
     }
 }
 
-static void
-g_tls_file_database_gnutls_init (GTlsFileDatabaseGnutls *self)
-{
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_TLS_FILE_DATABASE_GNUTLS,
-                                            GTlsFileDatabaseGnutlsPrivate);
-  g_mutex_init (&self->priv->mutex);
-}
-
 static gchar *
-g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase    *database,
-                                                      GTlsCertificate *certificate)
+g_tls_file_database_gnutls_create_handle_for_certificate (GTlsDatabaseGnutls *self,
+                                                          GBytes             *der)
 {
-  GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
-  GBytes *der;
-  gboolean contains;
-  gchar *handle = NULL;
-
-  der = g_tls_certificate_gnutls_get_bytes (G_TLS_CERTIFICATE_GNUTLS (certificate));
-  g_return_val_if_fail (der != NULL, FALSE);
-
-  g_mutex_lock (&self->priv->mutex);
-
-  /* At the same time look up whether this certificate is in list */
-  contains = g_hash_table_lookup (self->priv->complete, der) ? TRUE : FALSE;
-
-  g_mutex_unlock (&self->priv->mutex);
-
-  /* Certificate is in the database */
-  if (contains)
-    handle = create_handle_for_certificate (self->priv->anchor_filename, der);
-
-  g_bytes_unref (der);
-  return handle;
-}
-
-static GTlsCertificate *
-g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase             *database,
-                                                          const gchar              *handle,
-                                                          GTlsInteraction          *interaction,
-                                                          GTlsDatabaseLookupFlags   flags,
-                                                          GCancellable             *cancellable,
-                                                          GError                  **error)
-{
-  GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
-  GTlsCertificate *cert;
-  GBytes *der;
-  gnutls_datum_t datum;
-  gsize length;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return NULL;
-
-  if (!handle)
-    return NULL;
-
-  g_mutex_lock (&self->priv->mutex);
-
-  /* Create the handles table if not already done */
-  if (!self->priv->handles)
-    self->priv->handles = create_handles_array_unlocked (self->priv->anchor_filename,
-                                                         self->priv->complete);
-
-    der = g_hash_table_lookup (self->priv->handles, handle);
-    if (der != NULL)
-      g_bytes_ref (der);
-
-  g_mutex_unlock (&self->priv->mutex);
-
-  if (der == NULL)
-    return NULL;
-
-  datum.data = (unsigned char *)g_bytes_get_data (der, &length);
-  datum.size = length;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    cert = NULL;
-  else
-    cert = g_tls_certificate_gnutls_new (&datum, NULL);
-
-  g_bytes_unref (der);
-  return cert;
-}
-
-static GTlsCertificate *
-g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase             *database,
-                                                      GTlsCertificate          *certificate,
-                                                      GTlsInteraction          *interaction,
-                                                      GTlsDatabaseLookupFlags   flags,
-                                                      GCancellable             *cancellable,
-                                                      GError                  **error)
-{
-  GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
-  gnutls_datum_t dn = { NULL, 0 };
-  GBytes *subject, *der;
-  gnutls_datum_t datum;
-  GTlsCertificate *issuer = NULL;
-  gnutls_x509_crt_t cert;
-  gsize length;
-  int gerr;
-
-  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), NULL);
+  gchar *bookmark;
+  gchar *uri_part;
+  gchar *uri;
 
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return NULL;
+  /*
+   * Here we create a URI that looks like
+   * file:///etc/ssl/certs/ca-certificates.crt#11b2641821252596420e468c275771f5e51022c121a17bd7a89a2f37b6336c8f
+   */
 
-  if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+  uri_part = g_filename_to_uri (G_TLS_FILE_DATABASE_GNUTLS (self)->anchor_filename,
+                                NULL, NULL);
+  if (!uri_part)
     return NULL;
 
-  /* Dig out the issuer of this certificate */
-  cert = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (certificate));
-  gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
-  if (gerr < 0)
-    {
-      g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr));
-      return NULL;
-    }
-
-  subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
-
-  /* Find the full DER value of the certificate */
-  g_mutex_lock (&self->priv->mutex);
-  der = bytes_multi_table_lookup_ref_one (self->priv->subjects, subject);
-  g_mutex_unlock (&self->priv->mutex);
-
-  g_bytes_unref (subject);
+  bookmark = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, der);
+  uri = g_strconcat (uri_part, "#", bookmark, NULL);
 
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    {
-      issuer = NULL;
-    }
-  else if (der != NULL)
-    {
-      datum.data = (unsigned char *)g_bytes_get_data (der, &length);
-      datum.size = length;
-      issuer = g_tls_certificate_gnutls_new (&datum, NULL);
-    }
+  g_free (bookmark);
+  g_free (uri_part);
 
-  if (der != NULL)
-    g_bytes_unref (der);
-  return issuer;
+  return uri;
 }
 
-static GList *
-g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase             *database,
-                                                          GByteArray               *issuer_raw_dn,
-                                                          GTlsInteraction          *interaction,
-                                                          GTlsDatabaseLookupFlags   flags,
-                                                          GCancellable             *cancellable,
-                                                          GError                  **error)
+static gboolean
+g_tls_file_database_gnutls_populate_trust_list (GTlsDatabaseGnutls        *self,
+                                                gnutls_x509_trust_list_t   trust_list,
+                                                GError                   **error)
 {
-  GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
-  GBytes *issuer;
-  gnutls_datum_t datum;
-  GList *issued = NULL;
-  GList *ders;
-  gsize length;
-  GList *l;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return NULL;
-
-  /* We don't have any private keys here */
-  if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
-    return NULL;
-
-  issuer = g_bytes_new_static (issuer_raw_dn->data, issuer_raw_dn->len);
-
-  /* Find the full DER value of the certificate */
-  g_mutex_lock (&self->priv->mutex);
-  ders = bytes_multi_table_lookup_ref_all (self->priv->issuers, issuer);
-  g_mutex_unlock (&self->priv->mutex);
-
-  g_bytes_unref (issuer);
-
-  for (l = ders; l != NULL; l = g_list_next (l))
-    {
-      if (g_cancellable_set_error_if_cancelled (cancellable, error))
-        {
-          g_list_free_full (issued, g_object_unref);
-          issued = NULL;
-          break;
-        }
-
-      datum.data = (unsigned char *)g_bytes_get_data (l->data, &length);
-      datum.size = length;
-      issued = g_list_prepend (issued, g_tls_certificate_gnutls_new (&datum, NULL));
-    }
-
-  g_list_free_full (ders, (GDestroyNotify)g_bytes_unref);
-  return issued;
+  gnutls_x509_trust_list_add_trust_file (trust_list,
+                                         G_TLS_FILE_DATABASE_GNUTLS (self)->anchor_filename,
+                                         NULL, GNUTLS_X509_FMT_PEM, 0, 0);
+  return TRUE;
 }
 
 static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls  *chain,
-                                     gnutls_x509_crt_t     **gnutls_chain,
-                                     guint                  *gnutls_chain_length)
+g_tls_file_database_gnutls_init (GTlsFileDatabaseGnutls *self)
 {
-  GTlsCertificate *cert;
-  guint i;
-
-  g_assert (gnutls_chain);
-  g_assert (gnutls_chain_length);
-
-  for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
-       cert; cert = g_tls_certificate_get_issuer (cert))
-    ++(*gnutls_chain_length);
-
-  *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
-
-  for (i = 0, cert = G_TLS_CERTIFICATE (chain);
-       cert; cert = g_tls_certificate_get_issuer (cert), ++i)
-    (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
-
-  g_assert (i == *gnutls_chain_length);
-}
-
-static GTlsCertificateFlags
-g_tls_file_database_gnutls_verify_chain (GTlsDatabase             *database,
-                                        GTlsCertificate          *chain,
-                                        const gchar              *purpose,
-                                        GSocketConnectable       *identity,
-                                        GTlsInteraction          *interaction,
-                                        GTlsDatabaseVerifyFlags   flags,
-                                        GCancellable             *cancellable,
-                                        GError                  **error)
-{
-  GTlsFileDatabaseGnutls *self;
-  GTlsCertificateFlags result;
-  guint gnutls_result;
-  gnutls_x509_crt_t *certs;
-  guint certs_length;
-  const char *hostname = NULL;
-  char *free_hostname = NULL;
-  int gerr;
-
-  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
-                        G_TLS_CERTIFICATE_GENERIC_ERROR);
-  g_assert (purpose);
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
-  self = G_TLS_FILE_DATABASE_GNUTLS (database);
-
-  convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
-                                       &certs, &certs_length);
-  gerr = gnutls_x509_trust_list_verify_crt (self->priv->trust_list,
-                                           certs, certs_length,
-                                           0, &gnutls_result, NULL);
-
-  if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
-    {
-      g_free (certs);
-      return G_TLS_CERTIFICATE_GENERIC_ERROR;
-    }
-
-  result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
-
-  if (G_IS_NETWORK_ADDRESS (identity))
-    hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
-  else if (G_IS_NETWORK_SERVICE (identity))
-    hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
-  else if (G_IS_INET_SOCKET_ADDRESS (identity))
-    {
-      GInetAddress *addr;
-
-      addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
-      hostname = free_hostname = g_inet_address_to_string (addr);
-    }
-  if (hostname)
-    {
-      if (!gnutls_x509_crt_check_hostname (certs[0], hostname))
-       result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
-      g_free (free_hostname);
-    }
-
-  g_free (certs);
-  return result;
 }
 
 static void
 g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass)
 {
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-  GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
-
-  g_type_class_add_private (klass, sizeof (GTlsFileDatabaseGnutlsPrivate));
+  GTlsDatabaseGnutlsClass *gnutls_database_class = G_TLS_DATABASE_GNUTLS_CLASS (klass);
 
   gobject_class->get_property = g_tls_file_database_gnutls_get_property;
   gobject_class->set_property = g_tls_file_database_gnutls_set_property;
   gobject_class->finalize     = g_tls_file_database_gnutls_finalize;
 
-  database_class->create_certificate_handle = g_tls_file_database_gnutls_create_certificate_handle;
-  database_class->lookup_certificate_for_handle = g_tls_file_database_gnutls_lookup_certificate_for_handle;
-  database_class->lookup_certificate_issuer = g_tls_file_database_gnutls_lookup_certificate_issuer;
-  database_class->lookup_certificates_issued_by = g_tls_file_database_gnutls_lookup_certificates_issued_by;
-  database_class->verify_chain = g_tls_file_database_gnutls_verify_chain;
+  gnutls_database_class->create_handle_for_certificate = g_tls_file_database_gnutls_create_handle_for_certificate;
+  gnutls_database_class->populate_trust_list           = g_tls_file_database_gnutls_populate_trust_list;
 
   g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
 }
@@ -632,69 +172,4 @@ g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass)
 static void
 g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface)
 {
-
-}
-
-static gboolean
-g_tls_file_database_gnutls_initable_init (GInitable     *initable,
-                                          GCancellable  *cancellable,
-                                          GError       **error)
-{
-  GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (initable);
-  GHashTable *subjects, *issuers, *complete;
-  gboolean result;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return FALSE;
-
-  subjects = bytes_multi_table_new ();
-  issuers = bytes_multi_table_new ();
-
-  complete = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
-                                    (GDestroyNotify)g_bytes_unref,
-                                    (GDestroyNotify)g_bytes_unref);
-
-  if (self->priv->anchor_filename)
-    result = load_anchor_file (self->priv->anchor_filename, subjects, issuers,
-        complete, error);
-  else
-    result = TRUE;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    result = FALSE;
-
-  if (result)
-    {
-      g_mutex_lock (&self->priv->mutex);
-      if (!self->priv->subjects)
-        {
-          self->priv->subjects = subjects;
-          subjects = NULL;
-        }
-      if (!self->priv->issuers)
-        {
-          self->priv->issuers = issuers;
-          issuers = NULL;
-        }
-      if (!self->priv->complete)
-        {
-          self->priv->complete = complete;
-          complete = NULL;
-        }
-      g_mutex_unlock (&self->priv->mutex);
-    }
-
-  if (subjects != NULL)
-    g_hash_table_unref (subjects);
-  if (issuers != NULL)
-    g_hash_table_unref (issuers);
-  if (complete != NULL)
-    g_hash_table_unref (complete);
-  return result;
-}
-
-static void
-g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface)
-{
-  iface->init = g_tls_file_database_gnutls_initable_init;
 }

diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.h b/tls/gnutls/gtlsfiledatabase-gnutls.h
index 362e500..9feccc3 100644 (file)
--- a/tls/gnutls/gtlsfiledatabase-gnutls.h
+++ b/tls/gnutls/gtlsfiledatabase-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Collabora, Ltd.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -25,28 +34,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_FILE_DATABASE_GNUTLS            (g_tls_file_database_gnutls_get_type ())
-#define G_TLS_FILE_DATABASE_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_FILE_DATABASE_GNUTLS, GTlsFileDatabaseGnutls))
-#define G_TLS_FILE_DATABASE_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_FILE_DATABASE_GNUTLS, GTlsFileDatabaseGnutlsClass))
-#define G_IS_TLS_FILE_DATABASE_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_FILE_DATABASE_GNUTLS))
-#define G_IS_TLS_FILE_DATABASE_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_FILE_DATABASE_GNUTLS))
-#define G_TLS_FILE_DATABASE_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_FILE_DATABASE_GNUTLS, GTlsFileDatabaseGnutlsClass))
-
-typedef struct _GTlsFileDatabaseGnutlsPrivate                   GTlsFileDatabaseGnutlsPrivate;
-typedef struct _GTlsFileDatabaseGnutlsClass                     GTlsFileDatabaseGnutlsClass;
-typedef struct _GTlsFileDatabaseGnutls                          GTlsFileDatabaseGnutls;
-
-struct _GTlsFileDatabaseGnutlsClass
-{
-  GTlsDatabaseGnutlsClass parent_class;
-};
-
-struct _GTlsFileDatabaseGnutls
-{
-  GTlsDatabaseGnutls parent_instance;
-  GTlsFileDatabaseGnutlsPrivate *priv;
-};
-
-GType                        g_tls_file_database_gnutls_get_type              (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G, TLS_FILE_DATABASE_GNUTLS, GTlsDatabaseGnutls)
 
 GTlsDatabase*                g_tls_file_database_gnutls_new                   (const gchar *anchor_file);
 

diff --git a/tls/gnutls/gtlsinputstream-gnutls.c b/tls/gnutls/gtlsinputstream-gnutls.c
index ca9cbe2..9128480 100644 (file)
--- a/tls/gnutls/gtlsinputstream-gnutls.c
+++ b/tls/gnutls/gtlsinputstream-gnutls.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,23 +25,27 @@
 #include "config.h"
 #include "gtlsinputstream-gnutls.h"
 
-static void g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G_TYPE_INPUT_STREAM,
-                        G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_gnutls_pollable_iface_init)
-                        )
+#include <glib/gi18n.h>
 
-struct _GTlsInputStreamGnutlsPrivate
+struct _GTlsInputStreamGnutls
 {
+  GInputStream parent_instance;
+
   GWeakRef weak_conn;
 };
 
+static void g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G_TYPE_INPUT_STREAM,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_gnutls_pollable_iface_init)
+                         )
+
 static void
 g_tls_input_stream_gnutls_dispose (GObject *object)
 {
   GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_set (&stream->priv->weak_conn, NULL);
+  g_weak_ref_set (&stream->weak_conn, NULL);
 
   G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->dispose (object);
 }
@@ -49,27 +55,32 @@ g_tls_input_stream_gnutls_finalize (GObject *object)
 {
   GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_clear (&stream->priv->weak_conn);
+  g_weak_ref_clear (&stream->weak_conn);
 
   G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->finalize (object);
 }
 
 static gssize
 g_tls_input_stream_gnutls_read (GInputStream  *stream,
-                               void          *buffer,
-                               gsize          count,
-                               GCancellable  *cancellable,
-                               GError       **error)
+                                void          *buffer,
+                                gsize          count,
+                                GCancellable  *cancellable,
+                                GError       **error)
 {
   GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, -1);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                           _("Connection is closed"));
+      return -1;
+    }
 
   ret = g_tls_connection_gnutls_read (conn,
-                                      buffer, count, TRUE,
+                                      buffer, count, -1  /* blocking */,
                                       cancellable, error);
   g_object_unref (conn);
   return ret;
@@ -82,8 +93,9 @@ g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable)
   GTlsConnectionGnutls *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, FALSE);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    return FALSE;
 
   ret = g_tls_connection_gnutls_check (conn, G_IO_IN);
 
@@ -93,14 +105,19 @@ g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable)
 
 static GSource *
 g_tls_input_stream_gnutls_pollable_create_source (GPollableInputStream *pollable,
-                                                 GCancellable         *cancellable)
+                                                  GCancellable         *cancellable)
 {
   GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
   GTlsConnectionGnutls *conn;
   GSource *ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, NULL);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    {
+      ret = g_idle_source_new ();
+      g_source_set_name (ret, "[glib-networking] g_tls_input_stream_gnutls_pollable_create_source dummy source");
+      return ret;
+    }
 
   ret = g_tls_connection_gnutls_create_source (conn, G_IO_IN, cancellable);
   g_object_unref (conn);
@@ -109,18 +126,24 @@ g_tls_input_stream_gnutls_pollable_create_source (GPollableInputStream *pollable
 
 static gssize
 g_tls_input_stream_gnutls_pollable_read_nonblocking (GPollableInputStream  *pollable,
-                                                    void                  *buffer,
-                                                    gsize                  size,
-                                                    GError               **error)
+                                                     void                  *buffer,
+                                                     gsize                  size,
+                                                     GError               **error)
 {
   GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, -1);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                           _("Connection is closed"));
+      return -1;
+    }
 
-  ret = g_tls_connection_gnutls_read (conn, buffer, size, FALSE, NULL, error);
+  ret = g_tls_connection_gnutls_read (conn, buffer, size,
+                                      0  /* non-blocking */, NULL, error);
 
   g_object_unref (conn);
   return ret;
@@ -135,15 +158,13 @@ g_tls_input_stream_gnutls_close (GInputStream            *stream,
   GIOStream *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
-  /* Special case here because this is called by the finalize
-   * of the main GTlsConnection object.
-   */
   if (conn == NULL)
     return TRUE;
 
   ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_READ,
+                                                -1,  /* blocking */
                                                 cancellable, error);
 
   g_object_unref (conn);
@@ -164,10 +185,11 @@ close_thread (GTask        *task,
   GError *error = NULL;
   GIOStream *conn;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
   if (conn && !g_tls_connection_gnutls_close_internal (conn,
                                                        G_TLS_DIRECTION_READ,
+                                                       -1,  /* blocking */
                                                        cancellable, &error))
     g_task_return_error (task, error);
   else
@@ -179,7 +201,7 @@ close_thread (GTask        *task,
 
 
 static void
-g_tls_input_stream_gnutls_close_async (GInputStream            *stream,
+g_tls_input_stream_gnutls_close_async (GInputStream             *stream,
                                        int                       io_priority,
                                        GCancellable             *cancellable,
                                        GAsyncReadyCallback       callback,
@@ -212,8 +234,6 @@ g_tls_input_stream_gnutls_class_init (GTlsInputStreamGnutlsClass *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsInputStreamGnutlsPrivate));
-
   gobject_class->dispose = g_tls_input_stream_gnutls_dispose;
   gobject_class->finalize = g_tls_input_stream_gnutls_finalize;
 
@@ -234,7 +254,6 @@ g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *if
 static void
 g_tls_input_stream_gnutls_init (GTlsInputStreamGnutls *stream)
 {
-  stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutlsPrivate);
 }
 
 GInputStream *
@@ -243,7 +262,7 @@ g_tls_input_stream_gnutls_new (GTlsConnectionGnutls *conn)
   GTlsInputStreamGnutls *tls_stream;
 
   tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_GNUTLS, NULL);
-  g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+  g_weak_ref_init (&tls_stream->weak_conn, conn);
 
   return G_INPUT_STREAM (tls_stream);
 }

diff --git a/tls/gnutls/gtlsinputstream-gnutls.h b/tls/gnutls/gtlsinputstream-gnutls.h
index d95f7cb..ecafa07 100644 (file)
--- a/tls/gnutls/gtlsinputstream-gnutls.h
+++ b/tls/gnutls/gtlsinputstream-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -22,28 +31,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_INPUT_STREAM_GNUTLS            (g_tls_input_stream_gnutls_get_type ())
-#define G_TLS_INPUT_STREAM_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutls))
-#define G_TLS_INPUT_STREAM_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutlsClass))
-#define G_IS_TLS_INPUT_STREAM_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_INPUT_STREAM_GNUTLS))
-#define G_IS_TLS_INPUT_STREAM_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_INPUT_STREAM_GNUTLS))
-#define G_TLS_INPUT_STREAM_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutlsClass))
-
-typedef struct _GTlsInputStreamGnutlsPrivate GTlsInputStreamGnutlsPrivate;
-typedef struct _GTlsInputStreamGnutlsClass   GTlsInputStreamGnutlsClass;
-typedef struct _GTlsInputStreamGnutls        GTlsInputStreamGnutls;
-
-struct _GTlsInputStreamGnutlsClass
-{
-  GInputStreamClass parent_class;
-};
-
-struct _GTlsInputStreamGnutls
-{
-  GInputStream parent_instance;
-  GTlsInputStreamGnutlsPrivate *priv;
-};
-
-GType         g_tls_input_stream_gnutls_get_type (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G, TLS_INPUT_STREAM_GNUTLS, GInputStream)
+
 GInputStream *g_tls_input_stream_gnutls_new      (GTlsConnectionGnutls *conn);
 
 G_END_DECLS

diff --git a/tls/gnutls/gtlsoutputstream-gnutls.c b/tls/gnutls/gtlsoutputstream-gnutls.c
index aa60f08..062b8ef 100644 (file)
--- a/tls/gnutls/gtlsoutputstream-gnutls.c
+++ b/tls/gnutls/gtlsoutputstream-gnutls.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,23 +25,27 @@
 #include "config.h"
 #include "gtlsoutputstream-gnutls.h"
 
-static void g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G_TYPE_OUTPUT_STREAM,
-                        G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_gnutls_pollable_iface_init)
-                        )
+#include <glib/gi18n.h>
 
-struct _GTlsOutputStreamGnutlsPrivate
+struct _GTlsOutputStreamGnutls
 {
+  GOutputStream parent_instance;
+
   GWeakRef weak_conn;
 };
 
+static void g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G_TYPE_OUTPUT_STREAM,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_gnutls_pollable_iface_init)
+                         )
+
 static void
 g_tls_output_stream_gnutls_dispose (GObject *object)
 {
   GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_set (&stream->priv->weak_conn, NULL);
+  g_weak_ref_set (&stream->weak_conn, NULL);
 
   G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->dispose (object);
 }
@@ -49,26 +55,31 @@ g_tls_output_stream_gnutls_finalize (GObject *object)
 {
   GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_clear (&stream->priv->weak_conn);
+  g_weak_ref_clear (&stream->weak_conn);
 
   G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->finalize (object);
 }
 
 static gssize
 g_tls_output_stream_gnutls_write (GOutputStream  *stream,
-                                 const void     *buffer,
-                                 gsize           count,
-                                 GCancellable   *cancellable,
-                                 GError        **error)
+                                  const void     *buffer,
+                                  gsize           count,
+                                  GCancellable   *cancellable,
+                                  GError        **error)
 {
   GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, -1);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                           _("Connection is closed"));
+      return -1;
+    }
 
-  ret = g_tls_connection_gnutls_write (conn, buffer, count, TRUE,
+  ret = g_tls_connection_gnutls_write (conn, buffer, count, -1  /* blocking */,
                                        cancellable, error);
   g_object_unref (conn);
   return ret;
@@ -81,8 +92,9 @@ g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable
   GTlsConnectionGnutls *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, FALSE);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    return FALSE;
 
   ret = g_tls_connection_gnutls_check (conn, G_IO_OUT);
 
@@ -93,14 +105,19 @@ g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable
 
 static GSource *
 g_tls_output_stream_gnutls_pollable_create_source (GPollableOutputStream *pollable,
-                                                  GCancellable         *cancellable)
+                                                   GCancellable         *cancellable)
 {
   GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
   GTlsConnectionGnutls *conn;
   GSource *ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, NULL);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    {
+      ret = g_idle_source_new ();
+      g_source_set_name (ret, "[glib-networking] g_tls_output_stream_gnutls_pollable_create_source dummy source");
+      return ret;
+    }
 
   ret = g_tls_connection_gnutls_create_source (conn,
                                                G_IO_OUT,
@@ -111,18 +128,24 @@ g_tls_output_stream_gnutls_pollable_create_source (GPollableOutputStream *pollab
 
 static gssize
 g_tls_output_stream_gnutls_pollable_write_nonblocking (GPollableOutputStream  *pollable,
-                                                      const void             *buffer,
-                                                      gsize                   size,
-                                                      GError                **error)
+                                                       const void             *buffer,
+                                                       gsize                   size,
+                                                       GError                **error)
 {
   GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-  g_return_val_if_fail (conn != NULL, -1);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
+  if (conn == NULL)
+    {
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+                           _("Connection is closed"));
+      return -1;
+    }
 
-  ret = g_tls_connection_gnutls_write (conn, buffer, size, FALSE, NULL, error);
+  ret = g_tls_connection_gnutls_write (conn, buffer, size,
+                                       0  /* non-blocking */, NULL, error);
 
   g_object_unref (conn);
   return ret;
@@ -137,15 +160,12 @@ g_tls_output_stream_gnutls_close (GOutputStream            *stream,
   GIOStream *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
-  /* Special case here because this is called by the finalize
-   * of the main GTlsConnection object.
-   */
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   if (conn == NULL)
     return TRUE;
 
   ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_WRITE,
+                                                -1,  /* blocking */
                                                 cancellable, error);
 
   g_object_unref (conn);
@@ -158,18 +178,19 @@ g_tls_output_stream_gnutls_close (GOutputStream            *stream,
  */
 static void
 close_thread (GTask        *task,
-             gpointer      object,
-             gpointer      task_data,
-             GCancellable *cancellable)
+              gpointer      object,
+              gpointer      task_data,
+              GCancellable *cancellable)
 {
   GTlsOutputStreamGnutls *tls_stream = object;
   GError *error = NULL;
   GIOStream *conn;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
   if (conn && !g_tls_connection_gnutls_close_internal (conn,
                                                        G_TLS_DIRECTION_WRITE,
+                                                       -1,  /* blocking */
                                                        cancellable, &error))
     g_task_return_error (task, error);
   else
@@ -214,8 +235,6 @@ g_tls_output_stream_gnutls_class_init (GTlsOutputStreamGnutlsClass *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsOutputStreamGnutlsPrivate));
-
   gobject_class->dispose = g_tls_output_stream_gnutls_dispose;
   gobject_class->finalize = g_tls_output_stream_gnutls_finalize;
 
@@ -236,7 +255,6 @@ g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *
 static void
 g_tls_output_stream_gnutls_init (GTlsOutputStreamGnutls *stream)
 {
-  stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutlsPrivate);
 }
 
 GOutputStream *
@@ -245,7 +263,7 @@ g_tls_output_stream_gnutls_new (GTlsConnectionGnutls *conn)
   GTlsOutputStreamGnutls *tls_stream;
 
   tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, NULL);
-  g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+  g_weak_ref_init (&tls_stream->weak_conn, conn);
 
   return G_OUTPUT_STREAM (tls_stream);
 }

diff --git a/tls/gnutls/gtlsoutputstream-gnutls.h b/tls/gnutls/gtlsoutputstream-gnutls.h
index 812cba3..e7f40d6 100644 (file)
--- a/tls/gnutls/gtlsoutputstream-gnutls.h
+++ b/tls/gnutls/gtlsoutputstream-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -22,28 +31,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_OUTPUT_STREAM_GNUTLS            (g_tls_output_stream_gnutls_get_type ())
-#define G_TLS_OUTPUT_STREAM_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutls))
-#define G_TLS_OUTPUT_STREAM_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutlsClass))
-#define G_IS_TLS_OUTPUT_STREAM_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_OUTPUT_STREAM_GNUTLS))
-#define G_IS_TLS_OUTPUT_STREAM_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_OUTPUT_STREAM_GNUTLS))
-#define G_TLS_OUTPUT_STREAM_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutlsClass))
-
-typedef struct _GTlsOutputStreamGnutlsPrivate GTlsOutputStreamGnutlsPrivate;
-typedef struct _GTlsOutputStreamGnutlsClass   GTlsOutputStreamGnutlsClass;
-typedef struct _GTlsOutputStreamGnutls        GTlsOutputStreamGnutls;
-
-struct _GTlsOutputStreamGnutlsClass
-{
-  GOutputStreamClass parent_class;
-};
-
-struct _GTlsOutputStreamGnutls
-{
-  GOutputStream parent_instance;
-  GTlsOutputStreamGnutlsPrivate *priv;
-};
-
-GType          g_tls_output_stream_gnutls_get_type (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G, TLS_OUTPUT_STREAM_GNUTLS, GOutputStream)
+
 GOutputStream *g_tls_output_stream_gnutls_new      (GTlsConnectionGnutls *conn);
 
 G_END_DECLS

diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c
index aea76fb..b3aebd5 100644 (file)
--- a/tls/gnutls/gtlsserverconnection-gnutls.c
+++ b/tls/gnutls/gtlsserverconnection-gnutls.c
@@ -1,11 +1,13 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -38,54 +40,82 @@ enum
   PROP_AUTHENTICATION_MODE
 };
 
+struct _GTlsServerConnectionGnutls
+{
+  GTlsConnectionGnutls parent_instance;
+
+  GTlsAuthenticationMode authentication_mode;
+
+  gnutls_pcert_st *pcert;
+  unsigned int pcert_length;
+  gnutls_privkey_t pkey;
+};
+
 static void     g_tls_server_connection_gnutls_initable_interface_init (GInitableIface  *iface);
 
 static void g_tls_server_connection_gnutls_server_connection_interface_init (GTlsServerConnectionInterface *iface);
 
-static int g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t             session,
-                                                             const gnutls_datum_t        *req_ca_rdn,
-                                                             int                          nreqs,
-                                                             const gnutls_pk_algorithm_t *pk_algos,
-                                                             int                          pk_algos_length,
-                                                             gnutls_retr2_st             *st);
+static int g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t              session,
+                                                             const gnutls_datum_t         *req_ca_rdn,
+                                                             int                           nreqs,
+                                                             const gnutls_pk_algorithm_t  *pk_algos,
+                                                             int                           pk_algos_length,
+                                                             gnutls_pcert_st             **pcert,
+                                                             unsigned int                 *pcert_length,
+                                                             gnutls_privkey_t             *pkey);
 
 static int            g_tls_server_connection_gnutls_db_store    (void            *user_data,
-                                                                 gnutls_datum_t   key,
-                                                                 gnutls_datum_t   data);
+                                                                  gnutls_datum_t   key,
+                                                                  gnutls_datum_t   data);
 static int            g_tls_server_connection_gnutls_db_remove   (void            *user_data,
-                                                                 gnutls_datum_t   key);
+                                                                  gnutls_datum_t   key);
 static gnutls_datum_t g_tls_server_connection_gnutls_db_retrieve (void            *user_data,
-                                                                 gnutls_datum_t   key);
+                                                                  gnutls_datum_t   key);
 
 static GInitableIface *g_tls_server_connection_gnutls_parent_initable_iface;
 
 G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionGnutls, g_tls_server_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS,
-                        G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                               g_tls_server_connection_gnutls_initable_interface_init)
-                        G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION,
-                                               g_tls_server_connection_gnutls_server_connection_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_server_connection_gnutls_initable_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION,
+                                                g_tls_server_connection_gnutls_server_connection_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_SERVER_CONNECTION,
+                                                NULL)
 )
 
-struct _GTlsServerConnectionGnutlsPrivate
+static void
+clear_gnutls_certificate_copy (GTlsServerConnectionGnutls *gnutls)
 {
-  GTlsAuthenticationMode authentication_mode;
-};
+  g_tls_certificate_gnutls_copy_free (gnutls->pcert, gnutls->pcert_length, gnutls->pkey);
+
+  gnutls->pcert = NULL;
+  gnutls->pcert_length = 0;
+  gnutls->pkey = NULL;
+}
 
 static void
 g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls)
 {
   gnutls_certificate_credentials_t creds;
 
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsPrivate);
-
   creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
-  gnutls_certificate_set_retrieve_function (creds, g_tls_server_connection_gnutls_retrieve_function);
+  gnutls_certificate_set_retrieve_function2 (creds, g_tls_server_connection_gnutls_retrieve_function);
+}
+
+static void
+g_tls_server_connection_gnutls_finalize (GObject *object)
+{
+  GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (object);
+
+  clear_gnutls_certificate_copy (gnutls);
+
+  G_OBJECT_CLASS (g_tls_server_connection_gnutls_parent_class)->finalize (object);
 }
 
 static gboolean
 g_tls_server_connection_gnutls_initable_init (GInitable       *initable,
-                                             GCancellable    *cancellable,
-                                             GError         **error)
+                                              GCancellable    *cancellable,
+                                              GError         **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
   GTlsCertificate *cert;
@@ -104,7 +134,7 @@ g_tls_server_connection_gnutls_initable_init (GInitable       *initable,
   if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert)))
     {
       g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                          _("Certificate has no private key"));
+                           _("Certificate has no private key"));
       return FALSE;
     }
 
@@ -113,16 +143,16 @@ g_tls_server_connection_gnutls_initable_init (GInitable       *initable,
 
 static void
 g_tls_server_connection_gnutls_get_property (GObject    *object,
-                                            guint       prop_id,
-                                            GValue     *value,
-                                            GParamSpec *pspec)
+                                             guint       prop_id,
+                                             GValue     *value,
+                                             GParamSpec *pspec)
 {
   GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (object);
 
   switch (prop_id)
     {
     case PROP_AUTHENTICATION_MODE:
-      g_value_set_enum (value, gnutls->priv->authentication_mode);
+      g_value_set_enum (value, gnutls->authentication_mode);
       break;
       
     default:
@@ -132,16 +162,16 @@ g_tls_server_connection_gnutls_get_property (GObject    *object,
 
 static void
 g_tls_server_connection_gnutls_set_property (GObject      *object,
-                                            guint         prop_id,
-                                            const GValue *value,
-                                            GParamSpec   *pspec)
+                                             guint         prop_id,
+                                             const GValue *value,
+                                             GParamSpec   *pspec)
 {
   GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (object);
 
   switch (prop_id)
     {
     case PROP_AUTHENTICATION_MODE:
-      gnutls->priv->authentication_mode = g_value_get_enum (value);
+      gnutls->authentication_mode = g_value_get_enum (value);
       break;
 
     default:
@@ -150,14 +180,26 @@ g_tls_server_connection_gnutls_set_property (GObject      *object,
 }
 
 static int
-g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t             session,
-                                                  const gnutls_datum_t        *req_ca_rdn,
-                                                  int                          nreqs,
-                                                  const gnutls_pk_algorithm_t *pk_algos,
-                                                  int                          pk_algos_length,
-                                                  gnutls_retr2_st             *st)
+g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t              session,
+                                                  const gnutls_datum_t         *req_ca_rdn,
+                                                  int                           nreqs,
+                                                  const gnutls_pk_algorithm_t  *pk_algos,
+                                                  int                           pk_algos_length,
+                                                  gnutls_pcert_st             **pcert,
+                                                  unsigned int                 *pcert_length,
+                                                  gnutls_privkey_t             *pkey)
 {
-  g_tls_connection_gnutls_get_certificate (gnutls_transport_get_ptr (session), st);
+  GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (gnutls_transport_get_ptr (session));
+
+  clear_gnutls_certificate_copy (gnutls);
+
+  g_tls_connection_gnutls_get_certificate (G_TLS_CONNECTION_GNUTLS (gnutls),
+                                           pcert, pcert_length, pkey);
+
+  gnutls->pcert = *pcert;
+  gnutls->pcert_length = *pcert_length;
+  gnutls->pkey = *pkey;
+
   return 0;
 }
 
@@ -174,7 +216,7 @@ g_tls_server_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
   gnutls_session_t session;
   gnutls_certificate_request_t req_mode;
 
-  switch (gnutls->priv->authentication_mode)
+  switch (gnutls->authentication_mode)
     {
     case G_TLS_AUTHENTICATION_REQUESTED:
       req_mode = GNUTLS_CERT_REQUEST;
@@ -194,7 +236,7 @@ g_tls_server_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
 
 static void
 g_tls_server_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *gnutls,
-                                                GError               **inout_error)
+                                                 GError               **inout_error)
 {
 }
 
@@ -202,8 +244,8 @@ g_tls_server_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *gnutls,
 
 static int
 g_tls_server_connection_gnutls_db_store (void            *user_data,
-                                        gnutls_datum_t   key,
-                                        gnutls_datum_t   data)
+                                         gnutls_datum_t   key,
+                                         gnutls_datum_t   data)
 {
   GBytes *session_id, *session_data;
 
@@ -218,7 +260,7 @@ g_tls_server_connection_gnutls_db_store (void            *user_data,
 
 static int
 g_tls_server_connection_gnutls_db_remove (void            *user_data,
-                                         gnutls_datum_t   key)
+                                          gnutls_datum_t   key)
 {
   GBytes *session_id;
 
@@ -231,7 +273,7 @@ g_tls_server_connection_gnutls_db_remove (void            *user_data,
 
 static gnutls_datum_t
 g_tls_server_connection_gnutls_db_retrieve (void            *user_data,
-                                           gnutls_datum_t   key)
+                                            gnutls_datum_t   key)
 {
   GBytes *session_id, *session_data;
   gnutls_datum_t data;
@@ -262,8 +304,7 @@ g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klas
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsServerConnectionGnutlsPrivate));
-
+  gobject_class->finalize = g_tls_server_connection_gnutls_finalize;
   gobject_class->get_property = g_tls_server_connection_gnutls_get_property;
   gobject_class->set_property = g_tls_server_connection_gnutls_set_property;
 

diff --git a/tls/gnutls/gtlsserverconnection-gnutls.h b/tls/gnutls/gtlsserverconnection-gnutls.h
index d999195..288dab4 100644 (file)
--- a/tls/gnutls/gtlsserverconnection-gnutls.h
+++ b/tls/gnutls/gtlsserverconnection-gnutls.h
@@ -1,13 +1,22 @@
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
  *
  * Copyright 2010 Red Hat, Inc.
  *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
  *
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -22,28 +31,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_SERVER_CONNECTION_GNUTLS            (g_tls_server_connection_gnutls_get_type ())
-#define G_TLS_SERVER_CONNECTION_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutls))
-#define G_TLS_SERVER_CONNECTION_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsClass))
-#define G_IS_TLS_SERVER_CONNECTION_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_SERVER_CONNECTION_GNUTLS))
-#define G_IS_TLS_SERVER_CONNECTION_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_SERVER_CONNECTION_GNUTLS))
-#define G_TLS_SERVER_CONNECTION_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsClass))
-
-typedef struct _GTlsServerConnectionGnutlsPrivate                   GTlsServerConnectionGnutlsPrivate;
-typedef struct _GTlsServerConnectionGnutlsClass                     GTlsServerConnectionGnutlsClass;
-typedef struct _GTlsServerConnectionGnutls                          GTlsServerConnectionGnutls;
-
-struct _GTlsServerConnectionGnutlsClass
-{
-  GTlsConnectionGnutlsClass parent_class;
-};
-
-struct _GTlsServerConnectionGnutls
-{
-  GTlsConnectionGnutls parent_instance;
-  GTlsServerConnectionGnutlsPrivate *priv;
-};
 
-GType g_tls_server_connection_gnutls_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE(GTlsServerConnectionGnutls, g_tls_server_connection_gnutls, G, TLS_SERVER_CONNECTION_GNUTLS, GTlsConnectionGnutls)
 
 G_END_DECLS
 

diff --git a/tls/gnutls/meson.build b/tls/gnutls/meson.build
new file mode 100644 (file)
index 0000000..4ff127e
--- /dev/null
+++ b/tls/gnutls/meson.build
@@ -0,0 +1,43 @@
+sources = files(
+  'gnutls-module.c',
+  'gtlsbackend-gnutls.c',
+  'gtlscertificate-gnutls.c',
+  'gtlsclientconnection-gnutls.c',
+  'gtlsconnection-gnutls.c',
+  'gtlsdatabase-gnutls.c',
+  'gtlsfiledatabase-gnutls.c',
+  'gtlsinputstream-gnutls.c',
+  'gtlsoutputstream-gnutls.c',
+  'gtlsserverconnection-gnutls.c'
+)
+
+incs = [top_inc]
+
+deps = [
+  gio_dep,
+  glib_dep,
+  gmodule_dep,
+  gobject_dep,
+  gnutls_dep
+]
+
+module = shared_module(
+  'giognutls',
+  sources: sources,
+  include_directories: incs,
+  dependencies: deps,
+  link_args: module_ldflags,
+  link_depends: symbol_map,
+  name_suffix: module_suffix,
+  install: true,
+  install_dir: gio_module_dir,
+)
+
+if get_option('static_modules')
+  static_library('giognutls',
+    objects: module.extract_all_objects(),
+    install: true,
+    install_dir: gio_module_dir
+  )
+  pkg.generate(module)
+endif

diff --git a/tls/openssl/gtlsbackend-openssl.c b/tls/openssl/gtlsbackend-openssl.c
new file mode 100644 (file)
index 0000000..abff7bb
--- /dev/null
+++ b/tls/openssl/gtlsbackend-openssl.c
@@ -0,0 +1,300 @@
+/*
+ * gtlsbackend-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+#include <string.h>
+
+#include "openssl-include.h"
+
+#include "gtlsbackend-openssl.h"
+#include "gtlscertificate-openssl.h"
+#include "gtlsserverconnection-openssl.h"
+#include "gtlsclientconnection-openssl.h"
+#include "gtlsfiledatabase-openssl.h"
+
+typedef struct _GTlsBackendOpensslPrivate
+{
+  GMutex mutex;
+  GTlsDatabase *default_database;
+} GTlsBackendOpensslPrivate;
+
+static void g_tls_backend_openssl_interface_init (GTlsBackendInterface *iface);
+
+G_DEFINE_DYNAMIC_TYPE_EXTENDED (GTlsBackendOpenssl, g_tls_backend_openssl, G_TYPE_OBJECT, 0,
+                                G_ADD_PRIVATE_DYNAMIC (GTlsBackendOpenssl)
+                                G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND,
+                                                               g_tls_backend_openssl_interface_init))
+
+static GMutex *mutex_array = NULL;
+
+struct CRYPTO_dynlock_value {
+  GMutex mutex;
+};
+
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
+#endif
+
+static unsigned long
+id_cb (void)
+{
+  return (unsigned long) g_thread_self ();
+}
+
+static void
+locking_cb (int         mode,
+            int         n,
+            const char *file,
+            int         line)
+{
+  if (mode & CRYPTO_LOCK)
+    g_mutex_lock (&mutex_array[n]);
+  else
+    g_mutex_unlock (&mutex_array[n]);
+}
+
+static struct CRYPTO_dynlock_value *
+dyn_create_cb (const char *file,
+               int         line)
+{
+  struct CRYPTO_dynlock_value *value = g_try_new (struct CRYPTO_dynlock_value, 1);
+
+  if (value)
+    g_mutex_init (&value->mutex);
+
+  return value;
+}
+
+static void
+dyn_lock_cb (int                          mode,
+             struct CRYPTO_dynlock_value *l,
+             const char                  *file,
+             int                          line)
+{
+  if (mode & CRYPTO_LOCK)
+    g_mutex_lock (&l->mutex);
+  else
+    g_mutex_unlock (&l->mutex);
+}
+
+static void
+dyn_destroy_cb (struct CRYPTO_dynlock_value *l,
+                const char                  *file,
+                int                          line)
+{
+  g_mutex_clear (&l->mutex);
+  g_free (l);
+}
+
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+
+static gpointer
+gtls_openssl_init (gpointer data)
+{
+  int i;
+  GTypePlugin *plugin;
+
+  /* Initialize openssl threading */
+  mutex_array = g_malloc_n (CRYPTO_num_locks(), sizeof (GMutex));
+  for (i = 0; i < CRYPTO_num_locks (); ++i)
+    g_mutex_init(&mutex_array[i]);
+
+  CRYPTO_set_id_callback (id_cb);
+  CRYPTO_set_locking_callback (locking_cb);
+  CRYPTO_set_dynlock_create_callback (dyn_create_cb);
+  CRYPTO_set_dynlock_lock_callback (dyn_lock_cb);
+  CRYPTO_set_dynlock_destroy_callback (dyn_destroy_cb);
+
+  SSL_library_init ();
+  SSL_load_error_strings ();
+  OpenSSL_add_all_algorithms ();
+
+  /* Leak the module to keep it from being unloaded. */
+  plugin = g_type_get_plugin (G_TYPE_TLS_BACKEND_OPENSSL);
+  if (plugin != NULL)
+    g_type_plugin_use (plugin);
+  return NULL;
+}
+
+static GOnce openssl_inited = G_ONCE_INIT;
+
+static void
+g_tls_backend_openssl_init (GTlsBackendOpenssl *backend)
+{
+  GTlsBackendOpensslPrivate *priv;
+
+  priv = g_tls_backend_openssl_get_instance_private (backend);
+
+  /* Once we call gtls_openssl_init(), we can't allow the module to be
+   * unloaded (since if openssl gets unloaded but gcrypt doesn't, then
+   * gcrypt will have dangling pointers to openssl's mutex functions).
+   * So we initialize it from here rather than at class init time so
+   * that it doesn't happen unless the app is actually using TLS (as
+   * opposed to just calling g_io_modules_scan_all_in_directory()).
+   */
+  g_once (&openssl_inited, gtls_openssl_init, NULL);
+
+  g_mutex_init (&priv->mutex);
+}
+
+static void
+g_tls_backend_openssl_finalize (GObject *object)
+{
+  int i;
+
+  GTlsBackendOpenssl *backend = G_TLS_BACKEND_OPENSSL (object);
+  GTlsBackendOpensslPrivate *priv;
+
+  priv = g_tls_backend_openssl_get_instance_private (backend);
+
+  g_clear_object (&priv->default_database);
+  g_mutex_clear (&priv->mutex);
+
+  CRYPTO_set_id_callback (NULL);
+  CRYPTO_set_locking_callback (NULL);
+  CRYPTO_set_dynlock_create_callback (NULL);
+  CRYPTO_set_dynlock_lock_callback (NULL);
+  CRYPTO_set_dynlock_destroy_callback (NULL);
+  for (i = 0; i < CRYPTO_num_locks(); ++i)
+    g_mutex_clear (&mutex_array[i]);
+  g_free (mutex_array);
+
+  G_OBJECT_CLASS (g_tls_backend_openssl_parent_class)->finalize (object);
+}
+
+static GTlsDatabase *
+g_tls_backend_openssl_real_create_database (GTlsBackendOpenssl  *self,
+                                            GError             **error)
+{
+  gchar *anchor_file = NULL;
+  GTlsDatabase *database;
+
+#ifdef G_OS_WIN32
+  if (g_getenv ("G_TLS_OPENSSL_HANDLE_CERT_RELOCATABLE") != NULL)
+    {
+      gchar *module_dir;
+
+      module_dir = g_win32_get_package_installation_directory_of_module (NULL);
+      anchor_file = g_build_filename (module_dir, "bin", "cert.pem", NULL);
+      g_free (module_dir);
+    }
+#endif
+
+  if (anchor_file == NULL)
+    {
+      const gchar *openssl_cert_file;
+
+      openssl_cert_file = g_getenv (X509_get_default_cert_file_env ());
+      if (openssl_cert_file == NULL)
+        openssl_cert_file = X509_get_default_cert_file ();
+
+      anchor_file = g_strdup (openssl_cert_file);
+    }
+
+  database = g_tls_file_database_new (anchor_file, error);
+  g_free (anchor_file);
+
+  return database;
+}
+
+static void
+g_tls_backend_openssl_class_init (GTlsBackendOpensslClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+
+  gobject_class->finalize = g_tls_backend_openssl_finalize;
+
+  klass->create_database = g_tls_backend_openssl_real_create_database;
+}
+
+static void
+g_tls_backend_openssl_class_finalize (GTlsBackendOpensslClass *backend_class)
+{
+}
+
+static GTlsDatabase*
+g_tls_backend_openssl_get_default_database (GTlsBackend *backend)
+{
+  GTlsBackendOpenssl *openssl_backend = G_TLS_BACKEND_OPENSSL (backend);
+  GTlsBackendOpensslPrivate *priv;
+  GTlsDatabase *result;
+  GError *error = NULL;
+
+  priv = g_tls_backend_openssl_get_instance_private (openssl_backend);
+
+  g_mutex_lock (&priv->mutex);
+
+  if (priv->default_database)
+    {
+      result = g_object_ref (priv->default_database);
+    }
+  else
+    {
+      g_assert (G_TLS_BACKEND_OPENSSL_GET_CLASS (openssl_backend)->create_database);
+      result = G_TLS_BACKEND_OPENSSL_GET_CLASS (openssl_backend)->create_database (openssl_backend, &error);
+      if (error)
+        {
+          g_warning ("Couldn't load TLS file database: %s",
+                     error->message);
+          g_clear_error (&error);
+        }
+      else
+        {
+          g_assert (result);
+          priv->default_database = g_object_ref (result);
+        }
+    }
+
+  g_mutex_unlock (&priv->mutex);
+
+  return result;
+}
+
+static void
+g_tls_backend_openssl_interface_init (GTlsBackendInterface *iface)
+{
+  iface->get_certificate_type = g_tls_certificate_openssl_get_type;
+  iface->get_client_connection_type = g_tls_client_connection_openssl_get_type;
+  iface->get_server_connection_type = g_tls_server_connection_openssl_get_type;
+  iface->get_file_database_type = g_tls_file_database_openssl_get_type;
+  iface->get_default_database = g_tls_backend_openssl_get_default_database;
+}
+
+void
+g_tls_backend_openssl_register (GIOModule *module)
+{
+  g_tls_backend_openssl_register_type (G_TYPE_MODULE (module));
+  if (!module)
+    g_io_extension_point_register (G_TLS_BACKEND_EXTENSION_POINT_NAME);
+  g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
+                                  g_tls_backend_openssl_get_type(),
+                                  "openssl",
+                                  -1);
+}

diff --git a/tls/openssl/gtlsbackend-openssl.h b/tls/openssl/gtlsbackend-openssl.h
new file mode 100644 (file)
index 0000000..410b0fb
--- /dev/null
+++ b/tls/openssl/gtlsbackend-openssl.h
@@ -0,0 +1,48 @@
+/*
+ * gtlsbackend-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_BACKEND_OPENSSL_H__
+#define __G_TLS_BACKEND_OPENSSL_H__
+
+#include <gio/gio.h>
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_BACKEND_OPENSSL (g_tls_backend_openssl_get_type ())
+G_DECLARE_DERIVABLE_TYPE (GTlsBackendOpenssl, g_tls_backend_openssl,
+                          G, TLS_BACKEND_OPENSSL, GObject)
+
+struct _GTlsBackendOpensslClass
+{
+  GObjectClass parent_class;
+
+  GTlsDatabase*   (*create_database)      (GTlsBackendOpenssl         *backend,
+                                           GError                    **error);
+};
+
+void    g_tls_backend_openssl_register       (GIOModule *module);
+
+G_END_DECLS
+
+#endif /* __G_TLS_BACKEND_OPENSSL_H___ */

diff --git a/tls/openssl/gtlsbio.c b/tls/openssl/gtlsbio.c
new file mode 100644 (file)
index 0000000..7169dea
--- /dev/null
+++ b/tls/openssl/gtlsbio.c
@@ -0,0 +1,398 @@
+/*
+ * gtlsbio.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "gtlsbio.h"
+
+#include <string.h>
+
+typedef struct {
+  GIOStream *io_stream;
+  GCancellable *read_cancellable;
+  GCancellable *write_cancellable;
+  gboolean read_blocking;
+  gboolean write_blocking;
+  GError **read_error;
+  GError **write_error;
+} GTlsBio;
+
+static void
+free_gbio (gpointer user_data)
+{
+  GTlsBio *bio = (GTlsBio *)user_data;
+
+  g_object_unref (bio->io_stream);
+  g_free (bio);
+}
+
+static int
+gtls_bio_create (BIO *bio)
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  bio->init = 0;
+  bio->num = 0;
+  bio->ptr = NULL;
+  bio->flags = 0;
+#else
+  BIO_set_init (bio, 0);
+  BIO_set_data (bio, NULL);
+  BIO_clear_flags (bio, ~0);
+#endif
+  return 1;
+}
+
+static int
+gtls_bio_destroy (BIO *bio)
+{
+  if (bio == NULL)
+    return 0;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  if (bio->shutdown)
+    {
+      if (bio->ptr != NULL)
+        {
+          free_gbio (bio->ptr);
+          bio->ptr = NULL;
+        }
+      bio->init = 0;
+      bio->flags = 0;
+    }
+#else
+  if (BIO_get_shutdown (bio))
+    {
+      if (BIO_get_data (bio) != NULL)
+        {
+          free_gbio (BIO_get_data (bio));
+          BIO_set_data (bio, NULL);
+        }
+      BIO_clear_flags (bio, ~0);
+      BIO_set_init (bio, 0);
+    }
+#endif
+
+    return 1;
+}
+
+static long
+gtls_bio_ctrl (BIO  *b,
+               int   cmd,
+               long  num,
+               void *ptr)
+{
+  long ret = 1;
+
+  switch (cmd)
+    {
+    case BIO_CTRL_GET_CLOSE:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+      ret = b->shutdown;
+#else
+      ret = BIO_get_shutdown (b);
+#endif
+      break;
+    case BIO_CTRL_SET_CLOSE:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+      b->shutdown = (int)num;
+#else
+      BIO_set_shutdown (b, (int)num);
+#endif
+      break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+      ret = 1;
+      break;
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+      ret = 0;
+      break;
+    default:
+      g_debug ("Got unsupported command: %d", cmd);
+      ret = 0;
+      break;
+    }
+
+  return ret;
+}
+
+static int
+gtls_bio_write (BIO        *bio,
+                const char *in,
+                int         inl)
+{
+  GTlsBio *gbio;
+  gssize written;
+  GError *error = NULL;
+
+  if (
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+      !bio->init ||
+#else
+      !BIO_get_init (bio) ||
+#endif
+      in == NULL || inl == 0)
+    return 0;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+
+  BIO_clear_retry_flags (bio);
+  written = g_pollable_stream_write (g_io_stream_get_output_stream (gbio->io_stream),
+                                     in, inl,
+                                     gbio->write_blocking,
+                                     gbio->write_cancellable,
+                                     &error);
+
+  if (written == -1)
+    {
+      if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+        BIO_set_retry_write (bio);
+
+      g_propagate_error (gbio->write_error, error);
+    }
+
+  return written;
+}
+
+static int
+gtls_bio_read (BIO  *bio,
+               char *out,
+               int   outl)
+{
+  GTlsBio *gbio;
+  gssize read;
+  GError *error = NULL;
+
+  if (
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+      !bio->init ||
+#else
+      !BIO_get_init (bio) ||
+#endif
+      out == NULL || outl == 0)
+    return 0;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+
+  BIO_clear_retry_flags (bio);
+  read = g_pollable_stream_read (g_io_stream_get_input_stream (gbio->io_stream),
+                                 out, outl,
+                                 gbio->read_blocking,
+                                 gbio->read_cancellable,
+                                 &error);
+
+  if (read == -1)
+    {
+      if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+        BIO_set_retry_read (bio);
+
+      g_propagate_error (gbio->read_error, error);
+    }
+
+  return read;
+}
+
+static int
+gtls_bio_puts(BIO        *bio,
+              const char *str)
+{
+  return gtls_bio_write (bio, str, (int)strlen (str));
+}
+
+static int
+gtls_bio_gets(BIO  *bio,
+              char *buf,
+              int   len)
+{
+  return -1;
+}
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+static BIO_METHOD methods_gtls = {
+  BIO_TYPE_SOURCE_SINK,
+  "gtls",
+  gtls_bio_write,
+  gtls_bio_read,
+  gtls_bio_puts,
+  gtls_bio_gets,
+  gtls_bio_ctrl,
+  gtls_bio_create,
+  gtls_bio_destroy
+};
+#else
+static BIO_METHOD *methods_gtls = NULL;
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+static BIO_METHOD *
+BIO_s_gtls (void)
+{
+  return &methods_gtls;
+}
+#else
+static const BIO_METHOD *
+BIO_s_gtls (void)
+{
+  if (methods_gtls == NULL)
+    {
+      methods_gtls = BIO_meth_new (BIO_TYPE_SOURCE_SINK | BIO_get_new_index (), "gtls");
+      if (methods_gtls == NULL ||
+          !BIO_meth_set_write (methods_gtls, gtls_bio_write) ||
+          !BIO_meth_set_read (methods_gtls, gtls_bio_read) ||
+          !BIO_meth_set_puts (methods_gtls, gtls_bio_puts) ||
+          !BIO_meth_set_gets (methods_gtls, gtls_bio_gets) ||
+          !BIO_meth_set_ctrl (methods_gtls, gtls_bio_ctrl) ||
+          !BIO_meth_set_create (methods_gtls, gtls_bio_create) ||
+          !BIO_meth_set_destroy (methods_gtls, gtls_bio_destroy))
+        return NULL;
+    }
+  return methods_gtls;
+}
+#endif
+
+BIO *
+g_tls_bio_new (GIOStream *io_stream)
+{
+  BIO *ret;
+  GTlsBio *gbio;
+
+  ret = BIO_new(BIO_s_gtls ());
+  if (ret == NULL)
+    return NULL;
+
+  gbio = g_new0 (GTlsBio, 1);
+  gbio->io_stream = g_object_ref (io_stream);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  ret->ptr = gbio;
+  ret->init = 1;
+#else
+  BIO_set_data (ret, gbio);
+  BIO_set_init (ret, 1);
+#endif
+
+  return ret;
+}
+
+void
+g_tls_bio_set_read_cancellable (BIO          *bio,
+                                GCancellable *cancellable)
+{
+  GTlsBio *gbio;
+
+  g_return_if_fail (bio != NULL);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+  gbio->read_cancellable = cancellable;
+}
+
+void
+g_tls_bio_set_read_blocking (BIO      *bio,
+                             gboolean  blocking)
+{
+  GTlsBio *gbio;
+
+  g_return_if_fail (bio != NULL);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+  gbio->read_blocking = blocking;
+}
+
+void
+g_tls_bio_set_read_error (BIO     *bio,
+                          GError **error)
+{
+  GTlsBio *gbio;
+
+  g_return_if_fail (bio != NULL);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+  gbio->read_error = error;
+}
+
+void
+g_tls_bio_set_write_cancellable (BIO          *bio,
+                                 GCancellable *cancellable)
+{
+  GTlsBio *gbio;
+
+  g_return_if_fail (bio != NULL);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+  gbio->write_cancellable = cancellable;
+}
+
+void
+g_tls_bio_set_write_blocking (BIO          *bio,
+                              gboolean      blocking)
+{
+  GTlsBio *gbio;
+
+  g_return_if_fail (bio != NULL);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+  gbio->write_blocking = blocking;
+}
+
+void
+g_tls_bio_set_write_error (BIO     *bio,
+                           GError **error)
+{
+  GTlsBio *gbio;
+
+  g_return_if_fail (bio != NULL);
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+  gbio = (GTlsBio *)bio->ptr;
+#else
+  gbio = BIO_get_data (bio);
+#endif
+  gbio->write_error = error;
+}

diff --git a/tls/openssl/gtlsbio.h b/tls/openssl/gtlsbio.h
new file mode 100644 (file)
index 0000000..caa1e9b
--- /dev/null
+++ b/tls/openssl/gtlsbio.h
@@ -0,0 +1,55 @@
+/*
+ * gtlsbio.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_BIO_H__
+#define __G_TLS_BIO_H__
+
+#include <gio/gio.h>
+#include "openssl-include.h"
+
+G_BEGIN_DECLS
+
+BIO       *g_tls_bio_new                   (GIOStream    *io_stream);
+
+void       g_tls_bio_set_read_cancellable  (BIO          *bio,
+                                            GCancellable *cancellable);
+
+void       g_tls_bio_set_read_blocking     (BIO          *bio,
+                                            gboolean      blocking);
+
+void       g_tls_bio_set_read_error        (BIO          *bio,
+                                            GError      **error);
+
+void       g_tls_bio_set_write_cancellable (BIO          *bio,
+                                            GCancellable *cancellable);
+
+void       g_tls_bio_set_write_blocking    (BIO          *bio,
+                                            gboolean      blocking);
+
+void       g_tls_bio_set_write_error       (BIO          *bio,
+                                            GError      **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_BIO_H__ */

diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
new file mode 100644 (file)
index 0000000..83e6e28
--- /dev/null
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -0,0 +1,701 @@
+/*
+ * gtlscertificate-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include "openssl-include.h"
+
+#include "gtlscertificate-openssl.h"
+#include "openssl-util.h"
+#include <glib/gi18n-lib.h>
+
+typedef struct _GTlsCertificateOpensslPrivate
+{
+  X509 *cert;
+  EVP_PKEY *key;
+
+  GTlsCertificateOpenssl *issuer;
+
+  GError *construct_error;
+
+  guint have_cert : 1;
+  guint have_key  : 1;
+} GTlsCertificateOpensslPrivate;
+
+enum
+{
+  PROP_0,
+
+  PROP_CERTIFICATE,
+  PROP_CERTIFICATE_PEM,
+  PROP_PRIVATE_KEY,
+  PROP_PRIVATE_KEY_PEM,
+  PROP_ISSUER
+};
+
+static void     g_tls_certificate_openssl_initable_iface_init (GInitableIface  *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsCertificateOpenssl, g_tls_certificate_openssl, G_TYPE_TLS_CERTIFICATE,
+                         G_ADD_PRIVATE (GTlsCertificateOpenssl)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_certificate_openssl_initable_iface_init))
+
+static void
+g_tls_certificate_openssl_finalize (GObject *object)
+{
+  GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
+  GTlsCertificateOpensslPrivate *priv;
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  if (priv->cert)
+    X509_free (priv->cert);
+  if (priv->key)
+    EVP_PKEY_free (priv->key);
+
+  g_clear_object (&priv->issuer);
+
+  g_clear_error (&priv->construct_error);
+
+  G_OBJECT_CLASS (g_tls_certificate_openssl_parent_class)->finalize (object);
+}
+
+static void
+g_tls_certificate_openssl_get_property (GObject    *object,
+                                        guint       prop_id,
+                                        GValue     *value,
+                                        GParamSpec *pspec)
+{
+  GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
+  GTlsCertificateOpensslPrivate *priv;
+  GByteArray *certificate;
+  guint8 *data;
+  BIO *bio;
+  char *certificate_pem;
+  int size;
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  switch (prop_id)
+    {
+    case PROP_CERTIFICATE:
+      /* NOTE: we do the two calls to avoid openssl allocating the buffer for us */
+      size = i2d_X509 (priv->cert, NULL);
+      if (size < 0)
+        certificate = NULL;
+      else
+        {
+          certificate = g_byte_array_sized_new (size);
+          certificate->len = size;
+          data = certificate->data;
+          size = i2d_X509 (priv->cert, &data);
+          if (size < 0)
+            {
+              g_byte_array_free (certificate, TRUE);
+              certificate = NULL;
+            }
+        }
+      g_value_take_boxed (value, certificate);
+      break;
+
+    case PROP_CERTIFICATE_PEM:
+      bio = BIO_new (BIO_s_mem ());
+
+      if (!PEM_write_bio_X509 (bio, priv->cert) || !BIO_write (bio, "\0", 1))
+        certificate_pem = NULL;
+      else
+        {
+          BIO_get_mem_data (bio, &certificate_pem);
+          g_value_set_string (value, certificate_pem);
+
+          BIO_free_all (bio);
+        }
+      break;
+
+    case PROP_ISSUER:
+      g_value_set_object (value, priv->issuer);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_certificate_openssl_set_property (GObject      *object,
+                                       guint         prop_id,
+                                       const GValue *value,
+                                       GParamSpec   *pspec)
+{
+  GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
+  GTlsCertificateOpensslPrivate *priv;
+  GByteArray *bytes;
+  guint8 *data;
+  BIO *bio;
+  const char *string;
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  switch (prop_id)
+    {
+    case PROP_CERTIFICATE:
+      bytes = g_value_get_boxed (value);
+      if (!bytes)
+        break;
+      g_return_if_fail (priv->have_cert == FALSE);
+      /* see that we cannot use bytes->data directly since it will move the pointer */
+      data = bytes->data;
+      priv->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
+      if (priv->cert != NULL)
+        priv->have_cert = TRUE;
+      else if (!priv->construct_error)
+        {
+          priv->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse DER certificate: %s"),
+                         ERR_error_string (ERR_get_error (), NULL));
+        }
+
+      break;
+
+    case PROP_CERTIFICATE_PEM:
+      string = g_value_get_string (value);
+      if (!string)
+        break;
+      g_return_if_fail (priv->have_cert == FALSE);
+      bio = BIO_new_mem_buf ((gpointer)string, -1);
+      priv->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
+      BIO_free (bio);
+      if (priv->cert != NULL)
+        priv->have_cert = TRUE;
+      else if (!priv->construct_error)
+        {
+          priv->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse PEM certificate: %s"),
+                         ERR_error_string (ERR_get_error (), NULL));
+        }
+      break;
+
+    case PROP_PRIVATE_KEY:
+      bytes = g_value_get_boxed (value);
+      if (!bytes)
+        break;
+      g_return_if_fail (priv->have_key == FALSE);
+      bio = BIO_new_mem_buf (bytes->data, bytes->len);
+      priv->key = d2i_PrivateKey_bio (bio, NULL);
+      BIO_free (bio);
+      if (priv->key != NULL)
+        priv->have_key = TRUE;
+      else if (!priv->construct_error)
+        {
+          priv->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse DER private key: %s"),
+                         ERR_error_string (ERR_get_error (), NULL));
+        }
+      break;
+
+    case PROP_PRIVATE_KEY_PEM:
+      string = g_value_get_string (value);
+      if (!string)
+        break;
+      g_return_if_fail (priv->have_key == FALSE);
+      bio = BIO_new_mem_buf ((gpointer)string, -1);
+      priv->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
+      BIO_free (bio);
+      if (priv->key != NULL)
+        priv->have_key = TRUE;
+      else if (!priv->construct_error)
+        {
+          priv->construct_error =
+            g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                         _("Could not parse PEM private key: %s"),
+                         ERR_error_string (ERR_get_error (), NULL));
+        }
+      break;
+
+    case PROP_ISSUER:
+      priv->issuer = g_value_dup_object (value);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_certificate_openssl_init (GTlsCertificateOpenssl *openssl)
+{
+}
+
+static gboolean
+g_tls_certificate_openssl_initable_init (GInitable       *initable,
+                                         GCancellable    *cancellable,
+                                         GError         **error)
+{
+  GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (initable);
+  GTlsCertificateOpensslPrivate *priv;
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  if (priv->construct_error)
+    {
+      g_propagate_error (error, priv->construct_error);
+      priv->construct_error = NULL;
+      return FALSE;
+    }
+  else if (!priv->have_cert)
+    {
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                           _("No certificate data provided"));
+      return FALSE;
+    }
+  else
+    return TRUE;
+}
+
+static GTlsCertificateFlags
+g_tls_certificate_openssl_verify (GTlsCertificate     *cert,
+                                  GSocketConnectable  *identity,
+                                  GTlsCertificate     *trusted_ca)
+{
+  GTlsCertificateOpenssl *cert_openssl;
+  GTlsCertificateOpensslPrivate *priv;
+  GTlsCertificateFlags gtls_flags;
+  X509 *x;
+  STACK_OF(X509) *untrusted;
+  gint i;
+
+  cert_openssl = G_TLS_CERTIFICATE_OPENSSL (cert);
+  priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
+  x = priv->cert;
+
+  untrusted = sk_X509_new_null ();
+  for (; cert_openssl; cert_openssl = priv->issuer)
+    {
+      priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
+      sk_X509_push (untrusted, priv->cert);
+    }
+
+  gtls_flags = 0;
+
+  if (trusted_ca)
+    {
+      X509_STORE *store;
+      X509_STORE_CTX *csc;
+      STACK_OF(X509) *trusted;
+
+      store = X509_STORE_new ();
+      csc = X509_STORE_CTX_new ();
+
+      if (!X509_STORE_CTX_init (csc, store, x, untrusted))
+        {
+          sk_X509_free (untrusted);
+          X509_STORE_CTX_free (csc);
+          X509_STORE_free (store);
+          return G_TLS_CERTIFICATE_GENERIC_ERROR;
+        }
+
+      trusted = sk_X509_new_null ();
+      cert_openssl = G_TLS_CERTIFICATE_OPENSSL (trusted_ca);
+      for (; cert_openssl; cert_openssl = priv->issuer)
+        {
+          priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
+          sk_X509_push (trusted, priv->cert);
+        }
+
+      X509_STORE_CTX_trusted_stack (csc, trusted);
+      if (X509_verify_cert (csc) <= 0)
+        gtls_flags |= g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
+
+      sk_X509_free (trusted);
+      X509_STORE_CTX_free (csc);
+      X509_STORE_free (store);
+    }
+
+  /* We have to check these ourselves since openssl
+   * does not give us flags and UNKNOWN_CA will take priority.
+   */
+  for (i = 0; i < sk_X509_num (untrusted); i++)
+    {
+      X509 *c = sk_X509_value (untrusted, i);
+      ASN1_TIME *not_before = X509_get_notBefore (c);
+      ASN1_TIME *not_after = X509_get_notAfter (c);
+
+      if (X509_cmp_current_time (not_before) > 0)
+        gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
+
+      if (X509_cmp_current_time (not_after) < 0)
+        gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
+    }
+
+  sk_X509_free (untrusted);
+
+  if (identity)
+    gtls_flags |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (cert), identity);
+
+  return gtls_flags;
+}
+
+static void
+g_tls_certificate_openssl_class_init (GTlsCertificateOpensslClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsCertificateClass *certificate_class = G_TLS_CERTIFICATE_CLASS (klass);
+
+  gobject_class->get_property = g_tls_certificate_openssl_get_property;
+  gobject_class->set_property = g_tls_certificate_openssl_set_property;
+  gobject_class->finalize     = g_tls_certificate_openssl_finalize;
+
+  certificate_class->verify = g_tls_certificate_openssl_verify;
+
+  g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
+  g_object_class_override_property (gobject_class, PROP_CERTIFICATE_PEM, "certificate-pem");
+  g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
+  g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
+  g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer");
+}
+
+static void
+g_tls_certificate_openssl_initable_iface_init (GInitableIface  *iface)
+{
+  iface->init = g_tls_certificate_openssl_initable_init;
+}
+
+GTlsCertificate *
+g_tls_certificate_openssl_new (GBytes          *bytes,
+                               GTlsCertificate *issuer)
+{
+  GTlsCertificateOpenssl *openssl;
+
+  openssl = g_object_new (G_TYPE_TLS_CERTIFICATE_OPENSSL,
+                          "issuer", issuer,
+                          NULL);
+  g_tls_certificate_openssl_set_data (openssl, bytes);
+
+  return G_TLS_CERTIFICATE (openssl);
+}
+
+GTlsCertificate *
+g_tls_certificate_openssl_new_from_x509 (X509            *x,
+                                         GTlsCertificate *issuer)
+{
+  GTlsCertificateOpenssl *openssl;
+  GTlsCertificateOpensslPrivate *priv;
+
+  openssl = g_object_new (G_TYPE_TLS_CERTIFICATE_OPENSSL,
+                          "issuer", issuer,
+                          NULL);
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  priv->cert = X509_dup (x);
+  priv->have_cert = TRUE;
+
+  return G_TLS_CERTIFICATE (openssl);
+}
+
+void
+g_tls_certificate_openssl_set_data (GTlsCertificateOpenssl *openssl,
+                                    GBytes                 *bytes)
+{
+  GTlsCertificateOpensslPrivate *priv;
+  const unsigned char *data;
+
+  g_return_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl));
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  g_return_if_fail (!priv->have_cert);
+
+  data = (const unsigned char *)g_bytes_get_data (bytes, NULL);
+  priv->cert = d2i_X509 (NULL, &data, g_bytes_get_size (bytes));
+
+  if (priv->cert != NULL)
+    priv->have_cert = TRUE;
+}
+
+GBytes *
+g_tls_certificate_openssl_get_bytes (GTlsCertificateOpenssl *openssl)
+{
+  GByteArray *array;
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), NULL);
+
+  g_object_get (openssl, "certificate", &array, NULL);
+  return g_byte_array_free_to_bytes (array);
+}
+
+X509 *
+g_tls_certificate_openssl_get_cert (GTlsCertificateOpenssl *openssl)
+{
+  GTlsCertificateOpensslPrivate *priv;
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), FALSE);
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  return priv->cert;
+}
+
+EVP_PKEY *
+g_tls_certificate_openssl_get_key (GTlsCertificateOpenssl *openssl)
+{
+  GTlsCertificateOpensslPrivate *priv;
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), FALSE);
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  return priv->key;
+}
+
+void
+g_tls_certificate_openssl_set_issuer (GTlsCertificateOpenssl *openssl,
+                                      GTlsCertificateOpenssl *issuer)
+{
+  GTlsCertificateOpensslPrivate *priv;
+
+  g_return_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl));
+  g_return_if_fail (!issuer || G_IS_TLS_CERTIFICATE_OPENSSL (issuer));
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  if (g_set_object (&priv->issuer, issuer))
+    g_object_notify (G_OBJECT (openssl), "issuer");
+}
+
+static gboolean
+verify_identity_hostname (GTlsCertificateOpenssl *openssl,
+                          GSocketConnectable     *identity)
+{
+  GTlsCertificateOpensslPrivate *priv;
+  const char *hostname;
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  if (G_IS_NETWORK_ADDRESS (identity))
+    hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+  else if (G_IS_NETWORK_SERVICE (identity))
+    hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+  else
+    return FALSE;
+
+  return g_tls_X509_check_host (priv->cert, hostname, strlen (hostname), 0, NULL) == 1;
+}
+
+static gboolean
+verify_identity_ip (GTlsCertificateOpenssl *openssl,
+                    GSocketConnectable     *identity)
+{
+  GTlsCertificateOpensslPrivate *priv;
+  GInetAddress *addr;
+  gsize addr_size;
+  const guint8 *addr_bytes;
+  gboolean ret;
+
+  priv = g_tls_certificate_openssl_get_instance_private (openssl);
+
+  if (G_IS_INET_SOCKET_ADDRESS (identity))
+    addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)));
+  else {
+    const char *hostname;
+
+    if (G_IS_NETWORK_ADDRESS (identity))
+      hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+    else if (G_IS_NETWORK_SERVICE (identity))
+      hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+    else
+      return FALSE;
+
+    addr = g_inet_address_new_from_string (hostname);
+    if (!addr)
+      return FALSE;
+  }
+
+  addr_bytes = g_inet_address_to_bytes (addr);
+  addr_size = g_inet_address_get_native_size (addr);
+
+  ret = g_tls_X509_check_ip (priv->cert, addr_bytes, addr_size, 0) == 1;
+
+  g_object_unref (addr);
+  return ret;
+}
+
+GTlsCertificateFlags
+g_tls_certificate_openssl_verify_identity (GTlsCertificateOpenssl *openssl,
+                                           GSocketConnectable     *identity)
+{
+  if (verify_identity_hostname (openssl, identity))
+    return 0;
+  else if (verify_identity_ip (openssl, identity))
+    return 0;
+
+  /* FIXME: check sRVName and uniformResourceIdentifier
+   * subjectAltNames, if appropriate for @identity.
+   */
+
+  return G_TLS_CERTIFICATE_BAD_IDENTITY;
+}
+
+GTlsCertificateFlags
+g_tls_certificate_openssl_convert_error (guint openssl_error)
+{
+  GTlsCertificateFlags gtls_flags;
+
+  gtls_flags = 0;
+
+  /* FIXME: should we add more ? */
+  switch (openssl_error)
+    {
+    case X509_V_OK:
+      break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+      gtls_flags = G_TLS_CERTIFICATE_NOT_ACTIVATED;
+      break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+      gtls_flags = G_TLS_CERTIFICATE_EXPIRED;
+      break;
+    case X509_V_ERR_CERT_REVOKED:
+      gtls_flags = G_TLS_CERTIFICATE_REVOKED;
+      break;
+    case X509_V_ERR_AKID_SKID_MISMATCH:
+      gtls_flags = G_TLS_CERTIFICATE_BAD_IDENTITY;
+      break;
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+      gtls_flags = G_TLS_CERTIFICATE_UNKNOWN_CA;
+      break;
+    default:
+      g_message ("certificate error: %s", X509_verify_cert_error_string (openssl_error));
+      gtls_flags = G_TLS_CERTIFICATE_GENERIC_ERROR;
+    }
+
+  return gtls_flags;
+}
+
+static gboolean
+is_issuer (GTlsCertificateOpenssl *cert,
+           GTlsCertificateOpenssl *issuer)
+{
+  X509 *x;
+  X509 *issuer_x;
+  X509_STORE *store;
+  X509_STORE_CTX *csc;
+  STACK_OF(X509) *trusted;
+  gboolean ret = FALSE;
+  gint err;
+
+  x = g_tls_certificate_openssl_get_cert (cert);
+  issuer_x = g_tls_certificate_openssl_get_cert (issuer);
+
+  store = X509_STORE_new ();
+  csc = X509_STORE_CTX_new ();
+
+  if (!X509_STORE_CTX_init (csc, store, x, NULL))
+    goto end;
+
+  trusted = sk_X509_new_null ();
+  sk_X509_push (trusted, issuer_x);
+
+  X509_STORE_CTX_trusted_stack (csc, trusted);
+  X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CB_ISSUER_CHECK);
+
+  /* FIXME: is this the right way to do it? */
+  if (X509_verify_cert (csc) <= 0)
+    {
+      err = X509_STORE_CTX_get_error (csc);
+      if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+        ret = TRUE;
+    }
+  else
+    ret = TRUE;
+
+  sk_X509_free (trusted);
+
+end:
+  X509_STORE_CTX_free (csc);
+  X509_STORE_free (store);
+
+  return ret;
+}
+
+GTlsCertificateOpenssl *
+g_tls_certificate_openssl_build_chain (X509            *x,
+                                       STACK_OF (X509) *chain)
+{
+  GPtrArray *glib_certs;
+  GTlsCertificateOpenssl *issuer;
+  GTlsCertificateOpenssl *result;
+  guint i, j;
+
+  g_return_val_if_fail (x != NULL, NULL);
+  g_return_val_if_fail (chain, NULL);
+
+  glib_certs = g_ptr_array_new_full (sk_X509_num (chain), g_object_unref);
+  g_ptr_array_add (glib_certs, g_tls_certificate_openssl_new_from_x509 (x, NULL));
+  for (i = 1; i < sk_X509_num (chain); i++)
+    g_ptr_array_add (glib_certs, g_tls_certificate_openssl_new_from_x509 (sk_X509_value (chain, i), NULL));
+
+  /* Some servers send certs out of order, or will send duplicate
+   * certs, so we need to be careful when assigning the issuer of
+   * our new GTlsCertificateOpenssl.
+   */
+  for (i = 0; i < glib_certs->len; i++)
+    {
+      issuer = NULL;
+
+      /* Check if the cert issued itself */
+      if (is_issuer (glib_certs->pdata[i], glib_certs->pdata[i]))
+        continue;
+
+      if (i < glib_certs->len - 1 &&
+          is_issuer (glib_certs->pdata[i], glib_certs->pdata[i + 1]))
+        {
+          issuer = glib_certs->pdata[i + 1];
+        }
+      else
+        {
+          for (j = 0; j < glib_certs->len; j++)
+            {
+              if (j != i &&
+                  is_issuer (glib_certs->pdata[i], glib_certs->pdata[j]))
+                {
+                  issuer = glib_certs->pdata[j];
+                  break;
+                }
+            }
+        }
+
+      if (issuer)
+        g_tls_certificate_openssl_set_issuer (glib_certs->pdata[i], issuer);
+    }
+
+  result = g_object_ref (glib_certs->pdata[0]);
+  g_ptr_array_unref (glib_certs);
+
+  return result;
+}

diff --git a/tls/openssl/gtlscertificate-openssl.h b/tls/openssl/gtlscertificate-openssl.h
new file mode 100644 (file)
index 0000000..0827c0f
--- /dev/null
+++ b/tls/openssl/gtlscertificate-openssl.h
@@ -0,0 +1,69 @@
+/*
+ * gtlscertificate-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_CERTIFICATE_OPENSSL_H__
+#define __G_TLS_CERTIFICATE_OPENSSL_H__
+
+#include <gio/gio.h>
+#include "openssl-include.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_openssl_get_type ())
+G_DECLARE_DERIVABLE_TYPE (GTlsCertificateOpenssl, g_tls_certificate_openssl,
+                          G, TLS_CERTIFICATE_OPENSSL, GTlsCertificate)
+
+struct _GTlsCertificateOpensslClass
+{
+  GTlsCertificateClass parent_class;
+};
+
+GTlsCertificate             *g_tls_certificate_openssl_new             (GBytes                 *bytes,
+                                                                        GTlsCertificate        *issuer);
+
+GTlsCertificate             *g_tls_certificate_openssl_new_from_x509   (X509                   *x,
+                                                                        GTlsCertificate        *issuer);
+
+void                         g_tls_certificate_openssl_set_data        (GTlsCertificateOpenssl *openssl,
+                                                                        GBytes                 *bytes);
+
+GBytes *                     g_tls_certificate_openssl_get_bytes       (GTlsCertificateOpenssl *openssl);
+
+X509                        *g_tls_certificate_openssl_get_cert        (GTlsCertificateOpenssl *openssl);
+EVP_PKEY                    *g_tls_certificate_openssl_get_key         (GTlsCertificateOpenssl *openssl);
+
+void                         g_tls_certificate_openssl_set_issuer      (GTlsCertificateOpenssl *openssl,
+                                                                        GTlsCertificateOpenssl *issuer);
+
+GTlsCertificateFlags         g_tls_certificate_openssl_verify_identity (GTlsCertificateOpenssl *openssl,
+                                                                        GSocketConnectable     *identity);
+
+GTlsCertificateFlags         g_tls_certificate_openssl_convert_error   (guint                   openssl_error);
+
+GTlsCertificateOpenssl      *g_tls_certificate_openssl_build_chain     (X509                   *x,
+                                                                        STACK_OF (X509)        *chain);
+
+G_END_DECLS
+
+#endif /* __G_TLS_CERTIFICATE_OPENSSL_H___ */

diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
new file mode 100644 (file)
index 0000000..70e26a0
--- /dev/null
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -0,0 +1,572 @@
+/*
+ * gtlsclientconnection-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+#include <string.h>
+
+#include "openssl-include.h"
+#include "gtlsconnection-base.h"
+#include "gtlsclientconnection-openssl.h"
+#include "gtlsbackend-openssl.h"
+#include "gtlscertificate-openssl.h"
+#include <glib/gi18n-lib.h>
+
+#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+
+typedef struct _GTlsClientConnectionOpensslPrivate
+{
+  GTlsCertificateFlags validation_flags;
+  GSocketConnectable *server_identity;
+  gboolean use_ssl3;
+  gboolean session_data_override;
+
+  GBytes *session_id;
+  GBytes *session_data;
+
+  STACK_OF (X509_NAME) *ca_list;
+
+  SSL_SESSION *session;
+  SSL *ssl;
+  SSL_CTX *ssl_ctx;
+} GTlsClientConnectionOpensslPrivate;
+
+enum
+{
+  PROP_0,
+  PROP_VALIDATION_FLAGS,
+  PROP_SERVER_IDENTITY,
+  PROP_USE_SSL3,
+  PROP_ACCEPTED_CAS
+};
+
+static void g_tls_client_connection_openssl_initable_interface_init (GInitableIface  *iface);
+
+static void g_tls_client_connection_openssl_client_connection_interface_init (GTlsClientConnectionInterface *iface);
+
+static GInitableIface *g_tls_client_connection_openssl_parent_initable_iface;
+
+G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionOpenssl, g_tls_client_connection_openssl, G_TYPE_TLS_CONNECTION_OPENSSL,
+                         G_ADD_PRIVATE (GTlsClientConnectionOpenssl)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_client_connection_openssl_initable_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
+                                                g_tls_client_connection_openssl_client_connection_interface_init))
+
+static void
+g_tls_client_connection_openssl_finalize (GObject *object)
+{
+  GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+  GTlsClientConnectionOpensslPrivate *priv;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+  g_clear_object (&priv->server_identity);
+  g_clear_pointer (&priv->session_id, g_bytes_unref);
+  g_clear_pointer (&priv->session_data, g_bytes_unref);
+
+  SSL_free (priv->ssl);
+  SSL_CTX_free (priv->ssl_ctx);
+  SSL_SESSION_free (priv->session);
+
+  G_OBJECT_CLASS (g_tls_client_connection_openssl_parent_class)->finalize (object);
+}
+
+static const gchar *
+get_server_identity (GTlsClientConnectionOpenssl *openssl)
+{
+  GTlsClientConnectionOpensslPrivate *priv;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+  if (G_IS_NETWORK_ADDRESS (priv->server_identity))
+    return g_network_address_get_hostname (G_NETWORK_ADDRESS (priv->server_identity));
+  else if (G_IS_NETWORK_SERVICE (priv->server_identity))
+    return g_network_service_get_domain (G_NETWORK_SERVICE (priv->server_identity));
+  else
+    return NULL;
+}
+
+static void
+g_tls_client_connection_openssl_get_property (GObject    *object,
+                                             guint       prop_id,
+                                             GValue     *value,
+                                             GParamSpec *pspec)
+{
+  GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+  GTlsClientConnectionOpensslPrivate *priv;
+  GList *accepted_cas;
+  gint i;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+  switch (prop_id)
+    {
+    case PROP_VALIDATION_FLAGS:
+      g_value_set_flags (value, priv->validation_flags);
+      break;
+
+    case PROP_SERVER_IDENTITY:
+      g_value_set_object (value, priv->server_identity);
+      break;
+
+    case PROP_USE_SSL3:
+      g_value_set_boolean (value, priv->use_ssl3);
+      break;
+
+    case PROP_ACCEPTED_CAS:
+      accepted_cas = NULL;
+      if (priv->ca_list)
+        {
+          for (i = 0; i < sk_X509_NAME_num (priv->ca_list); ++i)
+            {
+              int size;
+
+              size = i2d_X509_NAME (sk_X509_NAME_value (priv->ca_list, i), NULL);
+              if (size > 0)
+                {
+                  unsigned char *ca;
+
+                  ca = g_malloc (size);
+                  size = i2d_X509_NAME (sk_X509_NAME_value (priv->ca_list, i), &ca);
+                  if (size > 0)
+                    accepted_cas = g_list_prepend (accepted_cas, g_byte_array_new_take (
+                                                   ca, size));
+                  else
+                    g_free (ca);
+                }
+            }
+          accepted_cas = g_list_reverse (accepted_cas);
+        }
+      g_value_set_pointer (value, accepted_cas);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_client_connection_openssl_set_property (GObject      *object,
+                                             guint         prop_id,
+                                             const GValue *value,
+                                             GParamSpec   *pspec)
+{
+  GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+  GTlsClientConnectionOpensslPrivate *priv;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+  switch (prop_id)
+    {
+    case PROP_VALIDATION_FLAGS:
+      priv->validation_flags = g_value_get_flags (value);
+      break;
+
+    case PROP_SERVER_IDENTITY:
+      if (priv->server_identity)
+        g_object_unref (priv->server_identity);
+      priv->server_identity = g_value_dup_object (value);
+      break;
+
+    case PROP_USE_SSL3:
+      priv->use_ssl3 = g_value_get_boolean (value);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_client_connection_openssl_constructed (GObject *object)
+{
+  GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
+  GTlsClientConnectionOpensslPrivate *priv;
+  GSocketConnection *base_conn;
+  GSocketAddress *remote_addr;
+  GInetAddress *iaddr;
+  guint port;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (openssl);
+
+  /* Create a TLS session ID. We base it on the IP address since
+   * different hosts serving the same hostname/service will probably
+   * not share the same session cache. We base it on the
+   * server-identity because at least some servers will fail (rather
+   * than just failing to resume the session) if we don't.
+   * (https://bugs.launchpad.net/bugs/823325)
+   */
+  g_object_get (G_OBJECT (openssl), "base-io-stream", &base_conn, NULL);
+  if (G_IS_SOCKET_CONNECTION (base_conn))
+    {
+      remote_addr = g_socket_connection_get_remote_address (base_conn, NULL);
+      if (G_IS_INET_SOCKET_ADDRESS (remote_addr))
+        {
+          GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr);
+          const gchar *server_hostname;
+          gchar *addrstr, *session_id;
+
+          iaddr = g_inet_socket_address_get_address (isaddr);
+          port = g_inet_socket_address_get_port (isaddr);
+
+          addrstr = g_inet_address_to_string (iaddr);
+          server_hostname = get_server_identity (openssl);
+          session_id = g_strdup_printf ("%s/%s/%d", addrstr,
+                                        server_hostname ? server_hostname : "",
+                                        port);
+          priv->session_id = g_bytes_new_take (session_id, strlen (session_id));
+          g_free (addrstr);
+        }
+      g_object_unref (remote_addr);
+    }
+  g_object_unref (base_conn);
+
+  G_OBJECT_CLASS (g_tls_client_connection_openssl_parent_class)->constructed (object);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_client_connection_openssl_handshake (GTlsConnectionBase  *tls,
+                                           GCancellable        *cancellable,
+                                           GError             **error)
+{
+  return G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->
+    handshake (tls, cancellable, error);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_client_connection_openssl_complete_handshake (GTlsConnectionBase  *tls,
+                                                    GError             **error)
+{
+  GTlsConnectionBaseStatus status;
+
+  status = G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->
+    complete_handshake (tls, error);
+
+  return status;
+}
+
+static SSL *
+g_tls_client_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection)
+{
+  GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (connection);
+  GTlsClientConnectionOpensslPrivate *priv;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  return priv->ssl;
+}
+
+static void
+g_tls_client_connection_openssl_class_init (GTlsClientConnectionOpensslClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+  GTlsConnectionOpensslClass *connection_class = G_TLS_CONNECTION_OPENSSL_CLASS (klass);
+
+  gobject_class->finalize     = g_tls_client_connection_openssl_finalize;
+  gobject_class->get_property = g_tls_client_connection_openssl_get_property;
+  gobject_class->set_property = g_tls_client_connection_openssl_set_property;
+  gobject_class->constructed  = g_tls_client_connection_openssl_constructed;
+
+  base_class->handshake          = g_tls_client_connection_openssl_handshake;
+  base_class->complete_handshake = g_tls_client_connection_openssl_complete_handshake;
+
+  connection_class->get_ssl = g_tls_client_connection_openssl_get_ssl;
+
+  g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
+  g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
+  g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3");
+  g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas");
+}
+
+static void
+g_tls_client_connection_openssl_init (GTlsClientConnectionOpenssl *openssl)
+{
+}
+
+
+static void
+g_tls_client_connection_openssl_copy_session_state (GTlsClientConnection *conn,
+                                                    GTlsClientConnection *source)
+{
+}
+
+static void
+g_tls_client_connection_openssl_client_connection_interface_init (GTlsClientConnectionInterface *iface)
+{
+  iface->copy_session_state = g_tls_client_connection_openssl_copy_session_state;
+}
+
+static int data_index = -1;
+
+static int
+retrieve_certificate (SSL       *ssl,
+                      X509     **x509,
+                      EVP_PKEY **pkey)
+{
+  GTlsClientConnectionOpenssl *client;
+  GTlsClientConnectionOpensslPrivate *priv;
+  GTlsConnectionBase *tls;
+  GTlsConnectionOpenssl *openssl;
+  GTlsCertificate *cert;
+  gboolean set_certificate = FALSE;
+
+  client = SSL_get_ex_data (ssl, data_index);
+  tls = G_TLS_CONNECTION_BASE (client);
+  openssl = G_TLS_CONNECTION_OPENSSL (client);
+
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  tls->certificate_requested = TRUE;
+
+  priv->ca_list = SSL_get_client_CA_list (priv->ssl);
+  g_object_notify (G_OBJECT (client), "accepted-cas");
+
+  cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
+  if (cert != NULL)
+    set_certificate = TRUE;
+  else
+    {
+      g_clear_error (&tls->certificate_error);
+      if (g_tls_connection_openssl_request_certificate (openssl, &tls->certificate_error))
+        {
+          cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
+          set_certificate = (cert != NULL);
+        }
+    }
+
+  if (set_certificate)
+    {
+      EVP_PKEY *key;
+
+      key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
+      /* increase ref count */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+      CRYPTO_add (&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#else
+      EVP_PKEY_up_ref (key);
+#endif
+      *pkey = key;
+
+      *x509 = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
+
+      return 1;
+    }
+
+  return 0;
+}
+
+static int
+generate_session_id (SSL           *ssl,
+                     unsigned char *id,
+                     unsigned int  *id_len)
+{
+  GTlsClientConnectionOpenssl *client;
+  GTlsClientConnectionOpensslPrivate *priv;
+  int len;
+
+  client = SSL_get_ex_data (ssl, data_index);
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  len = MIN (*id_len, g_bytes_get_size (priv->session_id));
+  memcpy (id, g_bytes_get_data (priv->session_id, NULL), len);
+
+  return 1;
+}
+
+static gboolean
+set_cipher_list (GTlsClientConnectionOpenssl  *client,
+                 GError                      **error)
+{
+  GTlsClientConnectionOpensslPrivate *priv;
+  const gchar *cipher_list;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
+  if (cipher_list == NULL)
+    cipher_list = DEFAULT_CIPHER_LIST;
+
+  if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS context: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  return TRUE;
+}
+
+#ifdef SSL_CTX_set1_sigalgs_list
+static void
+set_signature_algorithm_list (GTlsClientConnectionOpenssl *client)
+{
+  GTlsClientConnectionOpensslPrivate *priv;
+  const gchar *signature_algorithm_list;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  signature_algorithm_list = g_getenv ("G_TLS_OPENSSL_SIGNATURE_ALGORITHM_LIST");
+  if (signature_algorithm_list == NULL)
+    return;
+
+  SSL_CTX_set1_sigalgs_list (priv->ssl_ctx, signature_algorithm_list);
+}
+#endif
+
+#ifdef SSL_CTX_set1_curves_list
+static void
+set_curve_list (GTlsClientConnectionOpenssl *client)
+{
+  GTlsClientConnectionOpensslPrivate *priv;
+  const gchar *curve_list;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  curve_list = g_getenv ("G_TLS_OPENSSL_CURVE_LIST");
+  if (curve_list == NULL)
+    return;
+
+  SSL_CTX_set1_curves_list (priv->ssl_ctx, curve_list);
+}
+#endif
+
+static gboolean
+use_ocsp (void)
+{
+  return g_getenv ("G_TLS_OPENSSL_OCSP_ENABLED") != NULL;
+}
+
+static gboolean
+g_tls_client_connection_openssl_initable_init (GInitable       *initable,
+                                               GCancellable    *cancellable,
+                                               GError         **error)
+{
+  GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
+  GTlsClientConnectionOpensslPrivate *priv;
+  long options;
+  const char *hostname;
+
+  priv = g_tls_client_connection_openssl_get_instance_private (client);
+
+  priv->session = SSL_SESSION_new ();
+
+  priv->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
+  if (priv->ssl_ctx == NULL)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS context: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  if (!set_cipher_list (client, error))
+    return FALSE;
+
+  /* Only TLS 1.2 or higher */
+  options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_COMPRESSION |
+#ifdef SSL_OP_NO_TLSv1_1
+            SSL_OP_NO_TLSv1_1 |
+#endif
+            SSL_OP_NO_SSLv2 |
+            SSL_OP_NO_SSLv3 |
+            SSL_OP_NO_TLSv1;
+  SSL_CTX_set_options (priv->ssl_ctx, options);
+
+  SSL_CTX_clear_options (priv->ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+
+  hostname = get_server_identity (client);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined (LIBRESSL_VERSION_NUMBER)
+  if (hostname)
+    {
+      X509_VERIFY_PARAM *param;
+
+      param = X509_VERIFY_PARAM_new ();
+      X509_VERIFY_PARAM_set1_host (param, hostname, 0);
+      SSL_CTX_set1_param (priv->ssl_ctx, param);
+      X509_VERIFY_PARAM_free (param);
+    }
+#endif
+
+  SSL_CTX_set_generate_session_id (priv->ssl_ctx, (GEN_SESSION_CB)generate_session_id);
+
+  SSL_CTX_add_session (priv->ssl_ctx, priv->session);
+
+  SSL_CTX_set_client_cert_cb (priv->ssl_ctx, retrieve_certificate);
+
+#ifdef SSL_CTX_set1_sigalgs_list
+  set_signature_algorithm_list (client);
+#endif
+
+#ifdef SSL_CTX_set1_curves_list
+  set_curve_list (client);
+#endif
+
+  priv->ssl = SSL_new (priv->ssl_ctx);
+  if (priv->ssl == NULL)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS connection: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  if (data_index == -1) {
+      data_index = SSL_get_ex_new_index (0, (void *)"gtlsclientconnection", NULL, NULL, NULL);
+  }
+  SSL_set_ex_data (priv->ssl, data_index, client);
+
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+  if (hostname)
+    SSL_set_tlsext_host_name (priv->ssl, hostname);
+#endif
+
+  SSL_set_connect_state (priv->ssl);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+    !defined(OPENSSL_NO_OCSP)
+  if (use_ocsp())
+    SSL_set_tlsext_status_type (priv->ssl, TLSEXT_STATUSTYPE_ocsp);
+#endif
+
+  if (!g_tls_client_connection_openssl_parent_initable_iface->
+      init (initable, cancellable, error))
+    return FALSE;
+
+  return TRUE;
+}
+
+static void
+g_tls_client_connection_openssl_initable_interface_init (GInitableIface  *iface)
+{
+  g_tls_client_connection_openssl_parent_initable_iface = g_type_interface_peek_parent (iface);
+
+  iface->init = g_tls_client_connection_openssl_initable_init;
+}

diff --git a/tls/openssl/gtlsclientconnection-openssl.h b/tls/openssl/gtlsclientconnection-openssl.h
new file mode 100644 (file)
index 0000000..e686fc1
--- /dev/null
+++ b/tls/openssl/gtlsclientconnection-openssl.h
@@ -0,0 +1,56 @@
+/*
+ * gtlsclientconnection-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_CLIENT_CONNECTION_OPENSSL_H__
+#define __G_TLS_CLIENT_CONNECTION_OPENSSL_H__
+
+#include "gtlsconnection-openssl.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL            (g_tls_client_connection_openssl_get_type ())
+#define G_TLS_CLIENT_CONNECTION_OPENSSL(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpenssl))
+#define G_TLS_CLIENT_CONNECTION_OPENSSL_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpensslClass))
+#define G_IS_TLS_CLIENT_CONNECTION_OPENSSL(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL))
+#define G_IS_TLS_CLIENT_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL))
+#define G_TLS_CLIENT_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpensslClass))
+
+typedef struct _GTlsClientConnectionOpensslClass   GTlsClientConnectionOpensslClass;
+typedef struct _GTlsClientConnectionOpenssl        GTlsClientConnectionOpenssl;
+
+struct _GTlsClientConnectionOpensslClass
+{
+  GTlsConnectionOpensslClass parent_class;
+};
+
+struct _GTlsClientConnectionOpenssl
+{
+  GTlsConnectionOpenssl parent_instance;
+};
+
+GType g_tls_client_connection_openssl_get_type (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __G_TLS_CLIENT_CONNECTION_OPENSSL_H___ */

diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
new file mode 100644 (file)
index 0000000..c6df559
--- /dev/null
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -0,0 +1,644 @@
+/*
+ * gtlsconnection-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+
+#include <errno.h>
+#include <stdarg.h>
+#include "openssl-include.h"
+
+#include "gtlsconnection-openssl.h"
+#include "gtlsbackend-openssl.h"
+#include "gtlscertificate-openssl.h"
+#include "gtlsfiledatabase-openssl.h"
+#include "gtlsbio.h"
+
+#include <glib/gi18n-lib.h>
+
+typedef struct _GTlsConnectionOpensslPrivate
+{
+  BIO *bio;
+
+  GTlsCertificate *peer_certificate_tmp;
+  GTlsCertificateFlags peer_certificate_errors_tmp;
+
+  gboolean shutting_down;
+} GTlsConnectionOpensslPrivate;
+
+static void g_tls_connection_openssl_initable_iface_init (GInitableIface *iface);
+
+G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionOpenssl, g_tls_connection_openssl, G_TYPE_TLS_CONNECTION_BASE,
+                                  G_ADD_PRIVATE (GTlsConnectionOpenssl)
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                         g_tls_connection_openssl_initable_iface_init))
+
+static void
+g_tls_connection_openssl_finalize (GObject *object)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (object);
+  GTlsConnectionOpensslPrivate *priv;
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  g_clear_object (&priv->peer_certificate_tmp);
+
+  G_OBJECT_CLASS (g_tls_connection_openssl_parent_class)->finalize (object);
+}
+
+static GTlsConnectionBaseStatus
+end_openssl_io (GTlsConnectionOpenssl  *openssl,
+                GIOCondition           direction,
+                int                    ret,
+                GError               **error,
+                const char            *err_fmt,
+                ...) G_GNUC_PRINTF(5, 6);
+
+static GTlsConnectionBaseStatus
+end_openssl_io (GTlsConnectionOpenssl  *openssl,
+                GIOCondition            direction,
+                int                     ret,
+                GError                **error,
+                const char             *err_fmt,
+                ...)
+{
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (openssl);
+  GTlsConnectionOpensslPrivate *priv;
+  int err_code, err, err_lib, reason;
+  GError *my_error = NULL;
+  GTlsConnectionBaseStatus status;
+  SSL *ssl;
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+  err_code = SSL_get_error (ssl, ret);
+
+  status = g_tls_connection_base_pop_io (tls, direction, ret > 0, &my_error);
+
+  /* NOTE: this is tricky! The tls bio will set to retry if the operation
+   * would block, and we would get an error code with WANT_READ or WANT_WRITE,
+   * though if in that case we try again we would end up in an infinite loop
+   * since we will not let the glib main loop to do its stuff and we would
+   * be getting a would block forever. Instead we need to also check the error
+   * we get from the socket operation to understand whether to try again. See
+   * that we propagate the WOULD_BLOCK error a bit more down.
+   */
+  if ((err_code == SSL_ERROR_WANT_READ ||
+       err_code == SSL_ERROR_WANT_WRITE) &&
+      status != G_TLS_CONNECTION_BASE_WOULD_BLOCK)
+    {
+      if (my_error)
+        g_error_free (my_error);
+      return G_TLS_CONNECTION_BASE_TRY_AGAIN;
+    }
+
+  if (err_code == SSL_ERROR_ZERO_RETURN)
+    return G_TLS_CONNECTION_BASE_OK;
+
+  if (status == G_TLS_CONNECTION_BASE_OK ||
+      status == G_TLS_CONNECTION_BASE_WOULD_BLOCK ||
+      status == G_TLS_CONNECTION_BASE_TIMED_OUT)
+    {
+      if (my_error)
+        g_propagate_error (error, my_error);
+      return status;
+    }
+
+  /* This case is documented that it may happen and that is perfectly fine */
+  if (err_code == SSL_ERROR_SYSCALL && priv->shutting_down && !my_error)
+    return G_TLS_CONNECTION_BASE_OK;
+
+  err = ERR_get_error ();
+  err_lib = ERR_GET_LIB (err);
+  reason = ERR_GET_REASON (err);
+
+  if (tls->handshaking && !tls->ever_handshaked)
+    {
+      if (reason == SSL_R_BAD_PACKET_LENGTH ||
+          reason == SSL_R_UNKNOWN_ALERT_TYPE ||
+          reason == SSL_R_DECRYPTION_FAILED ||
+          reason == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ||
+          reason == SSL_R_BAD_PROTOCOL_VERSION_NUMBER ||
+          reason == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ||
+          reason == SSL_R_UNKNOWN_PROTOCOL)
+        {
+          g_clear_error (&my_error);
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+                               _("Peer failed to perform TLS handshake"));
+          return G_TLS_CONNECTION_BASE_ERROR;
+        }
+    }
+
+#ifdef SSL_R_SHUTDOWN_WHILE_IN_INIT
+  /* XXX: this error happens on ubuntu when shutting down the connection, it
+   * seems to be a bug in a specific version of openssl, so let's handle it
+   * gracefully
+   */
+  if (reason == SSL_R_SHUTDOWN_WHILE_IN_INIT)
+    {
+      g_clear_error (&my_error);
+      return G_TLS_CONNECTION_BASE_OK;
+    }
+#endif
+
+  if (reason == SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
+#ifdef SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED
+      || reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED
+#endif
+     )
+    {
+      g_clear_error (&my_error);
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+                           _("TLS connection peer did not send a certificate"));
+      return status;
+    }
+
+  if (err_lib == ERR_LIB_RSA && reason == RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
+    {
+      g_clear_error (&my_error);
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                           _("Digest too big for RSA key"));
+      return G_TLS_CONNECTION_BASE_ERROR;
+    }
+
+  if (my_error != NULL)
+    g_propagate_error (error, my_error);
+  else
+    /* FIXME: this is just for debug */
+    g_message ("end_openssl_io %s: %d, %d, %d", G_IS_TLS_CLIENT_CONNECTION (openssl) ? "client" : "server", err_code, err_lib, reason);
+
+  if (error && !*error)
+    {
+      va_list ap;
+
+      va_start (ap, err_fmt);
+      *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
+      va_end (ap);
+    }
+
+  return G_TLS_CONNECTION_BASE_ERROR;
+}
+
+#define BEGIN_OPENSSL_IO(openssl, direction, blocking, cancellable)        \
+  g_tls_connection_base_push_io (G_TLS_CONNECTION_BASE (openssl),        \
+                                 direction, blocking, cancellable);        \
+  do {                                                                      \
+    char error_str[256];
+
+#define END_OPENSSL_IO(openssl, direction, ret, status, errmsg, err)        \
+    ERR_error_string_n (SSL_get_error (ssl, ret), error_str, sizeof(error_str)); \
+    status = end_openssl_io (openssl, direction, ret, err, errmsg, error_str); \
+  } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_request_rehandshake (GTlsConnectionBase  *tls,
+                                              GCancellable        *cancellable,
+                                              GError             **error)
+{
+  GTlsConnectionOpenssl *openssl;
+  GTlsConnectionBaseStatus status;
+  SSL *ssl;
+  int ret;
+
+  /* On a client-side connection, SSL_renegotiate() itself will start
+   * a rehandshake, so we only need to do something special here for
+   * server-side connections.
+   */
+  if (!G_IS_TLS_SERVER_CONNECTION (tls))
+    return G_TLS_CONNECTION_BASE_OK;
+
+  openssl = G_TLS_CONNECTION_OPENSSL (tls);
+
+  if (tls->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
+    {
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                           _("Peer requested illegal TLS rehandshake"));
+      return G_TLS_CONNECTION_BASE_ERROR;
+    }
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+  BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
+  ret = SSL_renegotiate (ssl);
+  END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
+                  _("Error performing TLS handshake: %s"), error);
+
+  return status;
+}
+
+static GTlsCertificate *
+get_peer_certificate (GTlsConnectionOpenssl *openssl)
+{
+  X509 *peer;
+  STACK_OF (X509) *certs;
+  GTlsCertificateOpenssl *chain;
+  SSL *ssl;
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+  peer = SSL_get_peer_certificate (ssl);
+  if (peer == NULL)
+    return NULL;
+
+  certs = SSL_get_peer_cert_chain (ssl);
+  if (certs == NULL)
+    {
+      X509_free (peer);
+      return NULL;
+    }
+
+  chain = g_tls_certificate_openssl_build_chain (peer, certs);
+  X509_free (peer);
+  if (!chain)
+    return NULL;
+
+  return G_TLS_CERTIFICATE (chain);
+}
+
+static GTlsCertificateFlags
+verify_ocsp_response (GTlsConnectionOpenssl *openssl,
+                      GTlsDatabase          *database,
+                      GTlsCertificate       *peer_certificate)
+{
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+  !defined(OPENSSL_NO_OCSP)
+  SSL *ssl = NULL;
+  OCSP_RESPONSE *resp = NULL;
+  long len = 0;
+  unsigned char *p = NULL;
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+  len = SSL_get_tlsext_status_ocsp_resp (ssl, &p);
+  /* Soft fail in case of no response is the best we can do */
+  if (p == NULL)
+    return 0;
+
+  resp = d2i_OCSP_RESPONSE (NULL, (const unsigned char **) &p, len);
+  if (resp == NULL)
+    return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+  return g_tls_file_database_openssl_verify_ocsp_response (database,
+                                                           peer_certificate,
+                                                           resp);
+#else
+  return 0;
+#endif
+}
+
+static GTlsCertificateFlags
+verify_peer_certificate (GTlsConnectionOpenssl *openssl,
+                         GTlsCertificate       *peer_certificate)
+{
+  GTlsConnection *conn = G_TLS_CONNECTION (openssl);
+  GSocketConnectable *peer_identity;
+  GTlsDatabase *database;
+  GTlsCertificateFlags errors;
+  gboolean is_client;
+
+  is_client = G_IS_TLS_CLIENT_CONNECTION (openssl);
+  if (is_client)
+    peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (openssl));
+  else
+    peer_identity = NULL;
+
+  errors = 0;
+
+  database = g_tls_connection_get_database (conn);
+  if (database == NULL)
+    {
+      errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
+      errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL);
+    }
+  else
+    {
+      GError *error = NULL;
+
+      errors |= g_tls_database_verify_chain (database, peer_certificate,
+                                             is_client ?
+                                             G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
+                                             G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
+                                             peer_identity,
+                                             g_tls_connection_get_interaction (conn),
+                                             G_TLS_DATABASE_VERIFY_NONE,
+                                             NULL, &error);
+      if (error)
+        {
+          g_warning ("failure verifying certificate chain: %s",
+                     error->message);
+          g_assert (errors != 0);
+          g_clear_error (&error);
+        }
+    }
+
+  if (is_client && (errors == 0))
+    errors = verify_ocsp_response (openssl, database, peer_certificate);
+
+  return errors;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_handshake (GTlsConnectionBase  *tls,
+                                    GCancellable        *cancellable,
+                                    GError             **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionOpensslPrivate *priv;
+  GTlsConnectionBaseStatus status;
+  SSL *ssl;
+  int ret;
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+  BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
+  ret = SSL_do_handshake (ssl);
+  END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
+                  _("Error performing TLS handshake: %s"), error);
+
+  if (ret > 0)
+    {
+      priv->peer_certificate_tmp = get_peer_certificate (openssl);
+      if (priv->peer_certificate_tmp)
+        priv->peer_certificate_errors_tmp = verify_peer_certificate (openssl, priv->peer_certificate_tmp);
+      else if (G_IS_TLS_CLIENT_CONNECTION (openssl))
+        {
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                               _("Server did not return a valid TLS certificate"));
+        }
+    }
+
+  return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_complete_handshake (GTlsConnectionBase  *tls,
+                                             GError             **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionOpensslPrivate *priv;
+  GTlsCertificate *peer_certificate;
+  GTlsCertificateFlags peer_certificate_errors = 0;
+  GTlsConnectionBaseStatus status = G_TLS_CONNECTION_BASE_OK;
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  peer_certificate = priv->peer_certificate_tmp;
+  priv->peer_certificate_tmp = NULL;
+  peer_certificate_errors = priv->peer_certificate_errors_tmp;
+  priv->peer_certificate_errors_tmp = 0;
+
+  if (peer_certificate)
+    {
+      if (!g_tls_connection_base_accept_peer_certificate (tls, peer_certificate,
+                                                          peer_certificate_errors))
+        {
+          g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                               _("Unacceptable TLS certificate"));
+          status = G_TLS_CONNECTION_BASE_ERROR;
+        }
+
+      g_tls_connection_base_set_peer_certificate (G_TLS_CONNECTION_BASE (openssl),
+                                                  peer_certificate,
+                                                  peer_certificate_errors);
+      g_clear_object (&peer_certificate);
+    }
+
+  return status;
+}
+
+static void
+g_tls_connection_openssl_push_io (GTlsConnectionBase *tls,
+                                  GIOCondition        direction,
+                                  gboolean            blocking,
+                                  GCancellable       *cancellable)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionOpensslPrivate *priv;
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->push_io (tls, direction,
+                                                                                blocking, cancellable);
+
+  if (direction & G_IO_IN)
+    {
+      g_tls_bio_set_read_cancellable (priv->bio, cancellable);
+      g_tls_bio_set_read_blocking (priv->bio, blocking);
+      g_clear_error (&tls->read_error);
+      g_tls_bio_set_read_error (priv->bio, &tls->read_error);
+    }
+
+  if (direction & G_IO_OUT)
+    {
+      g_tls_bio_set_write_cancellable (priv->bio, cancellable);
+      g_tls_bio_set_write_blocking (priv->bio, blocking);
+      g_clear_error (&tls->write_error);
+      g_tls_bio_set_write_error (priv->bio, &tls->write_error);
+    }
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_pop_io (GTlsConnectionBase  *tls,
+                                 GIOCondition         direction,
+                                 gboolean             success,
+                                 GError             **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionOpensslPrivate *priv;
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  if (direction & G_IO_IN)
+    g_tls_bio_set_read_cancellable (priv->bio, NULL);
+
+  if (direction & G_IO_OUT)
+    g_tls_bio_set_write_cancellable (priv->bio, NULL);
+
+  return G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->pop_io (tls, direction,
+                                                                                      success, error);
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_read (GTlsConnectionBase    *tls,
+                               void                  *buffer,
+                               gsize                  count,
+                               gboolean               blocking,
+                               gssize                *nread,
+                               GCancellable          *cancellable,
+                               GError               **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionBaseStatus status;
+  SSL *ssl;
+  gssize ret;
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+  BEGIN_OPENSSL_IO (openssl, G_IO_IN, blocking, cancellable);
+  ret = SSL_read (ssl, buffer, count);
+  END_OPENSSL_IO (openssl, G_IO_IN, ret, status,
+                  _("Error reading data from TLS socket: %s"), error);
+
+  if (ret >= 0)
+    *nread = ret;
+  return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_write (GTlsConnectionBase    *tls,
+                                const void            *buffer,
+                                gsize                  count,
+                                gboolean               blocking,
+                                gssize                *nwrote,
+                                GCancellable          *cancellable,
+                                GError               **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionBaseStatus status;
+  SSL *ssl;
+  gssize ret;
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+  BEGIN_OPENSSL_IO (openssl, G_IO_OUT, blocking, cancellable);
+  ret = SSL_write (ssl, buffer, count);
+  END_OPENSSL_IO (openssl, G_IO_OUT, ret, status,
+                  _("Error writing data to TLS socket: %s"), error);
+
+  if (ret >= 0)
+    *nwrote = ret;
+  return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_close (GTlsConnectionBase  *tls,
+                                GCancellable        *cancellable,
+                                GError             **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+  GTlsConnectionOpensslPrivate *priv;
+  GTlsConnectionBaseStatus status;
+  SSL *ssl;
+  int ret;
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  priv->shutting_down = TRUE;
+
+  BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
+  ret = SSL_shutdown (ssl);
+  END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
+                  _("Error performing TLS close: %s"), error);
+
+  return status;
+}
+
+static void
+g_tls_connection_openssl_class_init (GTlsConnectionOpensslClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+
+  gobject_class->finalize     = g_tls_connection_openssl_finalize;
+
+  base_class->request_rehandshake = g_tls_connection_openssl_request_rehandshake;
+  base_class->handshake           = g_tls_connection_openssl_handshake;
+  base_class->complete_handshake  = g_tls_connection_openssl_complete_handshake;
+  base_class->push_io             = g_tls_connection_openssl_push_io;
+  base_class->pop_io              = g_tls_connection_openssl_pop_io;
+  base_class->read_fn             = g_tls_connection_openssl_read;
+  base_class->write_fn            = g_tls_connection_openssl_write;
+  base_class->close_fn            = g_tls_connection_openssl_close;
+}
+
+static gboolean
+g_tls_connection_openssl_initable_init (GInitable     *initable,
+                                        GCancellable  *cancellable,
+                                        GError       **error)
+{
+  GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (initable);
+  GTlsConnectionOpensslPrivate *priv;
+  GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (initable);
+  SSL *ssl;
+
+  g_return_val_if_fail (tls->base_istream != NULL &&
+                        tls->base_ostream != NULL, FALSE);
+
+  priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+  ssl = g_tls_connection_openssl_get_ssl (openssl);
+  g_assert (ssl != NULL);
+
+  priv->bio = g_tls_bio_new (tls->base_io_stream);
+
+  SSL_set_bio (ssl, priv->bio, priv->bio);
+
+  return TRUE;
+}
+
+static void
+g_tls_connection_openssl_initable_iface_init (GInitableIface *iface)
+{
+  iface->init = g_tls_connection_openssl_initable_init;
+}
+
+static void
+g_tls_connection_openssl_init (GTlsConnectionOpenssl *openssl)
+{
+}
+
+SSL *
+g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *openssl)
+{
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), NULL);
+
+  return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl (openssl);
+}
+
+gboolean
+g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl  *openssl,
+                                              GError                **error)
+{
+  GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+  GTlsInteraction *interaction;
+  GTlsConnection *conn;
+  GTlsConnectionBase *tls;
+
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), FALSE);
+
+  conn = G_TLS_CONNECTION (openssl);
+  tls = G_TLS_CONNECTION_BASE (openssl);
+
+  interaction = g_tls_connection_get_interaction (conn);
+  if (!interaction)
+    return FALSE;
+
+  res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
+                                                     tls->read_cancellable, error);
+  return res != G_TLS_INTERACTION_FAILED;
+}

diff --git a/tls/openssl/gtlsconnection-openssl.h b/tls/openssl/gtlsconnection-openssl.h
new file mode 100644 (file)
index 0000000..99eff47
--- /dev/null
+++ b/tls/openssl/gtlsconnection-openssl.h
@@ -0,0 +1,66 @@
+/*
+ * gtlsconnection-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_CONNECTION_OPENSSL_H__
+#define __G_TLS_CONNECTION_OPENSSL_H__
+
+#include <gio/gio.h>
+
+#include "gtlsconnection-base.h"
+#include "openssl-include.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_CONNECTION_OPENSSL            (g_tls_connection_openssl_get_type ())
+#define G_TLS_CONNECTION_OPENSSL(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpenssl))
+#define G_TLS_CONNECTION_OPENSSL_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpensslClass))
+#define G_IS_TLS_CONNECTION_OPENSSL(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CONNECTION_OPENSSL))
+#define G_IS_TLS_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CONNECTION_OPENSSL))
+#define G_TLS_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpensslClass))
+
+typedef struct _GTlsConnectionOpensslClass GTlsConnectionOpensslClass;
+typedef struct _GTlsConnectionOpenssl      GTlsConnectionOpenssl;
+
+struct _GTlsConnectionOpensslClass
+{
+  GTlsConnectionBaseClass parent_class;
+
+  SSL *(*get_ssl) (GTlsConnectionOpenssl *connection);
+};
+
+struct _GTlsConnectionOpenssl
+{
+  GTlsConnectionBase parent_instance;
+};
+
+GType g_tls_connection_openssl_get_type (void) G_GNUC_CONST;
+
+SSL *g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection);
+
+gboolean g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl  *openssl,
+                                                       GError                **error);
+
+G_END_DECLS
+
+#endif /* __G_TLS_CONNECTION_OPENSSL_H___ */

diff --git a/tls/openssl/gtlsdatabase-openssl.c b/tls/openssl/gtlsdatabase-openssl.c
new file mode 100644 (file)
index 0000000..93461a2
--- /dev/null
+++ b/tls/openssl/gtlsdatabase-openssl.c
@@ -0,0 +1,39 @@
+/*
+ * gtlsdatabase-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include "gtlsdatabase-openssl.h"
+
+G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseOpenssl, g_tls_database_openssl, G_TYPE_TLS_DATABASE)
+
+static void
+g_tls_database_openssl_class_init (GTlsDatabaseOpensslClass *klass)
+{
+}
+
+static void
+g_tls_database_openssl_init (GTlsDatabaseOpenssl *openssl)
+{
+}

diff --git a/tls/openssl/gtlsdatabase-openssl.h b/tls/openssl/gtlsdatabase-openssl.h
new file mode 100644 (file)
index 0000000..fd31352
--- /dev/null
+++ b/tls/openssl/gtlsdatabase-openssl.h
@@ -0,0 +1,63 @@
+/*
+ * gtlsdatabase-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_DATABASE_OPENSSL_H__
+#define __G_TLS_DATABASE_OPENSSL_H__
+
+#include <gio/gio.h>
+
+#include "gtlscertificate-openssl.h"
+
+G_BEGIN_DECLS
+
+typedef enum {
+  G_TLS_DATABASE_OPENSSL_PINNED_CERTIFICATE = 1,
+  G_TLS_DATABASE_OPENSSL_ANCHORED_CERTIFICATE = 2,
+} GTlsDatabaseOpensslAssertion;
+
+#define G_TYPE_TLS_DATABASE_OPENSSL            (g_tls_database_openssl_get_type ())
+#define G_TLS_DATABASE_OPENSSL(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpenssl))
+#define G_TLS_DATABASE_OPENSSL_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpensslClass))
+#define G_IS_TLS_DATABASE_OPENSSL(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_DATABASE_OPENSSL))
+#define G_IS_TLS_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_DATABASE_OPENSSL))
+#define G_TLS_DATABASE_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpensslClass))
+
+typedef struct _GTlsDatabaseOpensslClass GTlsDatabaseOpensslClass;
+typedef struct _GTlsDatabaseOpenssl      GTlsDatabaseOpenssl;
+
+struct _GTlsDatabaseOpensslClass
+{
+  GTlsDatabaseClass parent_class;
+};
+
+struct _GTlsDatabaseOpenssl
+{
+  GTlsDatabase parent_instance;
+};
+
+GType          g_tls_database_openssl_get_type              (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __G_TLS_DATABASE_OPENSSL_H___ */

