--- /dev/null
+image: registry.gitlab.gnome.org/gnome/glib-networking/master:v19
+
+fedora-x86_64:
+ stage: build
+ variables:
+ # Remove for PKCS11 logs, otherwise generates a lot of noise hitting gitlab's limit
+ PKCS11SPY_PATH: disabled
+ script:
+ - cp .gitlab-ci/lcovrc ~/.lcovrc
+ - meson --prefix=$HOME/glib-networking-installed
+ -Db_coverage=true
+ -Dgnutls=enabled
+ -Dopenssl=enabled
+ -Dlibproxy=enabled
+ -Dgnome_proxy=enabled
+ -Dwerror=true
+ _build/
+ - meson compile -C _build/
+ - meson test -v -C _build/ --repeat=1000
+ - meson install -C _build/
+ - ninja -C _build coverage-html
+ artifacts:
+ paths:
+ - _build/test-results
+ - _build/meson-logs/coveragereport
+ when: always
+ coverage: '/^\s+lines\.+:\s+([\d.]+\%)\s+/'
+
+fedora-x86_64-asan:
+ tags: [ asan ]
+ stage: build
+ variables:
+ PKCS11SPY_PATH: disabled
+ ASAN_OPTIONS: fast_unwind_on_malloc=0
+ script:
+ - meson -Db_sanitize=address
+ -Dgnutls=enabled
+ -Dopenssl=enabled
+ -Dlibproxy=enabled
+ -Dgnome_proxy=enabled
+ -Dwerror=true
+ _build/
+ - meson compile -C _build/
+ - meson test --verbose --timeout-multiplier=10 -C _build/
+ artifacts:
+ paths:
+ - _build/test-results
+ when: on_failure
+
+fedora-x86_64-scan-build:
+ stage: build
+ script:
+ - meson -Dgnutls=enabled
+ -Dopenssl=enabled
+ -Dlibproxy=enabled
+ -Dgnome_proxy=enabled
+ -Dwerror=true
+ _build/
+ - scan-build meson compile -C _build/
+ - bash -c 'if [[ -n "$(ls -A _build/meson-logs/scanbuild/)" ]]; then echo "Scan build log found, assuming defects exist"; exit 1; fi'
+ artifacts:
+ paths:
+ - _build/meson-logs/scanbuild
+ when: on_failure
+
+vs2017-x64:
+ stage: build
+ except:
+ - tags
+ tags:
+ - win32-ps
+ script:
+ - .gitlab-ci/test-msvc.bat
+ artifacts:
+ paths:
+ - build/test-results
+ when: on_failure
--- /dev/null
+FROM fedora:latest
+
+RUN dnf update -y \
+ && dnf install -y 'dnf-command(builddep)' \
+ && dnf builddep -y glib-networking glib2 \
+ && dnf install -y clang-analyzer \
+ lcov \
+ libasan \
+ openssl-devel \
+ git \
+ opensc \
+ && dnf clean all \
+ && git clone https://gitlab.gnome.org/GNOME/glib.git \
+ && pushd glib \
+ && meson _build --prefix=/usr \
+ && meson install -C _build \
+ && popd \
+ && rm -rf glib
+
+ARG HOST_USER_ID=5555
+ENV HOST_USER_ID ${HOST_USER_ID}
+RUN useradd -u $HOST_USER_ID -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8
--- /dev/null
+# CI support stuff
+
+## Docker image
+
+GitLab CI jobs run in a Docker image, defined here. To update that image
+(perhaps to install some more packages):
+
+1. Edit `.gitlab-ci/Dockerfile` with the changes you want
+2. Edit `.gitlab-ci/run-docker.sh` and bump the version in `TAG`
+3. Run `.gitlab-ci/run-docker.sh` to build the new image, and launch a shell
+ inside it
+ * When you're done, exit the shell in the usual way
+4. Run `.gitlab-ci/run-docker.sh --push` to upload the new image to the GNOME
+ GitLab Docker registry
+ * If this is the first time you're doing this, you'll need to log into the
+ registry
+ * If you use 2-factor authentication on your GNOME GitLab account, you'll
+ need to [create a personal access token][pat] and use that rather than
+ your normal password
+5. Edit `.gitlab-ci.yml` (in the root of this repository) to use your new
+ image
+
+[pat]: https://gitlab.gnome.org/profile/personal_access_tokens
--- /dev/null
+# lcov and genhtml configuration
+# See http://ltp.sourceforge.net/coverage/lcov/lcovrc.5.php
+
+# Always enable branch coverage
+lcov_branch_coverage = 1
+
+# Exclude precondition assertions, as we can never reasonably get full branch
+# coverage of them, as they should never normally fail.
+# See https://github.com/linux-test-project/lcov/issues/44
+# Also ignore g_clear macros as we don't care about the NULL path often
+lcov_excl_br_line = LCOV_EXCL_BR_LINE|g_return_if_fail|g_return_val_if_fail|g_assert|g_assert_|g_warn_if_fail|g_clear_
+
+# Similarly for unreachable assertions.
+lcov_excl_line = LCOV_EXCL_LINE|g_return_if_reached|g_return_val_if_reached|g_assert_not_reached|g_warn_if_reached
--- /dev/null
+#!/bin/bash
+
+set -e
+
+TAG="registry.gitlab.gnome.org/gnome/glib-networking/master:v19"
+
+cd "$(dirname "$0")"
+
+podman build --build-arg HOST_USER_ID="$UID" --tag "${TAG}" --file "Dockerfile" --format=docker .
+
+if [ "$1" = "--push" ]; then
+ podman login registry.gitlab.gnome.org
+ podman push $TAG
+else
+ podman run --rm \
+ --volume "$(pwd)/..:/home/user/app" --workdir "/home/user/app" \
+ --tty --interactive "${TAG}" bash
+fi
--- /dev/null
+@echo on
+:: vcvarsall.bat sets various env vars like PATH, INCLUDE, LIB, LIBPATH for the
+:: specified build architecture
+call "C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" x64
+@echo on
+
+set BUILD_DIR=c:\gnet
+
+@RD /S /Q %BUILD_DIR%
+
+IF EXIST %BUILD_DIR% GOTO NOGVSBUILD
+
+git clone --depth 1 https://github.com/wingtk/gvsbuild.git || goto :error
+
+pushd gvsbuild
+python.exe build.py --verbose --debug build -p x64 --vs-ver 15 --build-dir %BUILD_DIR% openssl glib || goto :error
+popd
+
+:NOGVSBUILD
+
+set DEPS_DIR=%BUILD_DIR%\gtk\x64\release
+set PATH=%DEPS_DIR%\bin;%PATH%
+set LIB=%DEPS_DIR%\lib;%LIB%
+set LIBPATH=%DEPS_DIR%\lib;%LIBPATH%
+set INCLUDE=%DEPS_DIR%\include;%DEPS_DIR%\include\glib-2.0;%INCLUDE%
+set PKG_CONFIG_PATH=%DEPS_DIR%\lib\pkgconfig
+
+:: FIXME: make warnings fatal
+pip3 install --upgrade --user meson==0.60.0 || goto :error
+meson build -Dgnutls=disabled -Dopenssl=enabled || goto :error
+ninja -C build || goto :error
+
+meson test -C build --timeout-multiplier=10 || goto :error
+
+:: FIXME: can we get code coverage support?
+
+goto :EOF
+:error
+exit /b 1
--- /dev/null
+# Code Style
+
+In order to keep the code nice and clean we have a few requirements you'll
+need to stick to in order to get your patch accepted:
+
+ * Use GNU-style indentation:
+
+ ```
+ if (condition)
+ {
+ // body
+ }
+ ```
+
+ * No braces for one line control clauses, except when another clause in the
+ chain contains more than one line:
+
+ ```
+ if (condition)
+ look_no_braces ();
+
+ if (condition)
+ {
+ // Use braces even though it's only one statement, because
+ // the condition is multiple lines long.
+ function_call_with_many_arguments (arg1, arg2, arg3,
+ arg4, arg5, arg6);
+ }
+ else
+ {
+ // Use braces because the clause above did.
+ }
+ ```
+
+ * Callback functions have a suffix _cb. TODO: ensure existing code follows this
+ rule.
+
+ * Use `char`/`int`/`double`/…, not `gchar`/`gint`/`gdouble`/… types, except
+ when implementing GLib vfuncs that use these types. TODO: ensure existing
+ code follows this rule.
+
+ * All implementation files must include first `"config.h"`, followed by
+ the primary header, followed by a blank line, followed by all the
+ local headers sorted alphabetically, followed by a blank line,
+ followed by all the system headers sorted alphabetically. Headers
+ should follow the same pattern excluding the config.h and
+ self file section, for obvious reasons. TODO: ensure existing code follows
+ this rule.
+
+ * There's no space between a type cast and the variable name: Right:
+ `(int *)foo`. Wrong: `(int*) foo`.
+
+ * Avoid explicit comparisons against TRUE, FALSE, and NULL. Right:
+ `if (!condition)`, `if (!pointer)`, `if (integer == 0)`. Wrong:
+ `if (condition == FALSE)`, `if (pointer == NULL)`, `if (!integer)`.
+ Exception: `pointer != NULL` may be used to convert to gboolean since some
+ developers find this more natural than `!!pointer`.
+2.72.alpha - January 6, 2022
+============================
+
+ - OpenSSL: fix unsafe error handling (!187, Patrick Griffis)
+ - Correctly load libsoup DLL on Windows (!190, Chun-wei Fan)
+ - OpenSSL: use system trust on Windows (!192, Francesco Conti)
+ - GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores (!194)
+ - OpenSSL: fail when appropriate if Must-Staple extension is set (!197)
+ - Improve failure of tls-unique channel binding requests (!198, Ruslan Marchenko)
+ - Do not fill SNI extension with IP address (!200, Matteo Biggio)
+
+2.70.1 - December 6, 2021
+=========================
+
+ - Fix crashes when handshake is cancelled (#97, #176)
+ - OpenSSL: fix spurious certificate expired verification errors (#179)
+ - GnuTLS: Fix tests on 32-bit systems (!188, Simon McVittie)
+ - GnuTLS: Fix crash when invalid priority string is forced (!189)
+
+2.70.0 - September 16, 2021
+===========================
+
+ - Updated translations
+
+2.70.rc - September 3, 2021
+===========================
+
+ - gnutls: revert AuthorityInformationAccess implementation for now (#160)
+ - gnutls: fix use of non-default GTlsDatabases, Geary crash on startup (#169)
+ - openssl: remove openssl-util (!181)
+ - gnutls: fix leak in g_tls_certificate_gnutls_copy (!182, Patrick Griffis)
+ - gnutls: Unbreak GTLS_GNUTLS_CHECK_VERSION (!185)
+
+2.70.beta - August 12, 2021
+===========================
+
+ - gnutls: Ensure that PKCS #11 pins are NUL terminated (!178, Patrick Griffis)
+ - openssl: Restore OCSP support (!179, !180, Patrick Griffis)
+
+2.70.alpha - July 2, 2021
+=========================
+
+- Fix TLS channel bindings tests (#164)
+- Require OpenSSL 1.0.2 (#166)
+- Fix threadsafety issue in certificate verification (!148)
+- dlopen libsoup for performing HTTP requests (!149, Patrick Griffis)
+- Implement new get_negotiated_protocol vfunc (!150)
+- Implement new protocol version and ciphersuite name accessors (!151)
+- OpenSSL: use system keychain on macOS (!154)
+- OpenSSL: add DTLS support, plus many related improvements (!155, Ole André Vadla Ravnås)
+- Implement new GTlsCertificate details APIs (!156, !165, Ross Wollman)
+- GnuTLS: improve error handling for PIN failures (!158, Patrick Griffis)
+- GnuTLS: expose PIN type on PIN requests (!159, Patrick Griffis)
+- GnuTLS: check cancellable in pull timeout callback (!160)
+- Add support for Android (!162, Ole André Vadla Ravnås)
+- Improve automation of test certificate creation (!167, !168, !169, Patrick Griffis)
+- GnuTLS: use GnuTLS to implement all channel bindings (!172)
+- GnuTLS: rework certificate verification to use TLS session (!173)
+- GnuTLS: improve peer identity verification (!176)
+- Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again)
+
+2.68.1 - April 22, 2021
+=======================
+
+ - Fix threadsafety issue in certificate verification (!148)
+ - Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7 (#160)
+
+2.68.0 - March 19, 2021
+=======================
+
+ - Fix double free in GnuTLS client certificate request code (!147)
+
+2.68.rc - March 12, 2021
+========================
+
+ - Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED
+ - Fix check for certain handshake failure conditions
+
+2.68.alpha - January 7, 2021
+============================
+
+ - Download and validate missing intermediate certificates (requires GnuTLS 3.7) (#96)
+ - OpenSSL backend now uses system crypto policy (#106)
+ - Remove use of g_assert in testsuite (#137)
+ - Restore support for old versions of OpenSSL (#156)
+ - Implement TLS channel bindings API (!139, Ruslan Marchenko)
+ - Implement PKCS#11 API (!140, Patrick Griffis)
+ - Update testsuite for Fedora 33 crypto policy (!141)
+ - Fix NULL dereference in g_tls_connection_base_read_message (!144, Vladimir D. Seleznev)
+ - Fix a couple code issues found by Coverity
+
+2.66.0 - September 11, 2020
+===========================
+
+- Updated translations
+
+2.65.90 - August 6, 2020
+========================
+
+ - Many fixes to OpenSSL backend (!128, Ruslan Marchenko)
+
+2.65.1 - July 2, 2020
+=====================
+
+ - Fix peer-certificate[-errors] props set too soon (#127)
+ - Implement ALPN for OpenSSL backend (!126, Ruslan Marchenko)
+ - Fix Windows build (!127, Cun-wei Fan)
+
+2.64.3 - May 28, 2020
+=====================
+
+- Revert warning when server-identity property is unset (#130)
+- Fix CVE-2020-13645, fail connections when server identity is unset (#135)
+
+2.64.2 - April 14, 2020
+=======================
+
+- Reenable TLS 1.0/1.1 protocols due to COVID-19.
+- Fix build warning on Windows.
+
+2.64.1 - March 27, 2020
+=======================
+
+- Warn when server-identity property is missing (#130)
+- Fix crashes in debug logs (#131)
+- Fix write loop in OpenSSL backend (!117)
+
+2.64.0 - March 6, 2020
+======================
+
+- Fix OpenSSL backend on RHEL 6 (!116)
+
+2.63.92 - February 27, 2020
+===========================
+
+- Revert fix for #127, which broke libsoup (#129)
+
+2.63.91 - February 14, 2020
+===========================
+
+- Fix peer-certificate properties changing too soon (#127)
+- GnuTLS backend: reduce session resumption cache lifetime (!113)
+- GnuTLS backend: restore TLS 1.2 support for copy session state (!114)
+
+2.63.90 - February 1, 2020
+==========================
+
+- Remove PKCS#11 support, deferred until next cycle (#104)
+- Remove OpenSSL backend's OCSP support (#124)
+
+2.63.3 - January 3, 2019
+========================
+
+- Fix OpenSSL backend regressions and reenable OpenSSL testsuite (#54)
+- Temporarily disable cancellation of sync handshakes (#97)
+- Disable flaky test (#104) and resolve testsuite flakiness (#105)
+- Fix leak of base iostream (or base datagram socket), 2.62 regression
+- Fix duplicate notifies of peer-certificate and peer-certificate-errors
+- Fix regression where GnuTLS connection init could theoretically fail without error
+- Fix obscure corner case where SNI might not work
+- Fix various build warnings on Windows
+- Fix multiple build failures on Windows (Chun-wei Fan)
+- Fix installed tests (Iain Lane)
+
+2.63.2 - November 22, 2019
+==========================
+
+- Fix crash when handshake context is reset too late (#97)
+- Require GnuTLS 3.6.5 (#100)
+- Build mock PKCS #11 module only for GnuTLS backend (#101)
+- Rework session resumption support for TLS 1.3 (!69)
+- Run GnuTLS tests under TLS 1.2 in addition to TLS 1.3 (!69)
+- Support OpenSSL 1.0.1 (!81)
+- Drop rehandshake mode and protocol version fallback support (!83)
+- Add logging functions (!89, MARTINSONS Frederic)
+- Fix PKCS #11 tests with TLS 1.2 (!91, Patrick Griffis)
+- Add more debug logging for PKCS #11 (!92, Patrick Griffis)
+- Fix leak in GTlsCertificateGnutls finalizer (!93, Patrick Griffis)
+
+2.63.1 - October 11, 2019
+=========================
+
+- Add support for new PKCS#11 APIs to facilitate use with smartcards (Patrick Griffis)
+- Disable TLS 1.0 and TLS 1.1 when using GnuTLS
+- Fix threadsafety issue (#95)
+
+2.62.1 - October 4, 2019
+========================
+
+- Fix two memory leaks (!71, !72, Claudio Saavedra)
+
+2.62.0 - September 7, 2019
+==========================
+
+- Revert broken queued data fix for #15
+
+2.61.92 - September 2, 2019
+===========================
+
+- Discard queued data after interrupted writes (#15)
+- Verify socket timeouts are respected (#18)
+- Fix a couple broken error messages
+
+2.61.90 - August 5, 2019
+========================
+
+- Fix translations of certain error messages
+
+2.61.2 - July 22, 2019
+======================
+
+- Improve certain handshake error messages (#13)
+- Fix regressions introduced in 2.61.1 (#91, #92)
+
+2.61.1 - June 9, 2019
+=====================
+
+This release contains a major refactoring of the TLS codebase. The GnuTLS
+backend now shares the same base classes as the OpenSSL backend, to avoid
+duplicating as much code as possible. The base classes, previously used only by
+the OpenSSL backend and originally forked from glib-networking several years
+ago, have been enhanced to achieve feature-parity with the current state of the
+GnuTLS backend.
+
+Please note that the OpenSSL backend remains experimental. Further planned work
+is required before this backend will be production-ready.
+
+2.60.3 - June 9, 2019
+=====================
+
+- Fix clobbering of the thread-default main context after certificate
+ verification failure during async handshakes since 2.60.1 (#85)
+- Fix GTlsDatabase initialization failures in OpenSSL backend due to
+ uninitialized memory use
+- Fix minor leak of ALPN protocols
+
+2.60.2 - May 2, 2019
+====================
+
+- OpenSSL backend now defaults to system trust store (#62)
+- Fix client auth failure error with GnuTLS 3.6.7 (#70)
+
2.60.1 - April 1, 2019
======================
project(
'glib-networking', 'c',
- version: '2.60.1',
+ version: '2.72.alpha',
license: 'LGPL2.1+',
- meson_version: '>= 0.47.0',
- default_options: ['c_std=c11']
+ meson_version: '>= 0.50.0',
+ default_options: ['c_std=gnu99']
)
prefix = get_option('prefix')
common_flags = [
'-DHAVE_CONFIG_H',
'-DG_LOG_DOMAIN="GLib-Net"',
+ '-DG_LOG_USE_STRUCTURED',
'-DLOCALE_DIR="@0@"'.format(localedir),
'-DG_DISABLE_DEPRECATED',
- '-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_56'
+ '-DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_70'
]
add_project_arguments(common_flags, language: 'c')
+cflags = cc.get_supported_arguments(['-Werror=declaration-after-statement',
+ '-Werror=implicit-function-declaration'])
+add_project_arguments(cflags, language: 'c')
+
symbol_map = join_paths(meson.current_source_dir(), meson.project_name() + '.map')
module_ldflags = []
-if host_system.contains('linux')
+if host_system.contains('linux') or host_system == 'android'
test_ldflag = '-Wl,--version-script,' + symbol_map
module_ldflags += cc.get_supported_link_arguments(test_ldflag)
endif
# *** Check GLib GIO ***
-glib_dep = dependency('glib-2.0', version: '>= 2.55.1',
+glib_dep = dependency('glib-2.0', version: '>= 2.69.0',
fallback: ['glib', 'libglib_dep'])
gio_dep = dependency('gio-2.0',
fallback: ['glib', 'libgio_dep'])
-gobject_dep = dependency('gio-2.0',
+gobject_dep = dependency('gobject-2.0',
fallback: ['glib', 'libgobject_dep'])
gmodule_dep = dependency('gmodule-2.0',
fallback: ['glib', 'libgmodule_dep'])
define_variable: ['libdir', join_paths(prefix, libdir)])
endif
-assert(gio_module_dir.startswith(prefix), 'GIO_MODULE_DIR is missing from gio-2.0.pc')
+assert(gio_module_dir != '', 'GIO_MODULE_DIR is missing from gio-2.0.pc')
# *** Checks for LibProxy ***
libproxy_dep = dependency('libproxy-1.0', version: '>= 0.3.1', required: get_option('libproxy'))
backends = []
+# *** Check for dl ***
+have_rtld_noload = cc.has_header_symbol('dlfcn.h', 'RTLD_NOLOAD')
+config_h.set('HAVE_RTLD_NOLOAD', have_rtld_noload)
+
# *** Checks for GnuTLS ***
-gnutls_dep = dependency('gnutls', version: '>= 3.4.6', required: get_option('gnutls'))
+gnutls_dep = dependency('gnutls', version: '>= 3.6.5', required: get_option('gnutls'))
if gnutls_dep.found()
backends += ['gnutls']
openssl_dep = []
else
# XXX: https://github.com/mesonbuild/meson/issues/2945
- openssl_dep = dependency('openssl', required: openssl_option.enabled() and cc.get_id() != 'msvc')
+ openssl_dep = dependency('openssl', version: '>= 1.0.2', required: false)
if openssl_dep.found()
backends += ['openssl']
- elif cc.get_id() == 'msvc' and not openssl_option.disabled()
+ else
# MSVC builds of OpenSSL does not generate pkg-config files,
# so we check for it manually here in this case, if we can't find those files
# Based on the CMake check for OpenSSL in CURL's CMakeLists.txt,
# on which headers we should check for
- have_openssl = true
+
+ # OpenSSL's MSVC NMake Makefiles prepends the library filenames with 'lib',
+ # so we must prepend the libraries with 'lib' on MSVC, except for the pre-1.1.x
+ # ssleay32.lib
+ openssl_lib_prefix = ''
+ if cc.get_argument_syntax() == 'msvc'
+ openssl_lib_prefix = 'lib'
+ endif
+
+ openssl_headers = []
foreach h : ['crypto.h', 'engine.h', 'err.h', 'pem.h',
'rsa.h', 'ssl.h', 'x509.h', 'rand.h', 'tls1.h']
- header = 'openssl/' + h
- if not cc.has_header(header)
- have_openssl = false
- if openssl_option.enabled()
- error('openssl module is enabled and @0@ not found'.format(header))
- endif
- endif
+ openssl_headers += 'openssl/' + h
endforeach
# OpenSSL 1.1.x and 1.0.x (or earlier) have different .lib names,
# so we need to look for the correct pair
# Find either libcrypto.lib (1.1.x) or libeay32.lib (1.0.x or earlier) first
- libcrypto_dep = cc.find_library('libcrypto', required: false)
+ libcrypto_dep = cc.find_library('@0@crypto'.format(openssl_lib_prefix), required: false)
if libcrypto_dep.found()
- libssl = 'libssl'
+ libssl = '@0@ssl'.format(openssl_lib_prefix)
else
- libcrypto_dep = cc.find_library('libeay32', required: openssl_option)
+ libcrypto_dep = cc.find_library('@0@eay32'.format(openssl_lib_prefix), required: openssl_option)
libssl = 'ssleay32'
endif
if libcrypto_dep.found()
# Find the corresponding SSL library depending on which crypto .lib we found
- libssl_dep = cc.find_library(libssl, required: openssl_option)
+ libssl_dep = cc.find_library(libssl, required: openssl_option, has_headers: openssl_headers)
endif
- if libcrypto_dep.found() and have_openssl
+ if libcrypto_dep.found() and libssl_dep.found()
openssl_dep = [libcrypto_dep, libssl_dep]
backends += ['openssl']
endif
endif
if backends.contains('openssl')
+ if ['darwin', 'ios'].contains(host_system)
+ security_dep = dependency('appleframeworks', modules : ['Security'])
+ elif ['windows'].contains(host_system)
+ crypt32_dep = cc.find_library('crypt32')
+ endif
+
subdir('tls/openssl')
endif
+# The OpenSSL backend is provided for systems where licensing considerations
+# prohibit use of certain dependencies of GnuTLS. General-purpose Linux distros
+# should leave it disabled. Please don't second-guess our defaults.
option('gnutls', type: 'feature', value: 'auto', description: 'support for GnuTLS networking configration')
option('openssl', type: 'feature', value: 'disabled', description: 'support for OpenSSL networking configration')
option('libproxy', type: 'feature', value: 'auto', description: 'support for libproxy proxy configration')
proxy/libproxy/glibproxyresolver.c
tls/base/gtlsconnection-base.c
-tls/base/gtlsinputstream-base.c
-tls/base/gtlsoutputstream-base.c
+tls/base/gtlsinputstream.c
+tls/base/gtlsoutputstream.c
tls/gnutls/gtlscertificate-gnutls.c
tls/gnutls/gtlsclientconnection-gnutls.c
tls/gnutls/gtlsconnection-gnutls.c
tls/gnutls/gtlsdatabase-gnutls.c
-tls/gnutls/gtlsinputstream-gnutls.c
-tls/gnutls/gtlsoutputstream-gnutls.c
+tls/gnutls/gtlsfiledatabase-gnutls.c
tls/gnutls/gtlsserverconnection-gnutls.c
tls/openssl/gtlscertificate-openssl.c
tls/openssl/gtlsclientconnection-openssl.c
tls/openssl/gtlsconnection-openssl.c
+tls/openssl/gtlsdatabase-openssl.c
+tls/openssl/gtlsfiledatabase-openssl.c
tls/openssl/gtlsserverconnection-openssl.c
-# Ihar Hrachyshka <ihar.hrachyshka@gmail.com>, 2011.
