*.lo
*.la
*.test
+*.log
+*.trs
# autofoo stuff here
compile
INSTALL
ChangeLog
-m4/intltool.m4
m4/libtool.m4
m4/lt*.m4
proxy/libproxy/glib-pacrunner
+proxy/libproxy/glib-pacrunner.service
proxy/libproxy/org.gtk.GLib.PACRunner.service
proxy/tests/gnome
proxy/tests/libproxy
/tls/tests/pkcs11-pin
/tls/tests/pkcs11-slot
/tls/tests/pkcs11-util
+/tls/tests/files/server-csr.pem
+/tls/tests/files/client-csr.pem
--- /dev/null
+
+ LICENSE EXCEPTION FOR OPENSSL
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU Library General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
if test -n "$(GIO_QUERYMODULES)" -a -z "$(DESTDIR)"; then \
$(GIO_QUERYMODULES) $(GIO_MODULE_DIR) ; \
fi
+
+EXTRA_DIST += \
+ tap-driver.sh \
+ tap-test \
+ $(NULL)
+2.50.0
+======
+ * New stable release.
+
+ * Updated translations: British English, Polish
+
+2.49.90
+=======
+ * Ported to use upstream gettext rather than intltool/glib-gettext
+ [#768708, Javier Jardón]
+
+ * Updated po files for future gettext versions [Piotr Drąg]
+
+ * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
+
+ * Updated translations: Occitan
+
+2.48.2
+======
+ * gnutls: Fixed an infinite loop if a server sent two identical
+ copies of its CA certificate [#765317, Carlos Garcia Campos]
+
+ * New/updated translations: Occitan, Scottish Gaelic
+
+2.48.1
+======
+ * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
+
+ * Fixed bash-ism in configure [#765396, Patrick Welche]
+
+ * Updated translations: Friulian
+
+2.48.0
+======
+ * New stable release. (No changes since 2.47.90)
+
+2.47.90
+=======
+ * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
+ validation code directly, rather than attempting to build a
+ certificate chain itself first. [#753260 and others, Dan Winship]
+
+ * gnutls: Fixed a leak when closing a connection during an implicit
+ handshake [#736809, Philip Withnall]
+
+ * gnutls: Fixed "make check" without PKCS#11 support [#728977,
+ Gilles Dartiguelongue]
+
+ * gnutls: Various changes in preparation for DTLS support (but not
+ the actual DTLS support itself) [#697908, #735754, Philip
+ Withnall, Olivier Crête]
+
+ * Updated translations: Occitan
+
+2.47.1
+======
+ * Fixed a certificate chain validation problem that affected
+ Facebook in Epiphany. [#750457, Carlos Garcia Campos]
+
+ * Added a systemd service file for glib-pacrunner [#755740, Simon
+ McVittie]
+
+2.46.0
+======
+ * Various minor cleanups and small memory leak fixes
+
+ * Added a new test case for client certificate chain handling
+ [#754129, Michael Catanzaro]
+
+ * New/updated translations:
+ Japanese, Occitan, Portuguese
+
+2.45.1
+======
+ * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
+ to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
+ Lagerwall)
+
+2.44.0
+======
+ * New stable release. (No changes since 2.43.92)
+
+2.43.92
+=======
+ * Fix TLS session caching when using session tickets (#745099, Ross
+ Lagerwall)
+
+ * Updated translations:
+ Bosnian
+
+2.43.91
+=======
+ * tls/gnutls: Removed a workaround for connecting to servers with
+ weak DH parameters, which was apparently only needed because
+ gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
+ (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
+
+ * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
+ and 2.43.1 accidentally used a 3.x-only function, so we already
+ required it, we were just failing to declare that fact.)
+
+ * tls/tests: Skip certain tests when running against old gnutls or
+ GLib releases. (glib-networking 2.43.91 itself does not require
+ GLib 2.43, but one of the test cases does.)
+
+ * Updated translations:
+ Friulian
+
+2.43.1
+======
+
+ * The GTlsClientConnection "use-ssl3" property now falls back to TLS
+ 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
+ we now use the gnutls %LATEST_RECORD_VERSION option by default (to
+ allow connecting to certain servers that were incorrectly patched
+ for the POODLE attack), but also make sure to remove that option
+ in the fallback ("use-ssl3") mode (to allow connecting to other
+ servers that are differently broken). (#738633, #740087, Dan
+ Winship)
+
+ * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
+ (#736757, #736809, #737106, Philip Withnall)
+
+ * New/updated translations:
+ Kazakh
+
+2.42.0
+======
+ * New stable release. (No changes since 2.41.92)
+
+2.41.92
+=======
+ * tls/gnutls: Incorrectly-ordered certificate chains are now
+ accepted (#683266, Michael Catanzaro)
+
+ * tls/gnutls: Closing an already-closed GTlsConnection now correctly
+ returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
+ Crête)
+
+2.41.4
+======
+ * tls/gnutls: certificates with IP address subject altnames are now
+ supported (#726596, Aleix Conchillo Flaqué)
+
+ * tls/tests: added a script to re-generate the certificates, and
+ regenerated them (since the key for the existing CA certificate
+ had been lost, so it wasn't possible to add new test certificates,
+ eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
+
+ * Updated translations:
+ Greek
+
+2.41.3
+======
+ * tls/gnutls: g_tls_backend_get_default_database() should never
+ return %NULL; if glib-networking was built without a
+ ca-certificates file, then the default GTlsDatabase should just be
+ empty. (#727282, Olivier Crête)
+
+ * tls/gnutls: If a server's certificate includes an issuer chain, we
+ now send the entire chain to the client. (#724708, Aleix Conchillo
+ Flaqué)
+
+ * Updated translations:
+ Swedish
+
+2.40.0
+======
+ * New stable release. (No changes since 2.39.90)
+
+2.39.90
+=======
+ * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
+ Philip Withnall)
+
+ * tls/tests: Fix another flaky test (#722336)
+
+ * tests: use the TAP driver
+
+ * Updated translations:
+ Chinese, Czech
+
+2.39.3
+======
+ * tls/tests: Fix one sporadic bug in the connection test (#720081)
+ and make it properly fail rather than hanging forever when another
+ sporadic bug happens (which I don't actually know the cause of)
+ (#719727)
+
+ * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
+ Lortie)
+
+2.39.1
+======
+ * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
+ when processing a certificate request. (#637257, Stef Walter)
+
+ * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
+ correctly rather than reporting "The specified session has
+ been invalidated for some reason". (#710700, Aleix Concillo
+ Flaque)
+
+ * tls/tests: Fix to previous installed-tests fix, which resulted
+ in some files getting installed even when installed tests weren't
+ enabled. (#710197)
+
+ * tls/tests: add a test for a fix made in glib (#710691, Aleix
+ Conchillo Flaque).
+
+2.38.1
+======
+ * glibpacrunner: Don't crash if there is an internal libproxy error.
+ (rhbz #866927)
+
+ * tls/tests: Fix installed tests to not accidentally depend on
+ having the source tree still exist. (#709628)
+
+ * Updated translations:
+ Tajik
+
2.38.0
======
* New stable release. (No changes since 2.37.5)
mkdir -p m4
autoreconf --force --install --verbose || exit $?
-intltoolize --copy --force --automake || exit $?
cd "$olddir"
test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"
AC_PREREQ(2.65)
AC_CONFIG_MACRO_DIR([m4])
-AC_INIT([glib-networking],[2.38.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network])
+AC_INIT([glib-networking],[2.50.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network])
AC_CONFIG_SRCDIR([proxy/libproxy/glibproxyresolver.h])
AC_CONFIG_HEADERS([config.h])
dnl Checks for libraries.
dnl ****************************
-dnl *** Checks for intltool ***
+dnl *** Checks for gettext ***
dnl ****************************
+AM_GNU_GETTEXT_VERSION([0.19.4])
+AM_GNU_GETTEXT([external])
-IT_PROG_INTLTOOL([0.35.0])
GETTEXT_PACKAGE=glib-networking
-
AC_SUBST([GETTEXT_PACKAGE])
AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[The gettext domain name])
-AM_GLIB_GNU_GETTEXT
dnl *****************************
dnl *** Check GLib GIO ***
dnl *****************************
-AM_PATH_GLIB_2_0(2.38.0,,AC_MSG_ERROR(GLIB not found),gio)
-GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_36"
+AM_PATH_GLIB_2_0(2.46.0,,AC_MSG_ERROR(GLIB not found),gio)
+GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_46"
GIO_MODULE_DIR=$($PKG_CONFIG --variable giomoduledir gio-2.0)
-AS_IF([test "x$GIO_MODULE_DIR" = "x"],
+AS_IF([test "$GIO_MODULE_DIR" = ""],
[AC_MSG_FAILURE(GIO_MODULE_DIR is missing from gio-2.0.pc)])
AC_SUBST(GIO_MODULE_DIR)
[support for libproxy @<:@default=check@:>@])],
[],
[with_libproxy=check])
-AS_IF([test "x$with_libproxy" != "xno"],
+AS_IF([test "$with_libproxy" != "no"],
[PKG_CHECK_MODULES(LIBPROXY, [libproxy-1.0 >= 0.3.1],
[with_libproxy=yes; proxy_support=libproxy],
- [AS_IF([test "x$with_libproxy" = "xyes"],
+ [AS_IF([test "$with_libproxy" = "yes"],
[AC_MSG_FAILURE("$LIBPROXY_PKG_ERRORS")])])])
-AM_CONDITIONAL(HAVE_LIBPROXY, [test "x$with_libproxy" = "xyes"])
+AM_CONDITIONAL(HAVE_LIBPROXY, [test "$with_libproxy" = "yes"])
AC_SUBST(LIBPROXY_CFLAGS)
AC_SUBST(LIBPROXY_LIBS)
[support for GNOME proxy configuration @<:@default=check@:>@])],
[],
[with_gnome_proxy=check])
-AS_IF([test "x$with_gnome_proxy" != "xno"],
+AS_IF([test "$with_gnome_proxy" != "no"],
[PKG_CHECK_MODULES(GSETTINGS_DESKTOP_SCHEMAS, [gsettings-desktop-schemas],
[with_gnome_proxy=yes; proxy_support="gnome $proxy_support"],
- [AS_IF([test "x$with_gnome_proxy" = "xyes"],
+ [AS_IF([test "$with_gnome_proxy" = "yes"],
[AC_MSG_FAILURE("$GSETTINGS_DESKTOP_SCHEMAS_PKG_ERRORS")])])])
-AM_CONDITIONAL(HAVE_GNOME_PROXY, [test "x$with_gnome_proxy" = "xyes"])
+AM_CONDITIONAL(HAVE_GNOME_PROXY, [test "$with_gnome_proxy" = "yes"])
AC_SUBST(GSETTINGS_DESKTOP_SCHEMAS_CFLAGS)
dnl *****************************
dnl *** Checks for GNUTLS ***
dnl *****************************
-GNUTLS_MIN_REQUIRED=2.12.8
+GNUTLS_MIN_REQUIRED=3.0
AC_ARG_WITH(gnutls,
[AC_HELP_STRING([--with-gnutls],
[support for GNUTLS @<:@default=yes@:>@])],
[],
[with_gnutls=yes])
-if test "x$with_gnutls" != "xno"; then
+if test "$with_gnutls" != "no"; then
PKG_CHECK_MODULES(GNUTLS,
[gnutls >= $GNUTLS_MIN_REQUIRED],
[with_gnutls=yes
tls_support="${tls_support}gnutls "],
- [AS_IF([test "x$with_gnutls" = "xyes"],
+ [AS_IF([test "$with_gnutls" = "yes"],
[AC_MSG_FAILURE("$GNUTLS_PKG_ERRORS")])])
fi
-AM_CONDITIONAL(HAVE_GNUTLS, [test "x$with_gnutls" = "xyes"])
+AM_CONDITIONAL(HAVE_GNUTLS, [test "$with_gnutls" = "yes"])
AC_SUBST(GNUTLS_CFLAGS)
AC_SUBST(GNUTLS_LIBS)
-if test "x$with_gnutls" = "xyes"; then
+if test "$with_gnutls" = "yes"; then
AC_MSG_CHECKING([location of system Certificate Authority list])
AC_ARG_WITH(ca-certificates,
[AC_HELP_STRING([--with-ca-certificates=@<:@path@:>@],
[support for pkcs11 @<:@default=check@:>@])],
[],
[with_pkcs11=check])
-if test "x$with_pkcs11" != "xno"; then
+if test "$with_pkcs11" != "no"; then
PKG_CHECK_MODULES(PKCS11,
[p11-kit-1 >= $P11_KIT_REQUIRED],
[with_pkcs11=yes
pkcs11_support=p11-kit
tls_support="${tls_support}gnutls-pkcs11 "
AC_DEFINE_UNQUOTED([HAVE_PKCS11], [1], [Building with PKCS#11 support])],
- [AS_IF([test "x$with_pkcs11" = "xyes"],
+ [AS_IF([test "$with_pkcs11" = "yes"],
[AC_MSG_FAILURE("$PKCS11_PKG_ERRORS")])
pkcs11_support=no])
else
pkcs11_support=no
fi
-AM_CONDITIONAL(HAVE_PKCS11, [test "x$with_pkcs11" = "xyes"])
+AM_CONDITIONAL(HAVE_PKCS11, [test "$with_pkcs11" = "yes"])
AC_SUBST(PKCS11_CFLAGS)
AC_SUBST(PKCS11_LIBS)
[Enable gcov]),
[use_gcov=$enableval], [use_gcov=no])
-if test "x$use_gcov" = "xyes"; then
+if test "$use_gcov" = "yes"; then
dnl we need gcc:
if test "$GCC" != "yes"; then
AC_MSG_ERROR([GCC is required for --enable-gcov])
if test "$tls_support" != "no"; then
echo " PKCS#11 Support: $pkcs11_support"
echo " TLS CA file: ${with_ca_certificates:-(none)}"
- if test -n "$with_ca_certificates"; then
+ if test "x$with_ca_certificates" != xno -a -n "$with_ca_certificates"; then
if ! test -f "$with_ca_certificates"; then
AC_MSG_WARN([Specified certificate authority file '$with_ca_certificates' does not exist])
fi
<download-page rdf:resource="http://download.gnome.org/sources/glib-networking" />
<bug-database rdf:resource="http://bugzilla.gnome.org/browse.cgi?product=glib" />
+ <category rdf:resource="http://api.gnome.org/doap-extensions#core" />
+ <programming-language>C</programming-language>
<maintainer>
<foaf:Person>
AM_CPPFLAGS = \
-DG_LOG_DOMAIN=\"GLib-Net\" \
+ -DLOCALE_DIR=\""$(localedir)"\" \
-DG_DISABLE_DEPRECATED \
$(GLIB_CFLAGS) \
$(NULL)
# GLIB - Library of useful C routines
-GTESTER = gtester # for non-GLIB packages
-GTESTER_REPORT = gtester-report # for non-GLIB packages
-#GTESTER = $(top_builddir)/glib/gtester # for the GLIB package
-#GTESTER_REPORT = $(top_builddir)/glib/gtester-report # for the GLIB package
+TESTS_ENVIRONMENT= \
+ G_TEST_SRCDIR="$(abs_srcdir)" \
+ G_TEST_BUILDDIR="$(abs_builddir)" \
+ G_DEBUG=gc-friendly \
+ MALLOC_CHECK_=2 \
+ MALLOC_PERTURB_=$$(($${RANDOM:-256} % 256))
+LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
+LOG_COMPILER = $(top_srcdir)/tap-test
+
NULL =
# initialize variables for unconditional += appending
DISTCLEANFILES =
MAINTAINERCLEANFILES =
EXTRA_DIST =
-TEST_PROGS =
+TESTS =
installed_test_LTLIBRARIES =
installed_test_PROGRAMS =
check_SCRIPTS =
check_DATA =
-TESTS =
-
-### testing rules
-
-# test: run all tests in cwd and subdirs
-test: test-nonrecursive
- @ for subdir in $(SUBDIRS) . ; do \
- test "$$subdir" = "." -o "$$subdir" = "po" || \
- ( cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $@ ) || exit $? ; \
- done
-
-# test-nonrecursive: run tests only in cwd
-test-nonrecursive: ${TEST_PROGS}
- @test -z "${TEST_PROGS}" || G_TEST_SRCDIR="$(abs_srcdir)" G_TEST_BUILDDIR="$(abs_builddir)" G_DEBUG=gc-friendly MALLOC_CHECK_=2 MALLOC_PERTURB_=$$(($${RANDOM:-256} % 256)) ${GTESTER} --verbose ${TEST_PROGS}
-
-# test-report: run tests in subdirs and generate report
-# perf-report: run tests in subdirs with -m perf and generate report
-# full-report: like test-report: with -m perf and -m slow
-test-report perf-report full-report: ${TEST_PROGS}
- @test -z "${TEST_PROGS}" || { \
- case $@ in \
- test-report) test_options="-k";; \
- perf-report) test_options="-k -m=perf";; \
- full-report) test_options="-k -m=perf -m=slow";; \
- esac ; \
- if test -z "$$GTESTER_LOGDIR" ; then \
- G_TEST_SRCDIR="$(abs_srcdir)" G_TEST_BUILDDIR="$(abs_builddir)" ${GTESTER} --verbose $$test_options -o test-report.xml ${TEST_PROGS} ; \
- elif test -n "${TEST_PROGS}" ; then \
- G_TEST_SRCDIR="$(abs_srcdir)" G_TEST_BUILDDIR="$(abs_builddir)" ${GTESTER} --verbose $$test_options -o `mktemp "$$GTESTER_LOGDIR/log-XXXXXX"` ${TEST_PROGS} ; \
- fi ; \
- }
- @ ignore_logdir=true ; \
- if test -z "$$GTESTER_LOGDIR" ; then \
- GTESTER_LOGDIR=`mktemp -d "\`pwd\`/.testlogs-XXXXXX"`; export GTESTER_LOGDIR ; \
- ignore_logdir=false ; \
- fi ; \
- if test -d "$(top_srcdir)/.git" ; then \
- REVISION=`git describe` ; \
- else \
- REVISION=$(VERSION) ; \
- fi ; \
- for subdir in $(SUBDIRS) . ; do \
- test "$$subdir" = "." -o "$$subdir" = "po" || \
- ( cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $@ ) || exit $? ; \
- done ; \
- $$ignore_logdir || { \
- echo '<?xml version="1.0"?>' > $@.xml ; \
- echo '<report-collection>' >> $@.xml ; \
- echo '<info>' >> $@.xml ; \
- echo ' <package>$(PACKAGE)</package>' >> $@.xml ; \
- echo ' <version>$(VERSION)</version>' >> $@.xml ; \
- echo " <revision>$$REVISION</revision>" >> $@.xml ; \
- echo '</info>' >> $@.xml ; \
- for lf in `ls -L "$$GTESTER_LOGDIR"/.` ; do \
- sed '1,1s/^<?xml\b[^>?]*?>//' <"$$GTESTER_LOGDIR"/"$$lf" >> $@.xml ; \
- done ; \
- echo >> $@.xml ; \
- echo '</report-collection>' >> $@.xml ; \
- rm -rf "$$GTESTER_LOGDIR"/ ; \
- ${GTESTER_REPORT} --version 2>/dev/null 1>&2 ; test "$$?" != 0 || ${GTESTER_REPORT} $@.xml >$@.html ; \
- }
-.PHONY: test test-report perf-report full-report test-nonrecursive
-
-.PHONY: lcov genlcov lcov-clean
-# use recursive makes in order to ignore errors during check
-lcov:
- -$(MAKE) $(AM_MAKEFLAGS) -k check
- $(MAKE) $(AM_MAKEFLAGS) genlcov
-
-# we have to massage the lcov.info file slightly to hide the effect of libtool
-# placing the objects files in the .libs/ directory separate from the *.c
-# we also have to delete tests/.libs/libmoduletestplugin_*.gcda
-genlcov:
- rm -f $(top_builddir)/tests/.libs/libmoduletestplugin_*.gcda
- $(LTP) --directory $(top_builddir) --capture --output-file glib-lcov.info --test-name GLIB_PERF --no-checksum --compat-libtool
- LANG=C $(LTP_GENHTML) --prefix $(top_builddir) --output-directory glib-lcov --title "GLib Code Coverage" --legend --show-details glib-lcov.info
- @echo "file://$(abs_top_builddir)/glib-lcov/index.html"
-
-lcov-clean:
- -$(LTP) --directory $(top_builddir) -z
- -rm -rf glib-lcov.info glib-lcov
- -find -name '*.gcda' -print | xargs rm
-
-# run tests in cwd as part of make check
-check-local: test-nonrecursive
-
# We support a fairly large range of possible variables. It is expected that all types of files in a test suite
# will belong in exactly one of the following variables.
#
# variants) will be run as part of the in-tree 'make check'. These are all assumed to be runnable under
# gtester. That's a bit strange for scripts, but it's possible.
-# we use test -z "$(TEST_PROGS)" above, so make sure we have no extra whitespace...
-TEST_PROGS += $(strip $(test_programs) $(test_scripts) $(uninstalled_test_programs) $(uninstalled_test_scripts) \
- $(dist_test_scripts) $(dist_uninstalled_test_scripts))
+TESTS += $(test_programs) $(test_scripts) $(uninstalled_test_programs) $(uninstalled_test_scripts) \
+ $(dist_test_scripts) $(dist_uninstalled_test_scripts)
# Note: build even the installed-only targets during 'make check' to ensure that they still work.
# We need to do a bit of trickery here and manage disting via EXTRA_DIST instead of using dist_ prefixes to
%.test: %$(EXEEXT) Makefile
$(AM_V_GEN) (echo '[Test]' > $@.tmp; \
echo 'Type=session' >> $@.tmp; \
- echo 'Exec=$(installed_testdir)/$<' >> $@.tmp; \
+ echo 'Exec=$(installed_testdir)/$(notdir $<) --tap' >> $@.tmp; \
+ echo 'Output=TAP' >> $@.tmp; \
mv $@.tmp $@)
CLEANFILES += $(installed_test_meta_DATA)
*) AC_MSG_ERROR([bad value ${enableval} for --enable-always-build-tests]) ;;
esac])
AM_CONDITIONAL([ENABLE_ALWAYS_BUILD_TESTS], test "$ENABLE_ALWAYS_BUILD_TESTS" = "1")
- if test "$ENABLE_INSTALLED_TESTS" == "1"; then
+ if test "$ENABLE_INSTALLED_TESTS" = "1"; then
AC_SUBST(installed_test_metadir, [${datadir}/installed-tests/]AC_PACKAGE_NAME)
AC_SUBST(installed_testdir, [${libexecdir}/installed-tests/]AC_PACKAGE_NAME)
fi
be
bg
bn_IN
+bs
ca
ca@valencia
cs
fi
fr
fur
+gd
gl
gu
he
id
it
ja
+kk
km
kn
ko
mr
nb
nl
+oc
or
pa
pl
--- /dev/null
+# Makefile variables for PO directory in any package using GNU gettext.
+
+# Usually the message domain is the same as the package name.
+DOMAIN = $(PACKAGE)
+
+# These two variables depend on the location of this directory.
+subdir = po
+top_builddir = ..
+
+# These options get passed to xgettext.
+XGETTEXT_OPTIONS = --from-code=UTF-8 --keyword=_ --keyword=N_ --keyword=C_:1c,2 --keyword=NC_:1c,2 --keyword=g_dngettext:2,3 --add-comments
+
+# This is the copyright holder that gets inserted into the header of the
+# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
+# package. (Note that the msgstr strings, extracted from the package's
+# sources, belong to the copyright holder of the package.) Translators are
+# expected to transfer the copyright for their translations to this person
+# or entity, or to disclaim their copyright. The empty string stands for
+# the public domain; in this case the translators are expected to disclaim
+# their copyright.
+COPYRIGHT_HOLDER = Free Software Foundation, Inc.
+
+# This tells whether or not to prepend "GNU " prefix to the package
+# name that gets inserted into the header of the $(DOMAIN).pot file.
+# Possible values are "yes", "no", or empty. If it is empty, try to
+# detect it automatically by scanning the files in $(top_srcdir) for
+# "GNU packagename" string.
+PACKAGE_GNU =
+
+# This is the email address or URL to which the translators shall report
+# bugs in the untranslated strings:
+# - Strings which are not entire sentences, see the maintainer guidelines
+# in the GNU gettext documentation, section 'Preparing Strings'.
+# - Strings which use unclear terms or require additional context to be
+# understood.
+# - Strings which make invalid assumptions about notation of date, time or
+# money.
+# - Pluralisation problems.
+# - Incorrect English spelling.
+# - Incorrect formatting.
+# It can be your email address, or a mailing list address where translators
+# can write to without being subscribed, or the URL of a web page through
+# which the translators can contact you.
+MSGID_BUGS_ADDRESS =
+
+# This is the list of locale categories, beyond LC_MESSAGES, for which the
+# message catalogs shall be used. It is usually empty.
+EXTRA_LOCALE_CATEGORIES =
+
+# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt'
+# context. Possible values are "yes" and "no". Set this to yes if the
+# package uses functions taking also a message context, like pgettext(), or
+# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument.
+USE_MSGCTXT = no
+
+# These options get passed to msgmerge.
+# Useful options are in particular:
+# --previous to keep previous msgids of translated messages,
+# --quiet to reduce the verbosity.
+MSGMERGE_OPTIONS =
+
+# These options get passed to msginit.
+# If you want to disable line wrapping when writing PO files, add
+# --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and
+# MSGINIT_OPTIONS.
+MSGINIT_OPTIONS =
+
+# This tells whether or not to regenerate a PO file when $(DOMAIN).pot
+# has changed. Possible values are "yes" and "no". Set this to no if
+# the POT file is checked in the repository and the version control
+# program ignores timestamps.
+PO_DEPENDS_ON_POT = no
+
+# This tells whether or not to forcibly update $(DOMAIN).pot and
+# regenerate PO files on "make dist". Possible values are "yes" and
+# "no". Set this to no if the POT file and PO files are maintained
+# externally.
+DIST_DEPENDS_ON_UPDATE_PO = no
"PO-Revision-Date: 2011-02-11 13:52+0530\n"
"Last-Translator: \n"
"Language-Team: Bengali (India) <bn_IN@li.org>\n"
+"Language: bn_IN\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
--- /dev/null
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-networking\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2015-02-27 06:51+0000\n"
+"PO-Revision-Date: 2015-02-04 14:27+0000\n"
+"Last-Translator: Samir Ribić <Unknown>\n"
+"Language-Team: Bosnian <bs@li.org>\n"
+"Language: bs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2015-02-05 07:01+0000\n"
+"X-Generator: Launchpad (build 17331)\n"
+
+#: ../proxy/libproxy/glibproxyresolver.c:157
+msgid "Proxy resolver internal error."
+msgstr "Interna greška bliskog razrješivača."
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Ne mogu analizirati DER certifikate: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Ne mogu analizirati PEM certifikate:: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Ne mogu analizirati DER privatni ključ:: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Ne mogu analizirati PEM privatni ključ: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+msgid "No certificate data provided"
+msgstr "Nema datih certifikacijskih podataka"
+
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+msgid "Server required TLS certificate"
+msgstr "Server zahtijeva TLS certifikat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:305
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ne mogu kreirati TLS vezu: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:572
+msgid "Connection is closed"
+msgstr "Veza je zatvorena"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:635
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1504
+msgid "Operation would block"
+msgstr "Operacija bi se blokirala"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:774
+#: ../tls/gnutls/gtlsconnection-gnutls.c:813
+msgid "Peer failed to perform TLS handshake"
+msgstr "Saradnik neuspio da obavi TLS usaglašavanje"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:792
+msgid "Peer requested illegal TLS rehandshake"
+msgstr "Saradnik zahtijevao neispravno TLS ponovno usaglašavanje"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:819
+msgid "TLS connection closed unexpectedly"
+msgstr "TLS veza neočekivano zatvorena"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:829
+msgid "TLS connection peer did not send a certificate"
+msgstr "Saradnik u TLS konekciji nije poslao certifikat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1245
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška u TLS usaglašavanju: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1255
+msgid "Server did not return a valid TLS certificate"
+msgstr "Server nije vratio važeći TLS certifikat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1330
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljiv TLS certifikat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1538
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Greška u čitanju podataka iz TLS soketa: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1567
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Greška u pisnju podataka u TLS soket: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1619
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Greška u obavljanju TLS zatvaranja: %s"
+
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+msgid "Certificate has no private key"
+msgstr "Certifikat nema privatnog ključa"
+
+#: ../tls/pkcs11/gpkcs11pin.c:108
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr ""
+"Ovo je zadnja šansa da pravilno unesete PIN prije nego se token zaključa."
+
+#: ../tls/pkcs11/gpkcs11pin.c:110
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+"Nekoliko PIN pokušaja je bilo netačni, a token će biti zaključan nakon "
+"daljih grešaka."
+
+#: ../tls/pkcs11/gpkcs11pin.c:112
+msgid "The PIN entered is incorrect."
+msgstr "Uneseni PIN je neispravan."
+
+#: ../tls/pkcs11/gpkcs11slot.c:446
+msgid "Module"
+msgstr "Modul"
+
+#: ../tls/pkcs11/gpkcs11slot.c:447
+msgid "PKCS#11 Module Pointer"
+msgstr "PKCS#11 Module Pointer"
+
+#: ../tls/pkcs11/gpkcs11slot.c:454
+msgid "Slot ID"
+msgstr "IB slota"
+
+#: ../tls/pkcs11/gpkcs11slot.c:455
+msgid "PKCS#11 Slot Identifier"
+msgstr "PKCS#11 Identifikator slota"
"PO-Revision-Date: 2012-08-16 19:02+0200\n"
"Last-Translator: Gil Forcada <gilforcada@guifi.net>\n"
"Language-Team: Catalan <gnome-dl@llistes.softcatala.org>\n"
-"Language: ca-XV\n"
+"Language: ca@valencia\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
-msgstr "Máte poslední pokus zadat PIN správně, pak bude kupon zablokován."
+msgstr "Máte poslední pokus zadat PIN správně, pak bude tiket zablokován."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude kupon "
+"Několik pokusů PIN bylo nesprávných a po dalším neúspěchu bude tiket "
"zablokován."
#: ../tls/pkcs11/gpkcs11pin.c:112
"PO-Revision-Date: 2013-03-04 08:30+0100\n"
"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
"Language-Team: Deutsch <gnome-de@gnome.org>\n"
-"Language: \n"
+"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
-"eywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-11-29 22:09+0000\n"
-"PO-Revision-Date: 2012-12-24 17:24+0300\n"
-"Last-Translator: Dimitris Spingos (Δημήτρης Σπίγγος) <dmtrs32@gmail.com>\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2014-07-09 05:52+0000\n"
+"PO-Revision-Date: 2014-07-09 14:43+0200\n"
+"Last-Translator: Tom Tryfonidis <tomtryf@gmail.com>\n"
"Language-Team: team@gnome.gr\n"
"Language: el\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Virtaal 0.7.1\n"
+"X-Generator: Poedit 1.6.5\n"
"X-Project-Style: gnome\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "Εσωτερικό σφάλμα επίλυσης διαμεσολαβητή."
msgid "No certificate data provided"
msgstr "Δεν παρέχονται δεδομένα πιστοποιητικού"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
msgid "Server required TLS certificate"
msgstr "Ο διακομιστής απαίτησε πιστοποιητικό TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: ../tls/gnutls/gtlsconnection-gnutls.c:267
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Αδύνατη η δημιουργία σύνδεσης TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: ../tls/gnutls/gtlsconnection-gnutls.c:531
msgid "Connection is closed"
msgstr "Η σύνδεση έκλεισε"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1382
+#: ../tls/gnutls/gtlsconnection-gnutls.c:594
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1465
msgid "Operation would block"
msgstr "Η λειτουργία θα μπλοκαριστεί"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:703
+#: ../tls/gnutls/gtlsconnection-gnutls.c:733
+#: ../tls/gnutls/gtlsconnection-gnutls.c:772
msgid "Peer failed to perform TLS handshake"
-msgstr "Î\9f άλλος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS"
+msgstr "Î\9f ομÏ\8cÏ\84ιμος υπολογιστής απέτυχε να εκτελέσει «χειραψία» TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:720
+#: ../tls/gnutls/gtlsconnection-gnutls.c:751
msgid "Peer requested illegal TLS rehandshake"
-msgstr "Î\9f άλλος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS"
+msgstr "Î\9f ομÏ\8cÏ\84ιμος υπολογιστής απαίτησε παράτυπη «χειραψία» TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:746
+#: ../tls/gnutls/gtlsconnection-gnutls.c:778
msgid "TLS connection closed unexpectedly"
msgstr "Η σύνδεση TLS τερματίστηκε απρόσμενα"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:756
-#| msgid "Server did not return a valid TLS certificate"
+#: ../tls/gnutls/gtlsconnection-gnutls.c:788
msgid "TLS connection peer did not send a certificate"
msgstr "Η ομότιμη σύνδεση TLS δεν έστειλε πιστοποιητικό"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1064
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1083
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1178
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1211
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Σφάλμα κατά τη «χειραψία» TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1228
-msgid "Unacceptable TLS certificate"
-msgstr "Μη αποδεκτό πιστοποιητικό TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1239
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
msgid "Server did not return a valid TLS certificate"
msgstr "Ο διακομιστής δεν επέστρεψε ένα έγκυρο πιστοποιητικό TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1405
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1296
+msgid "Unacceptable TLS certificate"
+msgstr "Μη αποδεκτό πιστοποιητικό TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1499
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Σφάλμα κατά την ανάγνωση δεδομένων από την υποδοχή TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1434
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Σφάλμα κατά την εγγραφή δεδομένων στην υποδοχή TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1478
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1572
msgid "Connection is already closed"
msgstr "Η σύνδεση έχει ήδη κλείσει"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1488
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1582
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Σφάλμα κατά το κλείσιμο TLS: %s"
"locked."
msgstr ""
"Αυτή είναι η τελευταία σας ευκαιρία να πληκτρολογήσετε σωστά το PIN πριν να "
-"κλειδωθεί το token."
+"κλειδωθεί το διακριτικό."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το token θα κλειδωθεί μετά από "
-"περαιτέρω αποτυχίες."
+"Αρκετές προσπάθειες PIN ήταν εσφαλμένες, και το διακριτικό θα κλειδωθεί μετά "
+"από περαιτέρω αποτυχίες."
#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
-msgstr "Το PIN Ï\80οÏ\85 ειÏ\83άγαÏ\84ε δεν είναι ÎγκÏ\85Ï\81ο."
+msgstr "Î\94εν είναι ÎγκÏ\85Ï\81ο Ï\84ο PIN Ï\80οÏ\85 Ï\80ληκÏ\84Ï\81ολογήÏ\83αÏ\84ε."
#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr "ID υποδοχής"
+msgstr "Αναγνωριστικό υποδοχής"
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
"PO-Revision-Date: 2010-08-13 17:42-0400\n"
"Last-Translator: Nicolas Dufresne <nicolasd@git.gnome.org>\n"
"Language-Team: Canadian English <nicolasd@git.gnome.org>\n"
+"Language: en_CA\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2012-09-05 19:36+0100\n"
-"PO-Revision-Date: 2012-09-05 19:36+0100\n"
-"Last-Translator: Bruce Cowan <bruce@bcowan.me.uk>\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2016-08-15 21:53+0000\n"
+"PO-Revision-Date: 2016-09-18 12:18+0200\n"
+"Last-Translator: David King <amigadave@amigadave.com>\n"
"Language-Team: British English <en@li.org>\n"
"Language: en_GB\n"
"MIME-Version: 1.0\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Virtaal 0.7.1\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "Proxy resolver internal error."