diff --git a/tls/openssl/gtlsfiledatabase-openssl.c b/tls/openssl/gtlsfiledatabase-openssl.c
new file mode 100644 (file)
index 0000000..e45a619
--- /dev/null
+++ b/tls/openssl/gtlsfiledatabase-openssl.c
@@ -0,0 +1,852 @@
+/*
+ * gtlsfiledatabase-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include "gtlsfiledatabase-openssl.h"
+
+#include <gio/gio.h>
+#include <glib/gi18n-lib.h>
+#include "openssl-include.h"
+
+typedef struct _GTlsFileDatabaseOpensslPrivate
+{
+  /* read-only after construct */
+  gchar *anchor_filename;
+  STACK_OF(X509) *trusted;
+
+  /* protected by mutex */
+  GMutex mutex;
+
+  /*
+   * These are hash tables of gulong -> GPtrArray<GBytes>. The values of
+   * the ptr array are full DER encoded certificate values. The keys are byte
+   * arrays containing either subject DNs, issuer DNs, or full DER encoded certs
+   */
+  GHashTable *subjects;
+  GHashTable *issuers;
+
+  /*
+   * This is a table of GBytes -> GBytes. The values and keys are
+   * DER encoded certificate values.
+   */
+  GHashTable *complete;
+
+  /*
+   * This is a table of gchar * -> GTlsCertificate.
+   */
+  GHashTable *certs_by_handle;
+} GTlsFileDatabaseOpensslPrivate;
+
+enum {
+  STATUS_FAILURE,
+  STATUS_INCOMPLETE,
+  STATUS_SELFSIGNED,
+  STATUS_PINNED,
+  STATUS_ANCHORED,
+};
+
+enum
+{
+  PROP_0,
+  PROP_ANCHORS,
+};
+
+static void g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface);
+
+static void g_tls_file_database_openssl_initable_interface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseOpenssl, g_tls_file_database_openssl, G_TYPE_TLS_DATABASE_OPENSSL,
+                         G_ADD_PRIVATE (GTlsFileDatabaseOpenssl)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
+                                                g_tls_file_database_openssl_file_database_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_file_database_openssl_initable_interface_init))
+
+static GHashTable *
+bytes_multi_table_new (void)
+{
+  return g_hash_table_new_full (g_int_hash, g_int_equal,
+                                (GDestroyNotify)g_free,
+                                (GDestroyNotify)g_ptr_array_unref);
+}
+
+static void
+bytes_multi_table_insert (GHashTable *table,
+                          gulong      key,
+                          GBytes     *value)
+{
+  GPtrArray *multi;
+
+  multi = g_hash_table_lookup (table, &key);
+  if (multi == NULL)
+    {
+      int *key_ptr;
+
+      key_ptr = g_new (int, 1);
+      *key_ptr = (int)key;
+      multi = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
+      g_hash_table_insert (table, key_ptr, multi);
+    }
+  g_ptr_array_add (multi, g_bytes_ref (value));
+}
+
+static GBytes *
+bytes_multi_table_lookup_ref_one (GHashTable *table,
+                                  gulong      key)
+{
+  GPtrArray *multi;
+
+  multi = g_hash_table_lookup (table, &key);
+  if (multi == NULL)
+    return NULL;
+
+  g_assert (multi->len > 0);
+  return g_bytes_ref (multi->pdata[0]);
+}
+
+static GList *
+bytes_multi_table_lookup_ref_all (GHashTable *table,
+                                  gulong      key)
+{
+  GPtrArray *multi;
+  GList *list = NULL;
+  guint i;
+
+  multi = g_hash_table_lookup (table, &key);
+  if (multi == NULL)
+    return NULL;
+
+  for (i = 0; i < multi->len; i++)
+    list = g_list_prepend (list, g_bytes_ref (multi->pdata[i]));
+
+  return g_list_reverse (list);
+}
+
+static gchar *
+create_handle_for_certificate (const gchar *filename,
+                               GBytes      *der)
+{
+  gchar *bookmark;
+  gchar *uri_part;
+  gchar *uri;
+
+  /*
+   * Here we create a URI that looks like:
+   * file:///etc/ssl/certs/ca-certificates.crt#11b2641821252596420e468c275771f5e51022c121a17bd7a89a2f37b6336c8f
+   */
+
+  uri_part = g_filename_to_uri (filename, NULL, NULL);
+  if (!uri_part)
+    return NULL;
+
+  bookmark = g_compute_checksum_for_bytes (G_CHECKSUM_SHA256, der);
+  uri = g_strconcat (uri_part, "#", bookmark, NULL);
+
+  g_free (bookmark);
+  g_free (uri_part);
+
+  return uri;
+}
+
+static gboolean
+load_anchor_file (GTlsFileDatabaseOpenssl  *file_database,
+                  const gchar              *filename,
+                  GHashTable               *subjects,
+                  GHashTable               *issuers,
+                  GHashTable               *complete,
+                  GHashTable               *certs_by_handle,
+                  GError                  **error)
+{
+  GTlsFileDatabaseOpensslPrivate *priv;
+  GList *list;
+  GList *l;
+  GBytes *der;
+  gchar *handle;
+  GError *my_error = NULL;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  list = g_tls_certificate_list_new_from_file (filename, &my_error);
+  if (my_error)
+    {
+      g_propagate_error (error, my_error);
+      return FALSE;
+    }
+
+  for (l = list; l; l = l->next)
+    {
+      X509 *x;
+      unsigned long subject;
+      unsigned long issuer;
+
+      x = g_tls_certificate_openssl_get_cert (l->data);
+      subject = X509_subject_name_hash (x);
+      issuer = X509_issuer_name_hash (x);
+
+      der = g_tls_certificate_openssl_get_bytes (l->data);
+      g_return_val_if_fail (der != NULL, FALSE);
+
+      g_hash_table_insert (complete, g_bytes_ref (der),
+                           g_bytes_ref (der));
+
+      bytes_multi_table_insert (subjects, subject, der);
+      bytes_multi_table_insert (issuers, issuer, der);
+
+      handle = create_handle_for_certificate (priv->anchor_filename, der);
+      g_hash_table_insert (certs_by_handle, handle, g_object_ref (l->data));
+
+      g_bytes_unref (der);
+
+      g_object_unref (l->data);
+    }
+  g_list_free (list);
+
+  return TRUE;
+}
+
+static void
+g_tls_file_database_openssl_finalize (GObject *object)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
+  GTlsFileDatabaseOpensslPrivate *priv;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  g_clear_pointer (&priv->subjects, g_hash_table_destroy);
+  g_clear_pointer (&priv->issuers, g_hash_table_destroy);
+  g_clear_pointer (&priv->complete, g_hash_table_destroy);
+  g_clear_pointer (&priv->certs_by_handle, g_hash_table_destroy);
+
+  g_free (priv->anchor_filename);
+  priv->anchor_filename = NULL;
+
+  if (priv->trusted != NULL)
+    sk_X509_pop_free (priv->trusted, X509_free);
+
+  g_mutex_clear (&priv->mutex);
+
+  G_OBJECT_CLASS (g_tls_file_database_openssl_parent_class)->finalize (object);
+}
+
+static void
+g_tls_file_database_openssl_get_property (GObject    *object,
+                                          guint       prop_id,
+                                          GValue     *value,
+                                          GParamSpec *pspec)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
+  GTlsFileDatabaseOpensslPrivate *priv;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  switch (prop_id)
+    {
+    case PROP_ANCHORS:
+      g_value_set_string (value, priv->anchor_filename);
+      break;
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static STACK_OF(X509) *
+load_certs (const gchar *file_name)
+{
+  BIO *bio;
+  STACK_OF(X509) *certs;
+  STACK_OF(X509_INFO) *xis = NULL;
+  gint i;
+
+  if (file_name == NULL)
+    return NULL;
+
+  bio = BIO_new_file (file_name, "rb");
+  if (bio == NULL)
+    return NULL;
+
+  xis = PEM_X509_INFO_read_bio (bio, NULL, NULL, NULL);
+
+  BIO_free (bio);
+
+  certs = sk_X509_new_null ();
+  if (certs == NULL)
+    goto end;
+
+  for (i = 0; i < sk_X509_INFO_num (xis); i++)
+    {
+      X509_INFO *xi;
+
+      xi = sk_X509_INFO_value (xis, i);
+      if (xi->x509 != NULL)
+        {
+          if (!sk_X509_push (certs, xi->x509))
+            goto end;
+          xi->x509 = NULL;
+        }
+    }
+
+end:
+  sk_X509_INFO_pop_free (xis, X509_INFO_free);
+
+  if (sk_X509_num (certs) == 0)
+    {
+      sk_X509_pop_free (certs, X509_free);
+      certs = NULL;
+    }
+
+  return certs;
+}
+
+static void
+g_tls_file_database_openssl_set_property (GObject      *object,
+                                          guint         prop_id,
+                                          const GValue *value,
+                                          GParamSpec   *pspec)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
+  GTlsFileDatabaseOpensslPrivate *priv;
+  const gchar *anchor_path;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  switch (prop_id)
+    {
+    case PROP_ANCHORS:
+      anchor_path = g_value_get_string (value);
+      if (anchor_path && !g_path_is_absolute (anchor_path))
+        {
+          g_warning ("The anchor file name used with a GTlsFileDatabase "
+                     "must be an absolute path, and not relative: %s", anchor_path);
+          return;
+        }
+
+      if (priv->anchor_filename)
+        {
+          g_free (priv->anchor_filename);
+          if (priv->trusted != NULL)
+            sk_X509_pop_free (priv->trusted, X509_free);
+        }
+
+      priv->anchor_filename = g_strdup (anchor_path);
+      priv->trusted = load_certs (anchor_path);
+      break;
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_file_database_openssl_init (GTlsFileDatabaseOpenssl *file_database)
+{
+  GTlsFileDatabaseOpensslPrivate *priv;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  g_mutex_init (&priv->mutex);
+}
+
+static gchar *
+g_tls_file_database_openssl_create_certificate_handle (GTlsDatabase    *database,
+                                                       GTlsCertificate *certificate)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+  GTlsFileDatabaseOpensslPrivate *priv;
+  GBytes *der;
+  gboolean contains;
+  gchar *handle = NULL;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  der = g_tls_certificate_openssl_get_bytes (G_TLS_CERTIFICATE_OPENSSL (certificate));
+  g_return_val_if_fail (der != NULL, FALSE);
+
+  g_mutex_lock (&priv->mutex);
+
+  /* At the same time look up whether this certificate is in list */
+  contains = g_hash_table_lookup (priv->complete, der) ? TRUE : FALSE;
+
+  g_mutex_unlock (&priv->mutex);
+
+  /* Certificate is in the database */
+  if (contains)
+    handle = create_handle_for_certificate (priv->anchor_filename, der);
+
+  g_bytes_unref (der);
+  return handle;
+}
+
+static GTlsCertificate *
+g_tls_file_database_openssl_lookup_certificate_for_handle (GTlsDatabase            *database,
+                                                           const gchar             *handle,
+                                                           GTlsInteraction         *interaction,
+                                                           GTlsDatabaseLookupFlags  flags,
+                                                           GCancellable            *cancellable,
+                                                           GError                 **error)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+  GTlsFileDatabaseOpensslPrivate *priv;
+  GTlsCertificate *cert;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return NULL;
+
+  if (!handle)
+    return NULL;
+
+  g_mutex_lock (&priv->mutex);
+
+  cert = g_hash_table_lookup (priv->certs_by_handle, handle);
+
+  g_mutex_unlock (&priv->mutex);
+
+  return cert ? g_object_ref (cert) : NULL;
+}
+
+static GTlsCertificate *
+g_tls_file_database_openssl_lookup_certificate_issuer (GTlsDatabase             *database,
+                                                       GTlsCertificate          *certificate,
+                                                       GTlsInteraction          *interaction,
+                                                       GTlsDatabaseLookupFlags   flags,
+                                                       GCancellable             *cancellable,
+                                                       GError                  **error)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+  GTlsFileDatabaseOpensslPrivate *priv;
+  X509 *x;
+  unsigned long issuer_hash;
+  GBytes *der;
+  GTlsCertificate *issuer = NULL;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (certificate), NULL);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return NULL;
+
+  if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+    return NULL;
+
+  /* Dig out the issuer of this certificate */
+  x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (certificate));
+  issuer_hash = X509_issuer_name_hash (x);
+
+  g_mutex_lock (&priv->mutex);
+  der = bytes_multi_table_lookup_ref_one (priv->subjects, issuer_hash);
+  g_mutex_unlock (&priv->mutex);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    issuer = NULL;
+  else if (der != NULL)
+    issuer = g_tls_certificate_openssl_new (der, NULL);
+
+  if (der != NULL)
+    g_bytes_unref (der);
+  return issuer;
+
+  return NULL;
+}
+
+static GList *
+g_tls_file_database_openssl_lookup_certificates_issued_by (GTlsDatabase             *database,
+                                                           GByteArray               *issuer_raw_dn,
+                                                           GTlsInteraction          *interaction,
+                                                           GTlsDatabaseLookupFlags   flags,
+                                                           GCancellable             *cancellable,
+                                                           GError                  **error)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+  GTlsFileDatabaseOpensslPrivate *priv;
+  X509_NAME *x_name;
+  const unsigned char *in;
+  GList *issued = NULL;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return NULL;
+
+  /* We don't have any private keys here */
+  if (flags & G_TLS_DATABASE_LOOKUP_KEYPAIR)
+    return NULL;
+
+  in = issuer_raw_dn->data;
+  x_name = d2i_X509_NAME (NULL, &in, issuer_raw_dn->len);
+  if (x_name != NULL)
+    {
+      unsigned long issuer_hash;
+      GList *ders, *l;
+
+      issuer_hash = X509_NAME_hash (x_name);
+
+      /* Find the full DER value of the certificate */
+      g_mutex_lock (&priv->mutex);
+      ders = bytes_multi_table_lookup_ref_all (priv->issuers, issuer_hash);
+      g_mutex_unlock (&priv->mutex);
+
+      for (l = ders; l != NULL; l = g_list_next (l))
+        {
+          if (g_cancellable_set_error_if_cancelled (cancellable, error))
+            {
+              g_list_free_full (issued, g_object_unref);
+              issued = NULL;
+              break;
+            }
+
+          issued = g_list_prepend (issued, g_tls_certificate_openssl_new (l->data, NULL));
+        }
+
+      g_list_free_full (ders, (GDestroyNotify)g_bytes_unref);
+      X509_NAME_free (x_name);
+    }
+
+  return issued;
+}
+
+static GTlsCertificateFlags
+double_check_before_after_dates (GTlsCertificateOpenssl *chain)
+{
+  GTlsCertificateFlags gtls_flags = 0;
+  X509 *cert;
+
+  while (chain)
+    {
+      ASN1_TIME *not_before;
+      ASN1_TIME *not_after;
+
+      cert = g_tls_certificate_openssl_get_cert (chain);
+      not_before = X509_get_notBefore (cert);
+      not_after = X509_get_notAfter (cert);
+
+      if (X509_cmp_current_time (not_before) > 0)
+        gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
+
+      if (X509_cmp_current_time (not_after) < 0)
+        gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
+
+      chain = G_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_get_issuer
+                                         (G_TLS_CERTIFICATE (chain)));
+    }
+
+  return gtls_flags;
+}
+
+static STACK_OF(X509) *
+convert_certificate_chain_to_openssl (GTlsCertificateOpenssl *chain)
+{
+  GTlsCertificate *cert;
+  STACK_OF(X509) *openssl_chain;
+
+  openssl_chain = sk_X509_new_null ();
+
+  for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert))
+    sk_X509_push (openssl_chain, g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
+
+  return openssl_chain;
+}
+
+static GTlsCertificateFlags
+g_tls_file_database_openssl_verify_chain (GTlsDatabase             *database,
+                                          GTlsCertificate          *chain,
+                                          const gchar              *purpose,
+                                          GSocketConnectable       *identity,
+                                          GTlsInteraction          *interaction,
+                                          GTlsDatabaseVerifyFlags   flags,
+                                          GCancellable             *cancellable,
+                                          GError                  **error)
+{
+  GTlsFileDatabaseOpenssl *file_database;
+  GTlsFileDatabaseOpensslPrivate *priv;
+  STACK_OF(X509) *certs;
+  X509_STORE *store;
+  X509_STORE_CTX *csc;
+  X509 *x;
+  GTlsCertificateFlags result = 0;
+
+  g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (chain),
+                        G_TLS_CERTIFICATE_GENERIC_ERROR);
+
+  file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+  certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
+
+  store = X509_STORE_new ();
+  csc = X509_STORE_CTX_new ();
+
+  x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
+  if (!X509_STORE_CTX_init (csc, store, x, certs))
+    {
+      X509_STORE_CTX_free (csc);
+      X509_STORE_free (store);
+      sk_X509_free (certs);
+      return G_TLS_CERTIFICATE_GENERIC_ERROR;
+    }
+
+  if (priv->trusted)
+    {
+      X509_STORE_CTX_trusted_stack (csc, priv->trusted);
+    }
+
+  if (X509_verify_cert (csc) <= 0)
+    result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
+
+  X509_STORE_CTX_free (csc);
+  X509_STORE_free (store);
+  sk_X509_free (certs);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+  /* We have to check these ourselves since openssl
+   * does not give us flags and UNKNOWN_CA will take priority.
+   */
+  result |= double_check_before_after_dates (G_TLS_CERTIFICATE_OPENSSL (chain));
+
+  if (identity)
+    result |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (chain),
+                                                         identity);
+
+  return result;
+}
+
+static void
+g_tls_file_database_openssl_class_init (GTlsFileDatabaseOpensslClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+
+  gobject_class->get_property = g_tls_file_database_openssl_get_property;
+  gobject_class->set_property = g_tls_file_database_openssl_set_property;
+  gobject_class->finalize     = g_tls_file_database_openssl_finalize;
+
+  database_class->create_certificate_handle = g_tls_file_database_openssl_create_certificate_handle;
+  database_class->lookup_certificate_for_handle = g_tls_file_database_openssl_lookup_certificate_for_handle;
+  database_class->lookup_certificate_issuer = g_tls_file_database_openssl_lookup_certificate_issuer;
+  database_class->lookup_certificates_issued_by = g_tls_file_database_openssl_lookup_certificates_issued_by;
+  database_class->verify_chain = g_tls_file_database_openssl_verify_chain;
+
+  g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
+}
+
+static void
+g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface)
+{
+}
+
+static gboolean
+g_tls_file_database_openssl_initable_init (GInitable    *initable,
+                                           GCancellable *cancellable,
+                                           GError      **error)
+{
+  GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (initable);
+  GTlsFileDatabaseOpensslPrivate *priv;
+  GHashTable *subjects, *issuers, *complete, *certs_by_handle;
+  gboolean result;
+
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    return FALSE;
+
+  subjects = bytes_multi_table_new ();
+  issuers = bytes_multi_table_new ();
+
+  complete = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
+                                    (GDestroyNotify)g_bytes_unref,
+                                    (GDestroyNotify)g_bytes_unref);
+
+  certs_by_handle = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                           (GDestroyNotify)g_free,
+                                           (GDestroyNotify)g_object_unref);
+
+  if (priv->anchor_filename)
+    result = load_anchor_file (file_database,
+                               priv->anchor_filename,
+                               subjects, issuers, complete,
+                               certs_by_handle,
+                               error);
+  else
+    result = TRUE;
+
+  if (g_cancellable_set_error_if_cancelled (cancellable, error))
+    result = FALSE;
+
+  if (result)
+    {
+      g_mutex_lock (&priv->mutex);
+      if (!priv->subjects)
+        {
+          priv->subjects = subjects;
+          subjects = NULL;
+        }
+      if (!priv->issuers)
+        {
+          priv->issuers = issuers;
+          issuers = NULL;
+        }
+      if (!priv->complete)
+        {
+          priv->complete = complete;
+          complete = NULL;
+        }
+      if (!priv->certs_by_handle)
+        {
+          priv->certs_by_handle = certs_by_handle;
+          certs_by_handle = NULL;
+        }
+      g_mutex_unlock (&priv->mutex);
+    }
+
+  if (subjects != NULL)
+    g_hash_table_unref (subjects);
+  if (issuers != NULL)
+    g_hash_table_unref (issuers);
+  if (complete != NULL)
+    g_hash_table_unref (complete);
+  if (certs_by_handle != NULL)
+    g_hash_table_unref (certs_by_handle);
+  return result;
+}
+
+static void
+g_tls_file_database_openssl_initable_interface_init (GInitableIface *iface)
+{
+  iface->init = g_tls_file_database_openssl_initable_init;
+}
+
+GTlsCertificateFlags
+g_tls_file_database_openssl_verify_ocsp_response (GTlsDatabase    *database,
+                                                  GTlsCertificate *chain,
+                                                  OCSP_RESPONSE   *resp)
+{
+  GTlsCertificateFlags errors = 0;
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+  !defined(OPENSSL_NO_OCSP)
+  GTlsFileDatabaseOpenssl *file_database;
+  GTlsFileDatabaseOpensslPrivate *priv;
+  STACK_OF(X509) *chain_openssl = NULL;
+  X509_STORE *store = NULL;
+  OCSP_BASICRESP *basic_resp = NULL;
+  int ocsp_status = 0;
+  int i;
+
+  ocsp_status = OCSP_response_status (resp);
+  if (ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+    {
+      errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+      goto end;
+    }
+
+  basic_resp = OCSP_response_get1_basic (resp);
+  if (basic_resp == NULL)
+    {
+      errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+      goto end;
+    }
+
+  chain_openssl = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
+  file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
+  priv = g_tls_file_database_openssl_get_instance_private (file_database);
+  store = X509_STORE_new ();
+  if ((chain_openssl == NULL) ||
+      (file_database == NULL) ||
+      (priv == NULL) ||
+      (priv->trusted == NULL) ||
+      (store == NULL))
+    {
+      errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+      goto end;
+    }
+
+  for (i = 0; i < sk_X509_num (priv->trusted); i++)
+    {
+      X509_STORE_add_cert (store, sk_X509_value (priv->trusted, i));
+    }
+
+  if (OCSP_basic_verify (basic_resp, chain_openssl, store, 0) <= 0)
+    {
+      errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+      goto end;
+    }
+
+  for (i = 0; i < OCSP_resp_count (basic_resp); i++)
+    {
+      OCSP_SINGLERESP *single_resp = OCSP_resp_get0 (basic_resp, i);
+      ASN1_GENERALIZEDTIME *revocation_time = NULL;
+      ASN1_GENERALIZEDTIME *this_update_time = NULL;
+      ASN1_GENERALIZEDTIME *next_update_time = NULL;
+      int crl_reason = 0;
+      int cert_status = 0;
+
+      if (single_resp == NULL)
+        continue;
+
+      cert_status = OCSP_single_get0_status (single_resp,
+                                             &crl_reason,
+                                             &revocation_time,
+                                             &this_update_time,
+                                             &next_update_time);
+      if (!OCSP_check_validity (this_update_time,
+                                next_update_time,
+                                300L,
+                                -1L))
+        {
+          errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+          goto end;
+        }
+
+      switch (cert_status)
+        {
+        case V_OCSP_CERTSTATUS_GOOD:
+          break;
+        case V_OCSP_CERTSTATUS_REVOKED:
+          errors = G_TLS_CERTIFICATE_REVOKED;
+          goto end;
+        case V_OCSP_CERTSTATUS_UNKNOWN:
+          errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+          goto end;
+        }
+    }
+
+end:
+  if (store != NULL)
+    X509_STORE_free (store);
+
+  if (basic_resp != NULL)
+    OCSP_BASICRESP_free (basic_resp);
+
+  if (resp != NULL)
+    OCSP_RESPONSE_free (resp);
+
+#endif
+  return errors;
+}

diff --git a/tls/openssl/gtlsfiledatabase-openssl.h b/tls/openssl/gtlsfiledatabase-openssl.h
new file mode 100644 (file)
index 0000000..67086db
--- /dev/null
+++ b/tls/openssl/gtlsfiledatabase-openssl.h
@@ -0,0 +1,62 @@
+/*
+ * gtlsfiledatabase-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_FILE_DATABASE_OPENSSL_H__
+#define __G_TLS_FILE_DATABASE_OPENSSL_H__
+
+#include <gio/gio.h>
+
+#include "gtlsdatabase-openssl.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_FILE_DATABASE_OPENSSL            (g_tls_file_database_openssl_get_type ())
+#define G_TLS_FILE_DATABASE_OPENSSL(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpenssl))
+#define G_TLS_FILE_DATABASE_OPENSSL_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpensslClass))
+#define G_IS_TLS_FILE_DATABASE_OPENSSL(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_FILE_DATABASE_OPENSSL))
+#define G_IS_TLS_FILE_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_FILE_DATABASE_OPENSSL))
+#define G_TLS_FILE_DATABASE_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpensslClass))
+
+typedef struct _GTlsFileDatabaseOpensslClass GTlsFileDatabaseOpensslClass;
+typedef struct _GTlsFileDatabaseOpenssl      GTlsFileDatabaseOpenssl;
+
+struct _GTlsFileDatabaseOpensslClass
+{
+  GTlsDatabaseOpensslClass parent_class;
+};
+
+struct _GTlsFileDatabaseOpenssl
+{
+  GTlsDatabaseOpenssl parent_instance;
+};
+
+GType                        g_tls_file_database_openssl_get_type              (void) G_GNUC_CONST;
+
+GTlsCertificateFlags         g_tls_file_database_openssl_verify_ocsp_response  (GTlsDatabase    *database,
+                                                                                GTlsCertificate *chain,
+                                                                                OCSP_RESPONSE   *resp);
+
+G_END_DECLS
+
+#endif /* __G_TLS_FILE_DATABASE_OPENSSL_H___ */

diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
new file mode 100644 (file)
index 0000000..ff7419e
--- /dev/null
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -0,0 +1,451 @@
+/*
+ * gtlsserverconnection-openssl.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+#include "glib.h"
+#include "gtlsserverconnection-openssl.h"
+#include "gtlscertificate-openssl.h"
+
+#include "openssl-include.h"
+#include <glib/gi18n-lib.h>
+
+#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
+
+typedef struct _GTlsServerConnectionOpensslPrivate
+{
+  GTlsAuthenticationMode authentication_mode;
+  SSL_SESSION *session;
+  SSL *ssl;
+  SSL_CTX *ssl_ctx;
+} GTlsServerConnectionOpensslPrivate;
+
+enum
+{
+  PROP_0,
+  PROP_AUTHENTICATION_MODE
+};
+
+static void g_tls_server_connection_openssl_initable_interface_init (GInitableIface  *iface);
+
+static void g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface *iface);
+
+static GInitableIface *g_tls_server_connection_openssl_parent_initable_iface;
+
+G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionOpenssl, g_tls_server_connection_openssl, G_TYPE_TLS_CONNECTION_OPENSSL,
+                         G_ADD_PRIVATE (GTlsServerConnectionOpenssl)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_server_connection_openssl_initable_interface_init)
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION,
+                                                g_tls_server_connection_openssl_server_connection_interface_init))
+
+static void
+g_tls_server_connection_openssl_finalize (GObject *object)
+{
+  GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
+  GTlsServerConnectionOpensslPrivate *priv;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+  SSL_free (priv->ssl);
+  SSL_CTX_free (priv->ssl_ctx);
+  SSL_SESSION_free (priv->session);
+
+  G_OBJECT_CLASS (g_tls_server_connection_openssl_parent_class)->finalize (object);
+}
+
+static gboolean
+ssl_set_certificate (SSL              *ssl,
+                     GTlsCertificate  *cert,
+                     GError          **error)
+{
+  EVP_PKEY *key;
+  X509 *x;
+  GTlsCertificate *issuer;
+
+  key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
+
+  if (key == NULL)
+    {
+      g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                           _("Certificate has no private key"));
+      return FALSE;
+    }
+
+  /* Note, order is important. If a certificate has been set previously,
+   * OpenSSL requires that the new certificate is set _before_ the new
+   * private key is set. */
+  x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert));
+  if (SSL_use_certificate (ssl, x) <= 0)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                   _("There is a problem with the certificate: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  if (SSL_use_PrivateKey (ssl, key) <= 0)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                   _("There is a problem with the certificate private key: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  if (SSL_clear_chain_certs (ssl) == 0)
+    g_warning ("There was a problem clearing the chain certificates: %s",
+               ERR_error_string (ERR_get_error (), NULL));
+
+  /* Add all the issuers to create the full certificate chain */
+  for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
+       issuer != NULL;
+       issuer = g_tls_certificate_get_issuer (issuer))
+    {
+      X509 *issuer_x;
+
+      /* Be careful here and duplicate the certificate since the context
+       * will take the ownership
+       */
+      issuer_x = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (issuer)));
+      if (SSL_add0_chain_cert (ssl, issuer_x) == 0)
+        g_warning ("There was a problem adding the chain certificate: %s",
+                   ERR_error_string (ERR_get_error (), NULL));
+    }
+
+  return TRUE;
+}
+
+static void
+g_tls_server_connection_openssl_get_property (GObject    *object,
+                                              guint       prop_id,
+                                              GValue     *value,
+                                              GParamSpec *pspec)
+{
+  GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
+  GTlsServerConnectionOpensslPrivate *priv;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+  switch (prop_id)
+    {
+    case PROP_AUTHENTICATION_MODE:
+      g_value_set_enum (value, priv->authentication_mode);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static void
+g_tls_server_connection_openssl_set_property (GObject      *object,
+                                              guint         prop_id,
+                                              const GValue *value,
+                                              GParamSpec   *pspec)
+{
+  GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
+  GTlsServerConnectionOpensslPrivate *priv;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+  switch (prop_id)
+    {
+    case PROP_AUTHENTICATION_MODE:
+      priv->authentication_mode = g_value_get_enum (value);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+    }
+}
+
+static int
+verify_callback (int             preverify_ok,
+                 X509_STORE_CTX *ctx)
+{
+  return 1;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_server_connection_openssl_handshake (GTlsConnectionBase  *tls,
+                                           GCancellable        *cancellable,
+                                           GError             **error)
+{
+  GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (tls);
+  GTlsServerConnectionOpensslPrivate *priv;
+  int req_mode = 0;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (openssl);
+
+  switch (priv->authentication_mode)
+    {
+    case G_TLS_AUTHENTICATION_REQUIRED:
+      req_mode = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+    case G_TLS_AUTHENTICATION_REQUESTED:
+      req_mode |= SSL_VERIFY_PEER;
+      break;
+    case G_TLS_AUTHENTICATION_NONE:
+    default:
+      req_mode = SSL_VERIFY_NONE;
+      break;
+    }
+
+  SSL_set_verify (priv->ssl, req_mode, verify_callback);
+  /* FIXME: is this ok? */
+  SSL_set_verify_depth (priv->ssl, 0);
+
+  return G_TLS_CONNECTION_BASE_CLASS (g_tls_server_connection_openssl_parent_class)->
+    handshake (tls, cancellable, error);
+}
+
+static SSL *
+g_tls_server_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection)
+{
+  GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (connection);
+  GTlsServerConnectionOpensslPrivate *priv;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+  return priv->ssl;
+}
+
+static void
+on_certificate_changed (GObject    *object,
+                        GParamSpec *spec,
+                        gpointer    user_data)
+{
+  SSL *ssl;
+  GTlsCertificate *cert;
+
+  ssl = g_tls_server_connection_openssl_get_ssl (G_TLS_CONNECTION_OPENSSL (object));
+  cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (object));
+
+  if (ssl && cert)
+    ssl_set_certificate (ssl, cert, NULL);
+}
+
+static void
+g_tls_server_connection_openssl_class_init (GTlsServerConnectionOpensslClass *klass)
+{
+  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+  GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+  GTlsConnectionOpensslClass *connection_class = G_TLS_CONNECTION_OPENSSL_CLASS (klass);
+
+  gobject_class->finalize = g_tls_server_connection_openssl_finalize;
+  gobject_class->get_property = g_tls_server_connection_openssl_get_property;
+  gobject_class->set_property = g_tls_server_connection_openssl_set_property;
+
+  base_class->handshake = g_tls_server_connection_openssl_handshake;
+
+  connection_class->get_ssl = g_tls_server_connection_openssl_get_ssl;
+
+  g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
+}
+
+static void
+g_tls_server_connection_openssl_init (GTlsServerConnectionOpenssl *openssl)
+{
+}
+
+static void
+g_tls_server_connection_openssl_server_connection_interface_init (GTlsServerConnectionInterface *iface)
+{
+}
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+static void
+ssl_info_callback (const SSL *ssl,
+                   int        type,
+                   int        val)
+{
+  if ((type & SSL_CB_HANDSHAKE_DONE) != 0)
+    {
+      /* Disable renegotiation (CVE-2009-3555) */
+      ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+    }
+}
+#endif
+
+static gboolean
+set_cipher_list (GTlsServerConnectionOpenssl  *server,
+                 GError                      **error)
+{
+  GTlsServerConnectionOpensslPrivate *priv;
+  const gchar *cipher_list;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+  cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
+  if (cipher_list == NULL)
+    cipher_list = DEFAULT_CIPHER_LIST;
+
+  if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS context: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  return TRUE;
+}
+
+#ifdef SSL_CTX_set1_sigalgs_list
+static void
+set_signature_algorithm_list (GTlsServerConnectionOpenssl *server)
+{
+  GTlsServerConnectionOpensslPrivate *priv;
+  const gchar *signature_algorithm_list;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+  signature_algorithm_list = g_getenv ("G_TLS_OPENSSL_SIGNATURE_ALGORITHM_LIST");
+  if (signature_algorithm_list == NULL)
+    return;
+
+  SSL_CTX_set1_sigalgs_list (priv->ssl_ctx, signature_algorithm_list);
+}
+#endif
+
+#ifdef SSL_CTX_set1_curves_list
+static void
+set_curve_list (GTlsServerConnectionOpenssl *server)
+{
+  GTlsServerConnectionOpensslPrivate *priv;
+  const gchar *curve_list;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+  curve_list = g_getenv ("G_TLS_OPENSSL_CURVE_LIST");
+  if (curve_list == NULL)
+    return;
+
+  SSL_CTX_set1_curves_list (priv->ssl_ctx, curve_list);
+}
+#endif
+
+static gboolean
+g_tls_server_connection_openssl_initable_init (GInitable       *initable,
+                                               GCancellable    *cancellable,
+                                               GError         **error)
+{
+  GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (initable);
+  GTlsServerConnectionOpensslPrivate *priv;
+  GTlsCertificate *cert;
+  long options;
+
+  priv = g_tls_server_connection_openssl_get_instance_private (server);
+
+  priv->session = SSL_SESSION_new ();
+
+  priv->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
+  if (priv->ssl_ctx == NULL)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS context: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  if (!set_cipher_list (server, error))
+    return FALSE;
+
+  /* Only TLS 1.2 or higher */
+  options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_COMPRESSION |
+            SSL_OP_CIPHER_SERVER_PREFERENCE |
+            SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
+            SSL_OP_SINGLE_ECDH_USE |
+#ifdef SSL_OP_NO_TLSv1_1
+            SSL_OP_NO_TLSv1_1 |
+#endif
+            SSL_OP_NO_SSLv2 |
+            SSL_OP_NO_SSLv3 |
+            SSL_OP_NO_TLSv1;
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+  options |= SSL_OP_NO_RENEGOTIATION;
+#endif
+
+  SSL_CTX_set_options (priv->ssl_ctx, options);
+
+  SSL_CTX_add_session (priv->ssl_ctx, priv->session);
+
+#ifdef SSL_CTX_set1_sigalgs_list
+  set_signature_algorithm_list (server);
+#endif
+
+#ifdef SSL_CTX_set1_curves_list
+  set_curve_list (server);
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+# ifdef SSL_CTX_set_ecdh_auto
+  SSL_CTX_set_ecdh_auto (priv->ssl_ctx, 1);
+# else
+  {
+    EC_KEY *ecdh;
+
+    ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
+    if (ecdh != NULL)
+      {
+        SSL_CTX_set_tmp_ecdh (priv->ssl_ctx, ecdh);
+        EC_KEY_free (ecdh);
+      }
+  }
+# endif
+
+  SSL_CTX_set_info_callback (priv->ssl_ctx, ssl_info_callback);
+#endif
+
+  priv->ssl = SSL_new (priv->ssl_ctx);
+  if (priv->ssl == NULL)
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS connection: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
+  if (cert != NULL && !ssl_set_certificate (priv->ssl, cert, error))
+    return FALSE;
+
+  SSL_set_accept_state (priv->ssl);
+
+  if (!g_tls_server_connection_openssl_parent_initable_iface->
+      init (initable, cancellable, error))
+    return FALSE;
+
+  g_signal_connect (server, "notify::certificate", G_CALLBACK (on_certificate_changed), NULL);
+
+  return TRUE;
+}
+
+static void
+g_tls_server_connection_openssl_initable_interface_init (GInitableIface  *iface)
+{
+  g_tls_server_connection_openssl_parent_initable_iface = g_type_interface_peek_parent (iface);
+
+  iface->init = g_tls_server_connection_openssl_initable_init;
+}

diff --git a/tls/openssl/gtlsserverconnection-openssl.h b/tls/openssl/gtlsserverconnection-openssl.h
new file mode 100644 (file)
index 0000000..96e0fb7
--- /dev/null
+++ b/tls/openssl/gtlsserverconnection-openssl.h
@@ -0,0 +1,57 @@
+/*
+ * gtlsserverconnection-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#ifndef __G_TLS_SERVER_CONNECTION_OPENSSL_H__
+#define __G_TLS_SERVER_CONNECTION_OPENSSL_H__
+
+#include <gio/gio.h> 
+#include "gtlsconnection-openssl.h"
+
+G_BEGIN_DECLS
+
+#define G_TYPE_TLS_SERVER_CONNECTION_OPENSSL            (g_tls_server_connection_openssl_get_type ())
+#define G_TLS_SERVER_CONNECTION_OPENSSL(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpenssl))
+#define G_TLS_SERVER_CONNECTION_OPENSSL_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpensslClass))
+#define G_IS_TLS_SERVER_CONNECTION_OPENSSL(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL))
+#define G_IS_TLS_SERVER_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL))
+#define G_TLS_SERVER_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpensslClass))
+
+typedef struct _GTlsServerConnectionOpensslClass GTlsServerConnectionOpensslClass;
+typedef struct _GTlsServerConnectionOpenssl      GTlsServerConnectionOpenssl;
+
+struct _GTlsServerConnectionOpensslClass
+{
+  GTlsConnectionOpensslClass parent_class;
+};
+
+struct _GTlsServerConnectionOpenssl
+{
+  GTlsConnectionOpenssl parent_instance;
+};
+
+GType g_tls_server_connection_openssl_get_type (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __G_TLS_SERVER_CONNECTION_OPENSSL_H___ */

diff --git a/tls/openssl/meson.build b/tls/openssl/meson.build
new file mode 100644 (file)
index 0000000..529b44b
--- /dev/null
+++ b/tls/openssl/meson.build
@@ -0,0 +1,47 @@
+sources = files(
+  'openssl-module.c',
+  'gtlsbackend-openssl.c',
+  'gtlscertificate-openssl.c',
+  'gtlsconnection-openssl.c',
+  'gtlsserverconnection-openssl.c',
+  'gtlsclientconnection-openssl.c',
+  'gtlsdatabase-openssl.c',
+  'gtlsfiledatabase-openssl.c',
+  'gtlsbio.c',
+  'openssl-util.c',
+)
+
+incs = [top_inc]
+
+deps = [
+  gio_dep,
+  glib_dep,
+  gmodule_dep,
+  gobject_dep,
+  tlsbase_dep,
+  openssl_dep,
+]
+
+module = shared_module(
+  'gioopenssl',
+  sources: sources,
+  include_directories: incs,
+  dependencies: deps,
+  link_args: module_ldflags,
+  link_depends: symbol_map,
+  name_suffix: module_suffix,
+  install: true,
+  install_dir: gio_module_dir,
+)
+
+if get_option('static_modules')
+  # link_whole is a workaround for a meson bug
+  # https://github.com/mesonbuild/meson/pull/3939
+  static_library('gioopenssl',
+    objects: module.extract_all_objects(),
+    install: true,
+    install_dir: gio_module_dir,
+    link_whole: [tlsbase]
+  )
+  pkg.generate(module)
+endif

diff --git a/tls/openssl/openssl-include.h b/tls/openssl/openssl-include.h
new file mode 100644 (file)
index 0000000..7a6a460
--- /dev/null
+++ b/tls/openssl/openssl-include.h
@@ -0,0 +1,58 @@
+/*
+ * gtlscertificate-openssl.h
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ *          Christoph Reiter
+ */
+
+/* Due to name clashes between Windows and openssl headers we have to
+ * make sure windows.h is included before openssl and that we undef the
+ * clashing macros.
+ */
+
+#ifndef __G_TLS_OPENSSL_INCLUDE_H__
+#define __G_TLS_OPENSSL_INCLUDE_H__
+
+#include "glib.h"
+
+#ifdef G_OS_WIN32
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+/* These are defined by the Windows headers, but clash with openssl */
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
+
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/crypto.h>
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
+#include <openssl/ocsp.h>
+#endif
+
+#endif /* __G_TLS_OPENSSL_INCLUDE_H__ */

diff --git a/tls/openssl/openssl-module.c b/tls/openssl/openssl-module.c
new file mode 100644 (file)
index 0000000..3b6c84c
--- /dev/null
+++ b/tls/openssl/openssl-module.c
@@ -0,0 +1,65 @@
+/*
+ * gtlsbio.c
+ *
+ * Copyright (C) 2015 NICE s.r.l.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Authors: Ignacio Casal Quinteiro
+ */
+
+#include "config.h"
+
+#include <glib/gi18n-lib.h>
+#include <gio/gio.h>
+
+#include "gtlsbackend-openssl.h"
+
+
+G_MODULE_EXPORT void
+g_io_openssl_load (GIOModule *module)
+{
+  gchar *locale_dir;
+#ifdef G_OS_WIN32
+  gchar *base_dir;
+#endif
+
+  g_tls_backend_openssl_register (module);
+
+#ifdef G_OS_WIN32
+  base_dir = g_win32_get_package_installation_directory_of_module (NULL);
+  locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
+  g_free (base_dir);
+#else
+  locale_dir = g_strdup (LOCALE_DIR);
+#endif
+
+  bindtextdomain (GETTEXT_PACKAGE, locale_dir);
+  bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+  g_free (locale_dir);
+}
+
+G_MODULE_EXPORT void
+g_io_openssl_unload (GIOModule *module)
+{
+}
+
+G_MODULE_EXPORT gchar **
+g_io_openssl_query (void)
+{
+  return g_strsplit (G_TLS_BACKEND_EXTENSION_POINT_NAME, "!", -1);
+}

diff --git a/tls/openssl/openssl-util.c b/tls/openssl/openssl-util.c
new file mode 100644 (file)
index 0000000..42df15c
--- /dev/null
+++ b/tls/openssl/openssl-util.c
@@ -0,0 +1,490 @@
+/* v3_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ */
+/* X509 v3 extension utilities */
+
+/* NOTE: this has been copied from openssl */
+
+#include "openssl-util.h"
+#include <string.h>
+#ifndef _MSC_VER
+#include <strings.h>
+#endif
+#include "openssl-include.h"
+
+#ifdef _MSC_VER
+#define strncasecmp _strnicmp
+#endif
+
+typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
+                         const unsigned char *subject, size_t subject_len,
+                         unsigned int flags);
+
+
+/* Skip pattern prefix to match "wildcard" subject */
+static void skip_prefix(const unsigned char **p, size_t *plen,
+                        const unsigned char *subject, size_t subject_len,
+                        unsigned int flags)
+{
+    const unsigned char *pattern = *p;
+    size_t pattern_len = *plen;
+
+    /*
+     * If subject starts with a leading '.' followed by more octets, and
+     * pattern is longer, compare just an equal-length suffix with the
+     * full subject (starting at the '.'), provided the prefix contains
+     * no NULs.
+     */
+    if ((flags & _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
+        return;
+
+    while (pattern_len > subject_len && *pattern) {
+        if ((flags & G_TLS_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
+            *pattern == '.')
+            break;
+        ++pattern;
+        --pattern_len;
+    }
+
+    /* Skip if entire prefix acceptable */
+    if (pattern_len == subject_len) {
+        *p = pattern;
+        *plen = pattern_len;
+    }
+}
+
+/* Compare while ASCII ignoring case. */
+static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
+                        const unsigned char *subject, size_t subject_len,
+                        unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    while (pattern_len) {
+        unsigned char l = *pattern;
+        unsigned char r = *subject;
+        /* The pattern must not contain NUL characters. */
+        if (l == 0)
+            return 0;
+        if (l != r) {
+            if ('A' <= l && l <= 'Z')
+                l = (l - 'A') + 'a';
+            if ('A' <= r && r <= 'Z')
+                r = (r - 'A') + 'a';
+            if (l != r)
+                return 0;
+        }
+        ++pattern;
+        ++subject;
+        --pattern_len;
+    }
+    return 1;
+}
+
+/* Compare using memcmp. */
+static int equal_case(const unsigned char *pattern, size_t pattern_len,
+                      const unsigned char *subject, size_t subject_len,
+                      unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    return !memcmp(pattern, subject, pattern_len);
+}
+
+/*
+ * RFC 5280, section 7.5, requires that only the domain is compared in a
+ * case-insensitive manner.
+ */
+static int equal_email(const unsigned char *a, size_t a_len,
+                       const unsigned char *b, size_t b_len,
+                       unsigned int unused_flags)
+{
+    size_t i = a_len;
+    if (a_len != b_len)
+        return 0;
+    /*
+     * We search backwards for the '@' character, so that we do not have to
+     * deal with quoted local-parts.  The domain part is compared in a
+     * case-insensitive manner.
+     */
+    while (i > 0) {
+        --i;
+        if (a[i] == '@' || b[i] == '@') {
+            if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
+                return 0;
+            break;
+        }
+    }
+    if (i == 0)
+        i = a_len;
+    return equal_case(a, i, b, i, 0);
+}
+
+/*
+ * Compare an ASN1_STRING to a supplied string. If they match return 1. If
+ * cmp_type > 0 only compare if string matches the type, otherwise convert it
+ * to UTF8.
+ */
+
+static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
+                           unsigned int flags, const char *b, size_t blen,
+                           char **peername)
+{
+    int rv = 0;
+
+    if (!a->data || !a->length)
+        return 0;
+    if (cmp_type > 0) {
+        if (cmp_type != a->type)
+            return 0;
+        if (cmp_type == V_ASN1_IA5STRING)
+            rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
+        else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+            rv = 1;
+        if (rv > 0 && peername)
+            *peername = BUF_strndup((char *)a->data, a->length);
+    } else {
+        int astrlen;
+        unsigned char *astr;
+        astrlen = ASN1_STRING_to_UTF8(&astr, a);
+        if (astrlen < 0) {
+            /*
+             * -1 could be an internal malloc failure or a decoding error from
+             * malformed input; we can't distinguish.
+             */
+            return -1;
+        }
+        rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
+        if (rv > 0 && peername)
+            *peername = BUF_strndup((char *)astr, astrlen);
+        OPENSSL_free(astr);
+    }
+    return rv;
+}
+
+/*
+ * Compare the prefix and suffix with the subject, and check that the
+ * characters in-between are valid.
+ */
+static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
+                          const unsigned char *suffix, size_t suffix_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *wildcard_start;
+    const unsigned char *wildcard_end;
+    const unsigned char *p;
+    int allow_multi = 0;
+    int allow_idna = 0;
+
+    if (subject_len < prefix_len + suffix_len)
+        return 0;
+    if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
+        return 0;
+    wildcard_start = subject + prefix_len;
+    wildcard_end = subject + (subject_len - suffix_len);
+    if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
+        return 0;
+    /*
+     * If the wildcard makes up the entire first label, it must match at
+     * least one character.
+     */
+    if (prefix_len == 0 && *suffix == '.') {
+        if (wildcard_start == wildcard_end)
+            return 0;
+        allow_idna = 1;
+        if (flags & G_TLS_X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
+            allow_multi = 1;
+    }
+    /* IDNA labels cannot match partial wildcards */
+    if (!allow_idna &&
+        subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
+        return 0;
+    /* The wildcard may match a literal '*' */
+    if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
+        return 1;
+    /*
+     * Check that the part matched by the wildcard contains only
+     * permitted characters and only matches a single label unless
+     * allow_multi is set.
+     */
+    for (p = wildcard_start; p != wildcard_end; ++p)
+        if (!(('0' <= *p && *p <= '9') ||
+              ('A' <= *p && *p <= 'Z') ||
+              ('a' <= *p && *p <= 'z') ||
+              *p == '-' || (allow_multi && *p == '.')))
+            return 0;
+    return 1;
+}
+
+#define LABEL_START     (1 << 0)
+#define LABEL_END       (1 << 1)
+#define LABEL_HYPHEN    (1 << 2)
+#define LABEL_IDNA      (1 << 3)
+
+static const unsigned char *valid_star(const unsigned char *p, size_t len,
+                                       unsigned int flags)
+{
+    const unsigned char *star = 0;
+    size_t i;
+    int state = LABEL_START;
+    int dots = 0;
+    for (i = 0; i < len; ++i) {
+        /*
+         * Locate first and only legal wildcard, either at the start
+         * or end of a non-IDNA first and not final label.
+         */
+        if (p[i] == '*') {
+            int atstart = (state & LABEL_START);
+            int atend = (i == len - 1 || p[i + 1] == '.');
+            /*-
+             * At most one wildcard per pattern.
+             * No wildcards in IDNA labels.
+             * No wildcards after the first label.
+             */
+            if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
+                return NULL;
+            /* Only full-label '*.example.com' wildcards? */
+            if ((flags & G_TLS_X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
+                && (!atstart || !atend))
+                return NULL;
+            /* No 'foo*bar' wildcards */
+            if (!atstart && !atend)
+                return NULL;
+            star = &p[i];
+            state &= ~LABEL_START;
+        } else if (('a' <= p[i] && p[i] <= 'z')
+                   || ('A' <= p[i] && p[i] <= 'Z')
+                   || ('0' <= p[i] && p[i] <= '9')) {
+            if ((state & LABEL_START) != 0
+                && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
+                state |= LABEL_IDNA;
+            state &= ~(LABEL_HYPHEN | LABEL_START);
+        } else if (p[i] == '.') {
+            if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
+                return NULL;
+            state = LABEL_START;
+            ++dots;
+        } else if (p[i] == '-') {
+            if ((state & LABEL_HYPHEN) != 0)
+                return NULL;
+            state |= LABEL_HYPHEN;
+        } else
+            return NULL;
+    }
+
+    /*
+     * The final label must not end in a hyphen or ".", and
+     * there must be at least two dots after the star.
+     */
+    if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
+        return NULL;
+    return star;
+}
+
+/* Compare using wildcards. */
+static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *star = NULL;
+
+    /*
+     * Subject names starting with '.' can only match a wildcard pattern
+     * via a subject sub-domain pattern suffix match.
+     */
+    if (!(subject_len > 1 && subject[0] == '.'))
+        star = valid_star(pattern, pattern_len, flags);
+    if (star == NULL)
+        return equal_nocase(pattern, pattern_len,
+                            subject, subject_len, flags);
+    return wildcard_match(pattern, star - pattern,
+                          star + 1, (pattern + pattern_len) - star - 1,
+                          subject, subject_len, flags);
+}
+
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
+                         unsigned int flags, int check_type, char **peername)
+{
+    GENERAL_NAMES *gens = NULL;
+    X509_NAME *name = NULL;
+    int i;
+    int cnid;
+    int alt_type;
+    int san_present = 0;
+    int rv = 0;
+    equal_fn equal;
+
+    /* See below, this flag is internal-only */
+    flags &= ~_G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+    if (check_type == GEN_EMAIL) {
+        cnid = NID_pkcs9_emailAddress;
+        alt_type = V_ASN1_IA5STRING;
+        equal = equal_email;
+    } else if (check_type == GEN_DNS) {
+        cnid = NID_commonName;
+        /* Implicit client-side DNS sub-domain pattern */
+        if (chklen > 1 && chk[0] == '.')
+            flags |= _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+        alt_type = V_ASN1_IA5STRING;
+        if (flags & G_TLS_X509_CHECK_FLAG_NO_WILDCARDS)
+            equal = equal_nocase;
+        else
+            equal = equal_wildcard;
+    } else {
+        cnid = 0;
+        alt_type = V_ASN1_OCTET_STRING;
+        equal = equal_case;
+    }
+
+    if (chklen == 0)
+        chklen = strlen(chk);
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    if (gens) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            GENERAL_NAME *gen;
+            ASN1_STRING *cstr;
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type != check_type)
+                continue;
+            san_present = 1;
+            if (check_type == GEN_EMAIL)
+                cstr = gen->d.rfc822Name;
+            else if (check_type == GEN_DNS)
+                cstr = gen->d.dNSName;
+            else
+                cstr = gen->d.iPAddress;
+            /* Positive on success, negative on error! */
+            if ((rv = do_check_string(cstr, alt_type, equal, flags,
+                                      chk, chklen, peername)) != 0)
+                break;
+        }
+        GENERAL_NAMES_free(gens);
+        if (rv != 0)
+            return rv;
+        if (!cnid
+            || (san_present
+                && !(flags & G_TLS_X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
+            return 0;
+    }
+    i = -1;
+    name = X509_get_subject_name(x);
+    while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
+        X509_NAME_ENTRY *ne;
+        ASN1_STRING *str;
+        ne = X509_NAME_get_entry(name, i);
+        str = X509_NAME_ENTRY_get_data(ne);
+        /* Positive on success, negative on error! */
+        if ((rv = do_check_string(str, -1, equal, flags,
+                                  chk, chklen, peername)) != 0)
+            return rv;
+    }
+    return 0;
+}
+
+int g_tls_X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen(chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
+}
+
+int g_tls_X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen((char *)chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
+}
+
+int g_tls_X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
+}

diff --git a/tls/openssl/openssl-util.h b/tls/openssl/openssl-util.h
new file mode 100644 (file)
index 0000000..10618cc
--- /dev/null
+++ b/tls/openssl/openssl-util.h
@@ -0,0 +1,99 @@
+/* v3_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ */
+/* X509 v3 extension utilities */
+
+#ifndef __G_TLS_OPENSSL_UTIL_H__
+#define __G_TLS_OPENSSL_UTIL_H__
+
+#include "openssl-include.h"
+
+/*
+ * Always check subject name for host match even if subject alt names present
+ */
+# define G_TLS_X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT    0x1
+/* Disable wildcard matching for dnsName fields and common name. */
+# define G_TLS_X509_CHECK_FLAG_NO_WILDCARDS    0x2
+/* Wildcards must not match a partial label. */
+# define G_TLS_X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
+/* Allow (non-partial) wildcards to match multiple labels. */
+# define G_TLS_X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
+/* Constraint verifier subdomain patterns to match a single labels. */
+# define G_TLS_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/*
+ * Match reference identifiers starting with "." to any sub-domain.
+ * This is a non-public flag, turned on implicitly when the subject
+ * reference identity is a DNS name.
+ */
+# define _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
+
+int g_tls_X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername);
+
+int g_tls_X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags);
+
+int g_tls_X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags);
+
+#endif /* __G_TLS_OPENSSL_UTIL_H__ */
+
+

diff --git a/tls/pkcs11/Makefile.am b/tls/pkcs11/Makefile.am
deleted file mode 100644 (file)
index 036207c..0000000
--- a/tls/pkcs11/Makefile.am
+++ /dev/null
@@ -1,24 +0,0 @@
-include $(top_srcdir)/glib-networking.mk
-
-noinst_LTLIBRARIES += \
-       libgiopkcs11.la
-
-libgiopkcs11_la_SOURCES =                      \
-       gpkcs11array.c                          \
-       gpkcs11array.h                          \
-       gpkcs11pin.c                            \
-       gpkcs11pin.h                            \
-       gpkcs11slot.c                           \
-       gpkcs11slot.h                           \
-       gpkcs11util.c                           \
-       gpkcs11util.h                           \
-       pkcs11-trust-assertions.h               \
-       $(NULL)
-
-libgiopkcs11_la_LIBADD =                       \
-       $(GLIB_LIBS)                            \
-       $(NULL)
-
-AM_CPPFLAGS +=                                 \
-       $(PKCS11_CFLAGS)                        \
-       -DG_DISABLE_DEPRECATED

diff --git a/tls/pkcs11/gpkcs11array.c b/tls/pkcs11/gpkcs11array.c
deleted file mode 100644 (file)
index f46399c..0000000
--- a/tls/pkcs11/gpkcs11array.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/* GIO - Small GLib wrapper of PKCS#11 for use in GTls
- *
- * Copyright 2011 Collabora, Ltd
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "gpkcs11array.h"
-
-#include <string.h>
-
-G_DEFINE_BOXED_TYPE (GPkcs11Array, g_pkcs11_array, g_pkcs11_array_ref, g_pkcs11_array_unref);
-
-typedef struct _GRealPkcs11Array
-{
-  CK_ATTRIBUTE *attrs;
-  CK_ULONG len;
-  volatile gint ref_count;
-} GRealPkcs11Array;
-
-GPkcs11Array*
-g_pkcs11_array_new (void)
-{
-  GRealPkcs11Array *array = g_slice_new (GRealPkcs11Array);
-
-  array->attrs = NULL;
-  array->len = 0;
-  array->ref_count = 1;
-
-  return (GPkcs11Array*) array;
-}
-
-void
-g_pkcs11_array_add (GPkcs11Array *array,
-                    CK_ATTRIBUTE *attr)
-{
-  GRealPkcs11Array *rarray = (GRealPkcs11Array*)array;
-
-  g_return_if_fail (array);
-  g_return_if_fail (attr);
-  g_return_if_fail (attr->ulValueLen != (CK_ATTRIBUTE_TYPE)-1 || !attr->pValue);
-  g_return_if_fail (attr->pValue || !attr->ulValueLen);
-
-  rarray->attrs = g_renew (CK_ATTRIBUTE, rarray->attrs, rarray->len + 1);
-  memcpy (rarray->attrs + rarray->len, attr, sizeof (CK_ATTRIBUTE));
-  if (attr->pValue)
-    rarray->attrs[rarray->len].pValue = g_memdup (attr->pValue, attr->ulValueLen);
-  rarray->len++;
-}
-
-void
-g_pkcs11_array_add_value (GPkcs11Array      *array,
-                          CK_ATTRIBUTE_TYPE  type,
-                          gconstpointer      value,
-                          gssize              length)
-{
-  CK_ATTRIBUTE attr;
-
-  g_return_if_fail (array);
-
-  if (length < 0)
-    length = strlen (value);
-
-  attr.type = type;
-  attr.pValue = (gpointer)value;
-  attr.ulValueLen = length;
-  g_pkcs11_array_add (array, &attr);
-}
-
-void
-g_pkcs11_array_add_boolean (GPkcs11Array      *array,
-                            CK_ATTRIBUTE_TYPE  attr_type,
-                            gboolean           value)
-{
-  CK_ATTRIBUTE attr;
-  CK_BBOOL bval;
-
-  g_return_if_fail (array);
-
-  bval = value ? CK_TRUE : CK_FALSE;
-  attr.type = attr_type;
-  attr.pValue = &bval;
-  attr.ulValueLen = sizeof (bval);
-  g_pkcs11_array_add (array, &attr);
-}
-
-void
-g_pkcs11_array_add_ulong (GPkcs11Array      *array,
-                          CK_ATTRIBUTE_TYPE  type,
-                          gulong             value)
-{
-  CK_ATTRIBUTE attr;
-  CK_ULONG uval;
-
-  g_return_if_fail (array);
-
-  uval = value;
-  attr.type = type;
-  attr.pValue = &uval;
-  attr.ulValueLen = sizeof (uval);
-  g_pkcs11_array_add (array, &attr);
-}
-
-void
-g_pkcs11_array_set (GPkcs11Array *array,
-                    CK_ATTRIBUTE *attr)
-{
-  CK_ATTRIBUTE *previous;
-
-  g_return_if_fail (array);
-  g_return_if_fail (attr);
-  g_return_if_fail (attr->ulValueLen != (CK_ATTRIBUTE_TYPE)-1 || !attr->pValue);
-  g_return_if_fail (attr->pValue || !attr->ulValueLen);
-
-  previous = (CK_ATTRIBUTE*)g_pkcs11_array_find (array, attr->type);
-  if (previous == NULL)
-    {
-      g_pkcs11_array_add (array, attr);
-    }
-  else
-    {
-      g_free (previous->pValue);
-      previous->pValue = g_memdup (attr->pValue, attr->ulValueLen);
-      previous->ulValueLen = attr->ulValueLen;
-    }
-}
-
-void
-g_pkcs11_array_set_value (GPkcs11Array      *array,
-                          CK_ATTRIBUTE_TYPE  type,
-                          gconstpointer      value,
-                          gssize              length)
-{
-  CK_ATTRIBUTE attr;
-
-  g_return_if_fail (array);
-
-  if (length < 0)
-    length = strlen (value);
-
-  attr.type = type;
-  attr.pValue = (gpointer)value;
-  attr.ulValueLen = length;
-  g_pkcs11_array_set (array, &attr);
-}
-
-void
-g_pkcs11_array_set_boolean (GPkcs11Array      *array,
-                            CK_ATTRIBUTE_TYPE  attr_type,
-                            gboolean           value)
-{
-  CK_ATTRIBUTE attr;
-  CK_BBOOL bval;
-
-  g_return_if_fail (array);
-
-  bval = value ? CK_TRUE : CK_FALSE;
-  attr.type = attr_type;
-  attr.pValue = &bval;
-  attr.ulValueLen = sizeof (bval);
-  g_pkcs11_array_set (array, &attr);
-}
-
-void
-g_pkcs11_array_set_ulong (GPkcs11Array      *array,
-                          CK_ATTRIBUTE_TYPE  type,
-                          gulong             value)
-{
-  CK_ATTRIBUTE attr;
-  CK_ULONG uval;
-
-  g_return_if_fail (array);
-
-  uval = value;
-  attr.type = type;
-  attr.pValue = &uval;
-  attr.ulValueLen = sizeof (uval);
-  g_pkcs11_array_set (array, &attr);
-}
-
-
-const CK_ATTRIBUTE*
-g_pkcs11_array_find (GPkcs11Array         *array,
-                     CK_ATTRIBUTE_TYPE     type)
-{
-    const CK_ATTRIBUTE* attr;
-    guint i;
-
-    g_return_val_if_fail (array, NULL);
-
-    for (i = 0; i < array->count; ++i)
-      {
-        attr = &g_pkcs11_array_index (array, i);
-        if (attr->type == type)
-          return attr;
-      }
-
-    return NULL;
-}
-
-gboolean
-g_pkcs11_array_find_boolean (GPkcs11Array         *array,
-                             CK_ATTRIBUTE_TYPE     type,
-                             gboolean             *value)
-{
-  const CK_ATTRIBUTE* attr;
-
-  g_return_val_if_fail (array, FALSE);
-  g_return_val_if_fail (value, FALSE);
-
-  attr = g_pkcs11_array_find (array, type);
-  if (!attr || !attr->pValue || attr->ulValueLen != sizeof (CK_BBOOL))
-    return FALSE;
-  *value = *((CK_BBOOL*)attr->pValue) ? TRUE : FALSE;
-  return TRUE;
-}
-
-gboolean
-g_pkcs11_array_find_ulong (GPkcs11Array         *array,
-                           CK_ATTRIBUTE_TYPE     type,
-                           gulong               *value)
-{
-  const CK_ATTRIBUTE* attr;
-
-  g_return_val_if_fail (array, FALSE);
-  g_return_val_if_fail (value, FALSE);
-
-  attr = g_pkcs11_array_find (array, type);
-  if (!attr || !attr->pValue || attr->ulValueLen != sizeof (CK_ULONG))
-    return FALSE;
-  *value = *((CK_ULONG*)attr->pValue);
-  return TRUE;
-}
-
-GPkcs11Array*
-g_pkcs11_array_ref (GPkcs11Array *array)
-{
-  GRealPkcs11Array *rarray = (GRealPkcs11Array*) array;
-
-  g_return_val_if_fail (array, NULL);
-  g_return_val_if_fail (g_atomic_int_get (&rarray->ref_count) > 0, array);
-  g_atomic_int_inc (&rarray->ref_count);
-  return array;
-}
-
-void
-g_pkcs11_array_unref (GPkcs11Array *array)
-{
-  GRealPkcs11Array *rarray = (GRealPkcs11Array*) array;
-  CK_ULONG i;
-
-  g_return_if_fail (array);
-  g_return_if_fail (g_atomic_int_get (&rarray->ref_count) > 0);
-  if (g_atomic_int_dec_and_test (&rarray->ref_count))
-    {
-      for (i = 0; i < rarray->len; ++i)
-        g_free (rarray->attrs[i].pValue);
-      g_free (rarray->attrs);
-      g_slice_free1 (sizeof (GRealPkcs11Array), array);
-    }
-}

diff --git a/tls/pkcs11/gpkcs11array.h b/tls/pkcs11/gpkcs11array.h
deleted file mode 100644 (file)
index 38ee1e1..0000000
--- a/tls/pkcs11/gpkcs11array.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/* GIO - Small GLib wrapper of PKCS#11 for use in GTls
- *
- * Copyright 2011 Collabora, Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __G_PKCS11_ARRAY_H__
-#define __G_PKCS11_ARRAY_H__
-
-#include <glib.h>
-#include <glib-object.h>
-
-#include <p11-kit/pkcs11.h>
-
-#include <p11-kit/uri.h>
-
-G_BEGIN_DECLS
-
-typedef struct _GPkcs11Array       GPkcs11Array;
-
-struct _GPkcs11Array
-{
-  CK_ATTRIBUTE *attrs;
-  CK_ULONG      count;
-};
-
-#define             G_TYPE_PKCS11_ARRAY                     (g_pkcs11_array_get_type ())
-
-GType               g_pkcs11_array_get_type                 (void) G_GNUC_CONST;
-
-GPkcs11Array*       g_pkcs11_array_new                      (void);
-
-#define             g_pkcs11_array_index(array,index_)      ((array)->attrs)[index_]
-
-void                g_pkcs11_array_add                      (GPkcs11Array        *array,
-                                                             CK_ATTRIBUTE        *attr);
-
-void                g_pkcs11_array_add_value                (GPkcs11Array        *array,
-                                                             CK_ATTRIBUTE_TYPE    type,
-                                                             gconstpointer        value,
-                                                             gssize               length);
-
-void                g_pkcs11_array_add_boolean              (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type,
-                                                             gboolean              value);
-
-void                g_pkcs11_array_add_ulong                (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type,
-                                                             gulong                value);
-
-void                g_pkcs11_array_set                      (GPkcs11Array        *array,
-                                                             CK_ATTRIBUTE        *attr);
-
-void                g_pkcs11_array_set_value                (GPkcs11Array        *array,
-                                                             CK_ATTRIBUTE_TYPE    type,
-                                                             gconstpointer        value,
-                                                             gssize               length);
-
-void                g_pkcs11_array_set_boolean              (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type,
-                                                             gboolean              value);
-
-void                g_pkcs11_array_set_ulong                (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type,
-                                                             gulong                value);
-
-const CK_ATTRIBUTE* g_pkcs11_array_find                     (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type);
-
-const CK_ATTRIBUTE* g_pkcs11_array_find_valid               (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type);
-
-gboolean            g_pkcs11_array_find_boolean             (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type,
-                                                             gboolean             *value);
-
-gboolean            g_pkcs11_array_find_ulong               (GPkcs11Array         *array,
-                                                             CK_ATTRIBUTE_TYPE     type,
-                                                             gulong               *value);
-
-GPkcs11Array*       g_pkcs11_array_ref                      (GPkcs11Array         *array);
-
-void                g_pkcs11_array_unref                    (GPkcs11Array         *array);
-
-G_END_DECLS
-
-#endif /* __G_PKCS11_ARRAY_H___ */