-# Kasia Bondarava <kasia.bondarava@gmail.com>, 2012.
-# Yuras Shumovich <shumovichy@gmail.com>, 2017.
msgid ""
msgstr ""
-"Project-Id-Version: glib-networking master\n"
+"Project-Id-Version: 98e6872775a91bf27122ff608b6db605\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2018-07-27 21:02+0000\n"
-"PO-Revision-Date: 2018-09-06 16:45+0300\n"
-"Last-Translator: Yuras Shumovich <shumovichy@gmail.com>\n"
-"Language-Team: Belarusian <i18n-bel-gnome@googlegroups.com>\n"
-"Language: be\n"
+"POT-Creation-Date: 2020-07-07 13:28+0000\n"
+"PO-Revision-Date: 2021-01-12 14:10\n"
+"Last-Translator: Zander Brown <zbrown@gnome.org>\n"
+"Language-Team: Belarusian\n"
+"Language: be_BY\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
+"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Poedit 2.1.1\n"
-"X-Project-Style: gnome\n"
+"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || n%10>=5 && n%10<=9 || n%100>=11 && n%100<=14 ? 2 : 3);\n"
+"X-Generator: Gtranslator 3.36.0\n"
+"X-Crowdin-Project: 98e6872775a91bf27122ff608b6db605\n"
+"X-Crowdin-Project-ID: 2\n"
+"X-Crowdin-Language: be\n"
+"X-Crowdin-File: /master/sources/glib-networking/en_GB.po\n"
+"X-Crowdin-File-ID: 98\n"
#: proxy/libproxy/glibproxyresolver.c:159
msgid "Proxy resolver internal error."
-msgstr "Унутраная памылка распазнавальніка проксі-сервера."
+msgstr "Унутраная памылка распазнавальніка проксі."
-#: tls/gnutls/gtlscertificate-gnutls.c:182
+#: tls/base/gtlsconnection-base.c:544 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "Злучэнне закрыта"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:618
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Немагчыма выканаць аперацыю блакавання падчас вітання TLS"
+
+#: tls/base/gtlsconnection-base.c:683 tls/base/gtlsconnection-base.c:1225
+msgid "Socket I/O timed out"
+msgstr "Тэрмін чакання уводу/вываду з сокета сыйшоў"
+
+#: tls/base/gtlsconnection-base.c:851
+msgid "Server required TLS certificate"
+msgstr "Сервер запатрабаваў сертыфікат TLS"
+
+#: tls/base/gtlsconnection-base.c:1449
+msgid "Peer does not support safe renegotiation"
+msgstr "Вузел не падтрымлівае бяспечнае пераўзгадненне"
+
+#: tls/base/gtlsconnection-base.c:1593 tls/gnutls/gtlsconnection-gnutls.c:347
+#: tls/openssl/gtlsconnection-openssl.c:189
+#: tls/openssl/gtlsconnection-openssl.c:484
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Непрыдатны сертыфікат TLS"
+
+#: tls/base/gtlsconnection-base.c:2059
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Атрыманыя сцягі не падтрымліваюцца"
+
+#: tls/base/gtlsconnection-base.c:2211
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Сцягі не падтрымліваюцца"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:170
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Не ўдалося разабраць DER-сертыфікат: %s"
+msgstr "Не атрымалася разабраць сертыфікат DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:203
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:190
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Не ўдалося разабраць PEM-сертыфікат: %s"
+msgstr "Не атрымалася разабраць сертыфікат PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:209
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Не ўдалося разабраць прыватны DER-ключ: %s"
+msgstr "Не атрымалася разабраць асабісты ключ DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:265
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:228
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Не ўдалося разабраць прыватны PEM-ключ: %s"
+msgstr "Не атрымалася разабраць асабісты ключ PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:304
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:263
msgid "No certificate data provided"
msgstr "Даныя сертыфіката не пададзеныя"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:447
-msgid "Server required TLS certificate"
-msgstr "Сервер запатрабаваў TLS-сертыфікат"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:398
+#: tls/gnutls/gtlsconnection-gnutls.c:139
+#: tls/gnutls/gtlsconnection-gnutls.c:157
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:482
#, c-format
msgid "Could not create TLS connection: %s"
-msgstr "Не ўдалося стварыць TLS-злучэнне: %s"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:711
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
-msgid "Connection is closed"
-msgstr "Злучэнне закрыта"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:828
-#: tls/gnutls/gtlsconnection-gnutls.c:1432
-msgid "Socket I/O timed out"
-msgstr "Тэрмін чакання уводу/вываду з сокета вычарпаны"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:973
-#: tls/gnutls/gtlsconnection-gnutls.c:1006
-msgid "Peer failed to perform TLS handshake"
-msgstr "Суразмоўцу не ўдалося выканаць вітанне TLS"
+msgstr "Не атрымалася стварыць злучэнне TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:991
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Суразмоўца запытаў забароненае паўторнае вітанне TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:291
+#: tls/gnutls/gtlsconnection-gnutls.c:302
+#: tls/gnutls/gtlsconnection-gnutls.c:316
+#: tls/openssl/gtlsconnection-openssl.c:156
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "У вузла не атрымалася выканаць вітанне TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1012
+#: tls/gnutls/gtlsconnection-gnutls.c:324
msgid "TLS connection closed unexpectedly"
-msgstr "TLS-злучэнне нечакана закрылася"
+msgstr "Злучэнне TLS нечакана закрылася"
-#: tls/gnutls/gtlsconnection-gnutls.c:1022
+#: tls/gnutls/gtlsconnection-gnutls.c:339
+#: tls/openssl/gtlsconnection-openssl.c:181
msgid "TLS connection peer did not send a certificate"
-msgstr "Ð\9fаÑ\80Ñ\82нÑ\91Ñ\80 па TLS-злÑ\83Ñ\87Ñ\8dннÑ\96 не паÑ\81лаў сертыфікат"
+msgstr "Ð\92Ñ\83зел, з Ñ\8fкÑ\96м наладжваеÑ\86Ñ\86а злÑ\83Ñ\87Ñ\8dнне TLS, не адпÑ\80авÑ\96ў сертыфікат"
-#: tls/gnutls/gtlsconnection-gnutls.c:1028
+#: tls/gnutls/gtlsconnection-gnutls.c:355
#, c-format
msgid "Peer sent fatal TLS alert: %s"
-msgstr "СÑ\83Ñ\80азмоÑ\9eÑ\86а паведамлÑ\8fе пÑ\80а памÑ\8bлкÑ\83 TLS: %s"
+msgstr "Ð\92Ñ\83зел адпÑ\80авÑ\96Ñ\9e Ñ\84аÑ\82алÑ\8cнае апавÑ\8fÑ\88Ñ\87Ñ\8dнне TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1040
+#: tls/gnutls/gtlsconnection-gnutls.c:365
msgid "Protocol version downgrade attack detected"
-msgstr "Ð\92Ñ\8bÑ\8fÑ\9eлена аÑ\82ака панÑ\96жÑ\8dннÑ\8f веÑ\80Ñ\81Ñ\96Ñ\96 пÑ\80аÑ\82акола"
+msgstr "Ð\92Ñ\8bÑ\8fÑ\9eлена аÑ\82ака на аÑ\81нове панÑ\96жÑ\8dннÑ\8f веÑ\80Ñ\81Ñ\96Ñ\96 пÑ\80аÑ\82аколÑ\83"
-#: tls/gnutls/gtlsconnection-gnutls.c:1047
+#: tls/gnutls/gtlsconnection-gnutls.c:374
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
-msgstr[0] ""
-"Паведамленне задоўгае для DTLS злучэння; дапускаецца не больш за %u байт"
-msgstr[1] ""
-"Паведамленне задоўгае для DTLS злучэння; дапускаецца не больш за %u байты"
-msgstr[2] ""
-"Паведамленне задоўгае для DTLS злучэння; дапускаецца не больш за %u байтаў"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1054
+msgstr[0] "Паведамленне задоўгае для злучэння DTLS; дапускаецца не больш за %u байт"
+msgstr[1] "Паведамленне задоўгае для злучэння DTLS; дапускаецца не больш за %u байты"
+msgstr[2] "Паведамленне задоўгае для злучэння DTLS; дапускаецца не больш за %u байтаў"
+msgstr[3] "Паведамленне задоўгае для злучэння DTLS; дапускаецца не больш за %u байтаў"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:383
msgid "The operation timed out"
-msgstr "Тэрмін чакання аперацыі вычарпаны"
+msgstr "Тэрмін чакання аперацыі сыйшоў"
-#: tls/gnutls/gtlsconnection-gnutls.c:1820
-msgid "Peer does not support safe renegotiation"
-msgstr "Суразмоўца не падтрымлівае бяспечнае пераўзгадненне."
+#: tls/gnutls/gtlsconnection-gnutls.c:715
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Падчас выканання вітання TLS адбылася памылка: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1847
-#: tls/gnutls/gtlsconnection-gnutls.c:1899
+#: tls/gnutls/gtlsconnection-gnutls.c:818
+#: tls/openssl/gtlsconnection-openssl.c:427
+#: tls/openssl/gtlsconnection-openssl.c:477
msgid "Error performing TLS handshake"
-msgstr "Ð\9fамÑ\8bлка вÑ\8bкананнÑ\8f вÑ\96Ñ\82аннÑ\8f TLS"
+msgstr "Ð\9fадÑ\87аÑ\81 вÑ\8bкананнÑ\8f вÑ\96Ñ\82аннÑ\8f TLS адбÑ\8bлаÑ\81Ñ\8f памÑ\8bлка"
-#: tls/gnutls/gtlsconnection-gnutls.c:1909
-msgid "Server did not return a valid TLS certificate"
-msgstr "Сервер не вярнуў правільнага TLS-сертыфіката"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1991
-msgid "Unacceptable TLS certificate"
-msgstr "Непрымальны TLS-сертыфікат"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2264
-#: tls/gnutls/gtlsconnection-gnutls.c:2356
+#: tls/gnutls/gtlsconnection-gnutls.c:867
+#: tls/gnutls/gtlsconnection-gnutls.c:927
+#: tls/openssl/gtlsconnection-openssl.c:588
msgid "Error reading data from TLS socket"
-msgstr "Памылка чытання даных з TLS-сокета"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2386
-#, c-format
-msgid "Receive flags are not supported"
-msgstr "Атрыманыя сцяжкі не падтрымліваюцца"
+msgstr "Падчас чытання даных з сокета TLS адбылася памылка"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2463
-#: tls/gnutls/gtlsconnection-gnutls.c:2535
+#: tls/gnutls/gtlsconnection-gnutls.c:949
+#: tls/gnutls/gtlsconnection-gnutls.c:1013
+#: tls/openssl/gtlsconnection-openssl.c:632
msgid "Error writing data to TLS socket"
-msgstr "Ð\9fамÑ\8bлка запÑ\96Ñ\81Ñ\83 данÑ\8bÑ\85 Ñ\83 TLS-Ñ\81океÑ\82"
+msgstr "Ð\9fадÑ\87аÑ\81 запÑ\96Ñ\81Ñ\83 данÑ\8bÑ\85 Ñ\83 Ñ\81океÑ\82 TLS адбÑ\8bлаÑ\81Ñ\8f памÑ\8bлка"
-#: tls/gnutls/gtlsconnection-gnutls.c:2505
+#: tls/gnutls/gtlsconnection-gnutls.c:983
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
-msgstr[0] "Паведамленне памеру %lu байт задоўгае для DTLS злучэння"
-msgstr[1] "Паведамленне памеру %lu байты задоўгае для DTLS злучэння"
-msgstr[2] "Паведамленне памеру %lu байтаў задоўгае для DTLS злучэння"
+msgstr[0] "Паведамленне памеру %lu байт задоўгае для злучэння DTLS"
+msgstr[1] "Паведамленне памеру %lu байты задоўгае для злучэння DTLS"
+msgstr[2] "Паведамленне памеру %lu байтаў задоўгае для злучэння DTLS"
+msgstr[3] "Паведамленне памеру %lu байтаў задоўгае для злучэння DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2507
+#: tls/gnutls/gtlsconnection-gnutls.c:985
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(максімум %u байт)"
msgstr[1] "(максімум %u байты)"
msgstr[2] "(максімум %u байтаў)"
+msgstr[3] "(максімум %u байтаў)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2566
+#: tls/gnutls/gtlsconnection-gnutls.c:1032
#, c-format
-msgid "Send flags are not supported"
-msgstr "Сцяжкі не падтрымліваюцца"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2669
-msgid "Error performing TLS close"
-msgstr "Памылка закрыцця TLS-злучэння"
+msgid "Error performing TLS close: %s"
+msgstr "Падчас закрыцця злучэння TLS адбылася памылка: %s"
#: tls/gnutls/gtlsdatabase-gnutls.c:553
-msgid ""
-"Failed to load system trust store: GnuTLS was not configured with a system "
-"trust"
-msgstr ""
-"Не ўдалося загрузіць сістэмнае даверанае сховішча: GnuTLS настроены без "
-"сістэмнага даверанага сховішча"
+msgid "Failed to load system trust store: GnuTLS was not configured with a system trust"
+msgstr "Не атрымалася загрузіць сховішча сістэмнага даверу: GnuTLS наладжаны без сістэмнага даверанага сховішча"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:558 tls/openssl/gtlsdatabase-openssl.c:187
#, c-format
msgid "Failed to load system trust store: %s"
-msgstr "Не ўдалося загрузіць сістэмнае даверанае сховішча: %s"
+msgstr "Не атрымалася загрузіць сховішча сістэмнага даверу: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/gnutls/gtlsserverconnection-gnutls.c:122
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
-msgstr "СеÑ\80Ñ\82Ñ\8bÑ\84Ñ\96каÑ\82 не мае закÑ\80Ñ\8bтага ключа"
+msgstr "СеÑ\80Ñ\82Ñ\8bÑ\84Ñ\96каÑ\82 не мае аÑ\81абÑ\96Ñ\81тага ключа"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "Гэта апошні шанец увесці правільны PIN-код да блакіравання доступу."
+#: tls/openssl/gtlsclientconnection-openssl.c:311
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:347
+#: tls/openssl/gtlsserverconnection-openssl.c:415
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не атрымалася стварыць кантэкст TLS: %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Вы некалькі разоў уводзілі хібны PIN-код, і калі вы працягнеце ўводзіць "
-"хібны PIN-код, дык будзеце заблакіраваны."
+#: tls/openssl/gtlsclientconnection-openssl.c:326
+#: tls/openssl/gtlsserverconnection-openssl.c:362
+#, c-format
+#| msgid "Could not parse PEM certificate: %s"
+msgid "Could not set MAX protocol to %ld: %s"
+msgstr "Не атрымалася вызначыць максімальны пратакол %ld: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:197
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Непрыдатны сертыфікат паўнамоцтваў TLS"
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "УведзенÑ\8b нÑ\8fпÑ\80авÑ\96лÑ\8cнÑ\8b PIN-код."
+#: tls/openssl/gtlsconnection-openssl.c:205
+msgid "Digest too big for RSA key"
+msgstr "Ð\97анадÑ\82а вÑ\8fлÑ\96кÑ\96 дайджÑ\8dÑ\81Ñ\82 длÑ\8f клÑ\8eÑ\87а RSA"
-#: tls/pkcs11/gpkcs11slot.c:447
-msgid "Module"
-msgstr "Ð\9cодÑ\83лÑ\8c"
+#: tls/openssl/gtlsconnection-openssl.c:213
+msgid "Secure renegotiation is disabled"
+msgstr "Ð\91Ñ\8fÑ\81пеÑ\87нае Ñ\9eзгадненне адклÑ\8eÑ\87ана"
-#: tls/pkcs11/gpkcs11slot.c:448
-msgid "PKCS#11 Module Pointer"
-msgstr "Паказальнік модуля PKCS#11"
+#: tls/openssl/gtlsconnection-openssl.c:234
+#, c-format
+#| msgid "Connection is closed"
+msgid "%s: The connection is broken"
+msgstr "%s: злучэнне хібнае"
-#: tls/pkcs11/gpkcs11slot.c:455
-msgid "Slot ID"
-msgstr "Ð\86дÑ\8dнÑ\82Ñ\8bÑ\84Ñ\96каÑ\82аÑ\80 Ñ\81лоÑ\82а"
+#: tls/openssl/gtlsconnection-openssl.c:669
+msgid "Error performing TLS close"
+msgstr "Ð\9fадÑ\87аÑ\81 закÑ\80Ñ\8bÑ\86Ñ\86Ñ\8f злÑ\83Ñ\87Ñ\8dннÑ\8f TLS адбÑ\8bлаÑ\81Ñ\8f памÑ\8bлка"
-#: tls/pkcs11/gpkcs11slot.c:456
-msgid "PKCS#11 Slot Identifier"
-msgstr "Ідэнтыфікатар слота PKCS#11"
+#: tls/openssl/gtlsdatabase-openssl.c:227
+msgid "Could not create CA store"
+msgstr "Не атрымалася стварыць сховішча сертыфікатаў"
+
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+#| msgid "Failed to load system trust store: %s"
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Не атрымалася запоўніць спіс давераных рэсурсаў з %s: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Узнікла праблема з асабістым ключом сертыфіката: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Узнікла праблема з сертыфікатам: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Peer requested illegal TLS rehandshake"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Failed to load file path: %s"
#~ msgid "Operation would block"
-#~ msgstr "Аперацыя будзе заблакіравана"
+#~ msgstr "Operation would block"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Server did not return a valid TLS certificate"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "The PIN entered is incorrect."
+
+#~ msgid "Module"
+#~ msgstr "Module"
+
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
+
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
+
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"
#~ msgid "Connection is already closed"
-#~ msgstr "Злучэнне ўжо закрыта"
+#~ msgstr "Connection is already closed"
+
# This file is distributed under the same license as the glib-networking package.
# David Planella <david.planella@gmail.com>, 2011, 2012.
# Gil Forcada <gilforcada@guifi.net>, 2012.
-#
+# Jordi Mas <jmas@softcatala.org>, 2020-2021
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-02-03 13:01+0000\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
"PO-Revision-Date: 2018-07-01 08:56+0200\n"
-"Last-Translator: Gil Forcada <gilforcada@guifi.net>\n"
+"Last-Translator: Jordi Mas <jmas@softcatala.org>\n"
"Language-Team: Catalan <gnome-dl@llistes.softcatala.org>\n"
"Language: ca\n"
"MIME-Version: 1.0\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Poedit 2.0.6\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr ""
"S'ha produït un error intern al sistema de resolució del servidor "
"intermediari."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "La connexió està tancada"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "L'operació bloquejaria"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "No es pot dur a terme una operació de bloqueig durant l'encaixada TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "S'ha excedit el temps d'espera d'entrada/sortida del sòcol"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "El servidor requereix un certificat TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"L'encaixada no ha finalitzat, encara no hi ha informació d'enllaç de canal"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+"L'altre extrem de la connexió no és compatible amb una negociació segura"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "No es pot acceptar el certificat TLS"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Els senyaladors de recepció no són compatibles"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Els senyaladors d'enviament no són compatibles"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "No s'ha pogut analitzar el certificat DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "No s'ha pogut analitzar el certificat PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "No s'ha pogut analitzar la clau privada DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "No s'ha pogut analitzar la clau privada PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "No s'han pogut importar l'URI del certificat PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "No s'ha proporcionat cap dada per al certificat"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:537
-#: tls/openssl/gtlsserverconnection-openssl.c:401
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "No s'ha pogut crear una connexió TLS: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "No es pot verificar la identitat del parell del tipus %s inesperat"
-#: tls/gnutls/gtlsconnection-gnutls.c:858
-#: tls/gnutls/gtlsconnection-gnutls.c:1468
-msgid "Socket I/O timed out"
-msgstr "S'ha excedit el temps d'espera d'entrada/sortida del sòcol"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "No s'ha pogut crear una connexió TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
-#: tls/gnutls/gtlsconnection-gnutls.c:1036
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "No s'ha pogut crear una connexió TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/openssl/gtlsconnection-openssl.c:234
-msgid "Peer requested illegal TLS rehandshake"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
msgstr ""
-"L'altre extrem de la connexió ha sol·licitat una reencaixada TLS no vàlida"
+"L'altre extrem de la connexió no ha pogut realitzar l'encaixada TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1042
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "La connexió TLS s'ha tancat de manera inesperada"
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:171
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "L'altre extrem de la connexió TLS no ha enviat cap certificat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
-#: tls/gnutls/gtlsconnection-gnutls.c:2160
-#: tls/openssl/gtlsconnection-openssl.c:416
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "No es pot acceptar el certificat TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "L'altre extrem de la connexió ha enviat una alerta fatal TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1076
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Atacat de rebaixa de la versió de protocol detectat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] ""
"El missatge és massa gran per a una connexió DTLS; el màxim és %u bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "L'operació ha excedit el temps"
-#: tls/gnutls/gtlsconnection-gnutls.c:1981
-msgid "Peer does not support safe renegotiation"
-msgstr "L'altre extrem de la connexió no és compatible amb una negociació segura"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2008
-#: tls/gnutls/gtlsconnection-gnutls.c:2058
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "S'ha produït un error en realitzar l'encaixada TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2510
-#: tls/gnutls/gtlsconnection-gnutls.c:2602
-msgid "Error reading data from TLS socket"
-msgstr "S'ha produït un error en llegir les dades del sòcol TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+#| msgid ""
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
+"El tipus d'enllaç del canal no està implementat a la biblioteca "
+"TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Els senyaladors de recepció no són compatibles"
+msgid "Channel binding data is not yet available"
+msgstr ""
+"Les dades d'enllaç del canal encara no estan disponibles"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "El certificat X.509 no està disponible a la connexió"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"El certificat X.509 no està disponible o és d'un format desconegut: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "No s'ha pogut obtenir l'algoritme de signatura de certificat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"El certificat X.509 actual utilitza un algoritme de signatura desconegut o "
+"no admès"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "No s'ha implementat el tipus de vinculació de canal sol·licitada"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "S'ha produït un error en llegir les dades del sòcol TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2709
-#: tls/gnutls/gtlsconnection-gnutls.c:2781
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "S'ha produït un error en escriure les dades al sòcol TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "El missatge de mida %lu byte és massa gran per a la connexió DTLS"
msgstr[1] "El missatge de mida %lu bytes és massa gran per a la connexió DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(el màxim és %u byte)"
msgstr[1] "(el màxim és %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Els senyaladors d'enviament no són compatibles"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2915
-msgid "Error performing TLS close"
-msgstr "S'ha produït un error en realitzar el tancament TLS"
+msgid "Error performing TLS close: %s"
+msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr ""
-"S'ha produït un error en carregar l'emmagatzematge del sistema de confiança: "
-"GnuTLS no està configurat amb un sistema de confiança"
+"S'ha produït un error en carregar l'emmagatzematge del sistema de confiança:"
+" GnuTLS no està configurat amb un sistema de confiança"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr ""
-"S'ha produït un error en carregar l'emmagatzematge del sistema de confiança: "
-"%s"
+"S'ha produït un error en carregar l'emmagatzematge del sistema de confiança:"
+" %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:328
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr ""
+"S'ha produït un error en emplenar la llista del sistema de confiança des de "
+"%s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "El certificat no té cap clau privada"
-#: tls/openssl/gtlsclientconnection-openssl.c:486
-#: tls/openssl/gtlsserverconnection-openssl.c:292
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "No s'ha pogut establir de la llista de xifratge TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "No s'ha pogut establir el protocol MAX a %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "No s'ha pogut crear un context TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:179
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "No es pot acceptar l'autoritat del certificat TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Resum massa gran per la clau RSA"
-#: tls/openssl/gtlsconnection-openssl.c:243
-#: tls/openssl/gtlsconnection-openssl.c:376
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "La renegociació segura està inhabilitada"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "S'ha produït un error en realitzar l'encaixada TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: la connexió està trencada"
-#: tls/openssl/gtlsconnection-openssl.c:386
-msgid "Server did not return a valid TLS certificate"
-msgstr "El servidor no ha retornat un certificat TLS vàlid"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Les dades de vinculació del canal tls-unique no estan disponibles"
-#: tls/openssl/gtlsconnection-openssl.c:500
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "S'ha produït un error en llegir les dades del sòcol TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "El certificat X.509 no està disponible a la connexió"
-#: tls/openssl/gtlsconnection-openssl.c:526
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "S'ha produït un error en escriure les dades al sòcol TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "No s'ha pogut generar el resum del certificat X.509"
-#: tls/openssl/gtlsconnection-openssl.c:552
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "S'ha produït un error en realitzar el tancament TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "La connexió TLS no admet la funcionalitat TLS-Exporter"
+
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr ""
+"S'ha produït un error inesperat mentre s'exportaven les dades de la clau"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "S'ha produït un error en realitzar el tancament TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "No s'han pogut obtenir les àncores de confiança del clauer"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "No s'ha pogut crear un emmagatzematge CA"
-#: tls/openssl/gtlsserverconnection-openssl.c:335
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Hi ha un problema amb el certificat de la clau privada: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:344
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Hi ha un problema amb el certificat: %s"
# Czech translation for glib-networking.
# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
-# Marek Černocký <marek@manet.cz>, 2011, 2012, 2017, 2018, 2019.
+# Marek Černocký <marek@manet.cz>, 2011, 2012, 2017, 2018, 2019, 2020, 2021.