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Could not parse DER certificate: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Could not parse PEM certificate: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Could not parse DER private key: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Could not parse PEM private key: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
msgid "No certificate data provided"
msgstr "No certificate data provided"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
msgid "Server required TLS certificate"
msgstr "Server required TLS certificate"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:323
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Could not create TLS connection: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: tls/gnutls/gtlsconnection-gnutls.c:585
msgid "Connection is closed"
msgstr "Connection is closed"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:574
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1377
+#: tls/gnutls/gtlsconnection-gnutls.c:658
+#: tls/gnutls/gtlsconnection-gnutls.c:1537
msgid "Operation would block"
msgstr "Operation would block"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:701
+#: tls/gnutls/gtlsconnection-gnutls.c:808
+#: tls/gnutls/gtlsconnection-gnutls.c:847
msgid "Peer failed to perform TLS handshake"
msgstr "Peer failed to perform TLS handshake"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:718
+#: tls/gnutls/gtlsconnection-gnutls.c:826
msgid "Peer requested illegal TLS rehandshake"
msgstr "Peer requested illegal TLS rehandshake"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:744
+#: tls/gnutls/gtlsconnection-gnutls.c:853
msgid "TLS connection closed unexpectedly"
msgstr "TLS connection closed unexpectedly"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1055
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1074
+#: tls/gnutls/gtlsconnection-gnutls.c:863
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS connection peer did not send a certificate"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1250
+#: tls/gnutls/gtlsconnection-gnutls.c:1283
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Error performing TLS handshake: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1210
-msgid "Unacceptable TLS certificate"
-msgstr "Unacceptable TLS certificate"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
msgid "Server did not return a valid TLS certificate"
msgstr "Server did not return a valid TLS certificate"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1400
+#: tls/gnutls/gtlsconnection-gnutls.c:1363
+msgid "Unacceptable TLS certificate"
+msgstr "Unacceptable TLS certificate"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1571
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Error reading data from TLS socket: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1429
+#: tls/gnutls/gtlsconnection-gnutls.c:1600
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Error writing data to TLS socket: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1473
-msgid "Connection is already closed"
-msgstr "Connection is already closed"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1483
+#: tls/gnutls/gtlsconnection-gnutls.c:1664
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Error performing TLS close: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
msgid "Certificate has no private key"
msgstr "Certificate has no private key"
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
"This is the last chance to enter the PIN correctly before the token is "
"locked."
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
msgid "The PIN entered is incorrect."
msgstr "The PIN entered is incorrect."
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:449
msgid "Module"
msgstr "Module"
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:450
msgid "PKCS#11 Module Pointer"
msgstr "PKCS#11 Module Pointer"
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:457
msgid "Slot ID"
msgstr "Slot ID"
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:458
msgid "PKCS#11 Slot Identifier"
msgstr "PKCS#11 Slot Identifier"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "Connection is already closed"
"PO-Revision-Date: 2011-05-15 15:54+0200\n"
"Last-Translator: Kristjan SCHMIDT <kristjan.schmidt@googlemail.com>\n"
"Language-Team: Esperanto <ubuntu-l10n-eo@lists.launchpad.net>\n"
+"Language: eo\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2012-12-02 19:10+0100\n"
"Last-Translator: Daniel Mustieles <daniel.mustieles@gmail.com>\n"
"Language-Team: Español; Castellano <gnome-es-list@gnome.org>\n"
-"Language: \n"
+"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-03-23 18:10+0330\n"
"Last-Translator: Arash Mousavi <mousavi.arash@gmail.com>\n"
"Language-Team: Persian\n"
-"Language: fa_IR\n"
+"Language: fa\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-02-25 20:13+0100\n"
"Last-Translator: Claude Paroz <claude@2xlibre.net>\n"
"Language-Team: GNOME French Team <gnomefr@traduc.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-03-25 12:43+0000\n"
-"PO-Revision-Date: 2013-03-26 13:02+0100\n"
+"POT-Creation-Date: 2016-04-08 06:55+0000\n"
+"PO-Revision-Date: 2016-04-08 18:19+0200\n"
"Last-Translator: Fabio Tomat <f.t.public@gmail.com>\n"
"Language-Team: Friulian <fur@li.org>\n"
"Language: fur\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 1.8.5\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
-msgstr ""
+msgstr "Erôr interni dal resolver proxy."
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: ../tls/gnutls/gtlscertificate-gnutls.c:176
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr ""
+msgstr "Impussibil analizâ il certificât DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: ../tls/gnutls/gtlscertificate-gnutls.c:197
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr ""
+msgstr "Impussibil analizâ il certificât PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: ../tls/gnutls/gtlscertificate-gnutls.c:228
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr ""
+msgstr "Impussibil analizâ la clâf privade DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: ../tls/gnutls/gtlscertificate-gnutls.c:259
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr ""
+msgstr "Impussibil analizâ la clâf privade PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: ../tls/gnutls/gtlscertificate-gnutls.c:299
msgid "No certificate data provided"
msgstr "Nissun dât di certificât dât"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
msgid "Server required TLS certificate"
msgstr "Il server al domande un certificât TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: ../tls/gnutls/gtlsconnection-gnutls.c:323
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Impussibil creâ la conession TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: ../tls/gnutls/gtlsconnection-gnutls.c:585
msgid "Connection is closed"
-msgstr "La conession a je sierade"
+msgstr "La conession e je sierade"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
+#: ../tls/gnutls/gtlsconnection-gnutls.c:658
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
msgid "Operation would block"
-msgstr "Le operazion a podares blocasi"
+msgstr "Le operazion e podarès blocâsi"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: ../tls/gnutls/gtlsconnection-gnutls.c:808
+#: ../tls/gnutls/gtlsconnection-gnutls.c:847
msgid "Peer failed to perform TLS handshake"
-msgstr ""
+msgstr "Il grop nol è rivât a eseguî il handshake TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: ../tls/gnutls/gtlsconnection-gnutls.c:826
msgid "Peer requested illegal TLS rehandshake"
-msgstr ""
+msgstr "Il grop al à domandât un rehandshake TLS no lecit"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: ../tls/gnutls/gtlsconnection-gnutls.c:853
msgid "TLS connection closed unexpectedly"
-msgstr ""
+msgstr "Sieradure inspietade de conession TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: ../tls/gnutls/gtlsconnection-gnutls.c:863
msgid "TLS connection peer did not send a certificate"
-msgstr "Il grop di conession TLS nol a inviât un certificât"
+msgstr "Il grop di conession TLS nol à inviât un certificât"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Erôr tal eseguî il handshake TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
msgid "Server did not return a valid TLS certificate"
-msgstr "Il server nol a tornât un certificât TLS valit"
+msgstr "Il server nol à tornât un certificât TLS valit"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
msgid "Unacceptable TLS certificate"
-msgstr ""
+msgstr "certificât TLS no acetabil"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Erôr tal lei dâts tal socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Erôr tal scrivi dâts tal socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "La conession a je za sierade"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
#, c-format
msgid "Error performing TLS close: %s"
-msgstr ""
+msgstr "Erôr tal sierâ TLS: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
msgid "Certificate has no private key"
-msgstr "Il certificât a nol a une clâf privade"
+msgstr "Il certificât nol à une clâf privade"
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: ../tls/pkcs11/gpkcs11pin.c:111
msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+"This is the last chance to enter the PIN correctly before the token is locked."
msgstr ""
-"Cheste a je l'ultime pussibilitât par inserî il PIN coret prime che al vegni "
+"Cheste e je la ultime pussibilitât par inserî il PIN coret prime che al vegni "
"blocât il token."
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: ../tls/pkcs11/gpkcs11pin.c:113
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
"A son stâts fats une vore di tentatîfs par meti il PIN, il token al sarà "
"blocât dopo altris faliments."
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: ../tls/pkcs11/gpkcs11pin.c:115
msgid "The PIN entered is incorrect."
-msgstr "Il PIN dât a nol è coret."
+msgstr "Il PIN dât nol è coret."
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: ../tls/pkcs11/gpkcs11slot.c:449
msgid "Module"
-msgstr ""
+msgstr "Modul"
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: ../tls/pkcs11/gpkcs11slot.c:450
msgid "PKCS#11 Module Pointer"
-msgstr ""
+msgstr "Pontadôr modul PKCS#11"
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: ../tls/pkcs11/gpkcs11slot.c:457
msgid "Slot ID"
-msgstr ""
+msgstr "ID dal slot"
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: ../tls/pkcs11/gpkcs11slot.c:458
msgid "PKCS#11 Slot Identifier"
-msgstr ""
+msgstr "Identificadôr Slot PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La conession a je za sierade"
--- /dev/null
+# Scottish Gaelic translation for glib-networking.
+# Copyright (C) 2016 glib-networking's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-networking package.
+# GunChleoc <fios@foramnagaidhlig.net>, 2016.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-networking master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&k"
+"eywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2016-04-28 06:59+0000\n"
+"PO-Revision-Date: 2016-04-28 15:01+0100\n"
+"Last-Translator: GunChleoc <fios@foramnagaidhlig.net>\n"
+"Language-Team: Fòram na Gàidhlig\n"
+"Language: gd\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=4; plural=(n==1 || n==11) ? 0 : (n==2 || n==12) ? 1 : "
+"(n > 2 && n < 20) ? 2 : 3;\n"
+"X-Generator: Virtaal 0.7.1\n"
+"X-Project-Style: gnome\n"
+
+#: ../proxy/libproxy/glibproxyresolver.c:157
+msgid "Proxy resolver internal error."
+msgstr "Mearachd taobh a-stagh an fhuasglaiche progsaidh."
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Cha deach leinn teisteanas DER a pharsadh: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Cha deach leinn teisteanas PEM a pharsadh: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Cha deach leinn iuchair phrìobhaideach DER a pharsadh: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Cha deach leinn iuchair phrìobhaideach PEM a pharsadh: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+msgid "No certificate data provided"
+msgstr "Cha deach dàta teisteanais a thoirt seachad"
+
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
+msgid "Server required TLS certificate"
+msgstr "Dh'iarr am frithealaiche teisteanas TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:323
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Cha b' urrainn dhuinn ceangal TLS a chruthachadh: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:585
+msgid "Connection is closed"
+msgstr "Chaidh an ceangal a dhùnadh"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:658
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
+msgid "Operation would block"
+msgstr "Dhèanadh an t-obrachadh bacadh"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:808
+#: ../tls/gnutls/gtlsconnection-gnutls.c:847
+msgid "Peer failed to perform TLS handshake"
+msgstr "Cha do rinn an seise crathadh-làimhe TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:826
+msgid "Peer requested illegal TLS rehandshake"
+msgstr "Dh'iarr an seise ath-chrathadh-làimhe TLS mì-dhligheach"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+msgid "TLS connection closed unexpectedly"
+msgstr "Chaidh an ceangal TLS a dhùnadh gun dùil"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:863
+msgid "TLS connection peer did not send a certificate"
+msgstr "Cha do chuir seise a' cheangail TLS teisteanas"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Mearachd le crathadh-làimhe TLS: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
+msgid "Server did not return a valid TLS certificate"
+msgstr "Cha do thill am frithealaiche teisteanas TLS dligheach"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
+msgid "Unacceptable TLS certificate"
+msgstr "Teisteanas TLS ris nach gabhar"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Mearachd a' leughadh dàta on t-socaid TLS: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Mearachd a' sgrìobhadh dàta dhan t-socaid TLS: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Mearachd le dùnadh TLS: %s"
+
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
+msgid "Certificate has no private key"
+msgstr "Chan eil iuchair phrìobhaideach aig an teisteanas"
+
+#: ../tls/pkcs11/gpkcs11pin.c:111
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr ""
+"Seo an cothrom mu dheireadh gus am PIN a chur a-steach mar bu chòir mus dèid "
+"an tòcan a ghlasadh."
+
+#: ../tls/pkcs11/gpkcs11pin.c:113
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+"Chaidh iomadh oidhirp air a' PIN gu cearr agus thèid an tòcan a ghlasadh ma "
+"bhios e cearr a-rithist."
+
+#: ../tls/pkcs11/gpkcs11pin.c:115
+msgid "The PIN entered is incorrect."
+msgstr "Chan eil am PIN a chaidh a chur a-steach mar bu chòir."
+
+#: ../tls/pkcs11/gpkcs11slot.c:449
+msgid "Module"
+msgstr "Mòideal"
+
+#: ../tls/pkcs11/gpkcs11slot.c:450
+msgid "PKCS#11 Module Pointer"
+msgstr "Tomhaire mòideil PKCS#11"
+
+#: ../tls/pkcs11/gpkcs11slot.c:457
+msgid "Slot ID"
+msgstr "ID an t-slota"
+
+#: ../tls/pkcs11/gpkcs11slot.c:458
+msgid "PKCS#11 Slot Identifier"
+msgstr "Aithnichear an t-slota PKCS#11"
"PO-Revision-Date: 2011-02-08 12:18+0530\n"
"Last-Translator: Sweta Kothari <swkothar@redhat.com>\n"
"Language-Team: Gujarati\n"
+"Language: gu\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2012-12-31 19:04+0100\n"
"Last-Translator: Balázs Úr <urbalazs at gmail dot com>\n"
"Language-Team: Hungarian <gnome-hu-list at gnome dot org>\n"
-"Language: \n"
+"Language: hu\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-01-24 22:41+0100\n"
"Last-Translator: Milo Casagrande <milo@ubuntu.com>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
-"Language: \n"
+"Language: it\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8-bit\n"
# Takayuki KUSANO <AE5T-KSN@asahi-net.or.jp>, 2011-2012.
# Hideki Yamane <henrich@debian.org>, 2011-2012.
# Yoji TOYODA <bsyamato@sea.plala.or.jp>, 2012.
+# Jiro Matsuzawa <jmatsuzawa@gnome.org>, 2015.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-08-30 12:32+0000\n"
-"PO-Revision-Date: 2012-08-30 21:54+0900\n"
-"Last-Translator: Yoji TOYODA <bsyamato@sea.plala.or.jp>\n"
+"POT-Creation-Date: 2015-09-14 06:04+0000\n"
+"PO-Revision-Date: 2015-09-15 01:29+0900\n"
+"Last-Translator: Jiro Matsuzawa <jmatsuzawa@gnome.org>\n"
"Language-Team: Japanese <gnome-translation@gnome.gr.jp>\n"
"Language: ja\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "プロキシリゾルバーでの内部エラー。"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: ../tls/gnutls/gtlscertificate-gnutls.c:176
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER 形式の証明書を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: ../tls/gnutls/gtlscertificate-gnutls.c:197
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM 形式の証明書を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: ../tls/gnutls/gtlscertificate-gnutls.c:228
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER 形式の秘密鍵を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: ../tls/gnutls/gtlscertificate-gnutls.c:259
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM 形式の秘密鍵を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: ../tls/gnutls/gtlscertificate-gnutls.c:299
msgid "No certificate data provided"
msgstr "証明書のデータが与えられていません"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:340
msgid "Server required TLS certificate"
msgstr "サーバーが TLS 証明書を要求しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: ../tls/gnutls/gtlsconnection-gnutls.c:311
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "TLS コネクションを確立できませんでした: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: ../tls/gnutls/gtlsconnection-gnutls.c:578
msgid "Connection is closed"
msgstr "コネクションが切断されています"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:574
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1377
+#: ../tls/gnutls/gtlsconnection-gnutls.c:641
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1505
msgid "Operation would block"
msgstr "操作がブロックされます"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:701
+#: ../tls/gnutls/gtlsconnection-gnutls.c:780
+#: ../tls/gnutls/gtlsconnection-gnutls.c:819
msgid "Peer failed to perform TLS handshake"
msgstr "通信相手が TLS ハンドシェイクの実行に失敗しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:718
+#: ../tls/gnutls/gtlsconnection-gnutls.c:798
msgid "Peer requested illegal TLS rehandshake"
msgstr "通信相手が不当な TLS の再ハンドシェイクを要求しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:744
+#: ../tls/gnutls/gtlsconnection-gnutls.c:825
msgid "TLS connection closed unexpectedly"
msgstr "TLS コネクションが突然閉じられました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1055
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1074
+#: ../tls/gnutls/gtlsconnection-gnutls.c:835
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS の通信相手が証明書を送信しませんでした。"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1218
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1251
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "TLS ハンドシェイク実行中のエラー: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1210
-msgid "Unacceptable TLS certificate"
-msgstr "受け付けられない TLS 証明書です"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1261
msgid "Server did not return a valid TLS certificate"
msgstr "サーバーが有効な TLS 証明書を返しませんでした。"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1400
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1331
+msgid "Unacceptable TLS certificate"
+msgstr "受け付けられない TLS 証明書です"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1539
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "TLS ソケットからのデータ読み込み中のエラー: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1429
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1568
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "TLS ソケットへのデータ書き出し中のエラー: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1473
-msgid "Connection is already closed"
-msgstr "コネクションはすでに切断されています"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1483
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1620
#, c-format
msgid "Error performing TLS close: %s"
msgstr "TLS クローズ実行中のエラー: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:106
msgid "Certificate has no private key"
msgstr "証明書に秘密鍵がありません"
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: ../tls/pkcs11/gpkcs11pin.c:111
msgid "This is the last chance to enter the PIN correctly before the token is locked."
msgstr "これがトークンがロックされる前に正しく PIN コードを入力する最後のチャンスです。"
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: ../tls/pkcs11/gpkcs11pin.c:113
msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
msgstr "正しくない PIN コードの入力が複数回行われたので、さらに失敗するとトークンはロックされます。"
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: ../tls/pkcs11/gpkcs11pin.c:115
msgid "The PIN entered is incorrect."
msgstr "入力された PIN コードが正しくありません。"
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: ../tls/pkcs11/gpkcs11slot.c:449
msgid "Module"
msgstr "モジュール"
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: ../tls/pkcs11/gpkcs11slot.c:450
msgid "PKCS#11 Module Pointer"
msgstr "PKCS#11 モジュールポインター"
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: ../tls/pkcs11/gpkcs11slot.c:457
msgid "Slot ID"
msgstr "スロット ID"
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: ../tls/pkcs11/gpkcs11slot.c:458
msgid "PKCS#11 Slot Identifier"
msgstr "PKCS#11 スロット ID"
--- /dev/null
+# Kazakh translation for glib-networking.
+# Copyright (C) 2014 glib-networking's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-networking package.
+# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2014.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-networking master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2014-11-06 18:42+0000\n"
+"PO-Revision-Date: 2014-11-07 09:12+0600\n"
+"Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
+"Language-Team: Kazakh <kk_KZ@googlegroups.com>\n"
+"Language: kk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.9\n"
+
+#: ../proxy/libproxy/glibproxyresolver.c:157
+msgid "Proxy resolver internal error."
+msgstr "Прокси шешушісінің ішкі қатесі."
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "DER сертификатын талдау қатесі: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "PEM сертификатын талдау қатесі: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "DER жеке кілтін талдау қатесі: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "PEM жеке кілтін талдау қатесі: %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+msgid "No certificate data provided"
+msgstr "Сертификат ұсынылмады"
+
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
+msgid "Server required TLS certificate"
+msgstr "Сервер TLS сертификатын талап етеді"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:267
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:539
+msgid "Connection is closed"
+msgstr "Байланыс жабылды"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:602
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1471
+msgid "Operation would block"
+msgstr "Әрекет блоктайды"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:741
+#: ../tls/gnutls/gtlsconnection-gnutls.c:780
+msgid "Peer failed to perform TLS handshake"
+msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:759
+msgid "Peer requested illegal TLS rehandshake"
+msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:786
+msgid "TLS connection closed unexpectedly"
+msgstr "TLS байланысты күтпегенде жабылды"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:796
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS байланысының торабы сертификатты жібермеген"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1179
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1222
+msgid "Server did not return a valid TLS certificate"
+msgstr "Сервер жарамды TLS сертификатын қайтармады"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1297
+msgid "Unacceptable TLS certificate"
+msgstr "Жарамсыз TLS сертификаты"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1505
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "TLS сокетінен деректерді оқу қатесі: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1534
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "TLS сокетіне деректерді жазу қатесі: %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1586
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "TLS жабу әрекетін орындау қатесі: %s"
+
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+msgid "Certificate has no private key"
+msgstr "Сертификатта жеке кілт жоқ"
+
+#: ../tls/pkcs11/gpkcs11pin.c:108
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды."
+
+#: ../tls/pkcs11/gpkcs11pin.c:110
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+"Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз енгізілерде "
+"блокталатын болады."
+
+#: ../tls/pkcs11/gpkcs11pin.c:112
+msgid "The PIN entered is incorrect."
+msgstr "Енгізілген PIN коды дұрыс емес."
+
+#: ../tls/pkcs11/gpkcs11slot.c:446
+msgid "Module"
+msgstr "Модуль"
+
+#: ../tls/pkcs11/gpkcs11slot.c:447
+msgid "PKCS#11 Module Pointer"
+msgstr "PKCS#11 модулі көрсеткіші"
+
+#: ../tls/pkcs11/gpkcs11slot.c:454
+msgid "Slot ID"
+msgstr "Слот ID-і"
+
+#: ../tls/pkcs11/gpkcs11slot.c:455
+msgid "PKCS#11 Slot Identifier"
+msgstr "PKCS#11 слот идентификаторы"
"PO-Revision-Date: 2012-02-20 09:22+0700\n"
"Last-Translator: Seng Sutha <sutha@khmeros.info>\n"
"Language-Team: Khmer <support@khmeros.info>\n"
+"Language: km\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2011-03-31 22:40+0530\n"
"Last-Translator: Shankar Prasad <svenkate@redhat.com>\n"
"Language-Team: Kannada <kn@li.org>\n"
+"Language: kn\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2012-11-30 21:55+0300\n"
"Last-Translator: Aurimas Černius <aurisc4@gmail.com>\n"
"Language-Team: Lietuvių <>\n"
-"Language: \n"
+"Language: lt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-01-21 12:27+0100\n"
"Last-Translator: Kjartan Maraas <kmaraas@gnome.org>\n"
"Language-Team: Norwegian bokmål <i18n-nb@lister.ping.uio.no>\n"
-"Language: \n"
+"Language: nb\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
--- /dev/null
+# Occitan translation for glib-networking.
+# Copyright (C) 2011-2012 Listed translators
+# This file is distributed under the same license as the glib-networking package.
+# Cédric Valmary <cvalmary@yahoo.fr>, 2015.
+# Cédric Valmary (Tot en òc) <cvalmary@yahoo.fr>, 2015.
+# Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>, 2016.
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-networking master\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2016-05-19 06:54+0000\n"
+"PO-Revision-Date: 2016-05-05 21:48+0200\n"
+"Last-Translator: Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>\n"
+"Language-Team: Tot En Òc\n"
+"Language: oc\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+"X-Launchpad-Export-Date: 2015-05-21 17:44+0000\n"
+"X-Project-Style: gnome\n"
+
+#: ../proxy/libproxy/glibproxyresolver.c:157
+msgid "Proxy resolver internal error."
+msgstr "Error intèrna del resolvedor de servidor mandatari."
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Impossible d'analisar lo certificat DER : %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Impossible d'analisar lo certificat PEM : %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Impossible d'analisar la clau privada DER : %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Impossible d'analisar la clau privada PEM : %s"
+
+#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+msgid "No certificate data provided"
+msgstr "Cap de donada de certificat pas provesida"
+
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:375
+msgid "Server required TLS certificate"
+msgstr "Lo servidor requerís un certificat TLS"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:323
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossible de crear una connexion TLS : %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:585
+msgid "Connection is closed"
+msgstr "La connexion es tampada"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:658
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1537
+msgid "Operation would block"
+msgstr "L'operacion se poiriá blocar"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:808
+#: ../tls/gnutls/gtlsconnection-gnutls.c:847
+msgid "Peer failed to perform TLS handshake"
+msgstr "La negociacion TLS amb lo servidor par a fracassat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:826
+msgid "Peer requested illegal TLS rehandshake"
+msgstr "Lo servidor par a demandat una renegociacion TLS pas autorizada"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:853
+msgid "TLS connection closed unexpectedly"
+msgstr "La connexion TLS es estada tampada d'un biais imprevist"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:863
+msgid "TLS connection peer did not send a certificate"
+msgstr "Lo par TLS a pas mandat cap de certificat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1250
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1283
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error al moment de la negociacion TLS : %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1293
+msgid "Server did not return a valid TLS certificate"
+msgstr "Lo servidor a pas renviat cap de certificat TLS valid"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1363
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptable"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1571
+#, c-format
+msgid "Error reading data from TLS socket: %s"
+msgstr "Error al moment de la lectura de donadas del connectador TLS : %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1600
+#, c-format
+msgid "Error writing data to TLS socket: %s"
+msgstr "Error al moment de l'escritura de donadas sul connectador TLS : %s"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1664
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Error al moment de la tampadura TLS : %s"
+
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:107
+msgid "Certificate has no private key"
+msgstr "Lo certificat a pas cap de clau privada"
+
+#: ../tls/pkcs11/gpkcs11pin.c:111
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
+msgstr ""
+"Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de piuse "
+"siá verrolhada."
+
+#: ../tls/pkcs11/gpkcs11pin.c:113
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+"Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo "
+"verrolhatge de la carta de piuse."
+
+#: ../tls/pkcs11/gpkcs11pin.c:115
+msgid "The PIN entered is incorrect."
+msgstr "Lo PIN picat es incorrècte."
+
+#: ../tls/pkcs11/gpkcs11slot.c:449
+msgid "Module"
+msgstr "Modul"
+
+#: ../tls/pkcs11/gpkcs11slot.c:450
+msgid "PKCS#11 Module Pointer"
+msgstr "Puntador de modul PKCS#11"
+
+#: ../tls/pkcs11/gpkcs11slot.c:457
+msgid "Slot ID"
+msgstr "ID del connectador"
+
+#: ../tls/pkcs11/gpkcs11slot.c:458
+msgid "PKCS#11 Slot Identifier"
+msgstr "Identificant d'emplaçament PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "La connexion es ja tampada"
"PO-Revision-Date: 2013-02-26 07:18+0530\n"
"Last-Translator: A S Alam <aalam@users.sf.net>\n"
"Language-Team: Punjabi/Panjabi <punjabi-users@lists.sf.net>\n"
-"Language: paX-Generator: Lokalize 1.2\n"
+"Language: pa\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# Aviary.pl
-# Jeśli masz jakiekolwiek uwagi odnoszące się do tłumaczenia lub chcesz
-# pomóc w jego rozwijaniu i pielęgnowaniu, napisz do nas:
-# gnomepl@aviary.pl
-# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# Piotr Drąg <piotrdrag@gmail.com>, 2011-2012.
-# Aviary.pl <gnomepl@aviary.pl>, 2011-2012.
+# Polish translation for glib-networking.
+# Copyright © 2011-2016 the glib-networking authors.
+# This file is distributed under the same license as the glib-networking package.
+# Piotr Drąg <piotrdrag@gmail.com>, 2011-2016.
+# Aviary.pl <community-poland@mozilla.org>, 2011-2016.
+#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2012-12-02 05:57+0100\n"
-"PO-Revision-Date: 2012-12-02 05:58+0100\n"
+"POT-Creation-Date: 2016-08-15 21:53+0000\n"
+"PO-Revision-Date: 2016-08-16 10:35+0200\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
-"Language-Team: Polish <gnomepl@aviary.pl>\n"
+"Language-Team: Polish <community-poland@mozilla.org>\n"
"Language: pl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
"|| n%100>=20) ? 1 : 2);\n"
-"X-Poedit-Language: Polish\n"
-"X-Poedit-Country: Poland\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "Wewnętrzny błąd rozwiązywania pośrednika."
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/gnutls/gtlscertificate-gnutls.c:176
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nie można przetworzyć certyfikatu DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:197
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nie można przetworzyć certyfikatu PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:228
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nie można przetworzyć klucza prywatnego DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:259
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nie można przetworzyć klucza prywatnego PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:299
msgid "No certificate data provided"
msgstr "Nie podano danych certyfikatu"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: tls/gnutls/gtlsclientconnection-gnutls.c:375
msgid "Server required TLS certificate"
msgstr "Serwer wymaga certyfikatu TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:254
+#: tls/gnutls/gtlsconnection-gnutls.c:323
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Nie można utworzyć połączenia TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:514
+#: tls/gnutls/gtlsconnection-gnutls.c:585
msgid "Connection is closed"
msgstr "Połączenie jest zamknięte"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:577
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1383
+#: tls/gnutls/gtlsconnection-gnutls.c:658
+#: tls/gnutls/gtlsconnection-gnutls.c:1537
msgid "Operation would block"
msgstr "Działanie zablokowałoby"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:704
+#: tls/gnutls/gtlsconnection-gnutls.c:808
+#: tls/gnutls/gtlsconnection-gnutls.c:847
msgid "Peer failed to perform TLS handshake"
msgstr "Wykonanie powitania TLS przez partnera się nie powiodło"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:721
+#: tls/gnutls/gtlsconnection-gnutls.c:826
msgid "Peer requested illegal TLS rehandshake"
msgstr "Partner zażądał niedozwolonego ponownego powitania TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:747
+#: tls/gnutls/gtlsconnection-gnutls.c:853
msgid "TLS connection closed unexpectedly"
msgstr "Połączenie TLS zostało nieoczekiwanie zamknięte"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:757
+#: tls/gnutls/gtlsconnection-gnutls.c:863
msgid "TLS connection peer did not send a certificate"
msgstr "Partner połączenia TLS nie wysłał certyfikatu"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1065
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1084
+#: tls/gnutls/gtlsconnection-gnutls.c:1250
+#: tls/gnutls/gtlsconnection-gnutls.c:1283
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Błąd podczas wykonywania powitania TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1229
-msgid "Unacceptable TLS certificate"
-msgstr "Nieakceptowalny certyfikat TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1240
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
msgid "Server did not return a valid TLS certificate"
msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1406
+#: tls/gnutls/gtlsconnection-gnutls.c:1363
+msgid "Unacceptable TLS certificate"
+msgstr "Nieakceptowalny certyfikat TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1571
#, c-format
msgid "Error reading data from TLS socket: %s"
-msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
+msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1435
+#: tls/gnutls/gtlsconnection-gnutls.c:1600
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Błąd podczas zapisywania danych do gniazda TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1479
-msgid "Connection is already closed"
-msgstr "Połączenie jest już zamknięte"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1489
+#: tls/gnutls/gtlsconnection-gnutls.c:1664
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Błąd podczas wykonywania zamknięcia TLS: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsserverconnection-gnutls.c:107
msgid "Certificate has no private key"
-msgstr "Certyfikat nie posiada klucza prywatnego"
+msgstr "Certyfikat nie ma klucza prywatnego"
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/pkcs11/gpkcs11pin.c:111
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
"To jest ostatnia szansa na poprawne wpisanie kodu PIN przed zablokowaniem "
"tokena."
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/pkcs11/gpkcs11pin.c:113
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
"Przeprowadzono kilka niepoprawnych prób wpisania kodu PIN. Token zostanie "
"zablokowany po dalszych niepowodzeniach."
-#: ../tls/pkcs11/gpkcs11pin.c:112
+#: tls/pkcs11/gpkcs11pin.c:115
msgid "The PIN entered is incorrect."
msgstr "Wpisany kod PIN jest niepoprawny."
-#: ../tls/pkcs11/gpkcs11slot.c:446
+#: tls/pkcs11/gpkcs11slot.c:449
msgid "Module"
msgstr "Moduł"
-#: ../tls/pkcs11/gpkcs11slot.c:447
+#: tls/pkcs11/gpkcs11slot.c:450
msgid "PKCS#11 Module Pointer"
msgstr "Wskaźnik modułu PKCS#11"
-#: ../tls/pkcs11/gpkcs11slot.c:454
+#: tls/pkcs11/gpkcs11slot.c:457
msgid "Slot ID"
msgstr "Identyfikator gniazda"
-#: ../tls/pkcs11/gpkcs11slot.c:455
+#: tls/pkcs11/gpkcs11slot.c:458
msgid "PKCS#11 Slot Identifier"
msgstr "Identyfikator gniazda PKCS#11"
# This file is distributed under the same license as the glib-networking package.\r
# Duarte Loreto <happyguy_pt@hotmail.com>, 2011, 2012, 2013.\r
# \r
+# Pedro Albuquerque <palbuquerque73@openmailbox.com>, 2015.
+#
msgid ""
msgstr ""
"Project-Id-Version: 3.8\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-03-15 12:42+0000\n"
-"PO-Revision-Date: 2013-03-15 12:45+0000\n"
-"Last-Translator: Duarte Loreto <happyguy_pt@hotmail.com>\n"
-"Language-Team: Portuguese <gnome_pt@yahoogroups.com>\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2015-06-07 17:56+0000\n"
+"PO-Revision-Date: 2015-06-24 09:24+0100\n"
+"Last-Translator: Pedro Albuquerque <palbuquerque73@openmailbox.com>\n"
+"Language-Team: Português <palbuquerque73@openmailbox.com>\n"
"Language: pt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.6\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "Erro interno do solucionador de proxies."
#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Incapaz de processar o certificado DER: %s"
+msgstr "Impossível processar o certificado DER: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Incapaz de processar o certificado PEM: %s"
+msgstr "Impossível processar o certificado PEM: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Incapaz de processar a chave privada DER: %s"
+msgstr "Impossível processar a chave privada DER: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Incapaz de processar a chave privada PEM: %s"
+msgstr "Impossível processar a chave privada PEM: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgstr "Não foram indicados quaisquer dados de certificado"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:337
msgid "Server required TLS certificate"
msgstr "O servidor requer um certificado TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: ../tls/gnutls/gtlsconnection-gnutls.c:305
#, c-format
msgid "Could not create TLS connection: %s"
-msgstr "Incapaz de criar uma ligação TLS: %s"
+msgstr "Impossível criar uma ligação TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: ../tls/gnutls/gtlsconnection-gnutls.c:572
msgid "Connection is closed"
msgstr "A ligação está fechada"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
+#: ../tls/gnutls/gtlsconnection-gnutls.c:635
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1504
msgid "Operation would block"
msgstr "Operação iria bloquear"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: ../tls/gnutls/gtlsconnection-gnutls.c:774
+#: ../tls/gnutls/gtlsconnection-gnutls.c:813
msgid "Peer failed to perform TLS handshake"
-msgstr "O destino falhao ao estabelecer a ligação (handshake) TLS"
+msgstr "O destino falhou ao estabelecer a ligação (handshake) TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: ../tls/gnutls/gtlsconnection-gnutls.c:792
msgid "Peer requested illegal TLS rehandshake"
msgstr "Destino requereu novo handshake TLS ilegal"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: ../tls/gnutls/gtlsconnection-gnutls.c:819
msgid "TLS connection closed unexpectedly"
msgstr "Ligação TLS terminada inesperadamente"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: ../tls/gnutls/gtlsconnection-gnutls.c:829
msgid "TLS connection peer did not send a certificate"
msgstr "O parceiro de ligação TLS não enviou um certificado"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1245
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Erro ao estabelecer a ligação TLS (handshake): %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1255
msgid "Server did not return a valid TLS certificate"
msgstr "O servidor não devolveu um certificado TLS válido"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1330
msgid "Unacceptable TLS certificate"
msgstr "Certificado TLS inaceitável"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1538
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Erro ao ler dados do socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1567
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Erro ao escrever dados no socket TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
-msgid "Connection is already closed"
-msgstr "A ligação já está fechada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1619
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Erro ao terminar a ligação TLS: %s"
"locked."
msgstr ""
"Esta é a última oportunidade para introduzir corretamente o PIN antes de que "
-"o token seja trancado."