diff --git a/tls/pkcs11/gpkcs11pin.c b/tls/pkcs11/gpkcs11pin.c
deleted file mode 100644 (file)
index 856b73c..0000000
--- a/tls/pkcs11/gpkcs11pin.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright © 2011 Collabora Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include <string.h>
-
-#include "gpkcs11pin.h"
-#include <glib/gi18n-lib.h>
-
-enum
-{
-  PROP_0,
-
-  PROP_FLAGS,
-  PROP_DESCRIPTION
-};
-
-G_DEFINE_TYPE (GPkcs11Pin, g_pkcs11_pin, G_TYPE_TLS_PASSWORD);
-
-struct _GPkcs11PinPrivate
-{
-  P11KitPin *pin;
-};
-
-static void
-g_pkcs11_pin_init (GPkcs11Pin *self)
-{
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_PKCS11_PIN,
-                                            GPkcs11PinPrivate);
-}
-
-static void
-g_pkcs11_pin_finalize (GObject *object)
-{
-  GPkcs11Pin *self = G_PKCS11_PIN (object);
-
-  if (self->priv->pin)
-    p11_kit_pin_unref (self->priv->pin);
-
-  G_OBJECT_CLASS (g_pkcs11_pin_parent_class)->finalize (object);
-}
-
-static const guchar *
-g_pkcs11_pin_get_value (GTlsPassword  *password,
-                        gsize         *length)
-{
-  GPkcs11Pin *self = G_PKCS11_PIN (password);
-
-  if (!self->priv->pin)
-    {
-      if (length)
-        *length = 0;
-      return NULL;
-    }
-
-  return p11_kit_pin_get_value (self->priv->pin, length);
-}
-
-static void
-g_pkcs11_pin_set_value (GTlsPassword  *password,
-                        guchar        *value,
-                        gssize         length,
-                        GDestroyNotify destroy)
-{
-  GPkcs11Pin *self = G_PKCS11_PIN (password);
-
-  if (self->priv->pin)
-    {
-      p11_kit_pin_unref (self->priv->pin);
-      self->priv->pin = NULL;
-    }
-
-  if (length < 0)
-    length = strlen ((gchar *) value);
-
-  self->priv->pin = p11_kit_pin_new_for_buffer (value, length, destroy);
-}
-
-static const gchar *
-g_pkcs11_pin_get_default_warning (GTlsPassword  *password)
-{
-  GTlsPasswordFlags flags;
-
-  flags = g_tls_password_get_flags (password);
-
-  if (flags & G_TLS_PASSWORD_FINAL_TRY)
-    return _("This is the last chance to enter the PIN correctly before the token is locked.");
-  if (flags & G_TLS_PASSWORD_MANY_TRIES)
-    return _("Several PIN attempts have been incorrect, and the token will be locked after further failures.");
-  if (flags & G_TLS_PASSWORD_RETRY)
-    return _("The PIN entered is incorrect.");
-
-  return NULL;
-}
-
-
-static void
-g_pkcs11_pin_class_init (GPkcs11PinClass *klass)
-{
-  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-  GTlsPasswordClass *password_class = G_TLS_PASSWORD_CLASS (klass);
-
-  password_class->get_value = g_pkcs11_pin_get_value;
-  password_class->set_value = g_pkcs11_pin_set_value;
-  password_class->get_default_warning = g_pkcs11_pin_get_default_warning;
-
-  gobject_class->finalize     = g_pkcs11_pin_finalize;
-
-  g_type_class_add_private (klass, sizeof (GPkcs11PinPrivate));
-}
-
-GTlsPassword *
-g_pkcs11_pin_new (GTlsPasswordFlags  flags,
-                  const gchar       *description)
-{
-  GPkcs11Pin *self;
-
-  self = g_object_new (G_TYPE_PKCS11_PIN,
-                       "flags", flags,
-                       "description", description,
-                       NULL);
-
-  return G_TLS_PASSWORD (self);
-}
-
-
-P11KitPin *
-g_pkcs11_pin_steal_internal (GPkcs11Pin  *self)
-{
-  P11KitPin *pin;
-
-  g_return_val_if_fail (G_IS_PKCS11_PIN (self), NULL);
-
-  pin = self->priv->pin;
-  self->priv->pin = NULL;
-  return pin;
-}

diff --git a/tls/pkcs11/gpkcs11pin.h b/tls/pkcs11/gpkcs11pin.h
deleted file mode 100644 (file)
index 7208837..0000000
--- a/tls/pkcs11/gpkcs11pin.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* GIO - GLib Pin, Output and Pkcs11ing Library
- *
- * Copyright © 2011 Collabora Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __G_PKCS11_PIN_H__
-#define __G_PKCS11_PIN_H__
-
-#include <gio/gio.h>
-#include <p11-kit/pin.h>
-
-G_BEGIN_DECLS
-
-#define G_TYPE_PKCS11_PIN            (g_pkcs11_pin_get_type ())
-#define G_PKCS11_PIN(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_PKCS11_PIN, GPkcs11Pin))
-#define G_PKCS11_PIN_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_PKCS11_PIN, GPkcs11PinClass))
-#define G_IS_PKCS11_PIN(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_PKCS11_PIN))
-#define G_IS_PKCS11_PIN_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_PKCS11_PIN))
-#define G_PKCS11_PIN_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_PKCS11_PIN, GPkcs11PinClass))
-
-typedef struct _GPkcs11PinPrivate                   GPkcs11PinPrivate;
-typedef struct _GPkcs11PinClass                     GPkcs11PinClass;
-typedef struct _GPkcs11Pin                          GPkcs11Pin;
-
-struct _GPkcs11PinClass
-{
-  GTlsPasswordClass parent_class;
-};
-
-struct _GPkcs11Pin
-{
-  GTlsPassword parent_instance;
-  GPkcs11PinPrivate *priv;
-};
-
-GType                   g_pkcs11_pin_get_type        (void) G_GNUC_CONST;
-
-GTlsPassword *          g_pkcs11_pin_new             (GTlsPasswordFlags  flags,
-                                                      const gchar       *description);
-
-P11KitPin *             g_pkcs11_pin_steal_internal  (GPkcs11Pin  *self);
-
-G_END_DECLS
-
-#endif /* __G_PKCS11_PIN_H___ */

diff --git a/tls/pkcs11/gpkcs11slot.c b/tls/pkcs11/gpkcs11slot.c
deleted file mode 100644 (file)
index ff9e88a..0000000
--- a/tls/pkcs11/gpkcs11slot.c
+++ /dev/null
@@ -1,620 +0,0 @@
-/* GIO - Small GLib wrapper of PKCS#11 for use in GTls
- *
- * Copyright 2011 Collabora, Ltd
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "gpkcs11slot.h"
-
-#include "gpkcs11array.h"
-#include "gpkcs11pin.h"
-#include "gpkcs11util.h"
-
-#include <glib/gi18n.h>
-
-#include <p11-kit/p11-kit.h>
-#include <p11-kit/pin.h>
-
-#include <stdlib.h>
-
-enum {
-  PROP_0,
-  PROP_MODULE,
-  PROP_SLOT_ID
-};
-
-struct _GPkcs11SlotPrivate
-{
-  /* read-only after construct */
-  CK_FUNCTION_LIST_PTR module;
-  CK_SLOT_ID slot_id;
-
-  /* protected by mutex */
-  GMutex mutex;
-  CK_SESSION_HANDLE last_session;
-};
-
-G_DEFINE_TYPE (GPkcs11Slot, g_pkcs11_slot, G_TYPE_OBJECT);
-
-static gboolean
-check_if_session_logged_in (GPkcs11Slot        *self,
-                            CK_SESSION_HANDLE   session)
-{
-  CK_SESSION_INFO session_info;
-  CK_RV rv;
-
-  rv = (self->priv->module->C_GetSessionInfo) (session, &session_info);
-  if (rv != CKR_OK)
-    return FALSE;
-
-  /* Already logged in */
-  if (session_info.state == CKS_RO_USER_FUNCTIONS ||
-      session_info.state == CKS_RW_USER_FUNCTIONS)
-    return TRUE;
-
-  return FALSE;
-}
-
-static gboolean
-session_login_protected_auth_path (GPkcs11Slot       *self,
-                                   CK_SESSION_HANDLE  session,
-                                   GError           **error)
-{
-  CK_RV rv;
-
-  rv = (self->priv->module->C_Login) (session, CKU_USER, NULL, 0);
-  if (rv == CKR_USER_ALREADY_LOGGED_IN)
-    rv = CKR_OK;
-  if (g_pkcs11_propagate_error (error, rv))
-    return FALSE;
-  return TRUE;
-}
-
-static gboolean
-session_login_with_pin (GPkcs11Slot          *self,
-                        GTlsInteraction      *interaction,
-                        CK_SESSION_HANDLE     session,
-                        CK_TOKEN_INFO        *token_info,
-                        GTlsPasswordFlags     flags,
-                        GCancellable         *cancellable,
-                        GError              **error)
-{
-  GTlsInteractionResult result = G_TLS_INTERACTION_UNHANDLED;
-  GTlsPassword *password = NULL;
-  const guchar *value;
-  gsize length;
-  CK_RV rv;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return FALSE;
-
-  else if (interaction != NULL)
-    {
-      gchar *description = p11_kit_space_strdup (token_info->label,
-                                                 sizeof (token_info->label));
-      password = g_tls_password_new (flags, description);
-      free (description);
-
-      result = g_tls_interaction_ask_password (interaction, password, cancellable, error);
-    }
-
-  switch (result)
-    {
-    case G_TLS_INTERACTION_UNHANDLED:
-      g_clear_object (&password);
-      g_message ("no pin is available to log in, or the user cancelled pin entry");
-      return TRUE;
-    case G_TLS_INTERACTION_FAILED:
-      g_clear_object (&password);
-      return FALSE;
-    case G_TLS_INTERACTION_HANDLED:
-      break;
-    }
-
-  g_assert (interaction != NULL && password != NULL);
-  value = g_tls_password_get_value (password, &length);
-  rv = (self->priv->module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)value, length);
-  g_object_unref (password);
-
-  if (rv == CKR_USER_ALREADY_LOGGED_IN)
-    rv = CKR_OK;
-  if (g_pkcs11_propagate_error (error, rv))
-    return FALSE;
-  return TRUE;
-}
-
-static gboolean
-session_login_if_necessary (GPkcs11Slot        *self,
-                            GTlsInteraction    *interaction,
-                            CK_SESSION_HANDLE   session,
-                            GCancellable       *cancellable,
-                            GError            **error)
-{
-  CK_TOKEN_INFO token_info;
-  GTlsPasswordFlags flags = 0;
-  GError *err = NULL;
-  CK_RV rv;
-
-  for (;;)
-    {
-      if (g_cancellable_set_error_if_cancelled (cancellable, error))
-        return FALSE;
-
-      /* Do we actually need to login? */
-      if (check_if_session_logged_in (self, session))
-        return TRUE;
-
-      /* Get the token information, this can change between login attempts */
-      rv = (self->priv->module->C_GetTokenInfo) (self->priv->slot_id, &token_info);
-      if (g_pkcs11_propagate_error (error, rv))
-        return FALSE;
-
-      if (!(token_info.flags & CKF_LOGIN_REQUIRED))
-        return TRUE;
-
-      /* Login is not initialized on token, don't try to login */
-      if (!(token_info.flags & CKF_USER_PIN_INITIALIZED))
-        return TRUE;
-
-      /* Protected auth path, only call login once, and let token prompt user */
-      if (token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
-        return session_login_protected_auth_path (self, session, error);
-
-      /* Normal authentication path, ask p11-kit to call any callbacks */
-      else
-        {
-
-          if (token_info.flags & CKF_SO_PIN_COUNT_LOW)
-            flags |= G_TLS_PASSWORD_MANY_TRIES;
-          if (token_info.flags & CKF_SO_PIN_FINAL_TRY)
-            flags |= G_TLS_PASSWORD_FINAL_TRY;
-
-          if (session_login_with_pin (self, interaction, session, &token_info,
-                                      flags, cancellable, &err))
-            return TRUE;
-
-          /* User cancelled, don't try to log in */
-          if (err == NULL)
-            return TRUE;
-
-          if (!g_error_matches (err, G_PKCS11_ERROR, CKR_PIN_INCORRECT))
-            {
-              g_propagate_error (error, err);
-              return FALSE;
-            }
-
-          /* Try again */
-          g_clear_error (&err);
-          flags |= G_TLS_PASSWORD_RETRY;
-        }
-    }
-}
-
-static CK_SESSION_HANDLE
-session_checkout_or_open (GPkcs11Slot     *self,
-                          GTlsInteraction *interaction,
-                          gboolean         login,
-                          GCancellable    *cancellable,
-                          GError         **error)
-{
-  CK_SESSION_HANDLE session = 0;
-  CK_RV rv;
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    return 0;
-
-  g_mutex_lock (&self->priv->mutex);
-
-  if (self->priv->last_session)
-    {
-      session = self->priv->last_session;
-      self->priv->last_session = 0;
-    }
-
-  g_mutex_unlock (&self->priv->mutex);
-
-  if (!session)
-    {
-      rv = (self->priv->module->C_OpenSession) (self->priv->slot_id, CKF_SERIAL_SESSION,
-                                                NULL, NULL, &session);
-      if (g_pkcs11_propagate_error (error, rv))
-        return 0;
-    }
-
-  if (login)
-    {
-      if (!session_login_if_necessary (self, interaction, session, cancellable, error))
-        {
-          (self->priv->module->C_CloseSession) (session);
-          return 0;
-        }
-    }
-
-  return session;
-}
-
-static void
-session_close (GPkcs11Slot       *self,
-               CK_SESSION_HANDLE   session)
-{
-  CK_RV rv;
-
-  g_assert (session != 0);
-
-  rv = (self->priv->module->C_CloseSession) (session);
-  if (rv != CKR_OK)
-    g_warning ("couldn't close pkcs11 session: %s",
-               p11_kit_strerror (rv));
-}
-
-static void
-session_checkin_or_close (GPkcs11Slot      *self,
-                          CK_SESSION_HANDLE  session)
-{
-  g_assert (session != 0);
-
-  g_mutex_lock (&self->priv->mutex);
-
-  if (self->priv->last_session == 0)
-    {
-      self->priv->last_session = session;
-      session = 0;
-    }
-
-  g_mutex_unlock (&self->priv->mutex);
-
-  if (session != 0)
-    session_close (self, session);
-}
-
-static GPkcs11Array*
-retrieve_object_attributes (GPkcs11Slot              *self,
-                            CK_SESSION_HANDLE         session,
-                            CK_OBJECT_HANDLE          object,
-                            const CK_ATTRIBUTE_TYPE  *attr_types,
-                            guint                     attr_types_length,
-                            GError                  **error)
-{
-  GPkcs11Array *result;
-  CK_ATTRIBUTE_PTR attr;
-  CK_ATTRIBUTE blank;
-  CK_RV rv;
-  guint i;
-
-  result = g_pkcs11_array_new ();
-  memset (&blank, 0, sizeof (blank));
-  for (i = 0; i < attr_types_length; ++i)
-    {
-      blank.type = attr_types[i];
-      g_pkcs11_array_add (result, &blank);
-    }
-
-  /* Get all the required buffer sizes */
-  rv = (self->priv->module->C_GetAttributeValue) (session, object,
-                                                  result->attrs, result->count);
-  if (rv == CKR_ATTRIBUTE_SENSITIVE ||
-      rv == CKR_ATTRIBUTE_TYPE_INVALID)
-    rv = CKR_OK;
-  if (g_pkcs11_propagate_error (error, rv))
-    {
-      g_pkcs11_array_unref (result);
-      return NULL;
-    }
-
-  /* Now allocate memory for them all */
-  for (i = 0; i < attr_types_length; ++i)
-    {
-      attr = &g_pkcs11_array_index (result, i);
-      if (attr->ulValueLen != (CK_ULONG)-1 && attr->ulValueLen)
-          attr->pValue = g_malloc0 (attr->ulValueLen);
-    }
-
-  /* And finally get all the values */
-  rv = (self->priv->module->C_GetAttributeValue) (session, object,
-                                                  result->attrs, result->count);
-  if (rv == CKR_ATTRIBUTE_SENSITIVE ||
-      rv == CKR_ATTRIBUTE_TYPE_INVALID ||
-      rv == CKR_BUFFER_TOO_SMALL)
-    rv = CKR_OK;
-  if (g_pkcs11_propagate_error (error, rv))
-    {
-      g_pkcs11_array_unref (result);
-      return NULL;
-    }
-
-  return result;
-}
-
-static void
-g_pkcs11_slot_init (GPkcs11Slot *self)
-{
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_PKCS11_SLOT,
-                                            GPkcs11SlotPrivate);
-  g_mutex_init (&self->priv->mutex);
-}
-
-static void
-g_pkcs11_slot_dispose (GObject *object)
-{
-  GPkcs11Slot *self = G_PKCS11_SLOT (object);
-  CK_SESSION_HANDLE session = 0;
-
-  g_mutex_lock (&self->priv->mutex);
-
-  session = self->priv->last_session;
-  self->priv->last_session = 0;
-
-  g_mutex_unlock (&self->priv->mutex);
-
-  if (session)
-    session_close (self, session);
-
-  G_OBJECT_CLASS (g_pkcs11_slot_parent_class)->dispose (object);
-}
-
-static void
-g_pkcs11_slot_finalize (GObject *object)
-{
-  GPkcs11Slot *self = G_PKCS11_SLOT (object);
-
-  g_assert (self->priv->last_session == 0);
-  g_mutex_clear (&self->priv->mutex);
-
-  G_OBJECT_CLASS (g_pkcs11_slot_parent_class)->finalize (object);
-}
-
-static void
-g_pkcs11_slot_get_property (GObject    *object,
-                             guint       prop_id,
-                             GValue     *value,
-                             GParamSpec *pspec)
-{
-  GPkcs11Slot *self = G_PKCS11_SLOT (object);
-
-  switch (prop_id)
-    {
-    case PROP_MODULE:
-      g_value_set_pointer (value, self->priv->module);
-      break;
-
-    case PROP_SLOT_ID:
-      g_value_set_ulong (value, self->priv->slot_id);
-      break;
-
-    default:
-      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
-    }
-}
-
-static void
-g_pkcs11_slot_set_property (GObject      *object,
-                             guint         prop_id,
-                             const GValue *value,
-                             GParamSpec   *pspec)
-{
-  GPkcs11Slot *self = G_PKCS11_SLOT (object);
-
-  switch (prop_id)
-    {
-    case PROP_MODULE:
-      self->priv->module = g_value_get_pointer (value);
-      g_assert (self->priv->module);
-      break;
-
-    case PROP_SLOT_ID:
-      self->priv->slot_id = g_value_get_ulong (value);
-      break;
-
-    default:
-      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
-    }
-}
-
-static void
-g_pkcs11_slot_class_init (GPkcs11SlotClass *klass)
-{
-  GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-
-  g_type_class_add_private (klass, sizeof (GPkcs11SlotPrivate));
-
-  gobject_class->get_property = g_pkcs11_slot_get_property;
-  gobject_class->set_property = g_pkcs11_slot_set_property;
-  gobject_class->dispose      = g_pkcs11_slot_dispose;
-  gobject_class->finalize     = g_pkcs11_slot_finalize;
-
-  g_object_class_install_property (gobject_class, PROP_MODULE,
-                                   g_param_spec_pointer ("module",
-                                                         N_("Module"),
-                                                         N_("PKCS#11 Module Pointer"),
-                                                         G_PARAM_READWRITE |
-                                                         G_PARAM_CONSTRUCT |
-                                                         G_PARAM_STATIC_STRINGS));
-
-  g_object_class_install_property (gobject_class, PROP_SLOT_ID,
-                                   g_param_spec_ulong ("slot-id",
-                                                         N_("Slot ID"),
-                                                         N_("PKCS#11 Slot Identifier"),
-                                                         0,
-                                                         G_MAXULONG,
-                                                         G_MAXULONG,
-                                                         G_PARAM_READWRITE |
-                                                         G_PARAM_CONSTRUCT |
-                                                         G_PARAM_STATIC_STRINGS));
-}
-
-GPkcs11EnumerateState
-g_pkcs11_slot_enumerate (GPkcs11Slot             *self,
-                         GTlsInteraction         *interaction,
-                         CK_ATTRIBUTE_PTR         match,
-                         CK_ULONG                 match_count,
-                         gboolean                 match_private,
-                         const CK_ATTRIBUTE_TYPE *attr_types,
-                         guint                    attr_types_length,
-                         GPkcs11Accumulator       accumulator,
-                         gpointer                 user_data,
-                         GCancellable            *cancellable,
-                         GError                 **error)
-{
-  GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE;
-  CK_OBJECT_HANDLE objects[256];
-  CK_SESSION_HANDLE session;
-  GPkcs11Array *attrs;
-  GError *err = NULL;
-  CK_ULONG count, i;
-  CK_RV rv;
-
-  g_return_val_if_fail (G_IS_PKCS11_SLOT (self), FALSE);
-  g_return_val_if_fail (accumulator, FALSE);
-  g_return_val_if_fail (!error || !*error, FALSE);
-
-  session = session_checkout_or_open (self, interaction, match_private,
-                                      cancellable, &err);
-  if (err != NULL)
-    {
-      /* If the slot isn't present, then nothing to match :) */
-      if (g_error_matches (err, G_PKCS11_ERROR, CKR_TOKEN_NOT_PRESENT))
-        {
-          g_clear_error (&err);
-          return G_PKCS11_ENUMERATE_CONTINUE;
-        }
-
-      g_propagate_error (error, err);
-      return G_PKCS11_ENUMERATE_FAILED;
-    }
-
-  rv = (self->priv->module->C_FindObjectsInit) (session, match, match_count);
-
-  while (state == G_PKCS11_ENUMERATE_CONTINUE && rv == CKR_OK &&
-         !g_cancellable_is_cancelled (cancellable))
-    {
-      count = 0;
-      rv = (self->priv->module->C_FindObjects) (session, objects,
-                                                G_N_ELEMENTS (objects), &count);
-      if (rv == CKR_OK)
-        {
-          if (count == 0)
-            break;
-
-          for (i = 0; state == G_PKCS11_ENUMERATE_CONTINUE && i < count; ++i)
-            {
-              if (attr_types_length)
-                {
-                  attrs = retrieve_object_attributes (self, session, objects[i],
-                                                  attr_types, attr_types_length, error);
-                  if (attrs == NULL)
-                      state = G_PKCS11_ENUMERATE_FAILED;
-                }
-              else
-                {
-                  attrs = NULL;
-                }
-
-              if (state == G_PKCS11_ENUMERATE_CONTINUE)
-                {
-                  if (!(accumulator) (attrs, user_data))
-                    state = G_PKCS11_ENUMERATE_STOP;
-                }
-
-              if (attrs)
-                g_pkcs11_array_unref (attrs);
-
-              if (g_cancellable_is_cancelled (cancellable))
-                break;
-            }
-        }
-    }
-
-  if (g_cancellable_set_error_if_cancelled (cancellable, error))
-    {
-      state = G_PKCS11_ENUMERATE_FAILED;
-    }
-  else if (rv != CKR_OK && rv != CKR_TOKEN_NOT_PRESENT)
-    {
-      g_pkcs11_propagate_error (error, rv);
-      state = G_PKCS11_ENUMERATE_FAILED;
-    }
-
-  rv = (self->priv->module->C_FindObjectsFinal) (session);
-  if (rv == CKR_OK)
-    session_checkin_or_close (self, session);
-  else
-    session_close (self, session);
-
-  return state;
-}
-
-gboolean
-g_pkcs11_slot_get_token_info (GPkcs11Slot       *self,
-                              CK_TOKEN_INFO_PTR  token_info)
-{
-  CK_RV rv;
-
-  g_return_val_if_fail (G_IS_PKCS11_SLOT (self), FALSE);
-  g_return_val_if_fail (token_info, FALSE);
-
-  memset (token_info, 0, sizeof (CK_TOKEN_INFO));
-  rv = (self->priv->module->C_GetTokenInfo) (self->priv->slot_id, token_info);
-  if (rv == CKR_TOKEN_NOT_PRESENT)
-    return FALSE;
-
-  if (rv != CKR_OK)
-    {
-      g_warning ("call to C_GetTokenInfo on PKCS#11 module failed: %s",
-                 p11_kit_strerror (rv));
-      return FALSE;
-    }
-
-  return TRUE;
-}
-
-gboolean
-g_pkcs11_slot_matches_uri (GPkcs11Slot            *self,
-                           P11KitUri              *uri)
-{
-  CK_INFO library;
-  CK_TOKEN_INFO token;
-  CK_RV rv;
-
-  g_return_val_if_fail (G_IS_PKCS11_SLOT (self), FALSE);
-  g_return_val_if_fail (uri, FALSE);
-
-  memset (&library, 0, sizeof (library));
-  rv = (self->priv->module->C_GetInfo) (&library);
-  if (rv != CKR_OK)
-    {
-      g_warning ("call to C_GetInfo on PKCS#11 module failed: %s",
-                 p11_kit_strerror (rv));
-      return FALSE;
-    }
-
-  if (!p11_kit_uri_match_module_info (uri, &library))
-    return FALSE;
-
-  memset (&token, 0, sizeof (token));
-  if (!g_pkcs11_slot_get_token_info (self, &token))
-    return FALSE;
-
-  return p11_kit_uri_match_token_info (uri, &token);
-}

diff --git a/tls/pkcs11/gpkcs11slot.h b/tls/pkcs11/gpkcs11slot.h
deleted file mode 100644 (file)
index 27d9daf..0000000
--- a/tls/pkcs11/gpkcs11slot.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* GIO - Small GLib wrapper of PKCS#11 for use in GTls
- *
- * Copyright 2011 Collabora, Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __G_PKCS11_SLOT_H__
-#define __G_PKCS11_SLOT_H__
-
-#include <gio/gio.h>
-
-#include "gpkcs11array.h"
-
-#include <p11-kit/pkcs11.h>
-#include <p11-kit/uri.h>
-
-G_BEGIN_DECLS
-
-typedef enum
-{
-  G_PKCS11_ENUMERATE_FAILED,
-  G_PKCS11_ENUMERATE_STOP,
-  G_PKCS11_ENUMERATE_CONTINUE
-} GPkcs11EnumerateState;
-
-#define G_TYPE_PKCS11_SLOT            (g_pkcs11_slot_get_type ())
-#define G_PKCS11_SLOT(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_PKCS11_SLOT, GPkcs11Slot))
-#define G_PKCS11_SLOT_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_PKCS11_SLOT, GPkcs11SlotClass))
-#define G_IS_PKCS11_SLOT(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_PKCS11_SLOT))
-#define G_IS_PKCS11_SLOT_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_PKCS11_SLOT))
-#define G_PKCS11_SLOT_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_PKCS11_SLOT, GPkcs11SlotClass))
-
-typedef struct _GPkcs11SlotPrivate                   GPkcs11SlotPrivate;
-typedef struct _GPkcs11SlotClass                     GPkcs11SlotClass;
-typedef struct _GPkcs11Slot                          GPkcs11Slot;
-
-struct _GPkcs11SlotClass
-{
-  GObjectClass parent_class;
-};
-
-struct _GPkcs11Slot
-{
-  GObject parent_instance;
-  GPkcs11SlotPrivate *priv;
-};
-
-typedef gboolean             (*GPkcs11Accumulator)            (gpointer result,
-                                                               gpointer user_data);
-
-GType                        g_pkcs11_slot_get_type           (void) G_GNUC_CONST;
-
-GPkcs11EnumerateState        g_pkcs11_slot_enumerate          (GPkcs11Slot             *self,
-                                                               GTlsInteraction         *interaction,
-                                                               CK_ATTRIBUTE_PTR         match,
-                                                               CK_ULONG                 match_count,
-                                                               gboolean                 match_private,
-                                                               const CK_ATTRIBUTE_TYPE *attr_types,
-                                                               guint                    attr_types_length,
-                                                               GPkcs11Accumulator       accumulator,
-                                                               gpointer                 user_data,
-                                                               GCancellable            *cancellable,
-                                                               GError                 **error);
-
-gboolean                     g_pkcs11_slot_get_token_info     (GPkcs11Slot             *self,
-                                                               CK_TOKEN_INFO_PTR        token_info);
-
-gboolean                     g_pkcs11_slot_matches_uri        (GPkcs11Slot             *self,
-                                                               P11KitUri               *uri);
-
-G_END_DECLS
-
-#endif /* __G_PKCS11_SLOT_H___ */

diff --git a/tls/pkcs11/gpkcs11util.c b/tls/pkcs11/gpkcs11util.c
deleted file mode 100644 (file)
index 58fa52e..0000000
--- a/tls/pkcs11/gpkcs11util.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* GIO - Small GLib wrapper of PKCS#11 for use in GTls
- *
- * Copyright 2011 Collabora, Ltd
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "gpkcs11util.h"
-
-#include <glib/gi18n-lib.h>
-#include <gio/gio.h>
-
-#include <p11-kit/p11-kit.h>
-
-GQuark
-g_pkcs11_get_error_domain (void)
-{
-  static GQuark domain = 0;
-  static volatile gsize quark_inited = 0;
-
-  if (g_once_init_enter (&quark_inited))
-    {
-      domain = g_quark_from_static_string ("g-pkcs11-error");
-      g_once_init_leave (&quark_inited, 1);
-    }
-
-  return domain;
-}
-
-gboolean
-g_pkcs11_propagate_error (GError **error, CK_RV rv)
-{
-  if (rv == CKR_OK)
-    return FALSE;
-  if (rv == CKR_CANCEL)
-      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CANCELLED,
-                           p11_kit_strerror (rv));
-  else
-    g_set_error_literal (error, G_PKCS11_ERROR, (gint)rv,
-                         p11_kit_strerror (rv));
-  return TRUE;
-}

diff --git a/tls/pkcs11/gpkcs11util.h b/tls/pkcs11/gpkcs11util.h
deleted file mode 100644 (file)
index 37b5de7..0000000
--- a/tls/pkcs11/gpkcs11util.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* GIO - Small GLib wrapper of PKCS#11 for use in GTls
- *
- * Copyright 2011 Collabora, Ltd.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __G_PKCS11_UTIL_H__
-#define __G_PKCS11_UTIL_H__
-
-#include <glib.h>
-
-#include <p11-kit/pkcs11.h>
-
-G_BEGIN_DECLS
-
-#define                G_PKCS11_VENDOR_CODE               0x47000000 /* G000 */
-
-enum {
-  G_PKCS11_ERROR_BAD_URI = (CKR_VENDOR_DEFINED | (G_PKCS11_VENDOR_CODE + 1)),
-};
-
-#define                G_PKCS11_ERROR                     (g_pkcs11_get_error_domain ())
-
-GQuark                 g_pkcs11_get_error_domain          (void) G_GNUC_CONST;
-
-gboolean               g_pkcs11_propagate_error           (GError **error,
-                                                           CK_RV rv);
-
-G_END_DECLS
-
-#endif /* __G_PKCS11_UTIL_H___ */

diff --git a/tls/pkcs11/pkcs11-trust-assertions.h b/tls/pkcs11/pkcs11-trust-assertions.h
deleted file mode 100644 (file)
index cfc916b..0000000
--- a/tls/pkcs11/pkcs11-trust-assertions.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * pkcs11x.h
- *  Copyright 2010 Collabora, Ltd
- *
- * This file is free software; as a special exception the author gives
- * unlimited permission to copy and/or distribute it, with or without
- * modifications, as long as this notice is preserved.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
- * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- * PURPOSE.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-/*
- * The latest version of this file is at:
- *
- * git://thewalter.net/git/pkcs11-trust-assertions
- *
- * or viewable on the web at:
- *
- * http://thewalter.net/git/cgit.cgi/pkcs11-trust-assertions/tree/pkcs11-trust-assertions.h
- *
- */
-
-#ifndef PKCS11_TRUST_ASSERTIONS_H
-#define PKCS11_TRUST_ASSERTIONS_H
-
-#include <p11-kit/pkcs11.h>
-
-#define CKA_XDG   (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ )
-#define CKO_XDG   (CKA_VENDOR_DEFINED | 0x58444700UL /* XDG0 */ )
-
-/* -------------------------------------------------------------------
- * TRUST ASSERTIONS
- */
-
-#define CKO_X_TRUST_ASSERTION                    (CKO_XDG + 100)
-
-#define CKA_X_ASSERTION_TYPE                     (CKA_XDG + 1)
-
-#define CKA_X_CERTIFICATE_VALUE                  (CKA_XDG + 2)
-
-#define CKA_X_PURPOSE                            (CKA_XDG + 3)
-
-#define CKA_X_PEER                               (CKA_XDG + 4)
-
-typedef CK_ULONG CK_X_ASSERTION_TYPE;
-
-#define CKT_X_UNTRUSTED_CERTIFICATE              1UL
-
-#define CKT_X_PINNED_CERTIFICATE                 2UL
-
-#define CKT_X_ANCHORED_CERTIFICATE               3UL
-
-#endif /* PKCS11_TRUST_ASSERTIONS_H */

diff --git a/tls/tests/Makefile.am b/tls/tests/Makefile.am
deleted file mode 100644 (file)
index 55e5032..0000000
--- a/tls/tests/Makefile.am
+++ /dev/null
@@ -1,72 +0,0 @@
-include $(top_srcdir)/glib-networking.mk
-
-AM_CPPFLAGS +=                                 \
-       $(GNUTLS_CFLAGS)                        \
-       -I$(top_srcdir)/tls                     \
-       -I$(top_builddir)/tls                   \
-       -DSRCDIR=\""$(abs_srcdir)"\"            \
-       -DTOP_BUILDDIR=\""$(top_builddir)"\"
-
-LDADD  = \
-       $(GLIB_LIBS) \
-       $(GNUTLS_LIBS)
-
-test_programs =       \
-       certificate   \
-       file-database \
-       connection    \
-       $(NULL)
-
-connection_SOURCES = connection.c \
-       mock-interaction.c mock-interaction.h
-
-if HAVE_PKCS11
-
-test_programs +=           \
-       pkcs11-util        \
-       pkcs11-array       \
-       pkcs11-pin         \
-       pkcs11-slot
-
-AM_CPPFLAGS +=                 \
-       $(PKCS11_CFLAGS)
-
-LDADD += $(top_builddir)/tls/pkcs11/libgiopkcs11.la $(PKCS11_LIBS)
-
-pkcs11_slot_SOURCES = pkcs11-slot.c \
-       mock-pkcs11.c mock-pkcs11.h \
-       mock-interaction.c mock-interaction.h
-
-endif
-
-testfiles_data =                               \
-       files/ca.pem                            \
-       files/ca-alternative.pem                \
-       files/ca-key.pem                        \
-       files/ca-roots.pem                      \
-       files/ca-roots-bad.pem                  \
-       files/ca-verisign-sha1.pem              \
-       files/chain.pem                         \
-       files/chain-with-verisign-md2.pem       \
-       files/client-and-key.pem                \
-       files/client-future.pem                 \
-       files/client-past.pem                   \
-       files/client.pem                        \
-       files/intermediate-ca.pem               \
-       files/non-ca.pem                        \
-       files/server-and-key.pem                \
-       files/server.der                        \
-       files/server-intermediate.pem           \
-       files/server-intermediate-key.pem       \
-       files/server-key.der                    \
-       files/server-key.pem                    \
-       files/server.pem                        \
-       files/server-self.pem                   \
-       $(NULL)
-
-if ENABLE_INSTALLED_TESTS
-testfilesdir = $(installed_testdir)/files
-testfiles_DATA = $(testfiles_data)
-endif
-
-EXTRA_DIST += $(testfiles_data)

diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
index ae4c621..3310269 100644 (file)
--- a/tls/tests/certificate.c
+++ b/tls/tests/certificate.c
@@ -1,11 +1,13 @@
-/* GIO TLS tests
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO TLS tests
  *
  * Copyright 2011 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -76,7 +78,7 @@ setup_certificate (TestCertificate *test, gconstpointer data)
   g_assert_no_error (error);
 
   g_file_get_contents (tls_test_file_path ("server.der"),
-                      &contents, &length, &error);
+                       &contents, &length, &error);
   g_assert_no_error (error);
 
   test->cert_der = g_byte_array_new ();
@@ -117,7 +119,7 @@ test_create_pem (TestCertificate *test,
 
   cert = g_tls_certificate_new_from_pem (test->cert_pem, test->cert_pem_length, &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   g_object_get (cert, "certificate-pem", &pem, NULL);
   g_assert_cmpstr (pem, ==, test->cert_pem);
@@ -125,7 +127,7 @@ test_create_pem (TestCertificate *test,
 
   g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
   g_object_unref (cert);
-  g_assert (cert == NULL);
+  g_assert_null (cert);
 }
 
 static void
@@ -140,11 +142,11 @@ test_create_with_key_pem (TestCertificate *test,
                          "private-key-pem", test->key_pem,
                          NULL);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
   g_object_unref (cert);
-  g_assert (cert == NULL);
+  g_assert_null (cert);
 }
 
 static void
@@ -159,18 +161,18 @@ test_create_der (TestCertificate *test,
                          "certificate", test->cert_der,
                          NULL);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   g_object_get (cert, "certificate", &der, NULL);
-  g_assert (der);
+  g_assert_nonnull (der);
   g_assert_cmpuint (der->len, ==, test->cert_der->len);
-  g_assert (memcmp (der->data, test->cert_der->data, der->len) == 0);
+  g_assert_cmpint (memcmp (der->data, test->cert_der->data, der->len), ==, 0);
 
   g_byte_array_unref (der);
 
   g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
   g_object_unref (cert);
-  g_assert (cert == NULL);
+  g_assert_null (cert);
 }
 
 static void
@@ -185,11 +187,11 @@ test_create_with_key_der (TestCertificate *test,
                          "private-key", test->key_der,
                          NULL);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
   g_object_unref (cert);
-  g_assert (cert == NULL);
+  g_assert_null (cert);
 }
 
 static void
@@ -201,26 +203,44 @@ test_create_certificate_with_issuer (TestCertificate   *test,
 
   issuer = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (issuer));
+  g_assert_true (G_IS_TLS_CERTIFICATE (issuer));
 
   cert = g_initable_new (test->cert_gtype, NULL, &error,
                          "certificate-pem", test->cert_pem,
                          "issuer", issuer,
                          NULL);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   g_object_add_weak_pointer (G_OBJECT (issuer), (gpointer *)&issuer);
   g_object_unref (issuer);
-  g_assert (issuer != NULL);
+  g_assert_nonnull (issuer);
 
   check = g_tls_certificate_get_issuer (cert);
-  g_assert (check == issuer);
+  g_assert_true (check == issuer);
 
   g_object_add_weak_pointer (G_OBJECT (cert), (gpointer *)&cert);
   g_object_unref (cert);
-  g_assert (cert == NULL);
-  g_assert (issuer == NULL);
+  g_assert_null (cert);
+  g_assert_null (issuer);
+}
+
+static void
+test_create_certificate_with_garbage_input (TestCertificate *test,
+                                            gconstpointer data)
+{
+  GTlsCertificate *cert;
+  GError *error = NULL;
+
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("garbage.pem"), &error);
+  g_assert_null (cert);
+  g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+  g_clear_error (&error);
+
+  cert = g_tls_certificate_new_from_pem ("I am not a very good certificate.", -1, &error);
+  g_assert_null (cert);
+  g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+  g_clear_error (&error);
 }
 
 static void
@@ -229,23 +249,17 @@ test_create_certificate_chain (void)
   GTlsCertificate *cert, *intermediate, *root;
   GError *error = NULL;
 
-  if (glib_check_version (2, 43, 0))
-    {
-      g_test_skip ("This test requires glib 2.43");
-      return;
-    }
-
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   intermediate = g_tls_certificate_get_issuer (cert);
-  g_assert (G_IS_TLS_CERTIFICATE (intermediate));
+  g_assert_true (G_IS_TLS_CERTIFICATE (intermediate));
 
   root = g_tls_certificate_get_issuer (intermediate);
-  g_assert (G_IS_TLS_CERTIFICATE (root));
+  g_assert_true (G_IS_TLS_CERTIFICATE (root));
 
-  g_assert (g_tls_certificate_get_issuer (root) == NULL);
+  g_assert_null (g_tls_certificate_get_issuer (root));
 
   g_object_unref (cert);
 }
@@ -260,10 +274,10 @@ test_create_certificate_no_chain (void)
 
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   issuer = g_tls_certificate_get_issuer (cert);
-  g_assert (issuer == NULL);
+  g_assert_null (issuer);
   g_object_unref (cert);
 
   /* Truncate a valid chain certificate file. We should only get the
@@ -276,10 +290,10 @@ test_create_certificate_no_chain (void)
   cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error);
   g_free (cert_pem);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   issuer = g_tls_certificate_get_issuer (cert);
-  g_assert (issuer == NULL);
+  g_assert_null (issuer);
   g_object_unref (cert);
 }
 
@@ -327,44 +341,44 @@ setup_verify (TestVerify     *test,
 
   test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (test->cert));
 
   test->identity = g_network_address_new ("server.example.com", 80);
 
   test->anchor = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (test->anchor));
+  g_assert_true (G_IS_TLS_CERTIFICATE (test->anchor));
   test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_DATABASE (test->database));
+  g_assert_true (G_IS_TLS_DATABASE (test->database));
 }
 
 static void
 teardown_verify (TestVerify      *test,
                  gconstpointer    data)
 {
-  g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (test->cert));
   g_object_add_weak_pointer (G_OBJECT (test->cert),
-                            (gpointer *)&test->cert);
+                             (gpointer *)&test->cert);
   g_object_unref (test->cert);
-  g_assert (test->cert == NULL);
+  g_assert_null (test->cert);
 
-  g_assert (G_IS_TLS_CERTIFICATE (test->anchor));
+  g_assert_true (G_IS_TLS_CERTIFICATE (test->anchor));
   g_object_add_weak_pointer (G_OBJECT (test->anchor),
-                            (gpointer *)&test->anchor);
+                             (gpointer *)&test->anchor);
   g_object_unref (test->anchor);
-  g_assert (test->anchor == NULL);
+  g_assert_null (test->anchor);
 
-  g_assert (G_IS_TLS_DATABASE (test->database));
+  g_assert_true (G_IS_TLS_DATABASE (test->database));
   g_object_add_weak_pointer (G_OBJECT (test->database),
-                            (gpointer *)&test->database);
+                             (gpointer *)&test->database);
   g_object_unref (test->database);
-  g_assert (test->database == NULL);
+  g_assert_null (test->database);
 
   g_object_add_weak_pointer (G_OBJECT (test->identity),
-                            (gpointer *)&test->identity);
+                             (gpointer *)&test->identity);
   g_object_unref (test->identity);
-  g_assert (test->identity == NULL);
+  g_assert_null (test->identity);
 }
 
 static void
@@ -427,7 +441,7 @@ test_verify_certificate_bad_ca (TestVerify      *test,
   /* Use a client certificate as the CA, which is wrong */
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   errors = g_tls_certificate_verify (test->cert, test->identity, cert);
   g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA);
@@ -446,7 +460,7 @@ test_verify_certificate_bad_before (TestVerify      *test,
   /* This is a certificate in the future */
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   errors = g_tls_certificate_verify (cert, NULL, test->anchor);
   g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_NOT_ACTIVATED);
@@ -465,7 +479,7 @@ test_verify_certificate_bad_expired (TestVerify      *test,
   /* This is a certificate in the future */
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   errors = g_tls_certificate_verify (cert, NULL, test->anchor);
   g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_EXPIRED);
@@ -485,12 +499,12 @@ test_verify_certificate_bad_combo (TestVerify      *test,
 
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   /* Unrelated cert used as certificate authority */
   cacert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cacert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cacert));
 
   /*
    * - Use unrelated cert as CA
@@ -526,12 +540,12 @@ test_certificate_is_same (void)
   three = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
   g_assert_no_error (error);
 
-  g_assert (g_tls_certificate_is_same (one, two) == TRUE);
-  g_assert (g_tls_certificate_is_same (two, one) == TRUE);
-  g_assert (g_tls_certificate_is_same (three, one) == FALSE);
-  g_assert (g_tls_certificate_is_same (one, three) == FALSE);
-  g_assert (g_tls_certificate_is_same (two, three) == FALSE);
-  g_assert (g_tls_certificate_is_same (three, two) == FALSE);
+  g_assert_true (g_tls_certificate_is_same (one, two));
+  g_assert_true (g_tls_certificate_is_same (two, one));
+  g_assert_false (g_tls_certificate_is_same (three, one));
+  g_assert_false (g_tls_certificate_is_same (one, three));
+  g_assert_false (g_tls_certificate_is_same (two, three));
+  g_assert_false (g_tls_certificate_is_same (three, two));
 
   g_object_unref (one);
   g_object_unref (two);
@@ -545,8 +559,8 @@ main (int   argc,
   g_test_init (&argc, &argv, NULL);
 
   g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
-  g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE);
-  g_setenv ("GIO_USE_TLS", "gnutls", TRUE);
+  g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+  g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
 
   g_test_add ("/tls/certificate/create-pem", TestCertificate, NULL,
               setup_certificate, test_create_pem, teardown_certificate);
@@ -558,6 +572,9 @@ main (int   argc,
               setup_certificate, test_create_with_key_der, teardown_certificate);
   g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
               setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+  g_test_add ("/tls/certificate/create-with-garbage-input", TestCertificate, NULL,
+              setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
+
   g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
   g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
   g_test_add_func ("/tls/certificate/create-list", test_create_list);

diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index d2bf8cb..69fb286 100644 (file)
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -1,11 +1,13 @@
-/* GIO TLS tests
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO TLS tests
  *
  * Copyright 2011 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -27,11 +29,14 @@
 #include "mock-interaction.h"
 
 #include <gio/gio.h>
-#include <gnutls/gnutls.h>
 
 #include <sys/types.h>
 #include <string.h>
 
+#ifdef BACKEND_IS_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
+
 static const gchar *
 tls_test_file_path (const char *name)
 {
@@ -70,12 +75,16 @@ typedef struct {
   GTlsAuthenticationMode auth_mode;
   gboolean rehandshake;
   GTlsCertificateFlags accept_flags;
+  GError *expected_client_close_error;
   GError *read_error;
-  gboolean expect_server_error;
+  GError *expected_server_error;
   GError *server_error;
   gboolean server_should_close;
   gboolean server_running;
   GTlsCertificate *server_certificate;
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  const gchar * const *server_protocols;
+#endif
 
   char buf[128];
   gssize nread, nwrote;
@@ -90,18 +99,18 @@ setup_connection (TestConnection *test, gconstpointer data)
 }
 
 /* Waits about 10 seconds for @var to be NULL/FALSE */
-#define WAIT_UNTIL_UNSET(var)                          \
-  if (var)                                             \
-    {                                                  \
-      int i;                                           \
-                                                       \
-      for (i = 0; i < 13 && (var); i++)                        \
-       {                                               \
-         g_usleep (1000 * (1 << i));                   \
-         g_main_context_iteration (NULL, FALSE);       \
-       }                                               \
-                                                       \
-      g_assert (!(var));                               \
+#define WAIT_UNTIL_UNSET(var)                                \
+  if (var)                                                   \
+    {                                                        \
+      int i;                                                 \
+                                                             \
+      for (i = 0; i < 13 && (var); i++)                      \
+        {                                                    \
+          g_usleep (1000 * (1 << i));                        \
+          g_main_context_iteration (NULL, FALSE);            \
+        }                                                    \
+                                                             \
+      g_assert (!(var));                                     \
     }
 
 static void
@@ -123,7 +132,7 @@ teardown_connection (TestConnection *test, gconstpointer data)
       WAIT_UNTIL_UNSET (test->server_running);
 
       g_object_add_weak_pointer (G_OBJECT (test->server_connection),
-                                (gpointer *)&test->server_connection);
+                                 (gpointer *)&test->server_connection);
       g_object_unref (test->server_connection);
       WAIT_UNTIL_UNSET (test->server_connection);
     }
@@ -131,7 +140,7 @@ teardown_connection (TestConnection *test, gconstpointer data)
   if (test->client_connection)
     {
       g_object_add_weak_pointer (G_OBJECT (test->client_connection),
-                                (gpointer *)&test->client_connection);
+                                 (gpointer *)&test->client_connection);
       g_object_unref (test->client_connection);
       WAIT_UNTIL_UNSET (test->client_connection);
     }
@@ -139,7 +148,7 @@ teardown_connection (TestConnection *test, gconstpointer data)
   if (test->database)
     {
       g_object_add_weak_pointer (G_OBJECT (test->database),
-                                (gpointer *)&test->database);
+                                 (gpointer *)&test->database);
       g_object_unref (test->database);
       WAIT_UNTIL_UNSET (test->database);
     }
@@ -147,9 +156,13 @@ teardown_connection (TestConnection *test, gconstpointer data)
   g_clear_object (&test->address);
   g_clear_object (&test->identity);
   g_clear_object (&test->server_certificate);
+
   g_main_loop_unref (test->loop);
+
+  g_clear_error (&test->expected_client_close_error);
   g_clear_error (&test->read_error);
   g_clear_error (&test->server_error);
+  g_clear_error (&test->expected_server_error);
 }
 
 static void
@@ -174,27 +187,29 @@ start_server (TestConnection *test)
   /* The hostname in test->identity matches the server certificate. */
   iaddr = G_INET_SOCKET_ADDRESS (test->address);
   test->identity = g_network_address_new ("server.example.com",
-                                         g_inet_socket_address_get_port (iaddr));
+                                          g_inet_socket_address_get_port (iaddr));
 
   test->server_running = TRUE;
 }
 
 static gboolean
-on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
-                       GTlsCertificateFlags errors, gpointer user_data)
+on_accept_certificate (GTlsConnection       *conn,
+                       GTlsCertificate      *cert,
+                       GTlsCertificateFlags  errors,
+                       gpointer              user_data)
 {
   TestConnection *test = user_data;
   return errors == test->accept_flags;
 }
 
 static void on_output_write_finish (GObject        *object,
-                                   GAsyncResult   *res,
-                                   gpointer        user_data);
+                                    GAsyncResult   *res,
+                                    gpointer        user_data);
 
 static void
 on_rehandshake_finish (GObject        *object,
-                      GAsyncResult   *res,
-                      gpointer        user_data)
+                       GAsyncResult   *res,
+                       gpointer        user_data)
 {
   TestConnection *test = user_data;
   GError *error = NULL;
@@ -205,7 +220,7 @@ on_rehandshake_finish (GObject        *object,
 
   stream = g_io_stream_get_output_stream (test->server_connection);
   g_output_stream_write_async (stream, TEST_DATA + TEST_DATA_LENGTH / 2,
-                              TEST_DATA_LENGTH / 2,
+                               TEST_DATA_LENGTH / 2,
                                G_PRIORITY_DEFAULT, NULL,
                                on_output_write_finish, test);
 }
@@ -216,13 +231,17 @@ on_server_close_finish (GObject        *object,
                         gpointer        user_data)
 {
   TestConnection *test = user_data;
+  GError *expected_error = test->expected_server_error;
   GError *error = NULL;
 
   g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
-  if (test->expect_server_error)
-    g_assert (error != NULL);
+  g_assert_no_error (error);
+
+  if (expected_error)
+    g_assert_error (test->server_error, expected_error->domain, expected_error->code);
   else
-    g_assert_no_error (error);
+    g_assert_no_error (test->server_error);
+
   test->server_running = FALSE;
 }
 
@@ -240,15 +259,15 @@ on_output_write_finish (GObject        *object,
 {
   TestConnection *test = user_data;
 
-  g_assert (test->server_error == NULL);
+  g_assert_no_error (test->server_error);
   g_output_stream_write_finish (G_OUTPUT_STREAM (object), res, &test->server_error);
 
   if (!test->server_error && test->rehandshake)
     {
       test->rehandshake = FALSE;
       g_tls_connection_handshake_async (G_TLS_CONNECTION (test->server_connection),
-                                       G_PRIORITY_DEFAULT, NULL,
-                                       on_rehandshake_finish, test);
+                                        G_PRIORITY_DEFAULT, NULL,
+                                        on_rehandshake_finish, test);
       return;
     }
 
@@ -267,21 +286,19 @@ on_incoming_connection (GSocketService     *service,
   GTlsCertificate *cert;
   GError *error = NULL;
 
-  if (test->server_certificate)
-    {
-      cert = g_object_ref (test->server_certificate);
-    }
-  else
+  g_assert_null (test->server_connection);
+  test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
+                                                         test->server_certificate, &error);
+  g_assert_no_error (error);
+
+  if (!test->server_certificate)
     {
       cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
       g_assert_no_error (error);
+      g_tls_connection_set_certificate ((GTlsConnection *)test->server_connection, cert);
+      g_object_unref (cert);
     }
 
-  test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
-                                                         cert, &error);
-  g_assert_no_error (error);
-  g_object_unref (cert);
-
   g_object_set (test->server_connection, "authentication-mode", test->auth_mode, NULL);
   g_signal_connect (test->server_connection, "accept-certificate",
                     G_CALLBACK (on_accept_certificate), test);
@@ -289,6 +306,14 @@ on_incoming_connection (GSocketService     *service,
   if (test->database)
     g_tls_connection_set_database (G_TLS_CONNECTION (test->server_connection), test->database);
 
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  if (test->server_protocols)
+    {
+      g_tls_connection_set_advertised_protocols (G_TLS_CONNECTION (test->server_connection),
+                                                 test->server_protocols);
+    }
+#endif
+
   stream = g_io_stream_get_output_stream (test->server_connection);
 
   g_output_stream_write_async (stream, TEST_DATA,
@@ -299,8 +324,9 @@ on_incoming_connection (GSocketService     *service,
 }
 
 static void
-start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode,
-                            gboolean should_close)
+start_async_server_service (TestConnection         *test,
+                            GTlsAuthenticationMode  auth_mode,
+                            gboolean                should_close)
 {
   test->service = g_socket_service_new ();
   start_server (test);
@@ -312,15 +338,14 @@ start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mo
 }
 
 static GIOStream *
-start_async_server_and_connect_to_it (TestConnection *test,
-                                      GTlsAuthenticationMode auth_mode,
-                                      gboolean should_close)
+start_async_server_and_connect_to_it (TestConnection         *test,
+                                      GTlsAuthenticationMode  auth_mode)
 {
   GSocketClient *client;
   GError *error = NULL;
   GSocketConnection *connection;
 
-  start_async_server_service (test, auth_mode, should_close);
+  start_async_server_service (test, auth_mode, TRUE);
 
   client = g_socket_client_new ();
   connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
@@ -333,9 +358,9 @@ start_async_server_and_connect_to_it (TestConnection *test,
 
 static void
 run_echo_server (GThreadedSocketService *service,
-                GSocketConnection      *connection,
-                GObject                *source_object,
-                gpointer                user_data)
+                 GSocketConnection      *connection,
+                 GObject                *source_object,
+                 gpointer                user_data)
 {
   TestConnection *test = user_data;
   GTlsConnection *tlsconn;
@@ -375,20 +400,20 @@ run_echo_server (GThreadedSocketService *service,
       g_assert_cmpint (nread, >=, 0);
 
       if (nread == 0)
-       break;
+        break;
 
       for (total = 0; total < nread; total += nwrote)
-       {
-         nwrote = g_output_stream_write (ostream, buf + total, nread - total, NULL, &error);
-         g_assert_no_error (error);
-       }
+        {
+          nwrote = g_output_stream_write (ostream, buf + total, nread - total, NULL, &error);
+          g_assert_no_error (error);
+        }
 
       if (test->rehandshake)
-       {
-         test->rehandshake = FALSE;
-         g_tls_connection_handshake (tlsconn, NULL, &error);
-         g_assert_no_error (error);
-       }
+        {
+          test->rehandshake = FALSE;
+          g_tls_connection_handshake (tlsconn, NULL, &error);
+          g_assert_no_error (error);
+        }
     }
 
   g_io_stream_close (test->server_connection, NULL, &error);
@@ -425,14 +450,27 @@ start_echo_server_and_connect_to_it (TestConnection *test)
 
 static void
 on_client_connection_close_finish (GObject        *object,
-                                  GAsyncResult   *res,
-                                  gpointer        user_data)
+                                   GAsyncResult   *res,
+                                   gpointer        user_data)
 {
   TestConnection *test = user_data;
   GError *error = NULL;
 
   g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
-  g_assert_no_error (error);
+
+  if (test->expected_client_close_error)
+    {
+      /* Although very rare, it's OK for broken pipe errors to not occur here if
+       * they have already occured earlier during a read. If so, there should be
+       * no error here at all.
+       */
+      if (error || !g_error_matches (test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
+        g_assert_error (error, test->expected_client_close_error->domain, test->expected_client_close_error->code);
+    }
+  else
+    {
+      g_assert_no_error (error);
+    }
 
   g_main_loop_quit (test->loop);
 }
@@ -449,7 +487,7 @@ on_input_read_finish (GObject        *object,
                                                NULL, &test->read_error);
   if (!test->read_error)
     {
-      g_assert (line);
+      g_assert_nonnull (line);
 
       check = g_strdup (TEST_DATA);
       g_strstrip (check);
@@ -468,7 +506,7 @@ read_test_data_async (TestConnection *test)
   GDataInputStream *stream;
 
   stream = g_data_input_stream_new (g_io_stream_get_input_stream (test->client_connection));
-  g_assert (stream);
+  g_assert_nonnull (stream);
 
   g_data_input_stream_read_line_async (stream, G_PRIORITY_DEFAULT, NULL,
                                        on_input_read_finish, test);
@@ -482,7 +520,7 @@ test_basic_connection (TestConnection *test,
   GIOStream *connection;
   GError *error = NULL;
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
   g_object_unref (connection);
@@ -507,12 +545,12 @@ test_verified_connection (TestConnection *test,
 
   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
   g_assert_no_error (error);
-  g_assert (test->database);
+  g_assert_nonnull (test->database);
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
@@ -530,7 +568,7 @@ test_verified_connection (TestConnection *test,
 
 static void
 test_verified_chain (TestConnection *test,
-                    gconstpointer   data)
+                     gconstpointer   data)
 {
   GTlsBackend *backend;
   GTlsCertificate *server_cert;
@@ -544,28 +582,28 @@ test_verified_chain (TestConnection *test,
   /* Prepare the intermediate cert. */
   intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (intermediate_cert);
+  g_assert_nonnull (intermediate_cert);
 
   /* Prepare the server cert. */
   g_clear_pointer (&cert_data, g_free);
   g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
-                      &key_data, NULL, &error);
+                       &key_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (key_data);
+  g_assert_nonnull (key_data);
 
   server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                               NULL, &error,
+                                NULL, &error,
                                 "issuer", intermediate_cert,
                                 "certificate-pem", cert_data,
                                 "private-key-pem", key_data,
                                 NULL);
   g_assert_no_error (error);
-  g_assert (server_cert);
+  g_assert_nonnull (server_cert);
 
   g_object_unref (intermediate_cert);
   g_free (cert_data);
@@ -577,7 +615,7 @@ test_verified_chain (TestConnection *test,
 
 static void
 test_verified_chain_with_redundant_root_cert (TestConnection *test,
-                                             gconstpointer   data)
+                                              gconstpointer   data)
 {
   GTlsBackend *backend;
   GTlsCertificate *server_cert;
@@ -592,42 +630,42 @@ test_verified_chain_with_redundant_root_cert (TestConnection *test,
   /* The root is redundant. It should not hurt anything. */
   root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (root_cert);
+  g_assert_nonnull (root_cert);
 
   /* Prepare the intermediate cert. */
   g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                                     NULL, &error,
-                                     "issuer", root_cert,
-                                     "certificate-pem", cert_data,
-                                     NULL);
+                                      NULL, &error,
+                                      "issuer", root_cert,
+                                      "certificate-pem", cert_data,
+                                      NULL);
   g_assert_no_error (error);
-  g_assert (intermediate_cert);
+  g_assert_nonnull (intermediate_cert);
 
   /* Prepare the server cert. */
   g_clear_pointer (&cert_data, g_free);
   g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
-                      &key_data, NULL, &error);
+                       &key_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (key_data);
+  g_assert_nonnull (key_data);
 
   server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                               NULL, &error,
+                                NULL, &error,
                                 "issuer", intermediate_cert,
                                 "certificate-pem", cert_data,
                                 "private-key-pem", key_data,
                                 NULL);
   g_assert_no_error (error);
-  g_assert (server_cert);
+  g_assert_nonnull (server_cert);
 
   g_object_unref (intermediate_cert);
   g_object_unref (root_cert);
@@ -640,7 +678,7 @@ test_verified_chain_with_redundant_root_cert (TestConnection *test,
 
 static void
 test_verified_chain_with_duplicate_server_cert (TestConnection *test,
-                                               gconstpointer   data)
+                                                gconstpointer   data)
 {
   /* This is another common server misconfiguration. Apache reads certificates
    * from two configuration files: one for the server cert, and one for the rest
@@ -660,37 +698,37 @@ test_verified_chain_with_duplicate_server_cert (TestConnection *test,
   /* Prepare the intermediate cert. */
   intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (intermediate_cert);
+  g_assert_nonnull (intermediate_cert);
 
   /* Prepare the server cert. */
   g_clear_pointer (&cert_data, g_free);
   g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
-                      &key_data, NULL, &error);
+                       &key_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (key_data);
+  g_assert_nonnull (key_data);
 
   server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                               NULL, &error,
+                                NULL, &error,
                                 "issuer", intermediate_cert,
                                 "certificate-pem", cert_data,
                                 NULL);
   g_assert_no_error (error);
-  g_assert (server_cert);
+  g_assert_nonnull (server_cert);
 
   /* Prepare the server cert... again. Private key must go on this one. */
   extra_server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                                     NULL, &error,
-                                     "issuer", server_cert,
-                                     "certificate-pem", cert_data,
-                                     "private-key-pem", key_data,
-                                     NULL);
+                                      NULL, &error,
+                                      "issuer", server_cert,
+                                      "certificate-pem", cert_data,
+                                      "private-key-pem", key_data,
+                                      NULL);
   g_assert_no_error (error);
-  g_assert (extra_server_cert);
+  g_assert_nonnull (extra_server_cert);
 
   g_object_unref (intermediate_cert);
   g_object_unref (server_cert);
@@ -703,7 +741,7 @@ test_verified_chain_with_duplicate_server_cert (TestConnection *test,
 
 static void
 test_verified_unordered_chain (TestConnection *test,
-                              gconstpointer   data)
+                               gconstpointer   data)
 {
   GTlsBackend *backend;
   GTlsCertificate *server_cert;
@@ -717,43 +755,43 @@ test_verified_unordered_chain (TestConnection *test,
 
   /* Prepare the intermediate cert (to be sent last, out of order)! */
   intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"),
-                                                      &error);
+                                                       &error);
   g_assert_no_error (error);
-  g_assert (intermediate_cert);
+  g_assert_nonnull (intermediate_cert);
 
   g_file_get_contents (tls_test_file_path ("ca.pem"), &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   /* Prepare the root cert (to be sent in the middle of the chain). */
   root_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                             NULL, &error,
+                              NULL, &error,
                               "issuer", intermediate_cert,
                               "certificate-pem", cert_data,
                               NULL);
   g_assert_no_error (error);
-  g_assert (root_cert);
+  g_assert_nonnull (root_cert);
 
   g_clear_pointer (&cert_data, g_free);
   g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
-                      &key_data, NULL, &error);
+                       &key_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (key_data);
+  g_assert_nonnull (key_data);
 
   /* Prepare the server cert. */
   server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                               NULL, &error,
+                                NULL, &error,
                                 "issuer", root_cert,
                                 "certificate-pem", cert_data,
                                 "private-key-pem", key_data,
                                 NULL);
   g_assert_no_error (error);
-  g_assert (server_cert);
+  g_assert_nonnull (server_cert);
 
   g_object_unref (intermediate_cert);
   g_object_unref (root_cert);
@@ -766,7 +804,7 @@ test_verified_unordered_chain (TestConnection *test,
 
 static void
 test_verified_chain_with_alternative_ca_cert (TestConnection *test,
-                                             gconstpointer   data)
+                                              gconstpointer   data)
 {
   GTlsBackend *backend;
   GTlsCertificate *server_cert;
@@ -784,7 +822,7 @@ test_verified_chain_with_alternative_ca_cert (TestConnection *test,
    * fail, since the issuer is untrusted. */
   root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
   g_assert_no_error (error);
-  g_assert (root_cert);
+  g_assert_nonnull (root_cert);
 
   /* Prepare the intermediate cert. Modern TLS libraries are expected to notice
    * that it is signed by the same public key as a certificate in the root
@@ -793,38 +831,38 @@ test_verified_chain_with_alternative_ca_cert (TestConnection *test,
    * have the new CA cert in the trust store yet. (In this scenario, the old
    * client still trusts the old CA cert.) */
   g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                                     NULL, &error,
-                                     "issuer", root_cert,
-                                     "certificate-pem", cert_data,
-                                     NULL);
+                                      NULL, &error,
+                                      "issuer", root_cert,
+                                      "certificate-pem", cert_data,
+                                      NULL);
   g_assert_no_error (error);
-  g_assert (intermediate_cert);
+  g_assert_nonnull (intermediate_cert);
 
   /* Prepare the server cert. */
   g_clear_pointer (&cert_data, g_free);
   g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
-                      &key_data, NULL, &error);
+                       &key_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (key_data);
+  g_assert_nonnull (key_data);
 
   server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                               NULL, &error,
+                                NULL, &error,
                                 "issuer", intermediate_cert,
                                 "certificate-pem", cert_data,
                                 "private-key-pem", key_data,
                                 NULL);
   g_assert_no_error (error);
-  g_assert (server_cert);
+  g_assert_nonnull (server_cert);
 
   g_object_unref (intermediate_cert);
   g_object_unref (root_cert);
@@ -837,7 +875,7 @@ test_verified_chain_with_alternative_ca_cert (TestConnection *test,
 
 static void
 test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
-                                            gconstpointer   data)
+                                             gconstpointer   data)
 {
   GTlsBackend *backend;
   GTlsCertificate *server_cert;
@@ -852,38 +890,38 @@ test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
   /* This certificate has the same public key as a certificate in the root store. */
   root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
   g_assert_no_error (error);
-  g_assert (root_cert);
+  g_assert_nonnull (root_cert);
 