#
msgid ""
msgstr ""
-"Project-Id-Version: glib-networking master\n"
+"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-03 21:03+0100\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-08-17 14:05+0200\n"
"Last-Translator: Marek Černocký <marek@manet.cz>\n"
"Language-Team: čeština <gnome-cs-list@gnome.org>\n"
"Language: cs\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
"X-Generator: Gtranslator 2.91.7\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Interní chyba zjišťování adres přes proxy."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Připojení je uzavřeno"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Operace by blokovala"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Během vyjednávání spojení TLS nelze provést blokující operaci"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Vypršel časový limit V/V operace soketu"
+
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Server požaduje certifikát TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Doposud probíhá dohadování, zatím nejsou žádné informace o navázání kanálů"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Protějšek nepodporuje bezpečné opětovné vyjednávání"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nepřijatelný certifikát TLS"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Příznaky příjmu nejsou podporované"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Příznaky odesílání nejsou podporované"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Nelze zpracovat certifikát DER: %s"
+msgstr "Nezdařilo se zpracovat certifikát DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Nelze zpracovat certifikát PEM: %s"
+msgstr "Nezdařilo se zpracovat certifikát PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Nelze zpracovat soukromý klíč DER: %s"
+msgstr "Nezdařilo se zpracovat soukromý klíč DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Nelze zpracovat soukromý klíč PEM: %s"
+msgstr "Nezdařilo se zpracovat soukromý klíč PEM: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nezdařilo se naimportovat URI certifikátu PKCS #11: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Nebyla poskytnuta žádná data certifikátu"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Nelze vytvořit připojení TLS: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Nezdařilo se ověřit identitu protějšu neočekávaného typu %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Během vyjednávání spojení TLS nelze provést blokující operaci"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "Nezdařilo se vytvořit připojení TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Vypršel časový limit V/V operace soketu"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Protějšek selhal při navazování spojení TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nezdařilo se vytvořit připojení TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Protějšek požadoval neplatné znovunavázání spojení TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Protějšek selhal při navazování spojení TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "Připojení TLS bylo neočekávaně zavřeno"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Protějšek připojení TLS neposlal certifikát"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Nepřijatelný certifikát TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Protějšek zaslal kritické varování TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Zjištěn útok pomocí snížení verze protokolu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] "Zpráva je příliš velká pro připojení DTLS; maximum jsou %u bajty"
msgstr[2] "Zpráva je příliš velká pro připojení DTLS; maximum je %u bajtů"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Vypršel časový limit operace"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Protějšek nepodporuje bezpečné opětovné vyjednávání"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Chyba při vyjednávání spojení TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Chyba při vyjednávání spojení TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Chyba při čtení dat ze soketu TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Typ navázání kanalů není v knihovně TLS implementován"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Příznaky příjmu nejsou podporované"
+msgid "Channel binding data is not yet available"
+msgstr "Data navázání kanálů nejsou zatím k dispozici"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Certifikát X.509 není u tohoto připojení dostupný"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Certifikát X.509 není dostupný nebo má neznámý formát: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nelze získat algoritmus pro podpis certifikátu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Aktuální certifikát X.509 používá neznámý nebo nepodporovaný algoritmus pro "
+"podpisy."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Požadovaný typ navázání kanálů není implementován"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Chyba při čtení dat ze soketu TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Chyba při zápisu dat do soketu TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] "Zpráva o velikosti %lu bajty je příliš velká pro připojení DTLS"
msgstr[2] "Zpráva o velikosti %lu bajtů je příliš velká pro připojení DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(maximum jsou %u bajty)"
msgstr[2] "(maximum je %u bajtů)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Příznaky odesílání nejsou podporované"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Chyba při zavírání TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Chyba při zavírání TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Selhalo načtení úložiště systému důvěry: GnuTLS není nastavené pro systém "
"důvěry"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Selhalo načtení úložiště systému důvěry: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Selhalo naplnění seznamu důvěry z %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Certifikát nemá soukromý klíč"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nezdařilo se nastavit seznam šifer TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nezdařilo se nastavit protokol MAX na %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Nezdařilo se vytvořit kontext TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Nepřijatelná certifikační autorita TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Haš je pro klíč RSA příliš velký"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Bezpečné opětovné vyjednávání je zakázané"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Chyba při vyjednávání spojení TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Spojení je přerušeno"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server nevrátil platný certifikát TLS"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Data návázání kanálů tls-unique nejsou dostupná"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Chyba při čtení dat ze soketu TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Certifikát X.509 není u tohoto připojení dostupný"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Chyba při zápisu dat do soketu TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Selhalo vygenerování haše k certifikátu X.509"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Chyba při zavírání TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "Připojení TLS nepodporuje funkci TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:781
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Je zde problém s certifikátem: %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Neočekávaná chyba při exportu dat klíčů"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Chyba při zavírání TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nezdařilo se získat důvěryhodnou kotvu z řetězce klíčů"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Nezdařilo se vytvořit úložiště CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Je zde problém se soukromým klíčem certifikátu: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Je zde problém s certifikátem: %s"
+
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-02-14 20:11+0100\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-08-28 11:45+0200\n"
"Last-Translator: Alan Mortensen <alanmortensen.am@gmail.com>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
"Language: da\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.0.6\n"
+"X-Generator: Poedit 2.3\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Intern fejl i proxy-opløser."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Forbindelsen er lukket"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Forbindelsen ville blokere"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Kan ikke udføre en blokerende operation under TLS-forhandling"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Tidsudløb for sokkel-I/O"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Server kræver et TLS-certifikat"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Forhandling er ikke færdig. Endnu ingen kanalbindingsinformation"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Modpart understøtter ikke sikker genforhandling"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Uacceptabelt TLS-certifikat"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Modtagelsesflag understøttes ikke"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Sendeflag understøttes ikke"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Kunne ikke fortolke DER-certifikat: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Kunne ikke fortolke PEM-certifikat: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Kunne ikke fortolke privat nøgle for DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Kunne ikke fortolke privat nøgle for PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Kunne ikke importere PKCS #11-certifikat-URI: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Ingen certifikatdata angivet"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Kunne ikke oprette TLS-forbindelse: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Kan ikke udføre en blokerende operation under TLS-forhandling: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Kan ikke bekræfte peeridentiteten af uventet type %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Tidsudløb i sokkel-I/O"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "Kunne ikke oprette TLS-forbindelse:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Modpart mislykkedes i at udføre TLS-forhandling"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kunne ikke oprette TLS-forbindelse: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Modpart forspurgte illegalt TLS-genforhandling"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Modpart mislykkedes i at udføre TLS-forhandling: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "TLS-forbindelse lukkede uventet ned"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS-modpart sendte ikke noget certifikat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Uacceptabelt TLS-certifikat"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Peer sendte fatal TLS-alarm: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Detekterede angreb baseret på nedgradering af protokolversion"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Meddelelsen er for lang til DTLS-forbindelse; maksimum er %u byte"
msgstr[1] "Meddelelsen er for lang til DTLS-forbindelse; maksimum er %u byte"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Tidsudløb under operation"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Modpart understøtter ikke sikker genforhandling"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fejl under udførsel af TLS-forhandling: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Fejl under udførsel af TLS-forhandling: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Fejl under læsning af data fra TLS-sokkel"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanalbindingstypen er ikke implementeret i TLS-biblioteket"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Modtagelsesflag understøttes ikke"
+msgid "Channel binding data is not yet available"
+msgstr "Kanalbindingsdata er ikke tilgængelig"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509-certifikat er ikke tilgængeligt på forbindelsen"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509-certifikat er ikke tilgængeligt eller er af ukendt format: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Kan ikke indhente underskriftsalgoritme for certifikat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Nuværende X.509-certifikat bruger underskriftsalgoritme som er ukendt eller "
+"ikke understøttes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Anmodet kanalbindingstype er ikke implementeret"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Fejl under læsning af data fra TLS-sokkel"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Fejl under skrivning af data til TLS-sokkel"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Meddelelse af størrelse %lu byte er for stor til DTLS-forbindelse"
msgstr[1] "Meddelelse af størrelse %lu byte er for stor til DTLS-forbindelse"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(maksimum er %u byte)"
msgstr[1] "(maksimum er %u byte)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Sendeflag understøttes ikke"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Fejl ved lukning af TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Fejl ved lukning af TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Kunne ikke indlæse systemets “trust store”: GnuTLS blev ikke konfigureret "
"med en system-“trust”"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Kunne ikke indlæse systemets “trust store”: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Kunne ikke udfylde “trust list” fra %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Certifikatet har ingen privat nøgle"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Kunne ikke indstille TLS-chifferliste: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Kunne ikke indstille MAX-protokol til %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Kunne ikke oprette TLS-kontekst: %s"
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Uacceptabel TLS-certifikatmyndighed"
+
# Digest er oversat med digest i Network-modulerne i gnome extra
# https://en.wikipedia.org/wiki/Cryptographic_hash_function
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Digest er for stor til RSA-nøglen"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Fejl under udførsel af TLS-forhandling: %s"
-
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Serveren returnerede ikke et gyldigt TLS-certifikat"
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Sikker genforhandling er deaktiveret"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Fejl under læsning af data fra TLS-sokkel: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Forbindelsen virker ikke"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:678
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Fejl under skrivning af data til TLS-sokkel: %s"
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanalbindingsdataet tls-unique er ikke tilgængelige"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Fejl ved lukning af TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509-certifikat er ikke tilgængeligt på forbindelsen"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Der er et problem med certifikatet: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Kunne ikke generere X.509-certifikatdigest"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "There is a problem with the certificate private key: %s"
-msgstr "Der er et problem med certifikatets private nøgle: %s"
-
-#~ msgid ""
-#~ "This is the last chance to enter the PIN correctly before the token is "
-#~ "locked."
-#~ msgstr ""
-#~ "Dette er sidste chance for at indtaste PIN korrekt, før det "
-#~ "kryptografiske tegn (token) låses."
-
-#~ msgid ""
-#~ "Several PIN attempts have been incorrect, and the token will be locked "
-#~ "after further failures."
-#~ msgstr ""
-#~ "Der er indtastet adskillige forkerte PIN, og det kryptografiske tegn "
-#~ "(token) vil blive låst hvis der sker flere fejl."
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-forbindelse understøtter ikke funktionen TLS-Exporter"
-#~ msgid "The PIN entered is incorrect."
-#~ msgstr "Den indtastede PIN er forkert."
+# Skulle det være keyring?
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Uventet fejl under eksport af nøgledata"
-#~ msgid "Module"
-#~ msgstr "Modul"
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Fejl ved lukning af TLS"
-#~ msgid "PKCS#11 Module Pointer"
-#~ msgstr "PKCS#11-modulpointer"
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Kunne ikke indhente betroede ankre fra Keychain"
-#~ msgid "Slot ID"
-#~ msgstr "Plads-id"
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Kunne ikke oprette CA-lager"
-#~ msgid "PKCS#11 Slot Identifier"
-#~ msgstr "PKCS#11 plads-identifikation"
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Der er et problem med certifikatets private nøgle: %s"
-#~ msgid "Connection is already closed"
-#~ msgstr "Forbindelsen er allerede lukket"
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Der er et problem med certifikatet: %s"
# German translation for glib-networking.
# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
-# Mario Blättermann <mario.blaettermann@gmail.com>, 2011-2013, 2017-2018.
+#
# Christian Kirbach <Christian.Kirbach@gmail.com>, 2011-2012.
# Wolfgang Stöggl <c72578@yahoo.de>, 2011-2012.
-# Tim Sabsch <tim@sabsch.com>, 2019.
+# Mario Blättermann <mario.blaettermann@gmail.com>, 2011-2013, 2017-2018.
+# Tim Sabsch <tim@sabsch.com>, 2019-2020.
+# Philipp Kiemle <philipp.kiemle@gmail.com>, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-05 20:17+0100\n"
-"Last-Translator: Tim Sabsch <tim@sabsch.com>\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-19 22:27+0100\n"
+"Last-Translator: Christian Kirbach <christian.kirbach@gmail.com>\n"
"Language-Team: Deutsch <gnome-de@gnome.org>\n"
"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Poedit 3.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
-msgstr "Interner Fehler in der Auflösung des Proxys."
-
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgstr "Interner Fehler bei der Auflösung durch den Proxy."
+
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Verbindung ist geschlossen"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Operation würde blockieren"
+# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Block-Operation kann nicht während des TLS-Handshakes ausgeführt werden"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Zeitüberschreitung bei Ein-/Ausgabeoperation des Sockets"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Server benötigt ein TLS-Zertifikat"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Handshake nicht beendet, noch keine Informationen über Kanal-Bindung"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Die Gegenstelle unterstützt keine sichere Neuverhandlung"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nicht akzeptables TLS-Zertifikat"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Empfangen von Flags wird nicht unterstützt"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Senden von Flags wird nicht unterstützt"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER-Zertifikat konnte nicht verarbeitet werden: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM-Zertifikat konnte nicht verarbeitet werden: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Geheimer DER-Schlüssel konnte nicht verarbeitet werden: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Geheimer PEM-Schlüssel konnte nicht verarbeitet werden: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PKCS #11-Zertifikats-Adresse konnte nicht importiert werden: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Keine Zertifikatdaten bereitgestellt"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "TLS-Verbindung konnte nicht erstellt werden: %s"
-
-# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
+msgid "Cannot verify peer identity of unexpected type %s"
msgstr ""
-"Block-Operation kann nicht während des TLS-Handshakes ausgeführt werden"
+"Die Identität der Gegenstelle mit dem unerwarteten Typ %s konnte nicht "
+"verifiziert werden"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Zeitüberschreitung bei Ein-/Ausgabeoperation des Sockets"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "TLS-Verbindung konnte nicht erstellt werden:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Gegenstelle scheiterte bei Ausführung der TLS-Begrüßung"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS-Verbindung konnte nicht erstellt werden: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Gegenstelle fragte illegale erneute Begrüßung an"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Gegenstelle scheiterte bei Ausführung des TLS-Handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "TLS-Verbindung wurde unerwartet geschlossen"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Gegenstelle der TLS-Verbindung gab kein gültiges Zertifikat zurück"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Nicht akzeptables TLS-Zertifikat"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Gegenstelle sendete schwerwiegende TLS-Warnung: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Angriff durch Zurücksetzen der Protokollversion entdeckt"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Nachricht ist für DTLS-Verbindung zu groß; Maximum ist %u Byte"
msgstr[1] "Nachricht ist für DTLS-Verbindung zu groß; Maximum ist %u Bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Zeitüberschreitung des Vorgangs"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Die Gegenstelle unterstützt keine sichere Neuverhandlung"
+# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fehler bei der Ausführung des TLS-Handshake: %s"
# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Fehler bei der Ausführung des TLS-Handshake"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanal-Bindungstyp ist nicht in der TLS-Bibliothek implementiert"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Empfangen von Flags wird nicht unterstützt"
+msgid "Channel binding data is not yet available"
+msgstr "Kanal-Bindungsdaten sind noch nicht verfügbar"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509-Zertifikat ist nicht für die Verbindung verfügbar"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Kein X.509-Zertifikat verfügbar, oder unbekanntes Format: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Signaturalgorithmus des Zertifikats konnte nicht ermittelt werden"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Aktuelles X.509-Zertifikat nutzt unbekannten oder nicht unterstützten "
+"Signieralgorithmus"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Der angeforderte Kanal-Bindungstyp ist nicht implementiert"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Fehler beim Schreiben der Daten in den TLS-Socket"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Nachricht der Größe %lu Byte ist für DTLS-Verbindung zu groß"
msgstr[1] "Nachricht der Größe %lu Byte ist für DTLS-Verbindung zu groß"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(Maximum ist %u Byte)"
msgstr[1] "(Maximum ist %u Bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Senden von Flags wird nicht unterstützt"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Fehler beim Schließen der TLS-Verbindung"
+msgid "Error performing TLS close: %s"
+msgstr "Fehler beim Schließen der TLS-Verbindung: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Vertrauenswürdigkeitsspeicher des Systems konnte nicht geladen werden: "
"GnuTLS wurde nicht mit einer Systemvertrauenswürdigkeit eingerichtet"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr ""
"Vertrauenswürdigkeitsspeicher des Systems konnte nicht geladen werden: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Vertrauenswürdigkeitsliste konnte nicht aus %s befüllt werden: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Das Zertifikat hat keinen geheimen Schlüssel"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "TLS-Chiffre-Liste konnte nicht eingestellt werden: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "MAX-Protokoll konnte nicht auf %d eingestellt werden: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "TLS-Kontext konnte nicht erstellt werden: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Nicht akzeptable TLS-Zertifizierungsstelle"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Auszug ist zu groß für RSA-Schlüssel"
-# Handshake ist ein Fachbegriff für den Vorgang der Verbindungsaushandlung
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Sichere Neuverhandlung ist deaktiviert"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Fehler bei der Ausführung des TLS-Handshake: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Die Verbindung ist fehlerhaft"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server gab kein gültiges TLS-Zertifikat zurück"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanal-Bindungstyp tls-unique ist nicht verfügbar"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509-Zertifikat ist nicht für die Verbindung verfügbar"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Fehler beim Schreiben der Daten in den TLS-Socket: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Berechnen der Prüfsumme des X.509-Zertifikats ist fehlgeschlagen"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Fehler beim Schließen der TLS-Verbindung: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-Verbindung unterstützt die TLS-Exporter-Funktion nicht"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Unerwarteter Fehler beim Export der Schlüsselring-Daten"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Fehler beim Schließen der TLS-Verbindung"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr ""
+"Die vertrauenswürdigen Elemente konnten nicht aus der Zertifikatkette "
+"ermittelt werden"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Der Root-Zertifikatspeicher konnte nicht ermittelt werden"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Der CA-Zertifikatspeicher konnte nicht ermittelt werden"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Zertifizierungsstellen-Speicher konnte nicht erstellt werden: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Es besteht ein Problem mit dem Zertifikat: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
-msgstr "Es besteht ein Problem mit dem privaten Schlüssel des Zertifikats: %s"
+msgstr "Es besteht ein Problem mit dem geheimen Schlüssel des Zertifikats: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Gegenstelle fragte illegalen erneuten Handshake an"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Laden der Datei ist fehlgeschlagen in Pfad: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Operation würde blockieren"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Server gab kein gültiges TLS-Zertifikat zurück"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Fehler beim Lesen der Daten aus dem TLS-Socket: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Fehler beim Schreiben der Daten in den TLS-Socket: %s"
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
# Copyright (C) 2011 glib-networking'S COPYRIGHT HOLDER
# This file is distributed under the same licence as the glib-networking package.
# Bruce Cowan <bruce@bcowan.me.uk>, 2011, 2012.
+# Zander Brown <zbrown@gnome.org>, 2019-2021.
+#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2016-08-15 21:53+0000\n"
-"PO-Revision-Date: 2016-09-18 12:18+0200\n"
-"Last-Translator: David King <amigadave@amigadave.com>\n"
-"Language-Team: British English <en@li.org>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-08-03 21:19+0100\n"
+"Last-Translator: Zander Brown <zbrown@gnome.org>\n"
+"Language-Team: English - United Kingdom <en_GB@li.org>\n"
"Language: en_GB\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Virtaal 0.7.1\n"
+"X-Generator: Gtranslator 40.0\n"
-#: proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Proxy resolver internal error."
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "Connection is closed"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Cannot perform blocking operation during TLS handshake"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Socket I/O timed out"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "Server required TLS certificate"
+
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Handshake has not finished, no channel binding information yet"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Peer does not support safe renegotiation"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Unacceptable TLS certificate"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Receive flags are not supported"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Send flags are not supported"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Could not parse DER certificate: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Could not parse PEM certificate: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Could not parse DER private key: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Could not parse PEM private key: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Could not import PKCS #11 certificate URI: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "No certificate data provided"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "Server required TLS certificate"
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Cannot verify peer identity of unexpected type %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS connection:"
+msgstr "Could not create TLS connection:"
-#: tls/gnutls/gtlsconnection-gnutls.c:323
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Could not create TLS connection: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:585
-msgid "Connection is closed"
-msgstr "Connection is closed"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:658
-#: tls/gnutls/gtlsconnection-gnutls.c:1537
-msgid "Operation would block"
-msgstr "Operation would block"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:808
-#: tls/gnutls/gtlsconnection-gnutls.c:847
-msgid "Peer failed to perform TLS handshake"
-msgstr "Peer failed to perform TLS handshake"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:826
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Peer requested illegal TLS rehandshake"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Peer failed to perform TLS handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "TLS connection closed unexpectedly"
-#: tls/gnutls/gtlsconnection-gnutls.c:863
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS connection peer did not send a certificate"
-#: tls/gnutls/gtlsconnection-gnutls.c:1250
-#: tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/gnutls/gtlsconnection-gnutls.c:490
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Peer sent fatal TLS alert: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:500
+msgid "Protocol version downgrade attack detected"
+msgstr "Protocol version downgrade attack detected"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:509
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Message is too large for DTLS connection; maximum is %u byte"
+msgstr[1] "Message is too large for DTLS connection; maximum is %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:518
+msgid "The operation timed out"
+msgstr "The operation timed out"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:870
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Error performing TLS handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1293
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server did not return a valid TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
+msgid "Error performing TLS handshake"
+msgstr "Error performing TLS handshake"
-#: tls/gnutls/gtlsconnection-gnutls.c:1363
-msgid "Unacceptable TLS certificate"
-msgstr "Unacceptable TLS certificate"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+#| msgid ""
+#| "Channel binding type tls-unique is not implemented in the TLS library"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Channel binding type is not implemented in the TLS library"
-#: tls/gnutls/gtlsconnection-gnutls.c:1571
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Error reading data from TLS socket: %s"
+#| msgid "Channel binding data for tls-unique is not yet available"
+msgid "Channel binding data is not yet available"
+msgstr "Channel binding data is not yet available"
-#: tls/gnutls/gtlsconnection-gnutls.c:1600
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Error writing data to TLS socket: %s"
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 certificate is not available on the connection"
-#: tls/gnutls/gtlsconnection-gnutls.c:1664
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Error performing TLS close: %s"
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 certificate is not available or is of unknown format: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
-msgid "Certificate has no private key"
-msgstr "Certificate has no private key"
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Unable to obtain certificate signature algorithm"
-#: tls/pkcs11/gpkcs11pin.c:111
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
msgstr ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Requested channel binding type is not implemented"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Error reading data from TLS socket"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
+msgid "Error writing data to TLS socket"
+msgstr "Error writing data to TLS socket"
-#: tls/pkcs11/gpkcs11pin.c:113
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Message of size %lu byte is too large for DTLS connection"
+msgstr[1] "Message of size %lu bytes is too large for DTLS connection"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maximum is %u byte)"
+msgstr[1] "(maximum is %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Error performing TLS close: %s"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
msgstr ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Failed to load system trust store: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Failed to populate trust list from %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
+msgid "Certificate has no private key"
+msgstr "Certificate has no private key"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Could not set TLS cipher list: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+#| msgid "Could not set MAX protocol to %ld: %s"
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Could not set MAX protocol to %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Could not create TLS context: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Unacceptable TLS certificate authority"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "Digest too big for RSA key"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Secure renegotiation is disabled"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: The connection is broken"
+
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Channel binding data tls-unique is not available"
+
+#: tls/openssl/gtlsconnection-openssl.c:701
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 Certificate is not available on the connection"
+
+#: tls/openssl/gtlsconnection-openssl.c:747
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Failed to generate X.509 certificate digest"
+
+#: tls/openssl/gtlsconnection-openssl.c:778
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS Connection does not support TLS-Exporter feature"
+
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Unexpected error while exporting keying data"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Error performing TLS close"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Could not get trusted anchors from Keychain"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Could not create CA store"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "There is a problem with the certificate private key: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "There is a problem with the certificate: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Peer requested illegal TLS rehandshake"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Failed to load file path: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Operation would block"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Server did not return a valid TLS certificate"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "The PIN entered is incorrect."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "The PIN entered is incorrect."
-#: tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "Module"
+#~ msgid "Module"
+#~ msgstr "Module"
-#: tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 Module Pointer"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 Module Pointer"
-#: tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "Slot ID"
+#~ msgid "Slot ID"
+#~ msgstr "Slot ID"
-#: tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 Slot Identifier"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 Slot Identifier"
#~ msgid "Connection is already closed"
#~ msgstr "Connection is already closed"
# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
# Jorge González <jorgegonz@svn.gnome.org>, 2011.
-# Daniel Mustieles <daniel.mustieles@gmail.com>, 2011-2019.