+"o símbolo seja trancado."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
-"Foram introduzidos vários PINs incorretos e o token será trancado caso "
+"Foram introduzidos vários PINs incorretos e o símbolo será trancado caso "
"ocorram mais falhas."
#: ../tls/pkcs11/gpkcs11pin.c:112
#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
-msgstr "Apontador de Módulo PKCS#11"
+msgstr "Ponteiro de módulo PKCS#11"
#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr "ID de Slot"
+msgstr "ID de slot"
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
-msgstr "Identificador de Slot PKCS#11"
+msgstr "Identificador de slot PKCS#11"
+
+#~ msgid "Connection is already closed"
+#~ msgstr "A ligação já está fechada"
"PO-Revision-Date: 2012-12-18 08:24+0100\n"
"Last-Translator: Matej Urbančič <mateju@svn.gnome.org>\n"
"Language-Team: Slovenian GNOME Translation Team <gnome-si@googlegroups.com>\n"
-"Language: sl_SI\n"
+"Language: sl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-01-18 11:59+0200\n"
"Last-Translator: Miroslav Nikolić <miroslavnikolic@rocketmail.com>\n"
"Language-Team: Serbian <gnom@prevod.org>\n"
-"Language: sr\n"
+"Language: sr@latin\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
# Swedish translation for glib-networking.
-# Copyright (C) 2011 Free Software Foundation, Inc.
+# Copyright © 2011, 2014 Free Software Foundation, Inc.
# This file is distributed under the same license as the glib-networking package.
# Daniel Nylander <po@danielnylander.se>, 2011.
+# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2014.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-11-25 09:51+0100\n"
-"PO-Revision-Date: 2011-11-25 09:54+0100\n"
-"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
+"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+"product=glib&keywords=I18N+L10N&component=network\n"
+"POT-Creation-Date: 2014-05-16 17:51+0000\n"
+"PO-Revision-Date: 2014-05-17 00:56+0100\n"
+"Last-Translator: Anders Jonsson <anders.jonsson@norsjovallen.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
-"Language: \n"
+"Language: sv\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.4\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "Internt fel i proxyuppslag."
msgid "No certificate data provided"
msgstr "Inget certifikatdata tillhandahölls"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:385
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
msgid "Server required TLS certificate"
msgstr "Servern krävde TLS-certifikat"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:279
+#: ../tls/gnutls/gtlsconnection-gnutls.c:267
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Kunde inte skapa TLS-anslutning: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:558
+#: ../tls/gnutls/gtlsconnection-gnutls.c:531
+msgid "Connection is closed"
+msgstr "Anslutningen är stängd"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:594
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1465
+msgid "Operation would block"
+msgstr "Operationen skulle blockera"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:733
+#: ../tls/gnutls/gtlsconnection-gnutls.c:772
msgid "Peer failed to perform TLS handshake"
msgstr "Motparten misslyckades med att genomföra TLS-handskakning"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:576
+#: ../tls/gnutls/gtlsconnection-gnutls.c:751
msgid "Peer requested illegal TLS rehandshake"
msgstr "Motparten begärde otillåten TLS-återhandskakning"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:594
+#: ../tls/gnutls/gtlsconnection-gnutls.c:778
msgid "TLS connection closed unexpectedly"
msgstr "TLS-anslutningen stängdes oväntat"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:888
-#: ../tls/gnutls/gtlsconnection-gnutls.c:914
+#: ../tls/gnutls/gtlsconnection-gnutls.c:788
+#| msgid "TLS connection closed unexpectedly"
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS-anslutningens motpart sände inte ett certifikat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1178
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1211
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Fel vid genomförande av TLS-handskakning: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:962
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1221
+#| msgid "Server required TLS certificate"
+msgid "Server did not return a valid TLS certificate"
+msgstr "Servern returnerade inte ett giltigt TLS-certifikat"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1296
msgid "Unacceptable TLS certificate"
msgstr "Ej acceptabelt TLS-certifikat"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1099
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1499
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "Fel vid läsning av data från TLS-uttag: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1125
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1528
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "Fel vid skrivning av data till TLS-uttag: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1572
+msgid "Connection is already closed"
+msgstr "Anslutningen är redan stängd"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1582
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Fel vid genomförande av TLS-stängning: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:138
+#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
msgstr "Certifikatet har ingen privat nyckel"
#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid "This is the last chance to enter the PIN correctly before the token is locked."
+msgid ""
+"This is the last chance to enter the PIN correctly before the token is "
+"locked."
msgstr "Detta är sista försöket att ange PIN-koden korrekt innan kortet låses."
#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
-msgstr "Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid ytterligare felaktiga försök."
+msgid ""
+"Several PIN attempts have been incorrect, and the token will be locked after "
+"further failures."
+msgstr ""
+"Flera PIN-kodsförsök har varit felaktiga och kortet kommer att låsas vid "
+"ytterligare felaktiga försök."
#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
msgstr "PKCS#11-platsidentifierare"
-
"Project-Id-Version: Tajik Gnome\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2013-03-05 15:28+0000\n"
-"PO-Revision-Date: 2013-01-21 18:03+0500\n"
+"POT-Creation-Date: 2013-07-22 13:02+0000\n"
+"PO-Revision-Date: 2013-10-09 14:52+0500\n"
"Last-Translator: Victor Ibragimov <victor.ibragimov@gmail.com>\n"
"Language-Team: \n"
"Language: tg\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 1.5.7\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
-msgstr ""
+msgstr "Хатои дарунии ислоҳкунандаи Proxy."
#: ../tls/gnutls/gtlscertificate-gnutls.c:173
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr ""
+msgstr "Гувоҳиномаи DER таҷзия карда нашуд: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:194
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr ""
+msgstr "Гувоҳиномаи PEM таҷзия карда нашуд: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:225
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr ""
+msgstr "Калиди шахсии DER таҷзия карда нашуд: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:256
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr ""
+msgstr "Калиди шахсии PEM таҷзия карда нашуд: %s"
#: ../tls/gnutls/gtlscertificate-gnutls.c:296
msgid "No certificate data provided"
msgid "Server required TLS certificate"
msgstr "Сервер гувоҳиномаи TLS-ро дархост кардааст"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:258
+#: ../tls/gnutls/gtlsconnection-gnutls.c:266
#, c-format
msgid "Could not create TLS connection: %s"
-msgstr ""
+msgstr "Пайвасти TLS эҷод карда нашуд: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:520
+#: ../tls/gnutls/gtlsconnection-gnutls.c:530
msgid "Connection is closed"
-msgstr ""
+msgstr "Пайваст пӯшонида шудааст"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:582
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1425
+#: ../tls/gnutls/gtlsconnection-gnutls.c:593
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1445
msgid "Operation would block"
-msgstr ""
+msgstr "Амалиёт баста мешавад"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
-#: ../tls/gnutls/gtlsconnection-gnutls.c:755
+#: ../tls/gnutls/gtlsconnection-gnutls.c:723
+#: ../tls/gnutls/gtlsconnection-gnutls.c:761
msgid "Peer failed to perform TLS handshake"
-msgstr ""
+msgstr "Ҳамсон даъвати TLS-ро иҷро карда натавонист"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:729
+#: ../tls/gnutls/gtlsconnection-gnutls.c:740
msgid "Peer requested illegal TLS rehandshake"
-msgstr ""
+msgstr "Ҳамсон даъвати дастнораси TLS-ро дархост кард"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:761
+#: ../tls/gnutls/gtlsconnection-gnutls.c:767
msgid "TLS connection closed unexpectedly"
-msgstr ""
+msgstr "Пайвасти TLS ногаҳон пӯшида шудааст"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:771
+#: ../tls/gnutls/gtlsconnection-gnutls.c:777
msgid "TLS connection peer did not send a certificate"
-msgstr ""
+msgstr "Ҳамсони пайвати TLS гувоҳиномаро фиристода накард"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1152
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1171
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1158
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1191
#, c-format
msgid "Error performing TLS handshake: %s"
-msgstr ""
+msgstr "Даъвати TLS бо хато иҷро карда шуд: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1181
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1201
msgid "Server did not return a valid TLS certificate"
-msgstr ""
+msgstr "Сервер бо гувоҳиномаи TLS-и боэътибор ҷавоб надод"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1256
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1276
msgid "Unacceptable TLS certificate"
-msgstr ""
+msgstr "Гувоҳиномаи TLS-и нораво"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1448
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1479
#, c-format
msgid "Error reading data from TLS socket: %s"
-msgstr ""
+msgstr "Хатои хониши маълумот аз бастагоҳи TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1508
#, c-format
msgid "Error writing data to TLS socket: %s"
-msgstr ""
+msgstr "Хатои навишти маълумот ба бастагоҳи TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1521
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1552
msgid "Connection is already closed"
-msgstr ""
+msgstr "Пайваст аллакай пӯшида шудааст"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1531
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1562
#, c-format
msgid "Error performing TLS close: %s"
-msgstr ""
+msgstr "Пӯшидани TLS бо хато иҷро карда шудааст: %s"
#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
msgid "Certificate has no private key"
-msgstr ""
+msgstr "Гувоҳинома калиди шахсӣ надрад"
#: ../tls/pkcs11/gpkcs11pin.c:108
msgid ""
"This is the last chance to enter the PIN correctly before the token is "
"locked."
msgstr ""
+"Ин маротибаи охирин барои вориди рамзи PIN-и дуруст пеш аз қулфи вуруд "
+"мебошад."
#: ../tls/pkcs11/gpkcs11pin.c:110
msgid ""
"Several PIN attempts have been incorrect, and the token will be locked after "
"further failures."
msgstr ""
+"Баъзе кӯшишҳои вориди PIN бо хато иҷро шудаанд ва вуруд баъд аз кӯшишҳои "
+"нокомии навбатӣ қулф мешавад."
#: ../tls/pkcs11/gpkcs11pin.c:112
msgid "The PIN entered is incorrect."
-msgstr ""
+msgstr "Рамзи PIN-и воридшуда нодуруст аст."
#: ../tls/pkcs11/gpkcs11slot.c:446
msgid "Module"
#: ../tls/pkcs11/gpkcs11slot.c:447
msgid "PKCS#11 Module Pointer"
-msgstr ""
+msgstr "Нишондиҳандаи модули PKCS#11"
#: ../tls/pkcs11/gpkcs11slot.c:454
msgid "Slot ID"
-msgstr ""
+msgstr "Ковокии рамзи ID"
#: ../tls/pkcs11/gpkcs11slot.c:455
msgid "PKCS#11 Slot Identifier"
-msgstr ""
+msgstr "Идентификатори ковокии PKCS#11"
"PO-Revision-Date: 2013-02-22 22:21+0900\n"
"Last-Translator: Gheyret Kenji <gheyret@gmail.com>\n"
"Language-Team: Uyghur Computer Science Association <UKIJ@yahoogroups.com>\n"
-"Language: \n"
+"Language: ug\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2012-07-18 21:47+0000\n"
-"PO-Revision-Date: 2012-09-23 04:06+0800\n"
+"POT-Creation-Date: 2013-12-18 19:40+0000\n"
+"PO-Revision-Date: 2014-01-24 21:26+0800\n"
"Last-Translator: YunQiang Su <wzssyqa@gmail.com>\n"
"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
-"Language: \n"
+"Language: zh_CN\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bits\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Generator: Gtranslator 2.91.5\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: ../proxy/libproxy/glibproxyresolver.c:157
msgid "Proxy resolver internal error."
msgstr "代理服务器解析器内部错误。"
msgid "No certificate data provided"
msgstr "没有提供证书数据"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:309
+#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324
msgid "Server required TLS certificate"
msgstr "服务器需要 TLS 证书"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:248
+#: ../tls/gnutls/gtlsconnection-gnutls.c:267
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "无法创建 TLS 连接:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:508
+#: ../tls/gnutls/gtlsconnection-gnutls.c:531
msgid "Connection is closed"
msgstr "连接被关闭"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:568
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1371
+#: ../tls/gnutls/gtlsconnection-gnutls.c:594
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1461
msgid "Operation would block"
msgstr "操作被阻塞"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:695
+#: ../tls/gnutls/gtlsconnection-gnutls.c:733
+#: ../tls/gnutls/gtlsconnection-gnutls.c:772
msgid "Peer failed to perform TLS handshake"
msgstr "执行 TLS 握手失败"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:712
+#: ../tls/gnutls/gtlsconnection-gnutls.c:751
msgid "Peer requested illegal TLS rehandshake"
msgstr "请求了无效的 TLS 再握手"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:738
+#: ../tls/gnutls/gtlsconnection-gnutls.c:778
msgid "TLS connection closed unexpectedly"
msgstr "TLS 连接被异常关闭"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1049
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1068
+#: ../tls/gnutls/gtlsconnection-gnutls.c:788
+#| msgid "Server did not return a valid TLS certificate"
+msgid "TLS connection peer did not send a certificate"
+msgstr "TLS 连接的对方未发送证书"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1174
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1207
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "执行 TLS 握手时出错:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1204
-msgid "Unacceptable TLS certificate"
-msgstr "无法接受的 TLS 证书"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1215
-#| msgid "Server required TLS certificate"
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1217
msgid "Server did not return a valid TLS certificate"
msgstr "服务器未返回有效的 TLS 证书"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1394
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1292
+msgid "Unacceptable TLS certificate"
+msgstr "无法接受的 TLS 证书"
+
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1495
#, c-format
msgid "Error reading data from TLS socket: %s"
msgstr "从 TLS 套接字读取数据时出错:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1423
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1524
#, c-format
msgid "Error writing data to TLS socket: %s"
msgstr "向 TLS 套接字写入数据时出错:%s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1467
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1568
msgid "Connection is already closed"
msgstr "连接已经关闭"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1477
+#: ../tls/gnutls/gtlsconnection-gnutls.c:1578
#, c-format
msgid "Error performing TLS close: %s"
msgstr "执行 TLS 关闭时出错:%s"
"PO-Revision-Date: 2013-03-01 22:24+0800\n"
"Last-Translator: Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>\n"
"Language-Team: Chinese (Hong Kong) <community@linuxhall.org>\n"
-"Language: \n"
+"Language: zh_HK\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2013-02-28 09:41+0800\n"
"Last-Translator: Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>\n"
"Language-Team: Chinese (Taiwan) <chinese-l10n@googlegroups.com>\n"
-"Language: \n"
+"Language: zh_TW\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#include "config.h"
+#include <glib/gi18n-lib.h>
+
#include "gproxyresolvergnome.h"
void
g_io_module_load (GIOModule *module)
{
+ gchar *locale_dir;
+#ifdef G_OS_WIN32
+ gchar *base_dir;
+#endif
+
g_proxy_resolver_gnome_register (module);
+
+#ifdef G_OS_WIN32
+ base_dir = g_win32_get_package_installation_directory_of_module (NULL);
+ locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
+ g_free (base_dir);
+#else
+ locale_dir = g_strdup (LOCALE_DIR);
+#endif
+
+ bindtextdomain (GETTEXT_PACKAGE, locale_dir);
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+ g_free (locale_dir);
}
void
GError *error = NULL;
task = g_task_new (resolver, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_proxy_resolver_gnome_lookup_async);
if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri,
&proxies, &pacrunner, &autoconfig_url,
org.gtk.GLib.PACRunner.service: org.gtk.GLib.PACRunner.service.in Makefile
$(AM_V_GEN) sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
+
+systemd_userdir = $(prefix)/lib/systemd/user
+systemd_user_in_files = glib-pacrunner.service.in
+systemd_user_DATA = $(systemd_user_in_files:.service.in=.service)
+
+EXTRA_DIST += $(systemd_user_in_files)
+CLEANFILES += $(systemd_user_DATA)
+
+glib-pacrunner.service: glib-pacrunner.service.in Makefile
+ $(AM_V_GEN) sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
--- /dev/null
+[Unit]
+Description=GLib proxy auto-configuration service
+
+[Service]
+Type=dbus
+BusName=org.gtk.GLib.PACRunner
+ExecStart=@libexecdir@/glib-pacrunner
GError *error = NULL;
proxies = g_proxy_resolver_lookup_finish (resolver, result, &error);
- g_assert (!error);
-
- g_dbus_method_invocation_return_value (invocation,
- g_variant_new ("(^as)", proxies));
- g_strfreev (proxies);
+ if (error)
+ g_dbus_method_invocation_take_error (invocation, error);
+ else
+ {
+ g_dbus_method_invocation_return_value (invocation,
+ g_variant_new ("(^as)", proxies));
+ g_strfreev (proxies);
+ }
}
static void
gchar **proxies;
task = g_task_new (resolver, cancellable, NULL, NULL);
+ g_task_set_source_tag (task, g_libproxy_resolver_lookup);
g_task_set_task_data (task, g_strdup (uri), g_free);
g_task_set_return_on_cancel (task, TRUE);
GTask *task;
task = g_task_new (resolver, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_libproxy_resolver_lookup_async);
g_task_set_task_data (task, g_strdup (uri), g_free);
g_task_set_return_on_cancel (task, TRUE);
g_task_run_in_thread (task, get_libproxy_proxies);
#include "config.h"
+#include <glib/gi18n-lib.h>
+
#include "glibproxyresolver.h"
void
g_io_module_load (GIOModule *module)
{
+ gchar *locale_dir;
+#ifdef G_OS_WIN32
+ gchar *base_dir;
+#endif
+
g_libproxy_resolver_register (module);
+
+#ifdef G_OS_WIN32
+ base_dir = g_win32_get_package_installation_directory_of_module (NULL);
+ locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
+ g_free (base_dir);
+#else
+ locale_dir = g_strdup (LOCALE_DIR);
+#endif
+
+ bindtextdomain (GETTEXT_PACKAGE, locale_dir);
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+ g_free (locale_dir);
}
void
[D-BUS Service]
Name=org.gtk.GLib.PACRunner
Exec=@libexecdir@/glib-pacrunner
+SystemdService=glib-pacrunner.service
--- /dev/null
+#! /bin/sh
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+scriptversion=2011-12-27.17; # UTC
+
+# Make unconditional expansion of undefined variables an error. This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+me=tap-driver.sh
+
+fatal ()
+{
+ echo "$me: fatal: $*" >&2
+ exit 1
+}
+
+usage_error ()
+{
+ echo "$me: $*" >&2
+ print_usage >&2
+ exit 2
+}
+
+print_usage ()
+{
+ cat <<END
+Usage:
+ tap-driver.sh --test-name=NAME --log-file=PATH --trs-file=PATH
+ [--expect-failure={yes|no}] [--color-tests={yes|no}]
+ [--enable-hard-errors={yes|no}] [--ignore-exit]
+ [--diagnostic-string=STRING] [--merge|--no-merge]
+ [--comments|--no-comments] [--] TEST-COMMAND
+The \`--test-name', \`--log-file' and \`--trs-file' options are mandatory.
+END
+}
+
+# TODO: better error handling in option parsing (in particular, ensure
+# TODO: $log_file, $trs_file and $test_name are defined).
+test_name= # Used for reporting.
+log_file= # Where to save the result and output of the test script.
+trs_file= # Where to save the metadata of the test run.
+expect_failure=0
+color_tests=0
+merge=0
+ignore_exit=0
+comments=0
+diag_string='#'
+while test $# -gt 0; do
+ case $1 in
+ --help) print_usage; exit $?;;
+ --version) echo "$me $scriptversion"; exit $?;;
+ --test-name) test_name=$2; shift;;
+ --log-file) log_file=$2; shift;;
+ --trs-file) trs_file=$2; shift;;
+ --color-tests) color_tests=$2; shift;;
+ --expect-failure) expect_failure=$2; shift;;
+ --enable-hard-errors) shift;; # No-op.
+ --merge) merge=1;;
+ --no-merge) merge=0;;
+ --ignore-exit) ignore_exit=1;;
+ --comments) comments=1;;
+ --no-comments) comments=0;;
+ --diagnostic-string) diag_string=$2; shift;;
+ --) shift; break;;
+ -*) usage_error "invalid option: '$1'";;
+ esac
+ shift
+done
+
+test $# -gt 0 || usage_error "missing test command"
+
+case $expect_failure in
+ yes) expect_failure=1;;
+ *) expect_failure=0;;
+esac
+
+if test $color_tests = yes; then
+ init_colors='
+ color_map["red"]="\e[0;31m" # Red.
+ color_map["grn"]="\e[0;32m" # Green.
+ color_map["lgn"]="\e[1;32m" # Light green.
+ color_map["blu"]="\e[1;34m" # Blue.
+ color_map["mgn"]="\e[0;35m" # Magenta.
+ color_map["std"]="\e[m" # No color.
+ color_for_result["ERROR"] = "mgn"
+ color_for_result["PASS"] = "grn"
+ color_for_result["XPASS"] = "red"
+ color_for_result["FAIL"] = "red"
+ color_for_result["XFAIL"] = "lgn"
+ color_for_result["SKIP"] = "blu"'
+else
+ init_colors=''
+fi
+
+# :; is there to work around a bug in bash 3.2 (and earlier) which
+# does not always set '$?' properly on redirection failure.
+# See the Autoconf manual for more details.
+:;{
+ (
+ # Ignore common signals (in this subshell only!), to avoid potential
+ # problems with Korn shells. Some Korn shells are known to propagate
+ # to themselves signals that have killed a child process they were
+ # waiting for; this is done at least for SIGINT (and usually only for
+ # it, in truth). Without the `trap' below, such a behaviour could
+ # cause a premature exit in the current subshell, e.g., in case the
+ # test command it runs gets terminated by a SIGINT. Thus, the awk
+ # script we are piping into would never seen the exit status it
+ # expects on its last input line (which is displayed below by the
+ # last `echo $?' statement), and would thus die reporting an internal
+ # error.
+ # For more information, see the Autoconf manual and the threads:
+ # <http://lists.gnu.org/archive/html/bug-autoconf/2011-09/msg00004.html>
+ # <http://mail.opensolaris.org/pipermail/ksh93-integration-discuss/2009-February/004121.html>
+ trap : 1 3 2 13 15
+ if test $merge -gt 0; then
+ exec 2>&1
+ else
+ exec 2>&3
+ fi
+ "$@"
+ echo $?
+ ) | LC_ALL=C ${AM_TAP_AWK-awk} \
+ -v me="$me" \
+ -v test_script_name="$test_name" \
+ -v log_file="$log_file" \
+ -v trs_file="$trs_file" \
+ -v expect_failure="$expect_failure" \
+ -v merge="$merge" \
+ -v ignore_exit="$ignore_exit" \
+ -v comments="$comments" \
+ -v diag_string="$diag_string" \
+'
+# FIXME: the usages of "cat >&3" below could be optimized when using
+# FIXME: GNU awk, and/on on systems that supports /dev/fd/.
+
+# Implementation note: in what follows, `result_obj` will be an
+# associative array that (partly) simulates a TAP result object
+# from the `TAP::Parser` perl module.
+
+## ----------- ##
+## FUNCTIONS ##
+## ----------- ##
+
+function fatal(msg)
+{
+ print me ": " msg | "cat >&2"
+ exit 1
+}
+
+function abort(where)
+{
+ fatal("internal error " where)
+}
+
+# Convert a boolean to a "yes"/"no" string.
+function yn(bool)
+{
+ return bool ? "yes" : "no";
+}
+
+function add_test_result(result)
+{
+ if (!test_results_index)
+ test_results_index = 0
+ test_results_list[test_results_index] = result
+ test_results_index += 1
+ test_results_seen[result] = 1;
+}
+
+# Whether the test script should be re-run by "make recheck".
+function must_recheck()
+{
+ for (k in test_results_seen)
+ if (k != "XFAIL" && k != "PASS" && k != "SKIP")
+ return 1
+ return 0
+}
+
+# Whether the content of the log file associated to this test should
+# be copied into the "global" test-suite.log.
+function copy_in_global_log()
+{
+ for (k in test_results_seen)
+ if (k != "PASS")
+ return 1
+ return 0
+}
+
+# FIXME: this can certainly be improved ...
+function get_global_test_result()
+{
+ if ("ERROR" in test_results_seen)
+ return "ERROR"
+ if ("FAIL" in test_results_seen || "XPASS" in test_results_seen)
+ return "FAIL"
+ all_skipped = 1
+ for (k in test_results_seen)
+ if (k != "SKIP")
+ all_skipped = 0
+ if (all_skipped)
+ return "SKIP"
+ return "PASS";
+}
+
+function stringify_result_obj(result_obj)
+{
+ if (result_obj["is_unplanned"] || result_obj["number"] != testno)
+ return "ERROR"
+
+ if (plan_seen == LATE_PLAN)
+ return "ERROR"
+
+ if (result_obj["directive"] == "TODO")
+ return result_obj["is_ok"] ? "XPASS" : "XFAIL"
+
+ if (result_obj["directive"] == "SKIP")
+ return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL;
+
+ if (length(result_obj["directive"]))
+ abort("in function stringify_result_obj()")
+
+ return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL
+}
+
+function decorate_result(result)
+{
+ color_name = color_for_result[result]
+ if (color_name)
+ return color_map[color_name] "" result "" color_map["std"]
+ # If we are not using colorized output, or if we do not know how
+ # to colorize the given result, we should return it unchanged.
+ return result
+}
+
+function report(result, details)
+{
+ if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/)
+ {
+ msg = ": " test_script_name
+ add_test_result(result)
+ }
+ else if (result == "#")
+ {
+ msg = " " test_script_name ":"
+ }
+ else
+ {
+ abort("in function report()")
+ }
+ if (length(details))
+ msg = msg " " details
+ # Output on console might be colorized.
+ print decorate_result(result) msg
+ # Log the result in the log file too, to help debugging (this is
+ # especially true when said result is a TAP error or "Bail out!").
+ print result msg | "cat >&3";
+}
+
+function testsuite_error(error_message)
+{
+ report("ERROR", "- " error_message)
+}
+
+function handle_tap_result()
+{
+ details = result_obj["number"];
+ if (length(result_obj["description"]))
+ details = details " " result_obj["description"]
+
+ if (plan_seen == LATE_PLAN)
+ {
+ details = details " # AFTER LATE PLAN";
+ }
+ else if (result_obj["is_unplanned"])
+ {
+ details = details " # UNPLANNED";
+ }
+ else if (result_obj["number"] != testno)
+ {
+ details = sprintf("%s # OUT-OF-ORDER (expecting %d)",
+ details, testno);
+ }
+ else if (result_obj["directive"])
+ {
+ details = details " # " result_obj["directive"];
+ if (length(result_obj["explanation"]))
+ details = details " " result_obj["explanation"]
+ }
+
+ report(stringify_result_obj(result_obj), details)
+}
+
+# `skip_reason` should be empty whenever planned > 0.
+function handle_tap_plan(planned, skip_reason)
+{
+ planned += 0 # Avoid getting confused if, say, `planned` is "00"
+ if (length(skip_reason) && planned > 0)
+ abort("in function handle_tap_plan()")
+ if (plan_seen)
+ {
+ # Error, only one plan per stream is acceptable.
+ testsuite_error("multiple test plans")
+ return;
+ }
+ planned_tests = planned
+ # The TAP plan can come before or after *all* the TAP results; we speak
+ # respectively of an "early" or a "late" plan. If we see the plan line
+ # after at least one TAP result has been seen, assume we have a late
+ # plan; in this case, any further test result seen after the plan will
+ # be flagged as an error.
+ plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN)
+ # If testno > 0, we have an error ("too many tests run") that will be
+ # automatically dealt with later, so do not worry about it here. If
+ # $plan_seen is true, we have an error due to a repeated plan, and that
+ # has already been dealt with above. Otherwise, we have a valid "plan
+ # with SKIP" specification, and should report it as a particular kind
+ # of SKIP result.
+ if (planned == 0 && testno == 0)
+ {
+ if (length(skip_reason))
+ skip_reason = "- " skip_reason;
+ report("SKIP", skip_reason);
+ }
+}
+
+function extract_tap_comment(line)
+{
+ if (index(line, diag_string) == 1)
+ {
+ # Strip leading `diag_string` from `line`.
+ line = substr(line, length(diag_string) + 1)
+ # And strip any leading and trailing whitespace left.
+ sub("^[ \t]*", "", line)
+ sub("[ \t]*$", "", line)
+ # Return what is left (if any).
+ return line;
+ }
+ return "";
+}
+
+# When this function is called, we know that line is a TAP result line,
+# so that it matches the (perl) RE "^(not )?ok\b".
+function setup_result_obj(line)
+{
+ # Get the result, and remove it from the line.
+ result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0)
+ sub("^(not )?ok[ \t]*", "", line)
+
+ # If the result has an explicit number, get it and strip it; otherwise,
+ # automatically assing the next progresive number to it.
+ if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
+ {
+ match(line, "^[0-9]+")
+ # The final `+ 0` is to normalize numbers with leading zeros.
+ result_obj["number"] = substr(line, 1, RLENGTH) + 0
+ line = substr(line, RLENGTH + 1)
+ }
+ else
+ {
+ result_obj["number"] = testno
+ }
+
+ if (plan_seen == LATE_PLAN)
+ # No further test results are acceptable after a "late" TAP plan
+ # has been seen.
+ result_obj["is_unplanned"] = 1
+ else if (plan_seen && testno > planned_tests)
+ result_obj["is_unplanned"] = 1
+ else
+ result_obj["is_unplanned"] = 0
+
+ # Strip trailing and leading whitespace.
+ sub("^[ \t]*", "", line)
+ sub("[ \t]*$", "", line)
+
+ # This will have to be corrected if we have a "TODO"/"SKIP" directive.
+ result_obj["description"] = line
+ result_obj["directive"] = ""
+ result_obj["explanation"] = ""
+
+ if (index(line, "#") == 0)
+ return # No possible directive, nothing more to do.
+
+ # Directives are case-insensitive.
+ rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*"
+
+ # See whether we have the directive, and if yes, where.
+ pos = match(line, rx "$")
+ if (!pos)
+ pos = match(line, rx "[^a-zA-Z0-9_]")
+
+ # If there was no TAP directive, we have nothing more to do.
+ if (!pos)
+ return
+
+ # Let`s now see if the TAP directive has been escaped. For example:
+ # escaped: ok \# SKIP
+ # not escaped: ok \\# SKIP
+ # escaped: ok \\\\\# SKIP
+ # not escaped: ok \ # SKIP
+ if (substr(line, pos, 1) == "#")
+ {
+ bslash_count = 0
+ for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--)
+ bslash_count += 1
+ if (bslash_count % 2)
+ return # Directive was escaped.
+ }
+
+ # Strip the directive and its explanation (if any) from the test
+ # description.
+ result_obj["description"] = substr(line, 1, pos - 1)
+ # Now remove the test description from the line, that has been dealt
+ # with already.
+ line = substr(line, pos)
+ # Strip the directive, and save its value (normalized to upper case).
+ sub("^[ \t]*#[ \t]*", "", line)
+ result_obj["directive"] = toupper(substr(line, 1, 4))
+ line = substr(line, 5)
+ # Now get the explanation for the directive (if any), with leading
+ # and trailing whitespace removed.
+ sub("^[ \t]*", "", line)
+ sub("[ \t]*$", "", line)
+ result_obj["explanation"] = line
+}
+
+function get_test_exit_message(status)
+{
+ if (status == 0)
+ return ""
+ if (status !~ /^[1-9][0-9]*$/)
+ abort("getting exit status")
+ if (status < 127)
+ exit_details = ""
+ else if (status == 127)
+ exit_details = " (command not found?)"
+ else if (status >= 128 && status <= 255)
+ exit_details = sprintf(" (terminated by signal %d?)", status - 128)
+ else if (status > 256 && status <= 384)
+ # We used to report an "abnormal termination" here, but some Korn
+ # shells, when a child process die due to signal number n, can leave
+ # in $? an exit status of 256+n instead of the more standard 128+n.
+ # Apparently, both behaviours are allowed by POSIX (2008), so be
+ # prepared to handle them both. See also Austing Group report ID
+ # 0000051 <http://www.austingroupbugs.net/view.php?id=51>
+ exit_details = sprintf(" (terminated by signal %d?)", status - 256)
+ else
+ # Never seen in practice.
+ exit_details = " (abnormal termination)"
+ return sprintf("exited with status %d%s", status, exit_details)
+}
+
+function write_test_results()
+{
+ print ":global-test-result: " get_global_test_result() > trs_file
+ print ":recheck: " yn(must_recheck()) > trs_file
+ print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file
+ for (i = 0; i < test_results_index; i += 1)
+ print ":test-result: " test_results_list[i] > trs_file
+ close(trs_file);
+}
+
+BEGIN {
+
+## ------- ##
+## SETUP ##
+## ------- ##
+
+'"$init_colors"'
+
+# Properly initialized once the TAP plan is seen.
+planned_tests = 0
+
+COOKED_PASS = expect_failure ? "XPASS": "PASS";
+COOKED_FAIL = expect_failure ? "XFAIL": "FAIL";
+
+# Enumeration-like constants to remember which kind of plan (if any)
+# has been seen. It is important that NO_PLAN evaluates "false" as
+# a boolean.
+NO_PLAN = 0
+EARLY_PLAN = 1
+LATE_PLAN = 2
+
+testno = 0 # Number of test results seen so far.
+bailed_out = 0 # Whether a "Bail out!" directive has been seen.
+
+# Whether the TAP plan has been seen or not, and if yes, which kind
+# it is ("early" is seen before any test result, "late" otherwise).
+plan_seen = NO_PLAN
+
+## --------- ##
+## PARSING ##
+## --------- ##
+
+is_first_read = 1
+
+while (1)
+ {
+ # Involutions required so that we are able to read the exit status
+ # from the last input line.
+ st = getline
+ if (st < 0) # I/O error.
+ fatal("I/O error while reading from input stream")
+ else if (st == 0) # End-of-input
+ {
+ if (is_first_read)
+ abort("in input loop: only one input line")
+ break
+ }
+ if (is_first_read)
+ {
+ is_first_read = 0
+ nextline = $0
+ continue
+ }
+ else
+ {
+ curline = nextline
+ nextline = $0
+ $0 = curline
+ }
+ # Copy any input line verbatim into the log file.
+ print | "cat >&3"
+ # Parsing of TAP input should stop after a "Bail out!" directive.
+ if (bailed_out)
+ continue
+
+ # TAP test result.
+ if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/)
+ {
+ testno += 1
+ setup_result_obj($0)
+ handle_tap_result()
+ }
+ # TAP plan (normal or "SKIP" without explanation).
+ else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/)
+ {
+ # The next two lines will put the number of planned tests in $0.
+ sub("^1\\.\\.", "")
+ sub("[^0-9]*$", "")
+ handle_tap_plan($0, "")
+ continue
+ }
+ # TAP "SKIP" plan, with an explanation.
+ else if ($0 ~ /^1\.\.0+[ \t]*#/)
+ {
+ # The next lines will put the skip explanation in $0, stripping
+ # any leading and trailing whitespace. This is a little more
+ # tricky in truth, since we want to also strip a potential leading
+ # "SKIP" string from the message.
+ sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "")
+ sub("[ \t]*$", "");
+ handle_tap_plan(0, $0)
+ }
+ # "Bail out!" magic.
+ # Older versions of prove and TAP::Harness (e.g., 3.17) did not
+ # recognize a "Bail out!" directive when preceded by leading
+ # whitespace, but more modern versions (e.g., 3.23) do. So we
+ # emulate the latter, "more modern" behaviour.