   /* The intermediate cert is not sent. The chain should be rejected, since without intermediate.pem
    * there is no proof that ca-alternative.pem signed server-intermediate.pem. */
   g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
-                      &cert_data, NULL, &error);
+                       &cert_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (cert_data);
+  g_assert_nonnull (cert_data);
 
   g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
-                      &key_data, NULL, &error);
+                       &key_data, NULL, &error);
   g_assert_no_error (error);
-  g_assert (key_data);
+  g_assert_nonnull (key_data);
 
   server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
-                               NULL, &error,
+                                NULL, &error,
                                 "issuer", root_cert,
                                 "certificate-pem", cert_data,
                                 "private-key-pem", key_data,
                                 NULL);
   g_assert_no_error (error);
-  g_assert (server_cert);
+  g_assert_nonnull (server_cert);
 
   g_object_unref (root_cert);
   g_free (cert_data);
   g_free (key_data);
 
   test->server_certificate = server_cert;
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
@@ -892,11 +930,12 @@ test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED);
 
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
   g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
-  g_assert_no_error (test->server_error);
 }
 
 static void
@@ -905,7 +944,7 @@ on_notify_accepted_cas (GObject *obj,
                         gpointer user_data)
 {
   gboolean *changed = user_data;
-  g_assert (*changed == FALSE);
+  g_assert_false (*changed);
   *changed = TRUE;
 }
 
@@ -918,15 +957,16 @@ test_client_auth_connection (TestConnection *test,
   GTlsCertificate *cert;
   GTlsCertificate *peer;
   gboolean cas_changed;
+  GSocketClient *client;
 
   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
   g_assert_no_error (error);
-  g_assert (test->database);
+  g_assert_nonnull (test->database);
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
@@ -951,21 +991,106 @@ test_client_auth_connection (TestConnection *test,
   g_assert_no_error (test->server_error);
 
   peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
-  g_assert (peer != NULL);
-  g_assert (g_tls_certificate_is_same (peer, cert));
-  g_assert (cas_changed == TRUE);
+  g_assert_nonnull (peer);
+  g_assert_true (g_tls_certificate_is_same (peer, cert));
+  g_assert_true (cas_changed);
 
   g_object_unref (cert);
+  g_object_unref (test->client_connection);
+  g_clear_object (&test->server_connection);
+
+  /* Now start a new connection to the same server with a different client cert */
+  client = g_socket_client_new ();
+  connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+                                                     NULL, &error));
+  g_assert_no_error (error);
+  g_object_unref (client);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_assert_nonnull (test->client_connection);
+  g_object_unref (connection);
+
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                0);
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("client2-and-key.pem"), &error);
+  g_assert_no_error (error);
+  g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
+  g_object_unref (cert);
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  g_assert_no_error (test->read_error);
+  g_assert_no_error (test->server_error);
+
+  /* peer should see the second client cert */
+  peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+  g_assert_nonnull (peer);
+  g_assert_true (g_tls_certificate_is_same (peer, cert));
 }
 
 static void
 test_client_auth_rehandshake (TestConnection *test,
-                             gconstpointer   data)
+                              gconstpointer   data)
 {
+#ifdef BACKEND_IS_OPENSSL
+  g_test_skip ("the server avoids rehandshake to avoid the security problem CVE-2009-3555");
+  return;
+#endif
+
   test->rehandshake = TRUE;
   test_client_auth_connection (test, data);
 }
 
+/* In TLS 1.3 the client handshake succeeds before the client has sent
+ * its certificate to the server, so the client doesn't realize the
+ * server has rejected its certificate until it tries performing I/O.
+ * This results in different errors bubbling up to the API level. The
+ * differences are unfortunate but difficult to avoid.
+ *
+ * FIXME: This isn't good to have different API behavior depending on
+ * the version of GnuTLS in use. And how is OpenSSL supposed to deal
+ * with this?
+ */
+static gboolean
+client_can_receive_certificate_required_errors (TestConnection *test)
+{
+#ifdef BACKEND_IS_GNUTLS
+  gnutls_priority_t priority_cache;
+  int ret;
+  int i;
+  int nprotos;
+  static int max_proto = 0;
+  const guint *protos;
+
+  /* Determine whether GNUTLS_TLS1_3 is available at *runtime* (using
+   * the default priority) so that these tests work in Fedora 28, which
+   * has GnuTLS 3.6 (and therefore GNUTLS_TLS1_3) but with TLS 1.3
+   * disabled.
+   */
+  if (max_proto == 0)
+    {
+      ret = gnutls_priority_init (&priority_cache, "NORMAL", NULL);
+      g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS);
+
+      nprotos = gnutls_priority_protocol_list (priority_cache, &protos);
+
+      for (i = 0; i < nprotos && protos[i] <= GNUTLS_TLS_VERSION_MAX; i++)
+        {
+          if (protos[i] > max_proto)
+            max_proto = protos[i];
+        }
+
+      gnutls_priority_deinit (priority_cache);
+    }
+
+  return max_proto <= GNUTLS_TLS1_2;
+#else
+  return TRUE;
+#endif
+}
+
 static void
 test_client_auth_failure (TestConnection *test,
                           gconstpointer   data)
@@ -973,15 +1098,19 @@ test_client_auth_failure (TestConnection *test,
   GIOStream *connection;
   GError *error = NULL;
   gboolean accepted_changed;
+  GSocketClient *client;
+  GTlsCertificate *cert;
+  GTlsCertificate *peer;
+  GTlsInteraction *interaction;
 
   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
   g_assert_no_error (error);
-  g_assert (test->database);
+  g_assert_nonnull (test->database);
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
@@ -996,13 +1125,119 @@ test_client_auth_failure (TestConnection *test,
   g_signal_connect (test->client_connection, "notify::accepted-cas",
                     G_CALLBACK (on_notify_accepted_cas), &accepted_changed);
 
+  if (!client_can_receive_certificate_required_errors (test))
+    g_set_error_literal (&test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE, "");
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
-  g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+  /* In TLS 1.2 we'll notice that a server cert was requested. For TLS 1.3 we
+   * just get dropped, usually G_TLS_ERROR_MISC but possibly also broken pipe.
+   */
+  if (client_can_receive_certificate_required_errors (test))
+    g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+  else if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
+    g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_MISC);
   g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
 
-  g_assert (accepted_changed == TRUE);
+  g_assert_true (accepted_changed);
+
+  g_object_unref (test->client_connection);
+  g_clear_object (&test->server_connection);
+  g_clear_error (&test->expected_client_close_error);
+  g_clear_error (&test->read_error);
+  g_clear_error (&test->server_error);
+  g_clear_error (&test->expected_server_error);
+
+  /* Now start a new connection to the same server with a valid client cert;
+   * this should succeed, and not use the cached failed session from above */
+  client = g_socket_client_new ();
+  connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+                                                     NULL, &error));
+  g_assert_no_error (error);
+  g_object_unref (client);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_assert_nonnull (test->client_connection);
+  g_object_unref (connection);
+
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  /* Have the interaction return a certificate */
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+  g_assert_no_error (error);
+  interaction = mock_interaction_new_static_certificate (cert);
+  g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+  g_object_unref (interaction);
+
+  /* All validation in this test */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+  accepted_changed = FALSE;
+  g_signal_connect (test->client_connection, "notify::accepted-cas",
+                    G_CALLBACK (on_notify_accepted_cas), &accepted_changed);
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  g_assert_no_error (test->read_error);
+  g_assert_no_error (test->server_error);
+
+  peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+  g_assert_nonnull (peer);
+  g_assert_true (g_tls_certificate_is_same (peer, cert));
+  g_assert_true (accepted_changed);
+
+  g_object_unref (cert);
+}
+
+static void
+test_client_auth_fail_missing_client_private_key (TestConnection *test,
+                                                  gconstpointer   data)
+{
+  GTlsCertificate *cert;
+  GIOStream *connection;
+  GError *error = NULL;
+
+#ifdef BACKEND_IS_OPENSSL
+  g_test_skip("this new test does not work with openssl, more research needed");
+  return;
+#endif
+
+  g_test_bug ("793712");
+
+  test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+  g_assert_no_error (error);
+  g_assert_nonnull (test->database);
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_assert_nonnull (test->client_connection);
+  g_object_unref (connection);
+
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  /* Oops: we "accidentally" set client.pem rather than client-and-key.pem. The
+   * connection will fail, but we should not crash.
+   */
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
+  g_assert_no_error (error);
+
+  g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
+
+  /* All validation in this test */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
 }
 
 static void
@@ -1018,12 +1253,12 @@ test_client_auth_request_cert (TestConnection *test,
 
   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
   g_assert_no_error (error);
-  g_assert (test->database);
+  g_assert_nonnull (test->database);
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
@@ -1050,9 +1285,9 @@ test_client_auth_request_cert (TestConnection *test,
   g_assert_no_error (test->server_error);
 
   peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
-  g_assert (peer != NULL);
-  g_assert (g_tls_certificate_is_same (peer, cert));
-  g_assert (cas_changed == TRUE);
+  g_assert_nonnull (peer);
+  g_assert_true (g_tls_certificate_is_same (peer, cert));
+  g_assert_true (cas_changed);
 
   g_object_unref (cert);
 }
@@ -1067,12 +1302,12 @@ test_client_auth_request_fail (TestConnection *test,
 
   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
   g_assert_no_error (error);
-  g_assert (test->database);
+  g_assert_nonnull (test->database);
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
@@ -1086,10 +1321,18 @@ test_client_auth_request_fail (TestConnection *test,
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 G_TLS_CERTIFICATE_VALIDATE_ALL);
 
+  if (!client_can_receive_certificate_required_errors (test))
+    g_set_error_literal (&test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE, "");
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, "");
+
   read_test_data_async (test);
   g_main_loop_run (test->loop);
 
-  g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
+  /* FIXME: G_FILE_ERROR_ACCES is not a very great error to get here. */
+  if (client_can_receive_certificate_required_errors (test))
+    g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
+  else if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
+    g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_MISC);
 
   g_io_stream_close (test->server_connection, NULL, NULL);
   g_io_stream_close (test->client_connection, NULL, NULL);
@@ -1102,10 +1345,10 @@ test_connection_no_database (TestConnection *test,
   GIOStream *connection;
   GError *error = NULL;
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
-  g_assert (test->client_connection);
+  g_assert_nonnull (test->client_connection);
   g_object_unref (connection);
 
   /* Overrides loading of the default database */
@@ -1128,14 +1371,14 @@ test_connection_no_database (TestConnection *test,
 
 static void
 handshake_failed_cb (GObject      *source,
-                    GAsyncResult *result,
-                    gpointer      user_data)
+                     GAsyncResult *result,
+                     gpointer      user_data)
 {
   TestConnection *test = user_data;
   GError *error = NULL;
 
   g_tls_connection_handshake_finish (G_TLS_CONNECTION (test->client_connection),
-                                    result, &error);
+                                     result, &error);
   g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
   g_clear_error (&error);
 
@@ -1144,13 +1387,13 @@ handshake_failed_cb (GObject      *source,
 
 static void
 test_failed_connection (TestConnection *test,
-                       gconstpointer   data)
+                        gconstpointer   data)
 {
   GIOStream *connection;
   GError *error = NULL;
   GSocketConnectable *bad_addr;
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
 
   bad_addr = g_network_address_new ("wrong.example.com", 80);
   test->client_connection = g_tls_client_connection_new (connection, bad_addr, &error);
@@ -1158,9 +1401,11 @@ test_failed_connection (TestConnection *test,
   g_assert_no_error (error);
   g_object_unref (connection);
 
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
-                                   G_PRIORITY_DEFAULT, NULL,
-                                   handshake_failed_cb, test);
+                                    G_PRIORITY_DEFAULT, NULL,
+                                    handshake_failed_cb, test);
   g_main_loop_run (test->loop);
 
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
@@ -1170,20 +1415,19 @@ test_failed_connection (TestConnection *test,
   g_main_loop_run (test->loop);
 
   g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
-  g_assert_no_error (test->server_error);
 }
 
 static void
 socket_client_connected (GObject      *source,
-                        GAsyncResult *result,
-                        gpointer      user_data)
+                         GAsyncResult *result,
+                         gpointer      user_data)
 {
   TestConnection *test = user_data;
   GSocketConnection *connection;
   GError *error = NULL;
 
   connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
-                                              result, &error);
+                                               result, &error);
   g_assert_no_error (error);
   test->client_connection = G_IO_STREAM (connection);
 
@@ -1192,7 +1436,7 @@ socket_client_connected (GObject      *source,
 
 static void
 test_connection_socket_client (TestConnection *test,
-                              gconstpointer   data)
+                               gconstpointer   data)
 {
   GSocketClient *client;
   GTlsCertificateFlags flags;
@@ -1209,15 +1453,15 @@ test_connection_socket_client (TestConnection *test,
   g_socket_client_set_tls_validation_flags (client, flags);
 
   g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
-                                NULL, socket_client_connected, test);
+                                 NULL, socket_client_connected, test);
   g_main_loop_run (test->loop);
 
   connection = (GSocketConnection *)test->client_connection;
   test->client_connection = NULL;
 
-  g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection));
+  g_assert_true (G_IS_TCP_WRAPPER_CONNECTION (connection));
   base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection));
-  g_assert (G_IS_TLS_CONNECTION (base));
+  g_assert_true (G_IS_TLS_CONNECTION (base));
 
   g_io_stream_close (G_IO_STREAM (connection), NULL, &error);
   g_assert_no_error (error);
@@ -1228,14 +1472,14 @@ test_connection_socket_client (TestConnection *test,
 
 static void
 socket_client_failed (GObject      *source,
-                     GAsyncResult *result,
-                     gpointer      user_data)
+                      GAsyncResult *result,
+                      gpointer      user_data)
 {
   TestConnection *test = user_data;
   GError *error = NULL;
 
   g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
-                                 result, &error);
+                                  result, &error);
   g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
   g_clear_error (&error);
 
@@ -1244,7 +1488,7 @@ socket_client_failed (GObject      *source,
 
 static void
 test_connection_socket_client_failed (TestConnection *test,
-                                     gconstpointer   data)
+                                      gconstpointer   data)
 {
   GSocketClient *client;
 
@@ -1253,8 +1497,10 @@ test_connection_socket_client_failed (TestConnection *test,
   g_socket_client_set_tls (client, TRUE);
   /* this time we don't adjust the validation flags */
 
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
   g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
-                                NULL, socket_client_failed, test);
+                                 NULL, socket_client_failed, test);
   g_main_loop_run (test->loop);
 
   g_object_unref (client);
@@ -1274,7 +1520,7 @@ socket_client_timed_out_write (GObject      *source,
   gssize size;
 
   connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
-                                              result, &error);
+                                               result, &error);
   g_assert_no_error (error);
   test->client_connection = G_IO_STREAM (connection);
 
@@ -1325,7 +1571,7 @@ test_connection_read_time_out_write (TestConnection *test,
   g_socket_client_set_tls_validation_flags (client, flags);
 
   g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
-                                NULL, socket_client_timed_out_write, test);
+                                 NULL, socket_client_timed_out_write, test);
 
   g_main_loop_run (test->loop);
 
@@ -1335,9 +1581,9 @@ test_connection_read_time_out_write (TestConnection *test,
   connection = (GSocketConnection *)test->client_connection;
   test->client_connection = NULL;
 
-  g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection));
+  g_assert_true (G_IS_TCP_WRAPPER_CONNECTION (connection));
   base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection));
-  g_assert (G_IS_TLS_CONNECTION (base));
+  g_assert_true (G_IS_TLS_CONNECTION (base));
 
   g_io_stream_close (G_IO_STREAM (connection), NULL, &error);
   g_assert_no_error (error);
@@ -1348,15 +1594,15 @@ test_connection_read_time_out_write (TestConnection *test,
 
 static void
 simul_async_read_complete (GObject      *object,
-                          GAsyncResult *result,
-                          gpointer      user_data)
+                           GAsyncResult *result,
+                           gpointer      user_data)
 {
   TestConnection *test = user_data;
   gssize nread;
   GError *error = NULL;
 
   nread = g_input_stream_read_finish (G_INPUT_STREAM (object),
-                                     result, &error);
+                                      result, &error);
   g_assert_no_error (error);
 
   test->nread += nread;
@@ -1371,40 +1617,40 @@ simul_async_read_complete (GObject      *object,
   else
     {
       g_input_stream_read_async (G_INPUT_STREAM (object),
-                                test->buf + test->nread,
-                                TEST_DATA_LENGTH / 2,
-                                G_PRIORITY_DEFAULT, NULL,
-                                simul_async_read_complete, test);
+                                 test->buf + test->nread,
+                                 TEST_DATA_LENGTH / 2,
+                                 G_PRIORITY_DEFAULT, NULL,
+                                 simul_async_read_complete, test);
     }
 }
 
 static void
 simul_async_write_complete (GObject      *object,
-                           GAsyncResult *result,
-                           gpointer      user_data)
+                            GAsyncResult *result,
+                            gpointer      user_data)
 {
   TestConnection *test = user_data;
   gssize nwrote;
   GError *error = NULL;
 
   nwrote = g_output_stream_write_finish (G_OUTPUT_STREAM (object),
-                                        result, &error);
+                                         result, &error);
   g_assert_no_error (error);
 
   test->nwrote += nwrote;
   if (test->nwrote < TEST_DATA_LENGTH)
     {
       g_output_stream_write_async (G_OUTPUT_STREAM (object),
-                                  TEST_DATA + test->nwrote,
-                                  TEST_DATA_LENGTH - test->nwrote,
-                                  G_PRIORITY_DEFAULT, NULL,
-                                  simul_async_write_complete, test);
+                                   TEST_DATA + test->nwrote,
+                                   TEST_DATA_LENGTH - test->nwrote,
+                                   G_PRIORITY_DEFAULT, NULL,
+                                   simul_async_write_complete, test);
     }
 }
 
 static void
 test_simultaneous_async (TestConnection *test,
-                        gconstpointer   data)
+                         gconstpointer   data)
 {
   GIOStream *connection;
   GTlsCertificateFlags flags;
@@ -1424,13 +1670,13 @@ test_simultaneous_async (TestConnection *test,
   test->nread = test->nwrote = 0;
 
   g_input_stream_read_async (g_io_stream_get_input_stream (test->client_connection),
-                            test->buf, TEST_DATA_LENGTH / 2,
-                            G_PRIORITY_DEFAULT, NULL,
-                            simul_async_read_complete, test);
+                             test->buf, TEST_DATA_LENGTH / 2,
+                             G_PRIORITY_DEFAULT, NULL,
+                             simul_async_read_complete, test);
   g_output_stream_write_async (g_io_stream_get_output_stream (test->client_connection),
-                              TEST_DATA, TEST_DATA_LENGTH / 2,
-                              G_PRIORITY_DEFAULT, NULL,
-                              simul_async_write_complete, test);
+                               TEST_DATA, TEST_DATA_LENGTH / 2,
+                               G_PRIORITY_DEFAULT, NULL,
+                               simul_async_write_complete, test);
 
   g_main_loop_run (test->loop);
 
@@ -1439,28 +1685,31 @@ test_simultaneous_async (TestConnection *test,
   g_assert_cmpstr (test->buf, ==, TEST_DATA);
 }
 
+#ifdef BACKEND_IS_GNUTLS
 static gboolean
 check_gnutls_has_rehandshaking_bug (void)
 {
   const char *version = gnutls_check_version (NULL);
 
-  return (!strcmp (version, "3.1.27") ||
-         !strcmp (version, "3.1.28") ||
-         !strcmp (version, "3.2.19") ||
-         !strcmp (version, "3.3.8") ||
-         !strcmp (version, "3.3.9") ||
-          !strcmp (version, "3.3.10"));
+  return !strcmp (version, "3.6.1") ||
+         !strcmp (version, "3.6.2");
 }
+#endif
 
 static void
 test_simultaneous_async_rehandshake (TestConnection *test,
-                                    gconstpointer   data)
+                                     gconstpointer   data)
 {
+#ifdef BACKEND_IS_OPENSSL
+  g_test_skip ("this needs more research on openssl");
+  return;
+#elif defined(BACKEND_IS_GNUTLS)
   if (check_gnutls_has_rehandshaking_bug ())
     {
-      g_test_skip ("test would fail due to gnutls bug 108690");
+      g_test_skip ("test would fail due to https://gitlab.com/gnutls/gnutls/issues/426");
       return;
     }
+#endif
 
   test->rehandshake = TRUE;
   test_simultaneous_async (test, data);
@@ -1477,9 +1726,9 @@ simul_read_thread (gpointer user_data)
   while (test->nread < TEST_DATA_LENGTH)
     {
       nread = g_input_stream_read (istream,
-                                  test->buf + test->nread,
-                                  MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nread),
-                                  NULL, &error);
+                                   test->buf + test->nread,
+                                   MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nread),
+                                   NULL, &error);
       g_assert_no_error (error);
 
       test->nread += nread;
@@ -1499,9 +1748,9 @@ simul_write_thread (gpointer user_data)
   while (test->nwrote < TEST_DATA_LENGTH)
     {
       nwrote = g_output_stream_write (ostream,
-                                     TEST_DATA + test->nwrote,
-                                     MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nwrote),
-                                     NULL, &error);
+                                      TEST_DATA + test->nwrote,
+                                      MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nwrote),
+                                      NULL, &error);
       g_assert_no_error (error);
 
       test->nwrote += nwrote;
@@ -1512,7 +1761,7 @@ simul_write_thread (gpointer user_data)
 
 static void
 test_simultaneous_sync (TestConnection *test,
-                       gconstpointer   data)
+                        gconstpointer   data)
 {
   GIOStream *connection;
   GTlsCertificateFlags flags;
@@ -1554,13 +1803,18 @@ test_simultaneous_sync (TestConnection *test,
 
 static void
 test_simultaneous_sync_rehandshake (TestConnection *test,
-                                   gconstpointer   data)
+                                    gconstpointer   data)
 {
+#ifdef BACKEND_IS_OPENSSL
+  g_test_skip ("this needs more research on openssl");
+  return;
+#elif defined(BACKEND_IS_GNUTLS)
   if (check_gnutls_has_rehandshaking_bug ())
     {
-      g_test_skip ("test would fail due to gnutls bug 108690");
+      g_test_skip ("test would fail due to https://gitlab.com/gnutls/gnutls/issues/426");
       return;
     }
+#endif
 
   test->rehandshake = TRUE;
   test_simultaneous_sync (test, data);
@@ -1573,7 +1827,7 @@ test_close_immediately (TestConnection *test,
   GIOStream *connection;
   GError *error = NULL;
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
   g_object_unref (connection);
@@ -1586,189 +1840,6 @@ test_close_immediately (TestConnection *test,
   g_assert_no_error (error);
 }
 
-static void
-quit_loop_on_notify (GObject *obj,
-                    GParamSpec *spec,
-                    gpointer user_data)
-{
-  GMainLoop *loop = user_data;
-
-  g_main_loop_quit (loop);
-}
-
-static void
-handshake_completed (GObject      *object,
-                    GAsyncResult *result,
-                    gpointer      user_data)
-{
-  gboolean *complete = user_data;
-
-  *complete = TRUE;
-  return;
-}
-
-static void
-test_close_during_handshake (TestConnection *test,
-                            gconstpointer   data)
-{
-  GIOStream *connection;
-  GError *error = NULL;
-  GMainContext *context;
-  GMainLoop *loop;
-  gboolean handshake_complete = FALSE;
-
-  g_test_bug ("688751");
-
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
-  test->expect_server_error = TRUE;
-  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
-  g_assert_no_error (error);
-  g_object_unref (connection);
-
-  loop = g_main_loop_new (NULL, FALSE);
-  g_signal_connect (test->client_connection, "notify::accepted-cas",
-                    G_CALLBACK (quit_loop_on_notify), loop);
-
-  context = g_main_context_new ();
-  g_main_context_push_thread_default (context);
-  g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
-                                   G_PRIORITY_DEFAULT, NULL,
-                                   handshake_completed, &handshake_complete);
-  g_main_context_pop_thread_default (context);
-
-  /* Now run the (default GMainContext) loop, which is needed for
-   * the server side of things. The client-side handshake will run in
-   * a thread, but its callback will never be invoked because its
-   * context isn't running.
-   */
-  g_main_loop_run (loop);
-  g_main_loop_unref (loop);
-
-  /* At this point handshake_thread() has started (and maybe
-   * finished), but handshake_thread_completed() (and thus
-   * finish_handshake()) has not yet run. Make sure close doesn't
-   * block.
-   */
-  g_io_stream_close (test->client_connection, NULL, &error);
-  g_assert_no_error (error);
-
-  /* We have to let the handshake_async() call finish now, or
-   * teardown_connection() will assert.
-   */
-  while (!handshake_complete)
-    g_main_context_iteration (context, TRUE);
-  g_main_context_unref (context);
-}
-
-static void
-test_output_stream_close_during_handshake (TestConnection *test,
-                                           gconstpointer   data)
-{
-  GIOStream *connection;
-  GError *error = NULL;
-  GMainContext *context;
-  GMainLoop *loop;
-  gboolean handshake_complete = FALSE;
-
-  g_test_bug ("688751");
-
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
-  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
-  g_assert_no_error (error);
-  g_object_unref (connection);
-
-  loop = g_main_loop_new (NULL, FALSE);
-  g_signal_connect (test->client_connection, "notify::accepted-cas",
-                    G_CALLBACK (quit_loop_on_notify), loop);
-
-  context = g_main_context_new ();
-  g_main_context_push_thread_default (context);
-  g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
-                                   G_PRIORITY_DEFAULT, NULL,
-                                   handshake_completed, &handshake_complete);
-  g_main_context_pop_thread_default (context);
-
-  /* Now run the (default GMainContext) loop, which is needed for
-   * the server side of things. The client-side handshake will run in
-   * a thread, but its callback will never be invoked because its
-   * context isn't running.
-   */
-  g_main_loop_run (loop);
-  g_main_loop_unref (loop);
-
-  /* At this point handshake_thread() has started (and maybe
-   * finished), but handshake_thread_completed() (and thus
-   * finish_handshake()) has not yet run. Make sure close doesn't
-   * block.
-   */
-  g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), NULL, &error);
-  g_assert_no_error (error);
-
-  /* We have to let the handshake_async() call finish now, or
-   * teardown_connection() will assert.
-   */
-  while (!handshake_complete)
-    g_main_context_iteration (context, TRUE);
-  g_main_context_unref (context);
-}
-
-
-static void
-test_write_during_handshake (TestConnection *test,
-                           gconstpointer   data)
-{
-  GIOStream *connection;
-  GError *error = NULL;
-  GMainContext *context;
-  GMainLoop *loop;
-  GOutputStream *ostream;
-  gboolean handshake_complete = FALSE;
-
-  g_test_bug ("697754");
-
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
-  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
-  g_assert_no_error (error);
-  g_object_unref (connection);
-
-  loop = g_main_loop_new (NULL, FALSE);
-  g_signal_connect (test->client_connection, "notify::accepted-cas",
-                    G_CALLBACK (quit_loop_on_notify), loop);
-
-  context = g_main_context_new ();
-  g_main_context_push_thread_default (context);
-  g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
-                                   G_PRIORITY_DEFAULT, NULL,
-                                   handshake_completed, &handshake_complete);
-  g_main_context_pop_thread_default (context);
-
-  /* Now run the (default GMainContext) loop, which is needed for
-   * the server side of things. The client-side handshake will run in
-   * a thread, but its callback will never be invoked because its
-   * context isn't running.
-   */
-  g_main_loop_run (loop);
-  g_main_loop_unref (loop);
-
-  /* At this point handshake_thread() has started (and maybe
-   * finished), but handshake_thread_completed() (and thus
-   * finish_handshake()) has not yet run. Make sure close doesn't
-   * block.
-   */
-
-  ostream = g_io_stream_get_output_stream (test->client_connection);
-  g_output_stream_write (ostream, TEST_DATA, TEST_DATA_LENGTH,
-                        G_PRIORITY_DEFAULT, &error);
-  g_assert_no_error (error);
-
-  /* We have to let the handshake_async() call finish now, or
-   * teardown_connection() will assert.
-   */
-  while (!handshake_complete)
-    g_main_context_iteration (context, TRUE);
-  g_main_context_unref (context);
-}
-
 static gboolean
 async_implicit_handshake_dispatch (GPollableInputStream *stream,
                                    gpointer user_data)
@@ -1811,7 +1882,7 @@ test_async_implicit_handshake (TestConnection *test, gconstpointer   data)
 
   g_test_bug ("710691");
 
-  stream = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  stream = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (stream, test->identity, &error);
   g_assert_no_error (error);
   g_object_unref (stream);
@@ -1848,43 +1919,34 @@ test_async_implicit_handshake (TestConnection *test, gconstpointer   data)
 
 static void
 quit_on_handshake_complete (GObject      *object,
-                           GAsyncResult *result,
-                           gpointer      user_data)
+                            GAsyncResult *result,
+                            gpointer      user_data)
 {
   TestConnection *test = user_data;
   GError *error = NULL;
 
   g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error);
-  g_assert_no_error (error);
+  g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+  g_error_free (error);
 
   g_main_loop_quit (test->loop);
   return;
 }
 
-#define PRIORITY_SSL_FALLBACK "NORMAL:+VERS-SSL3.0"
-#define PRIORITY_TLS_FALLBACK "NORMAL:+VERS-TLS-ALL:-VERS-SSL3.0"
-
-static void
-test_fallback (gconstpointer data)
-{
-  const char *priority_string = (const char *) data;
-  char *test_name;
-
-  test_name = g_strdup_printf ("/tls/connection/fallback/subprocess/%s", priority_string);
-  g_test_trap_subprocess (test_name, 0, 0);
-  g_test_trap_assert_passed ();
-  g_free (test_name);
-}
-
 static void
-test_fallback_subprocess (TestConnection *test,
-                         gconstpointer   data)
+test_fallback (TestConnection *test,
+               gconstpointer   data)
 {
   GIOStream *connection;
   GTlsConnection *tlsconn;
   GError *error = NULL;
 
-  connection = start_echo_server_and_connect_to_it (test);
+#ifdef BACKEND_IS_OPENSSL
+  g_test_skip ("this needs more research on openssl");
+  return;
+#endif
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
   g_assert_no_error (error);
   tlsconn = G_TLS_CONNECTION (test->client_connection);
@@ -1892,14 +1954,27 @@ test_fallback_subprocess (TestConnection *test,
 
   g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
                                                 0);
+#if defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
   g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection),
-                                       TRUE);
+                                        TRUE);
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
+
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_INAPPROPRIATE_FALLBACK, "");
+#else
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_MISC, "");
+#endif
+
   g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL,
-                                   quit_on_handshake_complete, test);
+                                    quit_on_handshake_complete, test);
   g_main_loop_run (test->loop);
 
-  /* In 2.42 we don't have the API to test that the correct version was negotiated,
-   * so we merely test that the connection succeeded at all.
+  /* The server should detect a protocol downgrade attack and terminate the connection.
    */
 
   g_io_stream_close (test->client_connection, NULL, &error);
@@ -1907,6 +1982,17 @@ test_fallback_subprocess (TestConnection *test,
 }
 
 static void
+handshake_completed (GObject      *object,
+                     GAsyncResult *result,
+                     gpointer      user_data)
+{
+  gboolean *complete = user_data;
+
+  *complete = TRUE;
+  return;
+}
+
+static void
 test_output_stream_close (TestConnection *test,
                           gconstpointer   data)
 {
@@ -1916,7 +2002,7 @@ test_output_stream_close (TestConnection *test,
   gboolean handshake_complete = FALSE;
   gssize size;
 
-  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
   test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
   g_assert_no_error (error);
   g_object_unref (connection);
@@ -1933,20 +2019,19 @@ test_output_stream_close (TestConnection *test,
     g_main_context_iteration (NULL, TRUE);
 
   ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
-      NULL, &error);
+                               NULL, &error);
   g_assert_no_error (error);
-  g_assert (ret);
-
+  g_assert_true (ret);
 
   /* Verify that double close returns TRUE */
   ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
-      NULL, &error);
+                               NULL, &error);
   g_assert_no_error (error);
-  g_assert (ret);
+  g_assert_true (ret);
 
   size = g_output_stream_write (g_io_stream_get_output_stream (test->client_connection),
                                 "data", 4, NULL, &error);
-  g_assert (size == -1);
+  g_assert_cmpint (size, ==, -1);
   g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED);
   g_clear_error (&error);
 
@@ -1961,63 +2046,262 @@ test_output_stream_close (TestConnection *test,
 
   ret = g_io_stream_close (test->client_connection, NULL, &error);
   g_assert_no_error (error);
-  g_assert (ret);
+  g_assert_true (ret);
 }
 
-int
-main (int   argc,
-      char *argv[])
+static void
+test_garbage_database (TestConnection *test,
+                       gconstpointer   data)
 {
-  int ret;
-  int i;
+  GIOStream *connection;
+  GError *error = NULL;
+
+  test->database = g_tls_file_database_new (tls_test_file_path ("garbage.pem"), &error);
+  g_assert_no_error (error);
+  g_assert_nonnull (test->database);
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_assert_nonnull (test->client_connection);
+  g_object_unref (connection);
+
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  /* All validation in this test */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+  g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  /* Should reject the server's certificate, because our TLS database contains
+   * no valid certificates.
+   */
+  g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+}
+
+static void
+test_readwrite_after_connection_destroyed (TestConnection *test,
+                                           gconstpointer   data)
+{
+  GIOStream *connection;
+  GOutputStream *ostream;
+  GInputStream *istream;
+  unsigned char buffer[1];
+  GError *error = NULL;
+
+  g_test_bug ("792219");
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_object_unref (connection);
 
-  /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY
-   * appropriately if so.
+  istream = g_object_ref (g_io_stream_get_input_stream (test->client_connection));
+  ostream = g_object_ref (g_io_stream_get_output_stream (test->client_connection));
+  g_clear_object (&test->client_connection);
+
+  /* The GTlsConnection has been destroyed, but its underlying streams
+   * live on, because we have reffed them. Verify that attempts to read
+   * and write produce only nice GErrors.
    */
-  for (i = 1; i < argc - 1; i++)
+  g_input_stream_read (istream, buffer, sizeof (buffer), NULL, &error);
+  g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED);
+  g_clear_error (&error);
+
+  g_output_stream_write (ostream, TEST_DATA, TEST_DATA_LENGTH,
+                         G_PRIORITY_DEFAULT, &error);
+  g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED);
+  g_clear_error (&error);
+
+  g_input_stream_close (istream, NULL, &error);
+  g_assert_no_error (error);
+
+  g_output_stream_close (ostream, NULL, &error);
+  g_assert_no_error (error);
+
+  g_object_unref (istream);
+  g_object_unref (ostream);
+}
+
+static void
+test_alpn (TestConnection *test,
+           const char * const *client_protocols,
+           const char * const *server_protocols,
+           const char *negotiated_protocol)
+{
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  GIOStream *connection;
+  GError *error = NULL;
+
+  test->server_protocols = server_protocols;
+
+  test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+  g_assert_no_error (error);
+  g_assert (test->database);
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_object_unref (connection);
+
+  if (client_protocols)
     {
-      if (!strcmp (argv[i], "-p"))
-       {
-         const char *priority = argv[i + 1];
-
-         priority = strrchr (priority, '/');
-         if (priority++ &&
-             (g_str_has_prefix (priority, "NORMAL:") ||
-              g_str_has_prefix (priority, "NONE:")))
-           g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE);
-         break;
-       }
+      g_tls_connection_set_advertised_protocols (G_TLS_CONNECTION (test->client_connection),
+                                                 client_protocols);
     }
 
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  g_assert_no_error (test->read_error);
+  g_assert_no_error (test->server_error);
+
+  g_assert_cmpstr (g_tls_connection_get_negotiated_protocol (G_TLS_CONNECTION (test->server_connection)), ==, negotiated_protocol);
+  g_assert_cmpstr (g_tls_connection_get_negotiated_protocol (G_TLS_CONNECTION (test->client_connection)), ==, negotiated_protocol);
+#else
+  g_test_skip ("no support for ALPN in this GLib version");
+#endif
+}
+
+static void
+test_alpn_match (TestConnection *test,
+                 gconstpointer   data)
+{
+  const char * const client_protocols[] = { "one", "two", "three", NULL };
+  const char * const server_protocols[] = { "four", "seven", "nine", "two", NULL };
+
+  test_alpn (test, client_protocols, server_protocols, "two");
+}
+
+static void
+test_alpn_no_match (TestConnection *test,
+                    gconstpointer   data)
+{
+  const char * const client_protocols[] = { "one", "two", "three", NULL };
+  const char * const server_protocols[] = { "four", "seven", "nine", NULL };
+
+  test_alpn (test, client_protocols, server_protocols, NULL);
+}
+
+static void
+test_alpn_client_only (TestConnection *test,
+                       gconstpointer   data)
+{
+  const char * const client_protocols[] = { "one", "two", "three", NULL };
+
+  test_alpn (test, client_protocols, NULL, NULL);
+}
+
+static void
+test_alpn_server_only (TestConnection *test,
+                       gconstpointer   data)
+{
+  const char * const server_protocols[] = { "four", "seven", "nine", "two", NULL };
+
+  test_alpn (test, NULL, server_protocols, NULL);
+}
+
+static gboolean
+on_accept_certificate_with_sync_close (GTlsClientConnection *conn,
+                                       GTlsCertificate      *cert,
+                                       GTlsCertificateFlags  errors,
+                                       gpointer              user_data)
+{
+  GError *error = NULL;
+
+  /* Attempting to perform a sync operation that would block the
+   * handshake should fail, not deadlock.
+   */
+  g_io_stream_close (G_IO_STREAM (conn), NULL, &error);
+  g_assert_error (error, G_IO_ERROR, G_IO_ERROR_FAILED);
+  g_error_free (error);
+
+  /* FIXME: When writing this test, I initially wanted to return FALSE
+   * here to reject the connection. However, this surfaces a bug that I
+   * have not fixed yet. The problem is the server is not seeing the end
+   * of its g_output_stream_write() when the client fails the handshake.
+   * No good. The server's implicit handshake failure should trigger a
+   * write failure as well, instead of stalling. This needs to be fixed.
+   *
+   * Fixing this would allow us to guarantee that this callback is
+   * actually executed by checking test->read_error at the bottom of
+   * test_sync_op_during_handshake(). Currently, this test would still
+   * pass even if this callback were to be improperly skipped.
+   */
+  return TRUE;
+}
+
+static void
+test_sync_op_during_handshake (TestConnection *test,
+                               gconstpointer   data)
+{
+  GIOStream *connection;
+  GError *error = NULL;
+
+  connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+  test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_object_unref (connection);
+
+  /* For this test, we need validation to fail to ensure that the
+   * accept-certificate signal gets emitted.
+   */
+  g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+                                                G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+  g_signal_connect (test->client_connection, "accept-certificate",
+                    G_CALLBACK (on_accept_certificate_with_sync_close), test);
+
+  read_test_data_async (test);
+  g_main_loop_run (test->loop);
+
+  g_assert_no_error (test->read_error);
+  g_assert_no_error (test->server_error);
+}
+
+int
+main (int   argc,
+      char *argv[])
+{
+  int ret;
+
   g_test_init (&argc, &argv, NULL);
   g_test_bug_base ("http://bugzilla.gnome.org/");
 
   g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
-  g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE);
-  g_setenv ("GIO_USE_TLS", "gnutls", TRUE);
+  g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+  g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
 
   g_test_add ("/tls/connection/basic", TestConnection, NULL,
               setup_connection, test_basic_connection, teardown_connection);
   g_test_add ("/tls/connection/verified", TestConnection, NULL,
               setup_connection, test_verified_connection, teardown_connection);
   g_test_add ("/tls/connection/verified-chain", TestConnection, NULL,
-             setup_connection, test_verified_chain, teardown_connection);
+              setup_connection, test_verified_chain, teardown_connection);
   g_test_add ("/tls/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL,
-             setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection);
+              setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection);
   g_test_add ("/tls/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL,
-             setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection);
+              setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection);
   g_test_add ("/tls/connection/verified-unordered-chain", TestConnection, NULL,
-             setup_connection, test_verified_unordered_chain, teardown_connection);
+              setup_connection, test_verified_unordered_chain, teardown_connection);
   g_test_add ("/tls/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL,
-             setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection);
+              setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection);
   g_test_add ("/tls/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL,
-             setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection);
+              setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection);
   g_test_add ("/tls/connection/client-auth", TestConnection, NULL,
               setup_connection, test_client_auth_connection, teardown_connection);
   g_test_add ("/tls/connection/client-auth-rehandshake", TestConnection, NULL,
               setup_connection, test_client_auth_rehandshake, teardown_connection);
   g_test_add ("/tls/connection/client-auth-failure", TestConnection, NULL,
               setup_connection, test_client_auth_failure, teardown_connection);
+  g_test_add ("/tls/connection/client-auth-fail-missing-client-private-key", TestConnection, NULL,
+              setup_connection, test_client_auth_fail_missing_client_private_key, teardown_connection);
   g_test_add ("/tls/connection/client-auth-request-cert", TestConnection, NULL,
               setup_connection, test_client_auth_request_cert, teardown_connection);
   g_test_add ("/tls/connection/client-auth-request-fail", TestConnection, NULL,
@@ -2042,27 +2326,28 @@ main (int   argc,
               setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
   g_test_add ("/tls/connection/close-immediately", TestConnection, NULL,
               setup_connection, test_close_immediately, teardown_connection);
-  g_test_add ("/tls/connection/close-during-handshake", TestConnection, NULL,
-              setup_connection, test_close_during_handshake, teardown_connection);
-  g_test_add ("/tls/connection/close-output-stream-during-handshake", TestConnection, NULL,
-              setup_connection, test_output_stream_close_during_handshake, teardown_connection);
-  g_test_add ("/tls/connection/write-during-handshake", TestConnection, NULL,
-              setup_connection, test_write_during_handshake, teardown_connection);
   g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL,
               setup_connection, test_async_implicit_handshake, teardown_connection);
   g_test_add ("/tls/connection/output-stream-close", TestConnection, NULL,
               setup_connection, test_output_stream_close, teardown_connection);
-
-  g_test_add_data_func ("/tls/connection/fallback/SSL", PRIORITY_SSL_FALLBACK, test_fallback);
-  g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_SSL_FALLBACK,
-             TestConnection, NULL,
-              setup_connection, test_fallback_subprocess, teardown_connection);
-  g_test_add_data_func ("/tls/connection/fallback/TLS", PRIORITY_TLS_FALLBACK, test_fallback);
-  g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_TLS_FALLBACK,
-             TestConnection, NULL,
-              setup_connection, test_fallback_subprocess, teardown_connection);
-
-  ret = g_test_run();
+  g_test_add ("/tls/connection/fallback", TestConnection, NULL,
+              setup_connection, test_fallback, teardown_connection);
+  g_test_add ("/tls/connection/garbage-database", TestConnection, NULL,
+              setup_connection, test_garbage_database, teardown_connection);
+  g_test_add ("/tls/connection/readwrite-after-connection-destroyed", TestConnection, NULL,
+              setup_connection, test_readwrite_after_connection_destroyed, teardown_connection);
+  g_test_add ("/tls/connection/alpn/match", TestConnection, NULL,
+              setup_connection, test_alpn_match, teardown_connection);
+  g_test_add ("/tls/connection/alpn/no-match", TestConnection, NULL,
+              setup_connection, test_alpn_no_match, teardown_connection);
+  g_test_add ("/tls/connection/alpn/client-only", TestConnection, NULL,
+              setup_connection, test_alpn_client_only, teardown_connection);
+  g_test_add ("/tls/connection/alpn/server-only", TestConnection, NULL,
+              setup_connection, test_alpn_server_only, teardown_connection);
+  g_test_add ("/tls/connection/sync-op-during-handshake", TestConnection, NULL,
+              setup_connection, test_sync_op_during_handshake, teardown_connection);
+
+  ret = g_test_run ();
 
   /* for valgrinding */
   g_main_context_unref (g_main_context_default ());

diff --git a/tls/tests/dtls-connection.c b/tls/tests/dtls-connection.c
new file mode 100644 (file)
index 0000000..1304d96
--- /dev/null
+++ b/tls/tests/dtls-connection.c
@@ -0,0 +1,917 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO TLS tests
+ *
+ * Copyright 2011, 2015, 2016 Collabora, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
+ * Author: Stef Walter <stefw@collabora.co.uk>
+ *         Philip Withnall <philip.withnall@collabora.co.uk>
+ */
+
+#include "config.h"
+
+#include "mock-interaction.h"
+
+#include <gio/gio.h>
+#include <gnutls/gnutls.h>
+
+#include <sys/types.h>
+#include <string.h>
+
+static const gchar *
+tls_test_file_path (const char *name)
+{
+  const gchar *const_path;
+  gchar *path;
+
+  path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+  if (!g_path_is_absolute (path))
+    {
+      gchar *cwd, *abs;
+
+      cwd = g_get_current_dir ();
+      abs = g_build_filename (cwd, path, NULL);
+      g_free (cwd);
+      g_free (path);
+      path = abs;
+    }
+
+  const_path = g_intern_string (path);
+  g_free (path);
+  return const_path;
+}
+
+#define TEST_DATA "You win again, gravity!\n"
+#define TEST_DATA_LENGTH 24
+
+/* Static test parameters. */
+typedef struct {
+  gint64 server_timeout;  /* microseconds */
+  gint64 client_timeout;  /* microseconds */
+  gboolean server_should_disappear;  /* whether the server should stop responding before sending a message */
+  gboolean server_should_close;  /* whether the server should close gracefully once it’s sent a message */
+  GTlsAuthenticationMode auth_mode;
+} TestData;
+
+typedef struct {
+  const TestData *test_data;
+
+  GMainContext *client_context;
+  GMainContext *server_context;
+  gboolean loop_finished;
+  GSocket *server_socket;
+  GSource *server_source;
+  GTlsDatabase *database;
+  GDatagramBased *server_connection;
+  GDatagramBased *client_connection;
+  GSocketConnectable *identity;
+  GSocketAddress *address;
+  gboolean rehandshake;
+  GTlsCertificateFlags accept_flags;
+  GError *read_error;
+  gboolean expect_server_error;
+  GError *server_error;
+  gboolean server_running;
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  const gchar * const *server_protocols;
+#endif
+
+  char buf[128];
+  gssize nread, nwrote;
+} TestConnection;
+
+static void
+setup_connection (TestConnection *test, gconstpointer data)
+{
+  test->test_data = data;
+
+  test->client_context = g_main_context_default ();
+  test->loop_finished = FALSE;
+}
+
+/* Waits about 10 seconds for @var to be NULL/FALSE */
+#define WAIT_UNTIL_UNSET(var)                             \
+  if (var)                                                \
+    {                                                     \
+      int i;                                              \
+                                                          \
+      for (i = 0; i < 13 && (var); i++)                   \
+        {                                                 \
+          g_usleep (1000 * (1 << i));                     \
+          g_main_context_iteration (NULL, FALSE);         \
+        }                                                 \
+                                                          \
+      g_assert (!(var));                                  \
+    }
+
+static void
+teardown_connection (TestConnection *test, gconstpointer data)
+{
+  GError *error = NULL;
+
+  if (test->server_source)
+    {
+      g_source_destroy (test->server_source);
+      g_source_unref (test->server_source);
+      test->server_source = NULL;
+    }
+
+  if (test->server_connection)
+    {
+      WAIT_UNTIL_UNSET (test->server_running);
+
+      g_object_add_weak_pointer (G_OBJECT (test->server_connection),
+                                 (gpointer *)&test->server_connection);
+      g_object_unref (test->server_connection);
+      WAIT_UNTIL_UNSET (test->server_connection);
+    }
+
+  if (test->server_socket)
+    {
+      g_socket_close (test->server_socket, &error);
+      g_assert_no_error (error);
+
+      /* The outstanding accept_async will hold a ref on test->server_socket,
+       * which we want to wait for it to release if we're valgrinding.
+       */
+      g_object_add_weak_pointer (G_OBJECT (test->server_socket), (gpointer *)&test->server_socket);
+      g_object_unref (test->server_socket);
+      WAIT_UNTIL_UNSET (test->server_socket);
+    }
+
+  if (test->client_connection)
+    {
+      g_object_add_weak_pointer (G_OBJECT (test->client_connection),
+                                 (gpointer *)&test->client_connection);
+      g_object_unref (test->client_connection);
+      WAIT_UNTIL_UNSET (test->client_connection);
+    }
+
+  if (test->database)
+    {
+      g_object_add_weak_pointer (G_OBJECT (test->database),
+                                 (gpointer *)&test->database);
+      g_object_unref (test->database);
+      WAIT_UNTIL_UNSET (test->database);
+    }
+
+  g_clear_object (&test->address);
+  g_clear_object (&test->identity);
+  g_clear_error (&test->read_error);
+  g_clear_error (&test->server_error);
+}
+
+static void
+start_server (TestConnection *test)
+{
+  GInetAddress *inet;
+  GSocketAddress *addr;
+  GInetSocketAddress *iaddr;
+  GSocket *socket = NULL;
+  GError *error = NULL;
+
+  inet = g_inet_address_new_from_string ("127.0.0.1");
+  addr = g_inet_socket_address_new (inet, 0);
+  g_object_unref (inet);
+
+  socket = g_socket_new (G_SOCKET_FAMILY_IPV4, G_SOCKET_TYPE_DATAGRAM,
+                         G_SOCKET_PROTOCOL_UDP, &error);
+  g_assert_no_error (error);
+
+  g_socket_bind (socket, addr, FALSE, &error);
+  g_assert_no_error (error);
+
+  test->address = g_socket_get_local_address (socket, &error);
+  g_assert_no_error (error);
+
+  g_object_unref (addr);
+
+  /* The hostname in test->identity matches the server certificate. */
+  iaddr = G_INET_SOCKET_ADDRESS (test->address);
+  test->identity = g_network_address_new ("server.example.com",
+                                          g_inet_socket_address_get_port (iaddr));
+
+  test->server_socket = socket;
+  test->server_running = TRUE;
+}
+
+static gboolean
+on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
+                       GTlsCertificateFlags errors, gpointer user_data)
+{
+  TestConnection *test = user_data;
+  return errors == test->accept_flags;
+}
+
+static void close_server_connection (TestConnection *test,
+                                     gboolean        graceful);
+
+static void
+on_rehandshake_finish (GObject        *object,
+                       GAsyncResult   *res,
+                       gpointer        user_data)
+{
+  TestConnection *test = user_data;
+  GError *error = NULL;
+  GOutputVector vectors[2] = {
+    { TEST_DATA + TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH / 4 },
+    { TEST_DATA + 3 * TEST_DATA_LENGTH / 4, TEST_DATA_LENGTH / 4},
+  };
+  GOutputMessage message = { NULL, vectors, G_N_ELEMENTS (vectors), 0, NULL, 0 };
+  gint n_sent;
+
+  g_dtls_connection_handshake_finish (G_DTLS_CONNECTION (object), res, &error);
+  g_assert_no_error (error);
+
+  do
+    {
+      g_clear_error (&test->server_error);
+      n_sent = g_datagram_based_send_messages (test->server_connection,
+                                               &message, 1,
+                                               G_SOCKET_MSG_NONE, 0, NULL,
+                                               &test->server_error);
+      g_main_context_iteration (NULL, FALSE);
+    }
+  while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
+
+  if (!test->server_error)
+    {
+      g_assert_cmpint (n_sent, ==, 1);
+      g_assert_cmpuint (message.bytes_sent, ==, TEST_DATA_LENGTH / 2);
+    }
+
+  if (!test->server_error && test->rehandshake)
+    {
+      test->rehandshake = FALSE;
+      g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection),
+                                         G_PRIORITY_DEFAULT, NULL,
+                                         on_rehandshake_finish, test);
+      return;
+    }
+
+  if (test->test_data->server_should_close)
+    close_server_connection (test, TRUE);
+}
+
+static void
+on_rehandshake_finish_threaded (GObject      *object,
+                                GAsyncResult *res,
+                                gpointer      user_data)
+{
+  TestConnection *test = user_data;
+  GError *error = NULL;
+  GOutputVector vectors[2] = {
+    { TEST_DATA + TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH / 4 },
+    { TEST_DATA + 3 * TEST_DATA_LENGTH / 4, TEST_DATA_LENGTH / 4},
+  };
+  GOutputMessage message = { NULL, vectors, G_N_ELEMENTS (vectors), 0, NULL, 0 };
+  gint n_sent;
+
+  g_dtls_connection_handshake_finish (G_DTLS_CONNECTION (object), res, &error);
+  g_assert_no_error (error);
+
+  do
+    {
+      g_clear_error (&test->server_error);
+      n_sent = g_datagram_based_send_messages (test->server_connection,
+                                               &message, 1,
+                                               G_SOCKET_MSG_NONE, 0, NULL,
+                                               &test->server_error);
+      g_main_context_iteration (NULL, FALSE);
+    }
+  while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
+
+  if (!test->server_error)
+    {
+      g_assert_cmpint (n_sent, ==, 1);
+      g_assert_cmpuint (message.bytes_sent, ==, TEST_DATA_LENGTH / 2);
+    }
+
+  if (!test->server_error && test->rehandshake)
+    {
+      test->rehandshake = FALSE;
+      g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection),
+                                         G_PRIORITY_DEFAULT, NULL,
+                                         on_rehandshake_finish_threaded, test);
+      return;
+    }
+
+  if (test->test_data->server_should_close)
+    close_server_connection (test, TRUE);
+}
+
+static void
+close_server_connection (TestConnection *test,
+                         gboolean        graceful)
+{
+  GError *error = NULL;
+
+  if (graceful)
+    g_dtls_connection_close (G_DTLS_CONNECTION (test->server_connection),
+                             NULL, &error);
+
+  /* Clear pending dispatches from the context. */
+  while (g_main_context_iteration (test->server_context, FALSE));
+
+  if (graceful && test->expect_server_error)
+    g_assert_nonnull (error);
+  else if (graceful)
+    g_assert_no_error (error);
+
+  test->server_running = FALSE;
+}
+
+static gboolean
+on_incoming_connection (GSocket       *socket,
+                        GIOCondition   condition,
+                        gpointer       user_data)
+{
+  TestConnection *test = user_data;
+  GTlsCertificate *cert;
+  GError *error = NULL;
+  GOutputVector vector = {
+    TEST_DATA,
+    test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH
+  };
+  GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 };
+  gint n_sent;
+  GSocketAddress *addr = NULL;  /* owned */
+  guint8 databuf[65536];
+  GInputVector vec = {databuf, sizeof (databuf)};
+  gint flags = G_SOCKET_MSG_PEEK;
+  gssize ret;
+
+  /* Ignore this if the source has already been destroyed. */
+  if (g_source_is_destroyed (test->server_source))
+    return G_SOURCE_REMOVE;
+
+  /* Remove the source as the first thing. */
+  g_source_destroy (test->server_source);
+  g_source_unref (test->server_source);
+  test->server_source = NULL;
+
+  /* Peek at the incoming packet to get the peer’s address. */
+  ret = g_socket_receive_message (socket, &addr, &vec, 1, NULL, NULL,
+                                  &flags, NULL, NULL);
+
+  if (ret <= 0)
+    return G_SOURCE_REMOVE;
+
+  if (!g_socket_connect (socket, addr, NULL, NULL))
+    {
+      g_object_unref (addr);
+      return G_SOURCE_CONTINUE;
+    }
+
+  g_clear_object (&addr);
+
+  /* Wrap the socket in a GDtlsServerConnection. */
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+  g_assert_no_error (error);
+
+  test->server_connection = g_dtls_server_connection_new (G_DATAGRAM_BASED (socket),
+                                                          cert, &error);
+  g_debug ("%s: Server connection %p on socket %p", G_STRFUNC, test->server_connection, socket);
+  g_assert_no_error (error);
+  g_object_unref (cert);
+
+  g_object_set (test->server_connection, "authentication-mode",
+                test->test_data->auth_mode, NULL);
+  g_signal_connect (test->server_connection, "accept-certificate",
+                    G_CALLBACK (on_accept_certificate), test);
+
+  if (test->database)
+    g_dtls_connection_set_database (G_DTLS_CONNECTION (test->server_connection), test->database);
+
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  if (test->server_protocols)
+    {
+      g_dtls_connection_set_advertised_protocols (G_DTLS_CONNECTION (test->server_connection),
+                                                  test->server_protocols);
+    }
+#endif
+
+  if (test->test_data->server_should_disappear)
+    {
+      close_server_connection (test, FALSE);
+      return G_SOURCE_REMOVE;
+    }
+
+  do
+    {
+      g_clear_error (&test->server_error);
+      n_sent = g_datagram_based_send_messages (test->server_connection,
+                                               &message, 1,
+                                               G_SOCKET_MSG_NONE, 0, NULL,
+                                               &test->server_error);
+      g_main_context_iteration (NULL, FALSE);
+    }
+  while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
+
+  if (!test->server_error)
+    {
+      g_assert_cmpint (n_sent, ==, 1);
+      g_assert_cmpuint (message.bytes_sent, ==, vector.size);
+    }
+
+  if (!test->server_error && test->rehandshake)
+    {
+      test->rehandshake = FALSE;
+      g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection),
+                                         G_PRIORITY_DEFAULT, NULL,
+                                         on_rehandshake_finish, test);
+      return G_SOURCE_REMOVE;
+    }
+
+  if (test->test_data->server_should_close)
+    close_server_connection (test, TRUE);
+
+  return G_SOURCE_REMOVE;
+}
+
+static gboolean
+on_incoming_connection_threaded (GSocket      *socket,
+                                 GIOCondition  condition,
+                                 gpointer      user_data)
+{
+  TestConnection *test = user_data;
+  GTlsCertificate *cert;
+  GError *error = NULL;
+  GOutputVector vector = {
+    TEST_DATA,
+    test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH
+  };
+  GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 };
+  gint n_sent;
+  GSocketAddress *addr = NULL;  /* owned */
+  guint8 databuf[65536];
+  GInputVector vec = {databuf, sizeof (databuf)};
+  gint flags = G_SOCKET_MSG_PEEK;
+  gssize ret;
+
+  /* Ignore this if the source has already been destroyed. */
+  if (g_source_is_destroyed (test->server_source))
+    return G_SOURCE_REMOVE;
+
+  /* Remove the source as the first thing. */
+  g_source_destroy (test->server_source);
+  g_source_unref (test->server_source);
+  test->server_source = NULL;
+
+  /* Peek at the incoming packet to get the peer’s address. */
+  ret = g_socket_receive_message (socket, &addr, &vec, 1, NULL, NULL,
+                                  &flags, NULL, NULL);
+
+  if (ret <= 0)
+    return G_SOURCE_REMOVE;
+
+  if (!g_socket_connect (socket, addr, NULL, NULL))
+    {
+      g_object_unref (addr);
+      return G_SOURCE_CONTINUE;
+    }
+
+  g_clear_object (&addr);
+
+  /* Wrap the socket in a GDtlsServerConnection. */
+  cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+  g_assert_no_error (error);
+
+  test->server_connection = g_dtls_server_connection_new (G_DATAGRAM_BASED (socket),
+                                                          cert, &error);
+  g_debug ("%s: Server connection %p on socket %p", G_STRFUNC, test->server_connection, socket);
+  g_assert_no_error (error);
+  g_object_unref (cert);
+
+  g_object_set (test->server_connection, "authentication-mode",
+                test->test_data->auth_mode, NULL);
+  g_signal_connect (test->server_connection, "accept-certificate",
+                    G_CALLBACK (on_accept_certificate), test);
+
+  if (test->database)
+    g_dtls_connection_set_database (G_DTLS_CONNECTION (test->server_connection), test->database);
+
+  if (test->test_data->server_should_disappear)
+    {
+      close_server_connection (test, FALSE);
+      return G_SOURCE_REMOVE;
+    }
+
+  do
+    {
+      g_clear_error (&test->server_error);
+      n_sent = g_datagram_based_send_messages (test->server_connection,
+                                               &message, 1,
+                                               G_SOCKET_MSG_NONE,
+                                               test->test_data->server_timeout, NULL,
+                                               &test->server_error);
+      g_main_context_iteration (NULL, FALSE);
+    }
+  while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
+
+  if (!test->server_error)
+    {
+      g_assert_cmpint (n_sent, ==, 1);
+      g_assert_cmpuint (message.bytes_sent, ==, vector.size);
+    }
+
+  if (!test->server_error && test->rehandshake)
+    {
+      test->rehandshake = FALSE;
+      g_dtls_connection_handshake_async (G_DTLS_CONNECTION (test->server_connection),
+                                         G_PRIORITY_DEFAULT, NULL,
+                                         on_rehandshake_finish_threaded, test);
+      return G_SOURCE_REMOVE;
+    }
+
+  if (test->test_data->server_should_close)
+    close_server_connection (test, TRUE);
+
+  return G_SOURCE_REMOVE;
+}
+
+static gpointer
+server_service_cb (gpointer user_data)
+{
+  TestConnection *test = user_data;
+
+  test->server_context = g_main_context_new ();
+  g_main_context_push_thread_default (test->server_context);
+
+  test->server_source = g_socket_create_source (test->server_socket, G_IO_IN,
+                                                NULL);
+  g_source_set_callback (test->server_source,
+                         (GSourceFunc) on_incoming_connection_threaded, test, NULL);
+  g_source_attach (test->server_source, test->server_context);
+
+  /* Run the server until it should stop. */
+  while (test->server_running)
+    g_main_context_iteration (test->server_context, TRUE);
+
+  g_main_context_pop_thread_default (test->server_context);
+
+  return NULL;
+}
+
+static void
+start_server_service (TestConnection         *test,
+                      gboolean                threaded)
+{
+  start_server (test);
+
+  if (threaded)
+    {
+      g_thread_new ("dtls-server", server_service_cb, test);
+      return;
+    }
+
+  test->server_source = g_socket_create_source (test->server_socket, G_IO_IN,
+                                                NULL);
+  g_source_set_callback (test->server_source,
+                         (GSourceFunc) on_incoming_connection, test, NULL);
+  g_source_attach (test->server_source, NULL);
+}
+
+static GDatagramBased *
+start_server_and_connect_to_it (TestConnection         *test,
+                                gboolean                threaded)
+{
+  GError *error = NULL;
+  GSocket *socket;
+
+  start_server_service (test, threaded);
+
+  socket = g_socket_new (G_SOCKET_FAMILY_IPV4, G_SOCKET_TYPE_DATAGRAM,
+                         G_SOCKET_PROTOCOL_UDP, &error);
+  g_assert_no_error (error);
+
+  g_socket_connect (socket, test->address, NULL, &error);
+  g_assert_no_error (error);
+
+  return G_DATAGRAM_BASED (socket);
+}
+
+static void
+read_test_data_async (TestConnection *test)
+{
+  gchar *check;
+  GError *error = NULL;
+  guint8 buf[TEST_DATA_LENGTH * 2];
+  GInputVector vectors[2] = {
+    { buf, sizeof (buf) / 2 },
+    { buf + sizeof (buf) / 2, sizeof (buf) / 2 },
+  };
+  GInputMessage message = { NULL, vectors, G_N_ELEMENTS (vectors), 0, 0, NULL, NULL };
+  gint n_read;
+
+  do
+    {
+      g_clear_error (&test->read_error);
+      n_read = g_datagram_based_receive_messages (test->client_connection,
+                                                  &message, 1,
+                                                  G_SOCKET_MSG_NONE,
+                                                  test->test_data->client_timeout,
+                                                  NULL, &test->read_error);
+      g_main_context_iteration (NULL, FALSE);
+    }
+  while (g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
+
+  if (!test->read_error)
+    {
+      g_assert_cmpint (n_read, ==, 1);
+
+      check = g_strdup (TEST_DATA);
+      g_assert_cmpuint (strlen (check), ==, message.bytes_received);
+      g_assert_cmpint (strncmp (check, (const char *)buf, message.bytes_received), ==, 0);
+      g_free (check);
+    }
+
+  g_dtls_connection_close (G_DTLS_CONNECTION (test->client_connection),
+                           NULL, &error);
+  g_assert_no_error (error);
+
+  test->loop_finished = TRUE;
+}
+
+/* Test that connecting a client to a server, both using main contexts in the
+ * same thread, works; and that sending a message from the server to the client
+ * before shutting down gracefully works. */
+static void
+test_basic_connection (TestConnection *test,
+                       gconstpointer   data)
+{
+  GDatagramBased *connection;
+  GError *error = NULL;
+
+  connection = start_server_and_connect_to_it (test, FALSE);
+  test->client_connection = g_dtls_client_connection_new (connection, test->identity, &error);
+  g_debug ("%s: Client connection %p on socket %p", G_STRFUNC, test->client_connection, connection);
+  g_assert_no_error (error);
+  g_object_unref (connection);
+
+  /* No validation at all in this test */
+  g_dtls_client_connection_set_validation_flags (G_DTLS_CLIENT_CONNECTION (test->client_connection),
+                                                 0);
+
+  read_test_data_async (test);
+  while (!test->loop_finished)
+    g_main_context_iteration (test->client_context, TRUE);
+
+  g_assert_no_error (test->server_error);
+  g_assert_no_error (test->read_error);
+}
+
+/* Test that connecting a client to a server, both using separate threads,
+ * works; and that sending a message from the server to the client before
+ * shutting down gracefully works. */
+static void
+test_threaded_connection (TestConnection *test,
+                          gconstpointer   data)
+{
+  GDatagramBased *connection;
+  GError *error = NULL;
+
+  connection = start_server_and_connect_to_it (test, TRUE);
+  test->client_connection = g_dtls_client_connection_new (connection, test->identity, &error);
+  g_debug ("%s: Client connection %p on socket %p", G_STRFUNC, test->client_connection, connection);
+  g_assert_no_error (error);
+  g_object_unref (connection);
+
+  /* No validation at all in this test */
+  g_dtls_client_connection_set_validation_flags (G_DTLS_CLIENT_CONNECTION (test->client_connection),
+                                                 0);
+
+  read_test_data_async (test);
+  while (!test->loop_finished)
+    g_main_context_iteration (test->client_context, TRUE);
+
+  g_assert_no_error (test->server_error);
+  g_assert_no_error (test->read_error);
+}
+
+/* Test that a client can successfully connect to a server, then the server
+ * disappears, and when the client tries to read from it, the client hits a
+ * timeout error (rather than blocking indefinitely or returning another
+ * error). */
+static void
+test_connection_timeouts_read (TestConnection *test,
+                               gconstpointer   data)
+{
+  GDatagramBased *connection;
+  GError *error = NULL;
+
+  connection = start_server_and_connect_to_it (test, TRUE);
+  test->client_connection = g_dtls_client_connection_new (connection,
+                                                          test->identity, &error);
+  g_debug ("%s: Client connection %p on socket %p", G_STRFUNC,
+           test->client_connection, connection);
+  g_assert_no_error (error);
+  g_object_unref (connection);
+
+  /* No validation at all in this test */
+  g_dtls_client_connection_set_validation_flags (G_DTLS_CLIENT_CONNECTION (test->client_connection),
+                                                 0);
+
+  read_test_data_async (test);
+  while (!test->loop_finished)
+    g_main_context_iteration (test->client_context, TRUE);
+
+  g_assert_no_error (test->server_error);
+  g_assert_error (test->read_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
+}
+
+static void
+test_alpn (TestConnection *test,
+           const char * const *client_protocols,
+           const char * const *server_protocols,
+           const char *negotiated_protocol)
+{
+#if GLIB_CHECK_VERSION(2, 60, 0)
+  GDatagramBased *connection;
+  GError *error = NULL;
+
+  test->server_protocols = server_protocols;
+
+  test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+  g_assert_no_error (error);
+  g_assert (test->database);
+
+  connection = start_server_and_connect_to_it (test, FALSE);
+  test->client_connection = g_dtls_client_connection_new (connection, test->identity, &error);
+  g_assert_no_error (error);
+  g_object_unref (connection);
+
+  if (client_protocols)
+    {
+      g_dtls_connection_set_advertised_protocols (G_DTLS_CONNECTION (test->client_connection),
+             client_protocols);
+    }
+
+  g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+  read_test_data_async (test);
+  while (!test->loop_finished)
+    g_main_context_iteration (test->client_context, TRUE);
+
+  g_assert_no_error (test->server_error);
+  g_assert_no_error (test->read_error);
+
+  g_assert_cmpstr (g_dtls_connection_get_negotiated_protocol (G_DTLS_CONNECTION (test->server_connection)), ==, negotiated_protocol);
+  g_assert_cmpstr (g_dtls_connection_get_negotiated_protocol (G_DTLS_CONNECTION (test->client_connection)), ==, negotiated_protocol);
+#else
+  g_test_skip ("no support for ALPN in this GLib version");
+#endif
+}
+
+static void
+test_alpn_match (TestConnection *test, gconstpointer data)
+{
+  const char * const client_protocols[] = { "one", "two", "three", NULL };
+  const char * const server_protocols[] = { "four", "seven", "nine", "two", NULL };
+
+  test_alpn (test, client_protocols, server_protocols, "two");
+}
+
+static void
+test_alpn_no_match (TestConnection *test, gconstpointer data)
+{
+  const char * const client_protocols[] = { "one", "two", "three", NULL };
+  const char * const server_protocols[] = { "four", "seven", "nine", NULL };
+
+  test_alpn (test, client_protocols, server_protocols, NULL);
+}
+
+static void
+test_alpn_client_only (TestConnection *test, gconstpointer data)
+{
+  const char * const client_protocols[] = { "one", "two", "three", NULL };
+
+  test_alpn (test, client_protocols, NULL, NULL);
+}
+
+static void
+test_alpn_server_only (TestConnection *test, gconstpointer data)
+{
+  const char * const server_protocols[] = { "four", "seven", "nine", "two", NULL };
+
+  test_alpn (test, NULL, server_protocols, NULL);
+}
+
+int
+main (int   argc,
+      char *argv[])
+{
+  const TestData blocking = {
+    -1,  /* server_timeout */
+    0,  /* client_timeout */
+    FALSE,  /* server_should_disappear */
+    TRUE, /* server_should_close */
+    G_TLS_AUTHENTICATION_NONE,  /* auth_mode */
+  };
+  const TestData server_timeout = {
+    1000 * G_USEC_PER_SEC,  /* server_timeout */
+    0,  /* client_timeout */
+    FALSE,  /* server_should_disappear */
+    TRUE, /* server_should_close */
+    G_TLS_AUTHENTICATION_NONE,  /* auth_mode */
+  };
+  const TestData nonblocking = {
+    0,  /* server_timeout */
+    0,  /* client_timeout */
+    FALSE,  /* server_should_disappear */
+    TRUE, /* server_should_close */
+    G_TLS_AUTHENTICATION_NONE,  /* auth_mode */
+  };
+  const TestData client_timeout = {
+    0,  /* server_timeout */
+    (gint64) (0.5 * G_USEC_PER_SEC),  /* client_timeout */
+    TRUE,  /* server_should_disappear */
+    TRUE, /* server_should_close */
+    G_TLS_AUTHENTICATION_NONE,  /* auth_mode */
+  };
+  int ret;
+  int i;
+
+  /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY
+   * appropriately if so.
+   */
+  for (i = 1; i < argc - 1; i++)
+    {
+      if (!strcmp (argv[i], "-p"))
+        {
+          const char *priority = argv[i + 1];
+
+          priority = strrchr (priority, '/');
+          if (priority++ &&
+              (g_str_has_prefix (priority, "NORMAL:") ||
+               g_str_has_prefix (priority, "NONE:")))
+            g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE);
+          break;
+        }
+    }
+
+  g_test_init (&argc, &argv, NULL);
+  g_test_bug_base ("http://bugzilla.gnome.org/");
+
+  g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
+  g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+  g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+
+  g_test_add ("/dtls/connection/basic/blocking", TestConnection, &blocking,
+              setup_connection, test_basic_connection, teardown_connection);
+  g_test_add ("/dtls/connection/basic/timeout", TestConnection, &server_timeout,
+              setup_connection, test_basic_connection, teardown_connection);
+  g_test_add ("/dtls/connection/basic/nonblocking",
+              TestConnection, &nonblocking,
+              setup_connection, test_basic_connection, teardown_connection);
+
+  g_test_add ("/dtls/connection/threaded/blocking", TestConnection, &blocking,
+              setup_connection, test_threaded_connection, teardown_connection);
+  g_test_add ("/dtls/connection/threaded/timeout",
+              TestConnection, &server_timeout,
+              setup_connection, test_threaded_connection, teardown_connection);
+  g_test_add ("/dtls/connection/threaded/nonblocking",
+              TestConnection, &nonblocking,
+              setup_connection, test_threaded_connection, teardown_connection);
+
+  g_test_add ("/dtls/connection/timeouts/read", TestConnection, &client_timeout,
+              setup_connection, test_connection_timeouts_read,
+              teardown_connection);
+
+  g_test_add ("/dtls/connection/alpn/match", TestConnection, &blocking,
+              setup_connection, test_alpn_match,
+              teardown_connection);
+  g_test_add ("/dtls/connection/alpn/no-match", TestConnection, &blocking,
+              setup_connection, test_alpn_no_match,
+              teardown_connection);
+  g_test_add ("/dtls/connection/alpn/client-only", TestConnection, &blocking,
+              setup_connection, test_alpn_client_only,
+              teardown_connection);
+  g_test_add ("/dtls/connection/alpn/server-only", TestConnection, &blocking,
+              setup_connection, test_alpn_server_only,
+              teardown_connection);
+
+  ret = g_test_run ();
+
+  /* for valgrinding */
+  g_main_context_unref (g_main_context_default ());
+
+  return ret;
+}

diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c
index 40e292a..10fe84e 100644 (file)
--- a/tls/tests/file-database.c
+++ b/tls/tests/file-database.c
@@ -1,11 +1,13 @@
-/* GIO TLS tests
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO TLS tests
  *
  * Copyright 2011 Collabora, Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,8 +28,6 @@
 
 #include <gio/gio.h>
 
-#include "gnutls/gtlscertificate-gnutls.h"
-
 #include <sys/types.h>
 #include <string.h>
 
@@ -72,35 +72,35 @@ setup_verify (TestVerify     *test,
 
   test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (test->cert));
 
   test->identity = g_network_address_new ("server.example.com", 80);
 
   test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_DATABASE (test->database));
+  g_assert_true (G_IS_TLS_DATABASE (test->database));
 }
 
 static void
 teardown_verify (TestVerify      *test,
                  gconstpointer    data)
 {
-  g_assert (G_IS_TLS_CERTIFICATE (test->cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (test->cert));
   g_object_add_weak_pointer (G_OBJECT (test->cert),
-                            (gpointer *)&test->cert);
+                             (gpointer *)&test->cert);
   g_object_unref (test->cert);
-  g_assert (test->cert == NULL);
+  g_assert_null (test->cert);
 
-  g_assert (G_IS_TLS_DATABASE (test->database));
+  g_assert_true (G_IS_TLS_DATABASE (test->database));
   g_object_add_weak_pointer (G_OBJECT (test->database),
-                            (gpointer *)&test->database);
+                             (gpointer *)&test->database);
   g_object_unref (test->database);
-  g_assert (test->database == NULL);
+  g_assert_null (test->database);
 
   g_object_add_weak_pointer (G_OBJECT (test->identity),
-                            (gpointer *)&test->identity);
+                             (gpointer *)&test->identity);
   g_object_unref (test->identity);
-  g_assert (test->identity == NULL);
+  g_assert_null (test->identity);
 }
 
 static void
@@ -152,7 +152,7 @@ test_verify_database_bad_ca (TestVerify      *test,
   /* Use another certificate which isn't in our CA list */
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   errors = g_tls_database_verify_chain (test->database, cert,
                                         G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
@@ -174,7 +174,7 @@ test_verify_database_bad_before (TestVerify      *test,
   /* This is a certificate in the future */
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   errors = g_tls_database_verify_chain (test->database, cert,
                                         G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
@@ -196,7 +196,7 @@ test_verify_database_bad_expired (TestVerify      *test,
   /* This is a certificate in the future */
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   errors = g_tls_database_verify_chain (test->database, cert,
                                         G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER,
@@ -218,7 +218,7 @@ test_verify_database_bad_combo (TestVerify      *test,
 
   cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (cert));
+  g_assert_true (G_IS_TLS_CERTIFICATE (cert));
 
   /*
    * - Use is self signed
@@ -300,11 +300,11 @@ test_verify_with_incorrect_root_in_chain (void)
    */
   database = g_tls_file_database_new (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_DATABASE (database));
+  g_assert_true (G_IS_TLS_DATABASE (database));
 
   ca_verisign_sha1 = g_tls_certificate_new_from_file (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
+  g_assert_true (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
 
   /*
    * This certificate chain contains a root certificate with that same issuer, public key:
@@ -316,12 +316,12 @@ test_verify_with_incorrect_root_in_chain (void)
    */
   chain = load_certificate_chain (tls_test_file_path ("chain-with-verisign-md2.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (chain));
+  g_assert_true (G_IS_TLS_CERTIFICATE (chain));
 
-  g_assert (g_tls_certificate_get_issuer (chain) != NULL);
-  g_assert (g_tls_certificate_get_issuer (g_tls_certificate_get_issuer (chain)) != NULL);
-  g_assert (is_certificate_in_chain (chain, chain));
-  g_assert (!is_certificate_in_chain (chain, ca_verisign_sha1));
+  g_assert_nonnull (g_tls_certificate_get_issuer (chain));
+  g_assert_nonnull (g_tls_certificate_get_issuer (g_tls_certificate_get_issuer (chain)));
+  g_assert_true (is_certificate_in_chain (chain, chain));
+  g_assert_false (is_certificate_in_chain (chain, ca_verisign_sha1));
 
 
   identity = g_network_address_new ("secure-test.streamline-esolutions.com", 443);
@@ -331,6 +331,7 @@ test_verify_with_incorrect_root_in_chain (void)
                                         identity, NULL, 0, NULL, &error);
   g_assert_no_error (error);
   errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */
+  errors &= ~G_TLS_CERTIFICATE_INSECURE; /* allow MD2 */
   g_assert_cmpuint (errors, ==, 0);
 
   g_object_unref (chain);
@@ -357,18 +358,18 @@ setup_file_database (TestFileDatabase *test,
   test->path = tls_test_file_path ("ca-roots.pem");
   test->database = g_tls_file_database_new (test->path, &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_DATABASE (test->database));
+  g_assert_true (G_IS_TLS_DATABASE (test->database));
 }
 
 static void
 teardown_file_database (TestFileDatabase *test,
                         gconstpointer     data)
 {
-  g_assert (G_IS_TLS_DATABASE (test->database));
+  g_assert_true (G_IS_TLS_DATABASE (test->database));
   g_object_add_weak_pointer (G_OBJECT (test->database),
-                            (gpointer *)&test->database);
+                             (gpointer *)&test->database);
   g_object_unref (test->database);
-  g_assert (test->database == NULL);
+  g_assert_null (test->database);
 }
 
 static void
@@ -388,17 +389,17 @@ test_file_database_handle (TestFileDatabase *test,
 
   certificate = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (certificate));
+  g_assert_true (G_IS_TLS_CERTIFICATE (certificate));
 
   handle = g_tls_database_create_certificate_handle (test->database, certificate);
-  g_assert (handle != NULL);
-  g_assert (g_str_has_prefix (handle, "file:///"));
+  g_assert_nonnull (handle);
+  g_assert_true (g_str_has_prefix (handle, "file:///"));
 
   check = g_tls_database_lookup_certificate_for_handle (test->database, handle,
                                                         NULL, G_TLS_DATABASE_LOOKUP_NONE,
                                                         NULL, &error);
   g_assert_no_error (error);
-  g_assert (G_IS_TLS_CERTIFICATE (check));
+  g_assert_true (G_IS_TLS_CERTIFICATE (check));
 
   g_free (handle);
   g_object_unref (check);
@@ -416,7 +417,7 @@ test_file_database_handle_invalid (TestFileDatabase *test,
                                                               NULL, G_TLS_DATABASE_LOOKUP_NONE,
                                                               NULL, &error);
   g_assert_no_error (error);
-  g_assert (certificate == NULL);
+  g_assert_null (certificate);
 }
 
 /* -----------------------------------------------------------------------------
@@ -505,11 +506,11 @@ test_lookup_certificates_issued_by (void)
 
   g_assert_cmpuint (g_list_length (certificates), ==, 4);
 
-  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client.pem")));
-  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem")));
-  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem")));
-  g_assert (certificate_is_in_list (certificates, tls_test_file_path ("server.pem")));
-  g_assert (!certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem")));
+  g_assert_true (certificate_is_in_list (certificates, tls_test_file_path ("client.pem")));
+  g_assert_true (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem")));
+  g_assert_true (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem")));
+  g_assert_true (certificate_is_in_list (certificates, tls_test_file_path ("server.pem")));
+  g_assert_false (certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem")));
 
   g_list_free_full (certificates, g_object_unref);
   g_object_unref (database);
@@ -523,13 +524,13 @@ test_default_database_is_singleton (void)
   GTlsDatabase *check;
 
   backend = g_tls_backend_get_default ();
-  g_assert (G_IS_TLS_BACKEND (backend));
+  g_assert_true (G_IS_TLS_BACKEND (backend));
 
   database = g_tls_backend_get_default_database (backend);
-  g_assert (G_IS_TLS_DATABASE (database));
+  g_assert_true (G_IS_TLS_DATABASE (database));
 
   check = g_tls_backend_get_default_database (backend);
-  g_assert (database == check);
+  g_assert_true (database == check);
 
   g_object_unref (database);
   g_object_unref (check);
@@ -542,8 +543,8 @@ main (int   argc,
   g_test_init (&argc, &argv, NULL);
 
   g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
-  g_setenv ("GIO_EXTRA_MODULES", TOP_BUILDDIR "/tls/gnutls/.libs", TRUE);
-  g_setenv ("GIO_USE_TLS", "gnutls", TRUE);
+  g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+  g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
 
   g_test_add_func ("/tls/backend/default-database-is-singleton",
                    test_default_database_is_singleton);

diff --git a/tls/tests/files/ca-alternative.pem b/tls/tests/files/ca-alternative.pem
index 695fc37..f302079 100644 (file)
--- a/tls/tests/files/ca-alternative.pem
+++ b/tls/tests/files/ca-alternative.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzETMBEGCgmSJomT8ixk
+MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBV
 bnRydXN0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndh
 cy5hLmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNv
-bTAeFw0xNTA4MzAwMDIyMzFaFw00NTA4MjIwMDIyMzFaMIGGMRMwEQYKCZImiZPy
+bTAeFw0xODA5MTAxNTI4MzJaFw00ODA5MDIxNTI4MzJaMIGGMRMwEQYKCZImiZPy
 LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2Vy
 dGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsG
 CSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAL2qSsuOcbcaJ9+uvbKan/v5186d6u1i5kIk3dPu4etHegHpDG5baq+C
-IUdY1AyCcz6OL61J1lbB3Ksk6eyo9woKHHto0BJ9IVEb7K7pT+gau7QeS15MUK5m
-NfueUfIdXTCNpHez6Nzt4H57bgqJJrJnHnondOuEalEFgDtOBqilAgMBAAGjggFR
-MIIBTTAdBgNVHQ4EFgQUmAbQgRwBOJuIai3NygAtGQ9xlbEwgdQGA1UdIwSBzDCB
-yYAULu6rFocDkpwOJyAjyQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ
+MIGJAoGBAMSfoB1yH62ZHjebrIGf05R9NEmN66395f7hAm5vRfyd0PBYvs8dVnwA
+caE/9mPGSVSePunIMwdTadbB8c8Um9YDmw5j3HWrR81YDt/Jmvr3N+tcqEnHLyG2
+bY/HbkhcZFyHlxXQzOTgZxZJJHDb1myCw6asXuWulNd6DKG9wy17AgMBAAGjggFR
+MIIBTTAdBgNVHQ4EFgQUdW0S6PvoW0vcssGVI0BEspCij3UwgdQGA1UdIwSBzDCB
+yYAUpB+h4wjjUruJVMGfZCqWMDl0UoihgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ
 FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50
 cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMu
 YS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22C
-CQD9kIwlfKYqXDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV
+CQDYFKygp++FMjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV
 HREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNv
-bTANBgkqhkiG9w0BAQUFAAOBgQA9CNpCI5kLKsccy73SZWyp2fEwMDrZHMJvChdv
-1CWaE1BYlLQWtr1bSy2aEPZujMVzUW5XtoRlLWpTBxUB7o888u7FJmFVhEv4Apq2
-DZ8yDlIy4yHFOShIQfmfdeDzYSoxXgoUINqxQDpfKXrQCB9OqQjI4yrJkw+lO7fs
-eIIk5w==
+bTANBgkqhkiG9w0BAQsFAAOBgQCDoGn5OWNDG4IpR5dlJapoVcS2r5NOmk5cpVyG
+YfsuH6NW8GenpXuG9Xt7YJBkdGqLGWw/NWoECjcruafJrQvIGQsQ2imVXqnu2v36
+iUvMH+4aZC96aoncBqoC77tYuKVHFnbsqzk6vu36Wg1dkENN74iDHH7Z58NYbHK7
+g3YHLQ==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/ca-key.pem b/tls/tests/files/ca-key.pem
index 306604e..7a128ea 100644 (file)
--- a/tls/tests/files/ca-key.pem
+++ b/tls/tests/files/ca-key.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9qkrLjnG3Giffrr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6Qxu
-W2qvgiFHWNQMgnM+ji+tSdZWwdyrJOnsqPcKChx7aNASfSFRG+yu6U/oGru0Hkte
-TFCuZjX7nlHyHV0wjaR3s+jc7eB+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQAB
-AoGAY6BlA4HCV9TkZwnJ2VyBdwFpC75F3gYaP1pQL3gGsejsvL4m6n0YkDKBupF9
-aUjIsm5LuvHTJeVVPYz5V3f1syZr4fYYpmwoWjHkb6g55R9iAgmSd29gQwu0OdsP
-EhothysqPMvhWQi2gLHAz14U+EZVH9zKCZ50GW7bTrZoc20CQQD2LkPn6S2HQhPl
-Ks9HmPAsFkd0dKE0zE2IKvgsCiBsfvd4H1u0QO17ZWNR8AK9x16gnrDv0Xjpsw6H
-V9xaMsY7AkEAxTrzZKdaeu1BFDuLdgGuEj5YOUbhXjmldDwvw/xFXPU03MjCVDjo
-4V6MDZJ1HlpwWBCYO+pIyRd5NADXh33+nwJBAPT8d6FbYG6BKJFfd+V1YlVNWpCe
-3CpRwjpnII+bCEdQVu9YrYcFMhAhhqRs6B16QUYwhj4yRFS1VxkDK4srii8CQCdm
-U2D0HZsY8js8eeulAkUatz0Z78OG+Ipzy4b3SlP7mAfTAx8YD02WOZwsecEKiA7P
-odm2P7wMOGYvFN84SDkCQQCYg8rdrLdM1Wx+/k9aiFku1LmyHLZPtq39je4S/EJN
-ibWCMmhysz6cuIKykUYI7DKolQnxu4BWLnn9ff60T1xp
+MIICXAIBAAKBgQDEn6Adch+tmR43m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7P
+HVZ8AHGhP/ZjxklUnj7pyDMHU2nWwfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJ
+xy8htm2Px25IXGRch5cV0Mzk4GcWSSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQAB
+AoGBAJdSFgKzYufSUGwRdbiozUeY+BWnkHruTQRUHO/q2RzqQ/PFCMwS0w1JtimY
+NUJiRutFgjufZI49xtWNm1B4ltjJsvLY/A+w8seQmUHxY5jDY3cfPBAMZoSjJ3u6
+9SmRkbxzb80hkFNe/gfUlN/IOgYwFZLxdDTRPNKb8QvPQBMBAkEA+li6ASpu2Yej
+1Ab3ZgBnGtyLU7Qcy/J3dVsO/cSFkqifGN6OCjiqSVGL8HKKCoPQvRaEgt3WpFmz
+sYsQpz5hgQJBAMkQUlhwIZp6x9kvj5zlF56OBwUbBKSXyvp+sivlyGCuapOvd6yG
+AI8MIEHm2AGmGcOjGUjhh7DTUYAuFXq7lPsCQEFqj+ggE2kqJWgRDfKMZmTBfnK3
+3NJ6IDb9PVSYVqL1BuWzuf/3wJ95/IwvEd0fhpryWFvt5dl6Sxc4lHhvN4ECQBEG
+7tJKfK4GY9JCstjIld15jaKjDRubNzdLb29EQFnfq2riWzIjDv0OO9UY5YYOOPRW
+ZZfEcadJ3gcK4ArKw+0CQCZNMY+qYRLAAhxgZvA1VOBMAOqLWM+nTpkO6rDYeSD7
+BLwy2pPXQoVfdg5JEIF2zEbnNDXjqwA6H3/jCsHYcN0=
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/ca-roots-bad.pem b/tls/tests/files/ca-roots-bad.pem
index 0f8d7cc..de222b9 100644 (file)
--- a/tls/tests/files/ca-roots-bad.pem
+++ b/tls/tests/files/ca-roots-bad.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
 CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
 CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
+WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
 JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
 eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
+m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
+wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
+SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
+Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
+RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
 LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
 FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
 BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
+Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
+0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
+FJW+6MauX6dEeQ==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290

diff --git a/tls/tests/files/ca-roots.pem b/tls/tests/files/ca-roots.pem
index 435a1da..713895c 100644 (file)
--- a/tls/tests/files/ca-roots.pem
+++ b/tls/tests/files/ca-roots.pem
@@ -1,27 +1,27 @@
 These are some CA certificates
 
 -----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
 CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
 CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
+WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
 JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
 eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
+m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
+wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
+SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
+Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
+RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
 LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
 FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
 BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
+Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
+0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
+FJW+6MauX6dEeQ==
 -----END CERTIFICATE-----
 
 GLib shouldn't care about this comment

diff --git a/tls/tests/files/ca.pem b/tls/tests/files/ca.pem
index be5d6fc..98f2e7c 100644 (file)
--- a/tls/tests/files/ca.pem
+++ b/tls/tests/files/ca.pem
@@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
 CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
 CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
+WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
 JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
 eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
+m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
+wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
+SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
+Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
+RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
 LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
 FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
 BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
+Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
+0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
+FJW+6MauX6dEeQ==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/chain.pem b/tls/tests/files/chain.pem
index 9fedf90..638ac0c 100644 (file)
--- a/tls/tests/files/chain.pem
+++ b/tls/tests/files/chain.pem
@@ -1,59 +1,64 @@
 -----BEGIN CERTIFICATE-----
-MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+MIICtjCCAh+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
 bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
 aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
-LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
+LWNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkwNDE1Mjg0OVow
 SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
-urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
-ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
-rIGhqRjNMWRmaH1wgSCGRiE=
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAl0zF3tH3V9QquvMVFgAGREcxj59CGM9X7TCWWNycgbhITJxR8Wqb
+AlHmpjGVFWtmZPvheg4pEUppzPGiaIfX/cdTXuAB/cQ/iGyabvsQA9d75VjQL3ca
+ZjJvspO2s/lOuP3XZX9QpngKGTbQ0DEzNeadG1ckFuXOWOj5DkgIUV0CAwEAAaNH
+MEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTA
+qAEWghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEACXgdI2AC
+f2QByzeXmmMgFm7jLsYw28S6Jvj6vFM9Rzg5Zta64B3kvT2+yk/gaKMBYCBtvRud
+6vjXKrCYlfdJa2yH4HtN1GDL6KYvx0/qJamT71pVvCuLIDzYMf0CcvoYtHZ5HDp3
+RFmQfU4QUk5+0YwwkpBFNQ4oiKjVPTBd5J4=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+MIID8jCCA1ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
 ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
-MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkw
+NDE1Mjg0OVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
 FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
 aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
-BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
-SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
-V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
-BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
-gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
-FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
-Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
-LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
-gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
-T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
-Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAu0V6zuw2zphIOaer4FRF3CCkD7I5MiLRMQvC
+Ttxm9TW+MjNX9/AgnZyrhz53TMzXZpeRzHbBd/alcIsNYeuZA9Sz7OGbNVrlsdv+
+UqGxtpz+QyNABbNVHOMQwEUoWZGOhH3LJFGGs29wZJ0t/YnE87zWYNrwP1JJJzqC
+n2A6sPECAwEAAaOCAUUwggFBMB0GA1UdDgQWBBQcld7s7kDEF1aDLm+aLf0rdSZy
+tDCBuwYDVR0jBIGzMIGwgBR1bRLo++hbS9yywZUjQESykKKPdaGBjKSBiTCBhjET
+MBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAc
+BgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBs
+ZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggkAkoKtudZgg7cw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwJgYDVR0RBB8wHYEbaW50
+ZXJtZWRpYXRlLWNhQGV4YW1wbGUuY29tMBkGA1UdEgQSMBCBDmNhQGV4YW1wbGUu
+Y29tMA0GCSqGSIb3DQEBCwUAA4GBAKW00RiG2BO+ni+mtOP/svum1pC0mxU6oSoO
+uSptJ9NUf88yySwtlXRN34/0SEqznh/ebQzOICtc5su1sQ4+mm9c0VmK1+kEHztW
+Kvsl+3NHy8zvXwZY6EFHUtZ6lB3DNOd+uoSpbfACDctCXMPwdJB/xerulcvRVGUR
+KpspdWQy
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
 CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
 CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
-WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
+WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
 JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
 eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
-rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
-JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
-e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
-0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
-LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
+m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
+wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
+SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
+Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
+RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
 LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
 FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
 BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
-Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
-lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
-9jx8rdTVQwErTw==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
+Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
+0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
+FJW+6MauX6dEeQ==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/client-and-key.pem b/tls/tests/files/client-and-key.pem
index 86a405d..035682d 100644 (file)
--- a/tls/tests/files/client-and-key.pem
+++ b/tls/tests/files/client-and-key.pem
@@ -1,45 +1,45 @@
 -----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4MzJaFw00MzA5MDQxNTI4
 MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
 UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
-onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
-vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
-CWob7aQ/SlFQ+txnwJtOnA==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
+NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
+7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
+vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
+ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
+w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
+sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCrCl/LnuXiUQvdKmDYYpVq
+7HDaVkMMm0hIn342kiGK0ZTt2PpWN33xTGCOVP7hCA8ikZCXbJ32P60LFoivIHk2
+hNPx9memYT1wBwz+aFuo0jSDC3lZwffb/lr+smEl8LTBH2yP2IgRc/ppqX387m9h
+EYAdq5BPvzzFcEvXhbQ7/g==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
-5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
-asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
-SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
-AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
-XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
-+j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
-K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
-CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
-Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
-UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
-Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
-NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
-11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
-vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
-Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
-uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
-f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
-e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
-RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
-NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
-ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
-9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
-7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
-As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
+MIIEpAIBAAKCAQEAssNcMAOHrlw2sioRax+XErJv/KLImjEMo//WPdZ4EH2k82va
+CT4vP13DLpct3XxcY3npQLEMcEjs6X5RT6alRsibG5sdk7Tvj/UrZF//+praZoCd
+XxwngS8HEG16FP449Pe+iGR9Mei9I1NwvaQwh6E7rT2xn6fzgferRmygiorO35xl
+RZPm91e29in7nItAjJzp9YjIVe9yHd9wV+IEUDxpIx+bY+kmUo8I+3ptfd8EG2Vl
+ABk9m1kbS4ERT2Jdjft8P252uFHDovoi/S1BwKXzfEV6hxcsFbo0p1zA6n5RvBLI
+z0m9S4DIczEo6hW5taZVY7TLWYew6hj/28WK3QIDAQABAoIBAEwieDjayAayr3ji
+Adkl8ym7ZYarrdQ936xZYd2kYi5j1MT3wjz9hxHt1RsauCYEuTSEz5sFzM5lwMER
+U4Ag8XNcLPNs9QPbo8wkFv8BA/yvxySw0lWXoBuc891DQyN9wrRSb4uXgNqozSUm
+fHXIYALj4I7AH85nsYZA/WlZCmb2UQwVAh/tgTlsdPrbcS3UXOYmFFk1IJvgvYam
+Qlt3wwLonFA5DOMRTIN9rIRi+nErd7+/co+jy7l8NKcDLm0e2XqxVqwnJEpZTUlF
+Y5NmqefyN1YGWqB8l6ELu38ZFKxNuZinvt4IzCF98kT2AaE/7rrhKabHWjbMg0r1
+MSRebOECgYEA3+g4gndL4YVFYAhQ5/OkkAYF2wmXh9Ej0a//KfLd1uHsH+P4sbo1
+D0MrvLsam2xq17gb+I817s4KasPKvBWpO93ZhViV1zpDwfROXq+SGzHaDyyKMtmb
+o6Kza/F64ByzWo6LpCiLpW+DTb1UxaultJa/XVx7jlfeLX23a7HCF8sCgYEAzGKu
+FT3P+MMGGdC2/pcFQuH8cABToRGo+0VpnvDF+IEQYo2J/lEC+GtgzZcIcYtF3cZ+
+vrNz5WOmdhhn/lk5sdpL6+sx/OIVttFaIY22w4QxX7kwvrM2fM36j/eCdUMrGqHQ
+AeSGrSdAlODIJkcCCIshCgFYMVto2ifYjYvTAvcCgYEAtYaDKeKltjRhxjV3wlUY
++VqorKfeHdJEg993sv6fM3L+B+y+1vfrxG/kqaHXNGJ1TGaK5rzUMMMCVwRc/Jdj
+GJIHo7/p2w/1lu0GDGWywjFsZBjsAcXCFKv3Ym/n+oHKNoSSWYg1ju4VOZVhgNBk
+C0Cb7Ijp8sDx81eUuM7oWHkCgYA7eBcJDTQ/QJe82TL1vwGD5XdrK10qB5ZwjlDe
+M1aXKQ6YbnCRdAb2O2AuUdzeFNUeY4wrdtGpFCayRAW2R0X3Tvo6SfQAjdQdnqqo
+CrD8ELHBFYRuaHzZMaHPVAg8kG+xTxXUByd8qGgtKX5zTMP1sm3JmHyN1/gZSfDD
+tsSOHwKBgQDOS2vFATYVd2sVG0DYh3Ym+Je+FWiebVrADcDxbIbQ5l1XvtlxPMhJ
+iQAV5x/8GSjaurOnv4BunJYnHVV7ldvzN1SmJnRLragthKCWGpMy9XzKTbv2q3te
+sRDygr94UFgd4BH403J46FXQ0ancPPacAMncQztl1uB23PO25gqqHQ==
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/client-future.pem b/tls/tests/files/client-future.pem
index bf08f8c..b9f2312 100644 (file)
--- a/tls/tests/files/client-future.pem
+++ b/tls/tests/files/client-future.pem
@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
-MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzE2MDAwMFoYDzIwNjEwNzE3
+MTYwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
 RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
-ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
-dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
-jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
-ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
-qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
-gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
-rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
-s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
-nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
-cbRhKzUoJD6FBuUq7OXOO+4T30c=
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyw1ww
+A4euXDayKhFrH5cSsm/8osiaMQyj/9Y91ngQfaTza9oJPi8/XcMuly3dfFxjeelA
+sQxwSOzpflFPpqVGyJsbmx2TtO+P9StkX//6mtpmgJ1fHCeBLwcQbXoU/jj0976I
+ZH0x6L0jU3C9pDCHoTutPbGfp/OB96tGbKCKis7fnGVFk+b3V7b2Kfuci0CMnOn1
+iMhV73Id33BX4gRQPGkjH5tj6SZSjwj7em193wQbZWUAGT2bWRtLgRFPYl2N+3w/
+bna4UcOi+iL9LUHApfN8RXqHFywVujSnXMDqflG8EsjPSb1LgMhzMSjqFbm1plVj
+tMtZh7DqGP/bxYrdAgMBAAEwDQYJKoZIhvcNAQELBQADgYEABzPPPH3DCjosUii6
+h5Fe+/9re6Ka/8JBZ5V9G1H+uBky7L07BQ5JhV7OIBuej0JQQXrDvicv0n7ImmHP
+O3iHxSLOe5sp7kNeQYpgm4DYbJUddcUBwltI5Lvux6IbR6rZybhVRnxjNd1jUBvj
+p42OS5M0tNYKC3jFDcuNwRIhiCw=
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/client-key.pem b/tls/tests/files/client-key.pem
index a9740dc..5ee4203 100644 (file)
--- a/tls/tests/files/client-key.pem
+++ b/tls/tests/files/client-key.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
-5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
-asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
-SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
-AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
-XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
-+j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
-K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
-CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
-Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
-UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
-Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
-NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
-11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
-vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
-Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
-uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
-f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
-e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
-RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
-NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
-ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
-9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
-7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
-As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
+MIIEpAIBAAKCAQEAssNcMAOHrlw2sioRax+XErJv/KLImjEMo//WPdZ4EH2k82va
+CT4vP13DLpct3XxcY3npQLEMcEjs6X5RT6alRsibG5sdk7Tvj/UrZF//+praZoCd
+XxwngS8HEG16FP449Pe+iGR9Mei9I1NwvaQwh6E7rT2xn6fzgferRmygiorO35xl
+RZPm91e29in7nItAjJzp9YjIVe9yHd9wV+IEUDxpIx+bY+kmUo8I+3ptfd8EG2Vl
+ABk9m1kbS4ERT2Jdjft8P252uFHDovoi/S1BwKXzfEV6hxcsFbo0p1zA6n5RvBLI
+z0m9S4DIczEo6hW5taZVY7TLWYew6hj/28WK3QIDAQABAoIBAEwieDjayAayr3ji
+Adkl8ym7ZYarrdQ936xZYd2kYi5j1MT3wjz9hxHt1RsauCYEuTSEz5sFzM5lwMER
+U4Ag8XNcLPNs9QPbo8wkFv8BA/yvxySw0lWXoBuc891DQyN9wrRSb4uXgNqozSUm
+fHXIYALj4I7AH85nsYZA/WlZCmb2UQwVAh/tgTlsdPrbcS3UXOYmFFk1IJvgvYam
+Qlt3wwLonFA5DOMRTIN9rIRi+nErd7+/co+jy7l8NKcDLm0e2XqxVqwnJEpZTUlF
+Y5NmqefyN1YGWqB8l6ELu38ZFKxNuZinvt4IzCF98kT2AaE/7rrhKabHWjbMg0r1
+MSRebOECgYEA3+g4gndL4YVFYAhQ5/OkkAYF2wmXh9Ej0a//KfLd1uHsH+P4sbo1
+D0MrvLsam2xq17gb+I817s4KasPKvBWpO93ZhViV1zpDwfROXq+SGzHaDyyKMtmb
+o6Kza/F64ByzWo6LpCiLpW+DTb1UxaultJa/XVx7jlfeLX23a7HCF8sCgYEAzGKu
+FT3P+MMGGdC2/pcFQuH8cABToRGo+0VpnvDF+IEQYo2J/lEC+GtgzZcIcYtF3cZ+
+vrNz5WOmdhhn/lk5sdpL6+sx/OIVttFaIY22w4QxX7kwvrM2fM36j/eCdUMrGqHQ
+AeSGrSdAlODIJkcCCIshCgFYMVto2ifYjYvTAvcCgYEAtYaDKeKltjRhxjV3wlUY
++VqorKfeHdJEg993sv6fM3L+B+y+1vfrxG/kqaHXNGJ1TGaK5rzUMMMCVwRc/Jdj
+GJIHo7/p2w/1lu0GDGWywjFsZBjsAcXCFKv3Ym/n+oHKNoSSWYg1ju4VOZVhgNBk
+C0Cb7Ijp8sDx81eUuM7oWHkCgYA7eBcJDTQ/QJe82TL1vwGD5XdrK10qB5ZwjlDe
+M1aXKQ6YbnCRdAb2O2AuUdzeFNUeY4wrdtGpFCayRAW2R0X3Tvo6SfQAjdQdnqqo
+CrD8ELHBFYRuaHzZMaHPVAg8kG+xTxXUByd8qGgtKX5zTMP1sm3JmHyN1/gZSfDD
+tsSOHwKBgQDOS2vFATYVd2sVG0DYh3Ym+Je+FWiebVrADcDxbIbQ5l1XvtlxPMhJ
+iQAV5x/8GSjaurOnv4BunJYnHVV7ldvzN1SmJnRLragthKCWGpMy9XzKTbv2q3te
+sRDygr94UFgd4BH403J46FXQ0ancPPacAMncQztl1uB23PO25gqqHQ==
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/client-past.pem b/tls/tests/files/client-past.pem
index f2e29e1..ac8deb7 100644 (file)
--- a/tls/tests/files/client-past.pem
+++ b/tls/tests/files/client-past.pem
@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcxNjAwMDBaFw0wMTA3MTcxNjAw
 MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
 UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
-VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
-hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
-Iy/P6Hx0b2bZ5H6v/y6bqw==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
+NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
+7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
+vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
+ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
+w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
+sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCXBZanjJI96eWgPGv2LIgu
+9ZtEAd2C01lMc2UQHUMicPDFW1oQeptIruRGPVv+2ct9OhnC4JzBi18EAzxklsuF
+PsQZ+Lq/38hvdlX5bHGoRSJtFdB+ZkyFETr9AZNIYnxdSKrmUEwLPz/4rzB5KAoc
+wYNLbNWS2XqATA1rJ+cxmg==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/client.pem b/tls/tests/files/client.pem
index 75fae57..6f218ae 100644 (file)
--- a/tls/tests/files/client.pem
+++ b/tls/tests/files/client.pem
@@ -1,18 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4MzJaFw00MzA5MDQxNTI4
 MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
 UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
-onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
-vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
-CWob7aQ/SlFQ+txnwJtOnA==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
+NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
+7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
+vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
+ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
+w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
+sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCrCl/LnuXiUQvdKmDYYpVq
+7HDaVkMMm0hIn342kiGK0ZTt2PpWN33xTGCOVP7hCA8ikZCXbJ32P60LFoivIHk2
+hNPx9memYT1wBwz+aFuo0jSDC3lZwffb/lr+smEl8LTBH2yP2IgRc/ppqX387m9h
+EYAdq5BPvzzFcEvXhbQ7/g==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/client2-and-key.pem b/tls/tests/files/client2-and-key.pem
new file mode 100644 (file)
index 0000000..f2c2178
--- /dev/null
+++ b/tls/tests/files/client2-and-key.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4NDlaFw00MzA5MDQxNTI4
+NDlaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoflA8RApzA
+4xDqTXTB9S95EREe5XgJM5AX+euLl77pxnwJNhjIsSAbkLgnQ9tVRs2dKQdhzN1I
+XlzEjz+WHqxSQqh/CEp5Dlp5SvZrYezHJHuQVVj1uuPWU3yB7CjoCkKT+VPrOLQo
+zITCu9Xl/SI79GOOUb0TUKm3z7Y0H6ooqXzW77DGEEFWpf72+lnEWSYjleJPtY0b
+TJB3vlFHE456gBKlJwit+fywmEMu03Wjci5IpTmPFnp1LhIi9P4tbEOw3l+qazgh
+bY30eDVvVBHx8wK3OF5w1VSdt6TXM664G0xyCDihunt50BOVw2JxTlXyRP+kr3tY
+hSZRNr2J2c0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQA/0rpbeNv1JlT8nBjhYnNr
+72DkVhu5cj06zolC87Zk/fvqC8I4OtrfCbDZ1TIzJPFTdIxRdd8eGJlKtGWW2EJ+
+2z/Jmkx3Dh5QbHpAenYHI59kBF+BPnrk64o0f304jRZZQznEMqQBb+/q9iW1iT/9
+lw0YLQ1pI3OlOCLGaUKj1A==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqh+UDxECnMDjEOpNdMH1L3kRER7leAkzkBf564uXvunGfAk2
+GMixIBuQuCdD21VGzZ0pB2HM3UheXMSPP5YerFJCqH8ISnkOWnlK9mth7Mcke5BV
+WPW649ZTfIHsKOgKQpP5U+s4tCjMhMK71eX9Ijv0Y45RvRNQqbfPtjQfqiipfNbv
+sMYQQVal/vb6WcRZJiOV4k+1jRtMkHe+UUcTjnqAEqUnCK35/LCYQy7TdaNyLkil
+OY8WenUuEiL0/i1sQ7DeX6prOCFtjfR4NW9UEfHzArc4XnDVVJ23pNczrrgbTHII
+OKG6e3nQE5XDYnFOVfJE/6Sve1iFJlE2vYnZzQIDAQABAoIBAC13+y57sWML+qRO
+uxz1qf5iMTmONG58pxdgER/vU0NnX/FO1PKS0SRvuaI+fFhm1mGmG40pioOqD+5j
+apXoHZKY+c/nA+RDrp5nxK1PzgBmyU1tKiJ4qtayNeYVI3Vbb0KUIhNXzvP345Go
+KmPk8F7x/0OMijQqsWhrBE0CaWQkwm5wBdWlNb82kz6KyJCzcMmS9SwfqRclz8Qp
+JDiyllxiYj+OjYFg1ntcR3vMkVbK88NVSZWwPOZdMmYd4PC0pIcHg/j/kTN/mrs4
+w3MzSd5+Lvg234bofH3XRPbxdu0MOUEEMwbyLHjXXa4g3je0cABwCvo6b9sShKYi
+ktLpzoECgYEA1rQVY+O6Hlf9n8msTRMGsiEu9IKuadPs+Ixnhxerh4WBem1ivx58
+vXOhkeblKYLrDP9alm++nprlBAP3xRK3iX6r388a+e5UPbsHCk8KaZKkCTezpTS2
+1TqQFcc6Kc8BKJui7UhsALeKAFgcgmagXd2qMRm1lLgNY3Xc4KNBlRUCgYEAythj
+Pqqvhvr/ixLFKlTjZXhNc2DYdw9tP3egjMjpmyIKo4UYH4qTGhlbrxPLqgQUMyp4
+tqT1FdrbCp0K/TJKuURnsNzbwp73mMc+H+nrmBmU6/q/4Yhu1BrvBCoaaOT9ET9f
+raEJTc133xXvDCBuq8P82ODEzpD7gxNStRRtT9kCgYBLb0Y8rFxOIPg5VfA1vEOT
+/lizC98fy5fs09fj/QsFOID/dMNHBv0oyyGvU4KcjSTskiNPy78blqx0NritAyB9
+LIZSwj9mJLhwX+/fTVoJMb50hp+VoenDDSpmnHLxEYwEqnoaCGH59oKEEHEj187s
+a99KFRBZSjlaAqUyP+ng6QKBgQCpoaftQiQjx0do8Dt+GRtJQf/TGwwrFPWRe+MB
+mQryttcaxDTWO7akvswTb4SEG4EhAMWOSAjFTA6do5MLBsHCiVgFac1FxlbcptJn
+MeHZgpstdLZ+TvAP5K45V1RaoBSaFdtXgjIbpFY4c0lDZOPoNLAAVod/D3Olu8UQ
+tZJskQKBgFxFnovacjyccFHI0SjjbqedOQn7mUlvYv/uPkMe8O4wu7wael7iMb8w
+/MK6ZRK5Ec9c1lotoEhaZbGoTvUIX2eA+gdGYWDhxFbce7/1bPNvhRLoEsFLvXuU
+53H2rvqRiFX8scM3Pc/toWylzRLLVowcRAZ+joprIMfrrtFkekD9
+-----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/client2-key.pem b/tls/tests/files/client2-key.pem
new file mode 100644 (file)
index 0000000..c45cbb6
--- /dev/null
+++ b/tls/tests/files/client2-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqh+UDxECnMDjEOpNdMH1L3kRER7leAkzkBf564uXvunGfAk2
+GMixIBuQuCdD21VGzZ0pB2HM3UheXMSPP5YerFJCqH8ISnkOWnlK9mth7Mcke5BV
+WPW649ZTfIHsKOgKQpP5U+s4tCjMhMK71eX9Ijv0Y45RvRNQqbfPtjQfqiipfNbv
+sMYQQVal/vb6WcRZJiOV4k+1jRtMkHe+UUcTjnqAEqUnCK35/LCYQy7TdaNyLkil
+OY8WenUuEiL0/i1sQ7DeX6prOCFtjfR4NW9UEfHzArc4XnDVVJ23pNczrrgbTHII
+OKG6e3nQE5XDYnFOVfJE/6Sve1iFJlE2vYnZzQIDAQABAoIBAC13+y57sWML+qRO
+uxz1qf5iMTmONG58pxdgER/vU0NnX/FO1PKS0SRvuaI+fFhm1mGmG40pioOqD+5j
+apXoHZKY+c/nA+RDrp5nxK1PzgBmyU1tKiJ4qtayNeYVI3Vbb0KUIhNXzvP345Go
+KmPk8F7x/0OMijQqsWhrBE0CaWQkwm5wBdWlNb82kz6KyJCzcMmS9SwfqRclz8Qp
+JDiyllxiYj+OjYFg1ntcR3vMkVbK88NVSZWwPOZdMmYd4PC0pIcHg/j/kTN/mrs4
+w3MzSd5+Lvg234bofH3XRPbxdu0MOUEEMwbyLHjXXa4g3je0cABwCvo6b9sShKYi
+ktLpzoECgYEA1rQVY+O6Hlf9n8msTRMGsiEu9IKuadPs+Ixnhxerh4WBem1ivx58
+vXOhkeblKYLrDP9alm++nprlBAP3xRK3iX6r388a+e5UPbsHCk8KaZKkCTezpTS2
+1TqQFcc6Kc8BKJui7UhsALeKAFgcgmagXd2qMRm1lLgNY3Xc4KNBlRUCgYEAythj
+Pqqvhvr/ixLFKlTjZXhNc2DYdw9tP3egjMjpmyIKo4UYH4qTGhlbrxPLqgQUMyp4
+tqT1FdrbCp0K/TJKuURnsNzbwp73mMc+H+nrmBmU6/q/4Yhu1BrvBCoaaOT9ET9f
+raEJTc133xXvDCBuq8P82ODEzpD7gxNStRRtT9kCgYBLb0Y8rFxOIPg5VfA1vEOT
+/lizC98fy5fs09fj/QsFOID/dMNHBv0oyyGvU4KcjSTskiNPy78blqx0NritAyB9
+LIZSwj9mJLhwX+/fTVoJMb50hp+VoenDDSpmnHLxEYwEqnoaCGH59oKEEHEj187s
+a99KFRBZSjlaAqUyP+ng6QKBgQCpoaftQiQjx0do8Dt+GRtJQf/TGwwrFPWRe+MB
+mQryttcaxDTWO7akvswTb4SEG4EhAMWOSAjFTA6do5MLBsHCiVgFac1FxlbcptJn
+MeHZgpstdLZ+TvAP5K45V1RaoBSaFdtXgjIbpFY4c0lDZOPoNLAAVod/D3Olu8UQ
+tZJskQKBgFxFnovacjyccFHI0SjjbqedOQn7mUlvYv/uPkMe8O4wu7wael7iMb8w
+/MK6ZRK5Ec9c1lotoEhaZbGoTvUIX2eA+gdGYWDhxFbce7/1bPNvhRLoEsFLvXuU
+53H2rvqRiFX8scM3Pc/toWylzRLLVowcRAZ+joprIMfrrtFkekD9
+-----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/client2.pem b/tls/tests/files/client2.pem
new file mode 100644 (file)
index 0000000..24f099a
--- /dev/null
+++ b/tls/tests/files/client2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4NDlaFw00MzA5MDQxNTI4
+NDlaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoflA8RApzA
+4xDqTXTB9S95EREe5XgJM5AX+euLl77pxnwJNhjIsSAbkLgnQ9tVRs2dKQdhzN1I
+XlzEjz+WHqxSQqh/CEp5Dlp5SvZrYezHJHuQVVj1uuPWU3yB7CjoCkKT+VPrOLQo
+zITCu9Xl/SI79GOOUb0TUKm3z7Y0H6ooqXzW77DGEEFWpf72+lnEWSYjleJPtY0b
+TJB3vlFHE456gBKlJwit+fywmEMu03Wjci5IpTmPFnp1LhIi9P4tbEOw3l+qazgh
+bY30eDVvVBHx8wK3OF5w1VSdt6TXM664G0xyCDihunt50BOVw2JxTlXyRP+kr3tY
+hSZRNr2J2c0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQA/0rpbeNv1JlT8nBjhYnNr
+72DkVhu5cj06zolC87Zk/fvqC8I4OtrfCbDZ1TIzJPFTdIxRdd8eGJlKtGWW2EJ+
+2z/Jmkx3Dh5QbHpAenYHI59kBF+BPnrk64o0f304jRZZQznEMqQBb+/q9iW1iT/9
+lw0YLQ1pI3OlOCLGaUKj1A==
+-----END CERTIFICATE-----

diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh
index 0a7140f..8fda797 100755 (executable)
--- a/tls/tests/files/create-files.sh
+++ b/tls/tests/files/create-files.sh
@@ -68,7 +68,7 @@ openssl x509 -req -in root-ca-csr.pem -days 10950 -CA old-ca.pem -CAkey old-ca-k
 #######################################################################
 
 msg "Creating server private key"
-openssl genrsa -out server-key.pem 512
+openssl genrsa -out server-key.pem 1024
 
 msg "Creating server certificate request"
 openssl req -config ssl/server.conf -key server-key.pem -new -out server-csr.pem
@@ -124,6 +124,14 @@ openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -C
 sudo hwclock -s
 touch client-future.pem
 
+msg "Creating second client key pair"
+openssl genrsa -out client2-key.pem 2048
+openssl req -config ssl/client.conf -key client2-key.pem -new -out client2-csr.pem
+openssl x509 -req -in client2-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client2.pem
+
+msg "Concatenating second client certificate and private key into a single file"
+cat client2.pem client2-key.pem > client2-and-key.pem
+
 #######################################################################
 ### Concatenate all non-CA certificates
 #######################################################################
@@ -151,7 +159,7 @@ cat server-self.pem >> non-ca.pem
 echo "00" > intermediate-serial
 
 msg "Creating intermediate CA private key"
-openssl genrsa -out intermediate-ca-key.pem 512
+openssl genrsa -out intermediate-ca-key.pem 1024
 
 msg "Creating intermediate CA certificate request"
 openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem
@@ -164,7 +172,7 @@ openssl x509 -req -in intermediate-ca-csr.pem -days 9125 -CA ca.pem -CAkey ca-ke
 #######################################################################
 
 msg "Creating server (intermediate CA) private key"
-openssl genrsa -out server-intermediate-key.pem 512
+openssl genrsa -out server-intermediate-key.pem 1024
 
 msg "Creating server (intermediate CA) certificate request"
 openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out server-intermediate-csr.pem

diff --git a/tls/tests/files/garbage.pem b/tls/tests/files/garbage.pem
new file mode 100644 (file)
index 0000000..4b79f0e
Binary files /dev/null and b/tls/tests/files/garbage.pem differ

diff --git a/tls/tests/files/intermediate-ca-csr.pem b/tls/tests/files/intermediate-ca-csr.pem
index 189a2d3..702c849 100644 (file)
--- a/tls/tests/files/intermediate-ca-csr.pem
+++ b/tls/tests/files/intermediate-ca-csr.pem
@@ -1,12 +1,15 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIBujCCAWQCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+MIICPzCCAagCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
 ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg
 QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x
-KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0G
-CSqGSIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDN
-L2JuV7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGgUTBPBgkq
-hkiG9w0BCQ4xQjBAMB0GA1UdDgQWBBRd9ylgHXCCZmIH9Y3sRbfjbCVnATAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAANBAIp7
-2/fnWAYyd4QxpW8qqajTKyuGiS5rwm5knLZvriM3qR6mAtuI3vluk431YcQ1G/jn
-QdPf5uYuttJC1GzrZDE=
+KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu0V6zuw2zphIOaer4FRF3CCkD7I5MiLR
+MQvCTtxm9TW+MjNX9/AgnZyrhz53TMzXZpeRzHbBd/alcIsNYeuZA9Sz7OGbNVrl
+sdv+UqGxtpz+QyNABbNVHOMQwEUoWZGOhH3LJFGGs29wZJ0t/YnE87zWYNrwP1JJ
+JzqCn2A6sPECAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0OBBYEFByV3uzu
+QMQXVoMub5ot/St1JnK0MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4GBAG7IynHI8OVb/MJbcbLOYg0OaRDMGTbT6IqPxp70
+sVgTN9nlJe9QDs2hJpNFkwMtJqLcS5Qq9/fU02LpsFzABSz0s3Ie6yC0iSxa+tF/
+Zy/dQfgPYclXIvt7Cy1KRYPcb8c825QOE7dc4ZhBUStFK8YddSCLhXjlGTpbDm3u
+QP5a
 -----END CERTIFICATE REQUEST-----

diff --git a/tls/tests/files/intermediate-ca-key.pem b/tls/tests/files/intermediate-ca-key.pem
index e449282..de97214 100644 (file)
--- a/tls/tests/files/intermediate-ca-key.pem
+++ b/tls/tests/files/intermediate-ca-key.pem
@@ -1,9 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBANEyJ2u0kBnbu0j2ADeGEg/tLkS1+OEwdSLyYM0vYm5XucwMagAR
-R8dXfH/4Rv9N7Ka8GJHOVQPpgZBEr7YLz4sCAwEAAQJAUPmw+Kfz/45meF+Axf1H
-kJKmjkJCDCjNrrFTdxkYaM0pCDPjHeclMHZ9mhtKQs2/8ER4tvdNIUCba/f9n4lI
-QQIhAO6s3jWb4JVobvpC0r5OE/HLOLgnnieQPQGl/sBoqL6fAiEA4GF+A8XaSF/C
-V5tFTFMDN1hw9bvOxhwaVAgcBNzHA5UCIFI5t+wcIYkXi3QoZVYuq+xXKNk4vOHA
-bWQN/e/nnordAiEA26qWU9s+99vHxzybez1JyMUs0WYr6IdavymxRJFfxIECIEra
-zEU8vYbm02cECN2fB6SRAlyD8Gb6KAMP+A4RXVWO
+MIICXgIBAAKBgQC7RXrO7DbOmEg5p6vgVEXcIKQPsjkyItExC8JO3Gb1Nb4yM1f3
+8CCdnKuHPndMzNdml5HMdsF39qVwiw1h65kD1LPs4Zs1WuWx2/5SobG2nP5DI0AF
+s1Uc4xDARShZkY6EfcskUYazb3BknS39icTzvNZg2vA/UkknOoKfYDqw8QIDAQAB
+AoGBAJ53DJRMDZSEB5nB6A7LQNIkTK97gCqMi7eU27cfiX+1GlwgVi/XYcH88Khg
+k1LJgvutBhKd6tg4PYYeJBTX54GDuQzghfqweIqJgItchJDr1c6pw2qbNnMFqP4N
+rfbDyFVrhoMf3QSDtoV6TXZZNXZXAC1nVbmhE0GiGUGFts6BAkEA33gFibdxqHBG
+HNu6ry6oNhpiUMm9X2wNLVi3oxJLYBYQx0OSrs6wlNJvoUpMVuEjriCmT26GtdxI
+DjWz4ffLbwJBANaIfn3EUnB8iNaSUmJpJKHMtiIAAw2XKIt9OUa9QTkCKLoX+Nzr
+i6PV5pPOfcLc8h+YBDkQaja7480xIbYimZ8CQH9k27tb0baVctLmzLErpwdY2S13
+JLcuUQDF78JOHpxDWANQ2WFAQVhF8w9+3LA2nvGYeVcVCkTItGctZEPw0I8CQQDN
+hkwwLqGP9C6f6eQVNYeLnnOqVPqXzYVhROFXXL4cYG4mAgs/kkTf+27/kSY4RbWM
+APWiuZAXyZ7umDAkrjcfAkEAtCGn5fY0AyOEnej7b0ZsTHlLTSHb6drAPDT5b3Ad
+O96DYKvWhlBsGEmDOsBOo/1PCfHWygBJvTDBoRKBdAh4uA==
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/intermediate-ca.pem b/tls/tests/files/intermediate-ca.pem
index 179d030..4841cc2 100644 (file)
--- a/tls/tests/files/intermediate-ca.pem
+++ b/tls/tests/files/intermediate-ca.pem
@@ -1,22 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+MIID8jCCA1ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
 ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
-MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkw
+NDE1Mjg0OVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
 FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
 aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
-BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
-SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
-V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
-BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
-gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
-FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
-Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
-LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
-gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
-T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
-Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAu0V6zuw2zphIOaer4FRF3CCkD7I5MiLRMQvC
+Ttxm9TW+MjNX9/AgnZyrhz53TMzXZpeRzHbBd/alcIsNYeuZA9Sz7OGbNVrlsdv+
+UqGxtpz+QyNABbNVHOMQwEUoWZGOhH3LJFGGs29wZJ0t/YnE87zWYNrwP1JJJzqC
+n2A6sPECAwEAAaOCAUUwggFBMB0GA1UdDgQWBBQcld7s7kDEF1aDLm+aLf0rdSZy
+tDCBuwYDVR0jBIGzMIGwgBR1bRLo++hbS9yywZUjQESykKKPdaGBjKSBiTCBhjET
+MBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAc
+BgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBs
+ZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggkAkoKtudZgg7cw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwJgYDVR0RBB8wHYEbaW50
+ZXJtZWRpYXRlLWNhQGV4YW1wbGUuY29tMBkGA1UdEgQSMBCBDmNhQGV4YW1wbGUu
+Y29tMA0GCSqGSIb3DQEBCwUAA4GBAKW00RiG2BO+ni+mtOP/svum1pC0mxU6oSoO
+uSptJ9NUf88yySwtlXRN34/0SEqznh/ebQzOICtc5su1sQ4+mm9c0VmK1+kEHztW
+Kvsl+3NHy8zvXwZY6EFHUtZ6lB3DNOd+uoSpbfACDctCXMPwdJB/xerulcvRVGUR
+KpspdWQy
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/non-ca.pem b/tls/tests/files/non-ca.pem
index 068263b..cb76d6e 100644 (file)
--- a/tls/tests/files/non-ca.pem
+++ b/tls/tests/files/non-ca.pem
@@ -1,88 +1,93 @@
 client.pem:
 -----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4MzJaFw00MzA5MDQxNTI4
 MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
 UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
-onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
-vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
-CWob7aQ/SlFQ+txnwJtOnA==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
+NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
+7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
+vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
+ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
+w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
+sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCrCl/LnuXiUQvdKmDYYpVq
+7HDaVkMMm0hIn342kiGK0ZTt2PpWN33xTGCOVP7hCA8ikZCXbJ32P60LFoivIHk2
+hNPx9memYT1wBwz+aFuo0jSDC3lZwffb/lr+smEl8LTBH2yP2IgRc/ppqX387m9h
+EYAdq5BPvzzFcEvXhbQ7/g==
 -----END CERTIFICATE-----
 
 client-future.pem:
 -----BEGIN CERTIFICATE-----
-MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
-MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzE2MDAwMFoYDzIwNjEwNzE3
+MTYwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
 RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
-ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
-dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
-jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
-ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
-qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
-gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
-rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
-s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
-nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
-cbRhKzUoJD6FBuUq7OXOO+4T30c=
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyw1ww
+A4euXDayKhFrH5cSsm/8osiaMQyj/9Y91ngQfaTza9oJPi8/XcMuly3dfFxjeelA
+sQxwSOzpflFPpqVGyJsbmx2TtO+P9StkX//6mtpmgJ1fHCeBLwcQbXoU/jj0976I
+ZH0x6L0jU3C9pDCHoTutPbGfp/OB96tGbKCKis7fnGVFk+b3V7b2Kfuci0CMnOn1
+iMhV73Id33BX4gRQPGkjH5tj6SZSjwj7em193wQbZWUAGT2bWRtLgRFPYl2N+3w/
+bna4UcOi+iL9LUHApfN8RXqHFywVujSnXMDqflG8EsjPSb1LgMhzMSjqFbm1plVj
+tMtZh7DqGP/bxYrdAgMBAAEwDQYJKoZIhvcNAQELBQADgYEABzPPPH3DCjosUii6
+h5Fe+/9re6Ka/8JBZ5V9G1H+uBky7L07BQ5JhV7OIBuej0JQQXrDvicv0n7ImmHP
+O3iHxSLOe5sp7kNeQYpgm4DYbJUddcUBwltI5Lvux6IbR6rZybhVRnxjNd1jUBvj
+p42OS5M0tNYKC3jFDcuNwRIhiCw=
 -----END CERTIFICATE-----
 