+# Daniel Mustieles <daniel.mustieles@gmail.com>, 2011-2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-04 12:05+0100\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-26 17:52+0100\n"
"Last-Translator: Daniel Mustieles <daniel.mustieles@gmail.com>\n"
-"Language-Team: es <gnome-es-list@gnome.org>\n"
-"Language: es\n"
+"Language-Team: Spanish - Spain <gnome-es-list@gnome.org>\n"
+"Language: es_ES\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Gtranslator 3.31.90\n"
+"X-Generator: Gtranslator 41.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Error interno del proxy."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "La conexión está cerrada"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "La operación de bloqueará"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "No se puede bloquear la operación durante la negociación de TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Expiró la E/S del socket"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "El servidor requiere un certificado TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"La negociación no ha terminado, todavía no hay información de vinculación "
+"del canal"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "El par no soporta renegociación segura"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceptable"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "No se soporta recibir opciones"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "No se soporta enviar opciones"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "No se pudo analizar el certificado DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "No se pudo analizar el certificado PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "No se pudo analizar la clave privada DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "No se pudo analizar la clave privada PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "No se pudo importar el URI del certificado PEM: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "No se han proporcionado datos del certificado"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "No se pudo crear la conexión TLS: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-#| msgid "Error performing TLS handshake"
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "No se puede bloquear la operación durante la negociación de TLS"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "No se puede verificar la identidad del par de tipo %s no esperado"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Expiró la E/S del socket"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "No se pudo crear la conexión TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "EL par falló al realizar la negociación TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "No se pudo crear la conexión TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "El par solicitó una renegociación TLS ilegal"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "El par falló al realizar la negociación TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "La conexión TLS se cerró inesperadamente"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "El par de la conexión TLS no envió un certificado"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificado TLS inaceptable"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "El par ha enviado una alerta fatal de TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Detectado ataque de rebaja de versión de protocolo"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] ""
"El mensaje es demasiado largo para una conexión DTLS; el máximo es %u bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "La operación ha agotado su tiempo"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "El par no soporta renegociación segura"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error al realizar la negociación TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Error al realizar la negociación TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Error al leer datos del socket TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
+"La vinculación del tipo del canal no está implementada en la biblioteca de "
+"TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "No se soporta recibir opciones"
+msgid "Channel binding data is not yet available"
+msgstr "La vinculación de datos no está disponible todavía"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "El certificado X.509 no está disponible en la conexión"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"El certificado X.509 no está disponible o tiene un formato desconocido: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "No se pudo obtener el algoritmo de firma del certificado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"El certificado X.509 actual usa ul algoritmo de firma desconocido o no "
+"soportado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "El tipo de vinculación del canal no está implementado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Error al leer datos del socket TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Error al escribir datos en el socket TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] ""
"El mensaje de tamaño %lu bytes es demasiado largo para una conexión DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(el máximo es %u byte)"
msgstr[1] "(el máximo es %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "No se soporta enviar opciones"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Error al cerrar el TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Error al cerrar el TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Falló al cargar el almacén de confianza del sistema: GnuTLS no se ha "
"configurado con un sistema de confianza"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Falló al cargar el almacén de confianza del sistema: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Falló al cargar la lista de confianza desde %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "El certificado no tiene clave privada"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "No se pudo establecer la lista de cifrado TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "No se pudo establecer el protocolo MAX a %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "No se pudo crear el contexto TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoridad del certificado TLS inaceptable"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Resumen demasiado grande para la clave RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Renegociación segura desactivada"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Error al realizar la negociación TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: la conexión está rota"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "El servidor no devolvió un certificado TLS válido"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "La vinculación de datos tls-unique del canal no está disponible"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Error al leer datos del socket TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "El certificado X.509 no está disponible en la conexión"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Error al escribir datos en el socket TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Falló al generar el resumen del certificado X.509"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Error al cerrar el TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "La conexión TLS no soporta la funcionalidad TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Error inesperado al exportar las claves de datos"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Error al cerrar el TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "No se pudieron obtener anclas de confianza desde Keychain"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get root certificate store"
+msgstr "No se pudo obtener el almacén del certificado raíz"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get CA certificate store"
+msgstr "No se pudo obtener el almacén del certificado de la CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "No se pudo crear el almacén de CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Hay un problema con el certificado: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Hay un problema con la clave privada del certificado: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "El par solicitó una renegociación TLS ilegal"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Falló al la ruta del archivo: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "La operación de bloqueará"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "El servidor no devolvió un certificado TLS válido"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Error al leer datos del socket TLS: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Error al escribir datos en el socket TLS: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
#
# Iñaki Larrañaga Murgoitio <dooteo@euskalgnu.org>, 2011, 2012.
# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2013, 2017.
-# Asier Sarasua Garmendia <asier.sarasua@gmail.com>, 2019.
+# Asier Sarasua Garmendia <asiersarasua@ni.eus>, 2019, 2020, 2021.
msgid ""
msgstr "Project-Id-Version: eu\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-08 10:00+0100\n"
-"Last-Translator: Asier Sarasua Garmendia <asier.sarasua@gmail.com>\n"
+"POT-Creation-Date: 2021-12-18 16:29+0000\n"
+"PO-Revision-Date: 2021-12-25 10:00+0100\n"
+"Last-Translator: Asier Sarasua Garmendia <asiersarasua@ni.eus>\n"
"Language-Team: Basque <librezale@librezale.eus>\n"
"Language: eu\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: OmegaT 4.1.5\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Proxyen ebaztailearen barneko errorea."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Konexioa itxi egin da"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Eragiketa blokea daiteke"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ezin izan da blokeo-eragiketa gauzatu TLS diosalean"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "S/Iko socketaren denbora-muga gaindituta"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Zerbitzariak TLS ziurtagiria behar du"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Diosala ez da amaitu ez dago kanal-loturaren informaziorik oraindik"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Parekoak ez du onartzen birnegoziazio segurua"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Onartu gabeko TLS ziurtagiria"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Banderak jasotzea ez dago onartuta"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Banderak bidaltzea ez dago onartuta"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Ezin izan da DER ziurtagiria analizatu: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Ezin izan da PEM ziurtagiria analizatu: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Ezin izan da DER gako pribatua analizatu: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Ezin izan da PEM gako pribatua analizatu: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Ezin izan da PKCS #11 ziurtagiriaren URIa inportatu: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Ez da ziurtagiriaren daturik eman"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Ezin izan da TLS konexioa sortu: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Ezin da espero ez zen %s motatako pareko nortasuna egiaztatu"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Ezin izan da blokeo-eragiketa gauzatu TLS diosalean"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "S/Iko socketaren denbora-muga gaindituta"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Ezin da TLS konexioa sortu:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Parekoak huts egin du TLS diosala lantzean"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ezin izan da TLS konexioa sortu: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Parekoak TLSren diosala ilegala eskatu du"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Parekoak huts egin du TLS diosala gauzatzean: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "TLS konexioa ustekabean itxi da"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS konexioaren parekoak ez du ziurtagiria bidali"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Onartu gabeko TLS ziurtagiria"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Parekoak TLS abisu larria bidali du: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Protokolo-bertsioaren zaharkitze-erasoa detektatu da"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Mezua luzeegia da DTLS konexiorako; gehienekoa %u byte da"
msgstr[1] "Mezua luzeegia da DTLS konexiorako; gehienekoa %u byte dira"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Eragiketak denbora agortu du"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Parekoak ez du onartzen birnegoziazio segurua"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Errorea TLS diosala lantzean: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Errorea TLS diosala lantzean"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Errorea datuak TLS socketetik irakurtzean"
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr "Kanal-loturen daturik ezak adierazten du akatsa bat dagoela TLS liburutegiaren inplementazioan"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Banderak jasotzea ez dago onartuta"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanal-loturaren mota ez dago inplementatuta TLS liburutegian"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "Kanal-loturaren datuak ez daude oraindik eskuragarri"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 ziurtagiria ez dago eskuragarri konexioan"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 ziurtagiria ez dago eskuragarri edo formatu ezezagunekoa da: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Ezin izan da eskuratu ziurtagiriaren sinadura-algoritmoa"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr "Uneko X.509 ziurtagiriak sinadura-algoritmo ezezaguna edo onartzen ez dena erabiltzen du"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Eskatutako kanal-loturaren mota ez dago inplementatuta"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Errorea datuak TLS socketetik irakurtzean"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
msgid "Error writing data to TLS socket"
msgstr "Errorea datuak TLS socketera idaztean"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "%lu byte-ko mezua luzeegia da DTLS konexiorako"
msgstr[1] "%lu byte-ko mezua luzeegia da DTLS konexiorako"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(gehienekoa %u byte da)"
msgstr[1] "(gehienekoa %u byte dira)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
#, c-format
-msgid "Send flags are not supported"
-msgstr "Banderak bidaltzea ez dago onartuta"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Errorea TLSren itxiera lantzean"
+msgid "Error performing TLS close: %s"
+msgstr "Errorea TLSren itxiera lantzean: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr "Huts egin du sistema-konfiantzaren biltegia kargatzeak: GnuTLS ez dago konfiguratuta sistema-konfiantzarekin"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Huts egin du sistema-konfiantzaren biltegia kargatzeak: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Huts egin du fidagarritasun-zerrenda betetzeak%s erabilita: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Ziurtagiriak ez dauka gako pribaturik"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Ezin izan da ezarri TLS zifratze-zerrenda: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Ezin izan da MAX protokoloa ezarri %d honetan: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Ezin izan da TLS testuingurua sortu: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "TLS ziurtagiri-emaile onartezina"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Laburpena handiegia da RSA gakorako"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Birnegoziazio segurua desgaituta dago"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Errorea TLS diosala lantzean: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Konexioa etenda dago"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Zerbitzariak ez du baliozko TLS ziurtagiria itzuli"
+#: tls/openssl/gtlsconnection-openssl.c:660
+#, c-format
+msgid "The request is invalid."
+msgstr "Eskaria baliogabea da."
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:683
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Errorea TLS socketetik datuak irakurtzean: %s"
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanal-loturaren tls-unique datuak ez daude eskuragarri"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:706
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Errorea TLS socketean datuak idaztean: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 ziurtagiria ez dago eskuragarri konexioan"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:752
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Errorea TLSren itxiera lantzean: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Huts egin du X.509 ziurtagiri-laburpena sortzeak"
+
+#: tls/openssl/gtlsconnection-openssl.c:783
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS konexioak ez du onartzen TLS-Exporter eginbidea"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:786
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Ustekabeko errorea gako-datuak esportatzean"
+
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Errorea TLSren itxiera lantzean"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Ezin dira aingura fidagarriak eskuratu Keychain-etik"
+
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Ezin izan da erro-ziurtagirien biltegirik eskuratu"
+
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Ezin izan da CA ziurtagirien biltegirik eskuratu"
+
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Ezin izan da CA biltegia sortu"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Arazoa dago ziurtagiriarekin: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Arazoa dago ziurtagiriaren gako pribatuarekin: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Parekoak legez kanpoko TLS diosala eskatu du"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Huts egin du fitxategi-bidea kargatzeak: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Eragiketa blokea daiteke"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Zerbitzariak ez du baliozko TLS ziurtagiria itzuli"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Errorea TLS socketetik datuak irakurtzean: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Errorea TLS socketean datuak idaztean: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
# Arash Mousavi <mousavi.arash@gmail.com>, 2011, 2013.
+# Danial Behzadi <dani.behzi@ubuntu.com>, 2020.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2017-05-23 15:17+0000\n"
-"PO-Revision-Date: 2017-09-30 00:38+0330\n"
-"Last-Translator: Arash Mousavi <mousavi.arash@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-09-01 16:50+0430\n"
+"Last-Translator: Danial Behzadi <dani.behzi@ubuntu.com>\n"
"Language-Team: Persian\n"
"Language: fa\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Poedit-SourceCharset: utf-8\n"
-"X-Generator: Poedit 2.0.4\n"
+"X-Generator: Poedit 2.4.2\n"
+"Plural-Forms: nplurals=2; plural=(n==0 || n==1);\n"
-#: proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "خطای داخلی تحلیلگر پیشکار."
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "اتصال بسته شده است"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "نمیتوان در طول دستدادن TLS عملیات انسداد انجام داد"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "مهلت سوکت و/خ به سر رسید"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "کارگزار به گواهینامه TLS احتیاج دارد"
+
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "جفت از بازمذاکرهٔ امن پشتیبانی نمیکند"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "گواهینامه TLS غیر قابل پذیرش"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "پرچمهای دریافت پشتیبانی نمیشوند"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "پرچمهای ارسال پشتیبانی نمیشوند"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "تجزیه گواهینامه DER امکانپذیر نبود: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "تجزیه گواهینامه PEM امکانپذیر نبود: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "تجزیه کلید خصوصی DER امکانپذیر نبود: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "تجزیه کلید خصوصی PEM امکانپذیر نبود: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "نتوانست نشانی گواهینامهٔ PKCS #11 را درونریز کند: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "هیچ اطلاعات گواهینامهای ارائه نشده"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "کارگزار به گواهینامه TLS احتیاج دارد"
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "نتوانست اتّصال TLS ایجاد کند:"
-#: tls/gnutls/gtlsconnection-gnutls.c:310
+#: tls/gnutls/gtlsconnection-gnutls.c:208 tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "نمیتوان اتصال TLS ایجاد کرد: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:572
-msgid "Connection is closed"
-msgstr "اتصال بسته شده است"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:645
-#: tls/gnutls/gtlsconnection-gnutls.c:1528
-msgid "Operation would block"
-msgstr "عملیات میتواند بلوکه شود"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:792
-#: tls/gnutls/gtlsconnection-gnutls.c:831
-msgid "Peer failed to perform TLS handshake"
-msgstr "برقراری TLS handshake توسط همتا شکست خورد"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:810
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "همتا درخواست یک TLS rehandshake غیرقانونی کرده است"
+#: tls/gnutls/gtlsconnection-gnutls.c:426 tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "جفت در انجام دست دادن TLS شکست خورد: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:837
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "اتصال TLS بطور غیر منتظرهای شکست خورد"
-#: tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "همتا اتصال TLS گواهینامهای ارسال نکرد"
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "همتا یک هشدارِ جدی TLS ارسال کرد: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1241
-#: tls/gnutls/gtlsconnection-gnutls.c:1274
+#: tls/gnutls/gtlsconnection-gnutls.c:500
+msgid "Protocol version downgrade attack detected"
+msgstr "حملهٔ پایین بردن نگارش قرارداد کشف شد"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:509
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "پیام برای اتّصال DTLS خیلی بزرگ است. بیشنه %Iu بایت است"
+msgstr[1] "پیام برای اتّصال DTLS خیلی بزرگ است. بیشنه %Iu بایت است"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:518
+msgid "The operation timed out"
+msgstr "مهلت عملیات به سر رسید"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:870
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "خطا در هنگام انجام TLS handshake. خطا: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1284
-msgid "Server did not return a valid TLS certificate"
-msgstr "کارگزار گواهینامه TLS معتبری ارسال نکرد"
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
+msgid "Error performing TLS handshake"
+msgstr "خطا در انجام دست دادن TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1354
-msgid "Unacceptable TLS certificate"
-msgstr "گواهینامه TLS غیر قابل پذیرش"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "ناتوان در دریافت الگوریتم امضای گواهینامه"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "خطای خواندن داده از سوکت TLS"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
+msgid "Error writing data to TLS socket"
+msgstr "خطای نوشتن داده در سوکت TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1562
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "خطا در هنگام هواندن اطلاعات از طریق سوکت TLS. خط: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "پیام با اندازهٔ %Ilu بایت برای اتّصال DTLS خیلی بزرگ است"
+msgstr[1] "پیام با اندازهٔ %Ilu بایت برای اتّصال DTLS خیلی بزرگ است"
-#: tls/gnutls/gtlsconnection-gnutls.c:1591
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "خطا در هنگام نوشتن اطلاعات در سوکت TLS. خطا: %s"
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(بیشینه %Iu بایت است)"
+msgstr[1] "(بیشینه %Iu بایت است)"
-#: tls/gnutls/gtlsconnection-gnutls.c:1655
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
msgid "Error performing TLS close: %s"
msgstr "خطا در هنگام انجام بستن TLS. خطا: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"شکست در بار کردن ذخیرهٔ اطمینان سامانه: GNUTLS با یک اطمینان سامانه پیکربندی "
+"نشده بود"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "شکست در بار کردن ذخیرهٔ اطمینان سامانه: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "شکست در تکمیل سیاههٔ اطمینان از %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "گواهینامه هیچ کلید خصوصیای ندارد"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "آخرین شانس برای صحیح وارد کردن PIN قبل از قفل شدن رمز است."
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "نتوانست سیاههٔ رمزنگاری TLS را تنظیم کند: %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "نتوانست شیوهنامهٔ MAX را به %Id تنظیم کند: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "ناتوان در ایجاد محتوای TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "مرجع گواهینامهٔ TLS غیر قابل پذیرش"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "دایجست برای کلید RSA خیلی بزرگ است"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "مذاکرهٔ دوبارهٔ امن از کار افتاده است"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: اتّصال خراب است"
+
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:701
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:747
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
msgstr ""
-"تعدادی از تلاشهای برای وارد کردن PIN شکست خورده است، و رمز پس از شکستهای "
-"بعدی قفل خواهد شد."
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "عبارت PIN وارد شده نادرست است."
+#: tls/openssl/gtlsconnection-openssl.c:778
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "خطای انجام بستن TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr ""
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "ناتوان در ایجاد ذخیرهٔ CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "مشکلی با کلید خصوصی گواهینامه وجود دارد: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "مشکلی با گواهینامه وجود دارد: %s"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "شکست در بار کردن مسیر پرونده: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "عملیات میتواند بلوکه شود"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "همتا درخواست یک TLS rehandshake غیرقانونی کرده است"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "کارگزار گواهینامه TLS معتبری ارسال نکرد"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "آخرین شانس برای صحیح وارد کردن PIN قبل از قفل شدن رمز است."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "تعدادی از تلاشهای برای وارد کردن PIN شکست خورده است، و رمز پس از شکستهای "
+#~ "بعدی قفل خواهد شد."
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "عبارت PIN وارد شده نادرست است."
-#: tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "ماژول"
+#~ msgid "Module"
+#~ msgstr "ماژول"
-#: tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "نشانگر ماژول PKCS#11"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "نشانگر ماژول PKCS#11"
-#: tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "شناسهی جایگاه"
+#~ msgid "Slot ID"
+#~ msgstr "شناسهی جایگاه"
-#: tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "شناساگر جایگاه PKCS#11"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "شناساگر جایگاه PKCS#11"
#~ msgid "Connection is already closed"
#~ msgstr "اتصال از قبل بسته شده است"
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
"issues\n"
-"POT-Creation-Date: 2019-02-03 13:01+0000\n"
-"PO-Revision-Date: 2019-02-07 21:37+0200\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-08-29 13:48+0300\n"
"Last-Translator: Jiri Grönroos <jiri.gronroos+l10n@iki.fi>\n"
"Language-Team: Finnish <gnome-fi-laatu@lists.sourceforge.net>\n"
"Language: fi\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-POT-Import-Date: 2012-02-19 15:16:01+0000\n"
-"X-Generator: Poedit 2.0.6\n"
+"X-Generator: Poedit 3.0\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Väliselvityspalvelimen sisäinen virhe."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Yhteys on suljettu"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+#, fuzzy
+#| msgid "Error performing TLS handshake"
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Virhe suoritettaessa TLS-kättelyä"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
msgstr ""
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Palvelin vaatii TLS-varmenteen"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "TLS-varmenne ei ole hyväksyttävä"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr ""
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER-varmennetta ei voitu jäsentää: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM-varmennetta ei voitu jäsentää: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER-yksityisavainta ei voitu jäsentää: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM-yksityisavainta ei voitu jäsentää: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, fuzzy, c-format
+#| msgid "Could not parse PEM certificate: %s"
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PEM-varmennetta ei voitu jäsentää: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Varmennetietoja ei tarjottu"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:537
-#: tls/openssl/gtlsserverconnection-openssl.c:401
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Ei voitu luoda TLS-yhteyttä: %s"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:858
-#: tls/gnutls/gtlsconnection-gnutls.c:1468
-msgid "Socket I/O timed out"
+msgid "Cannot verify peer identity of unexpected type %s"
msgstr ""
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
-#: tls/gnutls/gtlsconnection-gnutls.c:1036
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Vastapuoli ei kyennyt suoriutumaan TLS-kättelystä"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "Ei voitu luoda TLS-yhteyttä:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/openssl/gtlsconnection-openssl.c:234
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Vastapuoli pyysi laitonta TLS-uusintakättelyä"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Ei voitu luoda TLS-yhteyttä: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Vastapuoli ei kyennyt suoriutumaan TLS-kättelystä: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1042
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "TLS-yhteys katkesi yllättäen"
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:171
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS-yhteyden vertainen ei lähettänyt varmennetta"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
-#: tls/gnutls/gtlsconnection-gnutls.c:2160
-#: tls/openssl/gtlsconnection-openssl.c:416
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "TLS-varmenne ei ole hyväksyttävä"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Vertainen lähetti kohtalokkaan TLS-hälytyksen: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1076
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Havaittiin yhteyskäytännön version alentamishyökkäys"
-#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Viesti on liian suuri DTLS-yhteydelle; enimmäismäärä on %u tavu"
+msgstr[1] "Viesti on liian suuri DTLS-yhteydelle; enimmäismäärä on %u tavua"
-#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
-msgstr ""
+msgstr "Toimenpide aikakatkaistiin"
-#: tls/gnutls/gtlsconnection-gnutls.c:1981
-msgid "Peer does not support safe renegotiation"
-msgstr ""
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Virhe suoritettaessa TLS-kättelyä: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2008
-#: tls/gnutls/gtlsconnection-gnutls.c:2058
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Virhe suoritettaessa TLS-kättelyä"
-#: tls/gnutls/gtlsconnection-gnutls.c:2510
-#: tls/gnutls/gtlsconnection-gnutls.c:2602
-msgid "Error reading data from TLS socket"
-msgstr "Virhe luettaessa tietoa TLS-pistokkeesta"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
-#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
+msgid "Channel binding data is not yet available"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509-varmenne ei ole saatavilla tällä yhteydellä"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509-varmenne ei ole saatavilla tai se on tuntematonta muotoa: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Varmenteen allekirjoituksen algoritmia ei ollut mahdollista saada"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
msgstr ""
+"Nykyinen X.509-varmenne käyttää tuntematonta tai ei-tuettua "
+"allekirjoitusalgoritmia"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Virhe luettaessa tietoa TLS-pistokkeesta"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2709
-#: tls/gnutls/gtlsconnection-gnutls.c:2781
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen"
-#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Viesti kokoa %lu tavu on liian suuri DTLS-yhteydelle"
+msgstr[1] "Viesti kokoa %lu tavua on liian suuri DTLS-yhteydelle"
-#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "(enimmäismäärä on %u tavu)"
+msgstr[1] "(enimmäismäärä on %u tavua)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr ""
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2915
-msgid "Error performing TLS close"
-msgstr "Virhe suoritettaessa TLS-sulkemista"
+msgid "Error performing TLS close: %s"
+msgstr "Virhe suoritettaessa TLS-sulkemista: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr ""
+"Järjestelmän luottamussäilön lataaminen epäonnistui: GnuTLS:ää ei ole "
+"määritetty toimimaan järjestelmän luottamuksen kanssa"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
-msgstr ""
-
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:328
+msgstr "Järjestelmän luottamussäilön lataaminen epäonnistui: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, fuzzy, c-format
+#| msgid "Failed to load system trust store: %s"
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Järjestelmän luottamussäilön lataaminen epäonnistui: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Varmenteella ei ole yksityistä avainta"
-#: tls/openssl/gtlsclientconnection-openssl.c:486
-#: tls/openssl/gtlsserverconnection-openssl.c:292
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, fuzzy, c-format
+#| msgid "Could not create TLS context: %s"
+msgid "Could not set TLS cipher list: %s"
+msgstr "Ei voitu luoda TLS-kontekstia: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, fuzzy, c-format
+#| msgid "Could not parse PEM certificate: %s"
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "PEM-varmennetta ei voitu jäsentää: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Ei voitu luoda TLS-kontekstia: %s"
-#: tls/openssl/gtlsconnection-openssl.c:179
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "TLS-varmenteen myöntäjä ei ole hyväksyttävä"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr ""
-#: tls/openssl/gtlsconnection-openssl.c:243
-#: tls/openssl/gtlsconnection-openssl.c:376
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Virhe suoritettaessa TLS-kättelyä: %s"
+#| msgid "Connection is closed"
+msgid "%s: The connection is broken"
+msgstr "%s: Yhteys on rikki"
-#: tls/openssl/gtlsconnection-openssl.c:386
-msgid "Server did not return a valid TLS certificate"
-msgstr "Palvelin ei palauttanut kelvollista TLS-varmennetta"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr ""
-#: tls/openssl/gtlsconnection-openssl.c:500
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Virhe luettaessa tietoa TLS-pistokkeesta: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509-varmenne ei ole saatavilla tälle yhteydelle"
-#: tls/openssl/gtlsconnection-openssl.c:526
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr ""
-#: tls/openssl/gtlsconnection-openssl.c:552
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Virhe suoritettaessa TLS-sulkemista: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-yhteys ei vaikuta tukevan TLS-Exporter-ominaisuutta"
-#: tls/openssl/gtlsserverconnection-openssl.c:335
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Virhe suoritettaessa TLS-sulkemista"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Keychainilta ei voitu saada luotettuja ankkureja"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "CA-varmennesäilöä ei voitu luoda"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Varmenteen yksityisen avaimen kanssa on ongelma: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:344
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Varmenteen kanssa on ongelma: %s"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Tiedostopolun lataaminen epäonnistui: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Vastapuoli pyysi laitonta TLS-uusintakättelyä"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Palvelin ei palauttanut kelvollista TLS-varmennetta"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Virhe luettaessa tietoa TLS-pistokkeesta: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Virhe kirjoitettaessa tietoa TLS-pistokkeeseen: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# French translation for glib-networking.
-# Copyright (C) 2011-2019 Listed translators
+# Copyright (C) 2011-2021 Listed translators
# This file is distributed under the same license as the glib-networking package.
-# Claude Paroz <claude@2xlibre.net>, 2011-2019.
+#
+# Claude Paroz <claude@2xlibre.net>, 2011-2021.
# Charles Monzat <charles.monzat@numericable.fr>, 2018.
+# William Oprandi <william.oprandi@gmail.com>, 2019.
+# Thibault Martin <mail@thibaultmart.in>, 2020.