+ else if ($0 ~ /^[ \t]*Bail out!/)
+ {
+ bailed_out = 1
+ # Get the bailout message (if any), with leading and trailing
+ # whitespace stripped. The message remains stored in `$0`.
+ sub("^[ \t]*Bail out![ \t]*", "");
+ sub("[ \t]*$", "");
+ # Format the error message for the
+ bailout_message = "Bail out!"
+ if (length($0))
+ bailout_message = bailout_message " " $0
+ testsuite_error(bailout_message)
+ }
+ # Maybe we have too look for dianogtic comments too.
+ else if (comments != 0)
+ {
+ comment = extract_tap_comment($0);
+ if (length(comment))
+ report("#", comment);
+ }
+ }
+
+## -------- ##
+## FINISH ##
+## -------- ##
+
+# A "Bail out!" directive should cause us to ignore any following TAP
+# error, as well as a non-zero exit status from the TAP producer.
+if (!bailed_out)
+ {
+ if (!plan_seen)
+ {
+ testsuite_error("missing test plan")
+ }
+ else if (planned_tests != testno)
+ {
+ bad_amount = testno > planned_tests ? "many" : "few"
+ testsuite_error(sprintf("too %s tests run (expected %d, got %d)",
+ bad_amount, planned_tests, testno))
+ }
+ if (!ignore_exit)
+ {
+ # Fetch exit status from the last line.
+ exit_message = get_test_exit_message(nextline)
+ if (exit_message)
+ testsuite_error(exit_message)
+ }
+ }
+
+write_test_results()
+
+exit 0
+
+} # End of "BEGIN" block.
+'
+
+# TODO: document that we consume the file descriptor 3 :-(
+} 3>"$log_file"
+
+test $? -eq 0 || fatal "I/O or internal error"
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+#! /bin/sh
+
+# run a GTest in tap mode. The test binary is passed as $1
+
+$1 -k --tap
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
#include <gio/gio.h>
+#include <glib/gi18n-lib.h>
#include "gtlsbackend-gnutls.h"
#include "gtlsbackend-gnutls-pkcs11.h"
void
g_io_module_load (GIOModule *module)
{
+ gchar *locale_dir;
+#ifdef G_OS_WIN32
+ gchar *base_dir;
+#endif
+
g_tls_backend_gnutls_register (module);
#ifdef HAVE_PKCS11
g_tls_backend_gnutls_pkcs11_register (module);
#endif
+
+#ifdef G_OS_WIN32
+ base_dir = g_win32_get_package_installation_directory_of_module (NULL);
+ locale_dir = g_build_filename (base_dir, "share", "locale", NULL);
+ g_free (base_dir);
+#else
+ locale_dir = g_strdup (LOCALE_DIR);
+#endif
+
+ bindtextdomain (GETTEXT_PACKAGE, locale_dir);
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+ g_free (locale_dir);
}
void
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stef@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stef@collabora.co.uk>
*/
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_BACKEND_GNUTLS_H__
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <gio/gio.h>
#include <gnutls/gnutls.h>
+#include "gtlscertificate-gnutls.h"
+
G_BEGIN_DECLS
#define G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11 (g_tls_certificate_gnutls_pkcs11_get_type ())
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
gnutls_x509_crt_t *chain;
GTlsCertificateFlags gtls_flags;
time_t t, now;
-
+
cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
for (num_certs = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer)
num_certs++;
const gchar *interaction_id,
gnutls_retr2_st *st)
{
+ GTlsCertificateGnutls *chain;
gnutls_x509_crt_t cert;
gnutls_datum_t data;
+ guint num_certs = 0;
size_t size = 0;
+ int status;
- gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
- NULL, &size);
- data.data = g_malloc (size);
- data.size = size;
- gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
- data.data, &size);
+ /* We will do this loop twice. It's probably more efficient than
+ * re-allocating memory.
+ */
+ chain = gnutls;
+ while (chain != NULL)
+ {
+ num_certs++;
+ chain = chain->priv->issuer;
+ }
- gnutls_x509_crt_init (&cert);
- gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
- g_free (data.data);
+ st->ncerts = 0;
+ st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t) * num_certs);
- st->ncerts = 1;
- st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t));
- st->cert.x509[0] = cert;
+ /* Now do the actual copy of the whole chain. */
+ chain = gnutls;
+ while (chain != NULL)
+ {
+ gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+ NULL, &size);
+ data.data = g_malloc (size);
+ data.size = size;
+ gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+ data.data, &size);
+
+ gnutls_x509_crt_init (&cert);
+ status = gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
+ g_warn_if_fail (status == 0);
+ g_free (data.data);
+
+ st->cert.x509[st->ncerts] = cert;
+ st->ncerts++;
+
+ chain = chain->priv->issuer;
+ }
if (gnutls->priv->key != NULL)
{
{ GNUTLS_CERT_NOT_ACTIVATED, G_TLS_CERTIFICATE_NOT_ACTIVATED },
{ GNUTLS_CERT_EXPIRED, G_TLS_CERTIFICATE_EXPIRED },
{ GNUTLS_CERT_REVOKED, G_TLS_CERTIFICATE_REVOKED },
- { GNUTLS_CERT_INSECURE_ALGORITHM, G_TLS_CERTIFICATE_INSECURE }
+ { GNUTLS_CERT_INSECURE_ALGORITHM, G_TLS_CERTIFICATE_INSECURE },
+ { GNUTLS_CERT_UNEXPECTED_OWNER, G_TLS_CERTIFICATE_BAD_IDENTITY }
};
static const int flags_map_size = G_N_ELEMENTS (flags_map);
return gtls_flags;
}
-GTlsCertificateFlags
-g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
+static gboolean
+verify_identity_hostname (GTlsCertificateGnutls *gnutls,
+ GSocketConnectable *identity)
{
const char *hostname;
else if (G_IS_NETWORK_SERVICE (identity))
hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
else
- hostname = NULL;
+ return FALSE;
+
+ return gnutls_x509_crt_check_hostname (gnutls->priv->cert, hostname);
+}
+
+static gboolean
+verify_identity_ip (GTlsCertificateGnutls *gnutls,
+ GSocketConnectable *identity)
+{
+ GInetAddress *addr;
+ int i, ret = 0;
+ gsize addr_size;
+ const guint8 *addr_bytes;
+
+ if (G_IS_INET_SOCKET_ADDRESS (identity))
+ addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)));
+ else {
+ const char *hostname;
+
+ if (G_IS_NETWORK_ADDRESS (identity))
+ hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+ else if (G_IS_NETWORK_SERVICE (identity))
+ hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+ else
+ return FALSE;
+
+ addr = g_inet_address_new_from_string (hostname);
+ if (!addr)
+ return FALSE;
+ }
- if (hostname)
+ addr_bytes = g_inet_address_to_bytes (addr);
+ addr_size = g_inet_address_get_native_size (addr);
+
+ for (i = 0; ret >= 0; i++)
{
- if (gnutls_x509_crt_check_hostname (gnutls->priv->cert, hostname))
- return 0;
+ char san[500];
+ size_t san_size;
+
+ san_size = sizeof (san);
+ ret = gnutls_x509_crt_get_subject_alt_name (gnutls->priv->cert, i,
+ san, &san_size, NULL);
+
+ if ((ret == GNUTLS_SAN_IPADDRESS) && (addr_size == san_size))
+ {
+ if (memcmp (addr_bytes, san, addr_size) == 0)
+ {
+ g_object_unref (addr);
+ return TRUE;
+ }
+ }
}
+ g_object_unref (addr);
+ return FALSE;
+}
+
+GTlsCertificateFlags
+g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
+ GSocketConnectable *identity)
+{
+ if (verify_identity_hostname (gnutls, identity))
+ return 0;
+ else if (verify_identity_ip (gnutls, identity))
+ return 0;
+
/* FIXME: check sRVName and uniformResourceIdentifier
* subjectAltNames, if appropriate for @identity.
*/
g_object_get (gnutls, "certificate", &array, NULL);
return g_byte_array_free_to_bytes (array);
}
+
+static gnutls_x509_crt_t *
+convert_data_to_gnutls_certs (const gnutls_datum_t *certs,
+ guint num_certs,
+ gnutls_x509_crt_fmt_t format)
+{
+ gnutls_x509_crt_t *gnutls_certs;
+ guint i;
+
+ gnutls_certs = g_new (gnutls_x509_crt_t, num_certs);
+
+ for (i = 0; i < num_certs; i++)
+ {
+ if (gnutls_x509_crt_init (&gnutls_certs[i]) < 0)
+ {
+ i--;
+ goto error;
+ }
+ }
+
+ for (i = 0; i < num_certs; i++)
+ {
+ if (gnutls_x509_crt_import (gnutls_certs[i], &certs[i], format) < 0)
+ {
+ i = num_certs - 1;
+ goto error;
+ }
+ }
+
+ return gnutls_certs;
+
+error:
+ for (; i != G_MAXUINT; i--)
+ gnutls_x509_crt_deinit (gnutls_certs[i]);
+ g_free (gnutls_certs);
+ return NULL;
+}
+
+GTlsCertificateGnutls *
+g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs,
+ guint num_certs,
+ gnutls_x509_crt_fmt_t format)
+{
+ GPtrArray *glib_certs;
+ gnutls_x509_crt_t *gnutls_certs;
+ GTlsCertificateGnutls *issuer;
+ GTlsCertificateGnutls *result;
+ guint i, j;
+
+ g_return_val_if_fail (certs, NULL);
+
+ gnutls_certs = convert_data_to_gnutls_certs (certs, num_certs, format);
+ if (!gnutls_certs)
+ return NULL;
+
+ glib_certs = g_ptr_array_new_full (num_certs, g_object_unref);
+ for (i = 0; i < num_certs; i++)
+ g_ptr_array_add (glib_certs, g_tls_certificate_gnutls_new (&certs[i], NULL));
+
+ /* Some servers send certs out of order, or will send duplicate
+ * certs, so we need to be careful when assigning the issuer of
+ * our new GTlsCertificateGnutls.
+ */
+ for (i = 0; i < num_certs; i++)
+ {
+ issuer = NULL;
+
+ /* Check if the cert issued itself */
+ if (gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i]))
+ continue;
+
+ if (i < num_certs - 1 &&
+ gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i + 1]))
+ {
+ issuer = glib_certs->pdata[i + 1];
+ }
+ else
+ {
+ for (j = 0; j < num_certs; j++)
+ {
+ if (j != i &&
+ gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[j]))
+ {
+ issuer = glib_certs->pdata[j];
+ break;
+ }
+ }
+ }
+
+ if (issuer)
+ g_tls_certificate_gnutls_set_issuer (glib_certs->pdata[i], issuer);
+ }
+
+ result = g_object_ref (glib_certs->pdata[0]);
+ g_ptr_array_unref (glib_certs);
+
+ for (i = 0; i < num_certs; i++)
+ gnutls_x509_crt_deinit (gnutls_certs[i]);
+ g_free (gnutls_certs);
+
+ return result;
+}
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_CERTIFICATE_GNUTLS_H__
GTlsCertificateGnutls* g_tls_certificate_gnutls_steal_issuer (GTlsCertificateGnutls *gnutls);
+GTlsCertificateGnutls* g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs,
+ guint num_certs,
+ gnutls_x509_crt_fmt_t format);
+
G_END_DECLS
#endif /* __G_TLS_CERTIFICATE_GNUTLS_H___ */
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
PROP_ACCEPTED_CAS
};
+static void g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface);
+
static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface);
static int g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t session,
int pk_algos_length,
gnutls_retr2_st *st);
+static GInitableIface *g_tls_client_connection_gnutls_parent_initable_iface;
+
G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G_TYPE_TLS_CONNECTION_GNUTLS,
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_client_connection_gnutls_initable_interface_init)
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
g_tls_client_connection_gnutls_client_connection_interface_init));
GTlsCertificateFlags validation_flags;
GSocketConnectable *server_identity;
gboolean use_ssl3;
+ gboolean session_data_override;
GBytes *session_id;
+ GBytes *session_data;
gboolean cert_requested;
+ GError *cert_error;
GPtrArray *accepted_cas;
};
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
- if (gnutls->priv->server_identity)
- g_object_unref (gnutls->priv->server_identity);
- if (gnutls->priv->accepted_cas)
- g_ptr_array_unref (gnutls->priv->accepted_cas);
- if (gnutls->priv->session_id)
- g_bytes_unref (gnutls->priv->session_id);
+ g_clear_object (&gnutls->priv->server_identity);
+ g_clear_pointer (&gnutls->priv->accepted_cas, g_ptr_array_unref);
+ g_clear_pointer (&gnutls->priv->session_id, g_bytes_unref);
+ g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
+ g_clear_error (&gnutls->priv->cert_error);
G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->finalize (object);
}
+static gboolean
+g_tls_client_connection_gnutls_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
+ gnutls_session_t session;
+ const gchar *hostname;
+
+ if (!g_tls_client_connection_gnutls_parent_initable_iface->
+ init (initable, cancellable, error))
+ return FALSE;
+
+ session = g_tls_connection_gnutls_get_session (gnutls);
+ hostname = get_server_identity (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
+ if (hostname)
+ {
+ gnutls_server_name_set (session, GNUTLS_NAME_DNS,
+ hostname, strlen (hostname));
+ }
+
+ return TRUE;
+}
+
static void
g_tls_client_connection_gnutls_get_property (GObject *object,
guint prop_id,
{
gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_server_name_set (session, GNUTLS_NAME_DNS,
- hostname, strlen (hostname));
+ /* This will only be triggered if the identity is set after
+ * initialization */
+ if (session)
+ {
+ gnutls_server_name_set (session, GNUTLS_NAME_DNS,
+ hostname, strlen (hostname));
+ }
}
break;
gnutls_retr2_st *st)
{
GTlsClientConnectionGnutls *gnutls = gnutls_transport_get_ptr (session);
+ GTlsConnectionGnutls *conn = G_TLS_CONNECTION_GNUTLS (gnutls);
GPtrArray *accepted_cas;
GByteArray *dn;
int i;
gnutls->priv->accepted_cas = accepted_cas;
g_object_notify (G_OBJECT (gnutls), "accepted-cas");
- g_tls_connection_gnutls_get_certificate (G_TLS_CONNECTION_GNUTLS (gnutls), st);
+ g_tls_connection_gnutls_get_certificate (conn, st);
+
+ if (st->ncerts == 0)
+ {
+ g_clear_error (&gnutls->priv->cert_error);
+ if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->priv->cert_error))
+ g_tls_connection_gnutls_get_certificate (conn, st);
+ }
+
return 0;
}
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
+ gnutls->priv->session_data_override = FALSE;
+ g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
if (gnutls->priv->session_id)
g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
}
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
/* Try to get a cached session */
- if (gnutls->priv->session_id)
+ if (gnutls->priv->session_data_override)
+ {
+ gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
+ g_bytes_get_data (gnutls->priv->session_data, NULL),
+ g_bytes_get_size (gnutls->priv->session_data));
+ }
+ else if (gnutls->priv->session_id)
{
GBytes *session_data;
gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
g_bytes_get_data (session_data, NULL),
g_bytes_get_size (session_data));
- g_bytes_unref (session_data);
+ g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
+ gnutls->priv->session_data = session_data;
}
}
GError **inout_error)
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
+ int resumed;
g_assert (inout_error != NULL);
gnutls->priv->cert_requested)
{
g_clear_error (inout_error);
- g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
- _("Server required TLS certificate"));
+ if (gnutls->priv->cert_error)
+ {
+ *inout_error = gnutls->priv->cert_error;
+ gnutls->priv->cert_error = NULL;
+ }
+ else
+ {
+ g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("Server required TLS certificate"));
+ }
}
- if (gnutls->priv->session_id)
+ resumed = gnutls_session_is_resumed (g_tls_connection_gnutls_get_session (conn));
+ if (*inout_error || !resumed)
+ {
+ /* Clear session data since the server did not accept what we provided. */
+ gnutls->priv->session_data_override = FALSE;
+ g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
+ if (gnutls->priv->session_id)
+ g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+ }
+
+ if (!*inout_error && !resumed)
{
gnutls_datum_t session_datum;
- if (!*inout_error &&
- gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
- &session_datum) == 0)
- {
- GBytes *session_data = g_bytes_new_with_free_func (session_datum.data, session_datum.size,
- (GDestroyNotify)gnutls_free, session_datum.data);
+ if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
+ &session_datum) == 0)
+ {
+ gnutls->priv->session_data = g_bytes_new_with_free_func (session_datum.data,
+ session_datum.size,
+ (GDestroyNotify)gnutls_free,
+ session_datum.data);
+
+ g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
+ gnutls->priv->session_id,
+ gnutls->priv->session_data);
+ }
+ }
+}
- g_tls_backend_gnutls_store_session (GNUTLS_CLIENT, gnutls->priv->session_id,
- session_data);
- g_bytes_unref (session_data);
- }
- else
- g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+static void
+g_tls_client_connection_gnutls_copy_session_state (GTlsClientConnection *conn,
+ GTlsClientConnection *source)
+{
+ GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
+ GTlsClientConnectionGnutls *gnutls_source = G_TLS_CLIENT_CONNECTION_GNUTLS (source);
+
+ if (gnutls_source->priv->session_data)
+ {
+ gnutls->priv->session_data_override = TRUE;
+ gnutls->priv->session_data = g_bytes_ref (gnutls_source->priv->session_data);
+
+ if (gnutls->priv->session_id)
+ g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
+ gnutls->priv->session_id,
+ gnutls->priv->session_data);
}
}
static void
g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface)
{
+ iface->copy_session_state = g_tls_client_connection_gnutls_copy_session_state;
+}
+
+static void
+g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface)
+{
+ g_tls_client_connection_gnutls_parent_initable_iface = g_type_interface_peek_parent (iface);
+
+ iface->init = g_tls_client_connection_gnutls_initable_init;
}
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_CLIENT_CONNECTION_GNUTLS_H__
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
#include "glib.h"
#include <errno.h>
+#include <stdarg.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "pkcs11/gpkcs11pin.h"
#endif
+#ifdef G_OS_WIN32
+#include <winsock2.h>
+#include <winerror.h>
+
+/* It isn’t clear whether MinGW always defines EMSGSIZE. */
+#ifndef EMSGSIZE
+#define EMSGSIZE WSAEMSGSIZE
+#endif
+#endif
+
#include <glib/gi18n-lib.h>
static ssize_t g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t transport_data,
gboolean database_is_unset;
/* need_handshake means the next claim_op() will get diverted into
- * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE).
+ * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
* need_finish_handshake means the next claim_op() will get diverted
- * into finish_handshake() (unless it's an OP_CLOSE).
+ * into finish_handshake() (unless it's an OP_CLOSE*).
*
* handshaking is TRUE as soon as a handshake thread is queued. For
* a sync handshake it becomes FALSE after finish_handshake()
GError *handshake_error;
GByteArray *app_data_buf;
- gboolean closing, closed;
+ /* read_closed means the read direction has closed; write_closed similarly.
+ * If (and only if) both are set, the entire GTlsConnection is closed. */
+ gboolean read_closing, read_closed;
+ gboolean write_closing, write_closed;
GInputStream *tls_istream;
GOutputStream *tls_ostream;
g_mutex_init (&gnutls->priv->op_mutex);
}
-/* First field is "ssl3 only", second is "allow unsafe rehandshaking" */
+/* First field is "fallback", second is "allow unsafe rehandshaking" */
static gnutls_priority_t priorities[2][2];
+#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT:%LATEST_RECORD_VERSION"
+
static void
g_tls_connection_gnutls_init_priorities (void)
{
const gchar *base_priority;
- gchar *ssl3_priority, *unsafe_rehandshake_priority, *ssl3_unsafe_rehandshake_priority;
- int ret;
+ gchar *fallback_priority, *unsafe_rehandshake_priority, *fallback_unsafe_rehandshake_priority;
+ const guint *protos;
+ int ret, i, nprotos, fallback_proto;
base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY");
if (!base_priority)
- base_priority = "NORMAL:%COMPAT";
+ base_priority = DEFAULT_BASE_PRIORITY;
ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
if (ret == GNUTLS_E_INVALID_REQUEST)
{
g_warning ("G_TLS_GNUTLS_PRIORITY is invalid; ignoring!");
- base_priority = "NORMAL:%COMPAT";
- gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
+ base_priority = DEFAULT_BASE_PRIORITY;
+ ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
+ g_warn_if_fail (ret == 0);
}
- ssl3_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", base_priority);
unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", base_priority);
- ssl3_unsafe_rehandshake_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%%UNSAFE_RENEGOTIATION", base_priority);
+ ret = gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL);
+ g_warn_if_fail (ret == 0);
+ g_free (unsafe_rehandshake_priority);
+
+ /* Figure out the lowest SSl/TLS version supported by base_priority */
+ nprotos = gnutls_priority_protocol_list (priorities[FALSE][FALSE], &protos);
+ fallback_proto = G_MAXUINT;
+ for (i = 0; i < nprotos; i++)
+ {
+ if (protos[i] < fallback_proto)
+ fallback_proto = protos[i];
+ }
+ if (fallback_proto == G_MAXUINT)
+ {
+ g_warning ("All GNUTLS protocol versions disabled?");
+ fallback_priority = g_strdup (base_priority);
+ }
+ else
+ {
+ gchar *cleaned_base, *p, *rest;
+
+ /* fallback_priority should be based on base_priority, except
+ * that we don't want %LATEST_RECORD_VERSION in it.
+ */
+ cleaned_base = g_strdup (base_priority);
+ p = strstr (cleaned_base, ":%LATEST_RECORD_VERSION");
+ if (p)
+ {
+ rest = p + strlen (":%LATEST_RECORD_VERSION");
+ memmove (p, rest, strlen (rest) + 1);
+ }
- gnutls_priority_init (&priorities[TRUE][FALSE], ssl3_priority, NULL);
- gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL);
- gnutls_priority_init (&priorities[TRUE][TRUE], ssl3_unsafe_rehandshake_priority, NULL);
+ fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s",
+ cleaned_base,
+ gnutls_protocol_get_name (fallback_proto));
- g_free (ssl3_priority);
- g_free (unsafe_rehandshake_priority);
- g_free (ssl3_unsafe_rehandshake_priority);
+ g_free (cleaned_base);
+ }
+ fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION",
+ fallback_priority);
+
+ ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL);
+ g_warn_if_fail (ret == 0);
+ ret = gnutls_priority_init (&priorities[TRUE][TRUE], fallback_unsafe_rehandshake_priority, NULL);
+ g_warn_if_fail (ret == 0);
+ g_free (fallback_priority);
+ g_free (fallback_unsafe_rehandshake_priority);
}
static void
g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
{
- gboolean use_ssl3, unsafe_rehandshake;
+ gboolean fallback, unsafe_rehandshake;
if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
- use_ssl3 = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
+ fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
else
- use_ssl3 = FALSE;
+ fallback = FALSE;
unsafe_rehandshake = (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
gnutls_priority_set (gnutls->priv->session,
- priorities[use_ssl3][unsafe_rehandshake]);
+ priorities[fallback][unsafe_rehandshake]);
}
static gboolean
GError **error)
{
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
+ gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
+ guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER;
int status;
g_return_val_if_fail (gnutls->priv->base_istream != NULL &&
gnutls->priv->base_ostream != NULL, FALSE);
- /* Make sure gnutls->priv->session has been initialized (it may have
- * already been initialized by a construct-time property setter).
- */
- g_tls_connection_gnutls_get_session (gnutls);
+ gnutls_init (&gnutls->priv->session, flags);
status = gnutls_credentials_set (gnutls->priv->session,
GNUTLS_CRD_CERTIFICATE,
return FALSE;
}
- /* Some servers (especially on embedded devices) use tiny keys that
- * gnutls will reject by default. We want it to accept them.
- */
- gnutls_dh_set_prime_bits (gnutls->priv->session, 256);
-
gnutls_transport_set_push_function (gnutls->priv->session,
g_tls_connection_gnutls_push_func);
gnutls_transport_set_pull_function (gnutls->priv->session,
g_clear_error (&gnutls->priv->read_error);
g_clear_error (&gnutls->priv->write_error);
+ /* This must always be NULL at this, as it holds a referehce to @gnutls as
+ * its source object. However, we clear it anyway just in case this changes
+ * in future. */
+ g_clear_object (&gnutls->priv->implicit_handshake);
+
+ g_clear_object (&gnutls->priv->read_cancellable);
+ g_clear_object (&gnutls->priv->write_cancellable);
+
g_clear_object (&gnutls->priv->waiting_for_op);
g_mutex_clear (&gnutls->priv->op_mutex);
gnutls_session_t
g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *gnutls)
{
- /* Ideally we would initialize gnutls->priv->session from
- * g_tls_connection_gnutls_init(), but we can't tell if it's a
- * client or server connection at that point... And
- * g_tls_connection_gnutls_initiable_init() is too late, because
- * construct-time property setters may need to modify it.
- */
- if (!gnutls->priv->session)
- {
- gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
- gnutls_init (&gnutls->priv->session, client ? GNUTLS_CLIENT : GNUTLS_SERVER);
- }
-
return gnutls->priv->session;
}
G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE,
G_TLS_CONNECTION_GNUTLS_OP_READ,
G_TLS_CONNECTION_GNUTLS_OP_WRITE,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE,
+ G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ,
+ G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE,
+ G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH,
} GTlsConnectionGnutlsOp;
static gboolean
g_mutex_lock (&gnutls->priv->op_mutex);
- if (gnutls->priv->closing || gnutls->priv->closed)
+ if (((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
+ op == G_TLS_CONNECTION_GNUTLS_OP_READ) &&
+ (gnutls->priv->read_closing || gnutls->priv->read_closed)) ||
+ ((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
+ op == G_TLS_CONNECTION_GNUTLS_OP_WRITE) &&
+ (gnutls->priv->write_closing || gnutls->priv->write_closed)))
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
_("Connection is closed"));
return FALSE;
}
- if (gnutls->priv->handshake_error && op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
+ if (gnutls->priv->handshake_error &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
{
if (error)
*error = g_error_copy (gnutls->priv->handshake_error);
return FALSE;
}
- if (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
+ if (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
{
- if (gnutls->priv->need_handshake)
+ if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
+ gnutls->priv->need_handshake)
{
gnutls->priv->need_handshake = FALSE;
gnutls->priv->handshaking = TRUE;
g_clear_object (&gnutls->priv->implicit_handshake);
g_mutex_lock (&gnutls->priv->op_mutex);
- if (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error))
+ if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
+ (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
{
g_propagate_error (error, my_error);
g_mutex_unlock (&gnutls->priv->op_mutex);
return FALSE;
}
+
+ g_clear_error (&my_error);
}
}
nfds = 2;
else
nfds = 1;
+
g_poll (fds, nfds, -1);
- g_cancellable_release_fd (cancellable);
+
+ if (nfds > 1)
+ g_cancellable_release_fd (cancellable);
goto try_again;
}
gnutls->priv->handshaking = TRUE;
gnutls->priv->need_handshake = FALSE;
}
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
- gnutls->priv->closing = TRUE;
+ if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
+ gnutls->priv->read_closing = TRUE;
+ if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
+ gnutls->priv->write_closing = TRUE;
if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
gnutls->priv->reading = TRUE;
if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
gnutls->priv->handshaking = FALSE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE)
- gnutls->priv->closing = FALSE;
+ if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
+ gnutls->priv->read_closing = FALSE;
+ if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
+ op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
+ gnutls->priv->write_closing = FALSE;
if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
gnutls->priv->reading = FALSE;
static int
end_gnutls_io (GTlsConnectionGnutls *gnutls,
- GIOCondition direction,
- int status,
- const char *errmsg,
- GError **error)
+ GIOCondition direction,
+ int status,
+ GError **error,
+ const char *err_fmt,
+ ...) G_GNUC_PRINTF(5, 6);
+
+static int
+end_gnutls_io (GTlsConnectionGnutls *gnutls,
+ GIOCondition direction,
+ int status,
+ GError **error,
+ const char *err_fmt,
+ ...)
{
GError *my_error = NULL;
if (my_error)
{
- if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
+ if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) &&
+ !g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
g_propagate_error (error, my_error);
return status;
if (error)
{
- g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
- errmsg, gnutls_strerror (status));
+ va_list ap;
+
+ va_start (ap, err_fmt);
+ *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
+ va_end (ap);
}
return status;
}
do {
#define END_GNUTLS_IO(gnutls, direction, ret, errmsg, err) \
- } while ((ret = end_gnutls_io (gnutls, direction, ret, errmsg, err)) == GNUTLS_E_AGAIN);
+ } while ((ret = end_gnutls_io (gnutls, direction, ret, err, errmsg, gnutls_strerror (ret))) == GNUTLS_E_AGAIN);
gboolean
g_tls_connection_gnutls_check (GTlsConnectionGnutls *gnutls,
/* If a handshake or close is in progress, then tls_istream and
* tls_ostream are blocked, regardless of the base stream status.
*/
- if (gnutls->priv->handshaking || gnutls->priv->closing)
+ if (gnutls->priv->handshaking)
+ return FALSE;
+
+ if (((condition & G_IO_IN) && gnutls->priv->read_closing) ||
+ ((condition & G_IO_OUT) && gnutls->priv->write_closing))
return FALSE;
if (condition & G_IO_IN)
GTlsConnectionGnutls *gnutls = gnutls_source->gnutls;
gboolean io_waiting, op_waiting;
+ /* Was the source destroyed earlier in this main context iteration? */
+ if (g_source_is_destroyed ((GSource *) gnutls_source))
+ return;
+
g_mutex_lock (&gnutls->priv->op_mutex);
if (((gnutls_source->condition & G_IO_IN) && gnutls->priv->reading) ||
((gnutls_source->condition & G_IO_OUT) && gnutls->priv->writing) ||
gnutls_transport_set_errno (gnutls->priv->session, EINTR);
else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+ else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
+ gnutls_transport_set_errno (gnutls->priv->session, EINTR);
else
gnutls_transport_set_errno (gnutls->priv->session, EIO);
}
return ret;
}
-
static GTlsCertificate *
get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
{
- GTlsCertificate *chain, *cert;
const gnutls_datum_t *certs;
+ GTlsCertificateGnutls *chain;
unsigned int num_certs;
- int i;
certs = gnutls_certificate_get_peers (gnutls->priv->session, &num_certs);
if (!certs || !num_certs)
return NULL;
- chain = NULL;
- for (i = num_certs - 1; i >= 0; i--)
- {
- cert = g_tls_certificate_gnutls_new (&certs[i], chain);
- if (chain)
- g_object_unref (chain);
- chain = cert;
- }
+ chain = g_tls_certificate_gnutls_build_chain (certs, num_certs, GNUTLS_X509_FMT_DER);
+ if (!chain)
+ return NULL;
- return chain;
+ return G_TLS_CERTIFICATE (chain);
}
static GTlsCertificateFlags
GTlsCertificate *peer_certificate,
GTlsCertificateFlags peer_certificate_errors)
{
- gboolean accepted;
+ gboolean accepted = FALSE;
if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
{
if ((peer_certificate_errors & validation_flags) == 0)
accepted = TRUE;
- else
- {
- accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
- peer_certificate,
- peer_certificate_errors);
- }
}
- else
+
+ if (!accepted)
{
accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
peer_certificate,
GError *my_error = NULL;
task = g_task_new (conn, cancellable, NULL, NULL);
+ g_task_set_source_tag (task, g_tls_connection_gnutls_handshake);
begin_handshake (gnutls);
g_task_run_in_thread_sync (task, handshake_thread);
success = finish_handshake (gnutls, task, &my_error);
GTask *thread_task, *caller_task;
caller_task = g_task_new (conn, cancellable, callback, user_data);
+ g_task_set_source_tag (caller_task, g_tls_connection_gnutls_handshake_async);
g_task_set_priority (caller_task, io_priority);
begin_handshake (G_TLS_CONNECTION_GNUTLS (conn));
thread_task = g_task_new (conn, cancellable,
handshake_thread_completed, caller_task);
+ g_task_set_source_tag (thread_task, g_tls_connection_gnutls_handshake_async);
g_task_set_priority (thread_task, io_priority);
g_task_run_in_thread (thread_task, async_handshake_thread);
g_object_unref (thread_task);
/* We have op_mutex */
gnutls->priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL);
+ g_task_set_source_tag (gnutls->priv->implicit_handshake,
+ do_implicit_handshake);
begin_handshake (gnutls);
return gnutls->priv->tls_ostream;
}
-static gboolean
-g_tls_connection_gnutls_close (GIOStream *stream,
- GCancellable *cancellable,
- GError **error)
+gboolean
+g_tls_connection_gnutls_close_internal (GIOStream *stream,
+ GTlsDirection direction,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
- gboolean success;
+ GTlsConnectionGnutlsOp op;
+ gboolean success = TRUE;
int ret = 0;
+ GError *gnutls_error = NULL, *stream_error = NULL;
- if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE,
- TRUE, cancellable, error))
- return FALSE;
+ /* This can be called from g_io_stream_close(), g_input_stream_close() or
+ * g_output_stream_close(). In all cases, we only do the gnutls_bye() for
+ * writing. The difference is how we set the flags on this class and how
+ * the underlying stream is closed.