 client-past.pem:
 -----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
 T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
 ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcxNjAwMDBaFw0wMTA3MTcxNjAw
 MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
 UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
-yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
-IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
-AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
-ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
-85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
-i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
-VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
-hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
-Iy/P6Hx0b2bZ5H6v/y6bqw==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
+NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
+7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
+vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
+ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
+w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
+sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCXBZanjJI96eWgPGv2LIgu
+9ZtEAd2C01lMc2UQHUMicPDFW1oQeptIruRGPVv+2ct9OhnC4JzBi18EAzxklsuF
+PsQZ+Lq/38hvdlX5bHGoRSJtFdB+ZkyFETr9AZNIYnxdSKrmUEwLPz/4rzB5KAoc
+wYNLbNWS2XqATA1rJ+cxmg==
 -----END CERTIFICATE-----
 
 server.pem:
 -----BEGIN CERTIFICATE-----
-MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
 ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
-MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
-crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
-9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
-YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
-JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkw
+NDE1MjgzMlowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCd
+GnMWRIYF2JB6lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT
+7jwX433CEH8PgKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtL
+zeMCAwEAAaNHMEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNV
+HREEHDAahwTAqAEKghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
+gYEAc8/9nm5UksO7kuhco3BbqjzkY4YSU9w55XznhYsnKI50qAcNpjnrH5qoIzW7
+8XXCfv9JQYiE7xpNyqjcf+BrZniwsYfmDvbADcodnZMgstOdbFL9PniCZyJYEGK9
+0C5iusx4Pwc1cqvwewy5oX7HW7T4uF9s3ZJALotCTVtJSqA=
 -----END CERTIFICATE-----
 
 server-self.pem:
 -----BEGIN CERTIFICATE-----
-MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+MIICDTCCAXYCCQDyTgBiXvBOyDANBgkqhkiG9w0BAQsFADBLMRMwEQYKCZImiZPy
 LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
+dmVyLmV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkwNDE1MjgzMlow
 SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
-gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
-pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
-6JR2XOHSot4zsr68
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCdGnMWRIYF2JB6
+lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT7jwX433CEH8P
+gKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtLzeMCAwEAATAN
+BgkqhkiG9w0BAQsFAAOBgQAbZGd5kU53gt31RWnnqurK6UgbM3tjJuy6sfy2bSYm
+vAkOeUqXmwwE10f4q6zboBalXHiyPymhq8Ybq0EKko4KdIboe8oVbadwgS6NtR4w
+SqRDpJvb1AboHq/IERnYX9IPAg7v4HTxpIsAt6KWhecUoXWUhbfxfVRcLmcRl3qs
+wA==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/old-ca-key.pem b/tls/tests/files/old-ca-key.pem
index c0eb15d..8905247 100644 (file)
--- a/tls/tests/files/old-ca-key.pem
+++ b/tls/tests/files/old-ca-key.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDAcmBlQzZO0JXytrD6hG7mLM4UOcv/Mq0Spdko3VfLkBXMJKF5
-TC8gJYFw5/YhWH5rQ3hQoSUq/GbaHZh1XrJpHBYHQn4sS0m4Nlrd/q1pyvSMNr0s
-Ywe+McBw9TFqGgimV6rgDGsjqz3uxqOlo5goovOS7BT9XxcHMBW3/uQuIQIDAQAB
-AoGBAIxYXTg8BfUAZPo2hWaNAhtWfYt+gui/WjyJOo90rDxF/b98z02YY527/GQM
-phC3aqpq7+lNO7/XhmJ2xuKBhvWgw7sVjhEG5bqigofH8Rc3W/SvNyo1xh658HDF
-3IgpUVAMKVb3puvZNOqBn+3WxfFP7cawSPH+gU2GTdk+e5nJAkEA4LWOlU3vlVnp
-Rd3ngQNrfrh0MR2tD34Pu0xvvpNq9KWUjREVtcNGCFx0M4WYl1caiwtmWUtmdfhy
-Yd49v0E1VwJBANs+ujWmjh8hfwAZ1lQ5DfJROAvmxYrrn98sdj9RzuhnGdFoE+Ld
-BkpAQU1PvTPp2ot60633pwEDLZzd7tfb1UcCQDUcdIDxlMkWIT60Pj2OE2A2NLBP
-NVJOF2XLoTXIHiWI5V2aRilZ6DmdsJFk6DYNDmcC4MQGQEdt24sqPinwPa0CQE6S
-kWtu0FpJx9kCaXRvqhbgkqR5ROx/eyEhLxOMPwm9AVyx3wabzYhItN5/KEB1m7QH
-Bdu/+GL9f5hLVTCZATsCQQCyc9HNvPb2V4q4ksn+RuQH7VHI/cOtqTvldBXm1HhV
-XlM4brBTQjS1WbSmjlTcnzwfaLQXk+pGsqThOgbLwDvq
+MIICXQIBAAKBgQDM8Bujfr5CYLJxcsNrsIvzJ1vjIjtFbyFuZ60d8fRZ9gUTg05/
+wOsvIRTiJEEmYiL8OWZiZVU2d2zObIqvShf3QD/NNY2B8F1wldhP2qutqLtL5J/h
+ruWvl3PVmMxBpTAHmRbxFK063yXc5ilyy7G5+3FrUVweTVEjAG1Uslxh/wIDAQAB
+AoGAToRrwm8ry9iqZWbX0mmYpPdecB5MYSTbxSX5oLBzswfcGAbFy5KJSMw+6QmE
+4ITW7JW9UVOLm0uUJ15UoCYeGdAwllQLmPfattyfUZgvCrbUfUIcm1+HfubgqKeU
+lfmMqXNtZ77wPyILo/ZR2Pneaj4tLufE05yNuLCDcAgWbwECQQDrxyeFEkcKGy1P
+4mksCcYFqlWH2aajQCHHcoSfuDZCq2/TZ2NFkD9ceABG7V8w+ibpM8xR1OItqmWp
+CAsLn2aBAkEA3oPQ9oklmKnsftws7z7OHmuMhCva2/vddNIVyQ4InDp7PoEkXPlg
+/nSVSL9u2OKzVYmEEnwJSOYsgESv3dSIfwJAJBWQuM75TFSodKdkDTdZtRhCis4G
+sMlp4gpmvcMFmuJ99M7H5KeU6uP6tuAxR1+hgONKi+OW0gJYGKyAdEDrAQJBAMR7
+xTNNW2N4+Jn0tcD0xnFaKpQzXWjO+HhFYnNM7xF1GorQ4lku5BUMwR2h3LGrTQwF
+CBiCanhyt2z0Og85suUCQQDoc87wE76FzY1ARs06lKnppkQyDdxFVV01tBGOEsjH
+PWBmpHQ/wR78K6ibOKJSk+5b+eEBmv6HXKN0aVKmH2r0
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/old-ca.pem b/tls/tests/files/old-ca.pem
index cdee6c2..584fe4a 100644 (file)
--- a/tls/tests/files/old-ca.pem
+++ b/tls/tests/files/old-ca.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEETCCA3qgAwIBAgIJAP2QjCV8pipcMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK
+MIIEETCCA3qgAwIBAgIJANgUrKCn74UyMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK
 CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UE
 CwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMM
 GW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQ1MDgyMjAwMjIzMVowgZ8xEzAR
+YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQ4MDkwMjE1MjgzMlowgZ8xEzAR
 BgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYD
 VQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UE
 AwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA
-ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMByYGVDNk7Q
-lfK2sPqEbuYszhQ5y/8yrRKl2SjdV8uQFcwkoXlMLyAlgXDn9iFYfmtDeFChJSr8
-ZtodmHVesmkcFgdCfixLSbg2Wt3+rWnK9Iw2vSxjB74xwHD1MWoaCKZXquAMayOr
-Pe7Go6WjmCii85LsFP1fFwcwFbf+5C4hAgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU
-Lu6rFocDkpwOJyAjyQrCxuefLW8wgdQGA1UdIwSBzDCByYAULu6rFocDkpwOJyAj
-yQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ
+ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzwG6N+vkJg
+snFyw2uwi/MnW+MiO0VvIW5nrR3x9Fn2BRODTn/A6y8hFOIkQSZiIvw5ZmJlVTZ3
+bM5siq9KF/dAP801jYHwXXCV2E/aq62ou0vkn+Gu5a+Xc9WYzEGlMAeZFvEUrTrf
+JdzmKXLLsbn7cWtRXB5NUSMAbVSyXGH/AgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU
+pB+h4wjjUruJVMGfZCqWMDl0UogwgdQGA1UdIwSBzDCByYAUpB+h4wjjUruJVMGf
+ZCqWMDl0UoihgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ
 k/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmlj
 YXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQD9kIwlfKYqXDAPBgNV
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQDYFKygp++FMjAPBgNV
 HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFt
 cGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUF
-AAOBgQAQLX3HpbnxH3gLf6rhj7IQEizZhAEGpvLMURlDdUdoH9ZYPsQ49rZ2kcjD
-FFUKa4Y9/smcBOkF1Za9xepinsftz8ALhsfyo3azXUJTm7sRcQzQkwaSsAh0smIv
-UbmMskbCbFVDwW8xu+SCRJac/+NAuxjxkgrytZksJPvQB545XQ==
+AAOBgQA9/ayjyidZN9pCQUrEZv0SU+lcb+zm2X4hg+HNfJrwTpjjB2h3/KE2NaVu
+x5KIkNTEbZoE8t4CctxSBWC0BFXLrDFrGiJsDG+cQQ2krKmdH0pX9SmLano51QVd
+jz+6LlQu/AxWOJbN7aMt7LKsURNTIqyJ1JBOIjeEJan8PwKAyA==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/root-ca-csr.pem b/tls/tests/files/root-ca-csr.pem
index 48f5365..a07fbac 100644 (file)
--- a/tls/tests/files/root-ca-csr.pem
+++ b/tls/tests/files/root-ca-csr.pem
@@ -2,13 +2,13 @@
 MIICGDCCAYECAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
 ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV
 BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl
-LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvapKy45xtxon3669spqf
-+/nXzp3q7WLmQiTd0+7h60d6AekMbltqr4IhR1jUDIJzPo4vrUnWVsHcqyTp7Kj3
-Cgoce2jQEn0hURvsrulP6Bq7tB5LXkxQrmY1+55R8h1dMI2kd7Po3O3gfntuCokm
-smceeid064RqUQWAO04GqKUCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O
-BBYEFJgG0IEcATibiGotzcoALRkPcZWxMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
-AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBACd9IesNyKrVhriex7hMBZv+1M1A
-9/1ZPstHARbjRJ4AhOKQGvu3Bz7yiuzWUyVaY+naMYlu1rPcA01588xbKdBCGF9Z
-noOeVHlTZwu1OOV57KjwoilRBtjNNbmUUl3t4nlw6+sz5pPjyVYPBunMiig3n1Ke
-8jYPdl0bW/kX+8ve
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJ+gHXIfrZkeN5usgZ/T
+lH00SY3rrf3l/uECbm9F/J3Q8Fi+zx1WfABxoT/2Y8ZJVJ4+6cgzB1Np1sHxzxSb
+1gObDmPcdatHzVgO38ma+vc361yoSccvIbZtj8duSFxkXIeXFdDM5OBnFkkkcNvW
+bILDpqxe5a6U13oMob3DLXsCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O
+BBYEFHVtEuj76FtL3LLBlSNARLKQoo91MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAGidrp63DbPcV6NuKmG/gjTlWw54
+Oj7wSgz2ie1TEOB87JeGJGo9bjbiZF9deHfeXdm0Ot59RsuIfVxhn5oOUn+2++Fd
+Gv+DqCbbRn2KSznKi+w7u99hz+pMmq0TAZXhCtQFXFwLjj6AlKyzNnP7eVTO28U5
+xHVq6H4QGmnfPnVO
 -----END CERTIFICATE REQUEST-----

diff --git a/tls/tests/files/server-and-key.pem b/tls/tests/files/server-and-key.pem
index a74436a..1fa3d70 100644 (file)
--- a/tls/tests/files/server-and-key.pem
+++ b/tls/tests/files/server-and-key.pem
@@ -1,23 +1,31 @@
 -----BEGIN CERTIFICATE-----
-MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
 ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
-MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
-crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
-9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
-YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
-JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkw
+NDE1MjgzMlowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCd
+GnMWRIYF2JB6lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT
+7jwX433CEH8PgKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtL
+zeMCAwEAAaNHMEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNV
+HREEHDAahwTAqAEKghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
+gYEAc8/9nm5UksO7kuhco3BbqjzkY4YSU9w55XznhYsnKI50qAcNpjnrH5qoIzW7
+8XXCfv9JQYiE7xpNyqjcf+BrZniwsYfmDvbADcodnZMgstOdbFL9PniCZyJYEGK9
+0C5iusx4Pwc1cqvwewy5oX7HW7T4uF9s3ZJALotCTVtJSqA=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
-7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
-hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
-YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
-DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
-8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
-c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
+MIICXQIBAAKBgQDi54q85mpdHj2wXZ7GwTEultUrfasw+1nA3bw1gJ0acxZEhgXY
+kHqU9aJPNY9R0TLgCaJ8SyJYTZOGyYF5fhw/PxigRi3ZoJ6esC4UeJPuPBfjfcIQ
+fw+ApDm1tYofHDPk+KS2RFRZc/j0oDbtEQm9BkymHC9Ene4FmvHJ20vN4wIDAQAB
+AoGARrZx/jywmSR7hSMoADjk4ugOtucLGtC6P+jaZrIWQ8/p+KDr4XnlOdbzJkxC
+xfS0Li3SfXnM0kga2b6iowIyOs1sAbvjOBQMiQAzueDB/weOlQOHM1WoREuaYkCT
+YtMWfNpG0NKVcpM/izs6eGonJCk89uE3e0RqiTHsd3Mh6gECQQDzsjyMAquDHWGS
+0owHFvhzHrrEi0uJs7ZGFxTIAs1kFeqN3ZCR50ox0qsyChfp9kKu5ph8Jlc5phPl
+Lf8rS9sDAkEA7lxFvx7L9LxWUwuWoESCJkIZ9OyuVfpMrPejTB3jb82PHThRZiOY
+H7qchd5fX2+M/NZCMQ1IffqP/LAe7D9boQJBAJc/gSqYoaBfxOZePMBNtmeko+BG
+X9yYKEG6I5C7hIRgwdHIuOiFN1xS1yPYdd0klWB+CBfNqAdEl0Z/VManbscCQA0x
+9np6DfhiZLT8Mz50DHBpwF4arBv+WzhIDTYtgWWzD3UipP7ugYFgJ0IR6V2zIy7r
+/YYRoi23LTlj1pJlf4ECQQDkV3fhhqtq18OK4hOh4Q9Nlw5XwYckGJkRs30FAv53
+BIf/RaEn14H+itjWsK30f7qdZukUi+tQbDn6nQRlcI1+
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/server-intermediate-csr.pem b/tls/tests/files/server-intermediate-csr.pem
index c112d6c..aea69db 100644 (file)
--- a/tls/tests/files/server-intermediate-csr.pem
+++ b/tls/tests/files/server-intermediate-csr.pem
@@ -1,9 +1,12 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIBNjCB4QIBADBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
-GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFwwDQYJKoZI
-hvcNAQEBBQADSwAwSAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/A
-jUg3gVFKw+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAaAxMC8GCSqGSIb3
-DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
-9w0BAQUFAANBADtTaSyvJDUzCuim8Wlk8MVVsGQzC2czFRshO5JcPgjq08gN9FXM
-KUYeUQYLGGVnVXkTqWdAOog769XukpDGv2g=
+MIIBvDCCASUCAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAl0zF3tH3V9QquvMVFgAGREcxj59CGM9X7TCW
+WNycgbhITJxR8WqbAlHmpjGVFWtmZPvheg4pEUppzPGiaIfX/cdTXuAB/cQ/iGya
+bvsQA9d75VjQL3caZjJvspO2s/lOuP3XZX9QpngKGTbQ0DEzNeadG1ckFuXOWOj5
+DkgIUV0CAwEAAaAxMC8GCSqGSIb3DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUE
+DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOBgQA0ftvjH1S90rK5/wahpUPL
+K9ml0Wumf2+g+Ce2EExxHKdiYRmpnHgUG0pV7jOmZlv37Dm77pFUyu5I8V4UHgVB
+WcSdLhMVqZpF6TCekKSy5bUDqCgoYp/XsJX+Ka/NUKVrmNz9ymb4pA13hC+DYi0C
+KHSaH8M/EP0XSUW5Lez1nw==
 -----END CERTIFICATE REQUEST-----

diff --git a/tls/tests/files/server-intermediate-key.pem b/tls/tests/files/server-intermediate-key.pem
index 32661d5..c5ce4f7 100644 (file)
--- a/tls/tests/files/server-intermediate-key.pem
+++ b/tls/tests/files/server-intermediate-key.pem
@@ -1,9 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/AjUg3gVFK
-w+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAQJACu1/RMIenHYnmaOOgDrU
-/0q+a/QnwZqx3JWzJyJsYhZmAJRw7/0MjsrD+UoPggvliu77FmnYihYEPxdlM39D
-QQIhAPE0Lu0W1vhiXxuEwIP7w7ix/IlTgZ/xIhoOltfwKSMPAiEA2itd/y6MvNgq
-39ZZDiAn5mjyDoSNJuafRi1FNY4fP+kCIGcNRH9HItE8NiYrsZSyHAzs/lgttVQA
-UfGQCiJ4GRtBAiBc+I4d6KBg+V2L9bQNqPZX4fEE7seYBD9rkG8l22LFwQIgOKPr
-BUkGlw/IMHWVXhQkPKSAPoSLHEvGiQCIyIckCMc=
+MIICXAIBAAKBgQCXTMXe0fdX1Cq68xUWAAZERzGPn0IYz1ftMJZY3JyBuEhMnFHx
+apsCUeamMZUVa2Zk++F6DikRSmnM8aJoh9f9x1Ne4AH9xD+IbJpu+xAD13vlWNAv
+dxpmMm+yk7az+U64/ddlf1CmeAoZNtDQMTM15p0bVyQW5c5Y6PkOSAhRXQIDAQAB
+AoGAYic4JrloEN5fajDQeRlC94CIMnhK1PWOQR3IK5XTIoR+wtSWhFt4fCTN0PtR
+kDfAkbqmKByPn9v6jy4jAlU+VTFgZzf4qGwVdyc7Xurvi1JgHogWL287Vdi4RAPN
+/e09jG7v5NmhHs8UM1imjLTl28s4BT8ouk6nek7NFxoKxjECQQDG3jcAu/+3o99v
+IZMcbRXtvL1saTvQv+BuY3pINxayy3vb5+zpnwheyOBaG03InmIX3UWWBr0NOglv
+Y4rWjyx3AkEAwsQmsJK/wsaoEhkJHJGAlFgv2J+/R8dtuoV71DedHIkbAElhvjFp
+A5WNqRVV7UAdt9h4n1Xk0gqibyipYecpywJAMEcmBzGcpNJNnccC1bXNywc03Sq2
+8LiEHYhc2Uc2ZXVsvjgRla2b9JbDkFxsh7WbjruS9xbvslRSkg4SWIAthQJBAIRN
+BhMPvF8s3uJcS0oytGsQdH/sE91IZQs8vV7s4DaQE91f+5tcqP8cSfw/V/0vfoBx
+9Y4WpLbhLnHf5x9wDX0CQAGK5bDGqpQNwp5s527LGAMycVJyu8jQ15nnlCL15/Qi
+x/gOnrDq9BJyd8V5ZfWlHfnyFHl7dvr+ypm6omIhOBw=
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/server-intermediate.pem b/tls/tests/files/server-intermediate.pem
index 6e4246a..e23848d 100644 (file)
--- a/tls/tests/files/server-intermediate.pem
+++ b/tls/tests/files/server-intermediate.pem
@@ -1,14 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+MIICtjCCAh+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
 bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
 aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
-LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
+LWNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkwNDE1Mjg0OVow
 SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
-urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
-ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
-rIGhqRjNMWRmaH1wgSCGRiE=
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAl0zF3tH3V9QquvMVFgAGREcxj59CGM9X7TCWWNycgbhITJxR8Wqb
+AlHmpjGVFWtmZPvheg4pEUppzPGiaIfX/cdTXuAB/cQ/iGyabvsQA9d75VjQL3ca
+ZjJvspO2s/lOuP3XZX9QpngKGTbQ0DEzNeadG1ckFuXOWOj5DkgIUV0CAwEAAaNH
+MEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTA
+qAEWghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEACXgdI2AC
+f2QByzeXmmMgFm7jLsYw28S6Jvj6vFM9Rzg5Zta64B3kvT2+yk/gaKMBYCBtvRud
+6vjXKrCYlfdJa2yH4HtN1GDL6KYvx0/qJamT71pVvCuLIDzYMf0CcvoYtHZ5HDp3
+RFmQfU4QUk5+0YwwkpBFNQ4oiKjVPTBd5J4=
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/server-key.der b/tls/tests/files/server-key.der
index abd1336..c1f9a91 100644 (file)
Binary files a/tls/tests/files/server-key.der and b/tls/tests/files/server-key.der differ

diff --git a/tls/tests/files/server-key.pem b/tls/tests/files/server-key.pem
index 93a9cc5..6f6fe99 100644 (file)
--- a/tls/tests/files/server-key.pem
+++ b/tls/tests/files/server-key.pem
@@ -1,9 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
-7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
-hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
-YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
-DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
-8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
-c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
+MIICXQIBAAKBgQDi54q85mpdHj2wXZ7GwTEultUrfasw+1nA3bw1gJ0acxZEhgXY
+kHqU9aJPNY9R0TLgCaJ8SyJYTZOGyYF5fhw/PxigRi3ZoJ6esC4UeJPuPBfjfcIQ
+fw+ApDm1tYofHDPk+KS2RFRZc/j0oDbtEQm9BkymHC9Ene4FmvHJ20vN4wIDAQAB
+AoGARrZx/jywmSR7hSMoADjk4ugOtucLGtC6P+jaZrIWQ8/p+KDr4XnlOdbzJkxC
+xfS0Li3SfXnM0kga2b6iowIyOs1sAbvjOBQMiQAzueDB/weOlQOHM1WoREuaYkCT
+YtMWfNpG0NKVcpM/izs6eGonJCk89uE3e0RqiTHsd3Mh6gECQQDzsjyMAquDHWGS
+0owHFvhzHrrEi0uJs7ZGFxTIAs1kFeqN3ZCR50ox0qsyChfp9kKu5ph8Jlc5phPl
+Lf8rS9sDAkEA7lxFvx7L9LxWUwuWoESCJkIZ9OyuVfpMrPejTB3jb82PHThRZiOY
+H7qchd5fX2+M/NZCMQ1IffqP/LAe7D9boQJBAJc/gSqYoaBfxOZePMBNtmeko+BG
+X9yYKEG6I5C7hIRgwdHIuOiFN1xS1yPYdd0klWB+CBfNqAdEl0Z/VManbscCQA0x
+9np6DfhiZLT8Mz50DHBpwF4arBv+WzhIDTYtgWWzD3UipP7ugYFgJ0IR6V2zIy7r
+/YYRoi23LTlj1pJlf4ECQQDkV3fhhqtq18OK4hOh4Q9Nlw5XwYckGJkRs30FAv53
+BIf/RaEn14H+itjWsK30f7qdZukUi+tQbDn6nQRlcI1+
 -----END RSA PRIVATE KEY-----

diff --git a/tls/tests/files/server-self.pem b/tls/tests/files/server-self.pem
index 3827cda..e1215b3 100644 (file)
--- a/tls/tests/files/server-self.pem
+++ b/tls/tests/files/server-self.pem
@@ -1,11 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+MIICDTCCAXYCCQDyTgBiXvBOyDANBgkqhkiG9w0BAQsFADBLMRMwEQYKCZImiZPy
 LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
+dmVyLmV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkwNDE1MjgzMlow
 SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
-gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
-pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
-6JR2XOHSot4zsr68
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCdGnMWRIYF2JB6
+lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT7jwX433CEH8P
+gKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtLzeMCAwEAATAN
+BgkqhkiG9w0BAQsFAAOBgQAbZGd5kU53gt31RWnnqurK6UgbM3tjJuy6sfy2bSYm
+vAkOeUqXmwwE10f4q6zboBalXHiyPymhq8Ybq0EKko4KdIboe8oVbadwgS6NtR4w
+SqRDpJvb1AboHq/IERnYX9IPAg7v4HTxpIsAt6KWhecUoXWUhbfxfVRcLmcRl3qs
+wA==
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/server.der b/tls/tests/files/server.der
index a3a4b39..8e36caa 100644 (file)
Binary files a/tls/tests/files/server.der and b/tls/tests/files/server.der differ

diff --git a/tls/tests/files/server.pem b/tls/tests/files/server.pem
index 56be360..573827c 100644 (file)
--- a/tls/tests/files/server.pem
+++ b/tls/tests/files/server.pem
@@ -1,14 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
 ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
 ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
-MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
-crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
-9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
-YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
-JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkw
+NDE1MjgzMlowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCd
+GnMWRIYF2JB6lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT
+7jwX433CEH8PgKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtL
+zeMCAwEAAaNHMEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNV
+HREEHDAahwTAqAEKghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
+gYEAc8/9nm5UksO7kuhco3BbqjzkY4YSU9w55XznhYsnKI50qAcNpjnrH5qoIzW7
+8XXCfv9JQYiE7xpNyqjcf+BrZniwsYfmDvbADcodnZMgstOdbFL9PniCZyJYEGK9
+0C5iusx4Pwc1cqvwewy5oX7HW7T4uF9s3ZJALotCTVtJSqA=
 -----END CERTIFICATE-----

diff --git a/tls/tests/files/ssl/ca.conf b/tls/tests/files/ssl/ca.conf
index 8e1844e..bf776ec 100644 (file)
--- a/tls/tests/files/ssl/ca.conf
+++ b/tls/tests/files/ssl/ca.conf
@@ -1,6 +1,7 @@
 # Root CA
 
 [ req ]
+# Use SHA-1 to verify that it does not affect the trust of root certificates.
 default_md              = sha1
 utf8                    = yes
 string_mask             = utf8only

diff --git a/tls/tests/files/ssl/client.conf b/tls/tests/files/ssl/client.conf
index be59460..2ba2c77 100644 (file)
--- a/tls/tests/files/ssl/client.conf
+++ b/tls/tests/files/ssl/client.conf
@@ -1,7 +1,7 @@
 # Client
 
 [ req ]
-default_md              = sha1
+default_md              = sha256
 utf8                    = yes
 string_mask             = utf8only
 prompt                  = no

diff --git a/tls/tests/files/ssl/intermediate-ca.conf b/tls/tests/files/ssl/intermediate-ca.conf
index f766c14..53b1f7e 100644 (file)
--- a/tls/tests/files/ssl/intermediate-ca.conf
+++ b/tls/tests/files/ssl/intermediate-ca.conf
@@ -1,7 +1,7 @@
 # Intermediate Root CA
 
 [ req ]
-default_md              = sha1
+default_md              = sha256
 utf8                    = yes
 string_mask             = utf8only
 prompt                  = no

diff --git a/tls/tests/files/ssl/server-intermediate.conf b/tls/tests/files/ssl/server-intermediate.conf
index d899a0f..8dbf236 100644 (file)
--- a/tls/tests/files/ssl/server-intermediate.conf
+++ b/tls/tests/files/ssl/server-intermediate.conf
@@ -1,7 +1,7 @@
 # Server
 
 [ req ]
-default_md              = sha1
+default_md              = sha256
 utf8                    = yes
 string_mask             = utf8only
 prompt                  = no
@@ -25,3 +25,4 @@ subjectAltName          = @alt_names
 
 [ alt_names ]
 IP.0                    = 192.168.1.22
+DNS.0                   = "server.example.com"

diff --git a/tls/tests/files/ssl/server.conf b/tls/tests/files/ssl/server.conf
index 6a98029..7adb406 100644 (file)
--- a/tls/tests/files/ssl/server.conf
+++ b/tls/tests/files/ssl/server.conf
@@ -1,7 +1,7 @@
 # Server
 
 [ req ]
-default_md              = sha1
+default_md              = sha256
 utf8                    = yes
 string_mask             = utf8only
 prompt                  = no
@@ -25,3 +25,4 @@ subjectAltName          = @alt_names
 
 [ alt_names ]
 IP.0                    = 192.168.1.10
+DNS.0                   = "server.example.com"

diff --git a/tls/tests/meson.build b/tls/tests/meson.build
new file mode 100644 (file)
index 0000000..fc73a4b
--- /dev/null
+++ b/tls/tests/meson.build
@@ -0,0 +1,111 @@
+incs = [
+  top_inc,
+  tls_inc
+]
+
+deps = [
+  gio_dep,
+  glib_dep,
+  gmodule_dep,
+  gobject_dep,
+  gnutls_dep
+]
+
+cflags = [
+  '-DSRCDIR="@0@"'.format(meson.current_source_dir()),
+  '-DTOP_BUILDDIR="@0@"'.format(meson.build_root())
+]
+
+envs = [
+  'G_TEST_SRCDIR=' + meson.current_source_dir(),
+  'G_TEST_BUILDDIR=' + meson.current_build_dir(),
+]
+
+test_programs = [
+  ['certificate', [], deps, []],
+  ['file-database', [], deps, []],
+  ['connection', ['mock-interaction.c'], deps, []],
+# DTLS tests are disabled until we fix https://gitlab.gnome.org/GNOME/glib-networking/issues/49
+#  ['dtls-connection', ['mock-interaction.c'], deps, ['openssl']],
+]
+
+foreach backend: backends
+  foreach program: test_programs
+    if not program[3].contains(backend)
+      program_name = program[0] + '-' + backend
+
+      test_conf = configuration_data()
+      test_conf.set('installed_tests_dir', installed_tests_execdir)
+      test_conf.set('program', program_name)
+
+      if enable_installed_tests
+        configure_file(
+          input: test_template,
+          output: program_name + '.test',
+          install_dir: installed_tests_metadir,
+          configuration: test_conf
+        )
+      endif
+
+      test_cflags = cflags + [
+        '-DBACKEND="@0@"'.format(backend),
+        '-DBACKEND_IS_' + backend.to_upper(),
+      ]
+
+      exe = executable(
+        program_name,
+        [program[0] + '.c'] + program[1],
+        include_directories: incs,
+        dependencies: program[2],
+        c_args: test_cflags,
+        install: enable_installed_tests,
+        install_dir: installed_tests_execdir
+      )
+
+      test_envs = envs + [
+        'GIO_MODULE_DIR=' + join_paths(meson.build_root(), 'tls', backend)
+      ]
+
+      # OpenSSL tests are disabled until we fix https://gitlab.gnome.org/GNOME/glib-networking/issues/54
+      if backend != 'openssl'
+        test(program_name, exe, env: test_envs)
+      endif
+    endif
+  endforeach
+endforeach
+
+if enable_installed_tests
+  test_data = files(
+    'files/ca-alternative.pem',
+    'files/ca-key.pem',
+    'files/ca.pem',
+    'files/ca-roots-bad.pem',
+    'files/ca-roots.pem',
+    'files/ca-verisign-sha1.pem',
+    'files/chain.pem',
+    'files/chain-with-verisign-md2.pem',
+    'files/client2-and-key.pem',
+    'files/client2-key.pem',
+    'files/client2.pem',
+    'files/client-and-key.pem',
+    'files/client-future.pem',
+    'files/client-past.pem',
+    'files/client.pem',
+    'files/garbage.pem',
+    'files/intermediate-ca.pem',
+    'files/non-ca.pem',
+    'files/server-and-key.pem',
+    'files/server.der',
+    'files/server-intermediate-key.pem',
+    'files/server-intermediate.pem',
+    'files/server-key.der',
+    'files/server-key.pem',
+    'files/server.pem',
+    'files/server-self.pem'
+  )
+
+  install_data(
+    test_data,
+    install_dir: join_paths(installed_tests_execdir, 'files')
+  )
+endif

diff --git a/tls/tests/mock-interaction.c b/tls/tests/mock-interaction.c
index 1bcb729..05d3ce4 100644 (file)
--- a/tls/tests/mock-interaction.c
+++ b/tls/tests/mock-interaction.c
@@ -1,20 +1,20 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /*
  * Copyright (C) 2011 Collabora Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
  *
  * In addition, when the library is used with OpenSSL, a special
  * exception applies. Refer to the LICENSE_EXCEPTION file for details.
@@ -29,6 +29,15 @@
 
 #include "mock-interaction.h"
 
+struct _MockInteraction
+{
+  GTlsInteraction parent_instance;
+
+  gchar *static_password;
+  GTlsCertificate *static_certificate;
+  GError *static_error;
+};
+
 G_DEFINE_TYPE (MockInteraction, mock_interaction, G_TYPE_TLS_INTERACTION);
 
 static void
@@ -57,7 +66,7 @@ mock_interaction_ask_password_finish (GTlsInteraction    *interaction,
                                       GError            **error)
 {
   g_return_val_if_fail (g_task_is_valid (result, interaction),
-                       G_TLS_INTERACTION_UNHANDLED);
+                        G_TLS_INTERACTION_UNHANDLED);
 
   if (g_task_had_error (G_TASK (result)))
     {

diff --git a/tls/tests/mock-interaction.h b/tls/tests/mock-interaction.h
index f357d8a..875207a 100644 (file)
--- a/tls/tests/mock-interaction.h
+++ b/tls/tests/mock-interaction.h
@@ -1,11 +1,11 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /*
  * Copyright (C) 2011 Collabora Ltd.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -28,30 +28,8 @@
 G_BEGIN_DECLS
 
 #define MOCK_TYPE_INTERACTION         (mock_interaction_get_type ())
-#define MOCK_INTERACTION(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), MOCK_TYPE_INTERACTION, MockInteraction))
-#define MOCK_INTERACTION_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), MOCK_TYPE_INTERACTION, MockInteractionClass))
-#define MOCK_IS_INTERACTION(o)        (G_TYPE_CHECK_INSTANCE_TYPE ((o), MOCK_TYPE_INTERACTION))
-#define MOCK_IS_INTERACTION_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), MOCK_TYPE_INTERACTION))
-#define MOCK_INTERACTION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), MOCK_TYPE_INTERACTION, MockInteractionClass))
 
-typedef struct _MockInteraction         MockInteraction;
-typedef struct _MockInteractionClass    MockInteractionClass;
-
-struct _MockInteraction
-{
-  GTlsInteraction parent_instance;
-  gchar *static_password;
-  GTlsCertificate *static_certificate;
-  GError *static_error;
-};
-
-struct _MockInteractionClass
-{
-  GTlsInteractionClass parent_class;
-};
-
-
-GType            mock_interaction_get_type   (void);
+G_DECLARE_FINAL_TYPE (MockInteraction, mock_interaction, MOCK, INTERACTION, GTlsInteraction)
 
 GTlsInteraction *mock_interaction_new_static_password       (const gchar *password);
 

diff --git a/tls/tests/mock-pkcs11.c b/tls/tests/mock-pkcs11.c
deleted file mode 100644 (file)
index 4eaeb99..0000000
--- a/tls/tests/mock-pkcs11.c
+++ /dev/null
@@ -1,1547 +0,0 @@
-/*
- * Copyright (C) 2010 Stefan Walter
- * Copyright (C) 2011 Collabora Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General  License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General  License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#include "config.h"
-
-#include "mock-pkcs11.h"
-
-#include <p11-kit/pkcs11.h>
-
-#include <glib.h>
-
-#include <string.h>
-
-/*
- * This is *NOT* how you'd want to implement a PKCS#11 module. This
- * fake module simply provides enough for gnutls-pkcs11 backend to test against.
- * It doesn't pass any tests, or behave as expected from a PKCS#11 module.
- */
-
-static gboolean initialized = FALSE;
-static gchar *the_pin = NULL;
-static gulong n_the_pin = 0;
-
-static gboolean logged_in = FALSE;
-static CK_USER_TYPE user_type = 0;
-static CK_FUNCTION_LIST functionList;
-
-typedef enum
-{
-  OP_FIND = 1,
-  OP_CRYPTO
-} Operation;
-
-typedef struct
-{
-  CK_SESSION_HANDLE handle;
-  CK_SESSION_INFO info;
-  GHashTable *objects;
-
-  Operation operation;
-
-  /* For find operations */
-  GList *matches;
-
-  /* For crypto operations */
-  CK_OBJECT_HANDLE crypto_key;
-  CK_ATTRIBUTE_TYPE crypto_method;
-  CK_MECHANISM_TYPE crypto_mechanism;
-  CK_BBOOL want_context_login;
-} Session;
-
-static guint unique_identifier = 100;
-static GHashTable *the_sessions = NULL;
-static GHashTable *the_objects = NULL;
-
-static void
-free_session (gpointer data)
-{
-  Session *sess = (Session*)data;
-  if (sess)
-    g_hash_table_destroy (sess->objects);
-  g_free (sess);
-}
-
-static GPkcs11Array *
-lookup_object (Session *session,
-               CK_OBJECT_HANDLE hObject)
-{
-  GPkcs11Array *attrs;
-  attrs = g_hash_table_lookup (the_objects, GUINT_TO_POINTER (hObject));
-  if (!attrs)
-    attrs = g_hash_table_lookup (session->objects, GUINT_TO_POINTER (hObject));
-  return attrs;
-}
-
-CK_OBJECT_HANDLE
-mock_module_take_object (GPkcs11Array *attrs)
-{
-  gboolean token;
-  guint handle;
-
-  g_return_val_if_fail (the_objects, 0);
-
-  if (g_pkcs11_array_find_boolean (attrs, CKA_TOKEN, &token))
-    g_return_val_if_fail (token == TRUE, 0);
-
-  handle = ++unique_identifier;
-  g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE);
-  g_hash_table_insert (the_objects, GUINT_TO_POINTER (handle), attrs);
-  return handle;
-}
-
-void
-mock_module_enumerate_objects (CK_SESSION_HANDLE handle,
-                               MockEnumerator func,
-                               gpointer user_data)
-{
-  GHashTableIter iter;
-  gpointer key;
-  gpointer value;
-  Session *session;
-  gboolean private;
-
-  g_assert (the_objects);
-  g_assert (func);
-
-  /* Token objects */
-  g_hash_table_iter_init (&iter, the_objects);
-  while (g_hash_table_iter_next (&iter, &key, &value))
-    {
-      /* Don't include private objects when not logged in */
-      if (!logged_in)
-        {
-          if (g_pkcs11_array_find_boolean (value, CKA_PRIVATE, &private) && private == TRUE)
-            continue;
-        }
-
-      if (!(func) (GPOINTER_TO_UINT (key), value, user_data))
-        return;
-    }
-
-  /* session objects */
-  if (handle)
-    {
-      session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (handle));
-      if (session)
-        {
-          g_hash_table_iter_init (&iter, session->objects);
-          while (g_hash_table_iter_next (&iter, &key, &value))
-            {
-              /* Don't include private objects when not logged in */
-              if (!logged_in)
-                {
-                  if (g_pkcs11_array_find_boolean (value, CKA_PRIVATE, &private) && private == TRUE)
-                    continue;
-                }
-
-              if (!(func) (GPOINTER_TO_UINT (key), value, user_data))
-                return;
-            }
-        }
-    }
-}
-
-typedef struct {
-  CK_ATTRIBUTE_PTR attrs;
-  CK_ULONG n_attrs;
-  CK_OBJECT_HANDLE object;
-} FindObject;
-
-static gboolean
-enumerate_and_find_object (CK_OBJECT_HANDLE object,
-                           GPkcs11Array *attrs,
-                           gpointer user_data)
-{
-  FindObject *ctx = user_data;
-  const CK_ATTRIBUTE *match;
-  const CK_ATTRIBUTE *attr;
-  CK_ULONG i;
-
-  for (i = 0; i < ctx->n_attrs; ++i)
-    {
-      match = ctx->attrs + i;
-      attr = g_pkcs11_array_find (attrs, match->type);
-      if (!attr)
-        return TRUE; /* Continue */
-
-      if (attr->ulValueLen != match->ulValueLen ||
-          memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0)
-        return TRUE; /* Continue */
-    }
-
-  ctx->object = object;
-  return FALSE; /* Stop iteration */
-}
-
-CK_OBJECT_HANDLE
-mock_module_find_object (CK_SESSION_HANDLE session,
-                         CK_ATTRIBUTE_PTR attrs,
-                         CK_ULONG n_attrs)
-{
-  FindObject ctx;
-
-  ctx.attrs = attrs;
-  ctx.n_attrs = n_attrs;
-  ctx.object = 0;
-
-  mock_module_enumerate_objects (session, enumerate_and_find_object, &ctx);
-  return ctx.object;
-}
-
-static gboolean
-enumerate_and_count_objects (CK_OBJECT_HANDLE object,
-                             GPkcs11Array *attrs,
-                             gpointer user_data)
-{
-  guint *n_objects = user_data;
-  ++(*n_objects);
-  return TRUE; /* Continue */
-}
-
-guint
-mock_module_count_objects (CK_SESSION_HANDLE session)
-{
-  guint n_objects = 0;
-  mock_module_enumerate_objects (session, enumerate_and_count_objects, &n_objects);
-  return n_objects;
-}
-
-void
-mock_module_set_object (CK_OBJECT_HANDLE object,
-                        CK_ATTRIBUTE_PTR attrs,
-                        CK_ULONG n_attrs)
-{
-  CK_ULONG i;
-  GPkcs11Array *atts;
-
-  g_return_if_fail (object != 0);
-  g_return_if_fail (the_objects);
-
-  atts = g_hash_table_lookup (the_objects, GUINT_TO_POINTER (object));
-  g_return_if_fail (atts);
-
-  for (i = 0; i < n_attrs; ++i)
-    g_pkcs11_array_set (atts, &attrs[i]);
-}
-
-void
-mock_module_set_pin (const gchar *password)
-{
-  g_free (the_pin);
-  the_pin = g_strdup (password);
-  n_the_pin = strlen (password);
-}
-
-CK_RV
-mock_C_Initialize (CK_VOID_PTR pInitArgs)
-{
-  GPkcs11Array *attrs;
-  CK_C_INITIALIZE_ARGS_PTR args;
-
-  g_return_val_if_fail (initialized == FALSE, CKR_CRYPTOKI_ALREADY_INITIALIZED);
-
-  args = (CK_C_INITIALIZE_ARGS_PTR)pInitArgs;
-  if (args)
-    {
-      g_return_val_if_fail(
-          (args->CreateMutex == NULL && args->DestroyMutex == NULL &&
-           args->LockMutex == NULL && args->UnlockMutex == NULL) ||
-          (args->CreateMutex != NULL && args->DestroyMutex != NULL &&
-           args->LockMutex != NULL && args->UnlockMutex != NULL),
-          CKR_ARGUMENTS_BAD);
-
-      /* Flags should allow OS locking and os threads */
-      g_return_val_if_fail ((args->flags & CKF_OS_LOCKING_OK), CKR_CANT_LOCK);
-      g_return_val_if_fail ((args->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) == 0, CKR_NEED_TO_CREATE_THREADS);
-    }
-
-  the_pin = g_strdup (MOCK_SLOT_ONE_PIN);
-  n_the_pin = strlen (the_pin);
-  the_sessions = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, free_session);
-  the_objects = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, (GDestroyNotify)g_pkcs11_array_unref);
-
-  /* Our first token object */
-  attrs = g_pkcs11_array_new ();
-  g_pkcs11_array_add_ulong (attrs, CKA_CLASS, CKO_DATA);
-  g_pkcs11_array_add_value (attrs, CKA_LABEL, "TEST LABEL", -1);
-  g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE);
-  g_hash_table_insert (the_objects, GUINT_TO_POINTER (2), attrs);
-
-  /* Our second token object */
-  attrs = g_pkcs11_array_new ();
-  g_pkcs11_array_add_ulong (attrs, CKA_CLASS, CKO_DATA);
-  g_pkcs11_array_add_value (attrs, CKA_LABEL, "LABEL TWO", -1);
-  g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE);
-  g_hash_table_insert (the_objects, GUINT_TO_POINTER (3), attrs);
-
-  /* A private object */
-  attrs = g_pkcs11_array_new ();
-  g_pkcs11_array_add_ulong (attrs, CKA_CLASS, CKO_DATA);
-  g_pkcs11_array_add_value (attrs, CKA_LABEL, "PRIVATE", -1);
-  g_pkcs11_array_add_boolean (attrs, CKA_PRIVATE, TRUE);
-  g_pkcs11_array_add_boolean (attrs, CKA_TOKEN, TRUE);
-  g_hash_table_insert (the_objects, GUINT_TO_POINTER (4), attrs);
-
-  initialized = TRUE;
-  return CKR_OK;
-}
-
-CK_RV
-mock_validate_and_C_Initialize (CK_VOID_PTR pInitArgs)
-{
-  CK_C_INITIALIZE_ARGS_PTR args;
-  void *mutex;
-  CK_RV rv;
-
-  args = (CK_C_INITIALIZE_ARGS_PTR)pInitArgs;
-  if (args)
-    {
-      g_assert ((args->CreateMutex) (NULL) == CKR_ARGUMENTS_BAD && "CreateMutex succeeded wrong");
-      g_assert ((args->DestroyMutex) (NULL) == CKR_MUTEX_BAD && "DestroyMutex succeeded wrong");
-      g_assert ((args->LockMutex) (NULL) == CKR_MUTEX_BAD && "LockMutex succeeded wrong");
-      g_assert ((args->UnlockMutex) (NULL) == CKR_MUTEX_BAD && "UnlockMutex succeeded wrong");
-
-      /* Try to create an actual mutex */
-      rv = (args->CreateMutex) (&mutex);
-      g_assert (rv == CKR_OK && "CreateMutex g_assert_not_reacheded");
-      g_assert (mutex != NULL && "CreateMutex created null mutex");
-
-      /* Try and lock the mutex */
-      rv = (args->LockMutex) (mutex);
-      g_assert (rv == CKR_OK && "LockMutex g_assert_not_reacheded");
-
-      /* Try and unlock the mutex */
-      rv = (args->UnlockMutex) (mutex);
-      g_assert (rv == CKR_OK && "UnlockMutex g_assert_not_reacheded");
-
-      /* Try and destroy the mutex */
-      rv = (args->DestroyMutex) (mutex);
-      g_assert (rv == CKR_OK && "DestroyMutex g_assert_not_reacheded");
-    }
-
-  return mock_C_Initialize (pInitArgs);
-}
-
-CK_RV
-mock_C_Finalize (CK_VOID_PTR pReserved)
-{
-  g_return_val_if_fail (pReserved == NULL, CKR_ARGUMENTS_BAD);
-  g_return_val_if_fail (initialized == TRUE, CKR_CRYPTOKI_NOT_INITIALIZED);
-
-  initialized = FALSE;
-  logged_in = FALSE;
-  g_hash_table_destroy (the_objects);
-  the_objects = NULL;
-
-  g_hash_table_destroy (the_sessions);
-  the_sessions = NULL;
-
-  g_free (the_pin);
-  return CKR_OK;
-}
-
-static const CK_INFO TEST_INFO = {
-  { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
-  "TEST MANUFACTURER              ",
-  0,
-  "TEST LIBRARY                   ",
-  { 45, 145 }
-};
-
-CK_RV
-mock_C_GetInfo (CK_INFO_PTR pInfo)
-{
-  g_return_val_if_fail (pInfo, CKR_ARGUMENTS_BAD);
-  memcpy (pInfo, &TEST_INFO, sizeof (*pInfo));
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
-  g_return_val_if_fail (list, CKR_ARGUMENTS_BAD);
-  *list = &functionList;
-  return CKR_OK;
-}
-
-/*
- * Two slots
- *  ONE: token present
- *  TWO: token not present
- */
-
-CK_RV
-mock_C_GetSlotList (CK_BBOOL tokenPresent,
-                    CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
-{
-  CK_ULONG count;
-
-  g_return_val_if_fail (pulCount, CKR_ARGUMENTS_BAD);
-
-  count = tokenPresent ? 1 : 2;
-
-  /* Application only wants to know the number of slots. */
-  if (pSlotList == NULL)
-    {
-      *pulCount = count;
-      return CKR_OK;
-    }
-
-  if (*pulCount < count)
-    g_return_val_if_reached (CKR_BUFFER_TOO_SMALL);
-
-  *pulCount = count;
-  pSlotList[0] = MOCK_SLOT_ONE_ID;
-  if (!tokenPresent)
-    pSlotList[1] = MOCK_SLOT_TWO_ID;
-
-  return CKR_OK;
-}
-
-/* Update mock-pkcs11.h URIs when updating this */
-
-static const CK_SLOT_INFO TEST_INFO_ONE = {
-  "TEST SLOT                                                       ",
-  "TEST MANUFACTURER              ",
-  CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE,
-  { 55, 155 },
-  { 65, 165 },
-};
-
-/* Update mock-pkcs11.h URIs when updating this */
-
-static const CK_SLOT_INFO TEST_INFO_TWO = {
-  "TEST SLOT                                                       ",
-  "TEST MANUFACTURER              ",
-  CKF_REMOVABLE_DEVICE,
-  { 55, 155 },
-  { 65, 165 },
-};
-
-CK_RV
-mock_C_GetSlotInfo (CK_SLOT_ID slotID,
-                    CK_SLOT_INFO_PTR pInfo)
-{
-  g_return_val_if_fail (pInfo, CKR_ARGUMENTS_BAD);
-
-  if (slotID == MOCK_SLOT_ONE_ID)
-    {
-      memcpy (pInfo, &TEST_INFO_ONE, sizeof (*pInfo));
-      return CKR_OK;
-    }
-  else if (slotID == MOCK_SLOT_TWO_ID)
-    {
-      memcpy (pInfo, &TEST_INFO_TWO, sizeof (*pInfo));
-      return CKR_OK;
-    }
-  else
-    {
-      g_return_val_if_reached (CKR_SLOT_ID_INVALID);
-    }
-}
-
-/* Update mock-pkcs11.h URIs when updating this */
-
-static const CK_TOKEN_INFO TEST_TOKEN_ONE = {
-  "TEST LABEL                      ",
-  "TEST MANUFACTURER               ",
-  "TEST MODEL      ",
-  "TEST SERIAL     ",
-  CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED,
-  1,
-  2,
-  3,
-  4,
-  5,
-  6,
-  7,
-  8,
-  9,
-  10,
-  { 75, 175 },
-  { 85, 185 },
-  { '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' }
-};
-
-CK_RV
-mock_C_GetTokenInfo (CK_SLOT_ID slotID,
-                     CK_TOKEN_INFO_PTR pInfo)
-{
-  g_return_val_if_fail (pInfo != NULL, CKR_ARGUMENTS_BAD);
-
-  if (slotID == MOCK_SLOT_ONE_ID)
-    {
-      memcpy (pInfo, &TEST_TOKEN_ONE, sizeof (*pInfo));
-      return CKR_OK;
-    }
-  else if (slotID == MOCK_SLOT_TWO_ID)
-    {
-      return CKR_TOKEN_NOT_PRESENT;
-    }
-  else
-    {
-      g_return_val_if_reached (CKR_SLOT_ID_INVALID);
-    }
-}
-
-CK_RV
-mock_fail_C_GetTokenInfo (CK_SLOT_ID slotID,
-                          CK_TOKEN_INFO_PTR pInfo)
-{
-  return CKR_GENERAL_ERROR;
-}
-
-/*
- * TWO mechanisms:
- *  CKM_MOCK_CAPITALIZE
- *  CKM_MOCK_PREFIX
- */
-
-CK_RV
-mock_C_GetMechanismList (CK_SLOT_ID slotID,
-                         CK_MECHANISM_TYPE_PTR pMechanismList,
-                         CK_ULONG_PTR pulCount)
-{
-  g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID);
-  g_return_val_if_fail (pulCount, CKR_ARGUMENTS_BAD);
-
-  /* Application only wants to know the number of slots. */
-  if (pMechanismList == NULL)
-    {
-      *pulCount = 0;
-      return CKR_OK;
-    }
-
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_GetMechanismInfo (CK_SLOT_ID slotID,
-                         CK_MECHANISM_TYPE type,
-                         CK_MECHANISM_INFO_PTR pInfo)
-{
-  g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID);
-  g_return_val_if_fail (pInfo, CKR_ARGUMENTS_BAD);
-
-  g_return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-CK_RV
-mock_specific_args_C_InitToken (CK_SLOT_ID slotID,
-                                CK_UTF8CHAR_PTR pPin,
-                                CK_ULONG ulPinLen,
-                                CK_UTF8CHAR_PTR pLabel)
-{
-  g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID);
-
-  g_return_val_if_fail (pPin, CKR_PIN_INVALID);
-  g_return_val_if_fail (strlen ("TEST PIN") == ulPinLen, CKR_PIN_INVALID);
-  g_return_val_if_fail (strncmp ((gchar*)pPin, "TEST PIN", ulPinLen) == 0, CKR_PIN_INVALID);
-  g_return_val_if_fail (pLabel != NULL, CKR_PIN_INVALID);
-  g_return_val_if_fail (strcmp ((gchar*)pPin, "TEST LABEL") == 0, CKR_PIN_INVALID);
-
-  g_free (the_pin);
-  the_pin = g_strndup ((gchar*)pPin, ulPinLen);
-  n_the_pin = ulPinLen;
-  return CKR_OK;
-}
-
-CK_RV
-mock_unsupported_C_WaitForSlotEvent (CK_FLAGS flags,
-                                     CK_SLOT_ID_PTR pSlot,
-                                     CK_VOID_PTR pReserved)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_C_OpenSession (CK_SLOT_ID slotID,
-                    CK_FLAGS flags,
-                    CK_VOID_PTR pApplication,
-                    CK_NOTIFY Notify,
-                    CK_SESSION_HANDLE_PTR phSession)
-{
-  Session *sess;
-
-  g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID || slotID == MOCK_SLOT_TWO_ID, CKR_SLOT_ID_INVALID);
-  g_return_val_if_fail (phSession != NULL, CKR_ARGUMENTS_BAD);
-  g_return_val_if_fail ((flags & CKF_SERIAL_SESSION) == CKF_SERIAL_SESSION, CKR_SESSION_PARALLEL_NOT_SUPPORTED);
-
-  if (slotID == MOCK_SLOT_TWO_ID)
-    return CKR_TOKEN_NOT_PRESENT;
-
-  sess = g_new0 (Session, 1);
-  sess->handle = ++unique_identifier;
-  sess->info.flags = flags;
-  sess->info.slotID = slotID;
-  sess->info.state = 0;
-  sess->info.ulDeviceError = 1414;
-  sess->objects = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, (GDestroyNotify)g_pkcs11_array_unref);
-  *phSession = sess->handle;
-
-  g_hash_table_replace (the_sessions, GUINT_TO_POINTER (sess->handle), sess);
-  return CKR_OK;
-}
-
-CK_RV
-mock_fail_C_OpenSession (CK_SLOT_ID slotID,
-                         CK_FLAGS flags,
-                         CK_VOID_PTR pApplication,
-                         CK_NOTIFY Notify,
-                         CK_SESSION_HANDLE_PTR phSession)
-{
-  return CKR_GENERAL_ERROR;
-}
-
-CK_RV
-mock_C_CloseSession (CK_SESSION_HANDLE hSession)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  g_hash_table_remove (the_sessions, GUINT_TO_POINTER (hSession));
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_CloseAllSessions (CK_SLOT_ID slotID)
-{
-  g_return_val_if_fail (slotID == MOCK_SLOT_ONE_ID, CKR_SLOT_ID_INVALID);
-
-  g_hash_table_remove_all (the_sessions);
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_GetFunctionStatus (CK_SESSION_HANDLE hSession)
-{
-  return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-CK_RV
-mock_C_CancelFunction (CK_SESSION_HANDLE hSession)
-{
-  return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-CK_RV
-mock_C_GetSessionInfo (CK_SESSION_HANDLE hSession,
-                       CK_SESSION_INFO_PTR pInfo)
-{
-  Session *session;
-
-  g_return_val_if_fail (pInfo != NULL, CKR_ARGUMENTS_BAD);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_assert (session != NULL && "No such session found");
-  if (!session)
-    return CKR_SESSION_HANDLE_INVALID;
-
-  if (logged_in)
-    {
-      if (session->info.flags & CKF_RW_SESSION)
-        session->info.state = CKS_RW_USER_FUNCTIONS;
-      else
-        session->info.state = CKS_RO_USER_FUNCTIONS;
-    }
-  else
-    {
-      if (session->info.flags & CKF_RW_SESSION)
-        session->info.state = CKS_RW_PUBLIC_SESSION;
-      else
-        session->info.state = CKS_RO_PUBLIC_SESSION;
-    }
-
-  memcpy (pInfo, &session->info, sizeof (*pInfo));
-  return CKR_OK;
-}
-
-CK_RV
-mock_fail_C_GetSessionInfo (CK_SESSION_HANDLE hSession,
-                            CK_SESSION_INFO_PTR pInfo)
-{
-  return CKR_GENERAL_ERROR;
-}
-
-CK_RV
-mock_C_InitPIN (CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin,
-                    CK_ULONG ulPinLen)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  g_free (the_pin);
-  the_pin = g_strndup ((gchar*)pPin, ulPinLen);
-  n_the_pin = ulPinLen;
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_SetPIN (CK_SESSION_HANDLE hSession,
-               CK_UTF8CHAR_PTR pOldPin,
-               CK_ULONG ulOldLen,
-               CK_UTF8CHAR_PTR pNewPin,
-               CK_ULONG ulNewLen)
-{
-  Session *session;
-  gchar *old;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  old = g_strndup ((gchar*)pOldPin, ulOldLen);
-  if (!old || !g_str_equal (old, the_pin))
-    return CKR_PIN_INCORRECT;
-
-  g_free (the_pin);
-  the_pin = g_strndup ((gchar*)pNewPin, ulNewLen);
-  n_the_pin = ulNewLen;
-  return CKR_OK;
-}
-
-CK_RV
-mock_unsupported_C_GetOperationState (CK_SESSION_HANDLE hSession,
-                                      CK_BYTE_PTR pOperationState,
-                                      CK_ULONG_PTR pulOperationStateLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_SetOperationState (CK_SESSION_HANDLE hSession,
-                                      CK_BYTE_PTR pOperationState,
-                                      CK_ULONG ulOperationStateLen,
-                                      CK_OBJECT_HANDLE hEncryptionKey,
-                                      CK_OBJECT_HANDLE hAuthenticationKey)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_C_Login (CK_SESSION_HANDLE hSession,
-              CK_USER_TYPE userType,
-              CK_UTF8CHAR_PTR pPin,
-              CK_ULONG pPinLen)
-{
-  Session *session;
-
-  g_return_val_if_fail (userType == CKU_SO ||
-                        userType == CKU_USER ||
-                        userType == CKU_CONTEXT_SPECIFIC,
-                        CKR_USER_TYPE_INVALID);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-  g_return_val_if_fail (logged_in == FALSE, CKR_USER_ALREADY_LOGGED_IN);
-
-  if (!pPin)
-    return CKR_PIN_INCORRECT;
-
-  if (pPinLen != strlen (the_pin))
-    return CKR_PIN_INCORRECT;
-  if (strncmp ((gchar*)pPin, the_pin, pPinLen) != 0)
-    return CKR_PIN_INCORRECT;
-
-  if (userType == CKU_CONTEXT_SPECIFIC)
-    {
-      g_return_val_if_fail (session->want_context_login == TRUE, CKR_OPERATION_NOT_INITIALIZED);
-      session->want_context_login = CK_FALSE;
-    }
-  else
-    {
-      logged_in = TRUE;
-      user_type = userType;
-    }
-
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_Logout (CK_SESSION_HANDLE hSession)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_assert (session != NULL && "No such session found");
-  if (!session)
-    return CKR_SESSION_HANDLE_INVALID;
-
-  g_assert (logged_in && "Not logged in");
-  logged_in = FALSE;
-  user_type = 0;
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_CreateObject (CK_SESSION_HANDLE hSession,
-                     CK_ATTRIBUTE_PTR pTemplate,
-                     CK_ULONG ulCount,
-                     CK_OBJECT_HANDLE_PTR phObject)
-{
-  GPkcs11Array *attrs;
-  Session *session;
-  gboolean token, priv;
-  CK_ULONG i;
-
-  g_return_val_if_fail (phObject, CKR_ARGUMENTS_BAD);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  attrs = g_pkcs11_array_new ();
-  for (i = 0; i < ulCount; ++i)
-    g_pkcs11_array_add_value (attrs, pTemplate[i].type, pTemplate[i].pValue, pTemplate[i].ulValueLen);
-
-  if (g_pkcs11_array_find_boolean (attrs, CKA_PRIVATE, &priv) && priv)
-    {
-      if (!logged_in)
-        {
-          g_pkcs11_array_unref (attrs);
-          return CKR_USER_NOT_LOGGED_IN;
-        }
-    }
-
-  *phObject = ++unique_identifier;
-  if (g_pkcs11_array_find_boolean (attrs, CKA_TOKEN, &token) && token)
-    g_hash_table_insert (the_objects, GUINT_TO_POINTER (*phObject), attrs);
-  else
-    g_hash_table_insert (session->objects, GUINT_TO_POINTER (*phObject), attrs);
-
-  return CKR_OK;
-}
-
-CK_RV
-mock_fail_C_CreateObject (CK_SESSION_HANDLE hSession,
-                          CK_ATTRIBUTE_PTR pTemplate,
-                          CK_ULONG ulCount,
-                          CK_OBJECT_HANDLE_PTR phObject)
-{
-  /* Always fails */
-  return CKR_FUNCTION_FAILED;
-}
-
-CK_RV
-mock_unsupported_C_CopyObject (CK_SESSION_HANDLE hSession,
-                               CK_OBJECT_HANDLE hObject,
-                               CK_ATTRIBUTE_PTR pTemplate,
-                               CK_ULONG ulCount,
-                               CK_OBJECT_HANDLE_PTR phNewObject)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_C_DestroyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
-{
-  GPkcs11Array *attrs;
-  Session *session;
-  gboolean priv;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  attrs = lookup_object (session, hObject);
-  g_return_val_if_fail (attrs, CKR_OBJECT_HANDLE_INVALID);
-
-  if (g_pkcs11_array_find_boolean (attrs, CKA_PRIVATE, &priv) && priv)
-    {
-      if (!logged_in)
-        return CKR_USER_NOT_LOGGED_IN;
-    }
-
-  g_hash_table_remove (the_objects, GUINT_TO_POINTER (hObject));
-  g_hash_table_remove (session->objects, GUINT_TO_POINTER (hObject));
-
-  return CKR_OK;
-}
-
-CK_RV
-mock_unsupported_C_GetObjectSize (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
-                                      CK_ULONG_PTR pulSize)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_C_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
-                              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
-{
-  CK_ATTRIBUTE_PTR result;
-  CK_RV ret = CKR_OK;
-  GPkcs11Array *attrs;
-  const CK_ATTRIBUTE *attr;
-  Session *session;
-  CK_ULONG i;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  attrs = lookup_object (session, hObject);
-  if (!attrs)
-    {
-      g_assert_not_reached (); /* "invalid object handle passed" */
-      return CKR_OBJECT_HANDLE_INVALID;
-    }
-
-  for (i = 0; i < ulCount; ++i)
-    {
-      result = pTemplate + i;
-      attr = g_pkcs11_array_find (attrs, result->type);
-      if (!attr)
-        {
-          result->ulValueLen = (CK_ULONG)-1;
-          ret = CKR_ATTRIBUTE_TYPE_INVALID;
-          continue;
-        }
-
-      if (!result->pValue)
-        {
-          result->ulValueLen = attr->ulValueLen;
-          continue;
-        }
-
-      if (result->ulValueLen >= attr->ulValueLen)
-        {
-          memcpy (result->pValue, attr->pValue, attr->ulValueLen);
-          continue;
-        }
-
-      result->ulValueLen = (CK_ULONG)-1;
-      ret = CKR_BUFFER_TOO_SMALL;
-    }
-
-  return ret;
-}
-
-CK_RV
-mock_fail_C_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
-                                   CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
-{
-  return CKR_FUNCTION_FAILED;
-}
-
-CK_RV
-mock_C_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
-                              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
-{
-  Session *session;
-  GPkcs11Array *attrs;
-  CK_ULONG i;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  attrs = lookup_object (session, hObject);
-  g_return_val_if_fail (attrs, CKR_OBJECT_HANDLE_INVALID);
-
-  for (i = 0; i < ulCount; ++i)
-    g_pkcs11_array_set (attrs, pTemplate + i);
-
-  return CKR_OK;
-}
-
-typedef struct
-{
-  CK_ATTRIBUTE_PTR template;
-  CK_ULONG count;
-  Session *session;
-} FindObjects;
-
-static gboolean
-enumerate_and_find_objects (CK_OBJECT_HANDLE object,
-                            GPkcs11Array *attrs,
-                            gpointer user_data)
-{
-  FindObjects *ctx = user_data;
-  CK_ATTRIBUTE_PTR match;
-  const CK_ATTRIBUTE *attr;
-  CK_ULONG i;
-
-  for (i = 0; i < ctx->count; ++i)
-    {
-      match = ctx->template + i;
-      attr = g_pkcs11_array_find (attrs, match->type);
-      if (!attr)
-        return TRUE; /* Continue */
-
-      if (attr->ulValueLen != match->ulValueLen ||
-          memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0)
-        return TRUE; /* Continue */
-    }
-
-  ctx->session->matches = g_list_prepend (ctx->session->matches, GUINT_TO_POINTER (object));
-  return TRUE; /* Continue */
-}
-
-CK_RV
-mock_C_FindObjectsInit (CK_SESSION_HANDLE hSession,
-                        CK_ATTRIBUTE_PTR pTemplate,
-                        CK_ULONG ulCount)
-{
-  Session *session;
-  FindObjects ctx;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  /* Starting an operation, cancels any previous one */
-  if (session->operation != 0)
-    session->operation = 0;
-
-  session->operation = OP_FIND;
-
-  ctx.template = pTemplate;
-  ctx.count = ulCount;
-  ctx.session = session;
-
-  mock_module_enumerate_objects (hSession, enumerate_and_find_objects, &ctx);
-  return CKR_OK;
-}
-
-CK_RV
-mock_fail_C_FindObjects (CK_SESSION_HANDLE hSession,
-                         CK_OBJECT_HANDLE_PTR phObject,
-                         CK_ULONG ulMaxObjectCount,
-                         CK_ULONG_PTR pulObjectCount)
-{
-  /* Always fails */
-  return CKR_FUNCTION_FAILED;
-}
-
-CK_RV
-mock_C_FindObjects (CK_SESSION_HANDLE hSession,
-                    CK_OBJECT_HANDLE_PTR phObject,
-                    CK_ULONG ulMaxObjectCount,
-                    CK_ULONG_PTR pulObjectCount)
-{
-  Session *session;
-
-  g_return_val_if_fail (phObject, CKR_ARGUMENTS_BAD);
-  g_return_val_if_fail (pulObjectCount, CKR_ARGUMENTS_BAD);
-  g_return_val_if_fail (ulMaxObjectCount != 0, CKR_ARGUMENTS_BAD);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-  g_return_val_if_fail (session->operation == OP_FIND, CKR_OPERATION_NOT_INITIALIZED);
-
-  *pulObjectCount = 0;
-  while (ulMaxObjectCount > 0 && session->matches)
-    {
-      *phObject = GPOINTER_TO_UINT (session->matches->data);
-      ++phObject;
-      --ulMaxObjectCount;
-      ++(*pulObjectCount);
-      session->matches = g_list_remove (session->matches, session->matches->data);
-    }
-
-  return CKR_OK;
-}
-
-CK_RV
-mock_C_FindObjectsFinal (CK_SESSION_HANDLE hSession)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-  g_return_val_if_fail (session->operation == OP_FIND, CKR_OPERATION_NOT_INITIALIZED);
-
-  session->operation = 0;
-  g_list_free (session->matches);
-  session->matches = NULL;
-
-  return CKR_OK;
-}
-
-CK_RV
-mock_no_mechanisms_C_EncryptInit (CK_SESSION_HANDLE hSession,
-                                  CK_MECHANISM_PTR pMechanism,
-                                  CK_OBJECT_HANDLE hKey)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_not_initialized_C_Encrypt (CK_SESSION_HANDLE hSession,
-                                CK_BYTE_PTR pData,
-                                CK_ULONG ulDataLen,
-                                CK_BYTE_PTR pEncryptedData,
-                                CK_ULONG_PTR pulEncryptedDataLen)
-{
-  return CKR_OPERATION_NOT_INITIALIZED;
-}
-
-CK_RV
-mock_unsupported_C_EncryptUpdate (CK_SESSION_HANDLE hSession,
-                                  CK_BYTE_PTR pPart,
-                                  CK_ULONG ulPartLen,
-                                  CK_BYTE_PTR pEncryptedPart,
-                                  CK_ULONG_PTR pulEncryptedPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_EncryptFinal (CK_SESSION_HANDLE hSession,
-                                 CK_BYTE_PTR pLastEncryptedPart,
-                                 CK_ULONG_PTR pulLastEncryptedPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_no_mechanisms_C_DecryptInit (CK_SESSION_HANDLE hSession,
-                                  CK_MECHANISM_PTR pMechanism,
-                                  CK_OBJECT_HANDLE hKey)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_not_initialized_C_Decrypt (CK_SESSION_HANDLE hSession,
-                                CK_BYTE_PTR pEncryptedData,
-                                CK_ULONG ulEncryptedDataLen,
-                                CK_BYTE_PTR pData,
-                                CK_ULONG_PTR pulDataLen)
-{
-  return CKR_OPERATION_NOT_INITIALIZED;
-}
-
-CK_RV
-mock_unsupported_C_DecryptUpdate (CK_SESSION_HANDLE hSession,
-                                  CK_BYTE_PTR pEncryptedPart,
-                                  CK_ULONG ulEncryptedPartLen,
-                                  CK_BYTE_PTR pPart,
-                                  CK_ULONG_PTR pulPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DecryptFinal (CK_SESSION_HANDLE hSession,
-                                 CK_BYTE_PTR pLastPart,
-                                 CK_ULONG_PTR pulLastPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DigestInit (CK_SESSION_HANDLE hSession,
-                               CK_MECHANISM_PTR pMechanism)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_Digest (CK_SESSION_HANDLE hSession,
-                           CK_BYTE_PTR pData,
-                           CK_ULONG ulDataLen,
-                           CK_BYTE_PTR pDigest,
-                           CK_ULONG_PTR pulDigestLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DigestUpdate (CK_SESSION_HANDLE hSession,
-                                 CK_BYTE_PTR pPart,
-                                 CK_ULONG ulPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DigestKey (CK_SESSION_HANDLE hSession,
-                              CK_OBJECT_HANDLE hKey)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DigestFinal (CK_SESSION_HANDLE hSession,
-                                CK_BYTE_PTR pDigest,
-                                CK_ULONG_PTR pulDigestLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_no_mechanisms_C_SignInit (CK_SESSION_HANDLE hSession,
-                               CK_MECHANISM_PTR pMechanism,
-                               CK_OBJECT_HANDLE hKey)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_not_initialized_C_Sign (CK_SESSION_HANDLE hSession,
-                             CK_BYTE_PTR pData,
-                             CK_ULONG ulDataLen,
-                             CK_BYTE_PTR pSignature,
-                             CK_ULONG_PTR pulSignatureLen)
-{
-  return CKR_OPERATION_NOT_INITIALIZED;
-}
-
-CK_RV
-mock_unsupported_C_SignUpdate (CK_SESSION_HANDLE hSession,
-                               CK_BYTE_PTR pPart,
-                               CK_ULONG ulPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_SignFinal (CK_SESSION_HANDLE hSession,
-                              CK_BYTE_PTR pSignature,
-                              CK_ULONG_PTR pulSignatureLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_SignRecoverInit (CK_SESSION_HANDLE hSession,
-                                    CK_MECHANISM_PTR pMechanism,
-                                    CK_OBJECT_HANDLE hKey)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_SignRecover (CK_SESSION_HANDLE hSession,
-                                CK_BYTE_PTR pData,
-                                CK_ULONG ulDataLen,
-                                CK_BYTE_PTR pSignature,
-                                CK_ULONG_PTR pulSignatureLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_no_mechanisms_C_VerifyInit (CK_SESSION_HANDLE hSession,
-                                 CK_MECHANISM_PTR pMechanism,
-                                 CK_OBJECT_HANDLE hKey)
-{
-  Session *session;
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_not_initialized_C_Verify (CK_SESSION_HANDLE hSession,
-                               CK_BYTE_PTR pData,
-                               CK_ULONG ulDataLen,
-                               CK_BYTE_PTR pSignature,
-                               CK_ULONG ulSignatureLen)
-{
-  return CKR_OPERATION_NOT_INITIALIZED;
-}
-
-CK_RV
-mock_unsupported_C_VerifyUpdate (CK_SESSION_HANDLE hSession,
-                                 CK_BYTE_PTR pPart,
-                                 CK_ULONG ulPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_VerifyFinal (CK_SESSION_HANDLE hSession,
-                                CK_BYTE_PTR pSignature,
-                                CK_ULONG pulSignatureLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_VerifyRecoverInit (CK_SESSION_HANDLE hSession,
-                                      CK_MECHANISM_PTR pMechanism,
-                                      CK_OBJECT_HANDLE hKey)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_VerifyRecover (CK_SESSION_HANDLE hSession,
-                                  CK_BYTE_PTR pSignature,
-                                  CK_ULONG pulSignatureLen,
-                                  CK_BYTE_PTR pData,
-                                  CK_ULONG_PTR pulDataLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DigestEncryptUpdate (CK_SESSION_HANDLE hSession,
-                                        CK_BYTE_PTR pPart,
-                                        CK_ULONG ulPartLen,
-                                        CK_BYTE_PTR pEncryptedPart,
-                                        CK_ULONG_PTR ulEncryptedPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DecryptDigestUpdate (CK_SESSION_HANDLE hSession,
-                                        CK_BYTE_PTR pEncryptedPart,
-                                        CK_ULONG ulEncryptedPartLen,
-                                        CK_BYTE_PTR pPart,
-                                        CK_ULONG_PTR pulPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_SignEncryptUpdate (CK_SESSION_HANDLE hSession,
-                                      CK_BYTE_PTR pPart,
-                                      CK_ULONG ulPartLen,
-                                      CK_BYTE_PTR pEncryptedPart,
-                                      CK_ULONG_PTR ulEncryptedPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_DecryptVerifyUpdate (CK_SESSION_HANDLE hSession,
-                                        CK_BYTE_PTR pEncryptedPart,
-                                        CK_ULONG ulEncryptedPartLen,
-                                        CK_BYTE_PTR pPart,
-                                        CK_ULONG_PTR pulPartLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_GenerateKey (CK_SESSION_HANDLE hSession,
-                                CK_MECHANISM_PTR pMechanism,
-                                CK_ATTRIBUTE_PTR pTemplate,
-                                CK_ULONG ulCount,
-                                CK_OBJECT_HANDLE_PTR phKey)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_no_mechanisms_C_GenerateKeyPair (CK_SESSION_HANDLE hSession,
-                                      CK_MECHANISM_PTR pMechanism,
-                                      CK_ATTRIBUTE_PTR pPublicKeyTemplate,
-                                      CK_ULONG ulPublicKeyAttributeCount,
-                                      CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
-                                      CK_ULONG ulPrivateKeyAttributeCount,
-                                      CK_OBJECT_HANDLE_PTR phPublicKey,
-                                      CK_OBJECT_HANDLE_PTR phPrivateKey)
-{
-  Session *session;
-
-  g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID);
-  g_return_val_if_fail (pPublicKeyTemplate, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (ulPublicKeyAttributeCount, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (pPrivateKeyTemplate, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (ulPrivateKeyAttributeCount, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (phPublicKey, CKR_ARGUMENTS_BAD);
-  g_return_val_if_fail (phPrivateKey, CKR_ARGUMENTS_BAD);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_no_mechanisms_C_WrapKey (CK_SESSION_HANDLE hSession,
-                              CK_MECHANISM_PTR pMechanism,
-                              CK_OBJECT_HANDLE hWrappingKey,
-                              CK_OBJECT_HANDLE hKey,
-                              CK_BYTE_PTR pWrappedKey,
-                              CK_ULONG_PTR pulWrappedKeyLen)
-{
-  Session *session;
-
-  g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID);
-  g_return_val_if_fail (hWrappingKey, CKR_OBJECT_HANDLE_INVALID);
-  g_return_val_if_fail (hKey, CKR_OBJECT_HANDLE_INVALID);
-  g_return_val_if_fail (pulWrappedKeyLen, CKR_WRAPPED_KEY_LEN_RANGE);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_no_mechanisms_C_UnwrapKey (CK_SESSION_HANDLE hSession,
-                                CK_MECHANISM_PTR pMechanism,
-                                CK_OBJECT_HANDLE hUnwrappingKey,
-                                CK_BYTE_PTR pWrappedKey,
-                                CK_ULONG ulWrappedKeyLen,
-                                CK_ATTRIBUTE_PTR pTemplate,
-                                CK_ULONG ulCount,
-                                CK_OBJECT_HANDLE_PTR phKey)
-{
-  Session *session;
-
-  g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID);
-  g_return_val_if_fail (hUnwrappingKey, CKR_WRAPPING_KEY_HANDLE_INVALID);
-  g_return_val_if_fail (pWrappedKey, CKR_WRAPPED_KEY_INVALID);
-  g_return_val_if_fail (ulWrappedKeyLen, CKR_WRAPPED_KEY_LEN_RANGE);
-  g_return_val_if_fail (phKey, CKR_ARGUMENTS_BAD);
-  g_return_val_if_fail (pTemplate, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (ulCount, CKR_TEMPLATE_INCONSISTENT);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session != NULL, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_no_mechanisms_C_DeriveKey (CK_SESSION_HANDLE hSession,
-                                CK_MECHANISM_PTR pMechanism,
-                                CK_OBJECT_HANDLE hBaseKey,
-                                CK_ATTRIBUTE_PTR pTemplate,
-                                CK_ULONG ulCount,
-                                CK_OBJECT_HANDLE_PTR phKey)
-{
-  Session *session;
-
-  g_return_val_if_fail (pMechanism, CKR_MECHANISM_INVALID);
-  g_return_val_if_fail (ulCount, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (pTemplate, CKR_TEMPLATE_INCOMPLETE);
-  g_return_val_if_fail (phKey, CKR_ARGUMENTS_BAD);
-
-  session = g_hash_table_lookup (the_sessions, GUINT_TO_POINTER (hSession));
-  g_return_val_if_fail (session, CKR_SESSION_HANDLE_INVALID);
-
-  return CKR_MECHANISM_INVALID;
-}
-
-CK_RV
-mock_unsupported_C_SeedRandom (CK_SESSION_HANDLE hSession,
-                               CK_BYTE_PTR pSeed,
-                               CK_ULONG ulSeedLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_unsupported_C_GenerateRandom (CK_SESSION_HANDLE hSession,
-                                   CK_BYTE_PTR pRandomData,
-                                   CK_ULONG ulRandomLen)
-{
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_FUNCTION_LIST mock_default_functions = {
-  { 2, 11 },   /* version */
-  mock_validate_and_C_Initialize,
-  mock_C_Finalize,
-  mock_C_GetInfo,
-  mock_C_GetFunctionList,
-  mock_C_GetSlotList,
-  mock_C_GetSlotInfo,
-  mock_C_GetTokenInfo,
-  mock_C_GetMechanismList,
-  mock_C_GetMechanismInfo,
-  mock_specific_args_C_InitToken,
-  mock_C_InitPIN,
-  mock_C_SetPIN,
-  mock_C_OpenSession,
-  mock_C_CloseSession,
-  mock_C_CloseAllSessions,
-  mock_C_GetSessionInfo,
-  mock_unsupported_C_GetOperationState,
-  mock_unsupported_C_SetOperationState,
-  mock_C_Login,
-  mock_C_Logout,
-  mock_C_CreateObject,
-  mock_unsupported_C_CopyObject,
-  mock_C_DestroyObject,
-  mock_unsupported_C_GetObjectSize,
-  mock_C_GetAttributeValue,
-  mock_C_SetAttributeValue,
-  mock_C_FindObjectsInit,
-  mock_C_FindObjects,
-  mock_C_FindObjectsFinal,
-  mock_no_mechanisms_C_EncryptInit,
-  mock_not_initialized_C_Encrypt,
-  mock_unsupported_C_EncryptUpdate,
-  mock_unsupported_C_EncryptFinal,
-  mock_no_mechanisms_C_DecryptInit,
-  mock_not_initialized_C_Decrypt,
-  mock_unsupported_C_DecryptUpdate,
-  mock_unsupported_C_DecryptFinal,
-  mock_unsupported_C_DigestInit,
-  mock_unsupported_C_Digest,
-  mock_unsupported_C_DigestUpdate,
-  mock_unsupported_C_DigestKey,
-  mock_unsupported_C_DigestFinal,
-  mock_no_mechanisms_C_SignInit,
-  mock_not_initialized_C_Sign,
-  mock_unsupported_C_SignUpdate,
-  mock_unsupported_C_SignFinal,
-  mock_unsupported_C_SignRecoverInit,
-  mock_unsupported_C_SignRecover,
-  mock_no_mechanisms_C_VerifyInit,
-  mock_not_initialized_C_Verify,
-  mock_unsupported_C_VerifyUpdate,
-  mock_unsupported_C_VerifyFinal,
-  mock_unsupported_C_VerifyRecoverInit,
-  mock_unsupported_C_VerifyRecover,
-  mock_unsupported_C_DigestEncryptUpdate,
-  mock_unsupported_C_DecryptDigestUpdate,
-  mock_unsupported_C_SignEncryptUpdate,
-  mock_unsupported_C_DecryptVerifyUpdate,
-  mock_unsupported_C_GenerateKey,
-  mock_no_mechanisms_C_GenerateKeyPair,
-  mock_no_mechanisms_C_WrapKey,
-  mock_no_mechanisms_C_UnwrapKey,
-  mock_no_mechanisms_C_DeriveKey,
-  mock_unsupported_C_SeedRandom,
-  mock_unsupported_C_GenerateRandom,
-  mock_C_GetFunctionStatus,
-  mock_C_CancelFunction,
-  mock_unsupported_C_WaitForSlotEvent
-};