+# Guillaume Bernard <associations@guillaume-bernard.fr>
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-02-03 13:01+0000\n"
-"PO-Revision-Date: 2018-11-15 19:44+0100\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-12-02 08:38+0100\n"
"Last-Translator: Claude Paroz <claude@2xlibre.net>\n"
"Language-Team: GNOME French Team <gnomefr@traduc.org>\n"
"Language: fr\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Erreur interne du résolveur de serveur mandataire."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "La connexion est fermée"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "L’opération serait bloquante"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Impossible d’effectuer une opération bloquante lors de la négociation TLS"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Les entrées/sorties du connecteur ont expiré"
+
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Le serveur requiert un certificat TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"La poignée de main n’est pas terminée, aucune information de liaison de "
+"canal pour le moment"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Le pair ne prend pas en charge la renégociation sûre"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptable"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Les drapeaux de réception ne sont pas pris en charge"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Les drapeaux d’envoi ne sont pas pris en charge"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Impossible d’analyser le certificat DER : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Impossible d’analyser le certificat PEM : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Impossible d’analyser la clé privée DER : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Impossible d’analyser la clé privée PEM : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Impossible d’importer l’URI du certificat PKCS #11 : %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Aucune donnée de certificat fournie"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:537
-#: tls/openssl/gtlsserverconnection-openssl.c:401
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Impossible de créer une connexion TLS : %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Impossible de vérifier l’identité du pair de type %s inattendu"
-#: tls/gnutls/gtlsconnection-gnutls.c:858
-#: tls/gnutls/gtlsconnection-gnutls.c:1468
-msgid "Socket I/O timed out"
-msgstr "Les entrées/sorties du connecteur ont expiré"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Impossible de créer une connexion TLS :"
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
-#: tls/gnutls/gtlsconnection-gnutls.c:1036
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "La négociation TLS avec le serveur pair a échoué"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossible de créer une connexion TLS : %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/openssl/gtlsconnection-openssl.c:234
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Le serveur pair a demandé une renégociation TLS non autorisée"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "La négociation TLS avec le serveur pair a échoué : %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1042
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "La connexion TLS a été fermée de manière inattendue"
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:171
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Le pair TLS n’a pas envoyé de certificat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
-#: tls/gnutls/gtlsconnection-gnutls.c:2160
-#: tls/openssl/gtlsconnection-openssl.c:416
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificat TLS inacceptable"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Le pair a envoyé une alerte TLS fatale : %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1076
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Une attaque par régression de version de protocole a été détectée"
-#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
"Le message est trop grand pour la connexion DTLS ; le maximum est de %u "
"octets"
-#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "L’opération a expiré"
-#: tls/gnutls/gtlsconnection-gnutls.c:1981
-msgid "Peer does not support safe renegotiation"
-msgstr "Le pair ne prend pas en charge la renégociation sûre"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erreur lors de la négociation TLS : %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2008
-#: tls/gnutls/gtlsconnection-gnutls.c:2058
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Erreur lors de la négociation TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2510
-#: tls/gnutls/gtlsconnection-gnutls.c:2602
-msgid "Error reading data from TLS socket"
-msgstr "Erreur lors de la lecture de données du connecteur TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
+"Le type de liaison de canal n’est pas implémenté dans la bibliothèque TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Les drapeaux de réception ne sont pas pris en charge"
+msgid "Channel binding data is not yet available"
+msgstr "Les données de liaison de canal ne sont pas encore disponibles"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Le certificat X.509 n’est pas disponible sur la connexion"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"Le certificat X.509 n’est pas disponible ou est d’un format inconnu : %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Impossible d’obtenir l’algorithme de signature du certificat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Le certificat X.509 actuel utilise des algorithmes de signature inconnus ou "
+"non pris en charge"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Le type de liaison de canal demandé n’est pas implémenté"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Erreur lors de la lecture de données du connecteur TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2709
-#: tls/gnutls/gtlsconnection-gnutls.c:2781
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Erreur lors de l’écriture de données sur le connecteur TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Un message de %lu octet est trop grand pour la connexion DTLS"
msgstr[1] "Un message de %lu octets est trop grand pour la connexion DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(le maximum est de %u octet)"
msgstr[1] "(le maximum est de %u octets)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Les drapeaux d’envoi ne sont pas pris en charge"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2915
-msgid "Error performing TLS close"
-msgstr "Erreur lors de la fermeture TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Erreur lors de la fermeture TLS : %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Impossible de charger le stockage de confiance système : GnuTLS n’a pas été "
"configuré avec une confiance système"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Impossible de charger le stockage de confiance système : %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:328
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Impossible de charger la liste de confiance depuis %s : %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Le certificat n’a pas de clé privée"
-#: tls/openssl/gtlsclientconnection-openssl.c:486
-#: tls/openssl/gtlsserverconnection-openssl.c:292
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Impossible de définir la liste des chiffrements TLS : %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Impossible de définir le protocole MAX à %d : %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Impossible de créer un contexte TLS : %s"
-#: tls/openssl/gtlsconnection-openssl.c:179
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autorité de certificat TLS inacceptable"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "L’empreinte est trop longue pour une clé RSA"
-#: tls/openssl/gtlsconnection-openssl.c:243
-#: tls/openssl/gtlsconnection-openssl.c:376
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "La renégociation sûre est désactivée"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Erreur lors de la négociation TLS : %s"
+msgid "%s: The connection is broken"
+msgstr "%s : La connexion est cassée"
-#: tls/openssl/gtlsconnection-openssl.c:386
-msgid "Server did not return a valid TLS certificate"
-msgstr "Le serveur n’a pas renvoyé un certificat TLS valide"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr ""
+"Les données de liaison de canal pour tls-unique ne sont pas disponibles"
-#: tls/openssl/gtlsconnection-openssl.c:500
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Erreur lors de la lecture de données du connecteur TLS : %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Le certificat X.509 n’est pas disponible pour la connexion"
-#: tls/openssl/gtlsconnection-openssl.c:526
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Erreur lors de l’écriture de données sur le connecteur TLS : %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Impossible de générer le condensat du certificat X.509"
-#: tls/openssl/gtlsconnection-openssl.c:552
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Erreur lors de la fermeture TLS : %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "La connexion TLS ne prend pas en charge la fonctionnalité TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:335
+#: tls/openssl/gtlsconnection-openssl.c:777
#, c-format
-msgid "There is a problem with the certificate private key: %s"
-msgstr "Il y a un problème avec la clé privée du certificat : %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Erreur inattendue lors de l’exportation des données saisies"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Erreur lors de la fermeture TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr ""
+"Impossible d’obtenir des ancres de confiance à partir de la chaîne de clés"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Impossible d’accéder au stockage du certificat racine"
-#: tls/openssl/gtlsserverconnection-openssl.c:344
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Impossible d’accéder au stockage de certificat CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Impossible de créer un stockage CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Il y a un problème avec le certificat : %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:193
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Il y a un problème avec la clé privée du certificat : %s"
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-04 13:31+0100\n"
+"POT-Creation-Date: 2021-12-18 16:29+0000\n"
+"PO-Revision-Date: 2021-12-23 08:01+0100\n"
"Last-Translator: Fabio Tomat <f.t.public@gmail.com>\n"
"Language-Team: Friulian <fur@li.org>\n"
"Language: fur\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 2.2.1\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.0.1\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Erôr interni dal resolver proxy."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "La conession e je sierade"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Le operazion e podarès blocâsi"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Impussibil eseguî la operazion di bloc intant che si eseguìs il handshake TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "I/O dal socket scjadût"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Il server al domande un certificât TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Il handshake nol è finît, ancjemò nissune informazion di leam dal canâlt"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Il “peer” nol supuarte la rinegoziazion sigure"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificât TLS no acetabil"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Lis opzions di ricezion no son supuartadis"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Lis opzions par inviâ no son supuartadis"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Impussibil analizâ il certificât DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Impussibil analizâ il certificât PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Impussibil analizâ la clâf privade DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Impussibil analizâ la clâf privade PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Impussibil impuartâ il URI dal certificât PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Nissun dât di certificât dât"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Impussibil creâ la conession TLS: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
+msgid "Cannot verify peer identity of unexpected type %s"
msgstr ""
-"Impussibil eseguî la operazion di bloc intant che si eseguìs il handshake TLS"
+"Impussibil verificâ la identitât di chel di chê altre bande di gjenar "
+"inspietât %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "I/O dal socket scjadût"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Impussibil creâ la conession TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Il pâr nol è rivât a eseguî il handshake TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impussibil creâ la conession TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Il pâr al à domandât un rehandshake TLS no lecit"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Il pâr nol è rivât a eseguî il handshake TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Sieradure inspietade de conession TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Il pâr di conession TLS nol à inviât un certificât"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificât TLS no acetabil"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Il pâr al à inviât l'avîs TLS fatâl: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Scuviert atac pal passaç a une version inferiôr de version di protocol"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] ""
"Il messaç al è masse grant pe conession DTLS; il massim al è di %u byte"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "La operazion e je scjadude"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Il “peer” nol supuarte la rinegoziazion sigure"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erôr tal eseguî il handshake TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Erôr tal eseguî il handshake TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Erôr tal lei dâts dal socket TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr ""
+"I dâts di associazion dal canâl vueit a indichin un erôr te implementazion "
+"de librarie TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Lis opzions di ricezion no son supuartadis"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Il gjenar di leam dal canâl nol è implementât te librarie TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "I dâts dal leam dal canâl no son ancjemò disponibii"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Il certificât X.509 nol è disponibil te conession"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"Il certificât X.509 nol è disponibil o al è tun formât no cognossût: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Impussibil otignî l'algoritmi di firme dal certificât"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Il certificât X.509 atuâl al dopre un algoritmi di firme no cognossût o no "
+"supuartât"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Il gjenar dal leam dal canâl domandât nol è implementât"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Erôr tal lei dâts dal socket TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
msgid "Error writing data to TLS socket"
msgstr "Erôr tal scrivi dâts al socket TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Il messaç di dimension %lu byte al è masse grant pe conession DTLS"
msgstr[1] "Il messaç di dimension %lu byte al è masse grant pe conession DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(il massim al è %u byte)"
msgstr[1] "(il massim al è %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
#, c-format
-msgid "Send flags are not supported"
-msgstr "Lis opzions par inviâ no son supuartadis"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Erôr tal sierâ TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Erôr tal sierâ TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"No si è rivâts a cjariâ l'archivi di fiducie dal sisteme: GnuTLS nol jere "
"configurât cuntune fiducie di sisteme"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "No si è rivâts a cjariâ l'archivi di fiducie dal sisteme: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "No si è rivâts a popolâ la liste di fiducie di %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Il certificât nol à une clâf privade"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nol è stât pussibil stabilî la liste di cifradure TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Impussibil stabilî il protocol MAX a %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Impussibil creâ il contest TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoritât dal certificât TLS no acetabil"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Digest masse grant pe clâf RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "La rinegoziazion sigure e je disabilitade"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Erôr tal eseguî il handshake TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: La conession e je rote"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Il server nol à tornât un certificât TLS valit"
+#: tls/openssl/gtlsconnection-openssl.c:660
+#, c-format
+msgid "The request is invalid."
+msgstr "La richieste no je valide."
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:683
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Erôr tal lei dâts dal socket TLS: %s"
+msgid "Channel binding data tls-unique is not available"
+msgstr "I dâts tls-unique dal leam dal canâl no son disponibii"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:706
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Erôr tal scrivi dâts al socket TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Il certificât X.509 nol è disponibil te conession"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:752
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Erôr tal sierâ TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "No si è rivâts a gjenerâ il digest dal certificât"
+
+#: tls/openssl/gtlsconnection-openssl.c:783
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "La conession TLS no supuarte la funzionalitât TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:786
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Erôr inspietât tal espuartâ i dâts dal puarteclâfs"
+
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Erôr tal sierâ TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Impussibil otignî ancuris fidadis de Keychain"
+
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Impussibil otignî l'archivi dal certificât di root"
+
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr ""
+"Impussibil otignî l'archivi dal certificât de Autoritât di Certificazion CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Impussibil creâ il depuesit di CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Si à un probleme cul certificât: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Si à un probleme cun la clâf privade dal certificât: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Il pâr al à domandât un rehandshake TLS no lecit"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "No si è rivâts a cjariâ il percors dal file: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Le operazion e podarès blocâsi"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Il server nol à tornât un certificât TLS valit"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Erôr tal lei dâts dal socket TLS: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Erôr tal scrivi dâts al socket TLS: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
# Copyright © 2011 Leandro Regueiro.
-# Leandro Regueiro <leandro.regueiro@gmail.com>, 2011.
# Proxecto Trasno - Adaptación do software libre á lingua galega: Se desexas
# colaborar connosco, podes atopar máis información en <http://trasno.net>
+#
+# Leandro Regueiro <leandro.regueiro@gmail.com>, 2011.
# Fran Diéguez <frandieguez@ubuntu.com>, 2011.
-# Fran Dieguez <frandieguez@gnome.org>, 2011, 2012, 2017, 2018, 2019.
+# Fran Dieguez <fran.dieguez@gnome.org>, 2011-2021.
+#
msgid ""
msgstr ""
-"Project-Id-Version: \n"
+"Project-Id-Version: unnamed project\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-03 21:41+0200\n"
-"Last-Translator: Fran Dieguez <frandieguez@gnome.org>\n"
-"Language-Team: Galician\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-19 23:34+0100\n"
+"Last-Translator: Fran Dieguez <fran.dieguez@gnome.org>\n"
+"Language-Team: Galician <proxecto@trasno.gal>\n"
"Language: gl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Virtaal 0.7.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"X-Generator: Gtranslator 40.0\n"
"X-Project-Style: gnome\n"
+"X-DL-Team: gl\n"
+"X-DL-Module: glib-networking\n"
+"X-DL-Branch: master\n"
+"X-DL-Domain: po\n"
+"X-DL-State: Translating\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Erro interno do resolvedor de proxy."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "A conexión está pechada"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "A operación bloquearase"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Produciuse un erro ao realizar a operación de bloqueo durante a negociación "
+"TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Tempo de espera do Socket de E/S superado"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "O servidor require un certificado TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Saúdo non rematado, aínda non hai información de ligazón da canle"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "O par non admite a renegociación segura"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceptábel"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "As bandeiras de recepción non se admiten"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "As bandeiras de envío non se admiten"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Non foi posíbel analizar o certificado DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Non foi posíbel analizar o certificado PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Non foi posíbel analizar a chave privada DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Non foi posíbel analizar a chave privada PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Non foi posíbel importar o URI do certificado PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Non se forneceu ningún dato do certificado"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Non foi posíbel crear a conexión TLS: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-#| msgid "Error performing TLS handshake"
-msgid "Cannot perform blocking operation during TLS handshake"
+msgid "Cannot verify peer identity of unexpected type %s"
msgstr ""
-"Produciuse un erro ao realizar a operación de bloqueo durante a negociación "
-"TLS"
+"Non é posíbel verificar a identidade do par do tipo non especificado %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Tempo de espera do Socket de E/S superado"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Non foi posíbel crear a conexión TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "O par fallou ao realizar a negociación TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Non foi posíbel crear a conexión TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "O par solicitou unha renegociación TLS inaceptábel"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "O par fallou ao realizar a negociación TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "A conexión TLS pechouse de forma inesperada"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "O par da conexión TLS non enviou un certificado"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificado TLS inaceptábel"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
-msgstr "O par envióu unha alerta TLS fatal: %s"
+msgstr "O par enviou unha alerta TLS fatal: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Ataque de degradación de versión do protocolo detectada"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] ""
"O mensaxe é demasiado largo para a conexión DTLS; o máximo é %u bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "A operación superou o tempo máximo permitido"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "O par non admite a renegociación segura"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Produciuse un erro ao realizar a negociación TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Produciuse un erro ao realizar a negociación TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Produciuse un erro ao ler datos do socket TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
+"O tipo de ligazón da canle única de TLS non está implementada na biblioteca "
+"de TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "As bandeiras de recepción non se admiten"
+msgid "Channel binding data is not yet available"
+msgstr "Os datos de ligazón da canle non están dispoñíbeis aínda"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "O certificado X.509 non está dispoñíbel na conexión"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"O certificado X.509 non está dispoñíbel ou ten un formato descoñecido: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Non foi posíbel obter o algoritmo de sinatura do certificado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"O certificado X.509 actual usa un algoritmo de sinatura descoñecido ou non "
+"admitido"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "O tipo de ligazón de canle solicitado non está implementado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Produciuse un erro ao ler datos do socket TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Produciuse un erro ao escribir datos no socket TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] ""
"O mensaxe de %lu bytes de tamaño é demasiado largo para a conexión DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(o máximo é %u byte)"
msgstr[1] "(o máximo é %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "As bandeiras de envío non se admiten"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Produciuse un erro ao pechar o TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Produciuse un erro ao pechar o TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr ""
-"Produciuse un fallo ao cargar o almacén seguro do sitema: GnuTLS non foi "
-"configurada como unha confiaza do sistema"
+"Produciuse un fallo ao cargar o almacén seguro do sistema: GnuTLS non foi "
+"configurada como unha confianza do sistema"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Produciuse un fallo ao cargar o almacén de confianza do sistema: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Produciuse un fallo ao cargar a lista de confianza desde %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "O certificado no ten unha chave privada"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Non foi posíbel estabelecer a lista de cifradores TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Non foi posíbel estabelecer o protocolo MAX a %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Non foi posíbel crear o contexto de TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Certificado de autoridade TLS inaceptábel"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "O Digest é demasiado grande para unha chave RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "A renegociación segura está desactivada"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Produciuse un erro ao realizar a negociación TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: A conexión está rota"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "O servidor non devolveu un certificado TLS válido"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Datos de ligazón da canle só TLS non está dispoñíbel"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Produciuse un erro ao ler datos do socket TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "No está dispoñíbel o certificado X.509 na conexión"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Produciuse un erro ao escribir datos no socket TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Produciuse un fallo ao xerar o digest do certificado X.509"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Produciuse un erro ao pechar o TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "A conexión TLS non admite a característica TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Produciuse un erro ao exportar os datos de asinado"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Produciuse un erro ao pechar o TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Non foi posíbel obter as áncoras de confianza desde o Anel de chaves"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get root certificate store"
+msgstr "Non foi posíbel obter o almacén do certificado raíz"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get CA certificate store"
+msgstr "Non foi posíbel obter o CA do almacén de certificado"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Non foi posíbel crear o almacén de CA: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Hai un problema co certificado: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Hai un problema coa chave privada do certificado: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "O par solicitou unha renegociación TLS inaceptábel"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Produciuse un fallo ao cargar a ruta do ficheiro: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "A operación bloquearase"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "O servidor non devolveu un certificado TLS válido"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Produciuse un erro ao ler datos do socket TLS: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Produciuse un erro ao escribir datos no socket TLS: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-11-26 16:17+0200\n"
-"PO-Revision-Date: 2017-11-26 16:22+0200\n"
-"Last-Translator: Yosef Or Boczko <yoseforb@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-09-23 23:27+0300\n"
+"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
"Language-Team: Hebrew <sh.yaron@gmail.com>\n"
"Language: he\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural= (n !=1 );\n"
-"X-Poedit-Language: Hebrew\n"
-"X-Poedit-Country: ISRAEL\n"
+"Plural-Forms: nplurals=4; plural=(n==1 ? 0 : n==2 ? 1 : n>10 && n%10==0 ? "
+"2 : 3);\n"
"X-Poedit-SourceCharset: UTF-8\n"
+"X-Generator: Poedit 3.0\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "שגיאה פנימית בפתרון המתווך."
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "החיבור סגור"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "לא ניתן לבצע פעולת חסימה במהלך לחיצת ידיים של TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "אזל הזמן שהוקצב לקריאה/כתיבה לשקע"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "השרת דורש תעודת TLS"
+
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "לחיצת היד לא הסתיימת, אין פרטי איגוד ערוצים עדיין"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "העמית לא תומך במשא ומתן מחודש בטוח"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "אישור ה־TLS אינו מקובל"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "קבלת דגלים לא נתמכת"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "שליחת דגלים אינה נתמכת"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "לא ניתן לפענח את אישור ה־DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "לא ניתן לפענח את אישור ה־PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "לא ניתן לפענח את מפתח ה־DER הפרטי: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "לא ניתן לפענח את מפתח ה־PEM הפרטי: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "לא ניתן לייבא כתובת אישור PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "לא סופקו נתוני אישור"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:396
-msgid "Server required TLS certificate"
-msgstr "השרת דורש תעודת TLS"
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "לא ניתן לאמת את זהות העמית מסוג לא צפוי %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "לא ניתן ליצור חיבור TLS:"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:382
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "לא ניתן ליצור חיבור TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:677
-msgid "Connection is closed"
-msgstr "החיבור סגור"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:752
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2152
-msgid "Operation would block"
-msgstr "הפעולה תיחסם"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:793
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1374
-msgid "Socket I/O timed out"
-msgstr "אזל הזמן שהוקצב לקריאה/כתיבה לשקע"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:927
-#: ../tls/gnutls/gtlsconnection-gnutls.c:966
-msgid "Peer failed to perform TLS handshake"
-msgstr "העמית נכשל בלחיצת היד מסוג TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:945
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "העמית ביקש לחיצת יד חוזרת מסוג TLS בלתי חוקית"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "העמית נכשל בלחיצת היד מסוג TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:972
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "החיבור ל־TLS נסגר באופן בלתי צפוי"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "הצד השני בחיבור ה־TLS לא החזיר תעודה"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:988
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
-msgstr ""
+msgstr "העמית שלח התראה על TLS קטלני: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:500
+msgid "Protocol version downgrade attack detected"
+msgstr "זוהתה מתקפת שנמוך גרסת פרוטוקול"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:996
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "ההודעה גדולה מדי לחיבור DTLS, בית אחד לכל היותר"
+msgstr[1] "ההודעה גדולה מדי לחיבור DTLS, שני בתים לכל היותר"
+msgstr[2] "ההודעה גדולה מדי לחיבור DTLS, %u בתים לכל היותר"
+msgstr[3] "ההודעה גדולה מדי לחיבור DTLS, %u בתים לכל היותר"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
-msgstr "×\96×\9e×\9f ×\94פע×\95×\9c×\94 ×\90×\96×\9c."
+msgstr "×\94×\96×\9e×\9f ש×\94×\95קצ×\91 ×\9cפע×\95×\9c×\94 ת×\9d"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1780
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1831
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "שגיאה בביצוע לחיצת יד מסוג TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "שגיאה בביצוע לחיצת יד מסוג TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1841
-msgid "Server did not return a valid TLS certificate"
-msgstr "השרת לא החזיר תעודת TLS תקפה"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "סוג איגוד הערוצים עדיין לא מוטמע בספריית ה־TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1917
-msgid "Unacceptable TLS certificate"
-msgstr "אישור ה־TLS אינו מקובל"
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "נתוני איגוד הערוצים עדיין לא זמינים"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2185
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2276
-msgid "Error reading data from TLS socket"
-msgstr "שגיאה בקריאת הנתונים משקע ה־TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "אישור X.509 אינו זמין בחיבור"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2306
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
#, c-format
-msgid "Receive flags are not supported"
-msgstr "קבלת דגלים לא נתמכת"
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "אישור X.509 אינו זמין או שהוא בתצורה לא מוכרת: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "לא ניתן לקבל את אלגוריתם חתימת האישור"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr "אישור ה־X.509 הנוכחי משתמש באלגוריתם חתימה בלתי ידוע או בלתי נתמך"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "סוג איגוד הערוצים שמבוקש לא הוטמע"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "שגיאה בקריאת הנתונים משקע ה־TLS"
#. flags
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2382
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2453
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "שגיאה בכתיבת נתונים אל שקע ה־TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2423
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "הודעה בגודל בית אחד היא גדולה מדי לחיבור DTLS"
+msgstr[1] "הודעה בגודל שני בתים היא גדולה מדי לחיבור DTLS"
+msgstr[2] "הודעה בגודל %lu בתים היא גדולה מדי לחיבור DTLS"
+msgstr[3] "הודעה בגודל %lu בתים היא גדולה מדי לחיבור DTLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2425
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "(בית אחד לכל היותר)"
+msgstr[1] "(שני בתים לכל היותר)"
+msgstr[2] "(%u בתים לכל היותר)"
+msgstr[3] "(%u בתים לכל היותר)"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2484
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "ש×\9c×\99×\97ת ×\93×\92×\9c×\99×\9d ×\90×\99× ×\94 × ×ª×\9e×\9bת"
+msgid "Error performing TLS close: %s"
+msgstr "ש×\92×\99×\90×\94 ×\91×\91×\99צ×\95×¢ ס×\92×\99רת TLSâ\80\8f: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:2584
-msgid "Error performing TLS close"
-msgstr "שגיאה בביצוע סגירת TLS"
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"טעינת אחסון המהימנות של המערכת נכשלה: GnuTLS לא הוגדר עם מהימנות מערכת"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:109
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "טעינת אחסון המהימנות של המערכת נכשלה: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "אכלוס רשימת המהימנות מתוך %s נכשלה: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "לאישור אין מפתח פרטי"
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "×\96×\95×\94×\99 ×\94×\94×\96×\93×\9e× ×\95ת ×\94×\90×\97ר×\95× ×\94 ×\9c×\94×\96×\99×\9f ×\90ת ×\94Ö¾PIN ×\94× ×\9b×\95×\9f ×\9c×¤× ×\99 ש×\94×\90ס×\99×\9e×\95×\9f × × ×¢×\9c."
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "×\9c×\90 × ×\99ת×\9f ×\9c×\94×\92×\93×\99ר רש×\99×\9eת ×¦×¤× ×\99×\9d ×\9cÖ¾TLSâ\80\8f: %s"
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"חלק מניסיונות הזנת ה־PIN עלו בתוהו והאסימון יינעל לאחר ניסיונות כושלים "
-"נוספים."
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "לא ניתן להגדיר פרוטוקול MAX לכדי %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "לא ניתן ליצור הקשר TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "רשות האישורים ב־TLS אינה מקובלת"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "התמצית גדולה מדי למפתח RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "משא ומתן מחודש מאובטח מושבת"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+#| msgid "Connection is closed"
+msgid "%s: The connection is broken"
+msgstr "%s: החיבור פגום"
+
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "נתוני איגוד הערוץ tls-unique אינם זמינים"
+
+#: tls/openssl/gtlsconnection-openssl.c:701
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "אישור X.509 אינו זמין בחיבור"
+
+#: tls/openssl/gtlsconnection-openssl.c:747
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "יצירת תמצית אישור X.509 נכשלה"
+
+#: tls/openssl/gtlsconnection-openssl.c:778
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "חיבור ה־TLS לא תומך ביכולת מייצא TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "שגיאה בלתי צפויה בעת ייצוא נתוני סידורי המפתחות"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "שגיאה בביצוע סגירת TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "לא ניתן לקבל עוגנים מהימנים ממחזיק המפתחות"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "לא ניתן ליצור אחסון רשות אישורים"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "יש בעיה עם המפתח הפרטי של האישור: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "יש בעיה עם האישור: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "הפעולה תיחסם"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "העמית ביקש לחיצת יד חוזרת מסוג TLS בלתי חוקית"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "השרת לא החזיר תעודת TLS תקפה"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr "זוהי ההזדמנות האחרונה להזין את ה־PIN הנכון לפני שהאסימון ננעל."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "חלק מניסיונות הזנת ה־PIN עלו בתוהו והאסימון יינעל לאחר ניסיונות כושלים "
+#~ "נוספים."