+ */
- if (gnutls->priv->closed)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is already closed"));
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE);
- return FALSE;
- }
+ g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
- if (gnutls->priv->ever_handshaked)
+ if (direction == G_TLS_DIRECTION_BOTH)
+ op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH;
+ else if (direction == G_TLS_DIRECTION_READ)
+ op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ;
+ else
+ op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE;
+
+ if (!claim_op (gnutls, op, TRUE, cancellable, error))
+ return FALSE;
+
+ if (gnutls->priv->ever_handshaked && !gnutls->priv->write_closed &&
+ direction & G_TLS_DIRECTION_WRITE)
{
BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, TRUE, cancellable);
ret = gnutls_bye (gnutls->priv->session, GNUTLS_SHUT_WR);
END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
- _("Error performing TLS close: %s"), error);
- }
+ _("Error performing TLS close: %s"), &gnutls_error);
- gnutls->priv->closed = TRUE;
+ gnutls->priv->write_closed = TRUE;
+ }
+ if (!gnutls->priv->read_closed && direction & G_TLS_DIRECTION_READ)
+ gnutls->priv->read_closed = TRUE;
+
+ /* Close the underlying streams. Do this even if the gnutls_bye() call failed,
+ * as the parent GIOStream will have set its internal closed flag and hence
+ * this implementation will never be called again. */
+ if (direction == G_TLS_DIRECTION_BOTH)
+ success = g_io_stream_close (gnutls->priv->base_io_stream,
+ cancellable, &stream_error);
+ else if (direction & G_TLS_DIRECTION_READ)
+ success = g_input_stream_close (g_io_stream_get_input_stream (gnutls->priv->base_io_stream),
+ cancellable, &stream_error);
+ else if (direction & G_TLS_DIRECTION_WRITE)
+ success = g_output_stream_close (g_io_stream_get_output_stream (gnutls->priv->base_io_stream),
+ cancellable, &stream_error);
+
+ yield_op (gnutls, op);
+
+ /* Propagate errors. */
if (ret != 0)
{
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE);
- return FALSE;
+ g_propagate_error (error, gnutls_error);
+ g_clear_error (&stream_error);
+ }
+ else if (!success)
+ {
+ g_propagate_error (error, stream_error);
+ g_clear_error (&gnutls_error);
}
- success = g_io_stream_close (gnutls->priv->base_io_stream,
- cancellable, error);
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_CLOSE);
- return success;
+ return success && (ret == 0);
+}
+
+static gboolean
+g_tls_connection_gnutls_close (GIOStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ return g_tls_connection_gnutls_close_internal (stream,
+ G_TLS_DIRECTION_BOTH,
+ cancellable, error);
}
/* We do async close as synchronous-in-a-thread so we don't need to
GIOStream *stream = object;
GError *error = NULL;
- if (!g_tls_connection_gnutls_close (stream, cancellable, &error))
+ if (!g_tls_connection_gnutls_close_internal (stream, G_TLS_DIRECTION_BOTH,
+ cancellable, &error))
g_task_return_error (task, error);
else
g_task_return_boolean (task, TRUE);
GTask *task;
task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_connection_gnutls_close_async);
g_task_set_priority (task, io_priority);
g_task_run_in_thread (task, close_thread);
g_object_unref (task);
pin = NULL;
break;
case G_TLS_INTERACTION_UNHANDLED:
+ default:
pin = NULL;
break;
case G_TLS_INTERACTION_HANDLED:
{
iface->init = g_tls_connection_gnutls_initable_init;
}
+
+gboolean
+g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *self,
+ GError **error)
+{
+ GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+ GTlsInteraction *interaction;
+ GTlsConnection *conn;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (self), FALSE);
+
+ conn = G_TLS_CONNECTION (self);
+
+ interaction = g_tls_connection_get_interaction (conn);
+ if (!interaction)
+ return FALSE;
+
+ res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
+ self->priv->read_cancellable, error);
+ return res != G_TLS_INTERACTION_FAILED;
+}
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_CONNECTION_GNUTLS_H__
gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
gnutls_session_t g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *connection);
-void g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
- gnutls_retr2_st *st);
+
+void g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
+ gnutls_retr2_st *st);
+
+gboolean g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *gnutls,
+ GError **error);
gssize g_tls_connection_gnutls_read (GTlsConnectionGnutls *gnutls,
void *buffer,
GIOCondition condition,
GCancellable *cancellable);
+typedef enum {
+ G_TLS_DIRECTION_NONE = 0,
+ G_TLS_DIRECTION_READ = 1 << 0,
+ G_TLS_DIRECTION_WRITE = 1 << 1,
+} GTlsDirection;
+
+#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
+
+gboolean g_tls_connection_gnutls_close_internal (GIOStream *stream,
+ GTlsDirection direction,
+ GCancellable *cancellable,
+ GError **error);
+
G_END_DECLS
#endif /* __G_TLS_CONNECTION_GNUTLS_H___ */
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include "pkcs11/gpkcs11util.h"
#include "pkcs11/pkcs11-trust-assertions.h"
-const static CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = {
+static const CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = {
CKA_ID, CKA_LABEL, CKA_CLASS, CKA_VALUE
};
-const static CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = {
+static const CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = {
CKA_ID, CKA_LABEL, CKA_CLASS, CKA_KEY_TYPE
};
}
static GTlsCertificate *
-create_database_pkcs11_certificate (GPkcs11Slot *slot,
+create_database_pkcs11_certificate (GPkcs11Slot *slot,
GPkcs11Array *certificate_attrs,
GPkcs11Array *private_key_attrs)
{
return certificate;
}
-static const gchar*
+static const gchar *
calculate_peer_for_identity (GSocketConnectable *identity)
{
const char *peer;
}
static gboolean
-accumulate_stop (gpointer result,
- gpointer user_data)
+accumulate_stop (gpointer result,
+ gpointer user_data)
{
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_exists (gpointer result,
- gpointer user_data)
+accumulate_exists (gpointer result,
+ gpointer user_data)
{
- gboolean *exists = (gboolean*)user_data;
+ gboolean *exists = (gboolean *)user_data;
*exists = TRUE;
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_first_attributes (gpointer result,
- gpointer user_data)
+accumulate_first_attributes (gpointer result,
+ gpointer user_data)
{
- GPkcs11Array** attributes = (GPkcs11Array**)user_data;
+ GPkcs11Array **attributes = (GPkcs11Array **)user_data;
g_assert (attributes);
*attributes = g_pkcs11_array_ref (result);
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_list_attributes (gpointer result,
- gpointer user_data)
+accumulate_list_attributes (gpointer result,
+ gpointer user_data)
{
- GList **results = (GList**)user_data;
+ GList **results = (GList **)user_data;
g_assert (results);
*results = g_list_append (*results, g_pkcs11_array_ref (result));
return TRUE; /* continue enumeration */
}
static gboolean
-accumulate_first_object (gpointer result,
- gpointer user_data)
+accumulate_first_object (gpointer result,
+ gpointer user_data)
{
- GObject** object = (GObject**)user_data;
+ GObject **object = (GObject **)user_data;
g_assert (object);
*object = g_object_ref (result);
return FALSE; /* stop enumeration */
}
static gboolean
-accumulate_list_objects (gpointer result,
- gpointer user_data)
+accumulate_list_objects (gpointer result,
+ gpointer user_data)
{
- GList **results = (GList**)user_data;
+ GList **results = (GList **)user_data;
g_assert (results);
*results = g_list_append (*results, g_object_ref (result));
return TRUE; /* continue enumeration */
static GPkcs11EnumerateState
enumerate_call_accumulator (GPkcs11Accumulator accumulator,
- gpointer result,
- gpointer user_data)
+ gpointer result,
+ gpointer user_data)
{
g_assert (accumulator);
}
static GPkcs11EnumerateState
-enumerate_assertion_exists_in_slot (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- GPkcs11Array *match,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_assertion_exists_in_slot (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ GPkcs11Array *match,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
GPkcs11EnumerateState state;
}
static gboolean
-g_tls_database_gnutls_pkcs11_lookup_assertion (GTlsDatabaseGnutls *database,
- GTlsCertificateGnutls *certificate,
- GTlsDatabaseGnutlsAssertion assertion,
- const gchar *purpose,
- GSocketConnectable *identity,
- GCancellable *cancellable,
- GError **error)
+g_tls_database_gnutls_pkcs11_lookup_assertion (GTlsDatabaseGnutlsPkcs11 *self,
+ GTlsCertificateGnutls *certificate,
+ GTlsDatabaseGnutlsAssertion assertion,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GCancellable *cancellable,
+ GError **error)
{
- GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GByteArray *der = NULL;
gboolean found, ready;
GPkcs11Array *match;
}
static GPkcs11EnumerateState
-enumerate_keypair_for_certificate (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- GPkcs11Array *match_certificate,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_keypair_for_certificate (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ GPkcs11Array *match_certificate,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
static CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
GPkcs11Array *private_key_attrs = NULL;
}
static GPkcs11EnumerateState
-enumerate_keypairs_in_slot (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- CK_ATTRIBUTE_PTR match,
- CK_ULONG match_count,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_keypairs_in_slot (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ CK_ATTRIBUTE_PTR match,
+ CK_ULONG match_count,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
GPkcs11EnumerateState state;
GList *results = NULL;
}
static GPkcs11EnumerateState
-enumerate_certificates_in_slot (GPkcs11Slot *slot,
- GTlsInteraction *interaction,
- CK_ATTRIBUTE_PTR match,
- CK_ULONG match_count,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_certificates_in_slot (GPkcs11Slot *slot,
+ GTlsInteraction *interaction,
+ CK_ATTRIBUTE_PTR match,
+ CK_ULONG match_count,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
enumerate_certificates_closure closure = { accumulator, user_data, slot };
}
static GPkcs11EnumerateState
-enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11 *self,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- CK_ATTRIBUTE_PTR match,
- CK_ULONG match_count,
- P11KitUri *match_slot_to_uri,
- GPkcs11Accumulator accumulator,
- gpointer user_data,
- GCancellable *cancellable,
- GError **error)
+enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11 *self,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ CK_ATTRIBUTE_PTR match,
+ CK_ULONG match_count,
+ P11KitUri *match_slot_to_uri,
+ GPkcs11Accumulator accumulator,
+ gpointer user_data,
+ GCancellable *cancellable,
+ GError **error)
{
GPkcs11EnumerateState state = G_PKCS11_ENUMERATE_CONTINUE;
GPkcs11Slot *slot;
return state;
}
-static GTlsCertificate*
-g_tls_database_gnutls_pkcs11_lookup_certificate_issuer (GTlsDatabase *database,
- GTlsCertificate *certificate,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate *
+g_tls_database_gnutls_pkcs11_lookup_certificate_issuer (GTlsDatabase *database,
+ GTlsCertificate *certificate,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GTlsCertificate *result = NULL;
return result;
}
-static GList*
-g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by (GTlsDatabase *database,
- GByteArray *issuer_subject,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GList *
+g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by (GTlsDatabase *database,
+ GByteArray *issuer_subject,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GList *l, *results = NULL;
return results;
}
-static gchar*
-g_tls_database_gnutls_pkcs11_create_certificate_handle (GTlsDatabase *database,
- GTlsCertificate *certificate)
+static gchar *
+g_tls_database_gnutls_pkcs11_create_certificate_handle (GTlsDatabase *database,
+ GTlsCertificate *certificate)
{
GTlsCertificateGnutlsPkcs11 *pkcs11_cert;
return g_tls_certificate_gnutls_pkcs11_build_certificate_uri (pkcs11_cert, NULL);
}
-static GTlsCertificate*
-g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle (GTlsDatabase *database,
- const gchar *handle,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate *
+g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle (GTlsDatabase *database,
+ const gchar *handle,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
GTlsCertificate *result = NULL;
return result;
}
+#define BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT 10
+
+enum {
+ STATUS_FAILURE,
+ STATUS_INCOMPLETE,
+ STATUS_SELFSIGNED,
+ STATUS_ANCHORED,
+ STATUS_RECURSION_LIMIT_REACHED
+};
+
+static gboolean
+is_self_signed (GTlsCertificateGnutls *certificate)
+{
+ const gnutls_x509_crt_t cert = g_tls_certificate_gnutls_get_cert (certificate);
+ return (gnutls_x509_crt_check_issuer (cert, cert) > 0);
+}
+
+static gint
+build_certificate_chain (GTlsDatabaseGnutlsPkcs11 *self,
+ GTlsCertificateGnutls *certificate,
+ GTlsCertificateGnutls *previous,
+ gboolean certificate_is_from_db,
+ guint recursion_depth,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GCancellable *cancellable,
+ GTlsCertificateGnutls **anchor,
+ GError **error)
+{
+ GTlsCertificate *issuer;
+ gint status;
+
+ if (recursion_depth++ > BUILD_CERTIFICATE_CHAIN_RECURSION_LIMIT)
+ return STATUS_RECURSION_LIMIT_REACHED;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return STATUS_FAILURE;
+
+ /* Look up whether this certificate is an anchor */
+ if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate,
+ G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE,
+ purpose, identity, cancellable, error))
+ {
+ g_tls_certificate_gnutls_set_issuer (certificate, NULL);
+ *anchor = certificate;
+ return STATUS_ANCHORED;
+ }
+ else if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+
+ /* Is it self-signed? */
+ if (is_self_signed (certificate))
+ {
+ /*
+ * Since at this point we would fail with 'self-signed', can we replace
+ * this certificate with one from the database and do better?
+ */
+ if (previous && !certificate_is_from_db)
+ {
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
+ G_TLS_CERTIFICATE (previous),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ {
+ return STATUS_FAILURE;
+ }
+ else if (issuer)
+ {
+ /* Replaced with certificate in the db, restart step again with this certificate */
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ g_tls_certificate_gnutls_set_issuer (previous, certificate);
+ g_object_unref (issuer);
+
+ return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth,
+ purpose, identity, interaction, cancellable, anchor, error);
+ }
+ }
+
+ g_tls_certificate_gnutls_set_issuer (certificate, NULL);
+ return STATUS_SELFSIGNED;
+ }
+
+ previous = certificate;
+
+ /* Bring over the next certificate in the chain */
+ issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
+ if (issuer)
+ {
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+
+ status = build_certificate_chain (self, certificate, previous, FALSE, recursion_depth,
+ purpose, identity, interaction, cancellable, anchor, error);
+ if (status != STATUS_INCOMPLETE)
+ {
+ return status;
+ }
+ }
+
+ /* Search for the next certificate in chain */
+ issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
+ G_TLS_CERTIFICATE (certificate),
+ interaction,
+ G_TLS_DATABASE_LOOKUP_NONE,
+ cancellable, error);
+ if (*error)
+ return STATUS_FAILURE;
+
+ if (!issuer)
+ return STATUS_INCOMPLETE;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
+ g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer));
+ certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
+ g_object_unref (issuer);
+
+ return build_certificate_chain (self, certificate, previous, TRUE, recursion_depth,
+ purpose, identity, interaction, cancellable, anchor, error);
+}
+
+static GTlsCertificateFlags
+double_check_before_after_dates (GTlsCertificateGnutls *chain)
+{
+ GTlsCertificateFlags gtls_flags = 0;
+ gnutls_x509_crt_t cert;
+ time_t t, now;
+
+ now = time (NULL);
+ while (chain)
+ {
+ cert = g_tls_certificate_gnutls_get_cert (chain);
+ t = gnutls_x509_crt_get_activation_time (cert);
+ if (t == (time_t) -1 || t > now)
+ gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
+
+ t = gnutls_x509_crt_get_expiration_time (cert);
+ if (t == (time_t) -1 || t < now)
+ gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
+
+ chain = G_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_get_issuer
+ (G_TLS_CERTIFICATE (chain)));
+ }
+
+ return gtls_flags;
+}
+
+static void
+convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
+ gnutls_x509_crt_t **gnutls_chain,
+ guint *gnutls_chain_length)
+{
+ GTlsCertificate *cert;
+ guint i;
+
+ g_assert (gnutls_chain);
+ g_assert (gnutls_chain_length);
+
+ for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
+ cert; cert = g_tls_certificate_get_issuer (cert))
+ ++(*gnutls_chain_length);
+
+ *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
+
+ for (i = 0, cert = G_TLS_CERTIFICATE (chain);
+ cert; cert = g_tls_certificate_get_issuer (cert), ++i)
+ (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
+
+ g_assert (i == *gnutls_chain_length);
+}
+
+static GTlsCertificateFlags
+g_tls_database_gnutls_pkcs11_verify_chain (GTlsDatabase *database,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDatabaseGnutlsPkcs11 *self;
+ GTlsCertificateFlags result;
+ GTlsCertificateGnutls *certificate;
+ GError *err = NULL;
+ GTlsCertificateGnutls *anchor;
+ guint gnutls_result;
+ gnutls_x509_crt_t *certs, *anchors;
+ guint certs_length, anchors_length;
+ gint status, gerr;
+ guint recursion_depth = 0;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
+ G_TLS_CERTIFICATE_GENERIC_ERROR);
+ g_assert (purpose);
+
+ self = G_TLS_DATABASE_GNUTLS_PKCS11 (database);
+ certificate = G_TLS_CERTIFICATE_GNUTLS (chain);
+
+ /* First check for pinned certificate */
+ if (g_tls_database_gnutls_pkcs11_lookup_assertion (self, certificate,
+ G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE,
+ purpose, identity, cancellable, &err))
+ {
+ /*
+ * A pinned certificate is verified on its own, without any further
+ * verification.
+ */
+ g_tls_certificate_gnutls_set_issuer (certificate, NULL);
+ return 0;
+ }
+
+ if (err)
+ {
+ g_propagate_error (error, err);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ anchor = NULL;
+ status = build_certificate_chain (self, certificate, NULL, FALSE, recursion_depth,
+ purpose, identity, interaction, cancellable, &anchor, &err);
+ if (status == STATUS_FAILURE)
+ {
+ g_propagate_error (error, err);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
+ &certs, &certs_length);
+
+ if (anchor)
+ {
+ g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
+ convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (anchor),
+ &anchors, &anchors_length);
+ }
+ else
+ {
+ anchors = NULL;
+ anchors_length = 0;
+ }
+
+ gerr = gnutls_x509_crt_list_verify (certs, certs_length,
+ anchors, anchors_length,
+ NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+ &gnutls_result);
+
+ g_free (certs);
+ g_free (anchors);
+
+ if (gerr != 0)
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ else if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
+
+ /*
+ * We have to check these ourselves since gnutls_x509_crt_list_verify
+ * won't bother if it gets an UNKNOWN_CA.
+ */
+ result |= double_check_before_after_dates (G_TLS_CERTIFICATE_GNUTLS (chain));
+
+ if (identity)
+ result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain),
+ identity);
+
+ return result;
+}
+
static void
g_tls_database_gnutls_pkcs11_class_init (GTlsDatabaseGnutlsPkcs11Class *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
- GTlsDatabaseGnutlsClass *gnutls_class = G_TLS_DATABASE_GNUTLS_CLASS (klass);
g_type_class_add_private (klass, sizeof (GTlsDatabaseGnutlsPkcs11Private));
database_class->lookup_certificate_issuer = g_tls_database_gnutls_pkcs11_lookup_certificate_issuer;
database_class->lookup_certificates_issued_by = g_tls_database_gnutls_pkcs11_lookup_certificates_issued_by;
database_class->lookup_certificate_for_handle = g_tls_database_gnutls_pkcs11_lookup_certificate_for_handle;
- gnutls_class->lookup_assertion = g_tls_database_gnutls_pkcs11_lookup_assertion;
+ database_class->verify_chain = g_tls_database_gnutls_pkcs11_verify_chain;
}
static gboolean
iface->init = g_tls_database_gnutls_pkcs11_initable_init;
}
-GTlsDatabase*
+GTlsDatabase *
g_tls_database_gnutls_pkcs11_new (GError **error)
{
g_return_val_if_fail (!error || !*error, NULL);
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include "config.h"
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-
#include "gtlsdatabase-gnutls.h"
-#include "gtlscertificate-gnutls.h"
-
-#include <glib/gi18n-lib.h>
-
G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G_TYPE_TLS_DATABASE);
-enum {
- STATUS_FAILURE,
- STATUS_INCOMPLETE,
- STATUS_SELFSIGNED,
- STATUS_PINNED,
- STATUS_ANCHORED,
-};
-
static void
g_tls_database_gnutls_init (GTlsDatabaseGnutls *self)
{
-
-}
-
-static gboolean
-is_self_signed (GTlsCertificateGnutls *certificate)
-{
- const gnutls_x509_crt_t cert = g_tls_certificate_gnutls_get_cert (certificate);
- return (gnutls_x509_crt_check_issuer (cert, cert) > 0);
-}
-
-static gint
-build_certificate_chain (GTlsDatabaseGnutls *self,
- GTlsCertificateGnutls *chain,
- const gchar *purpose,
- GSocketConnectable *identity,
- GTlsInteraction *interaction,
- GTlsDatabaseVerifyFlags flags,
- GCancellable *cancellable,
- GTlsCertificateGnutls **anchor,
- GError **error)
-{
-
- GTlsCertificateGnutls *certificate;
- GTlsCertificateGnutls *previous;
- GTlsCertificate *issuer;
- gboolean certificate_is_from_db;
-
- g_assert (anchor);
- g_assert (chain);
- g_assert (purpose);
- g_assert (error);
- g_assert (!*error);
-
- /*
- * Remember that the first certificate never changes in the chain.
- * When we find a self-signed, pinned or anchored certificate, all
- * issuers are truncated from the chain.
- */
-
- *anchor = NULL;
- previous = NULL;
- certificate = chain;
- certificate_is_from_db = FALSE;
-
- /* First check for pinned certificate */
- if (g_tls_database_gnutls_lookup_assertion (self, certificate,
- G_TLS_DATABASE_GNUTLS_PINNED_CERTIFICATE,
- purpose, identity, cancellable, error))
- {
- g_tls_certificate_gnutls_set_issuer (certificate, NULL);
- return STATUS_PINNED;
- }
- else if (*error)
- {
- return STATUS_FAILURE;
- }
-
- for (;;)
- {
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return STATUS_FAILURE;
-
- /* Look up whether this certificate is an anchor */
- if (g_tls_database_gnutls_lookup_assertion (self, certificate,
- G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE,
- purpose, identity, cancellable, error))
- {
- g_tls_certificate_gnutls_set_issuer (certificate, NULL);
- *anchor = certificate;
- return STATUS_ANCHORED;
- }
- else if (*error)
- {
- return STATUS_FAILURE;
- }
-
- /* Is it self-signed? */
- if (is_self_signed (certificate))
- {
- /*
- * Since at this point we would fail with 'self-signed', can we replace
- * this certificate with one from the database and do better?
- */
- if (previous && !certificate_is_from_db)
- {
- issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
- G_TLS_CERTIFICATE (previous),
- interaction,
- G_TLS_DATABASE_LOOKUP_NONE,
- cancellable, error);
- if (*error)
- {
- return STATUS_FAILURE;
- }
- else if (issuer)
- {
- /* Replaced with certificate in the db, restart step again with this certificate */
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
- g_tls_certificate_gnutls_set_issuer (previous, G_TLS_CERTIFICATE_GNUTLS (issuer));
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
- certificate_is_from_db = TRUE;
- continue;
- }
- }
-
- g_tls_certificate_gnutls_set_issuer (certificate, NULL);
- return STATUS_SELFSIGNED;
- }
-
- previous = certificate;
-
- /* Bring over the next certificate in the chain */
- issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (certificate));
- if (issuer)
- {
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
- certificate_is_from_db = FALSE;
- }
-
- /* Search for the next certificate in chain */
- else
- {
- issuer = g_tls_database_lookup_certificate_issuer (G_TLS_DATABASE (self),
- G_TLS_CERTIFICATE (certificate),
- interaction,
- G_TLS_DATABASE_LOOKUP_NONE,
- cancellable, error);
- if (*error)
- return STATUS_FAILURE;
- else if (!issuer)
- return STATUS_INCOMPLETE;
-
- /* Found a certificate in chain, use for next step */
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (issuer), STATUS_FAILURE);
- g_tls_certificate_gnutls_set_issuer (certificate, G_TLS_CERTIFICATE_GNUTLS (issuer));
- certificate = G_TLS_CERTIFICATE_GNUTLS (issuer);
- certificate_is_from_db = TRUE;
- g_object_unref (issuer);
- }
- }
-
- g_assert_not_reached ();
-}
-
-static GTlsCertificateFlags
-double_check_before_after_dates (GTlsCertificateGnutls *chain)
-{
- GTlsCertificateFlags gtls_flags = 0;
- gnutls_x509_crt_t cert;
- time_t t, now;
-
- now = time (NULL);
- while (chain)
- {
- cert = g_tls_certificate_gnutls_get_cert (chain);
- t = gnutls_x509_crt_get_activation_time (cert);
- if (t == (time_t) -1 || t > now)
- gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
-
- t = gnutls_x509_crt_get_expiration_time (cert);
- if (t == (time_t) -1 || t < now)
- gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
-
- chain = G_TLS_CERTIFICATE_GNUTLS (g_tls_certificate_get_issuer
- (G_TLS_CERTIFICATE (chain)));
- }
-
- return gtls_flags;
-}
-
-static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
- gnutls_x509_crt_t **gnutls_chain,
- guint *gnutls_chain_length)
-{
- GTlsCertificate *cert;
- guint i;
-
- g_assert (gnutls_chain);
- g_assert (gnutls_chain_length);
-
- for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert))
- ++(*gnutls_chain_length);
-
- *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
-
- for (i = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert), ++i)
- (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
-
- g_assert (i == *gnutls_chain_length);
-}
-
-static GTlsCertificateFlags
-g_tls_database_gnutls_verify_chain (GTlsDatabase *database,
- GTlsCertificate *chain,
- const gchar *purpose,
- GSocketConnectable *identity,
- GTlsInteraction *interaction,
- GTlsDatabaseVerifyFlags flags,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsDatabaseGnutls *self;
- GTlsCertificateFlags result;
- GError *err = NULL;
- GTlsCertificateGnutls *anchor;
- guint gnutls_result;
- gnutls_x509_crt_t *certs, *anchors;
- guint certs_length, anchors_length;
- gint status, gerr;
-
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
- G_TLS_CERTIFICATE_GENERIC_ERROR);
-
- self = G_TLS_DATABASE_GNUTLS (database);
- anchor = NULL;
-
- status = build_certificate_chain (self, G_TLS_CERTIFICATE_GNUTLS (chain), purpose,
- identity, interaction, flags, cancellable, &anchor, &err);
- if (status == STATUS_FAILURE)
- {
- g_propagate_error (error, err);
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- }
-
- /*
- * A pinned certificate is verified on its own, without any further
- * verification.
- */
- if (status == STATUS_PINNED)
- return 0;
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
- &certs, &certs_length);
-
- if (anchor)
- {
- g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (anchor),
- &anchors, &anchors_length);
- }
- else
- {
- anchors = NULL;
- anchors_length = 0;
- }
-
- gerr = gnutls_x509_crt_list_verify (certs, certs_length,
- anchors, anchors_length,
- NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
- &gnutls_result);
-
- g_free (certs);
- g_free (anchors);
-
- if (gerr != 0)
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- else if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
-
- /*
- * We have to check these ourselves since gnutls_x509_crt_list_verify
- * won't bother if it gets an UNKNOWN_CA.
- */
- result |= double_check_before_after_dates (G_TLS_CERTIFICATE_GNUTLS (chain));
-
- if (identity)
- result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain),
- identity);
-
- return result;
}
static void
g_tls_database_gnutls_class_init (GTlsDatabaseGnutlsClass *klass)
{
- GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
- database_class->verify_chain = g_tls_database_gnutls_verify_chain;
-}
-
-gboolean
-g_tls_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *self,
- GTlsCertificateGnutls *certificate,
- GTlsDatabaseGnutlsAssertion assertion,
- const gchar *purpose,
- GSocketConnectable *identity,
- GCancellable *cancellable,
- GError **error)
-{
- g_return_val_if_fail (G_IS_TLS_DATABASE_GNUTLS (self), FALSE);
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), FALSE);
- g_return_val_if_fail (purpose, FALSE);
- g_return_val_if_fail (!identity || G_IS_SOCKET_CONNECTABLE (identity), FALSE);
- g_return_val_if_fail (!cancellable || G_IS_CANCELLABLE (cancellable), FALSE);
- g_return_val_if_fail (!error || !*error, FALSE);
- g_return_val_if_fail (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->lookup_assertion, FALSE);
- return G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->lookup_assertion (self,
- certificate,
- assertion,
- purpose,
- identity,
- cancellable,
- error);
}
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
struct _GTlsDatabaseGnutlsClass
{
GTlsDatabaseClass parent_class;
-
- gboolean (*lookup_assertion) (GTlsDatabaseGnutls *self,
- GTlsCertificateGnutls *certificate,
- GTlsDatabaseGnutlsAssertion assertion,
- const gchar *purpose,
- GSocketConnectable *identity,
- GCancellable *cancellable,
- GError **error);
};
struct _GTlsDatabaseGnutls
{
GTlsDatabase parent_instance;
- GTlsDatabaseGnutlsPrivate *priv;
};
GType g_tls_database_gnutls_get_type (void) G_GNUC_CONST;
-gboolean g_tls_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *self,
- GTlsCertificateGnutls *certificate,
- GTlsDatabaseGnutlsAssertion assertion,
- const gchar *purpose,
- GSocketConnectable *identity,
- GCancellable *cancellable,
- GError **error);
-
G_END_DECLS
#endif /* __G_TLS_DATABASE_GNUTLS_H___ */
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <glib/gi18n-lib.h>
#include <gnutls/x509.h>
+#include "gtlscertificate-gnutls.h"
+
static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface);
static void g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface);
g_tls_file_database_gnutls_file_database_interface_init);
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_tls_file_database_gnutls_initable_interface_init);
-);
+ );
enum
{
{
/* read-only after construct */
gchar *anchor_filename;
+ gnutls_x509_trust_list_t trust_list;
/* protected by mutex */
GMutex mutex;
{
GPtrArray *multi;
GList *list = NULL;
- gint i;
+ guint i;
multi = g_hash_table_lookup (table, key);
if (multi == NULL)
}
static gboolean
-load_anchor_file (const gchar *filename,
- GHashTable *subjects,
- GHashTable *issuers,
- GHashTable *complete,
- GError **error)
+load_anchor_file (const gchar *filename,
+ GHashTable *subjects,
+ GHashTable *issuers,
+ GHashTable *complete,
+ GError **error)
{
GList *list, *l;
gnutls_x509_crt_t cert;
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object);
- if (self->priv->subjects)
- g_hash_table_destroy (self->priv->subjects);
- self->priv->subjects = NULL;
-
- if (self->priv->issuers)
- g_hash_table_destroy (self->priv->issuers);
- self->priv->issuers = NULL;
-
- if (self->priv->complete)
- g_hash_table_destroy (self->priv->complete);
- self->priv->complete = NULL;
-
- if (self->priv->handles)
- g_hash_table_destroy (self->priv->handles);
- self->priv->handles = NULL;
-
- g_free (self->priv->anchor_filename);
- self->priv->anchor_filename = NULL;
-
+ g_clear_pointer (&self->priv->subjects, g_hash_table_destroy);
+ g_clear_pointer (&self->priv->issuers, g_hash_table_destroy);
+ g_clear_pointer (&self->priv->complete, g_hash_table_destroy);
+ g_clear_pointer (&self->priv->handles, g_hash_table_destroy);
+ if (self->priv->anchor_filename)
+ {
+ g_free (self->priv->anchor_filename);
+ gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
+ }
g_mutex_clear (&self->priv->mutex);
G_OBJECT_CLASS (g_tls_file_database_gnutls_parent_class)->finalize (object);
GParamSpec *pspec)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object);
- gchar *anchor_path;
+ const char *anchor_path;
switch (prop_id)
{
case PROP_ANCHORS:
- anchor_path = g_value_dup_string (value);
+ anchor_path = g_value_get_string (value);
if (anchor_path && !g_path_is_absolute (anchor_path))
- {
- g_warning ("The anchor file name for used with a GTlsFileDatabase "
- "must be an absolute path, and not relative: %s", anchor_path);
- }
- else
- {
- self->priv->anchor_filename = anchor_path;
- }
+ {
+ g_warning ("The anchor file name used with a GTlsFileDatabase "
+ "must be an absolute path, and not relative: %s", anchor_path);
+ return;
+ }
+
+ if (self->priv->anchor_filename)
+ {
+ g_free (self->priv->anchor_filename);
+ gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
+ }
+ self->priv->anchor_filename = g_strdup (anchor_path);
+ gnutls_x509_trust_list_init (&self->priv->trust_list, 0);
+ gnutls_x509_trust_list_add_trust_file (self->priv->trust_list,
+ anchor_path, NULL,
+ GNUTLS_X509_FMT_PEM, 0, 0);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
g_mutex_init (&self->priv->mutex);
}
-static gchar*
-g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase *database,
- GTlsCertificate *certificate)
+static gchar *
+g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase *database,
+ GTlsCertificate *certificate)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
GBytes *der;
return handle;
}
-static GTlsCertificate*
-g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase *database,
- const gchar *handle,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate *
+g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase *database,
+ const gchar *handle,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
GTlsCertificate *cert;
return cert;
}
-static gboolean
-g_tls_file_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *database,
- GTlsCertificateGnutls *certificate,
- GTlsDatabaseGnutlsAssertion assertion,
- const gchar *purpose,
- GSocketConnectable *identity,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
- GBytes *der = NULL;
- gboolean contains;
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return FALSE;
-
- /* We only have anchored certificate assertions here */
- if (assertion != G_TLS_DATABASE_GNUTLS_ANCHORED_CERTIFICATE)
- return FALSE;
-
- /*
- * TODO: We should be parsing any Extended Key Usage attributes and
- * comparing them to the purpose.
- */
-
- der = g_tls_certificate_gnutls_get_bytes (certificate);
-
- g_mutex_lock (&self->priv->mutex);
- contains = g_hash_table_lookup (self->priv->complete, der) ? TRUE : FALSE;
- g_mutex_unlock (&self->priv->mutex);
-
- g_bytes_unref (der);
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return FALSE;
-
- /* All certificates in our file are anchored certificates */
- return contains;
-}
-
-static GTlsCertificate*
-g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase *database,
- GTlsCertificate *certificate,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate *
+g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase *database,
+ GTlsCertificate *certificate,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
gnutls_datum_t dn = { NULL, 0 };
return issuer;
}
-static GList*
-g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase *database,
- GByteArray *issuer_raw_dn,
- GTlsInteraction *interaction,
- GTlsDatabaseLookupFlags flags,
- GCancellable *cancellable,
- GError **error)
+static GList *
+g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase *database,
+ GByteArray *issuer_raw_dn,
+ GTlsInteraction *interaction,
+ GTlsDatabaseLookupFlags flags,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
GBytes *issuer;
}
static void
+convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
+ gnutls_x509_crt_t **gnutls_chain,
+ guint *gnutls_chain_length)
+{
+ GTlsCertificate *cert;
+ guint i;
+
+ g_assert (gnutls_chain);
+ g_assert (gnutls_chain_length);
+
+ for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
+ cert; cert = g_tls_certificate_get_issuer (cert))
+ ++(*gnutls_chain_length);
+
+ *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
+
+ for (i = 0, cert = G_TLS_CERTIFICATE (chain);
+ cert; cert = g_tls_certificate_get_issuer (cert), ++i)
+ (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
+
+ g_assert (i == *gnutls_chain_length);
+}
+
+static GTlsCertificateFlags
+g_tls_file_database_gnutls_verify_chain (GTlsDatabase *database,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsFileDatabaseGnutls *self;
+ GTlsCertificateFlags result;
+ guint gnutls_result;
+ gnutls_x509_crt_t *certs;
+ guint certs_length;
+ const char *hostname = NULL;
+ char *free_hostname = NULL;
+ int gerr;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
+ G_TLS_CERTIFICATE_GENERIC_ERROR);
+ g_assert (purpose);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ self = G_TLS_FILE_DATABASE_GNUTLS (database);
+
+ convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
+ &certs, &certs_length);
+ gerr = gnutls_x509_trust_list_verify_crt (self->priv->trust_list,
+ certs, certs_length,
+ 0, &gnutls_result, NULL);
+
+ if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
+ {
+ g_free (certs);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
+
+ if (G_IS_NETWORK_ADDRESS (identity))
+ hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+ else if (G_IS_NETWORK_SERVICE (identity))
+ hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+ else if (G_IS_INET_SOCKET_ADDRESS (identity))
+ {
+ GInetAddress *addr;
+
+ addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
+ hostname = free_hostname = g_inet_address_to_string (addr);
+ }
+ if (hostname)
+ {
+ if (!gnutls_x509_crt_check_hostname (certs[0], hostname))
+ result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
+ g_free (free_hostname);
+ }
+
+ g_free (certs);
+ return result;
+}
+
+static void
g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
- GTlsDatabaseGnutlsClass *gnutls_class = G_TLS_DATABASE_GNUTLS_CLASS (klass);
g_type_class_add_private (klass, sizeof (GTlsFileDatabaseGnutlsPrivate));
database_class->lookup_certificate_for_handle = g_tls_file_database_gnutls_lookup_certificate_for_handle;
database_class->lookup_certificate_issuer = g_tls_file_database_gnutls_lookup_certificate_issuer;
database_class->lookup_certificates_issued_by = g_tls_file_database_gnutls_lookup_certificates_issued_by;
- gnutls_class->lookup_assertion = g_tls_file_database_gnutls_lookup_assertion;
+ database_class->verify_chain = g_tls_file_database_gnutls_verify_chain;
g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
}
}
static gboolean
-g_tls_file_database_gnutls_initable_init (GInitable *initable,
- GCancellable *cancellable,
- GError **error)
+g_tls_file_database_gnutls_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (initable);
GHashTable *subjects, *issuers, *complete;
(GDestroyNotify)g_bytes_unref,
(GDestroyNotify)g_bytes_unref);
- result = load_anchor_file (self->priv->anchor_filename, subjects, issuers,
- complete, error);
+ if (self->priv->anchor_filename)
+ result = load_anchor_file (self->priv->anchor_filename, subjects, issuers,
+ complete, error);
+ else
+ result = TRUE;
if (g_cancellable_set_error_if_cancelled (cancellable, error))
result = FALSE;
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
struct _GTlsInputStreamGnutlsPrivate
{
- GTlsConnectionGnutls *conn;
+ GWeakRef weak_conn;
};
static void
{
GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
- if (stream->priv->conn)
- {
- g_object_remove_weak_pointer (G_OBJECT (stream->priv->conn),
- (gpointer *)&stream->priv->conn);
- stream->priv->conn = NULL;
- }
+ g_weak_ref_set (&stream->priv->weak_conn, NULL);
G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->dispose (object);
}
+static void
+g_tls_input_stream_gnutls_finalize (GObject *object)
+{
+ GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
+
+ g_weak_ref_clear (&stream->priv->weak_conn);
+
+ G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->finalize (object);
+}
+
static gssize
g_tls_input_stream_gnutls_read (GInputStream *stream,
void *buffer,
GError **error)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
+ GTlsConnectionGnutls *conn;
+ gssize ret;
- g_return_val_if_fail (tls_stream->priv->conn != NULL, -1);
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
- return g_tls_connection_gnutls_read (tls_stream->priv->conn,
- buffer, count, TRUE,
- cancellable, error);
+ ret = g_tls_connection_gnutls_read (conn,
+ buffer, count, TRUE,
+ cancellable, error);
+ g_object_unref (conn);
+ return ret;
}
static gboolean
g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
+ GTlsConnectionGnutls *conn;
+ gboolean ret;
- g_return_val_if_fail (tls_stream->priv->conn != NULL, FALSE);
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, FALSE);
- return g_tls_connection_gnutls_check (tls_stream->priv->conn, G_IO_IN);
+ ret = g_tls_connection_gnutls_check (conn, G_IO_IN);
+
+ g_object_unref (conn);
+ return ret;
}
static GSource *
GCancellable *cancellable)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
+ GTlsConnectionGnutls *conn;
+ GSource *ret;
- g_return_val_if_fail (tls_stream->priv->conn != NULL, NULL);
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, NULL);
- return g_tls_connection_gnutls_create_source (tls_stream->priv->conn,
- G_IO_IN,
- cancellable);
+ ret = g_tls_connection_gnutls_create_source (conn, G_IO_IN, cancellable);
+ g_object_unref (conn);
+ return ret;
}
static gssize
GError **error)
{
GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
+ GTlsConnectionGnutls *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
+
+ ret = g_tls_connection_gnutls_read (conn, buffer, size, FALSE, NULL, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_input_stream_gnutls_close (GInputStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
+ GIOStream *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ /* Special case here because this is called by the finalize
+ * of the main GTlsConnection object.