diff --git a/tls/tests/mock-pkcs11.h b/tls/tests/mock-pkcs11.h
deleted file mode 100644 (file)
index 4417c57..0000000
--- a/tls/tests/mock-pkcs11.h
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- * Copyright (C) 2010 Stefan Walter
- * Copyright (C) 2011 Collabora Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- */
-
-#include <glib.h>
-
-#include <p11-kit/pkcs11.h>
-
-#include "pkcs11/gpkcs11array.h"
-
-#ifndef MOCK_MODULE_H
-#define MOCK_MODULE_H
-
-extern CK_FUNCTION_LIST mock_default_functions;
-
-CK_RV               mock_C_Initialize                          (CK_VOID_PTR pInitArgs);
-
-CK_RV               mock_validate_and_C_Initialize             (CK_VOID_PTR pInitArgs);
-
-CK_RV               mock_C_Finalize                            (CK_VOID_PTR pReserved);
-
-CK_RV               mock_C_GetInfo                             (CK_INFO_PTR pInfo);
-
-CK_RV               mock_C_GetFunctionList                     (CK_FUNCTION_LIST_PTR_PTR list);
-
-CK_RV               mock_C_GetSlotList                         (CK_BBOOL tokenPresent,
-                                                                CK_SLOT_ID_PTR pSlotList,
-                                                                CK_ULONG_PTR pulCount);
-
-CK_RV               mock_C_GetSlotInfo                         (CK_SLOT_ID slotID,
-                                                                CK_SLOT_INFO_PTR pInfo);
-
-CK_RV               mock_C_GetTokenInfo                        (CK_SLOT_ID slotID,
-                                                                CK_TOKEN_INFO_PTR pInfo);
-
-CK_RV               mock_fail_C_GetTokenInfo                   (CK_SLOT_ID slotID,
-                                                                CK_TOKEN_INFO_PTR pInfo);
-
-CK_RV               mock_C_GetMechanismList                    (CK_SLOT_ID slotID,
-                                                                CK_MECHANISM_TYPE_PTR pMechanismList,
-                                                                CK_ULONG_PTR pulCount);
-
-CK_RV               mock_C_GetMechanismInfo                    (CK_SLOT_ID slotID,
-                                                                CK_MECHANISM_TYPE type,
-                                                                CK_MECHANISM_INFO_PTR pInfo);
-
-CK_RV               mock_specific_args_C_InitToken             (CK_SLOT_ID slotID,
-                                                                CK_UTF8CHAR_PTR pPin,
-                                                                CK_ULONG ulPinLen,
-                                                                CK_UTF8CHAR_PTR pLabel);
-
-CK_RV               mock_unsupported_C_WaitForSlotEvent        (CK_FLAGS flags,
-                                                                CK_SLOT_ID_PTR pSlot,
-                                                                CK_VOID_PTR pReserved);
-
-CK_RV               mock_C_OpenSession                         (CK_SLOT_ID slotID,
-                                                                CK_FLAGS flags,
-                                                                CK_VOID_PTR pApplication,
-                                                                CK_NOTIFY Notify,
-                                                                CK_SESSION_HANDLE_PTR phSession);
-
-CK_RV               mock_fail_C_OpenSession                    (CK_SLOT_ID slotID,
-                                                                CK_FLAGS flags,
-                                                                CK_VOID_PTR pApplication,
-                                                                CK_NOTIFY Notify,
-                                                                CK_SESSION_HANDLE_PTR phSession);
-
-CK_RV               mock_C_CloseSession                        (CK_SESSION_HANDLE hSession);
-
-CK_RV               mock_C_CloseAllSessions                    (CK_SLOT_ID slotID);
-
-CK_RV               mock_C_GetFunctionStatus                   (CK_SESSION_HANDLE hSession);
-
-CK_RV               mock_C_CancelFunction                      (CK_SESSION_HANDLE hSession);
-
-CK_RV               mock_C_GetSessionInfo                      (CK_SESSION_HANDLE hSession,
-                                                                CK_SESSION_INFO_PTR pInfo);
-
-CK_RV               mock_fail_C_GetSessionInfo                 (CK_SESSION_HANDLE hSession,
-                                                                CK_SESSION_INFO_PTR pInfo);
-
-CK_RV               mock_C_InitPIN                             (CK_SESSION_HANDLE hSession,
-                                                                CK_UTF8CHAR_PTR pPin,
-                                                                CK_ULONG ulPinLen);
-
-CK_RV               mock_C_SetPIN                              (CK_SESSION_HANDLE hSession,
-                                                                CK_UTF8CHAR_PTR pOldPin,
-                                                                CK_ULONG ulOldLen,
-                                                                CK_UTF8CHAR_PTR pNewPin,
-                                                                CK_ULONG ulNewLen);
-
-CK_RV               mock_unsupported_C_GetOperationState       (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pOperationState,
-                                                                CK_ULONG_PTR pulOperationStateLen);
-
-CK_RV               mock_unsupported_C_SetOperationState       (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pOperationState,
-                                                                CK_ULONG ulOperationStateLen,
-                                                                CK_OBJECT_HANDLE hEncryptionKey,
-                                                                CK_OBJECT_HANDLE hAuthenticationKey);
-
-CK_RV               mock_C_Login                               (CK_SESSION_HANDLE hSession,
-                                                                CK_USER_TYPE userType,
-                                                                CK_UTF8CHAR_PTR pPin,
-                                                                CK_ULONG pPinLen);
-
-CK_RV               mock_C_Logout                              (CK_SESSION_HANDLE hSession);
-
-CK_RV               mock_C_CreateObject                        (CK_SESSION_HANDLE hSession,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount,
-                                                                CK_OBJECT_HANDLE_PTR phObject);
-
-CK_RV               mock_fail_C_CreateObject                   (CK_SESSION_HANDLE hSession,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount,
-                                                                CK_OBJECT_HANDLE_PTR phObject);
-
-CK_RV               mock_unsupported_C_CopyObject              (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hObject,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount,
-                                                                CK_OBJECT_HANDLE_PTR phNewObject);
-
-CK_RV               mock_C_DestroyObject                       (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hObject);
-
-CK_RV               mock_unsupported_C_GetObjectSize           (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hObject,
-                                                                CK_ULONG_PTR pulSize);
-
-CK_RV               mock_C_GetAttributeValue                   (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hObject,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount);
-
-CK_RV               mock_fail_C_GetAttributeValue              (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hObject,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount);
-
-CK_RV               mock_C_SetAttributeValue                   (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hObject,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount);
-
-CK_RV               mock_C_FindObjectsInit                     (CK_SESSION_HANDLE hSession,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount);
-
-CK_RV               mock_C_FindObjects                         (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE_PTR phObject,
-                                                                CK_ULONG ulMaxObjectCount,
-                                                                CK_ULONG_PTR pulObjectCount);
-
-CK_RV               mock_fail_C_FindObjects                    (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE_PTR phObject,
-                                                                CK_ULONG ulMaxObjectCount,
-                                                                CK_ULONG_PTR pulObjectCount);
-
-CK_RV               mock_C_FindObjectsFinal                    (CK_SESSION_HANDLE hSession);
-
-CK_RV               mock_no_mechanisms_C_EncryptInit           (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_not_initialized_C_Encrypt             (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG ulDataLen,
-                                                                CK_BYTE_PTR pEncryptedData,
-                                                                CK_ULONG_PTR pulEncryptedDataLen);
-
-CK_RV               mock_unsupported_C_EncryptUpdate           (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG ulPartLen,
-                                                                CK_BYTE_PTR pEncryptedPart,
-                                                                CK_ULONG_PTR pulEncryptedPartLen);
-
-CK_RV               mock_unsupported_C_EncryptFinal            (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pLastEncryptedPart,
-                                                                CK_ULONG_PTR pulLastEncryptedPartLen);
-
-CK_RV               mock_no_mechanisms_C_DecryptInit           (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_not_initialized_C_Decrypt             (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pEncryptedData,
-                                                                CK_ULONG ulEncryptedDataLen,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG_PTR pulDataLen);
-
-CK_RV               mock_unsupported_C_DecryptUpdate           (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pEncryptedPart,
-                                                                CK_ULONG ulEncryptedPartLen,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG_PTR pulPartLen);
-
-CK_RV               mock_unsupported_C_DecryptFinal            (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pLastPart,
-                                                                CK_ULONG_PTR pulLastPartLen);
-
-CK_RV               mock_unsupported_C_DigestInit              (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism);
-
-CK_RV               mock_unsupported_C_Digest                  (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG ulDataLen,
-                                                                CK_BYTE_PTR pDigest,
-                                                                CK_ULONG_PTR pulDigestLen);
-
-CK_RV               mock_unsupported_C_DigestUpdate            (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG ulPartLen);
-
-CK_RV               mock_unsupported_C_DigestKey               (CK_SESSION_HANDLE hSession,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_unsupported_C_DigestFinal             (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pDigest,
-                                                                CK_ULONG_PTR pulDigestLen);
-
-CK_RV               mock_no_mechanisms_C_SignInit              (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_not_initialized_C_Sign                (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG ulDataLen,
-                                                                CK_BYTE_PTR pSignature,
-                                                                CK_ULONG_PTR pulSignatureLen);
-
-CK_RV               mock_unsupported_C_SignUpdate              (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG ulPartLen);
-
-CK_RV               mock_unsupported_C_SignFinal               (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pSignature,
-                                                                CK_ULONG_PTR pulSignatureLen);
-
-CK_RV               mock_unsupported_C_SignRecoverInit         (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_unsupported_C_SignRecover             (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG ulDataLen,
-                                                                CK_BYTE_PTR pSignature,
-                                                                CK_ULONG_PTR pulSignatureLen);
-
-CK_RV               mock_no_mechanisms_C_VerifyInit            (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_not_initialized_C_Verify              (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG ulDataLen,
-                                                                CK_BYTE_PTR pSignature,
-                                                                CK_ULONG ulSignatureLen);
-
-CK_RV               mock_unsupported_C_VerifyUpdate            (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG ulPartLen);
-
-CK_RV               mock_unsupported_C_VerifyFinal             (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pSignature,
-                                                                CK_ULONG pulSignatureLen);
-
-CK_RV               mock_unsupported_C_VerifyRecoverInit       (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hKey);
-
-CK_RV               mock_unsupported_C_VerifyRecover           (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pSignature,
-                                                                CK_ULONG pulSignatureLen,
-                                                                CK_BYTE_PTR pData,
-                                                                CK_ULONG_PTR pulDataLen);
-
-CK_RV               mock_unsupported_C_DigestEncryptUpdate     (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG ulPartLen,
-                                                                CK_BYTE_PTR pEncryptedPart,
-                                                                CK_ULONG_PTR ulEncryptedPartLen);
-
-CK_RV               mock_unsupported_C_DecryptDigestUpdate     (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pEncryptedPart,
-                                                                CK_ULONG ulEncryptedPartLen,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG_PTR pulPartLen);
-
-CK_RV               mock_unsupported_C_SignEncryptUpdate       (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG ulPartLen,
-                                                                CK_BYTE_PTR pEncryptedPart,
-                                                                CK_ULONG_PTR ulEncryptedPartLen);
-
-CK_RV               mock_unsupported_C_DecryptVerifyUpdate     (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pEncryptedPart,
-                                                                CK_ULONG ulEncryptedPartLen,
-                                                                CK_BYTE_PTR pPart,
-                                                                CK_ULONG_PTR pulPartLen);
-
-CK_RV               mock_unsupported_C_GenerateKey             (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount,
-                                                                CK_OBJECT_HANDLE_PTR phKey);
-
-CK_RV               mock_no_mechanisms_C_GenerateKeyPair         (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_ATTRIBUTE_PTR pPublicKeyTemplate,
-                                                                CK_ULONG ulPublicKeyAttributeCount,
-                                                                CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
-                                                                CK_ULONG ulPrivateKeyAttributeCount,
-                                                                CK_OBJECT_HANDLE_PTR phPublicKey,
-                                                                CK_OBJECT_HANDLE_PTR phPrivateKey);
-
-CK_RV               mock_no_mechanisms_C_WrapKey                 (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hWrappingKey,
-                                                                CK_OBJECT_HANDLE hKey,
-                                                                CK_BYTE_PTR pWrappedKey,
-                                                                CK_ULONG_PTR pulWrappedKeyLen);
-
-CK_RV               mock_no_mechanisms_C_UnwrapKey               (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE pUnwrappingKey,
-                                                                CK_BYTE_PTR pWrappedKey,
-                                                                CK_ULONG pulWrappedKeyLen,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount,
-                                                                CK_OBJECT_HANDLE_PTR phKey);
-
-CK_RV               mock_no_mechanisms_C_DeriveKey               (CK_SESSION_HANDLE hSession,
-                                                                CK_MECHANISM_PTR pMechanism,
-                                                                CK_OBJECT_HANDLE hBaseKey,
-                                                                CK_ATTRIBUTE_PTR pTemplate,
-                                                                CK_ULONG ulCount,
-                                                                CK_OBJECT_HANDLE_PTR phKey);
-
-CK_RV               mock_unsupported_C_SeedRandom              (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pSeed,
-                                                                CK_ULONG ulSeedLen);
-
-CK_RV               mock_unsupported_C_GenerateRandom          (CK_SESSION_HANDLE hSession,
-                                                                CK_BYTE_PTR pRandomData,
-                                                                CK_ULONG ulRandomLen);
-
-CK_OBJECT_HANDLE    mock_module_find_object                    (CK_SESSION_HANDLE session,
-                                                                CK_ATTRIBUTE_PTR attrs,
-                                                                CK_ULONG n_attrs);
-
-guint               mock_module_count_objects                  (CK_SESSION_HANDLE session);
-
-typedef gboolean    (*MockEnumerator)                          (CK_OBJECT_HANDLE handle,
-                                                                GPkcs11Array *attrs,
-                                                                gpointer user_data);
-
-void                mock_module_enumerate_objects              (CK_SESSION_HANDLE session,
-                                                                MockEnumerator func,
-                                                                gpointer user_data);
-
-CK_OBJECT_HANDLE    mock_module_take_object                    (GPkcs11Array *attrs);
-
-void                mock_module_set_object                     (CK_OBJECT_HANDLE object,
-                                                                CK_ATTRIBUTE_PTR attrs,
-                                                                CK_ULONG n_attrs);
-
-void                mock_module_set_pin                        (const gchar *password);
-
-#define MOCK_SLOT_ONE_ID  52
-#define MOCK_SLOT_TWO_ID  134
-
-#define MOCK_SLOT_ONE_PIN "booo"
-#define MOCK_SLOT_ONE_URI "pkcs11:manufacturer=TEST%20MANUFACTURER;serial=TEST%20SERIAL"
-
-#endif /* MOCK_MODULE_H */

diff --git a/tls/tests/pkcs11-array.c b/tls/tests/pkcs11-array.c
deleted file mode 100644 (file)
index a2f6372..0000000
--- a/tls/tests/pkcs11-array.c
+++ /dev/null
@@ -1,287 +0,0 @@
-/* GIO TLS tests
- *
- * Copyright (C) 2011 Collabora, Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include <gio/gio.h>
-
-#include <sys/types.h>
-#include <string.h>
-
-#include "pkcs11/gpkcs11array.h"
-
-typedef struct {
-  GPkcs11Array *array;
-} TestArray;
-
-static void
-setup_array (TestArray          *test,
-             gconstpointer       unused)
-{
-  test->array = g_pkcs11_array_new ();
-  g_assert (test->array);
-}
-
-static void
-teardown_array (TestArray       *test,
-                gconstpointer    unused)
-{
-  g_pkcs11_array_unref (test->array);
-}
-
-static void
-test_add_find (TestArray      *test,
-               gconstpointer   data)
-{
-  CK_ATTRIBUTE attr;
-  const CK_ATTRIBUTE *check;
-  const gchar *value = "test";
-
-  attr.type = CKA_LABEL;
-  attr.ulValueLen = strlen (value) + 1;
-  attr.pValue = (gpointer)value;
-  g_pkcs11_array_add (test->array, &attr);
-  memset (&attr, 0, sizeof (attr));
-
-  check = g_pkcs11_array_find (test->array, CKA_LABEL);
-  g_assert (check != NULL);
-  g_assert_cmpuint ((guint)check->ulValueLen, ==, strlen (value) + 1);
-  g_assert_cmpstr (check->pValue, ==, value);
-  g_assert (check->pValue != value);
-
-  /* Should be copied properly, and be independent from stack value */
-  g_assert (check != &attr);
-
-  check = g_pkcs11_array_find (test->array, CKA_ID);
-  g_assert (check == NULL);
-  g_assert_cmpuint (test->array->count, ==, 1);
-
-  /* Adding a second value of same type, should add a duplicate */
-  attr.type = CKA_LABEL;
-  attr.ulValueLen = 3;
-  attr.pValue = "bye";
-  g_pkcs11_array_add (test->array, &attr);
-  g_assert_cmpuint (test->array->count, ==, 2);
-}
-
-static void
-test_set_find (TestArray      *test,
-               gconstpointer   data)
-{
-  CK_ATTRIBUTE attr;
-  const CK_ATTRIBUTE *check;
-  const gchar *value = "test";
-
-  attr.type = CKA_LABEL;
-  attr.ulValueLen = strlen (value) + 1;
-  attr.pValue = (gpointer)value;
-  g_pkcs11_array_set (test->array, &attr);
-  memset (&attr, 0, sizeof (attr));
-
-  check = g_pkcs11_array_find (test->array, CKA_LABEL);
-  g_assert (check != NULL);
-  g_assert_cmpuint ((guint)check->ulValueLen, ==, strlen (value) + 1);
-  g_assert_cmpstr (check->pValue, ==, value);
-  g_assert (check->pValue != value);
-
-  /* Should be copied properly, and be independent from stack value */
-  g_assert (check != &attr);
-
-  /* Adding a second value of same type should override */
-  attr.type = CKA_LABEL;
-  attr.ulValueLen = 3;
-  attr.pValue = "bye";
-  g_pkcs11_array_set (test->array, &attr);
-  g_assert_cmpuint (test->array->count, ==, 1);
-}
-
-static void
-test_value (TestArray      *test,
-            gconstpointer   data)
-{
-  const CK_ATTRIBUTE *check;
-  const gchar *value = "test";
-
-  /* Add with null termiator */
-  g_pkcs11_array_add_value (test->array, CKA_LABEL, value, -1);
-  check = g_pkcs11_array_find (test->array, CKA_LABEL);
-  g_assert (check != NULL);
-  g_assert_cmpuint ((guint)check->ulValueLen, ==, strlen (value));
-  g_assert (memcmp (check->pValue, value, check->ulValueLen) == 0);
-  g_assert (check->pValue != value);
-
-  /* Add with value length */
-  g_pkcs11_array_add_value (test->array, CKA_ID, value, 3);
-  check = g_pkcs11_array_find (test->array, CKA_ID);
-  g_assert (check != NULL);
-  g_assert_cmpuint ((guint)check->ulValueLen, ==, 3);
-  g_assert (memcmp (check->pValue, value, check->ulValueLen) == 0);
-  g_assert (check->pValue != value);
-  g_assert_cmpuint (test->array->count, ==, 2);
-
-  /* Set should override */
-  g_pkcs11_array_set_value (test->array, CKA_LABEL, "boring", 6);
-  check = g_pkcs11_array_find (test->array, CKA_LABEL);
-  g_assert (check != NULL);
-  g_assert_cmpuint ((guint)check->ulValueLen, ==, 6);
-  g_assert (memcmp (check->pValue, "boring", check->ulValueLen) == 0);
-  g_assert_cmpuint (test->array->count, ==, 2);
-
-  /* Override with calculated length */
-  g_pkcs11_array_set_value (test->array, CKA_LABEL, "boring", -1);
-  check = g_pkcs11_array_find (test->array, CKA_LABEL);
-  g_assert (check != NULL);
-  g_assert_cmpuint ((guint)check->ulValueLen, ==, 6);
-  g_assert (memcmp (check->pValue, "boring", check->ulValueLen) == 0);
-  g_assert_cmpuint (test->array->count, ==, 2);
-
-}
-
-static void
-test_boolean (TestArray      *test,
-              gconstpointer   data)
-{
-  const CK_ATTRIBUTE *check;
-  gboolean bval = FALSE;
-
-  g_pkcs11_array_add_boolean (test->array, CKA_TOKEN, TRUE);
-  if (!g_pkcs11_array_find_boolean (test->array, CKA_TOKEN, &bval))
-    g_assert_not_reached ();
-  g_assert (bval == TRUE);
-
-  /* Check that it's actually formatted right */
-  check = g_pkcs11_array_find (test->array, CKA_TOKEN);
-  g_assert (check != NULL);
-  g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_BBOOL));
-  g_assert (check->pValue != NULL);
-  g_assert (*((CK_BBOOL*)check->pValue) == CK_TRUE);
-
-  /* Check FALSE */
-  g_pkcs11_array_add_boolean (test->array, CKA_ENCRYPT, FALSE);
-
-  /* Check that it's actually formatted right */
-  check = g_pkcs11_array_find (test->array, CKA_ENCRYPT);
-  g_assert (check != NULL);
-  g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_BBOOL));
-  g_assert (check->pValue != NULL);
-  g_assert (*((CK_BBOOL*)check->pValue) == CK_FALSE);
-  g_assert_cmpuint (test->array->count, ==, 2);
-
-  /* Add a non boolean value */
-  g_pkcs11_array_add_value (test->array, CKA_LABEL, "label", -1);
-
-  /* Shouldn't work to find boolean on that */
-  if (g_pkcs11_array_find_boolean (test->array, CKA_LABEL, &bval))
-    g_assert_not_reached ();
-  g_assert_cmpuint (test->array->count, ==, 3);
-
-  /* Set should override */
-  g_pkcs11_array_set_boolean (test->array, CKA_TOKEN, FALSE);
-  if (!g_pkcs11_array_find_boolean (test->array, CKA_TOKEN, &bval))
-    g_assert_not_reached ();
-  g_assert (bval == FALSE);
-  g_assert_cmpuint (test->array->count, ==, 3);
-}
-
-static void
-test_ulong (TestArray      *test,
-            gconstpointer   data)
-{
-  const CK_ATTRIBUTE *check;
-  gulong uval = FALSE;
-
-  g_pkcs11_array_add_ulong (test->array, CKA_PIXEL_X, 38938);
-  if (!g_pkcs11_array_find_ulong (test->array, CKA_PIXEL_X, &uval))
-    g_assert_not_reached ();
-  g_assert (uval == 38938UL);
-  g_assert_cmpuint (test->array->count, ==, 1);
-
-  /* Check that it's actually formatted right */
-  check = g_pkcs11_array_find (test->array, CKA_PIXEL_X);
-  g_assert (check != NULL);
-  g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_ULONG));
-  g_assert (check->pValue != NULL);
-  g_assert (*((CK_ULONG*)check->pValue) == 38938UL);
-
-  /* Check -1, since this is used regularly */
-  g_pkcs11_array_add_ulong (test->array, CKA_MODULUS_BITS, (gulong)-1);
-
-  /* Check that it's actually formatted right */
-  check = g_pkcs11_array_find (test->array, CKA_MODULUS_BITS);
-  g_assert (check != NULL);
-  g_assert_cmpuint (check->ulValueLen, ==, sizeof (CK_ULONG));
-  g_assert (check->pValue != NULL);
-  g_assert (*((CK_ULONG*)check->pValue) == (CK_ULONG)-1);
-  g_assert_cmpuint (test->array->count, ==, 2);
-
-  /* Add a non ulong length value */
-  g_pkcs11_array_add_value (test->array, CKA_LABEL, "label", -1);
-  g_assert_cmpuint (test->array->count, ==, 3);
-
-  /* Shouldn't work to find ulong on that */
-  if (g_pkcs11_array_find_ulong (test->array, CKA_LABEL, &uval))
-    g_assert_not_reached ();
-
-  /* Set should override */
-  g_pkcs11_array_set_ulong (test->array, CKA_PIXEL_X, 48);
-  if (!g_pkcs11_array_find_ulong (test->array, CKA_PIXEL_X, &uval))
-    g_assert_not_reached ();
-  g_assert (uval == 48UL);
-  g_assert_cmpuint (test->array->count, ==, 3);
-}
-
-static void
-test_boxed (TestArray      *test,
-            gconstpointer   data)
-{
-  GPkcs11Array *array;
-
-  /* Should reference */
-  array = g_boxed_copy (G_TYPE_PKCS11_ARRAY, test->array);
-  g_assert (array == test->array);
-
-  /* Should unreference */
-  g_boxed_free (G_TYPE_PKCS11_ARRAY, array);
-}
-
-int
-main (int   argc,
-      char *argv[])
-{
-  g_test_init (&argc, &argv, NULL);
-
-  g_test_add ("/pkcs11/array/add-find", TestArray, NULL,
-              setup_array, test_add_find, teardown_array);
-  g_test_add ("/pkcs11/array/set-find", TestArray, NULL,
-              setup_array, test_set_find, teardown_array);
-  g_test_add ("/pkcs11/array/value", TestArray, NULL,
-              setup_array, test_value, teardown_array);
-  g_test_add ("/pkcs11/array/boolean", TestArray, NULL,
-              setup_array, test_boolean, teardown_array);
-  g_test_add ("/pkcs11/array/ulong", TestArray, NULL,
-              setup_array, test_ulong, teardown_array);
-  g_test_add ("/pkcs11/array/boxed", TestArray, NULL,
-              setup_array, test_boxed, teardown_array);
-
-  return g_test_run();
-}

diff --git a/tls/tests/pkcs11-pin.c b/tls/tests/pkcs11-pin.c
deleted file mode 100644 (file)
index 76e894f..0000000
--- a/tls/tests/pkcs11-pin.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* GIO TLS tests
- *
- * Copyright (C) 2011 Collabora, Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include <gio/gio.h>
-
-#include <sys/types.h>
-#include <string.h>
-
-#include "pkcs11/gpkcs11pin.h"
-
-typedef struct {
-  GTlsPassword *pin;
-} TestPin;
-
-static void
-setup_pin (TestPin          *test,
-           gconstpointer     unused)
-{
-  test->pin = g_pkcs11_pin_new (G_TLS_PASSWORD_RETRY, "Test description");
-  g_assert (G_IS_PKCS11_PIN (test->pin));
-  g_assert (G_IS_TLS_PASSWORD (test->pin));
-}
-
-static void
-teardown_pin (TestPin       *test,
-              gconstpointer  unused)
-{
-  g_assert_cmpint (G_OBJECT (test->pin)->ref_count, ==, 1);
-  g_object_unref (test->pin);
-}
-
-static void
-test_attributes (TestPin        *test,
-                 gconstpointer   data)
-{
-  GTlsPasswordFlags flags;
-  const gchar *description;
-
-  flags = g_tls_password_get_flags (test->pin);
-  g_assert_cmpuint (flags, ==, G_TLS_PASSWORD_RETRY);
-
-  description = g_tls_password_get_description (test->pin);
-  g_assert_cmpstr (description, ==, "Test description");
-}
-
-static void
-test_warnings (TestPin        *test,
-               gconstpointer   data)
-{
-  const gchar *warning;
-
-  g_tls_password_set_flags (test->pin, G_TLS_PASSWORD_RETRY);
-  warning = g_tls_password_get_warning (test->pin);
-  g_assert (warning != NULL);
-
-  g_tls_password_set_flags (test->pin, G_TLS_PASSWORD_FINAL_TRY);
-  warning = g_tls_password_get_warning (test->pin);
-  g_assert (warning != NULL);
-
-  g_tls_password_set_flags (test->pin, G_TLS_PASSWORD_MANY_TRIES);
-  warning = g_tls_password_get_warning (test->pin);
-  g_assert (warning != NULL);
-
-  g_tls_password_set_flags (test->pin, (GTlsPasswordFlags)0x10000000);
-  warning = g_tls_password_get_warning (test->pin);
-  g_assert (warning == NULL);
-
-}
-
-static void
-test_set_get_value (TestPin        *test,
-                    gconstpointer   data)
-{
-  const guchar *value;
-  gsize n_value = G_MAXSIZE;
-
-  value = g_tls_password_get_value (test->pin, &n_value);
-  g_assert_cmpuint (n_value, ==, 0);
-  g_assert (value == NULL);
-
-  g_tls_password_set_value (test->pin, (const guchar *)"secret", -1);
-
-  value = g_tls_password_get_value (test->pin, &n_value);
-  g_assert_cmpuint (n_value, ==, 6);
-  g_assert (!strncmp ((const gchar *)value, "secret", n_value));
-
-  g_tls_password_set_value (test->pin, (const guchar *)"other", 5);
-
-  value = g_tls_password_get_value (test->pin, &n_value);
-  g_assert_cmpuint (n_value, ==, 5);
-  g_assert (!strncmp ((const gchar *)value, "other", n_value));
-}
-
-static void
-test_internal_pin (TestPin        *test,
-                   gconstpointer   data)
-{
-  P11KitPin *pin;
-  const unsigned char *value;
-  size_t n_value;
-
-  g_tls_password_set_value (test->pin, (const guchar *)"secret", -1);
-
-  pin = g_pkcs11_pin_steal_internal (G_PKCS11_PIN (test->pin));
-
-  value = p11_kit_pin_get_value (pin, &n_value);
-  g_assert_cmpuint (n_value, ==, 6);
-  g_assert (!strncmp ((const gchar *)value, "secret", n_value));
-
-  p11_kit_pin_unref (pin);
-}
-
-int
-main (int   argc,
-      char *argv[])
-{
-  g_test_init (&argc, &argv, NULL);
-
-  g_test_add ("/pkcs11/pin/attributes", TestPin, NULL,
-              setup_pin, test_attributes, teardown_pin);
-  g_test_add ("/pkcs11/pin/warnings", TestPin, NULL,
-              setup_pin, test_warnings, teardown_pin);
-  g_test_add ("/pkcs11/pin/set-get-value", TestPin, NULL,
-              setup_pin, test_set_get_value, teardown_pin);
-  g_test_add ("/pkcs11/pin/internal-pin", TestPin, NULL,
-              setup_pin, test_internal_pin, teardown_pin);
-
-  return g_test_run();
-}

diff --git a/tls/tests/pkcs11-slot.c b/tls/tests/pkcs11-slot.c
deleted file mode 100644 (file)
index 1a5785a..0000000
--- a/tls/tests/pkcs11-slot.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/* GIO TLS tests
- *
- * Copyright (C) 2011 Collabora, Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include <gio/gio.h>
-
-#include <sys/types.h>
-#include <string.h>
-
-#include "pkcs11/gpkcs11slot.h"
-#include "pkcs11/gpkcs11util.h"
-
-#include "mock-pkcs11.h"
-#include "mock-interaction.h"
-
-#include <p11-kit/p11-kit.h>
-
-#include <stdlib.h>
-
-typedef struct {
-  CK_FUNCTION_LIST funcs;
-  GPkcs11Slot *slot;
-  GPkcs11Slot *not_present;
-} TestSlot;
-
-static void
-setup_slot (TestSlot        *test,
-            gconstpointer    unused)
-{
-  CK_RV rv;
-
-  /* Copy this so we can replace certain functions in our tests */
-  memcpy (&test->funcs, &mock_default_functions, sizeof (test->funcs));
-
-  rv = p11_kit_initialize_module (&test->funcs);
-  g_assert (rv == CKR_OK);
-
-  test->slot = g_object_new (G_TYPE_PKCS11_SLOT,
-                             "slot-id", MOCK_SLOT_ONE_ID,
-                             "module", &test->funcs,
-                             NULL);
-  g_assert (G_IS_PKCS11_SLOT (test->slot));
-
-  test->not_present = g_object_new (G_TYPE_PKCS11_SLOT,
-                                    "slot-id", MOCK_SLOT_TWO_ID,
-                                    "module", &test->funcs,
-                                    NULL);
-  g_assert (G_IS_PKCS11_SLOT (test->not_present));
-}
-
-static void
-teardown_slot (TestSlot     *test,
-               gconstpointer unused)
-{
-  CK_RV rv;
-
-  g_assert_cmpint (G_OBJECT (test->slot)->ref_count, ==, 1);
-  g_object_unref (test->slot);
-
-  g_assert_cmpint (G_OBJECT (test->not_present)->ref_count, ==, 1);
-  g_object_unref (test->not_present);
-
-  rv = p11_kit_finalize_module (&test->funcs);
-  g_assert (rv == CKR_OK);
-}
-
-static void
-test_properties (TestSlot       *test,
-                 gconstpointer   unused)
-{
-  CK_SLOT_ID id;
-  CK_FUNCTION_LIST_PTR module;
-
-  g_object_get (test->slot, "slot-id", &id, "module", &module, NULL);
-  g_assert_cmpuint (id, ==, MOCK_SLOT_ONE_ID);
-  g_assert (module == &test->funcs);
-}
-
-static void
-test_token_info (TestSlot       *test,
-                 gconstpointer   unused)
-{
-  CK_TOKEN_INFO token_info;
-  char *label;
-
-  if (!g_pkcs11_slot_get_token_info (test->slot, &token_info))
-    g_assert_not_reached ();
-
-  label = p11_kit_space_strdup (token_info.label, sizeof (token_info.label));
-  g_assert_cmpstr (label, ==, "TEST LABEL");
-  free (label);
-}
-
-static void
-test_token_info_not_present (TestSlot       *test,
-                             gconstpointer   unused)
-{
-  CK_TOKEN_INFO token_info;
-  char *label;
-
-  if (!g_pkcs11_slot_get_token_info (test->slot, &token_info))
-    g_assert_not_reached ();
-
-  label = p11_kit_space_strdup (token_info.label, sizeof (token_info.label));
-  g_assert_cmpstr (label, ==, "TEST LABEL");
-  free (label);
-}
-
-static void
-test_matches_uri (TestSlot       *test,
-                  gconstpointer   unused)
-{
-  P11KitUri *uri;
-
-  uri = p11_kit_uri_new ();
-  if (p11_kit_uri_parse (MOCK_SLOT_ONE_URI, P11_KIT_URI_FOR_TOKEN, uri) != 0)
-    g_assert_not_reached ();
-  g_assert (!p11_kit_uri_any_unrecognized (uri));
-
-  if (!g_pkcs11_slot_matches_uri (test->slot, uri))
-    g_assert_not_reached();
-
-  if (g_pkcs11_slot_matches_uri (test->not_present, uri))
-    g_assert_not_reached ();
-
-  p11_kit_uri_free (uri);
-}
-
-
-static gboolean
-accumulate_check_not_called (gpointer result,
-                             gpointer user_data)
-{
-  g_assert_not_reached ();
-  return FALSE;
-}
-
-static void
-test_enumerate_no_match (TestSlot     *test,
-                         gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID };
-  GError *error = NULL;
-  GPkcs11Array *match;
-
-  match = g_pkcs11_array_new ();
-  g_pkcs11_array_add_value (match, CKA_LABEL, "Non existant", -1);
-  g_pkcs11_array_add_value (match, CKA_ID, "Bad ID", -1);
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_check_not_called, NULL,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-
-  g_pkcs11_array_unref (match);
-}
-
-static void
-test_enumerate_not_present (TestSlot      *test,
-                            gconstpointer  unused)
-{
-  GPkcs11EnumerateState state;
-  CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID };
-  GError *error = NULL;
-  GPkcs11Array *match;
-
-  /* Empty match should match anything ... */
-  match = g_pkcs11_array_new ();
-
-  /* ... but token is not present, so nothing */
-  state = g_pkcs11_slot_enumerate (test->not_present, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_check_not_called, NULL,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-
-  g_pkcs11_array_unref (match);
-}
-
-static gboolean
-accumulate_results (gpointer result,
-                    gpointer user_data)
-{
-  GPtrArray *results = user_data;
-  GPkcs11Array *attrs = result;
-
-  g_assert (results);
-  g_assert (attrs);
-
-  g_ptr_array_add (results, g_pkcs11_array_ref (attrs));
-  return TRUE;
-}
-
-static void
-test_enumerate_all (TestSlot     *test,
-                    gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID };
-  GError *error = NULL;
-  GPkcs11Array *match;
-  GPkcs11Array *attrs;
-  GPtrArray *results;
-  const CK_ATTRIBUTE *attr;
-  guint i;
-
-  /* Match anything */
-  match = g_pkcs11_array_new ();
-
-  results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref);
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_results, results,
-                                   NULL, &error);
-
-  g_pkcs11_array_unref (match);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-
-  g_assert_cmpuint (results->len, >, 1);
-
-  for (i = 0; i < results->len; i++)
-    {
-      attrs = results->pdata[i];
-      attr = g_pkcs11_array_find (attrs, CKA_LABEL);
-      g_assert (attr != NULL);
-      g_assert (g_utf8_validate (attr->pValue, attr->ulValueLen, NULL));
-    }
-
-  g_ptr_array_free (results, TRUE);
-}
-
-static gboolean
-accumulate_first (gpointer result,
-                  gpointer user_data)
-{
-  GPtrArray *results = user_data;
-  GPkcs11Array *attrs = result;
-
-  g_assert (results);
-  g_assert (attrs);
-  g_assert_cmpuint (results->len, ==, 0);
-
-  g_ptr_array_add (results, g_pkcs11_array_ref (attrs));
-  return FALSE; /* Don't call again */
-}
-
-static void
-test_enumerate_first (TestSlot     *test,
-                      gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID };
-  GError *error = NULL;
-  GPkcs11Array *match;
-  GPkcs11Array *attrs;
-  GPtrArray *results;
-  const CK_ATTRIBUTE *attr;
-
-  /* Match anything */
-  match = g_pkcs11_array_new ();
-
-  results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref);
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_first, results,
-                                   NULL, &error);
-
-  g_pkcs11_array_unref (match);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_STOP);
-  g_assert_no_error (error);
-
-  g_assert_cmpuint (results->len, ==, 1);
-  attrs = results->pdata[0];
-  attr = g_pkcs11_array_find (attrs, CKA_LABEL);
-  g_assert (attr != NULL);
-  g_assert (g_utf8_validate (attr->pValue, attr->ulValueLen, NULL));
-
-  g_ptr_array_free (results, TRUE);
-}
-
-static gboolean
-accumulate_check_null_result (gpointer result,
-                              gpointer user_data)
-{
-  GPkcs11Array *attrs = result;
-  g_assert (attrs == NULL);
-  return TRUE; /* call again */
-}
-
-static void
-test_enumerate_no_attrs (TestSlot     *test,
-                         gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  GError *error = NULL;
-  GPkcs11Array *match;
-
-  /* Match anything */
-  match = g_pkcs11_array_new ();
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   NULL, 0,
-                                   accumulate_check_null_result, NULL,
-                                   NULL, &error);
-
-  g_pkcs11_array_unref (match);
-
-  /* Didn't find anything, so continue */
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-}
-
-static void
-test_enumerate_fail_session (TestSlot     *test,
-                             gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  GError *error = NULL;
-
-  /* Make opening a session fail */
-  test->funcs.C_OpenSession = mock_fail_C_OpenSession;
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   NULL, 0, FALSE,
-                                   NULL, 0,
-                                   accumulate_check_not_called, NULL,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_FAILED);
-  g_assert_error (error, G_PKCS11_ERROR, CKR_GENERAL_ERROR);
-  g_error_free (error);
-}
-
-static void
-test_enumerate_fail_attributes (TestSlot     *test,
-                                gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  GError *error = NULL;
-  CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID };
-
-  /* Make retrieving object attrs fail */
-  test->funcs.C_GetAttributeValue = mock_fail_C_GetAttributeValue;
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   NULL, 0, FALSE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_check_not_called, NULL,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_FAILED);
-  g_assert_error (error, G_PKCS11_ERROR, CKR_FUNCTION_FAILED);
-  g_error_free (error);
-}
-
-static gboolean
-accumulate_cancel_on_first (gpointer result,
-                            gpointer user_data)
-{
-  GCancellable *cancellable = G_CANCELLABLE (user_data);
-  g_assert (!g_cancellable_is_cancelled (cancellable));
-  g_cancellable_cancel (cancellable);
-  return TRUE; /* call again, except that above cancellation should stop */
-}
-
-static void
-test_enumerate_cancel (TestSlot     *test,
-                       gconstpointer unused)
-{
-  GPkcs11EnumerateState state;
-  GError *error = NULL;
-  GPkcs11Array *match;
-  GCancellable *cancellable;
-
-  cancellable = g_cancellable_new ();
-
-  /* Match anything */
-  match = g_pkcs11_array_new ();
-
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   NULL, 0,
-                                   accumulate_cancel_on_first, cancellable,
-                                   cancellable, &error);
-
-  g_pkcs11_array_unref (match);
-  g_object_unref (cancellable);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_FAILED);
-  g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED);
-  g_error_free (error);
-}
-
-static void
-test_enumerate_private (TestSlot     *test,
-                        gconstpointer unused)
-{
-  CK_ATTRIBUTE_TYPE types[] = { CKA_LABEL, CKA_ID, CKA_PRIVATE };
-  GPkcs11EnumerateState state;
-  GError *error = NULL;
-  GPkcs11Array *match;
-  GPtrArray *results;
-  gboolean bval;
-  GTlsInteraction *interaction;
-
-  /* Match label of private object, see mock*/
-  match = g_pkcs11_array_new ();
-  g_pkcs11_array_add_value (match, CKA_LABEL, "PRIVATE", -1);
-
-  /* Shouldn't match anything, since not logged in */
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, FALSE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_check_not_called, NULL,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-
-  /* This time we try to log in but no interaction is set */
-  state = g_pkcs11_slot_enumerate (test->slot, NULL,
-                                   match->attrs, match->count, TRUE, /* match privates */
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_check_not_called, NULL,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-
-  /* This time we log in, and should have a match */
-  results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref);
-  interaction = mock_interaction_new_static_password (MOCK_SLOT_ONE_PIN);
-
-  state = g_pkcs11_slot_enumerate (test->slot, interaction,
-                                   match->attrs, match->count, TRUE,
-                                   types, G_N_ELEMENTS (types),
-                                   accumulate_results, results,
-                                   NULL, &error);
-
-  g_assert_cmpuint (state, ==, G_PKCS11_ENUMERATE_CONTINUE);
-  g_assert_no_error (error);
-
-  /* One private object, with following info */
-  g_assert_cmpuint (results->len, ==, 1);
-  if (!g_pkcs11_array_find_boolean (results->pdata[0], CKA_PRIVATE, &bval))
-    g_assert_not_reached ();
-  g_assert (bval == TRUE);
-
-  g_object_unref (interaction);
-  g_pkcs11_array_unref (match);
-  g_ptr_array_free (results, TRUE);
-}
-
-int
-main (int   argc,
-      char *argv[])
-{
-  g_test_init (&argc, &argv, NULL);
-
-  g_test_add ("/pkcs11/slot/properties", TestSlot, NULL,
-              setup_slot, test_properties, teardown_slot);
-  g_test_add ("/pkcs11/slot/token-info", TestSlot, NULL,
-              setup_slot, test_token_info, teardown_slot);
-  g_test_add ("/pkcs11/slot/token-not-present", TestSlot, NULL,
-              setup_slot, test_token_info_not_present, teardown_slot);
-  g_test_add ("/pkcs11/slot/matches-uri", TestSlot, NULL,
-              setup_slot, test_matches_uri, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-no-match", TestSlot, NULL,
-              setup_slot, test_enumerate_no_match, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-not-present", TestSlot, NULL,
-              setup_slot, test_enumerate_not_present, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-all", TestSlot, NULL,
-              setup_slot, test_enumerate_all, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-first", TestSlot, NULL,
-              setup_slot, test_enumerate_first, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-no-attrs", TestSlot, NULL,
-              setup_slot, test_enumerate_no_attrs, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-fail-session", TestSlot, NULL,
-              setup_slot, test_enumerate_fail_session, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-fail-attributes", TestSlot, NULL,
-              setup_slot, test_enumerate_fail_attributes, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-cancel", TestSlot, NULL,
-              setup_slot, test_enumerate_cancel, teardown_slot);
-  g_test_add ("/pkcs11/slot/enumerate-private", TestSlot, NULL,
-              setup_slot, test_enumerate_private, teardown_slot);
-
-  return g_test_run();
-}

diff --git a/tls/tests/pkcs11-util.c b/tls/tests/pkcs11-util.c
deleted file mode 100644 (file)
index 28c7026..0000000
--- a/tls/tests/pkcs11-util.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* GIO TLS tests
- *
- * Copyright (C) 2011 Collabora, Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include <gio/gio.h>
-
-#include <sys/types.h>
-#include <string.h>
-
-#include "pkcs11/gpkcs11util.h"
-
-static void
-test_propagate_error (void)
-{
-  GError *error = NULL;
-
-  if (!g_pkcs11_propagate_error (&error, CKR_BUFFER_TOO_SMALL))
-    g_assert_not_reached ();
-  g_assert_error (error, G_PKCS11_ERROR, (gint)CKR_BUFFER_TOO_SMALL);
-  g_clear_error (&error);
-
-  if (g_pkcs11_propagate_error (&error, CKR_OK))
-    g_assert_not_reached ();
-  g_assert_no_error (error);
-
-  if (!g_pkcs11_propagate_error (&error, CKR_CANCEL))
-    g_assert_not_reached ();
-  g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED);
-  g_clear_error (&error);
-}
-
-int
-main (int   argc,
-      char *argv[])
-{
-  g_test_init (&argc, &argv, NULL);
-
-  g_test_add_func ("/pkcs11/util/propagate-error", test_propagate_error);
-
-  return g_test_run();
-}