-#: ../tls/pkcs11/gpkcs11pin.c:114
-msgid "The PIN entered is incorrect."
-msgstr "ה־PIN שהוזן שגוי."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "ה־PIN שהוזן שגוי."
-#: ../tls/pkcs11/gpkcs11slot.c:448
-msgid "Module"
-msgstr "מודול"
+#~ msgid "Module"
+#~ msgstr "מודול"
-#: ../tls/pkcs11/gpkcs11slot.c:449
-msgid "PKCS#11 Module Pointer"
-msgstr "מצביע מודול PKCS#11"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "מצביע מודול PKCS#11"
-#: ../tls/pkcs11/gpkcs11slot.c:456
-msgid "Slot ID"
-msgstr "מזהה חריץ"
+#~ msgid "Slot ID"
+#~ msgstr "מזהה חריץ"
-#: ../tls/pkcs11/gpkcs11slot.c:457
-msgid "PKCS#11 Slot Identifier"
-msgstr "מזהה חריץ PKCS#11"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "מזהה חריץ PKCS#11"
#~ msgid "Connection is already closed"
#~ msgstr "החיבור כבר סגור"
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
"issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-26 12:38+0100\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-19 17:13+0100\n"
"Last-Translator: gogo <trebelnik2@gmail.com>\n"
"Language-Team: Croatian <hr@li.org>\n"
"Language: hr\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Launchpad-Export-Date: 2017-04-10 14:16+0000\n"
-"X-Generator: Poedit 2.0.6\n"
+"X-Generator: Poedit 2.3\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Unutrašnja greška proxy razrješitelja."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Povezivanje je zatvoreno"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Radnja će blokirati"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ne može se izvesti radnja blokiranja tijekom TLS rukovanja"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Istek vremena U/I priključnice"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Poslužitelj zahtijeva TLS vjerodajnicu"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Rukovanje nije završeno, nema informacija povezivanja kanala"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Točka ne podržava sigurne pregovore"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Neprihvatljiva TLS vjerodajnica"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Primanje oznaka nije podržano"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Slanje oznaka nije podržano"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nemoguća analiza DER vjerodajnica: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nemoguća analiza PEM vjerodajnica: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nemoguća analiza DER privatnog ključa: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nemoguća analiza PEM privatnog ključa: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nemoguća uvoz PKCS #11 URI-ja vjerodajnica: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Nema pruženih podataka vjerodajnica"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Nemoguće stvaranje TLS povezivanja: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Nemoguća provjera identiteta čvora neočekivane vrste %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Ne može se izvesti radnja blokiranja tijekom TLS rukovanja"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Nemoguće stvaranje TLS povezivanja:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Istek vremena U/I priključnice"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Čvor je odbio izvesti TLS rukovanje"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nemoguće stvaranje TLS povezivanja: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Čvor zahtjeva ilegalno TLS ponovno rukovanje"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Čvor je odbio izvesti TLS rukovanje: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "TLS povezivanje je neočekivano zatvoreno"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS čvor povezivanja nije poslao vjerodajnicu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Neprihvatljiva TLS vjerodajnica"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Kobno slanje točke TLS upozorenje: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Vraćena je starija inačica protokola, napad otkriven"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta"
msgstr[2] "Poruka je prevelika za DTLS povezivanje; najviše je %u bajta"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Istek vremena radnje"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Točka ne podržava sigurne pregovore"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Greška izvođenja TLS rukovanja: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Greška izvođenja TLS rukovanja"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Greška čitanja podataka iz TLS priključnice"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Vrsta povezivanja kanala nije implementirana u TLS biblioteci"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Primanje oznaka nije podržano"
+msgid "Channel binding data is not yet available"
+msgstr "Podaci povezivanja kanala još nisu dostupni"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 vjerodajnica nije dostupna na povezivanju"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 vjerodajnica nije dostupna ili je nepoznatog formata: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nemoguće je nabaviti algoritam potpisa vjerodajnice"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Trenutna X.509 vjerodajnica koristi nepoznat ili nepodržan algoritam potpisa"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Zahtjevana vrsta povezivanja kanala nije implementirana"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Greška čitanja podataka iz TLS priključnice"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Greška zapisivanja podataka u TLS priključnicu"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
msgstr[2] "Poruka veličine %lu bajta je prevelika za DTLS povezivanje"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(najviše je %u bajta)"
msgstr[2] "(najviše je %u bajta)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Slanje oznaka nije podržano"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Greška izvođenja TLS zatvaranja"
+msgid "Error performing TLS close: %s"
+msgstr "Greška izvođenja TLS zatvaranja: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Neuspjelo učitavanje spremnika povjerenja sustava: GnuTLS nije podešen s "
"povjerenjem sustava"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Neuspjelo učitavanje spremnika povjerenja sustava: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Neuspjelo popunjavanje popisa povjerenja iz %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Vjerodajnica nema privatni ključ"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nemoguće postavljanje popisa TLS šifratora: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nemoguće postavljanje MAX protokola na %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Nemoguće stvaranje TLS sadržaja: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Neprihvatljiva punomoć TLS vjerodajnice"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Sadržaj je prevelik za RSA ključ"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Sigurnosno ponovno pregovaranje je onemogućeno"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Greška izvođenja TLS rukovanja: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Povezivanje je slomljeno"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Poslužitelj nije vratio valjanu TLS vjerodajnicu"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Podaci povezivanja kanala tls-unique još nisu dostupni"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Greška čitanja podataka iz TLS priključnice: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 vjerodajnica nije dostupna na povezivanju"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Greška zapisivanja podataka u TLS priključnicu: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Neuspjelo stvaranje sažetka X.509 vjerodajnice"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Greška izvođenja TLS zatvaranja: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS povezivanje ne podržava TLS-Exporter značajku"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Neočekivana greška pri izvozu podatka ključa"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Greška izvođenja TLS zatvaranja"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nemoguće dobivanje pouzdanog sidrišta iz skupa ključeva"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Nemoguća dobivanje spremišta korijenske vjerodajnice"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Nemoguća dobivanje spremišta CA vjerodajnice"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Nemoguće stvaranje CA spremišta"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Postoji problem s vjerodajnicom: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Postoji problem s privatnim ključem vjerodajnice: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Čvor zahtjeva ilegalno TLS ponovno rukovanje"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Nemoguće učitavanje putanje datoteke: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Radnja će blokirati"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Poslužitelj nije vratio valjanu TLS vjerodajnicu"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Greška čitanja podataka iz TLS priključnice: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Greška zapisivanja podataka u TLS priključnicu: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Hungarian translation for glib-networking.
-# Copyright (C) 2011, 2012, 2017, 2018, 2019. Free Software Foundation, Inc.
+# Copyright (C) 2011, 2012, 2017, 2018, 2019, 2020, 2021. Free Software Foundation, Inc.
# This file is distributed under the same license as the glib-networking package.
#
# Gabor Kelemen <kelemeng at gnome dot hu>, 2011, 2012.
-# Balázs Úr <urbalazs at gmail dot com>, 2012, 2017, 2018, 2019.
+# Balázs Úr <ur.balazs at fsf dot hu>, 2012, 2017, 2018, 2019, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
-"issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-03 20:37+0100\n"
-"Last-Translator: Meskó Balázs <mesko.balazs@fsf.hu>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-09-11 01:04+0200\n"
+"Last-Translator: Balázs Úr <ur.balazs at fsf dot hu>\n"
"Language-Team: Hungarian <gnome-hu-list at gnome dot org>\n"
"Language: hu\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Lokalize 19.12.3\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Proxyfeloldó belső hiba."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "A kapcsolat lezárva"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "A művelet blokkoló lenne"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "A blokkoló művelet nem végezhető el a TLS-kézfogás alatt"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "A foglalat túllépte az I/O időkorlátot"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "A kiszolgáló TLS-tanúsítványt kért"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "A kézfogás nem fejeződött be, még nincsenek csatornakötési információk"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "A partner nem támogatja a biztonságos újraegyeztetést"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Elfogadhatatlan TLS-tanúsítvány"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "A fogadási jelzők nem támogatottak"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "A küldési jelzők nem támogatottak"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "A DER tanúsítvány nem dolgozható fel: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "A PEM tanúsítvány nem dolgozható fel: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "A DER személyes kulcs nem dolgozható fel: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "A PEM személyes kulcs nem dolgozható fel: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "A PKCS #11 tanúsítvány URI nem importálható: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Nincsenek megadva tanúsítványadatok"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Nem lehet ellenőrizni a váratlan %s típus partner-személyazonosságát"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS connection:"
+msgstr "Nem sikerült létrehozni a TLS-kapcsolatot:"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
-msgstr "Nem sikerült létrehozni TLS-kapcsolatot: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "A blokkoló művelet nem végezhető el a TLS-kézfogás alatt"
+msgstr "Nem sikerült létrehozni a TLS-kapcsolatot: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "A foglalat túllépte az I/O időkorlátot"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "A partner nem tudta végrehajtani a TLS-kézfogást"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "A partner illegális ismételt TLS-kézfogást kért"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "A partner nem tudta végrehajtani a TLS-kézfogást: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "A TLS-kapcsolat váratlanul befejeződött"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "A TLS kapcsolat partner nem küldött tanúsítványt"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Elfogadhatatlan TLS-tanúsítvány"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "A partner végzetes TLS riasztást küldött: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Protokoll verzió visszaminősítéses támadás észlelve"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Az üzenet túl nagy a DTLS kapcsolathoz; legfeljebb %u bájt lehet"
msgstr[1] "Az üzenet túl nagy a DTLS kapcsolathoz; legfeljebb %u bájt lehet"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "A művelet túllépte az időkorlátot"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "A partner nem támogatja a biztonságos újratárgyalást"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Hiba a TLS-kézfogás végrehajtásakor: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Hiba a TLS-kézfogás végrehajtásakor"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Hiba az adatok olvasásakor a TLS-foglalatból"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+#| msgid ""
+#| "Channel binding type tls-unique is not implemented in the TLS library"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "A csatornakötési típus nincs megvalósítva a TLS programkönyvtárban"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "A fogadási jelzők nem támogatottak"
+#| msgid "Channel binding data for tls-unique is not yet available"
+msgid "Channel binding data is not yet available"
+msgstr "A csatornakötési adatok még nem érhetők el"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Az X.509 tanúsítvány nem érhető el a kapcsolaton"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Az X.509 tanúsítvány nem érhető el vagy ismeretlen formátumú: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "A tanúsítvány aláírási algoritmusa nem kérhető le"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"A jelenlegi X.509 tanúsítvány ismeretlen vagy nem támogatott aláírási "
+"algoritmust használ"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "A kért csatornakötési típus nincs megvalósítva"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Hiba az adatok olvasásakor a TLS-foglalatból"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Hiba az adatok TLS-foglalatba írásakor"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "A(z) %lu bájt méretű üzenet túl nagy a DTLS kapcsolathoz"
msgstr[1] "A(z) %lu bájt méretű üzenet túl nagy a DTLS kapcsolathoz"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(legfeljebb %u bájt)"
msgstr[1] "(legfeljebb %u bájt)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "A küldési jelzők nem támogatottak"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Hiba a TLS-lezárás végrehajtásakor"
+msgid "Error performing TLS close: %s"
+msgstr "Hiba a TLS-lezárás végrehajtásakor: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Nem sikerült betölteni a rendszer megbízhatósági tárát: a GnuTLS nem "
"rendszer megbízhatósággal lett beállítva"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Nem sikerült betölteni a rendszer megbízhatósági tárát: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Nem sikerült feltölteni a megbízhatósági listát innen: %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "A tanúsítványnak nincs személyes kulcsa"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nem sikerült beállítani a TLS titkosítási listát: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+#| msgid "Could not set MAX protocol to %ld: %s"
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nem sikerült beállítani a MAX protokollt %d értékűre: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Nem sikerült létrehozni TLS-környezetet: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Elfogadhatatlan TLS hitelesítésszolgáltató"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "A kivonat túl nagy az RSA kulcshoz"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "A biztonságos újraegyeztetés le van tiltva"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Hiba a TLS-kézfogás végrehajtásakor: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: A kapcsolat megszakadt"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "A kiszolgáló nem adott vissza érvényes TLS-tanúsítványt"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "A tls-unique csatornakötési adatok nem érhetők el"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Hiba az adatok olvasásakor a TLS-foglalatból: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Az X.509 tanúsítvány nem érhető el a kapcsolaton"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Hiba az adatok TLS-foglalatba írásakor: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Az X.509 tanúsítványkivonat előállítása sikertelen"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Hiba a TLS-lezárás végrehajtásakor: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "A TLS kapcsolat nem támogatja a TLS exportáló funkciót"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:781
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Probléma van a tanúsítvánnyal: %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Váratlan hiba a kulcsadatok exportálásakor"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Hiba a TLS lezárás végrehajtásakor"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nem sikerült lekérni a megbízható horgonyokat a Keychainből"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Nem sikerült létrehozni a CA-tárat"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Probléma van a tanúsítvány személyes kulcsával: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Probléma van a tanúsítvánnyal: %s"
#
# Andika Triwidada <andika@gmail.com>, 2011, 2012, 2013.
# Dirgita <dirgitadevina@yahoo.co.id>, 2012.
+# Kukuh Syafaat <kukuhsyafaat@gnome.org>, 2017, 2018, 2019, 2021.
+# Sucipto <sucipto@pm.me>, 2020.
+#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
"issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-02 19:07+0700\n"
+"POT-Creation-Date: 2021-12-20 15:37+0000\n"
+"PO-Revision-Date: 2021-12-22 16:11+0700\n"
"Last-Translator: Kukuh Syafaat <kukuhsyafaat@gnome.org>\n"
"Language-Team: Indonesian <gnome@i15n.org>\n"
"Language: id\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural= n!=1;\n"
-"X-Generator: Poedit 2.2.1\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Poedit 3.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Galat internal resolver proksi."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
-msgstr "Koneksi ditutup"
+msgstr "Sambungan ditutup"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Operasi akan memblokir"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Tak bisa melakukan operasi pemblokiran selama jabat tangan TLS"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "I/O soket kehabisan waktu"
+
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Server memerlukan sertifikat TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Jabat tangan belum selesai, belum ada informasi pengikatan saluran"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Peer tidak mendukung renegosiasi yang aman"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Sertifikat TLS tak dapat diterima"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Menerima tanda tidak didukung"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Mengirim tanda tidak didukung"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Tak bisa mengurai sertifikat DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Tak bisa mengurai sertifikat PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Tak bisa mengurai kunci privat DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Tak bisa mengurai kunci privat PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Tak bisa mengimport URI sertifikat PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Data sertifikat tak disediakan"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Tak bisa membuat koneksi TLS: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Tak bisa memverifikasi identitas rekan dari tipe tak terduga %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Tak bisa melakukan operasi pemblokiran selama jabat tangan TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Tak bisa membuat sambungan TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "I/O soket kehabisan waktu"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Peer gagal melakukan jabat tangan TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Tak bisa membuat sambungan TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Peer meminta jabat tangan ulang TLS yang ilegal"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Peer gagal melakukan jabat tangan TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
-msgstr "Koneksi TLS tertutup tak disangka-sangka"
+msgstr "Sambungan TLS tertutup tak disangka-sangka"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
-msgstr "Pasangan koneksi TLS tak mengembalikan sertifikat"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Sertifikat TLS tak dapat diterima"
+msgstr "Pasangan sambungan TLS tak mengembalikan sertifikat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Peer mengirim peringatan TLS yang fatal: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Serangan versi penurunan protokol terdeteksi"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
-msgstr[0] "Pesan terlalu besar untuk koneksi DTLS; maksimum adalah %u byte"
-msgstr[1] "Pesan terlalu besar untuk koneksi DTLS; maksimum adalah %u byte"
+msgstr[0] "Pesan terlalu besar untuk sambungan DTLS; maksimum adalah %u byte"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Waktu operasi habis"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Peer tidak mendukung renegosiasi yang aman"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Galat melakukan jabat tangan TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Galat melakukan jabat tangan TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Galat saat membaca data dari soket TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr ""
+"Data pengikatan kanal kosong menunjukkan kutu dalam implementasi pustaka TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Menerima tanda tidak didukung"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Jenis pengikatan saluran tidak diterapkan di pustaka TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "Data pengikatan saluran belum tersedia"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Sertifikat X.509 tidak tersedia pada sambungan"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Sertifikat X.509 tidak tersedia atau format yang tidak diketahui: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Tak bisa memperoleh algoritma tanda tangan sertifikat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Sertifikat X.509 saat ini menggunakan algoritma tanda tangan yang tidak "
+"diketahui atau tidak didukung"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Tipe pengikatan saluran yang diminta tidak diimplementasikan"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Galat saat membaca data dari soket TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
msgid "Error writing data to TLS socket"
msgstr "Galat saat menulis data ke soket TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
-msgstr[0] "Pesan ukuran %lu byte terlalu besar untuk koneksi DTLS"
-msgstr[1] "Pesan ukuran %lu byte terlalu besar untuk koneksi DTLS"
+msgstr[0] "Pesan ukuran %lu byte terlalu besar untuk sambungan DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(maksimum adalah %u byte)"
-msgstr[1] "(maksimum adalah %u byte)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
#, c-format
-msgid "Send flags are not supported"
-msgstr "Mengirim tanda tidak didukung"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Galat melaksanakan penutupan TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Galat melaksanakan penutupan TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Gagal memuat penyimpanan terpercaya sistem: GnuTLS tidak dikonfigurasi "
"dengan kepercayaan sistem"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Gagal memuat penyimpanan terpercaya sistem: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Gagal untuk mengisi daftar terpercaya dari %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Sertifikatnya tidak memiliki kunci privat"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Tak bisa menyetel daftar sandi TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Tak bisa mengatur protokol MAKS untuk %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Tak bisa membuat konteks TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Otoritas sertifikat TLS tak dapat diterima"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Digest terlalu besar untuk kunci RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
-#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Galat melakukan jabat tangan TLS: %s"
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Renegosiasi aman dinonaktifkan"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server tak mengembalikan sertifikat TLS yang valid"
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: Sambungan rusak"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:660
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Galat saat membaca data dari soket TLS: %s"
+msgid "The request is invalid."
+msgstr "Permintaan itu tidak valid."
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:683
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Galat saat menulis data ke soket TLS: %s"
+msgid "Channel binding data tls-unique is not available"
+msgstr "Data pengikatan saluran tls-unique tidak tersedia"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:706
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Galat melaksanakan penutupan TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Sertifikat X.509 tidak tersedia pada sambungan"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:752
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Ada masalah dengan sertifikat: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Gagal menghasilkan intisari (digest) sertifikat X.509"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsconnection-openssl.c:783
#, c-format
-msgid "There is a problem with the certificate private key: %s"
-msgstr "Ada masalah dengan kunci privat sertifikat: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "Sambungan TLS tidak mendukung fitur TLS-Exporter"
-#~ msgid ""
-#~ "This is the last chance to enter the PIN correctly before the token is "
-#~ "locked."
-#~ msgstr ""
-#~ "Ini kesempatan terakhir memasukkan PIN yang benar sebelum token dikunci."
+#: tls/openssl/gtlsconnection-openssl.c:786
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Galat tak terduga saat mengekspor data kunci"
-#~ msgid ""
-#~ "Several PIN attempts have been incorrect, and the token will be locked "
-#~ "after further failures."
-#~ msgstr ""
-#~ "Sudah beberapa kali PIN yang dimasukkan salah, token akan dikunci jika "
-#~ "terulang."
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Galat melaksanakan penutupan TLS"
-#~ msgid "The PIN entered is incorrect."
-#~ msgstr "PIN yang dimasukkan salah."
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Tak bisa mendapatkan jangkar tepercaya dari Rantai Kunci"
-#~ msgid "Module"
-#~ msgstr "Modul"
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Tak bisa mendapat penyimpanan sertifikat root"
-#~ msgid "PKCS#11 Module Pointer"
-#~ msgstr "Pointer Modul PKCS#11"
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Tak bisa mendapat penyimpanan sertifikat CA"
-#~ msgid "Slot ID"
-#~ msgstr "ID Slot"
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Tak bisa membuat penyimpanan CA"
-#~ msgid "PKCS#11 Slot Identifier"
-#~ msgstr "Identifair Slot PKCS#11"
+#: tls/openssl/gtlsserverconnection-openssl.c:184
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Ada masalah dengan sertifikat: %s"
-#~ msgid "Connection is already closed"
-#~ msgstr "Koneksi telah ditutup"
+#: tls/openssl/gtlsserverconnection-openssl.c:193
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Ada masalah dengan kunci privat sertifikat: %s"
# glib-networking Italian translation
-# Copyright (C) 2011, 2012, 2013, 2016, 2017, 2018, 2019 Free Software Foundation, Inc
+# Copyright (C) 2011, 2012, 2013, 2016, 2017, 2018, 2019, 2020, 2021 Free Software Foundation, Inc
# This file is distributed under the same license as the glib-networking package.
# Luca Ferretti <lferrett@gnome.org>, 2011, 2012.
-# Milo Casagrande <milo@ubuntu.com>, 2013, 2017, 2018, 2019.
+# Milo Casagrande <milo@ubuntu.com>, 2013, 2017, 2018, 2019, 2020, 2021.
# Gianvito Cavasoli <gianvito@gmx.it>, 2016.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-04 09:43+0100\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-08-18 13:23+0200\n"
"Last-Translator: Milo Casagrande <milo@milo.name>\n"
"Language-Team: Italiano <gnome-it-list@gnome.org>\n"
"Language: it\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Poedit 2.4.2\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Errore interno del resolver proxy."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "La connessione è chiusa"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "L'operazione potrebbe bloccarsi"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Impossibile eseguire un'operazione bloccante durante l'handshake TLS"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "I/O sul socket scaduto"
+
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Il server richiede un certificato TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"L'handshake non è finito, nessuna informazione di binding del canale "
+"disponibile"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Il nodo non supporto la rinegoziazione sicura"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificato TLS inammissibile"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "I flag di ricezione non sono supportati"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "I flag di invio non sono supportati"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Impossibile analizzare il certificato DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Impossibile analizzare il certificato PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Impossibile analizzare la chiave privata DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Impossibile analizzare la chiave privata PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Impossibile importare l'URI del certificato PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Nessun dato di certificato fornito"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Impossibile creare la connessione TLS: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Impossibile eseguire un'operazione bloccante durante l'handshake TLS"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Impossibile verificare l'identità peer di tipo imprevisto %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "I/O sul socket scaduto"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "Impossibile creare la connessione TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Il nodo non è stato in grado di eseguire l'handshake TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossibile creare la connessione TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Il nodo ha richesto un re-handshake non lecito"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Il nodo non è stato in grado di eseguire l'handshake TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "La connessione TLS si è chiusa in modo inatteso"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Il nodo di connessione TLS non ha inviato un certificato"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificato TLS inammissibile"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Il nodo ha inviato un avviso TLS fatale: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Rilevato attacco di declassamento del protocollo di versione"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] ""
"Il messaggio è troppo grande per una connessione DTLS (massimo %u byte)"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Tempo esaurito per l'operazione"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Il nodo non supporto la rinegoziazione sicura"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Errore nell'eseguire l'handshake TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Errore nell'eseguire l'handshake TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Errore nel leggere dati dal socket TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr ""
+"Il tipo di associazione del canale non è implementato nella libreria TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "I flag di ricezione non sono supportati"
+msgid "Channel binding data is not yet available"
+msgstr "I dati di associazione del canale non sono ancora disponibili"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Il certificato X.509 non è disponibile sulla connessione"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Il certificato X.509 non è disponibile o è di formato sconosciuto: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Impossibile ottenere l'algoritmo di firma del certificato"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Il certificato X.509 attuale utilizza un algoritmo di firma sconosciuto o "
+"non supportato"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Il tipo di associazione del canale richiesto non è implementato"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Errore nel leggere dati dal socket TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Errore nello scrivere dati sul socket TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Un messaggio di %lu byte è troppo grande per la connessione DTLS"
msgstr[1] "Un messaggio di %lu byte è troppo grande per la connessione DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(massimo %u byte)"
msgstr[1] "(massimo %u byte)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "I flag di invio non sono supportati"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Errore nell'eseguire la chiusura TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Errore nell'eseguire la chiusura TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Caricamento dell'archivio di attendibilità di sistema non riuscito: GnuTLS "
"non è stato configurato con un archivio di attendibilità di sistema"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Caricamento dell'archivio di attendibilità di sistema non riuscito: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Caricamento dell'elenco di attendibilità da %s non riuscito: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Il certificato non presenta chiave privata"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Impossibile impostare l'elenco dei cifrari TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Impossibile impostare il protocollo MAX su %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Impossibile creare il contesto TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autorità certificato TLS inammissibile"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Digest troppo grande per una chiave RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Rinegoziazione sicura disabilitata"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Errore nell'eseguire l'handshake TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: la connessione è rotta"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Il server non ha restituito un certificato TLS valido"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "I dati di associazione del canale tls-unique non sono disponibili"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Errore nel leggere dati dal socket TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Il certificato X.509 non è disponibile sulla connessione"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Errore nello scrivere dati sul socket TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Impossibile generare il digest del certificato X.509"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Errore nell'eseguire la chiusura TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "La connessione TLS non supporta la funzionalità TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:781
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "C'è un problema con il certificato: %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Errore imprevisto nell'esportare i dati di keying"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Errore nell'eseguire la chiusura TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Impossibile ottenere riferimenti attendibili dal portachiavi"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Impossibile creare l'archivio CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "C'è un problema con la chiave privata del certificato: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "C'è un problema con il certificato: %s"
# Japanese translation of glib-networking message catalog.
-# Copyright (C) 2011-2012 Free Software Foundation, Inc.