+ */
+ if (conn == NULL)
+ return TRUE;
+
+ ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_READ,
+ cancellable, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsInputStreamGnutls *tls_stream = object;
+ GError *error = NULL;
+ GIOStream *conn;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ if (conn && !g_tls_connection_gnutls_close_internal (conn,
+ G_TLS_DIRECTION_READ,
+ cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+
+ if (conn)
+ g_object_unref (conn);
+}
+
+
+static void
+g_tls_input_stream_gnutls_close_async (GInputStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_input_stream_gnutls_close_async);
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_input_stream_gnutls_close_finish (GInputStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
+ g_tls_input_stream_gnutls_close_async, FALSE);
- return g_tls_connection_gnutls_read (tls_stream->priv->conn,
- buffer, size, FALSE,
- NULL, error);
+ return g_task_propagate_boolean (G_TASK (result), error);
}
static void
g_type_class_add_private (klass, sizeof (GTlsInputStreamGnutlsPrivate));
gobject_class->dispose = g_tls_input_stream_gnutls_dispose;
+ gobject_class->finalize = g_tls_input_stream_gnutls_finalize;
input_stream_class->read_fn = g_tls_input_stream_gnutls_read;
+ input_stream_class->close_fn = g_tls_input_stream_gnutls_close;
+ input_stream_class->close_async = g_tls_input_stream_gnutls_close_async;
+ input_stream_class->close_finish = g_tls_input_stream_gnutls_close_finish;
}
static void
GTlsInputStreamGnutls *tls_stream;
tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_GNUTLS, NULL);
- tls_stream->priv->conn = conn;
- g_object_add_weak_pointer (G_OBJECT (conn),
- (gpointer *)&tls_stream->priv->conn);
+ g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
return G_INPUT_STREAM (tls_stream);
}
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_INPUT_STREAM_GNUTLS_H__
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
struct _GTlsOutputStreamGnutlsPrivate
{
- GTlsConnectionGnutls *conn;
+ GWeakRef weak_conn;
};
static void
{
GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
- if (stream->priv->conn)
- {
- g_object_remove_weak_pointer (G_OBJECT (stream->priv->conn),
- (gpointer *)&stream->priv->conn);
- stream->priv->conn = NULL;
- }
+ g_weak_ref_set (&stream->priv->weak_conn, NULL);
G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->dispose (object);
}
+static void
+g_tls_output_stream_gnutls_finalize (GObject *object)
+{
+ GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
+
+ g_weak_ref_clear (&stream->priv->weak_conn);
+
+ G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->finalize (object);
+}
+
static gssize
g_tls_output_stream_gnutls_write (GOutputStream *stream,
const void *buffer,
GError **error)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
+ GTlsConnectionGnutls *conn;
+ gssize ret;
- g_return_val_if_fail (tls_stream->priv->conn != NULL, -1);
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
- return g_tls_connection_gnutls_write (tls_stream->priv->conn,
- buffer, count, TRUE,
- cancellable, error);
+ ret = g_tls_connection_gnutls_write (conn, buffer, count, TRUE,
+ cancellable, error);
+ g_object_unref (conn);
+ return ret;
}
static gboolean
g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
+ GTlsConnectionGnutls *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, FALSE);
- g_return_val_if_fail (tls_stream->priv->conn != NULL, FALSE);
+ ret = g_tls_connection_gnutls_check (conn, G_IO_OUT);
- return g_tls_connection_gnutls_check (tls_stream->priv->conn, G_IO_OUT);
+ g_object_unref (conn);
+
+ return ret;
}
static GSource *
GCancellable *cancellable)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
+ GTlsConnectionGnutls *conn;
+ GSource *ret;
- g_return_val_if_fail (tls_stream->priv->conn != NULL, NULL);
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, NULL);
- return g_tls_connection_gnutls_create_source (tls_stream->priv->conn,
- G_IO_OUT,
- cancellable);
+ ret = g_tls_connection_gnutls_create_source (conn,
+ G_IO_OUT,
+ cancellable);
+ g_object_unref (conn);
+ return ret;
}
static gssize
GError **error)
{
GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
+ GTlsConnectionGnutls *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+ g_return_val_if_fail (conn != NULL, -1);
+
+ ret = g_tls_connection_gnutls_write (conn, buffer, size, FALSE, NULL, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_output_stream_gnutls_close (GOutputStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
+ GIOStream *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ /* Special case here because this is called by the finalize
+ * of the main GTlsConnection object.
+ */
+ if (conn == NULL)
+ return TRUE;
+
+ ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_WRITE,
+ cancellable, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsOutputStreamGnutls *tls_stream = object;
+ GError *error = NULL;
+ GIOStream *conn;
+
+ conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+
+ if (conn && !g_tls_connection_gnutls_close_internal (conn,
+ G_TLS_DIRECTION_WRITE,
+ cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+
+ if (conn)
+ g_object_unref (conn);
+}
+
+
+static void
+g_tls_output_stream_gnutls_close_async (GOutputStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_output_stream_gnutls_close_async);
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_output_stream_gnutls_close_finish (GOutputStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
+ g_tls_output_stream_gnutls_close_async, FALSE);
- return g_tls_connection_gnutls_write (tls_stream->priv->conn,
- buffer, size, FALSE,
- NULL, error);
+ return g_task_propagate_boolean (G_TASK (result), error);
}
static void
g_type_class_add_private (klass, sizeof (GTlsOutputStreamGnutlsPrivate));
gobject_class->dispose = g_tls_output_stream_gnutls_dispose;
+ gobject_class->finalize = g_tls_output_stream_gnutls_finalize;
output_stream_class->write_fn = g_tls_output_stream_gnutls_write;
+ output_stream_class->close_fn = g_tls_output_stream_gnutls_close;
+ output_stream_class->close_async = g_tls_output_stream_gnutls_close_async;
+ output_stream_class->close_finish = g_tls_output_stream_gnutls_close_finish;
}
static void
GTlsOutputStreamGnutls *tls_stream;
tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, NULL);
- tls_stream->priv->conn = conn;
- g_object_add_weak_pointer (G_OBJECT (conn),
- (gpointer *)&tls_stream->priv->conn);
+ g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
return G_OUTPUT_STREAM (tls_stream);
}
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_OUTPUT_STREAM_GNUTLS_H__
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls)
{
gnutls_certificate_credentials_t creds;
- gnutls_session_t session;
gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsPrivate);
creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
gnutls_certificate_set_retrieve_function (creds, g_tls_server_connection_gnutls_retrieve_function);
-
- session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
- gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
- gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove);
}
static gboolean
GCancellable *cancellable,
GError **error)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
GTlsCertificate *cert;
+ gnutls_session_t session;
if (!g_tls_server_connection_gnutls_parent_initable_iface->
init (initable, cancellable, error))
return FALSE;
+ session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
+ gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
+ gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
+ gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove);
+
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert)))
{
case G_TLS_AUTHENTICATION_REQUIRED:
req_mode = GNUTLS_CERT_REQUIRE;
break;
+ case G_TLS_AUTHENTICATION_NONE:
default:
req_mode = GNUTLS_CERT_IGNORE;
break;
* your option) any later version.
*
* See the included COPYING file for more information.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#ifndef __G_TLS_SERVER_CONNECTION_GNUTLS_H__
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
*
* See the included COPYING file for more information.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* WITHOUT ANY WARRANTY, to the extent permitted by law; without even
* the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
/*
include $(top_srcdir)/glib-networking.mk
AM_CPPFLAGS += \
+ $(GNUTLS_CFLAGS) \
-I$(top_srcdir)/tls \
-I$(top_builddir)/tls \
-DSRCDIR=\""$(abs_srcdir)"\" \
-DTOP_BUILDDIR=\""$(top_builddir)"\"
LDADD = \
- $(GLIB_LIBS)
+ $(GLIB_LIBS) \
+ $(GNUTLS_LIBS)
test_programs = \
certificate \
connection \
$(NULL)
+connection_SOURCES = connection.c \
+ mock-interaction.c mock-interaction.h
+
if HAVE_PKCS11
test_programs += \
pkcs11-slot
AM_CPPFLAGS += \
- $(PKCS11_CFLAGS) \
- $(GNUTLS_CFLAGS)
+ $(PKCS11_CFLAGS)
LDADD += $(top_builddir)/tls/pkcs11/libgiopkcs11.la $(PKCS11_LIBS)
endif
-EXTRA_DIST += \
- files \
+testfiles_data = \
+ files/ca.pem \
+ files/ca-alternative.pem \
+ files/ca-key.pem \
+ files/ca-roots.pem \
+ files/ca-roots-bad.pem \
+ files/ca-verisign-sha1.pem \
+ files/chain.pem \
+ files/chain-with-verisign-md2.pem \
+ files/client-and-key.pem \
+ files/client-future.pem \
+ files/client-past.pem \
+ files/client.pem \
+ files/intermediate-ca.pem \
+ files/non-ca.pem \
+ files/server-and-key.pem \
+ files/server.der \
+ files/server-intermediate.pem \
+ files/server-intermediate-key.pem \
+ files/server-key.der \
+ files/server-key.pem \
+ files/server.pem \
+ files/server-self.pem \
$(NULL)
+
+if ENABLE_INSTALLED_TESTS
+testfilesdir = $(installed_testdir)/files
+testfiles_DATA = $(testfiles_data)
+endif
+
+EXTRA_DIST += $(testfiles_data)
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <sys/types.h>
#include <string.h>
-#define TEST_FILE(name) (SRCDIR "/files/" name)
+static const gchar *
+tls_test_file_path (const char *name)
+{
+ const gchar *const_path;
+ gchar *path;
+
+ path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+ if (!g_path_is_absolute (path))
+ {
+ gchar *cwd, *abs;
+
+ cwd = g_get_current_dir ();
+ abs = g_build_filename (cwd, path, NULL);
+ g_free (cwd);
+ g_free (path);
+ path = abs;
+ }
+
+ const_path = g_intern_string (path);
+ g_free (path);
+ return const_path;
+}
typedef struct {
GTlsBackend *backend;
test->backend = g_tls_backend_get_default ();
test->cert_gtype = g_tls_backend_get_certificate_type (test->backend);
- g_file_get_contents (TEST_FILE ("server.pem"), &test->cert_pem,
+ g_file_get_contents (tls_test_file_path ("server.pem"), &test->cert_pem,
&test->cert_pem_length, &error);
g_assert_no_error (error);
- g_file_get_contents (TEST_FILE ("server.der"),
+ g_file_get_contents (tls_test_file_path ("server.der"),
&contents, &length, &error);
g_assert_no_error (error);
g_byte_array_append (test->cert_der, (guint8 *)contents, length);
g_free (contents);
- g_file_get_contents (TEST_FILE ("server-key.pem"), &test->key_pem,
+ g_file_get_contents (tls_test_file_path ("server-key.pem"), &test->key_pem,
&test->key_pem_length, &error);
g_assert_no_error (error);
- g_file_get_contents (TEST_FILE ("server-key.der"),
+ g_file_get_contents (tls_test_file_path ("server-key.der"),
&contents, &length, &error);
g_assert_no_error (error);
GTlsCertificate *cert, *issuer, *check;
GError *error = NULL;
- issuer = g_tls_certificate_new_from_file (TEST_FILE ("ca.pem"), &error);
+ issuer = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (issuer));
g_assert (issuer == NULL);
}
+static void
+test_create_certificate_chain (void)
+{
+ GTlsCertificate *cert, *intermediate, *root;
+ GError *error = NULL;
+
+ if (glib_check_version (2, 43, 0))
+ {
+ g_test_skip ("This test requires glib 2.43");
+ return;
+ }
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ intermediate = g_tls_certificate_get_issuer (cert);
+ g_assert (G_IS_TLS_CERTIFICATE (intermediate));
+
+ root = g_tls_certificate_get_issuer (intermediate);
+ g_assert (G_IS_TLS_CERTIFICATE (root));
+
+ g_assert (g_tls_certificate_get_issuer (root) == NULL);
+
+ g_object_unref (cert);
+}
+
+static void
+test_create_certificate_no_chain (void)
+{
+ GTlsCertificate *cert, *issuer;
+ GError *error = NULL;
+ gchar *cert_pem;
+ gsize cert_pem_length;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer == NULL);
+ g_object_unref (cert);
+
+ /* Truncate a valid chain certificate file. We should only get the
+ * first certificate.
+ */
+ g_file_get_contents (tls_test_file_path ("chain.pem"), &cert_pem,
+ &cert_pem_length, &error);
+ g_assert_no_error (error);
+
+ cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error);
+ g_free (cert_pem);
+ g_assert_no_error (error);
+ g_assert (G_IS_TLS_CERTIFICATE (cert));
+
+ issuer = g_tls_certificate_get_issuer (cert);
+ g_assert (issuer == NULL);
+ g_object_unref (cert);
+}
+
+static void
+test_create_list (void)
+{
+ GList *list;
+ GError *error = NULL;
+
+ list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (g_list_length (list), ==, 8);
+
+ g_list_free_full (list, g_object_unref);
+}
+
+static void
+test_create_list_bad (void)
+{
+ GList *list;
+ GError *error = NULL;
+
+ list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots-bad.pem"), &error);
+ g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_assert_null (list);
+ g_error_free (error);
+}
+
/* -----------------------------------------------------------------------------
* CERTIFICATE VERIFY
*/
{
GError *error = NULL;
- test->cert = g_tls_certificate_new_from_file (TEST_FILE ("server.pem"), &error);
+ test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (test->cert));
test->identity = g_network_address_new ("server.example.com", 80);
- test->anchor = g_tls_certificate_new_from_file (TEST_FILE ("ca.pem"), &error);
+ test->anchor = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (test->anchor));
- test->database = g_tls_file_database_new (TEST_FILE ("ca.pem"), &error);
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (test->database));
}
test_verify_certificate_good (TestVerify *test,
gconstpointer data)
{
+ GSocketConnectable *identity;
+ GSocketAddress *addr;
GTlsCertificateFlags errors;
errors = g_tls_certificate_verify (test->cert, test->identity, test->anchor);
errors = g_tls_certificate_verify (test->cert, NULL, test->anchor);
g_assert_cmpuint (errors, ==, 0);
+
+ identity = g_network_address_new ("192.168.1.10", 80);
+ errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
+ g_assert_cmpuint (errors, ==, 0);
+ g_object_unref (identity);
+
+ addr = g_inet_socket_address_new_from_string ("192.168.1.10", 80);
+ errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor);
+ g_assert_cmpuint (errors, ==, 0);
+ g_object_unref (addr);
}
static void
{
GSocketConnectable *identity;
GTlsCertificateFlags errors;
+ GSocketAddress *addr;
identity = g_network_address_new ("other.example.com", 80);
-
errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_object_unref (identity);
+ identity = g_network_address_new ("127.0.0.1", 80);
+ errors = g_tls_certificate_verify (test->cert, identity, test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
g_object_unref (identity);
+
+ addr = g_inet_socket_address_new_from_string ("127.0.0.1", 80);
+ errors = g_tls_certificate_verify (test->cert, G_SOCKET_CONNECTABLE (addr), test->anchor);
+ g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_object_unref (addr);
}
static void
GError *error = NULL;
/* Use a client certificate as the CA, which is wrong */
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client-future.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client-past.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GTlsCertificateFlags errors;
GError *error = NULL;
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client-past.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
/* Unrelated cert used as certificate authority */
- cacert = g_tls_certificate_new_from_file (TEST_FILE ("server-self.pem"), &error);
+ cacert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cacert));
GTlsCertificate *three;
GError *error = NULL;
- one = g_tls_certificate_new_from_file (TEST_FILE ("client.pem"), &error);
+ one = g_tls_certificate_new_from_file (tls_test_file_path ("client.pem"), &error);
g_assert_no_error (error);
- two = g_tls_certificate_new_from_file (TEST_FILE ("client-and-key.pem"), &error);
+ two = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
g_assert_no_error (error);
- three = g_tls_certificate_new_from_file (TEST_FILE ("server.pem"), &error);
+ three = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
g_assert_no_error (error);
g_assert (g_tls_certificate_is_same (one, two) == TRUE);
setup_certificate, test_create_with_key_der, teardown_certificate);
g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+ g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
+ g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
+ g_test_add_func ("/tls/certificate/create-list", test_create_list);
+ g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad);
g_test_add ("/tls/certificate/verify-good", TestVerify, NULL,
setup_verify, test_verify_certificate_good, teardown_verify);
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
+#include "config.h"
+
+#include "mock-interaction.h"
+
#include <gio/gio.h>
+#include <gnutls/gnutls.h>
#include <sys/types.h>
#include <string.h>
-#define TEST_FILE(name) (SRCDIR "/files/" name)
+static const gchar *
+tls_test_file_path (const char *name)
+{
+ const gchar *const_path;
+ gchar *path;
+
+ path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+ if (!g_path_is_absolute (path))
+ {
+ gchar *cwd, *abs;
+
+ cwd = g_get_current_dir ();
+ abs = g_build_filename (cwd, path, NULL);
+ g_free (cwd);
+ g_free (path);
+ path = abs;
+ }
+
+ const_path = g_intern_string (path);
+ g_free (path);
+ return const_path;
+}
#define TEST_DATA "You win again, gravity!\n"
#define TEST_DATA_LENGTH 24
typedef struct {
+ GMainContext *context;
GMainLoop *loop;
GSocketService *service;
GTlsDatabase *database;
GError *read_error;
gboolean expect_server_error;
GError *server_error;
- gboolean server_closed;
+ gboolean server_should_close;
+ gboolean server_running;
+ GTlsCertificate *server_certificate;
char buf[128];
gssize nread, nwrote;
static void
setup_connection (TestConnection *test, gconstpointer data)
{
- GInetAddress *inet;
- guint16 port;
-
- test->loop = g_main_loop_new (NULL, FALSE);
-
+ test->context = g_main_context_default ();
+ test->loop = g_main_loop_new (test->context, FALSE);
test->auth_mode = G_TLS_AUTHENTICATION_NONE;
-
- /* This is where the server listens and the client connects */
- port = g_random_int_range (50000, 65000);
- inet = g_inet_address_new_from_string ("127.0.0.1");
- test->address = G_SOCKET_ADDRESS (g_inet_socket_address_new (inet, port));
- g_object_unref (inet);
-
- /* The identity matches the server certificate */
- test->identity = g_network_address_new ("server.example.com", port);
}
+/* Waits about 10 seconds for @var to be NULL/FALSE */
+#define WAIT_UNTIL_UNSET(var) \
+ if (var) \
+ { \
+ int i; \
+ \
+ for (i = 0; i < 13 && (var); i++) \
+ { \
+ g_usleep (1000 * (1 << i)); \
+ g_main_context_iteration (NULL, FALSE); \
+ } \
+ \
+ g_assert (!(var)); \
+ }
+
static void
teardown_connection (TestConnection *test, gconstpointer data)
{
*/
g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)&test->service);
g_object_unref (test->service);
- while (test->service)
- g_main_context_iteration (NULL, FALSE);
+ WAIT_UNTIL_UNSET (test->service);
}
if (test->server_connection)
{
- while (!test->server_closed)
- g_main_context_iteration (NULL, FALSE);
+ WAIT_UNTIL_UNSET (test->server_running);
- g_assert (G_IS_TLS_SERVER_CONNECTION (test->server_connection));
g_object_add_weak_pointer (G_OBJECT (test->server_connection),
(gpointer *)&test->server_connection);
g_object_unref (test->server_connection);
- while (test->server_connection)
- g_main_context_iteration (NULL, FALSE);
+ WAIT_UNTIL_UNSET (test->server_connection);
}
if (test->client_connection)
{
- g_assert (G_IS_TLS_CLIENT_CONNECTION (test->client_connection));
g_object_add_weak_pointer (G_OBJECT (test->client_connection),
(gpointer *)&test->client_connection);
g_object_unref (test->client_connection);
- while (test->client_connection)
- g_main_context_iteration (NULL, FALSE);
+ WAIT_UNTIL_UNSET (test->client_connection);
}
if (test->database)
{
- g_assert (G_IS_TLS_DATABASE (test->database));
g_object_add_weak_pointer (G_OBJECT (test->database),
(gpointer *)&test->database);
g_object_unref (test->database);
- while (test->database)
- g_main_context_iteration (NULL, FALSE);
+ WAIT_UNTIL_UNSET (test->database);
}
- g_object_unref (test->address);
- g_object_unref (test->identity);
+ g_clear_object (&test->address);
+ g_clear_object (&test->identity);
+ g_clear_object (&test->server_certificate);
g_main_loop_unref (test->loop);
g_clear_error (&test->read_error);
g_clear_error (&test->server_error);
}
+static void
+start_server (TestConnection *test)
+{
+ GInetAddress *inet;
+ GSocketAddress *addr;
+ GInetSocketAddress *iaddr;
+ GError *error = NULL;
+
+ inet = g_inet_address_new_from_string ("127.0.0.1");
+ addr = g_inet_socket_address_new (inet, 0);
+ g_object_unref (inet);
+
+ g_socket_listener_add_address (G_SOCKET_LISTENER (test->service), addr,
+ G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
+ NULL, &test->address, &error);
+ g_assert_no_error (error);
+
+ g_object_unref (addr);
+
+ /* The hostname in test->identity matches the server certificate. */
+ iaddr = G_INET_SOCKET_ADDRESS (test->address);
+ test->identity = g_network_address_new ("server.example.com",
+ g_inet_socket_address_get_port (iaddr));
+
+ test->server_running = TRUE;
+}
+
static gboolean
on_accept_certificate (GTlsClientConnection *conn, GTlsCertificate *cert,
GTlsCertificateFlags errors, gpointer user_data)
g_assert (error != NULL);
else
g_assert_no_error (error);
- test->server_closed = TRUE;
+ test->server_running = FALSE;
+}
+
+static void
+close_server_connection (TestConnection *test)
+{
+ g_io_stream_close_async (test->server_connection, G_PRIORITY_DEFAULT, NULL,
+ on_server_close_finish, test);
}
static void
return;
}
- g_io_stream_close_async (test->server_connection, G_PRIORITY_DEFAULT, NULL,
- on_server_close_finish, test);
+ if (test->server_should_close)
+ close_server_connection (test);
}
static gboolean
GTlsCertificate *cert;
GError *error = NULL;
- cert = g_tls_certificate_new_from_file (TEST_FILE ("server-and-key.pem"), &error);
- g_assert_no_error (error);
+ if (test->server_certificate)
+ {
+ cert = g_object_ref (test->server_certificate);
+ }
+ else
+ {
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
+ }
test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
cert, &error);
stream = g_io_stream_get_output_stream (test->server_connection);
g_output_stream_write_async (stream, TEST_DATA,
- test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
+ test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
G_PRIORITY_DEFAULT, NULL,
on_output_write_finish, test);
return FALSE;
}
static void
-start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode)
+start_async_server_service (TestConnection *test, GTlsAuthenticationMode auth_mode,
+ gboolean should_close)
{
- GError *error = NULL;
-
test->service = g_socket_service_new ();
- g_socket_listener_add_address (G_SOCKET_LISTENER (test->service),
- G_SOCKET_ADDRESS (test->address),
- G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
- NULL, NULL, &error);
- g_assert_no_error (error);
+ start_server (test);
test->auth_mode = auth_mode;
g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
+
+ test->server_should_close = should_close;
}
static GIOStream *
-start_async_server_and_connect_to_it (TestConnection *test, GTlsAuthenticationMode auth_mode)
+start_async_server_and_connect_to_it (TestConnection *test,
+ GTlsAuthenticationMode auth_mode,
+ gboolean should_close)
{
GSocketClient *client;
GError *error = NULL;
GSocketConnection *connection;
- start_async_server_service (test, auth_mode);
+ start_async_server_service (test, auth_mode, should_close);
client = g_socket_client_new ();
connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
gssize nread, nwrote, total;
gchar buf[128];
- cert = g_tls_certificate_new_from_file (TEST_FILE ("server-and-key.pem"), &error);
- g_assert_no_error (error);
+ if (test->server_certificate)
+ {
+ cert = g_object_ref (test->server_certificate);
+ }
+ else
+ {
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
+ }
test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
cert, &error);
g_io_stream_close (test->server_connection, NULL, &error);
g_assert_no_error (error);
- test->server_closed = TRUE;
+ test->server_running = FALSE;
}
static void
start_echo_server_service (TestConnection *test)
{
- GError *error = NULL;
-
test->service = g_threaded_socket_service_new (5);
- g_socket_listener_add_address (G_SOCKET_LISTENER (test->service),
- G_SOCKET_ADDRESS (test->address),
- G_SOCKET_TYPE_STREAM, G_SOCKET_PROTOCOL_TCP,
- NULL, NULL, &error);
- g_assert_no_error (error);
+ start_server (test);
g_signal_connect (test->service, "run", G_CALLBACK (run_echo_server), test);
}
}
g_io_stream_close_async (test->client_connection, G_PRIORITY_DEFAULT,
- NULL, on_client_connection_close_finish, test);
+ NULL, on_client_connection_close_finish, test);
}
static void
GIOStream *connection;
GError *error = NULL;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
GIOStream *connection;
GError *error = NULL;
- test->database = g_tls_file_database_new (TEST_FILE ("ca-roots.pem"), &error);
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
g_assert_no_error (error);
g_assert (test->database);
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
}
static void
+test_verified_chain (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* Prepare the intermediate cert. */
+ intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_chain_with_redundant_root_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ GTlsCertificate *root_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* The root is redundant. It should not hurt anything. */
+ root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ /* Prepare the intermediate cert. */
+ g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_chain_with_duplicate_server_cert (TestConnection *test,
+ gconstpointer data)
+{
+ /* This is another common server misconfiguration. Apache reads certificates
+ * from two configuration files: one for the server cert, and one for the rest
+ * of the chain. If the server cert is pasted into both files, it will be sent
+ * twice. We should be tolerant of this. */
+
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *extra_server_cert;
+ GTlsCertificate *intermediate_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* Prepare the intermediate cert. */
+ intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ /* Prepare the server cert... again. Private key must go on this one. */
+ extra_server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", server_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (extra_server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (server_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = extra_server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_unordered_chain (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ GTlsCertificate *root_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* Prepare the intermediate cert (to be sent last, out of order)! */
+ intermediate_cert = g_tls_certificate_new_from_file (tls_test_file_path ("intermediate-ca.pem"),
+ &error);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ g_file_get_contents (tls_test_file_path ("ca.pem"), &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ /* Prepare the root cert (to be sent in the middle of the chain). */
+ root_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ /* Prepare the server cert. */
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_verified_chain_with_alternative_ca_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *intermediate_cert;
+ GTlsCertificate *root_cert;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* This "root" cert is issued by a CA that is not in the trust store. So it's
+ * not really a root, but it has the same public key as a cert in the trust
+ * store. If the client insists on a traditional chain of trust, this will
+ * fail, since the issuer is untrusted. */
+ root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ /* Prepare the intermediate cert. Modern TLS libraries are expected to notice
+ * that it is signed by the same public key as a certificate in the root
+ * store, and accept the certificate, ignoring the untrusted "root" sent next
+ * in the chain, which servers send for compatibility with clients that don't
+ * have the new CA cert in the trust store yet. (In this scenario, the old
+ * client still trusts the old CA cert.) */
+ g_file_get_contents (tls_test_file_path ("intermediate-ca.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ intermediate_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (intermediate_cert);
+
+ /* Prepare the server cert. */
+ g_clear_pointer (&cert_data, g_free);
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", intermediate_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (intermediate_cert);
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ test_verified_connection (test, data);
+}
+
+static void
+test_invalid_chain_with_alternative_ca_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GTlsBackend *backend;
+ GTlsCertificate *server_cert;
+ GTlsCertificate *root_cert;
+ GIOStream *connection;
+ char *cert_data = NULL;
+ char *key_data = NULL;
+ GError *error = NULL;
+
+ backend = g_tls_backend_get_default ();
+
+ /* This certificate has the same public key as a certificate in the root store. */
+ root_cert = g_tls_certificate_new_from_file (tls_test_file_path ("ca-alternative.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (root_cert);
+
+ /* The intermediate cert is not sent. The chain should be rejected, since without intermediate.pem
+ * there is no proof that ca-alternative.pem signed server-intermediate.pem. */
+ g_file_get_contents (tls_test_file_path ("server-intermediate.pem"),
+ &cert_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (cert_data);
+
+ g_file_get_contents (tls_test_file_path ("server-intermediate-key.pem"),
+ &key_data, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (key_data);
+
+ server_cert = g_initable_new (g_tls_backend_get_certificate_type (backend),
+ NULL, &error,
+ "issuer", root_cert,
+ "certificate-pem", cert_data,
+ "private-key-pem", key_data,
+ NULL);
+ g_assert_no_error (error);
+ g_assert (server_cert);
+
+ g_object_unref (root_cert);
+ g_free (cert_data);
+ g_free (key_data);
+
+ test->server_certificate = server_cert;
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* Make sure this test doesn't expire. */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+ g_assert_no_error (test->server_error);
+}
+
+static void
on_notify_accepted_cas (GObject *obj,
GParamSpec *spec,
gpointer user_data)
GTlsCertificate *peer;
gboolean cas_changed;
- test->database = g_tls_file_database_new (TEST_FILE ("ca-roots.pem"), &error);
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
g_assert_no_error (error);
g_assert (test->database);
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client-and-key.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
g_assert_no_error (error);
g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
GError *error = NULL;
gboolean accepted_changed;
- test->database = g_tls_file_database_new (TEST_FILE ("ca-roots.pem"), &error);
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
g_assert_no_error (error);
g_assert (test->database);
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
}
static void
+test_client_auth_request_cert (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsCertificate *cert;
+ GTlsCertificate *peer;
+ GTlsInteraction *interaction;
+ gboolean cas_changed;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* Have the interaction return a certificate */
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-and-key.pem"), &error);
+ g_assert_no_error (error);
+ interaction = mock_interaction_new_static_certificate (cert);
+ g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+ g_object_unref (interaction);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ cas_changed = FALSE;
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (on_notify_accepted_cas), &cas_changed);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+ g_assert (peer != NULL);
+ g_assert (g_tls_certificate_is_same (peer, cert));
+ g_assert (cas_changed == TRUE);
+
+ g_object_unref (cert);
+}
+
+static void
+test_client_auth_request_fail (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsInteraction *interaction;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert (test->database);
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* Have the interaction return an error */
+ interaction = mock_interaction_new_static_error (G_FILE_ERROR, G_FILE_ERROR_ACCES, "Request message");
+ g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+ g_object_unref (interaction);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
+
+ g_io_stream_close (test->server_connection, NULL, NULL);
+ g_io_stream_close (test->client_connection, NULL, NULL);
+}
+
+static void
test_connection_no_database (TestConnection *test,
gconstpointer data)
{
GIOStream *connection;
GError *error = NULL;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_assert (test->client_connection);
GError *error = NULL;
GSocketConnectable *bad_addr;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
bad_addr = g_network_address_new ("wrong.example.com", 80);
test->client_connection = g_tls_client_connection_new (connection, bad_addr, &error);
GIOStream *base;
GError *error = NULL;
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
client = g_socket_client_new ();
g_socket_client_set_tls (client, TRUE);
flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
{
GSocketClient *client;
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
client = g_socket_client_new ();
g_socket_client_set_tls (client, TRUE);
/* this time we don't adjust the validation flags */
}
static void
+socket_client_timed_out_write (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GSocketConnection *connection;
+ GInputStream *input_stream;
+ GOutputStream *output_stream;
+ GError *error = NULL;
+ gchar buffer[TEST_DATA_LENGTH];
+ gssize size;
+
+ connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
+ result, &error);
+ g_assert_no_error (error);
+ test->client_connection = G_IO_STREAM (connection);
+
+ input_stream = g_io_stream_get_input_stream (test->client_connection);
+ output_stream = g_io_stream_get_output_stream (test->client_connection);
+
+ /* read TEST_DATA_LENGTH once */
+ size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+
+ /* read TEST_DATA_LENGTH again to cause the time out */
+ size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
+ g_assert_cmpint (size, ==, -1);
+ g_clear_error (&error);
+
+ /* write after a timeout, session should still be valid */
+ size = g_output_stream_write (output_stream, TEST_DATA, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+
+ g_main_loop_quit (test->loop);
+}
+
+static void
+test_connection_read_time_out_write (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GTlsCertificateFlags flags;
+ GSocketConnection *connection;
+ GIOStream *base;
+ GError *error = NULL;
+
+ /* Don't close the server connection after writing TEST_DATA. */
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, FALSE);
+ client = g_socket_client_new ();
+ /* Set a 1 second time out on the socket */
+ g_socket_client_set_timeout (client, 1);
+ g_socket_client_set_tls (client, TRUE);
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
+ /* test->address doesn't match the server's cert */
+ flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY;
+ g_socket_client_set_tls_validation_flags (client, flags);
+
+ g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, socket_client_timed_out_write, test);
+
+ g_main_loop_run (test->loop);
+
+ /* Close the server now */
+ close_server_connection (test);
+
+ connection = (GSocketConnection *)test->client_connection;
+ test->client_connection = NULL;
+
+ g_assert (G_IS_TCP_WRAPPER_CONNECTION (connection));
+ base = g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (connection));
+ g_assert (G_IS_TLS_CONNECTION (base));
+
+ g_io_stream_close (G_IO_STREAM (connection), NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ g_object_unref (client);
+}
+
+static void
simul_async_read_complete (GObject *object,
GAsyncResult *result,
gpointer user_data)
g_assert_cmpstr (test->buf, ==, TEST_DATA);
}
+static gboolean
+check_gnutls_has_rehandshaking_bug (void)
+{
+ const char *version = gnutls_check_version (NULL);
+
+ return (!strcmp (version, "3.1.27") ||
+ !strcmp (version, "3.1.28") ||
+ !strcmp (version, "3.2.19") ||
+ !strcmp (version, "3.3.8") ||
+ !strcmp (version, "3.3.9") ||
+ !strcmp (version, "3.3.10"));
+}
+
static void
test_simultaneous_async_rehandshake (TestConnection *test,
gconstpointer data)
{
+ if (check_gnutls_has_rehandshaking_bug ())
+ {
+ g_test_skip ("test would fail due to gnutls bug 108690");
+ return;
+ }
+
test->rehandshake = TRUE;
test_simultaneous_async (test, data);
}
test_simultaneous_sync_rehandshake (TestConnection *test,
gconstpointer data)
{
+ if (check_gnutls_has_rehandshaking_bug ())
+ {
+ g_test_skip ("test would fail due to gnutls bug 108690");
+ return;
+ }
+
test->rehandshake = TRUE;
test_simultaneous_sync (test, data);
}
GIOStream *connection;
GError *error = NULL;
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
}
static void
+handshake_completed (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ gboolean *complete = user_data;
+
+ *complete = TRUE;
+ return;
+}
+
+static void
test_close_during_handshake (TestConnection *test,
gconstpointer data)
{
GError *error = NULL;
GMainContext *context;
GMainLoop *loop;
+ gboolean handshake_complete = FALSE;
g_test_bug ("688751");
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
test->expect_server_error = TRUE;
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
context = g_main_context_new ();
g_main_context_push_thread_default (context);
g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
- G_PRIORITY_DEFAULT,
- NULL, NULL, NULL);
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
g_main_context_pop_thread_default (context);
/* Now run the (default GMainContext) loop, which is needed for
/* We have to let the handshake_async() call finish now, or
* teardown_connection() will assert.