+# Copyright (C) 2011-2012, 2015, 2020 Free Software Foundation, Inc.
# This file is distributed under the same license as glib-networking package.
# Takayuki KUSANO <AE5T-KSN@asahi-net.or.jp>, 2011-2012.
# Hideki Yamane <henrich@debian.org>, 2011-2012.
# Yoji TOYODA <bsyamato@sea.plala.or.jp>, 2012.
# Jiro Matsuzawa <jmatsuzawa@gnome.org>, 2015.
+# sicklylife <translation@sicklylife.jp>, 2020.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2015-09-14 06:04+0000\n"
-"PO-Revision-Date: 2015-09-15 01:29+0900\n"
-"Last-Translator: Jiro Matsuzawa <jmatsuzawa@gnome.org>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2020-08-06 21:52+0000\n"
+"PO-Revision-Date: 2020-08-20 19:00+0900\n"
+"Last-Translator: sicklylife <translation@sicklylife.jp>\n"
"Language-Team: Japanese <gnome-translation@gnome.gr.jp>\n"
"Language: ja\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:159
msgid "Proxy resolver internal error."
-msgstr "プロキシリゾルバーでの内部エラー。"
+msgstr "ã\83\97ã\83ã\82ã\82·ã\83ªã\82¾ã\83«ã\83\90ã\83¼ã\81§ã\81®å\86\85é\83¨ã\82¨ã\83©ã\83¼ã\81§ã\81\99ã\80\82"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:176
+#: tls/base/gtlsconnection-base.c:544 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "コネクションが切断されています"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:618
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:683 tls/base/gtlsconnection-base.c:1225
+msgid "Socket I/O timed out"
+msgstr "ソケット I/O がタイムアウトしました"
+
+#: tls/base/gtlsconnection-base.c:851
+msgid "Server required TLS certificate"
+msgstr "サーバーが TLS 証明書を要求しました"
+
+#: tls/base/gtlsconnection-base.c:1449
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:1593 tls/gnutls/gtlsconnection-gnutls.c:347
+#: tls/openssl/gtlsconnection-openssl.c:189
+#: tls/openssl/gtlsconnection-openssl.c:484
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "受け付けられない TLS 証明書です"
+
+#: tls/base/gtlsconnection-base.c:2058
+#, c-format
+msgid "Receive flags are not supported"
+msgstr ""
+
+#: tls/base/gtlsconnection-base.c:2210
+#, c-format
+msgid "Send flags are not supported"
+msgstr ""
+
+#: tls/gnutls/gtlscertificate-gnutls.c:178
+#: tls/openssl/gtlscertificate-openssl.c:170
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER 形式の証明書を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:199
+#: tls/openssl/gtlscertificate-openssl.c:190
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM 形式の証明書を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:230
+#: tls/openssl/gtlscertificate-openssl.c:209
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER 形式の秘密鍵を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:228
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM 形式の秘密鍵を解析できませんでした: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:297
+#: tls/openssl/gtlscertificate-openssl.c:263
msgid "No certificate data provided"
msgstr "証明書のデータが与えられていません"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:340
-msgid "Server required TLS certificate"
-msgstr "サーバーが TLS 証明書を要求しました"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:311
+#: tls/gnutls/gtlsconnection-gnutls.c:139
+#: tls/gnutls/gtlsconnection-gnutls.c:157
+#: tls/openssl/gtlsclientconnection-openssl.c:430
+#: tls/openssl/gtlsserverconnection-openssl.c:482
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "TLS コネクションを確立できませんでした: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:578
-msgid "Connection is closed"
-msgstr "コネクションが切断されています"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:641
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1505
-msgid "Operation would block"
-msgstr "操作がブロックされます"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:780
-#: ../tls/gnutls/gtlsconnection-gnutls.c:819
-msgid "Peer failed to perform TLS handshake"
-msgstr "通信相手が TLS ハンドシェイクの実行に失敗しました"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:798
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "通信相手が不当な TLS の再ハンドシェイクを要求しました"
+#: tls/gnutls/gtlsconnection-gnutls.c:291
+#: tls/gnutls/gtlsconnection-gnutls.c:302
+#: tls/gnutls/gtlsconnection-gnutls.c:316
+#: tls/openssl/gtlsconnection-openssl.c:156
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "通信相手が TLS ハンドシェイクの実行に失敗しました: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:825
+#: tls/gnutls/gtlsconnection-gnutls.c:324
msgid "TLS connection closed unexpectedly"
msgstr "TLS コネクションが突然閉じられました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:835
+#: tls/gnutls/gtlsconnection-gnutls.c:339
+#: tls/openssl/gtlsconnection-openssl.c:181
msgid "TLS connection peer did not send a certificate"
-msgstr "TLS の通信相手が証明書を送信しませんでした。"
+msgstr "TLS の通信相手が証明書を送信しませんでした"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:355
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsconnection-gnutls.c:365
+msgid "Protocol version downgrade attack detected"
+msgstr "プロトコルバージョンのダウングレード攻撃を検出しました"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:374
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1218
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1251
+#: tls/gnutls/gtlsconnection-gnutls.c:383
+msgid "The operation timed out"
+msgstr "操作がタイムアウトしました"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:715
#, c-format
msgid "Error performing TLS handshake: %s"
-msgstr "TLS ã\83\8fã\83³ã\83\89ã\82·ã\82§ã\82¤ã\82¯å®\9fè¡\8cä¸ã\81®ã\82¨ã\83©ã\83¼: %s"
+msgstr "TLS ã\83\8fã\83³ã\83\89ã\82·ã\82§ã\82¤ã\82¯å®\9fè¡\8cä¸ã\81«ã\82¨ã\83©ã\83¼ã\81\8cç\99ºç\94\9fã\81\97ã\81¾ã\81\97ã\81\9f: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1261
-msgid "Server did not return a valid TLS certificate"
-msgstr "サーバーが有効な TLS 証明書を返しませんでした。"
+#: tls/gnutls/gtlsconnection-gnutls.c:818
+#: tls/openssl/gtlsconnection-openssl.c:427
+#: tls/openssl/gtlsconnection-openssl.c:477
+msgid "Error performing TLS handshake"
+msgstr "TLS ハンドシェイク実行中にエラーが発生しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1331
-msgid "Unacceptable TLS certificate"
-msgstr "受け付けられない TLS 証明書です"
+#: tls/gnutls/gtlsconnection-gnutls.c:867
+#: tls/gnutls/gtlsconnection-gnutls.c:927
+#: tls/openssl/gtlsconnection-openssl.c:588
+msgid "Error reading data from TLS socket"
+msgstr "TLS ソケットからのデータ読み込み中にエラーが発生しました"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1539
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:949
+#: tls/gnutls/gtlsconnection-gnutls.c:1012
+#: tls/openssl/gtlsconnection-openssl.c:632
+msgid "Error writing data to TLS socket"
+msgstr "TLS ソケットへのデータ書き込み中にエラーが発生しました"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:982
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS ソケットからのデータ読み込み中のエラー: %s"
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] ""
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1568
+#: tls/gnutls/gtlsconnection-gnutls.c:984
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS ソケットへのデータ書き出し中のエラー: %s"
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(%u バイトが最大値)"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1620
+#: tls/gnutls/gtlsconnection-gnutls.c:1031
#, c-format
msgid "Error performing TLS close: %s"
-msgstr "TLS クローズ実行中のエラー: %s"
+msgstr "TLS クローズ実行中にエラーが発生しました: %s"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:567
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:572 tls/openssl/gtlsdatabase-openssl.c:187
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:106
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr ""
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:122
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "証明書に秘密鍵がありません"
-#: ../tls/pkcs11/gpkcs11pin.c:111
-msgid "This is the last chance to enter the PIN correctly before the token is locked."
-msgstr "これがトークンがロックされる前に正しく PIN コードを入力する最後のチャンスです。"
+#: tls/openssl/gtlsclientconnection-openssl.c:311
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:347
+#: tls/openssl/gtlsserverconnection-openssl.c:415
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS コンテキストを作成できませんでした: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:326
+#: tls/openssl/gtlsserverconnection-openssl.c:362
+#, c-format
+msgid "Could not set MAX protocol to %ld: %s"
+msgstr "MAX プロトコルを %ld に設定できませんでした: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:197
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "受け付けられない TLS 認証局です"
+
+#: tls/openssl/gtlsconnection-openssl.c:205
+msgid "Digest too big for RSA key"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:213
+msgid "Secure renegotiation is disabled"
+msgstr ""
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: コネクションが切断されています"
+
+#: tls/openssl/gtlsconnection-openssl.c:669
+msgid "Error performing TLS close"
+msgstr "TLS クローズ実行中にエラーが発生しました"
+
+#: tls/openssl/gtlsdatabase-openssl.c:227
+msgid "Could not create CA store"
+msgstr "CA ストアを作成できませんでした"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "証明書の秘密鍵に問題があります: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "証明書に問題があります: %s"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "ファイルパスの読み込みに失敗しました: %s"
+
+#~ msgid "Could not import PKCS #11 certificate URI: %s"
+#~ msgstr "PKCS #11 証明書の URI をインポートできませんでした: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "操作がブロックされます"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "通信相手が不当な TLS の再ハンドシェイクを要求しました"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "サーバーが有効な TLS 証明書を返しませんでした。"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "これがトークンがロックされる前に正しく PIN コードを入力する最後のチャンス"
+#~ "です。"
-#: ../tls/pkcs11/gpkcs11pin.c:113
-msgid "Several PIN attempts have been incorrect, and the token will be locked after further failures."
-msgstr "正しくない PIN コードの入力が複数回行われたので、さらに失敗するとトークンはロックされます。"
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "正しくない PIN コードの入力が複数回行われたので、さらに失敗するとトークン"
+#~ "はロックされます。"
-#: ../tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "入力された PIN コードが正しくありません。"
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "入力された PIN コードが正しくありません。"
-#: ../tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "モジュール"
+#~ msgid "Module"
+#~ msgstr "モジュール"
-#: ../tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 モジュールポインター"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "PKCS#11 モジュールポインター"
-#: ../tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "スロット ID"
+#~ msgid "Slot ID"
+#~ msgstr "スロット ID"
-#: ../tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 スロット ID"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "PKCS#11 スロット ID"
# Kazakh translation for glib-networking.
# Copyright (C) 2014 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
-# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2014.
+# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2014-2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
-"issues\n"
-"POT-Creation-Date: 2019-02-03 13:01+0000\n"
-"PO-Revision-Date: 2019-02-17 12:37+0500\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-08-30 13:02+0500\n"
"Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
"Language-Team: Kazakh <kk_KZ@googlegroups.com>\n"
"Language: kk\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 2.2.1\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.0\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Прокси шешушісінің ішкі қатесі."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Байланыс жабылды"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Әрекет блоктайды"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS сәлемдемесін орындау кезінде бұғаттау әрекетін орындау мүмкін емес"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Сокет Е/Ш күту мерзімі аяқталған"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Сервер TLS сертификатын талап етеді"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Қол алмасу аяқталмаған, арналық байланыс ақпараты әлі жоқ"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Торап қауіпсіз түрде байланысты қайта келістіруді қолдамайды"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Жарамсыз TLS сертификаты"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Қабылдау жалаушаларына қолдау жоқ"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Жіберу жалаушаларына қолдау жоқ"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER сертификатын талдау қатесі: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM сертификатын талдау қатесі: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER жеке кілтін талдау қатесі: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM жеке кілтін талдау қатесі: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PKCS #11 сертификат URI импорттау мүмкін емес: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Сертификат ұсынылмады"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:537
-#: tls/openssl/gtlsserverconnection-openssl.c:401
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Ð\96аңа TLS байланÑ\8bÑ\81Ñ\8bн жаÑ\81аÑ\83 мүмкÑ\96н емеÑ\81: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "ТоÑ\80ап Ñ\88Ñ\8bнайÑ\8bлÑ\8bÒ\93Ñ\8bн Ñ\80аÑ\81Ñ\82аÑ\83 мүмкÑ\96н емеÑ\81, онÑ\8bÒ£ Ñ\82Ò¯Ñ\80Ñ\96 күÑ\82Ñ\96лмеген %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:858
-#: tls/gnutls/gtlsconnection-gnutls.c:1468
-msgid "Socket I/O timed out"
-msgstr ""
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "TLS байланысын жасау мүмкін емес:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
-#: tls/gnutls/gtlsconnection-gnutls.c:1036
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/openssl/gtlsconnection-openssl.c:234
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1042
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "TLS байланысты күтпегенде жабылды"
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:171
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS байланысының торабы сертификатты жібермеген"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
-#: tls/gnutls/gtlsconnection-gnutls.c:2160
-#: tls/openssl/gtlsconnection-openssl.c:416
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Жарамсыз TLS сертификаты"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Торап қатаң TLS ескертуін жіберді: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1076
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
-msgstr ""
+msgstr "Хаттама нұсқасын төмендету шабуылы анықталды"
-#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Хабарлама DTLS байланысы үшін тым үлкен; максимум %u байт"
-#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
-msgstr ""
+msgstr "Операцияның мерзімі аяқталған"
-#: tls/gnutls/gtlsconnection-gnutls.c:1981
-msgid "Peer does not support safe renegotiation"
-msgstr ""
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2008
-#: tls/gnutls/gtlsconnection-gnutls.c:2058
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі"
-#: tls/gnutls/gtlsconnection-gnutls.c:2510
-#: tls/gnutls/gtlsconnection-gnutls.c:2602
-msgid "Error reading data from TLS socket"
-msgstr "TLS сокетінен деректерді оқу қатесі"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Арналық байланыс түрі TLS библиотекасында іске асырылмаған"
-#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
+msgid "Channel binding data is not yet available"
+msgstr "Арналақ байланыс деректері әлі қолжетімсіз"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 сертификаты байланыста қолжетімсіз"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 сертификаты жоқ немесе пішімі белгісіз: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Сертификат қолтаңбасы алгоритмін алу мүмкін емес"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
msgstr ""
+"Ағымдағы X.509 сертификаты белгісіз немесе қолдау көрсетілмейтін қолтаңба "
+"алгоритмін пайдаланады"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Сұралған арналық байланыс түрі іске асырылмаған"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "TLS сокетінен деректерді оқу қатесі"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2709
-#: tls/gnutls/gtlsconnection-gnutls.c:2781
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "TLS сокетіне деректерді жазу қатесі"
-#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Өлшемі %lu байт болатын хабарлама DTLS байланысы үшін тым үлкен"
-#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(максимум %u байт)"
-msgstr[1] "(maximum is %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr ""
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2915
-msgid "Error performing TLS close"
-msgstr "TLS жабу әрекетін орындау қатесі"
+msgid "Error performing TLS close: %s"
+msgstr "TLS жабу әрекетін орындау қатесі: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr ""
+"Жүйелік сенімді сақтау қоймасын жүктеу сәтсіз аяқталды: GnuTLS жүйелік "
+"сенімме бапталмаған"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
-msgstr ""
+msgstr "Жүйелік сенімді сақтау қоймасын жүктеу сәтсіз аяқталды: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "%s адресінен сенімділер тізімін толтыру сәтсіз аяқталды: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:328
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Сертификатта жеке кілт жоқ"
-#: tls/openssl/gtlsclientconnection-openssl.c:486
-#: tls/openssl/gtlsserverconnection-openssl.c:292
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "TLS шифрлер тізімін жасау мүмкін емес: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "MAX хаттамасын %d мәніне орнату мүмкін емес: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "TLS контекстін жасау мүмкін емес: %s"
-#: tls/openssl/gtlsconnection-openssl.c:179
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Жарамсыз TLS сертификаттау орталығы"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
-msgstr ""
+msgstr "Дайджест RSA кілті үшін тым үлкен"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Қауіпсіз қайта келістіру сөндірілген"
-#: tls/openssl/gtlsconnection-openssl.c:243
-#: tls/openssl/gtlsconnection-openssl.c:376
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Байланыс бұзылған"
-#: tls/openssl/gtlsconnection-openssl.c:386
-msgid "Server did not return a valid TLS certificate"
-msgstr "Сервер жарамды TLS сертификатын қайтармады"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Арналақ байланыс tls-unique деректері қолжетімсіз"
-#: tls/openssl/gtlsconnection-openssl.c:500
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS сокетінен деректерді оқу қатесі: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 сертификаты байланыста қолжетімсіз"
-#: tls/openssl/gtlsconnection-openssl.c:526
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS сокетіне деректерді жазу қатесі: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "X.509 сертификаты дайджестін жасау мүмкін емес"
-#: tls/openssl/gtlsconnection-openssl.c:552
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "TLS жабÑ\83 Ó\99Ñ\80екеÑ\82Ñ\96н оÑ\80Ñ\8bндаÑ\83 Ò\9bаÑ\82еÑ\81Ñ\96: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS байланÑ\8bÑ\81Ñ\8b TLS-Exporter мүмкÑ\96ндÑ\96гÑ\96н Ò\9bолдамайдÑ\8b"
-#: tls/openssl/gtlsserverconnection-openssl.c:335
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Кілт деректерін экспорттау кезінде күтілмеген қате"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "TLS жабу әрекетін орындау қатесі"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Кілттер тізбегінен сенімді тораптарды алу мүмкін емес"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "СО қоймасын жасау мүмкін емес"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
-msgstr ""
+msgstr "Сертификаттың жеке кілтіне қатысты мәселе бар: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:344
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
#, c-format
msgid "There is a problem with the certificate: %s"
-msgstr ""
+msgstr "Сертификатта мәселе бар: %s"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Файл жолын жүктеу сәтсіз аяқталды: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Әрекет блоктайды"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Сервер жарамды TLS сертификатын қайтармады"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "TLS сокетінен деректерді оқу қатесі: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "TLS сокетіне деректерді жазу қатесі: %s"
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
# Korean translation for glib-networking.
# This file is distributed under the same license as the glib-networking package.
#
-# Changwoo Ryu <cwryu@debian.org>, 2011-2013, 2017-2019.
+# Changwoo Ryu <cwryu@debian.org>, 2011-2013, 2017-2021.
#
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-08 14:47+0900\n"
+"POT-Creation-Date: 2021-09-03 14:13+0000\n"
+"PO-Revision-Date: 2021-09-04 20:07+0900\n"
"Last-Translator: Changwoo Ryu <cwryu@debian.org>\n"
"Language-Team: Korean <gnome-kr@googlegroups.com>\n"
"Language: ko\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "프록시 리졸버 내부 오류."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "연결이 닫혔습니다"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "작업이 중지됩니다"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS 핸드셰이킹 중에 블로킹 동작을 수행할 수 없습니다."
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "소켓 입출력 제한 시간이 넘었습니다"
+
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "서버에 TLS 인증서가 필요합니다"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "핸드셰이크를 마치지 못해, 채널 바인딩 정보가 아직 없습니다"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "상대가 안전한 재협상을 지원하지 않습니다"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:485
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "TLS 핸드셰이킹을 받아들일 수 없습니다"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "받기 플래그를 지원하지 않습니다"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "보내기 플래그를 지원하지 않습니다"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:361
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER 인증서를 파싱할 수 없습니다: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:381
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM 인증서를 파싱할 수 없습니다: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:400
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER 개인 키를 파싱할 수 없습니다: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:419
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM 개인 키를 파싱할 수 없습니다: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PKCS #11 인증서 URI를 가져올 수 없습니다: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:454
msgid "No certificate data provided"
msgstr "인증서 데이터를 제공하지 않았습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1052
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "TLS 연결을 만들 수 없습니다: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "예상치 못한 %s 타입의 상대 신원을 확인할 수 없습니다"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "TLS 핸드셰이킹 중에 블로킹 동작을 수행할 수 없습니다."
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "TLS 연결을 만들 수 없습니다:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "소켓 입출력 제한 시간이 넘었습니다"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "상대편이 TLS 핸드셰이킹에 실패했습니다"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:516
+#: tls/openssl/gtlsserverconnection-openssl.c:440
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS 연결을 만들 수 없습니다: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "상대편이 잘못된 TLS 핸드셰이킹을 요청했습니다"
+#: tls/gnutls/gtlsconnection-gnutls.c:429
+#: tls/gnutls/gtlsconnection-gnutls.c:440
+#: tls/gnutls/gtlsconnection-gnutls.c:454
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "상대편이 TLS 핸드셰이킹에 실패했습니다: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:462
msgid "TLS connection closed unexpectedly"
msgstr "TLS 연결이 예상치 못하게 닫혔습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:477
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS 연결 상대가 인증서를 보내지 않았습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "TLS 핸드셰이킹을 받아들일 수 없습니다"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:493
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "상대가 치명적인 TLS 알림을 보냈습니다: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:503
msgid "Protocol version downgrade attack detected"
msgstr "프로토콜 버전 다운그레이드 공격 감지됨"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:512
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] ""
"DTLS 연결에 사용하기에는 메시지 크기가 너무 큽니다: 최대는 %u바이트입니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:521
msgid "The operation timed out"
msgstr "작업이 제한 시간을 넘었습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "상대가 안전한 재협상을 지원하지 않습니다"
+#: tls/gnutls/gtlsconnection-gnutls.c:873
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS 핸드셰이킹에 오류가 발생했습니다: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:976
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "TLS 핸드셰이킹에 오류가 발생했습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다"
+#: tls/gnutls/gtlsconnection-gnutls.c:1171
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "이 TLS 라이브러리에서는 채널 바인딩 타입을 구현하지 않았습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1175
#, c-format
-msgid "Receive flags are not supported"
-msgstr "받기 플래그를 지원하지 않습니다"
+msgid "Channel binding data is not yet available"
+msgstr "채널 바인딩 데이터를 아직 사용할 수 없습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1213
+#: tls/gnutls/gtlsconnection-gnutls.c:1225
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "연결에 X.509 인증서를 사용할 수 없습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1238
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 인증서를 사용할 수 없거나 알 수 없는 형식입니다: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "인증서 서명 알고리즘을 구할 수 없습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1265
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"현재 X.509 인증서가 알지 못하거나 지원하지 않는 서명 알고리즘을 사용합니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1359
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "요청한 채널 바인딩 타입을 구현하지 않았습니다"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1380
+#: tls/gnutls/gtlsconnection-gnutls.c:1440
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1462
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1495
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "크기가 %lu바이트인 메시지는 DTLS 연결에 사용하기에는 너무 큽니다"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1497
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(최대는 %u바이트입니다)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1544
#, c-format
-msgid "Send flags are not supported"
-msgstr "보내기 플래그를 지원하지 않습니다"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "TLS 닫기에 오류가 발생했습니다"
+msgid "Error performing TLS close: %s"
+msgstr "TLS 닫기에 오류가 발생했습니다: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"시스템 신뢰 정보를 읽어들이는데 실패했습니다: GnuTLS 설정에 시스템 신뢰 정보"
"가 없습니다"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "시스템 신뢰 정보를 읽어들이는데 실패했습니다: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "%s에서 신뢰 목록을 덧붙이는데 실패했습니다: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:171
msgid "Certificate has no private key"
msgstr "인증서에 개인 키가 없습니다"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:377
+#: tls/openssl/gtlsserverconnection-openssl.c:288
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "TLS 암호 알고리즘 목록을 설정할 수 없습니다: %s"
+
+# 참고: OpenSSL SSL_CTX_set_max_proto_version()
+#: tls/openssl/gtlsclientconnection-openssl.c:403
+#: tls/openssl/gtlsserverconnection-openssl.c:314
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "최대 프로토콜 버전을 %d(으)로 설정할 수 없습니다: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:464
+#: tls/openssl/gtlsserverconnection-openssl.c:375
#, c-format
msgid "Could not create TLS context: %s"
msgstr "TLS 컨텍스트를 만들 수 없습니다: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "TLS 인증 기관을 받아들일 수 없습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "다이제스트 값이 RSA 키에서 너무 큽니다"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "보안 재협상 기능을 사용하지 않습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "TLS 핸드셰이킹에 오류가 발생했습니다: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: 연결이 끊겼습니다"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "서버에서 올바른 TLS 인증서를 반환하지 않았습니다"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "tls-unique 채널 바인딩 데이터를 사용할 수 없습니다"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS 소켓에서 데이터를 읽는데 오류가 발생했습니다: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "연결의 X.509 인증서를 사용할 수 없습니다"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS 소켓에 데이터를 쓰는데 오류가 발생했습니다: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "X.509 인증서 다이제스트를 만드는데 실패했습니다"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "TLS 닫기에 오류가 발생했습니다: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS 연결이 TLS-Exporter 기능을 지원하지 않습니다"
+
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "키모음 데이터를 내보내는데 예상치 못한 오류"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "TLS 닫기에 오류가 발생했습니다"
+
+# "an authoritative entity for which trust is assumed and not derived"
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "키체인에서 신뢰 앵커를 가져올 수 없습니다"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "인증서 저장소를 만들 수 없습니다: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsserverconnection-openssl.c:182
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "인증서에 문제가 있습니다: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:190
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "인증서 비밀 키에 문제가 있습니다: %s"
# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
# Algimantas Margevičius <margevicius.algimantas@gmail.com>, 2011.
-# Aurimas Černius <aurisc4@gmail.com>, 2011-2019.