*/
- g_main_context_iteration (context, TRUE);
+ while (!handshake_complete)
+ g_main_context_iteration (context, TRUE);
+ g_main_context_unref (context);
+}
+
+static void
+test_output_stream_close_during_handshake (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ GMainContext *context;
+ GMainLoop *loop;
+ gboolean handshake_complete = FALSE;
+
+ g_test_bug ("688751");
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ loop = g_main_loop_new (NULL, FALSE);
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (quit_loop_on_notify), loop);
+
+ context = g_main_context_new ();
+ g_main_context_push_thread_default (context);
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
+ g_main_context_pop_thread_default (context);
+
+ /* Now run the (default GMainContext) loop, which is needed for
+ * the server side of things. The client-side handshake will run in
+ * a thread, but its callback will never be invoked because its
+ * context isn't running.
+ */
+ g_main_loop_run (loop);
+ g_main_loop_unref (loop);
+
+ /* At this point handshake_thread() has started (and maybe
+ * finished), but handshake_thread_completed() (and thus
+ * finish_handshake()) has not yet run. Make sure close doesn't
+ * block.
+ */
+ g_output_stream_close (g_io_stream_get_output_stream (test->client_connection), NULL, &error);
+ g_assert_no_error (error);
+
+ /* We have to let the handshake_async() call finish now, or
+ * teardown_connection() will assert.
+ */
+ while (!handshake_complete)
+ g_main_context_iteration (context, TRUE);
g_main_context_unref (context);
}
+
static void
test_write_during_handshake (TestConnection *test,
gconstpointer data)
GMainContext *context;
GMainLoop *loop;
GOutputStream *ostream;
+ gboolean handshake_complete = FALSE;
g_test_bug ("697754");
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED, TRUE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
context = g_main_context_new ();
g_main_context_push_thread_default (context);
g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
- G_PRIORITY_DEFAULT,
- NULL, NULL, NULL);
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
g_main_context_pop_thread_default (context);
/* Now run the (default GMainContext) loop, which is needed for
/* We have to let the handshake_async() call finish now, or
* teardown_connection() will assert.
*/
- g_main_context_iteration (context, TRUE);
+ while (!handshake_complete)
+ g_main_context_iteration (context, TRUE);
g_main_context_unref (context);
}
+static gboolean
+async_implicit_handshake_dispatch (GPollableInputStream *stream,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+ gchar buffer[TEST_DATA_LENGTH];
+ gssize size;
+ gboolean keep_running;
+
+ size = g_pollable_input_stream_read_nonblocking (stream, buffer,
+ TEST_DATA_LENGTH,
+ NULL, &error);
+
+ keep_running = (-1 == size);
+
+ if (keep_running)
+ {
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK);
+ g_error_free (error);
+ }
+ else
+ {
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+ g_main_loop_quit (test->loop);
+ }
+
+ return keep_running;
+}
+
+static void
+test_async_implicit_handshake (TestConnection *test, gconstpointer data)
+{
+ GTlsCertificateFlags flags;
+ GIOStream *stream;
+ GInputStream *input_stream;
+ GSource *input_source;
+ GError *error = NULL;
+
+ g_test_bug ("710691");
+
+ stream = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (stream, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (stream);
+
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL &
+ ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY);
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ flags);
+
+ /**
+ * Create a source from the client's input stream. The dispatch
+ * callback will be called a first time, which will perform a
+ * non-blocking read triggering the asynchronous implicit
+ * handshaking.
+ */
+ input_stream = g_io_stream_get_input_stream (test->client_connection);
+ input_source =
+ g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (input_stream),
+ NULL);
+
+ g_source_set_callback (input_source,
+ (GSourceFunc) async_implicit_handshake_dispatch,
+ test, NULL);
+
+ g_source_attach (input_source, NULL);
+
+ g_main_loop_run (test->loop);
+
+ g_io_stream_close (G_IO_STREAM (test->client_connection), NULL, &error);
+ g_assert_no_error (error);
+ g_object_unref (test->client_connection);
+ test->client_connection = NULL;
+}
+
+static void
+quit_on_handshake_complete (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ GError *error = NULL;
+
+ g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error);
+ g_assert_no_error (error);
+
+ g_main_loop_quit (test->loop);
+ return;
+}
+
+#define PRIORITY_SSL_FALLBACK "NORMAL:+VERS-SSL3.0"
+#define PRIORITY_TLS_FALLBACK "NORMAL:+VERS-TLS-ALL:-VERS-SSL3.0"
+
+static void
+test_fallback (gconstpointer data)
+{
+ const char *priority_string = (const char *) data;
+ char *test_name;
+
+ test_name = g_strdup_printf ("/tls/connection/fallback/subprocess/%s", priority_string);
+ g_test_trap_subprocess (test_name, 0, 0);
+ g_test_trap_assert_passed ();
+ g_free (test_name);
+}
+
+static void
+test_fallback_subprocess (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GTlsConnection *tlsconn;
+ GError *error = NULL;
+
+ connection = start_echo_server_and_connect_to_it (test);
+ test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
+ g_assert_no_error (error);
+ tlsconn = G_TLS_CONNECTION (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+ g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ TRUE);
+ g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL,
+ quit_on_handshake_complete, test);
+ g_main_loop_run (test->loop);
+
+ /* In 2.42 we don't have the API to test that the correct version was negotiated,
+ * so we merely test that the connection succeeded at all.
+ */
+
+ g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+}
+
+static void
+test_output_stream_close (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+ gboolean ret;
+ gboolean handshake_complete = FALSE;
+ gssize size;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ /* No validation at all in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ handshake_completed, &handshake_complete);
+
+ while (!handshake_complete)
+ g_main_context_iteration (NULL, TRUE);
+
+ ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
+
+
+ /* Verify that double close returns TRUE */
+ ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
+ NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
+
+ size = g_output_stream_write (g_io_stream_get_output_stream (test->client_connection),
+ "data", 4, NULL, &error);
+ g_assert (size == -1);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED);
+ g_clear_error (&error);
+
+ /* We closed the output stream, but not the input stream, so receiving
+ * data should still work.
+ */
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ ret = g_io_stream_close (test->client_connection, NULL, &error);
+ g_assert_no_error (error);
+ g_assert (ret);
+}
+
int
main (int argc,
char *argv[])
{
int ret;
+ int i;
+
+ /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY
+ * appropriately if so.
+ */
+ for (i = 1; i < argc - 1; i++)
+ {
+ if (!strcmp (argv[i], "-p"))
+ {
+ const char *priority = argv[i + 1];
+
+ priority = strrchr (priority, '/');
+ if (priority++ &&
+ (g_str_has_prefix (priority, "NORMAL:") ||
+ g_str_has_prefix (priority, "NONE:")))
+ g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE);
+ break;
+ }
+ }
g_test_init (&argc, &argv, NULL);
g_test_bug_base ("http://bugzilla.gnome.org/");
setup_connection, test_basic_connection, teardown_connection);
g_test_add ("/tls/connection/verified", TestConnection, NULL,
setup_connection, test_verified_connection, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain", TestConnection, NULL,
+ setup_connection, test_verified_chain, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL,
+ setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL,
+ setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection);
+ g_test_add ("/tls/connection/verified-unordered-chain", TestConnection, NULL,
+ setup_connection, test_verified_unordered_chain, teardown_connection);
+ g_test_add ("/tls/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL,
+ setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection);
+ g_test_add ("/tls/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL,
+ setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection);
g_test_add ("/tls/connection/client-auth", TestConnection, NULL,
setup_connection, test_client_auth_connection, teardown_connection);
g_test_add ("/tls/connection/client-auth-rehandshake", TestConnection, NULL,
setup_connection, test_client_auth_rehandshake, teardown_connection);
g_test_add ("/tls/connection/client-auth-failure", TestConnection, NULL,
setup_connection, test_client_auth_failure, teardown_connection);
+ g_test_add ("/tls/connection/client-auth-request-cert", TestConnection, NULL,
+ setup_connection, test_client_auth_request_cert, teardown_connection);
+ g_test_add ("/tls/connection/client-auth-request-fail", TestConnection, NULL,
+ setup_connection, test_client_auth_request_fail, teardown_connection);
g_test_add ("/tls/connection/no-database", TestConnection, NULL,
setup_connection, test_connection_no_database, teardown_connection);
g_test_add ("/tls/connection/failed", TestConnection, NULL,
setup_connection, test_connection_socket_client, teardown_connection);
g_test_add ("/tls/connection/socket-client-failed", TestConnection, NULL,
setup_connection, test_connection_socket_client_failed, teardown_connection);
+ g_test_add ("/tls/connection/read-time-out-then-write", TestConnection, NULL,
+ setup_connection, test_connection_read_time_out_write, teardown_connection);
g_test_add ("/tls/connection/simultaneous-async", TestConnection, NULL,
setup_connection, test_simultaneous_async, teardown_connection);
g_test_add ("/tls/connection/simultaneous-sync", TestConnection, NULL,
- setup_connection, test_simultaneous_sync, teardown_connection);
+ setup_connection, test_simultaneous_sync, teardown_connection);
g_test_add ("/tls/connection/simultaneous-async-rehandshake", TestConnection, NULL,
setup_connection, test_simultaneous_async_rehandshake, teardown_connection);
g_test_add ("/tls/connection/simultaneous-sync-rehandshake", TestConnection, NULL,
- setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
+ setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
g_test_add ("/tls/connection/close-immediately", TestConnection, NULL,
setup_connection, test_close_immediately, teardown_connection);
g_test_add ("/tls/connection/close-during-handshake", TestConnection, NULL,
setup_connection, test_close_during_handshake, teardown_connection);
+ g_test_add ("/tls/connection/close-output-stream-during-handshake", TestConnection, NULL,
+ setup_connection, test_output_stream_close_during_handshake, teardown_connection);
g_test_add ("/tls/connection/write-during-handshake", TestConnection, NULL,
setup_connection, test_write_during_handshake, teardown_connection);
+ g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL,
+ setup_connection, test_async_implicit_handshake, teardown_connection);
+ g_test_add ("/tls/connection/output-stream-close", TestConnection, NULL,
+ setup_connection, test_output_stream_close, teardown_connection);
+
+ g_test_add_data_func ("/tls/connection/fallback/SSL", PRIORITY_SSL_FALLBACK, test_fallback);
+ g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_SSL_FALLBACK,
+ TestConnection, NULL,
+ setup_connection, test_fallback_subprocess, teardown_connection);
+ g_test_add_data_func ("/tls/connection/fallback/TLS", PRIORITY_TLS_FALLBACK, test_fallback);
+ g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_TLS_FALLBACK,
+ TestConnection, NULL,
+ setup_connection, test_fallback_subprocess, teardown_connection);
ret = g_test_run();
* Public License along with this library; if not, see
* <http://www.gnu.org/licenses/>.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <sys/types.h>
#include <string.h>
-#define TEST_FILE(name) (SRCDIR "/files/" name)
+static const gchar *
+tls_test_file_path (const char *name)
+{
+ const gchar *const_path;
+ gchar *path;
+
+ path = g_test_build_filename (G_TEST_DIST, "files", name, NULL);
+ if (!g_path_is_absolute (path))
+ {
+ gchar *cwd, *abs;
+
+ cwd = g_get_current_dir ();
+ abs = g_build_filename (cwd, path, NULL);
+ g_free (cwd);
+ g_free (path);
+ path = abs;
+ }
+
+ const_path = g_intern_string (path);
+ g_free (path);
+ return const_path;
+}
/* -----------------------------------------------------------------------------
* CERTIFICATE VERIFY
{
GError *error = NULL;
- test->cert = g_tls_certificate_new_from_file (TEST_FILE ("server.pem"), &error);
+ test->cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (test->cert));
test->identity = g_network_address_new ("server.example.com", 80);
- test->database = g_tls_file_database_new (TEST_FILE ("ca.pem"), &error);
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (test->database));
}
GError *error = NULL;
/* Use another certificate which isn't in our CA list */
- cert = g_tls_certificate_new_from_file (TEST_FILE ("server-self.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client-future.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-future.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError *error = NULL;
/* This is a certificate in the future */
- cert = g_tls_certificate_new_from_file (TEST_FILE ("client-past.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("client-past.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GTlsCertificateFlags errors;
GError *error = NULL;
- cert = g_tls_certificate_new_from_file (TEST_FILE ("server-self.pem"), &error);
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-self.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (cert));
GError **error)
{
GList *certificates;
- GTlsCertificate *chain = NULL;
+ GTlsCertificate *chain = NULL, *prev_chain = NULL;
GTlsBackend *backend;
GByteArray *der;
GList *l;
certificates = g_list_reverse (certificates);
for (l = certificates; l != NULL; l = g_list_next (l))
{
+ prev_chain = chain;
g_object_get (l->data, "certificate", &der, NULL);
chain = g_object_new (g_tls_backend_get_certificate_type (backend),
"certificate", der,
- "issuer", chain,
+ "issuer", prev_chain,
NULL);
g_byte_array_unref (der);
+ g_clear_object (&prev_chain);
}
g_list_free_full (certificates, g_object_unref);
* This database contains a single anchor certificate of:
* C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
*/
- database = g_tls_file_database_new (TEST_FILE ("ca-verisign-sha1.pem"), &error);
+ database = g_tls_file_database_new (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (database));
- ca_verisign_sha1 = g_tls_certificate_new_from_file (TEST_FILE ("ca-verisign-sha1.pem"), &error);
+ ca_verisign_sha1 = g_tls_certificate_new_from_file (tls_test_file_path ("ca-verisign-sha1.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (ca_verisign_sha1));
* verify this chain as valid, since the issuer fields and signatures should chain up
* to the certificate in our database.
*/
- chain = load_certificate_chain (TEST_FILE ("chain-with-verisign-md2.pem"), &error);
+ chain = load_certificate_chain (tls_test_file_path ("chain-with-verisign-md2.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (chain));
{
GError *error = NULL;
- test->path = TEST_FILE ("ca-roots.pem");
+ test->path = tls_test_file_path ("ca-roots.pem");
test->database = g_tls_file_database_new (test->path, &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_DATABASE (test->database));
* is 'in' the database.
*/
- certificate = g_tls_certificate_new_from_file (TEST_FILE ("ca.pem"), &error);
+ certificate = g_tls_certificate_new_from_file (tls_test_file_path ("ca.pem"), &error);
g_assert_no_error (error);
g_assert (G_IS_TLS_CERTIFICATE (certificate));
gchar *anchor_filename = NULL;
GError *error = NULL;
- database = g_tls_file_database_new (TEST_FILE ("ca.pem"), &error);
+ database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
g_assert_no_error (error);
g_object_get (database, "anchors", &anchor_filename, NULL);
- g_assert_cmpstr (anchor_filename, ==, TEST_FILE ("ca.pem"));
+ g_assert_cmpstr (anchor_filename, ==, tls_test_file_path ("ca.pem"));
g_free (anchor_filename);
g_object_unref (database);
static void
test_lookup_certificates_issued_by (void)
{
- /* This data is generated from the frob-certificate test tool in gcr library */
+ /* This data is generated from the frob-certificate test tool in gcr library.
+ * To regenerate (from e.g. a directory containing gcr and glib-networking):
+ *
+ * $ gcr/frob-certificate glib-networking/tls/tests/files/ca.pem
+ *
+ * Then copy the hex that is printed after "subject" (not "issuer"!) and add
+ * the missing 'x's.
+ */
const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2"
"\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A"
"\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41"
- "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15"
+ "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15"
"\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74"
"\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03"
- "\x13\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
+ "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
"\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09"
"\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63"
"\x6F\x6D";
GTlsDatabase *database;
GError *error = NULL;
- database = g_tls_file_database_new (TEST_FILE ("non-ca.pem"), &error);
+ database = g_tls_file_database_new (tls_test_file_path ("non-ca.pem"), &error);
g_assert_no_error (error);
issuer_dn = g_byte_array_new ();
g_assert_cmpuint (g_list_length (certificates), ==, 4);
- g_assert (certificate_is_in_list (certificates, TEST_FILE ("client.pem")));
- g_assert (certificate_is_in_list (certificates, TEST_FILE ("client-future.pem")));
- g_assert (certificate_is_in_list (certificates, TEST_FILE ("client-past.pem")));
- g_assert (certificate_is_in_list (certificates, TEST_FILE ("server.pem")));
- g_assert (!certificate_is_in_list (certificates, TEST_FILE ("server-self.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-future.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("client-past.pem")));
+ g_assert (certificate_is_in_list (certificates, tls_test_file_path ("server.pem")));
+ g_assert (!certificate_is_in_list (certificates, tls_test_file_path ("server-self.pem")));
g_list_free_full (certificates, g_object_unref);
g_object_unref (database);
- g_byte_array_unref (issuer_dn);
}
static void
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBV
+bnRydXN0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndh
+cy5hLmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNv
+bTAeFw0xNTA4MzAwMDIyMzFaFw00NTA4MjIwMDIyMzFaMIGGMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsG
+CSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAL2qSsuOcbcaJ9+uvbKan/v5186d6u1i5kIk3dPu4etHegHpDG5baq+C
+IUdY1AyCcz6OL61J1lbB3Ksk6eyo9woKHHto0BJ9IVEb7K7pT+gau7QeS15MUK5m
+NfueUfIdXTCNpHez6Nzt4H57bgqJJrJnHnondOuEalEFgDtOBqilAgMBAAGjggFR
+MIIBTTAdBgNVHQ4EFgQUmAbQgRwBOJuIai3NygAtGQ9xlbEwgdQGA1UdIwSBzDCB
+yYAULu6rFocDkpwOJyAjyQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50
+cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMu
+YS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22C
+CQD9kIwlfKYqXDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV
+HREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNv
+bTANBgkqhkiG9w0BAQUFAAOBgQA9CNpCI5kLKsccy73SZWyp2fEwMDrZHMJvChdv
+1CWaE1BYlLQWtr1bSy2aEPZujMVzUW5XtoRlLWpTBxUB7o888u7FJmFVhEv4Apq2
+DZ8yDlIy4yHFOShIQfmfdeDzYSoxXgoUINqxQDpfKXrQCB9OqQjI4yrJkw+lO7fs
+eIIk5w==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9qkrLjnG3Giffrr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6Qxu
+W2qvgiFHWNQMgnM+ji+tSdZWwdyrJOnsqPcKChx7aNASfSFRG+yu6U/oGru0Hkte
+TFCuZjX7nlHyHV0wjaR3s+jc7eB+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQAB
+AoGAY6BlA4HCV9TkZwnJ2VyBdwFpC75F3gYaP1pQL3gGsejsvL4m6n0YkDKBupF9
+aUjIsm5LuvHTJeVVPYz5V3f1syZr4fYYpmwoWjHkb6g55R9iAgmSd29gQwu0OdsP
+EhothysqPMvhWQi2gLHAz14U+EZVH9zKCZ50GW7bTrZoc20CQQD2LkPn6S2HQhPl
+Ks9HmPAsFkd0dKE0zE2IKvgsCiBsfvd4H1u0QO17ZWNR8AK9x16gnrDv0Xjpsw6H
+V9xaMsY7AkEAxTrzZKdaeu1BFDuLdgGuEj5YOUbhXjmldDwvw/xFXPU03MjCVDjo
+4V6MDZJ1HlpwWBCYO+pIyRd5NADXh33+nwJBAPT8d6FbYG6BKJFfd+V1YlVNWpCe
+3CpRwjpnII+bCEdQVu9YrYcFMhAhhqRs6B16QUYwhj4yRFS1VxkDK4srii8CQCdm
+U2D0HZsY8js8eeulAkUatz0Z78OG+Ipzy4b3SlP7mAfTAx8YD02WOZwsecEKiA7P
+odm2P7wMOGYvFN84SDkCQQCYg8rdrLdM1Wx+/k9aiFku1LmyHLZPtq39je4S/EJN
+ibWCMmhysz6cuIKykUYI7DKolQnxu4BWLnn9ff60T1xp
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
+CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
+aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
+gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
+aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
+tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
+nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
+77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
+These are some CA certificates
+
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAOpd4Em2fjp3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDEw5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDcxMjIwMTc1NjA2
-WhcNMzUwNTA4MTc1NjA2WjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5OjHuXXN2LG3s
-FHISaZZ6L1RSYgRdTenu1nvqkMn/xvzOz385oede1z/7f6BoXyM0kNWCf4SOXtXr
-EIGmQoeURhFfLCnoK8NHfNcel3IPyMPhdJUMJlc3gfpWm+QxjkyqVyMhyYxC9Pmg
-QC7zx4ZKcQrL3zVGYtg8wxmaKY2HwQIDAQABo4IBODCCATQwHQYDVR0OBBYEFNSE
-nYhMCPaaFynFeQ2R5y25+AcFMIG7BgNVHSMEgbMwgbCAFNSEnYhMCPaaFynFeQ2R
-5y25+AcFoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDEw5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDqXeBJtn46dzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQA6xjU2aPgMOh2yyz2KCb6d5gNNvfr4
-pLGpZWilbRkA36OOG43zxeRZoumh1ybyOvhm73cMvNihDUyOf7vQe75Qtp5koGPS
-V3mSruhsRGvOZxcV+SJnBj1exKyH3mdaZA74Xg4y5qkUkywPqnP5Y+E6UMJM7Nmw
-kHk2bKJC5vjxoA==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
-----END CERTIFICATE-----
+
+GLib shouldn't care about this comment
+
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdni
TCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc=
-----END CERTIFICATE-----
+
+Thank you for loading this list of CA certificates.
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAOpd4Em2fjp3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDEw5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDcxMjIwMTc1NjA2
-WhcNMzUwNTA4MTc1NjA2WjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5OjHuXXN2LG3s
-FHISaZZ6L1RSYgRdTenu1nvqkMn/xvzOz385oede1z/7f6BoXyM0kNWCf4SOXtXr
-EIGmQoeURhFfLCnoK8NHfNcel3IPyMPhdJUMJlc3gfpWm+QxjkyqVyMhyYxC9Pmg
-QC7zx4ZKcQrL3zVGYtg8wxmaKY2HwQIDAQABo4IBODCCATQwHQYDVR0OBBYEFNSE
-nYhMCPaaFynFeQ2R5y25+AcFMIG7BgNVHSMEgbMwgbCAFNSEnYhMCPaaFynFeQ2R
-5y25+AcFoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDEw5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQDqXeBJtn46dzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQA6xjU2aPgMOh2yyz2KCb6d5gNNvfr4
-pLGpZWilbRkA36OOG43zxeRZoumh1ybyOvhm73cMvNihDUyOf7vQe75Qtp5koGPS
-V3mSruhsRGvOZxcV+SJnBj1exKyH3mdaZA74Xg4y5qkUkywPqnP5Y+E6UMJM7Nmw
-kHk2bKJC5vjxoA==
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
+bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
+aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
+LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
+SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
+urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
+ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
+rIGhqRjNMWRmaH1wgSCGRiE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
+MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
+V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
+BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
+gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
+FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
+LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
+gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
+T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
+Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAy+gAwIBAgIJAO+Cui0EIECvMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
+CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTUwODMwMDAyMjMx
+WhcNNDUwODIyMDAyMjMxWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
+JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
+eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9qkrLjnG3Giff
+rr2ymp/7+dfOnertYuZCJN3T7uHrR3oB6QxuW2qvgiFHWNQMgnM+ji+tSdZWwdyr
+JOnsqPcKChx7aNASfSFRG+yu6U/oGru0HkteTFCuZjX7nlHyHV0wjaR3s+jc7eB+
+e24KiSayZx56J3TrhGpRBYA7TgaopQIDAQABo4IBODCCATQwHQYDVR0OBBYEFJgG
+0IEcATibiGotzcoALRkPcZWxMIG7BgNVHSMEgbMwgbCAFJgG0IEcATibiGotzcoA
+LRkPcZWxoYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
+LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
+ZS5jb22CCQDvgrotBCBArzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCuwCsxZxXctjLr059fFd94Yb6lDyPr
+Gd9H4luK9G4NNf2QiD94SfYAEy8C3Lw2/VIYf5kuNPJE2+0AOpCJ3pD3id2JC8Qf
+lnIsGHCclrxldY5NX3S/p2T8wsgBdz5wfzDGm1GANdI5M1YrTN0ExebOspXnXGed
+9jx8rdTVQwErTw==
+-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
-MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
-IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
-zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
-itDUkYkssNCVivYwVvJoMg==
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
+onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
+vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
+CWob7aQ/SlFQ+txnwJtOnA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAwSA0Mz92De30Mc0A/P9vzstLERoqGhnwBw0HKbcsQ50KdcYS
-cp/Rv2WRPlxpe7kYAzzhqFMInufv1FU2uoYozuNsF1Jf5lR+SolA+E5cPb7SeJhC
-Jwf3afPvyTGaOVuLO93d8zUGU74L/741Z/YQCE5FUCO8msc2iQmnc9M1EnVZa14d
-5T0/B8aZYcpVzUiC9EUwfTzrTghnNfkJzEiD9vnqDbsDsIE+H8o7+opMMsUU0ZzV
-PZqy9j8/f4943rL6V4UdK0JO7tEGL+XiFzNl2fCrcEZPqaeMQ3vBq7azukDTrtJe
-KY06RiLl+DCykweLx8laZjIHKlSZAFHPB+bvsQIDAQABAoIBAQCQUI1RYnHIdPFO
-qZ+8bvDQ+g8tR30ApjM8QZsBrDRyjg579bhhWVY2jSJdFFdqseTkvoDt9KZzgGQy
-Kj9MYOZru3xRbSfmiWsaLbiUFJJPPaIvpa+BVS2oSjX8BYn2pJbF9MRfclc5CsIS
-qMNl3XUbj8mx2hKdIpJ5EvLD1adKE4Se6peqSZAmEHONNCsrMrQ0GSQqV3viInJr
-tc3kp3HcPffSROWqmc6jAJ77Cs3ApgJavL5RGjx30Kd+dKVq4PXZ+IhWM8dOSput
-wcyxEosiP/W2g0rDgNW2mGOVOwa/D5SnOolicHifdV7idjwLAjkyYgvmBMNSsECj
-yKBkE0gxAoGBAN8iHMumyvriHuj9bSLZ1bcyYFz7jIwUxpHTT7VqN/j/Y1BoBIBy
-ZZLDGMa+ID/brpRHzJQAKSNtbFQ0S1HTSKcFud5OWE8Rp3pQJU+sdeO3pCMWAD1z
-Q4ggF07JjTSSnK+4fcXgEN9P2OdfXy7Rj3HFpSahql55Kp5udoUdzUVFAoGBAN2S
-krlcEuqsEYjqsCJw5pctIwPMvCM51JgirrdETwSGquMklSrobH0PHMlR67gsA/9I
-UGShT0LL4UWYpBn/4xLrLbua5aHIBfQQZp9K6jDZddWS+EFL5JkO/Up4/qM6fUbH
-CuweVv1gd6i2Ti35K60mgx6MqVunaB1k8Q9P3Pl9AoGALSVtxha9Qv21W1bLWh3R
-C/v5W1baHQ2nD6I9omsXYB3sLjydjI+Y1ZT70lptk/4S2JWeYuOVb0GYhYD/LFMf
-hAu4i642V+kuhaTpp7ExOR3S6/ZrngNQSp6TmLFXDKgNY9BkQkEPqN8y971oOMTV
-zSM8QxC6s9q4MM4Q1OYuvjECgYEAsO2V1AW95T45Ukd1FktpFlaomyQlJ0vKgyFO
-unEFV+vhETfpFTY7SzGCHxAXVh1vo62u5Gwayo/a9qQIhepa/IRnJGNv8luyxU1D
-ZPeBQjija0PMkPd1NvNNNuafDuBpoNbX1ev0MqeRZVsN2pAZXE5gbUiNA+8NqEsu
-Yre3EFECgYEA13rXE76zZgsefx+2spjqJDUWEmTDd1460xTtxCCgL9dy4rW5bgwo
-MvINphSUXOwSkn8Oja/IvpN28zSj9W/ci5wU52P5w4blkBmuj8UoCjP2FN1b1OBa
-86mkwVsCYUyyI2apuwrHP77yeb8jXZb+reqSns3hU+HyO/nUTVmnews=
+MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
+5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
+asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
+SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
+AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
+XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
++j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
+K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
+CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
+Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
+UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
+Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
+NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
+11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
+vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
+Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
+uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
+f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
+e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
+RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
+NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
+ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
+9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
+7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
+As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQowDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAxMTgxNzI3MDNaFw0yMTAxMTcxNzI3
-MDNaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBvt8v930fQtxR7f7Vcb1Hg
-irq1CtffsBqtKYupYg6IgloiRA6U5wdU0e6faA3Ppsmd4SmNKb9ZavIgnDBfx8MP
-1/IpsNOkg0366bP/zzkAhcXspo7PU8yZIqep//wT4TOFz04N8Lshqm8HUejShFdA
-fB8C0LX5Y/2219ZVMaaEbw==
+MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
+MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
+dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
+jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
+ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
+qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
+gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
+rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
+s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
+nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
+cbRhKzUoJD6FBuUq7OXOO+4T30c=
-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4pHIYnVJwOvIPTt/S8C+M1T8YG9kRt5MBqfdmVi+BwW5oduL
+5K9rL5JombBdocjjOA4X1o2XjMcgdRYCD5jjiUw+m02t995zivYL7yCeaOi3ai3k
+asB8ut1HvGYqSoXHhCvTaxE+DLwC9KVvJbWqJbT8MrBv8kyy56PNTIwgH9PpTE/N
+SreeszXyW1pKtZ3peMVFV6nqygxyJQhKv54XSfSaGWifEOJ6ApcBshe8pZNMA8gk
+AOh7I+JfXW0Z5xJtYEvMdYMrRUzzloR3drGQ90+PpHBARrsVRPIutTU2PqTw+Xs1
+XI1ZduDkgoQxkHpXmlcRJqxXqdKLu9bglikD4QIDAQABAoIBAQDXQfxpFtgIs7rd
++j4aAbhzWqYhFRPnhOIkXK5cOATq9RSF4+nITqV+YBKDGh4LTKocIr+hN4sp1DJR
+K6SvnulnE4pT0PydB7ss5lE2Uv5N2/QOrCVdCx42B3BVXZeGkA2b1GucSJh0Tthc
+CSVNZYiPJKGLozfos9gx3d16gZMvyEM4xGFcB8FVWm00Aunc8NOpO8oCQv5URF1x
+Imvp3JkhBAV9EIr4BftjT+hSOGgrZwx2ZzU8A1EpXAg6Hja6dQAleq0WTFJS6Ez2
+UjFFI9qF5YMxDDdLZ8p8G3BFw/m5zKE8wrnSdgf7iP9JPgZZA3Y5GLQkKA/Q6wnP
+Bj3MbBr1AoGBAPDrF5D5VFle/LrYsAdfwdW2mby2qlB0AAlZwxUnatVFWmgnDq5B
+NpK+dp06tllv5qd0EtQMqHxPkVr7YEZ26Jex5hmLMb+LuSowq1BchNpoMGwSiyRz
+11IUYRY5BwNW7/zFv2r5ZFe/OxI2V3scYAyJ/7mqY7sWqafVGCa7pRjLAoGBAPDA
+vR0EBJL+d7mk/suOjcnVjcFmU/Jwg+O5f0Ao6ctb1rFyYL/FgheeqewZRjveLn/s
+Gz6/KieWa/k6XlxkZtJUE9RFjLWn/n79fqL0WDjSzeiSgHRj6bABjXSX3827Mud5
+uzZrVZkHcWnXQX1WREIGSOwAC/4MpU3ad87joXyDAoGBAOZ0zHdGujQ/k9ycWU7E
+f+QSp1+JEMSjIkHPlriOmzhl/kRxUC7KfQzEmyxuNG67h1WZyEUF0soPRwlUO1VM
+e9RYPbcjmrQTUU4VflsCFafjUKag2m9FTKzch769UIMWT71p4GDRLfZuHHCggPBo
+RUzZWUFex8X4uNOuGUs75oMfAoGASZeQ90qgH1K7xDqkTBLSUqz9vO2LoaM1Hao5
+NKKM/MWg9fLxkg1Mu+2bIXmEV46OBjplBaQnvZwkezWVXIawS4C54vwzi9/DUowo
+ZqVsRkph+MK3k1xrNYrz83ztQ5UCdXFngbYDn1iAGYtcEHULPmdvaPyGreytpwOt
+9cbtOQMCgYAJ0DPq4E+nICf11QsNJELqRBpx9uQjxI87/ba6z0BqtGIIwqZ1KtgI
+7LVvae89MufsxZCe8A1noSiFTQXvrLVQhzu+pBHvRQnmonqo6D/uA3viOkTqhR8X
+As2n7JVN64j/g6+c9SIfeiNscmZBRqAvgLvVGdoKrbXWkQ1S5+KgHQ==
+-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQswDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDAxMTgxNzI3NDdaFw0wMTAxMTcxNzI3
-NDdaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBC3BOULAOkRFLKLajHIIB2
-VB0tHOFWuflP/LXso3ogGA8ItqbjacqjRHdTGK79etbxSTdi7k8owMVMPavJnBYk
-TraOkf/xxHo2zWy3XES1lniTUfGgKpjYNlALB6K6DJseZorSOmGA4KllL46MYwNu
-jsLO+5HkS/uNxlKo2l+xGw==
+MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
+MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
+VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
+hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
+Iy/P6Hx0b2bZ5H6v/y6bqw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
-MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
-IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
-zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
-itDUkYkssNCVivYwVvJoMg==
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
+onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
+vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
+CWob7aQ/SlFQ+txnwJtOnA==
-----END CERTIFICATE-----
--- /dev/null
+#!/bin/sh
+
+msg() {
+ echo
+ echo "* $1 ..."
+}
+
+cd `dirname $0`
+
+echo
+echo "This script re-generates all private keys and certificates"
+echo "needed to run the Unit Test."
+echo
+echo " *** IMPORTANT ***"
+echo
+echo "This script will change the system date momentarily to generate"
+echo "a couple of certificates (sudo password will be requested). This"
+echo "is because it uses the OpenSSL x509 utility instead of the ca"
+echo "utility which allows to set a starting date for the certificates."
+echo
+echo "A few manual changes need to be made. The first certificate"
+echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by"
+echo "the contents of ca.pem."
+echo
+echo "Also, file-database.c:test_lookup_certificates_issued_by has"
+echo "an ISSUER variable that needs to be changed by the CA identifier"
+echo "(read the comment in that function) if you modify this script."
+echo
+echo " *** IMPORTANT ***"
+echo
+
+read -p "Press [Enter] key to continue..." key
+
+#######################################################################
+### Obsolete/Untrusted Root CA
+#######################################################################
+
+echo "00" > serial
+
+msg "Creating CA private key for obsolete/untrusted CA"
+openssl genrsa -out old-ca-key.pem 1024
+
+msg "Creating CA certificate for obsolete/untrusted CA"
+openssl req -x509 -new -config ssl/old-ca.conf -days 10950 -key old-ca-key.pem -out old-ca.pem
+
+#######################################################################
+### New Root CA
+#######################################################################
+
+msg "Creating CA private key"
+openssl genrsa -out ca-key.pem 1024
+
+msg "Creating CA certificate"
+openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem
+
+#######################################################################
+### New Root CA, issued by Obsolete/Untrusted Root CA
+#######################################################################
+
+msg "Creating CA certificate request"
+openssl req -config ssl/ca.conf -key ca-key.pem -new -out root-ca-csr.pem
+
+msg "Creating alternative certificate with same keys as CA"
+openssl x509 -req -in root-ca-csr.pem -days 10950 -CA old-ca.pem -CAkey old-ca-key.pem -CAserial serial -extfile ssl/ca.conf -extensions v3_req_ext -out ca-alternative.pem
+
+#######################################################################
+### Server
+#######################################################################
+
+msg "Creating server private key"
+openssl genrsa -out server-key.pem 512
+
+msg "Creating server certificate request"
+openssl req -config ssl/server.conf -key server-key.pem -new -out server-csr.pem
+
+msg "Creating server certificate"
+openssl x509 -req -in server-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/server.conf -extensions v3_req_ext -out server.pem
+
+msg "Concatenating server certificate and private key into a single file"
+cat server.pem > server-and-key.pem
+cat server-key.pem >> server-and-key.pem
+
+msg "Converting server certificate from PEM to DER"
+openssl x509 -in server.pem -outform DER -out server.der
+
+msg "Converting server private key from PEM to DER"
+openssl rsa -in server-key.pem -outform DER -out server-key.der
+
+#######################################################################
+### Server (self-signed)
+#######################################################################
+
+msg "Creating server self-signed certificate"
+openssl x509 -req -days 9125 -in server-csr.pem -signkey server-key.pem -out server-self.pem
+
+#######################################################################
+### Client
+#######################################################################
+
+msg "Creating client private key"
+openssl genrsa -out client-key.pem 2048
+
+msg "Creating client certificate request"
+openssl req -config ssl/client.conf -key client-key.pem -new -out client-csr.pem
+
+msg "Creating client certificate"
+openssl x509 -req -in client-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client.pem
+
+msg "Concatenating client certificate and private key into a single file"
+cat client.pem > client-and-key.pem
+cat client-key.pem >> client-and-key.pem
+
+# It is not possible to specify the start and end date using the "x509" tool.
+# It would be better to use the "ca" tool. Sorry!
+msg "Creating client certificate (past)"
+sudo date -s "17 JUL 2000 18:00:00"
+openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-past.pem
+sudo hwclock -s
+touch client-past.pem
+
+msg "Creating client certificate (future)"
+sudo date -s "17 JUL 2060 18:00:00"
+openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-future.pem
+sudo hwclock -s
+touch client-future.pem
+
+#######################################################################
+### Concatenate all non-CA certificates
+#######################################################################
+
+msg "Concatenating all non-CA certificates into a single file"
+echo "client.pem:" > non-ca.pem
+cat client.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "client-future.pem:" >> non-ca.pem
+cat client-future.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "client-past.pem:" >> non-ca.pem
+cat client-past.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "server.pem:" >> non-ca.pem
+cat server.pem >> non-ca.pem
+echo >> non-ca.pem
+echo "server-self.pem:" >> non-ca.pem
+cat server-self.pem >> non-ca.pem
+
+#######################################################################
+### Intermediate CA
+#######################################################################
+
+echo "00" > intermediate-serial
+
+msg "Creating intermediate CA private key"
+openssl genrsa -out intermediate-ca-key.pem 512
+
+msg "Creating intermediate CA certificate request"
+openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem
+
+msg "Creating intermediate CA certificate"
+openssl x509 -req -in intermediate-ca-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/intermediate-ca.conf -extensions v3_req_ext -out intermediate-ca.pem
+
+#######################################################################
+### Server (signed by Intermediate CA)
+#######################################################################
+
+msg "Creating server (intermediate CA) private key"
+openssl genrsa -out server-intermediate-key.pem 512
+
+msg "Creating server (intermediate CA) certificate request"
+openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out server-intermediate-csr.pem
+
+msg "Creating server (intermediate CA) certificate"
+openssl x509 -req -in server-intermediate-csr.pem -days 9125 -CA intermediate-ca.pem -CAkey intermediate-ca-key.pem -CAserial intermediate-serial -extfile ssl/server-intermediate.conf -extensions v3_req_ext -out server-intermediate.pem
+
+msg "Concatenating server (intermediate CA) chain into a file"
+cat server-intermediate.pem > chain.pem
+cat intermediate-ca.pem >> chain.pem
+cat ca.pem >> chain.pem
+
+#######################################################################
+### Cleanup
+#######################################################################
+
+# We don't need the serial files anymore
+rm -f serial
+rm -f intermediate-serial
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBujCCAWQCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x
+KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDN
+L2JuV7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGgUTBPBgkq
+hkiG9w0BCQ4xQjBAMB0GA1UdDgQWBBRd9ylgHXCCZmIH9Y3sRbfjbCVnATAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAANBAIp7
+2/fnWAYyd4QxpW8qqajTKyuGiS5rwm5knLZvriM3qR6mAtuI3vluk431YcQ1G/jn
+QdPf5uYuttJC1GzrZDE=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBANEyJ2u0kBnbu0j2ADeGEg/tLkS1+OEwdSLyYM0vYm5XucwMagAR
+R8dXfH/4Rv9N7Ka8GJHOVQPpgZBEr7YLz4sCAwEAAQJAUPmw+Kfz/45meF+Axf1H
+kJKmjkJCDCjNrrFTdxkYaM0pCDPjHeclMHZ9mhtKQs2/8ER4tvdNIUCba/f9n4lI
+QQIhAO6s3jWb4JVobvpC0r5OE/HLOLgnnieQPQGl/sBoqL6fAiEA4GF+A8XaSF/C
+V5tFTFMDN1hw9bvOxhwaVAgcBNzHA5UCIFI5t+wcIYkXi3QoZVYuq+xXKNk4vOHA
+bWQN/e/nnordAiEA26qWU9s+99vHxzybez1JyMUs0WYr6IdavymxRJFfxIECIEra
+zEU8vYbm02cECN2fB6SRAlyD8Gb6KAMP+A4RXVWO
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgy
+MzAwMjIzOVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDRMidrtJAZ27tI9gA3hhIP7S5EtfjhMHUi8mDNL2Ju
+V7nMDGoAEUfHV3x/+Eb/TeymvBiRzlUD6YGQRK+2C8+LAgMBAAGjggFFMIIBQTAd
+BgNVHQ4EFgQUXfcpYB1wgmZiB/WN7EW342wlZwEwgbsGA1UdIwSBszCBsIAUmAbQ
+gRwBOJuIai3NygAtGQ9xlbGhgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x
+FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIJAO+Cui0EIECvMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl
+LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB
+gQAmXVdwAZalZGtXBkdICHaWyVRmgCFRZfzVbGBOkeW+TEBiMgG+XrwlMQs5yyf/
+T8Mmw8TcqBJYdQhqcctbgFcSxejVAL7DnEfFcvH6acXy0K9l48pKAnYgcHstOAX2
+Fb+rSpmMDXgWuhKNudJyoOVQ/5H9LJyg6JYqoG5jqS9iQg==
+-----END CERTIFICATE-----
client.pem:
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQkwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xMTAxMTgwNjA0MTFaFw0yMTAxMTUwNjA0
-MTFaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA3LuElj2QB9wQvmIxk2Jmb
-IPP2/WS8dwPoCv/N3+6nTx8yRsrILf4QsnEbbsxoYO5jW4r9Kt8m8B/M7YgnBDE9
-zlm7JbXKZf2isSm5TyT627Ymzxrzs5d+7o2eS7SN1DB6PyvRh2ye7EMbyEYD8ULi
-itDUkYkssNCVivYwVvJoMg==
+MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xNTA4MzAwMDIyMzJaFw00MDA4MjMwMDIy
+MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQA53KGbz0v7blt33ht62Ez9
+onmLHkegWW39OgRfNPircb9+pIOtkuksPr1yE2iBmWuGPg0OwNjqHROeOodoN1xC
+vSt1kUshtpPXiK8AuYmkv53FThyEEai8kpsGp6mLEY2ISaYRD0O6B6PyV2dT/nE2
+CWob7aQ/SlFQ+txnwJtOnA==
-----END CERTIFICATE-----
client-future.pem:
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQowDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAxMTgxNzI3MDNaFw0yMTAxMTcxNzI3
-MDNaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBvt8v930fQtxR7f7Vcb1Hg
-irq1CtffsBqtKYupYg6IgloiRA6U5wdU0e6faA3Ppsmd4SmNKb9ZavIgnDBfx8MP
-1/IpsNOkg0366bP/zzkAhcXspo7PU8yZIqep//wT4TOFz04N8Lshqm8HUejShFdA
-fB8C0LX5Y/2219ZVMaaEbw==
+MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
+MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDikchi
+dUnA68g9O39LwL4zVPxgb2RG3kwGp92ZWL4HBbmh24vkr2svkmiZsF2hyOM4DhfW
+jZeMxyB1FgIPmOOJTD6bTa333nOK9gvvIJ5o6LdqLeRqwHy63Ue8ZipKhceEK9Nr
+ET4MvAL0pW8ltaoltPwysG/yTLLno81MjCAf0+lMT81Kt56zNfJbWkq1nel4xUVX
+qerKDHIlCEq/nhdJ9JoZaJ8Q4noClwGyF7ylk0wDyCQA6Hsj4l9dbRnnEm1gS8x1
+gytFTPOWhHd2sZD3T4+kcEBGuxVE8i61NTY+pPD5ezVcjVl24OSChDGQeleaVxEm
+rFep0ou71uCWKQPhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAaL1TVP7GBU/+Ujxm
+s1d6XlsczXcRTsK2SKPc7Ke8K30o7E85m5gTXtDVVdk2aCWFsrmqCW+sKSAl3TLr
+nWWlvI0k2Y3Ei81W1xkCSA8rX95K8m1FaVXz1ml5J8TjemHd/j+btzp4qjnF/S2M
+cbRhKzUoJD6FBuUq7OXOO+4T30c=
-----END CERTIFICATE-----
client-past.pem:
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQswDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
-T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLExVDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkxFzAVBgNVBAMTDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDAxMTgxNzI3NDdaFw0wMTAxMTcxNzI3
-NDdaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
-UExFMQ8wDQYDVQQDEwZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEgNDM/dg3t
-9DHNAPz/b87LSxEaKhoZ8AcNBym3LEOdCnXGEnKf0b9lkT5caXu5GAM84ahTCJ7n
-79RVNrqGKM7jbBdSX+ZUfkqJQPhOXD2+0niYQicH92nz78kxmjlbizvd3fM1BlO+
-C/++NWf2EAhORVAjvJrHNokJp3PTNRJ1WWteHeU9PwfGmWHKVc1IgvRFMH08604I
-ZzX5CcxIg/b56g27A7CBPh/KO/qKTDLFFNGc1T2asvY/P3+PeN6y+leFHStCTu7R
-Bi/l4hczZdnwq3BGT6mnjEN7wau2s7pA067SXimNOkYi5fgwspMHi8fJWmYyBypU
-mQBRzwfm77ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBC3BOULAOkRFLKLajHIIB2
-VB0tHOFWuflP/LXso3ogGA8ItqbjacqjRHdTGK79etbxSTdi7k8owMVMPavJnBYk
-TraOkf/xxHo2zWy3XES1lniTUfGgKpjYNlALB6K6DJseZorSOmGA4KllL46MYwNu
-jsLO+5HkS/uNxlKo2l+xGw==
+MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQEFBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
+ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
+MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOKRyGJ1ScDr
+yD07f0vAvjNU/GBvZEbeTAan3ZlYvgcFuaHbi+Svay+SaJmwXaHI4zgOF9aNl4zH
+IHUWAg+Y44lMPptNrffec4r2C+8gnmjot2ot5GrAfLrdR7xmKkqFx4Qr02sRPgy8
+AvSlbyW1qiW0/DKwb/JMsuejzUyMIB/T6UxPzUq3nrM18ltaSrWd6XjFRVep6soM
+ciUISr+eF0n0mhlonxDiegKXAbIXvKWTTAPIJADoeyPiX11tGecSbWBLzHWDK0VM
+85aEd3axkPdPj6RwQEa7FUTyLrU1Nj6k8Pl7NVyNWXbg5IKEMZB6V5pXESasV6nS
+i7vW4JYpA+ECAwEAATANBgkqhkiG9w0BAQUFAAOBgQAXsez9MUY7+zHe4CevgYHk
+VUGFl2BV/cncVO5M42qlYvGhzPNb3VSXlrIk0CZP/A1UrB+7+vMFQCccoXE2Yb//
+hOcumZkz4OJjz+qgsWlksaUjCnpGPIfsrW3jYBRKvL1iYo5Si1aIiQ+ej93a2Bsg
+Iy/P6Hx0b2bZ5H6v/y6bqw==
-----END CERTIFICATE-----
server.pem:
-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTExMDExNzE5NDcxN1oXDTIxMDEx
-NDE5NDcxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbf
-hRoAalKVluG9jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAGjIjAgMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAYx6fMqT1
-Gvo0jq88E8mc+bmp4LfXD4wJ7KxYeadQxt75HFRpj4FhFO3DOpVRFgzHlOEo3Fwk
-PZOKjvkT0cbcoEq5whLH25dHoQxGoVQgFyAP5s+7Vp5AlHh8Y/vAoXeEVyy/RCIH
-QkhUlAflfDMcrrYjsmwoOPSjhx6Mm/AopX4=
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
+MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
+crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
+9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
+YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
+JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
-----END CERTIFICATE-----
-
server-self.pem:
-----BEGIN CERTIFICATE-----
-MIIBiDCCATICCQDJ4QeFpYPYljANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAxMSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTExMDExOTAzMTYzOFoXDTIxMDExNjAzMTYzOFow
+MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
+dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbfhRoAalKVluG9
-jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAEwDQYJKoZIhvcNAQEFBQADQQAagc2P
-/lCfDwT3max+D2M7++KMDfGqiO3gI+hMarf/jAaQpcKO/9G95AnNo4lTd6W6/7yj
-YYvUupv+0vi4CtQG
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
+gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
+pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
+6JR2XOHSot4zsr68
-----END CERTIFICATE-----
-
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDAcmBlQzZO0JXytrD6hG7mLM4UOcv/Mq0Spdko3VfLkBXMJKF5
+TC8gJYFw5/YhWH5rQ3hQoSUq/GbaHZh1XrJpHBYHQn4sS0m4Nlrd/q1pyvSMNr0s
+Ywe+McBw9TFqGgimV6rgDGsjqz3uxqOlo5goovOS7BT9XxcHMBW3/uQuIQIDAQAB
+AoGBAIxYXTg8BfUAZPo2hWaNAhtWfYt+gui/WjyJOo90rDxF/b98z02YY527/GQM
+phC3aqpq7+lNO7/XhmJ2xuKBhvWgw7sVjhEG5bqigofH8Rc3W/SvNyo1xh658HDF
+3IgpUVAMKVb3puvZNOqBn+3WxfFP7cawSPH+gU2GTdk+e5nJAkEA4LWOlU3vlVnp
+Rd3ngQNrfrh0MR2tD34Pu0xvvpNq9KWUjREVtcNGCFx0M4WYl1caiwtmWUtmdfhy
+Yd49v0E1VwJBANs+ujWmjh8hfwAZ1lQ5DfJROAvmxYrrn98sdj9RzuhnGdFoE+Ld
+BkpAQU1PvTPp2ot60633pwEDLZzd7tfb1UcCQDUcdIDxlMkWIT60Pj2OE2A2NLBP
+NVJOF2XLoTXIHiWI5V2aRilZ6DmdsJFk6DYNDmcC4MQGQEdt24sqPinwPa0CQE6S
+kWtu0FpJx9kCaXRvqhbgkqR5ROx/eyEhLxOMPwm9AVyx3wabzYhItN5/KEB1m7QH
+Bdu/+GL9f5hLVTCZATsCQQCyc9HNvPb2V4q4ksn+RuQH7VHI/cOtqTvldBXm1HhV
+XlM4brBTQjS1WbSmjlTcnzwfaLQXk+pGsqThOgbLwDvq
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEETCCA3qgAwIBAgIJAP2QjCV8pipcMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK
+CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UE
+CwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMM
+GW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
+YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQ1MDgyMjAwMjIzMVowgZ8xEzAR
+BgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYD
+VQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UE
+AwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA
+ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMByYGVDNk7Q
+lfK2sPqEbuYszhQ5y/8yrRKl2SjdV8uQFcwkoXlMLyAlgXDn9iFYfmtDeFChJSr8
+ZtodmHVesmkcFgdCfixLSbg2Wt3+rWnK9Iw2vSxjB74xwHD1MWoaCKZXquAMayOr
+Pe7Go6WjmCii85LsFP1fFwcwFbf+5C4hAgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU
+Lu6rFocDkpwOJyAjyQrCxuefLW8wgdQGA1UdIwSBzDCByYAULu6rFocDkpwOJyAj
+yQrCxuefLW+hgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ
+k/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmlj
+YXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNv
+bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQD9kIwlfKYqXDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFt
+cGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUF
+AAOBgQAQLX3HpbnxH3gLf6rhj7IQEizZhAEGpvLMURlDdUdoH9ZYPsQ49rZ2kcjD
+FFUKa4Y9/smcBOkF1Za9xepinsftz8ALhsfyo3azXUJTm7sRcQzQkwaSsAh0smIv
+UbmMskbCbFVDwW8xu+SCRJac/+NAuxjxkgrytZksJPvQB545XQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICGDCCAYECAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV
+BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvapKy45xtxon3669spqf
++/nXzp3q7WLmQiTd0+7h60d6AekMbltqr4IhR1jUDIJzPo4vrUnWVsHcqyTp7Kj3
+Cgoce2jQEn0hURvsrulP6Bq7tB5LXkxQrmY1+55R8h1dMI2kd7Po3O3gfntuCokm
+smceeid064RqUQWAO04GqKUCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O
+BBYEFJgG0IEcATibiGotzcoALRkPcZWxMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBACd9IesNyKrVhriex7hMBZv+1M1A
+9/1ZPstHARbjRJ4AhOKQGvu3Bz7yiuzWUyVaY+naMYlu1rPcA01588xbKdBCGF9Z
+noOeVHlTZwu1OOV57KjwoilRBtjNNbmUUl3t4nlw6+sz5pPjyVYPBunMiig3n1Ke
+8jYPdl0bW/kX+8ve
+-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTExMDExNzE5NDcxN1oXDTIxMDEx
-NDE5NDcxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbf
-hRoAalKVluG9jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAGjIjAgMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAYx6fMqT1
-Gvo0jq88E8mc+bmp4LfXD4wJ7KxYeadQxt75HFRpj4FhFO3DOpVRFgzHlOEo3Fwk
-PZOKjvkT0cbcoEq5whLH25dHoQxGoVQgFyAP5s+7Vp5AlHh8Y/vAoXeEVyy/RCIH
-QkhUlAflfDMcrrYjsmwoOPSjhx6Mm/AopX4=
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
+MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
+crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
+9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
+YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
+JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
-----END CERTIFICATE-----
------BEGIN PRIVATE KEY-----
-MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA2EnE8ZOeVwZmwzPc
-88DvoK1ckhOK7nVrsx9j6TmyKJ6m34UaAGpSlZbhvY72xyPNXl8QnUjm79SgT9bG
-zeUc6QIDAQABAkBRFJZ32VbqWMP9OVwDJLiwC01AlYLnka0mIQZbT/2xq9dUc9GW
-U3kiVw4lL8v/+sPjtTPCYYdzHHOyDen6znVhAiEA9qJT7BtQvRxCvGrAhr9MS022
-tTdPbW829BoUtIeH64cCIQDggG5i48v7HPacPBIH1RaSVhXl8qHCpQD3qrIw3FMw
-DwIga8PqH5Sf5sHedy2+CiK0V4MRfoU4c3zQ6kArI+bEgSkCIQCLA1vXBiE31B5s
-bdHoYa1BXebfZVd+1Hd95IfEM5mbRwIgSkDuQwV55BBlvWph3U8wVIMIb4GStaH8
-W535W8UBbEg=
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
+7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
+hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
+YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
+DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
+8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
+c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBNjCB4QIBADBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
+GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/A
+jUg3gVFKw+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAaAxMC8GCSqGSIb3
+DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
+9w0BAQUFAANBADtTaSyvJDUzCuim8Wlk8MVVsGQzC2czFRshO5JcPgjq08gN9FXM
+KUYeUQYLGGVnVXkTqWdAOog769XukpDGv2g=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAM2PTEorKL/7mIbYVOz+U6DAo+itGDr2jjOyYxxU5+/AjUg3gVFK
+w+mpok26sdwY2q8aiPTuE0F1bF2iLEXimacCAwEAAQJACu1/RMIenHYnmaOOgDrU
+/0q+a/QnwZqx3JWzJyJsYhZmAJRw7/0MjsrD+UoPggvliu77FmnYihYEPxdlM39D
+QQIhAPE0Lu0W1vhiXxuEwIP7w7ix/IlTgZ/xIhoOltfwKSMPAiEA2itd/y6MvNgq
+39ZZDiAn5mjyDoSNJuafRi1FNY4fP+kCIGcNRH9HItE8NiYrsZSyHAzs/lgttVQA
+UfGQCiJ4GRtBAiBc+I4d6KBg+V2L9bQNqPZX4fEE7seYBD9rkG8l22LFwQIgOKPr
+BUkGlw/IMHWVXhQkPKSAPoSLHEvGiQCIyIckCMc=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICHTCCAcegAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
+bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
+aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
+LWNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzOVoXDTQwMDgyMzAwMjIzOVow
+SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDNj0xKKyi/+5iG2FTs/lOgwKPorRg69o4zsmMcVOfvwI1IN4FRSsPpqaJN
+urHcGNqvGoj07hNBdWxdoixF4pmnAgMBAAGjMzAxMAkGA1UdEwQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBFjANBgkqhkiG9w0BAQUFAANB
+ALl1WO7IZYOvPwhyQ4EpCLjSsTuGBcfbWFtw4XiQueZ8TILHcZARH4nW1tKoVWzc
+rIGhqRjNMWRmaH1wgSCGRiE=
+-----END CERTIFICATE-----
------BEGIN PRIVATE KEY-----
-MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA2EnE8ZOeVwZmwzPc
-88DvoK1ckhOK7nVrsx9j6TmyKJ6m34UaAGpSlZbhvY72xyPNXl8QnUjm79SgT9bG
-zeUc6QIDAQABAkBRFJZ32VbqWMP9OVwDJLiwC01AlYLnka0mIQZbT/2xq9dUc9GW
-U3kiVw4lL8v/+sPjtTPCYYdzHHOyDen6znVhAiEA9qJT7BtQvRxCvGrAhr9MS022
-tTdPbW829BoUtIeH64cCIQDggG5i48v7HPacPBIH1RaSVhXl8qHCpQD3qrIw3FMw
-DwIga8PqH5Sf5sHedy2+CiK0V4MRfoU4c3zQ6kArI+bEgSkCIQCLA1vXBiE31B5s
-bdHoYa1BXebfZVd+1Hd95IfEM5mbRwIgSkDuQwV55BBlvWph3U8wVIMIb4GStaH8
-W535W8UBbEg=
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAOTo6nXwfxpFm+vyN+OFKTDc/gbLTvR5veGumQiJmXTlTE5ysj5w
+7dJoTnOCZxbXxQ+ld/BaXi7L9DqdqCRkNe8CAwEAAQJBAIbwSm411Cc/i3eeNJX5
+hFuammCU7rktHuLv0qR2wLBn8Sj2XXtJPlBEdolhQdO+YECBMxUG8f92LeJ4T2OF
+YhkCIQD/2tu/Sq5iVLkrocnCpppbxcZ5JUYDgnD2TrbvSghj+wIhAOUKJVyo5xRH
+DpyAfthRJa6VDUip3hVUz+Zz8PDmkp+dAiAX2nGuTeogJMH2vWiwCxRNBg1Q8haq
+8RhS/lezy3UozQIhANa8QHMzWBNG24gXYNVmnzGjRSUPPcw6DAFASnFRe75xAiAq
+c0wJZWOMbezOsSgAwPt/xsabERIVXSNhzt1il/lPjA==
+-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIBiDCCATICCQDJ4QeFpYPYljANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAxMSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTExMDExOTAzMTYzOFoXDTIxMDExNjAzMTYzOFow
+MIIBiDCCATICCQD8Rn+cHcihijANBgkqhkiG9w0BAQUFADBLMRMwEQYKCZImiZPy
+LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
+dmVyLmV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgyMzAwMjIzMVow
SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
-MEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbfhRoAalKVluG9
-jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAEwDQYJKoZIhvcNAQEFBQADQQAagc2P
-/lCfDwT3max+D2M7++KMDfGqiO3gI+hMarf/jAaQpcKO/9G95AnNo4lTd6W6/7yj
-YYvUupv+0vi4CtQG
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxOcrI+cO3SaE5z
+gmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAEwDQYJKoZIhvcNAQEFBQADQQADBJbF
+pDpocLDuQo5DXoXVlloJAputR6oKQLtTFRorEr0iASEr/8DEXfFoOI+US/8EZ/IT
+6JR2XOHSot4zsr68
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
-ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsTFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTExMDExNzE5NDcxN1oXDTIxMDEx
-NDE5NDcxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDYScTxk55XBmbDM9zzwO+grVySE4rudWuzH2PpObIonqbf
-hRoAalKVluG9jvbHI81eXxCdSObv1KBP1sbN5RzpAgMBAAGjIjAgMAkGA1UdEwQC
-MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADgYEAYx6fMqT1
-Gvo0jq88E8mc+bmp4LfXD4wJ7KxYeadQxt75HFRpj4FhFO3DOpVRFgzHlOEo3Fwk
-PZOKjvkT0cbcoEq5whLH25dHoQxGoVQgFyAP5s+7Vp5AlHh8Y/vAoXeEVyy/RCIH
-QkhUlAflfDMcrrYjsmwoOPSjhx6Mm/AopX4=
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE1MDgzMDAwMjIzMVoXDTQwMDgy
+MzAwMjIzMVowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDk6Op18H8aRZvr8jfjhSkw3P4Gy070eb3hrpkIiZl05UxO
+crI+cO3SaE5zgmcW18UPpXfwWl4uy/Q6nagkZDXvAgMBAAGjMzAxMAkGA1UdEwQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEwKgBCjANBgkqhkiG
+9w0BAQUFAAOBgQBmJQF4mdpoinkWTB5khs2ZVWZWf4QPLH2I/sP8IY1pWIVNtOVG
+YiTURtsdIHffSAoJ+9H+KrZhxk7TO9v7LR2Au1fGC6FuGjRizYb6UTe7tpoaZvlj
+JZj3sE/Rw/zCHCjA9xNTeYvQlKBzuohbUVGS+kEhxI7ScDmd7ylKSLIbBQ==
-----END CERTIFICATE-----
--- /dev/null
+# Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Certificate Authority"
+commonName = "ca.example.com"
+emailAddress = "ca@example.com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:ca@example.com
+issuerAltName = issuer:copy
--- /dev/null
+# Client
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "Client"
+emailAddress = client@example.com
--- /dev/null
+# Intermediate Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Intermediate Certificate Authority"
+commonName = "intermediate-ca.example.com"
+emailAddress = "intermediate-ca@example.com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:intermediate-ca@example.com
+issuerAltName = issuer:copy
--- /dev/null
+# Root CA
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+organizationalUnitName = "Old Untrusted Certificate Authority"
+commonName = "once.was.a.ca.example.com"
+emailAddress = "ca@example.com"
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+#authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+
+[ v3_req_ext ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical,keyCertSign,cRLSign
+subjectAltName = email:ca@example.com
+issuerAltName = issuer:copy
--- /dev/null
+# Server
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "server.example.com"
+
+[ req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+
+[ v3_req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.0 = 192.168.1.22
--- /dev/null
+# Server
+
+[ req ]
+default_md = sha1
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "server.example.com"
+
+[ req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+
+[ v3_req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.0 = 192.168.1.10
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
task = g_task_new (interaction, cancellable, callback, user_data);
- g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
+ if (self->static_error)
+ g_task_return_error (task, g_error_copy (self->static_error));
+ else
+ g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
g_task_return_boolean (task, TRUE);
+ g_object_unref (task);
}
static GTlsInteractionResult
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_INTERACTION_FAILED;
- g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
- return G_TLS_INTERACTION_HANDLED;
+ if (self->static_error)
+ {
+ g_propagate_error (error, g_error_copy (self->static_error));
+ return G_TLS_INTERACTION_FAILED;
+ }
+ else
+ {
+ g_tls_password_set_value (password, (const guchar *)self->static_password, -1);
+ return G_TLS_INTERACTION_HANDLED;
+ }
+}
+
+static void
+mock_interaction_request_certificate_async (GTlsInteraction *interaction,
+ GTlsConnection *connection,
+ GTlsCertificateRequestFlags flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ MockInteraction *self = MOCK_INTERACTION (interaction);
+ GTask *task;
+
+ task = g_task_new (interaction, cancellable, callback, user_data);
+
+ if (self->static_error)
+ g_task_return_error (task, g_error_copy (self->static_error));
+ else
+ {
+ g_tls_connection_set_certificate (connection, self->static_certificate);
+ g_task_return_boolean (task, TRUE);
+ }
+ g_object_unref (task);
+}
+
+static GTlsInteractionResult
+mock_interaction_request_certificate_finish (GTlsInteraction *interaction,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, interaction),
+ G_TLS_INTERACTION_UNHANDLED);
+
+ if (!g_task_propagate_boolean (G_TASK (result), error))
+ return G_TLS_INTERACTION_FAILED;
+ else
+ return G_TLS_INTERACTION_HANDLED;
+}
+
+static GTlsInteractionResult
+mock_interaction_request_certificate (GTlsInteraction *interaction,
+ GTlsConnection *connection,
+ GTlsCertificateRequestFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ MockInteraction *self = MOCK_INTERACTION (interaction);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_INTERACTION_FAILED;
+
+ if (self->static_error)
+ {
+ g_propagate_error (error, g_error_copy (self->static_error));
+ return G_TLS_INTERACTION_FAILED;
+ }
+ else
+ {
+ g_tls_connection_set_certificate (connection, self->static_certificate);
+ return G_TLS_INTERACTION_HANDLED;
+ }
}
static void
MockInteraction *self = MOCK_INTERACTION (object);
g_free (self->static_password);
+ g_clear_object (&self->static_certificate);
+ g_clear_error (&self->static_error);
G_OBJECT_CLASS (mock_interaction_parent_class)->finalize (object);
}
interaction_class->ask_password = mock_interaction_ask_password;
interaction_class->ask_password_async = mock_interaction_ask_password_async;
interaction_class->ask_password_finish = mock_interaction_ask_password_finish;
-
+ interaction_class->request_certificate = mock_interaction_request_certificate;
+ interaction_class->request_certificate_async = mock_interaction_request_certificate_async;
+ interaction_class->request_certificate_finish = mock_interaction_request_certificate_finish;
}
GTlsInteraction *
-mock_interaction_new_static (const gchar *password)
+mock_interaction_new_static_password (const gchar *password)
{
MockInteraction *self;
self->static_password = g_strdup (password);
return G_TLS_INTERACTION (self);
}
+
+GTlsInteraction *
+mock_interaction_new_static_certificate (GTlsCertificate *cert)
+{
+ MockInteraction *self;
+
+ self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
+
+ self->static_certificate = cert ? g_object_ref (cert) : NULL;
+ return G_TLS_INTERACTION (self);
+}
+
+GTlsInteraction *
+mock_interaction_new_static_error (GQuark domain,
+ gint code,
+ const gchar *message)
+{
+ MockInteraction *self;
+
+ self = g_object_new (MOCK_TYPE_INTERACTION, NULL);
+
+ self->static_error = g_error_new (domain, code, "%s", message);
+ return G_TLS_INTERACTION (self);
+}
{
GTlsInteraction parent_instance;
gchar *static_password;
+ GTlsCertificate *static_certificate;
+ GError *static_error;
};
struct _MockInteractionClass
GType mock_interaction_get_type (void);
-GTlsInteraction *mock_interaction_new_static (const gchar *password);
+
+GTlsInteraction *mock_interaction_new_static_password (const gchar *password);
+
+GTlsInteraction *mock_interaction_new_static_certificate (GTlsCertificate *cert);
+
+GTlsInteraction *mock_interaction_new_static_error (GQuark domain,
+ gint code,
+ const gchar *message);
G_END_DECLS
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
#include "config.h"
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/
/* This time we log in, and should have a match */
results = g_ptr_array_new_with_free_func ((GDestroyNotify)g_pkcs11_array_unref);
- interaction = mock_interaction_new_static (MOCK_SLOT_ONE_PIN);
+ interaction = mock_interaction_new_static_password (MOCK_SLOT_ONE_PIN);
state = g_pkcs11_slot_enumerate (test->slot, interaction,
match->attrs, match->count, TRUE,
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ *
* Author: Stef Walter <stefw@collabora.co.uk>
*/