+# Aurimas Černius <aurisc4@gmail.com>, 2011-2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-03 18:57+0200\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-21 21:45+0200\n"
"Last-Translator: Aurimas Černius <aurisc4@gmail.com>\n"
"Language-Team: Lietuvių <gnome-lt@lists.akl.lt>\n"
"Language: lt\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n"
"%100<10 || n%100>=20) ? 1 : 2)\n"
-"X-Generator: Gtranslator 3.30.1\n"
+"X-Generator: Gtranslator 40.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Tarpininkų nustatytojo vidinė klaida."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Ryšys užvertas"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Veiksmas blokuosis"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS išankstinio suderinimo metu negalima vykdyti bloko operacijos"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Baigėsi lizdo I/O skirtas laikas"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Serveris reikalauja TLS liudijimo"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Rankos paspaudimas neužbaigtas, dar nėra kanalo susiejimo informacijos"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Porininkas nepalaiko saugaus pakartotinio ryšio užmezgimo"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nepriimtinas TLS liudijimas"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Požymių gavimas nėra palaikomas"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Požymių siuntimas nėra palaikomas"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nepavyko perskaityti DER liudijimo: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nepavyko perskaityti PEM liudijimo: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nepavyko perskaityti DER privataus rakto: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nepavyko perskaityti PEM privataus rakto: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nepavyko importuoti PKCS #11 liudijimo URI: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Nėra pateiktų liudijimo duomenų"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Nepavyko užmegsti TLS ryšio: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Negalima patikrinti netikėto tipo %s porininko identiteto"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-#| msgid "Error performing TLS handshake"
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "TLS išankstinio suderinimo metu negalima vykdyti bloko operacijos"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Nepavyko užmegzti TLS ryšio:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Baigėsi lizdo I/O skirtas laikas"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Kita pusė neatliko TLS išankstinio suderinimo"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nepavyko užmegsti TLS ryšio: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Kita pusė paprašė neteisingo pakartotinio TLS išankstinio suderinimo"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Kita pusė neatliko TLS rankos paspaudimo: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "TLS ryšys netikėtai užsivėrė"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS ryšio porininkas neatsiuntė liudijimo"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Nepriimtinas TLS liudijimas"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Porininkas atsiuntė kritinį TLS perspėjimą: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Aptikta protokolo versijos pažeminimo ataka"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitai"
msgstr[2] "Žinutė yra per didelė DTLS ryšiui; didžiausia yra %u baitų"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Baigėsi operacijai skirtas laikas"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Porininkas nepalaiko saugaus pakartotinio ryšio užmezgimo"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Klaida užmezgant TLS ryšį: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Klaida atliekant TLS išankstinį suderinimą"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Klaida skaitant duomenis iš TLS lizdo"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanalo susiejimo tipas nerealizuotas TLS bibliotekoje"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Požymių gavimas nėra palaikomas"
+msgid "Channel binding data is not yet available"
+msgstr "Kanalo susiejimo duomenų dar nėra"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Nėra X.509 liudijimo ryšiui"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 liudijimo nėra arba jis yra nežinomo formato: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nepavyko gauti liudijimo parašo algoritmo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Dabartinis X.509 liudijimas naudoja nežinomą ar a nepalaikomą parašo "
+"algoritmą"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Prašomas kanalo susiejimo tipas nerealizuotas"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Klaida skaitant duomenis iš TLS lizdo"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Klaida rašant duomenis į TLS lizdą"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] "Žinutė, kurios dydis %lu baitai, yra per didelė DTLS ryšiui"
msgstr[2] "Žinutė, kurios dydis %lu baitų, yra per didelė DTLS ryšiui"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(didžiausia yra %u baitai)"
msgstr[2] "(didžiausia yra %u baitų)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Požymių siuntimas nėra palaikomas"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Klaida atliekant TLS užvėrimą"
+msgid "Error performing TLS close: %s"
+msgstr "Klaida atliekant TLS užvėrimą: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Nepavyko įkelti sistemos pasitikėjimo saugyklos: GnuTLS nebuvo "
"sukonfigūruota su sistemos pasitikėjimu"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Nepavyko įkelti sistemos pasitikėjimo saugyklos: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Nepavyko įkelti sistemos pasitikėjimo sąrašo iš %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Liudijimas neturi privataus rakto"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nepavyko nustatyti TLS šifrų sąrašo: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nepavyko nustatyti MAX protokolo į %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Nepavyko sukurti TLS konteksto: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Nepriimtina TLS liudijimo įstaiga"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Santrauka per didelė RSA raktui"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Saugus perderinimas yra išjungtas"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Klaida užmezgant TLS ryšį: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: ryšys yra sugadintas"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Serveris negrąžino teisingo TLS liudijimo"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Nėra kanalo susiejimo duomenų tls-unique"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Klaida skaitant duomenis iš TLS lizdo: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Ryšyje nėra X.509 liudijimo"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Klaida rašant duomenis į TLS lizdą: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Nepavyko sugeneruoti X.509 liudijimo prašymo"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Klaida atliekant TLS užvėrimą: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TSL ryšys nepalaiko TLS-Exporter savybės"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Netikėta klaida eksportuojant raktinės duomenis"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Klaida atliekant TLS užvėrimą"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nepavyko gauti patikimų šaknų iš raktinės"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get root certificate store"
+msgstr "Nepavyko gauti šakninių liudijimų saugyklos"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get CA certificate store"
+msgstr "Nepavyko gauti LĮ liudijimų saugyklos"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Nepavyko sukurti liudijimų įstaigų saugyklos"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Yra problema su liudijimu: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Yra problema su liudijimo privačiu raktu: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "Kita pusė paprašė neteisingo pakartotinio TLS išankstinio suderinimo"
+
+#~| msgid "Failed to load system trust store: %s"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Nepavyko įkelti failo kelio: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Veiksmas blokuosis"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Serveris negrąžino teisingo TLS liudijimo"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Klaida skaitant duomenis iš TLS lizdo: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Klaida rašant duomenis į TLS lizdą: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
#
-# Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>, 2012, 2013, 2017, 2018, 2019.
+# Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>, 2012, 2013, 2017, 2018, 2019, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-03 20:11+0200\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-10-26 20:38+0300\n"
"Last-Translator: Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>\n"
"Language-Team: Latvian <lata-l10n@googlegroups.com>\n"
"Language: lv\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 2.0\n"
+"X-Generator: Lokalize 21.08.1\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 :"
" 2);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Starpnieka risinātāja iekšēja kļūda."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Savienojums ir aizvērts"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Darbība bloķēs"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Nevar veikt bloķējošu darbību TLS izaicinājumrokspiediena laikā"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Ligzdai I/O iestājās noildze"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Serveris pieprasa TLS sertifikātu"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Rokasspiediens nav pabeigts, vēl nav kanālu sasaistes informācija"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Biedrs neatbalsta drošas atkārtotas pārrunas"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nepieņemams TLS sertifikāts"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Saņemšanas slēdži nav atbalstīti"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Sūtīšanas slēdži nav atbalstīti"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nevarēju noparsēt DER sertifikātu — %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nevarēju noparsēt PEM sertifikātu — %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nevarēju noparsēt DER privāto atslēgu — %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nevarēju noparsēt PEM privāto atslēgu — %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+#| msgid "Could not parse PEM certificate: %s"
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nevarēja importēt PKCS #11 sertifikāta URI — %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Nav norādīti sertifikāta dati"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Neizdevās izveidot TLS savienojumu — %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Nevar pārbaudīt biedra identitāti, kam ir nezināms tips %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-#| msgid "Error performing TLS handshake"
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Nevar veikt bloķējošu darbību TLS izaicinājumrokspiediena laikā"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Ligzdai I/O iestājās noildze"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS connection:"
+msgstr "Neizdevās izveidot TLS savienojumu:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Dalībniekam neizdevās veikt TLS izaicinājumrokspiedienu"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Neizdevās izveidot TLS savienojumu — %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Dalībnieks pieprasīja neatļautu TLS izaicinājumrokspiedienu"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Dalībniekam neizdevās veikt TLS izaicinājumrokspiedienu: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "TLS savienojums aizvērās negaidīti"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS savienojuma dalībnieks neatsūtīja sertifikātu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Nepieņemams TLS sertifikāts"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Biedrs nosūtīja fatālu TLS brīdinājumu: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Atklāts protokola versijas pazemināšanas uzbrukums"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[2] ""
"Ziņojums ir pārāk garš DTLS savienojumam; maksimālais izmērs ir %u baitu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Darbībai iestājās noildze"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Biedrs neatbalsta drošas atkārtotas pārrunas"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu — %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Kļūda, lasot datus no TLS ligzdas"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanāla sasaistes tips nav atbalstīts šajā TLS bibliotēkā"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Saņemšanas slēdži nav atbalstīti"
+msgid "Channel binding data is not yet available"
+msgstr "Kanāla sasaistes dati vēl nav pieejami"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 sertifikāts nav pieejams uz savienojuma"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"X.509 sertifikāts nav pieejams uz savienojuma vai tam ir nezināms formāts — %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+#| msgid "Unacceptable TLS certificate authority"
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nevar saņemt sertifikāta paraksta algoritmu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Pašreizējais X.509 sertifikāts izmanto nezināmu vai neatbalstītu paraksta"
+" algoritmu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Pieprasītais kanāla sasaistes tips nav implementēts"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Kļūda, lasot datus no TLS ligzdas"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Kļūda, rakstot datus TLS ligzdā"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] "Ziņojums ar izmēru %lu baiti ir pārāk garš DTLS savienojumam"
msgstr[2] "Ziņojums ar izmēru %lu baiti ir pārāk garš DTLS savienojumam"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(maksimums ir %u baiti)"
msgstr[2] "(maksimums ir %u baitu)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Sūtīšanas slēdži nav atbalstīti"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Kļūda, veicot TLS aizvēršanu"
+msgid "Error performing TLS close: %s"
+msgstr "Kļūda, veicot TLS aizvēršanu — %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Neizdevās ielādēt sistēmas uzticības krātuvi: GnuTLS nav konfigurēts ar "
"sistēmas uzticību"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Neizdevās ielādēt sistēmas uzticības krātuvi: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Neizdevās aizpildīt uzticības sarakstu no %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Sertifikātam nav privātās atslēgas"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+#| msgid "Could not create TLS context: %s"
+msgid "Could not set TLS cipher list: %s"
+msgstr "Neizdevās iestatīt TLS šifrētāja sarakstu — %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+#| msgid "Could not set MAX protocol to %ld: %s"
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nevarēja iestatīt MAX protokolu uz %d — %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
-#| msgid "Could not create TLS connection: %s"
msgid "Could not create TLS context: %s"
msgstr "Neizdevās izveidot TLS kontekstu — %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Nepieņemama TLS sertifikāta autoritāte"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Kopsavilkums ir pārāk garš RSA atslēgai"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Drošās atkārtotās pārrunas ir izslēgtas"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-#| msgid "Error performing TLS handshake"
-msgid "Error performing TLS handshake: %s"
-msgstr "Kļūda, veicot TLS izaicinājumrokspiedienu — %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Savienojums ir salauzts"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Serveris neatgrieza derīgu TLS sertifikātu"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanāla sasaistes datu tls-unique nav pieejams"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-#| msgid "Error reading data from TLS socket"
-msgid "Error reading data from TLS socket: %s"
-msgstr "Kļūda, lasot datus no TLS ligzdas — %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 sertifikāts nav pieejams uz savienojuma"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-#| msgid "Error writing data to TLS socket"
-msgid "Error writing data to TLS socket: %s"
-msgstr "Kļūda, rakstot datus TLS ligzdā — %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Neizdevās izveidot X.509 sertifikāta izklāsta"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-#| msgid "Error performing TLS close"
-msgid "Error performing TLS close: %s"
-msgstr "Kļūda, veicot TLS aizvēršanu — %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS savienojums neatbalsta TLS-Exporter iespēju"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:781
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Ir problēma ar sertifikātu — %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Negaidīta kļūda, eksportējot atslēgu datus"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Kļūda, veicot TLS aizvēršanu"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nevarēja saņemt uzticamus enkurus no Keychain"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Neizdevās izveidot CA krātuvi"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Ir problēma ar sertifikāta privāto atslēgu — %s"
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Ir problēma ar sertifikātu — %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Dalībnieks pieprasīja neatļautu TLS izaicinājumrokspiedienu"
+
+#~| msgid "Failed to load system trust store: %s"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Neizdevās ielādēt datņu ceļu: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Darbība bloķēs"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Serveris neatgrieza derīgu TLS sertifikātu"
+
+#~| msgid "Error reading data from TLS socket"
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Kļūda, lasot datus no TLS ligzdas — %s"
+
+#~| msgid "Error writing data to TLS socket"
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Kļūda, rakstot datus TLS ligzdā — %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
--- /dev/null
+# Malay translation for glib-networking.
+# Copyright (C) 2020 glib-networking's COPYRIGHT HOLDER
+# This file is distributed under the same license as the glib-networking package.
+# abuyop <abuyop@gmail.com>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: glib-networking master\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2020-01-24 15:13+0000\n"
+"PO-Revision-Date: 2020-01-27 03:48+0800\n"
+"Language-Team: Pasukan Terjemahan GNOME Malaysia\n"
+"Language: ms\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"Last-Translator: abuyop <abuyop@gmail.com>\n"
+"X-Generator: Poedit 2.0.6\n"
+
+#: proxy/libproxy/glibproxyresolver.c:159
+msgid "Proxy resolver internal error."
+msgstr "Ralat dalaman pelerai proksi."
+
+#: tls/base/gtlsconnection-base.c:538 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "Sambungan tutup"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:612
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Tidak dapat membuat operasi sekatan ketika jabat tangan TLS"
+
+#: tls/base/gtlsconnection-base.c:677 tls/base/gtlsconnection-base.c:1219
+msgid "Socket I/O timed out"
+msgstr "Had masa I/O soket telah tamat"
+
+#: tls/base/gtlsconnection-base.c:845
+msgid "Server required TLS certificate"
+msgstr "Pelayan memerlukan sijil TLS"
+
+#: tls/base/gtlsconnection-base.c:1451
+msgid "Peer does not support safe renegotiation"
+msgstr "Rakan tidak menyokong rundingan-semula selamat"
+
+#: tls/base/gtlsconnection-base.c:1586 tls/gnutls/gtlsconnection-gnutls.c:427
+#: tls/openssl/gtlsconnection-openssl.c:184
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Sijil TLS tidak diterima"
+
+#: tls/base/gtlsconnection-base.c:2051
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Bendera terima tidak disokong"
+
+#: tls/base/gtlsconnection-base.c:2203
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Bendera hantar tidak disokong"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/openssl/gtlscertificate-openssl.c:170
+#, c-format
+msgid "Could not parse DER certificate: %s"
+msgstr "Tidak dapat menghurai sijil DER: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:215
+#: tls/openssl/gtlscertificate-openssl.c:190
+#, c-format
+msgid "Could not parse PEM certificate: %s"
+msgstr "Tidak dapat menghurai sijil PEM: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:238
+#: tls/openssl/gtlscertificate-openssl.c:209
+#, c-format
+msgid "Could not parse DER private key: %s"
+msgstr "Tidak dapat menghurai kunci persendirian DER: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:261
+#: tls/openssl/gtlscertificate-openssl.c:228
+#, c-format
+msgid "Could not parse PEM private key: %s"
+msgstr "Tidak dapat menghurai kunci persendirian PEM: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:288
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Tidak dapat mengimport URI sijil PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:330
+#: tls/openssl/gtlscertificate-openssl.c:263
+msgid "No certificate data provided"
+msgstr "Tiada data sijil disediakan"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:142
+#: tls/gnutls/gtlsconnection-gnutls.c:160
+#: tls/openssl/gtlsclientconnection-openssl.c:408
+#: tls/openssl/gtlsserverconnection-openssl.c:463
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Tidak dapat mencipta sambungan TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:371
+#: tls/gnutls/gtlsconnection-gnutls.c:382
+#: tls/gnutls/gtlsconnection-gnutls.c:396
+#: tls/openssl/gtlsconnection-openssl.c:151
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Rakan gagal membuat jabat tangan TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:404
+msgid "TLS connection closed unexpectedly"
+msgstr "Sambungan TLS ditutup tanpa jangka"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:419
+#: tls/openssl/gtlsconnection-openssl.c:176
+msgid "TLS connection peer did not send a certificate"
+msgstr "Rakan sambungan TLS tidak menghantar satu sijil"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Rakan menghantar amaran TLS mati: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:445
+msgid "Protocol version downgrade attack detected"
+msgstr "Serangan nyahtatar versi protokol telah dikesan"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:454
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Mesej terlalu besar untuk sambungan DTLS; maksimum ialah %u bait"
+msgstr[1] "Mesej terlalu besar untuk sambungan DTLS; maksimum ialah %u bait"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:463
+msgid "The operation timed out"
+msgstr "Operasi telah tamat masa"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:795
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Ralat membuat jabat tangan TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:898
+#: tls/openssl/gtlsconnection-openssl.c:252
+#: tls/openssl/gtlsconnection-openssl.c:302
+msgid "Error performing TLS handshake"
+msgstr "Ralat membuat jabat tangan TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:944
+#: tls/gnutls/gtlsconnection-gnutls.c:1004
+#: tls/openssl/gtlsconnection-openssl.c:409
+msgid "Error reading data from TLS socket"
+msgstr "Ralat membaca data dari soket TLS"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1026
+#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/openssl/gtlsconnection-openssl.c:453
+msgid "Error writing data to TLS socket"
+msgstr "Ralat menulis data ke soket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1060
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Mesej bersaiz %lu bait adalah terlalu besar untuk sambungan DTLS"
+msgstr[1] "Mesej bersaiz %lu bait adalah terlalu besar untuk sambungan DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1062
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(maksimum ialah %u bait)"
+msgstr[1] "(maksimum ialah %u bait)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1109
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Ralat membuat penutupan TLS: %s"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:553
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Gagal memuatkan stor kepercayaan sistem: GnuTLS tidak dikonfigur dengan "
+"satu kepercayaan sistem"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:558 tls/openssl/gtlsdatabase-openssl.c:187
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Gagal memuatkan stor kepercayaan sistem: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:226
+msgid "Certificate has no private key"
+msgstr "Sijil tidak mempunyai kunci persendirian"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:306
+#: tls/openssl/gtlsclientconnection-openssl.c:357
+#: tls/openssl/gtlsserverconnection-openssl.c:345
+#: tls/openssl/gtlsserverconnection-openssl.c:396
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Tidak dapat mencipta konteks TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:192
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoriti sijil TLS tidak diterima"
+
+#: tls/openssl/gtlsconnection-openssl.c:200
+msgid "Digest too big for RSA key"
+msgstr "Cernaan terlalu besar untuk kunci RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:490
+msgid "Error performing TLS close"
+msgstr "Ralat membuat penutupan TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:227
+msgid "Could not create CA store"
+msgstr "Tidak dapat mencipta stor CA"
+
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to load file path: %s"
+msgstr "Gagal memuatkan laluan fail: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:245
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Terdapat satu masalah dengan kunci persendirian sijil: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:237
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Terdapat satu masalah dengan sijil: %s"
msgid ""
msgstr ""
"Project-Id-Version: Gnome Nepali Translation Project\n"
-"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2017-08-09 22:34+0000\n"
-"PO-Revision-Date: 2017-08-21 12:59+0545\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-06-04 13:22+0000\n"
+"PO-Revision-Date: 2021-06-16 19:21+0545\n"
+"Last-Translator: Pawan Chitrakar <chautari@gmail.com>\n"
"Language-Team: Nepali Translation Team <chautari@gmail.com>\n"
+"Language: ne\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 2.0.3\n"
-"Last-Translator: Pawan Chitrakar <chautari@gmail.com>\n"
+"X-Generator: Poedit 1.8.4\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"Language: ne\n"
-#: proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
-msgstr "प्रोक्सी हलकर्ता आन्तरिक त्रुटि।"
+msgstr "प्रोक्सी हलकर्ता आन्तरिक त्रुटि।."
+
+#: tls/base/gtlsconnection-base.c:544 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "जडान बन्द भयो"
-#: tls/gnutls/gtlscertificate-gnutls.c:176
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:618
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS ह्यान्डसेक गर्दा अवरोध सञ्चालन कार्यसम्पादन गर्न सकिँदैन"
+
+#: tls/base/gtlsconnection-base.c:683 tls/base/gtlsconnection-base.c:1231
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "सकेट I/O समय समाप्ति भयो"
+
+#: tls/base/gtlsconnection-base.c:857
+msgid "Server required TLS certificate"
+msgstr "सर्भर TLS प्रमाणपत्र आवश्यक"
+
+#: tls/base/gtlsconnection-base.c:1431
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "ह्यान्डसेक समाप्त भएको छैन, अहिलेसम्म च्यानल बाइन्डिङ सूचना छैन"
+
+#: tls/base/gtlsconnection-base.c:1490
+msgid "Peer does not support safe renegotiation"
+msgstr "साथीले सुरक्षित पुन: वार्ता समर्थन गर्दैन"
+
+#: tls/base/gtlsconnection-base.c:1634 tls/gnutls/gtlsconnection-gnutls.c:407
+#: tls/openssl/gtlsconnection-openssl.c:209 tls/openssl/gtlsconnection-openssl.c:766
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "अमान्य TLS प्रमाणपत्र"
+
+#: tls/base/gtlsconnection-base.c:2099
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "प्राप्त झण्डा हरू समर्थित छैनन्"
+
+#: tls/base/gtlsconnection-base.c:2246
+#, c-format
+msgid "Send flags are not supported"
+msgstr "प्राप्त झण्डा हरू समर्थित छैनन्"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:194 tls/openssl/gtlscertificate-openssl.c:170
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER प्रमाणपत्र पार्स गर्न सकेन:% s"
-#: tls/gnutls/gtlscertificate-gnutls.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:215 tls/openssl/gtlscertificate-openssl.c:190
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM प्रमाणपत्र पार्स गर्न सकेन:% s"
-#: tls/gnutls/gtlscertificate-gnutls.c:228
+#: tls/gnutls/gtlscertificate-gnutls.c:238 tls/openssl/gtlscertificate-openssl.c:209
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER निजी कुञ्जी पार्स गर्न सकेन:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:259
+#: tls/gnutls/gtlscertificate-gnutls.c:261 tls/openssl/gtlscertificate-openssl.c:228
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr ""
+msgstr "PEM व्यक्तिगत कुञ्जी पद वर्णन गर्न सकेन: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:288
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PKCS #11 प्रमाणपत्र URI आयात गर्न सकेन: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:299
+#: tls/gnutls/gtlscertificate-gnutls.c:330 tls/openssl/gtlscertificate-openssl.c:263
msgid "No certificate data provided"
msgstr "प्रमाणपत्र डाटा उपलब्ध छैन"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:375
-msgid "Server required TLS certificate"
-msgstr "सर्भर TLS प्रमाणपत्र आवश्यक "
-
-#: tls/gnutls/gtlsconnection-gnutls.c:310
+#: tls/gnutls/gtlsconnection-gnutls.c:143 tls/gnutls/gtlsconnection-gnutls.c:161
+#: tls/openssl/gtlsclientconnection-openssl.c:451
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "TLS जडान सिर्जना गर्न सकेन: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:572
-msgid "Connection is closed"
-msgstr "जडान बन्द भयो"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:645
-#: tls/gnutls/gtlsconnection-gnutls.c:1528
-msgid "Operation would block"
-msgstr "सञ्चालन ब्लक थियो"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:792
-#: tls/gnutls/gtlsconnection-gnutls.c:831
-msgid "Peer failed to perform TLS handshake"
-msgstr "समान TLS ह्यान्डशेक गर्न असफल भयो"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:810
-msgid "Peer requested illegal TLS rehandshake"
-msgstr ""
+#: tls/gnutls/gtlsconnection-gnutls.c:351 tls/gnutls/gtlsconnection-gnutls.c:362
+#: tls/gnutls/gtlsconnection-gnutls.c:376 tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "साथीले TLS ह्यान्डसेक सम्पादन गर्न असफल भयो: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:837
+#: tls/gnutls/gtlsconnection-gnutls.c:384
msgid "TLS connection closed unexpectedly"
msgstr "TLS जडान अकस्मात बन्द भयो"
-#: tls/gnutls/gtlsconnection-gnutls.c:847
+#: tls/gnutls/gtlsconnection-gnutls.c:399 tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "समान TLS जडानले प्रमाणपत्र पठाएनन्"
-#: tls/gnutls/gtlsconnection-gnutls.c:853
+#: tls/gnutls/gtlsconnection-gnutls.c:415
#, c-format
msgid "Peer sent fatal TLS alert: %s"
-msgstr ""
+msgstr "साथीले घातक TLS चेतावनी पठायो: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1241
-#: tls/gnutls/gtlsconnection-gnutls.c:1274
+#: tls/gnutls/gtlsconnection-gnutls.c:425
+msgid "Protocol version downgrade attack detected"
+msgstr "प्रोटोकल संस्करण अवनति आक्रमण पत्ता लाग्यो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:434
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "डीटीएलएस जडानका लागि सन्देश अति ठूलो छ; अधिकतम %u बाइट हो"
+msgstr[1] "डीटीएलएस जडानका लागि सन्देश अति ठूलो छ; अधिकतम %u बाइट हो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:443
+msgid "The operation timed out"
+msgstr "सञ्चालन समय समाप्त भयो"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:775
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "TLS ह्यान्डशेक गर्दा त्रुटि: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1284
-msgid "Server did not return a valid TLS certificate"
-msgstr "सर्भरले वैध TLS प्रमाणपत्र फर्काउन सकेन"
+#: tls/gnutls/gtlsconnection-gnutls.c:878 tls/openssl/gtlsconnection-openssl.c:550
+msgid "Error performing TLS handshake"
+msgstr "TLS ह्यान्डसेक सम्पादन गर्दा त्रुटि"
-#: tls/gnutls/gtlsconnection-gnutls.c:1354
-msgid "Unacceptable TLS certificate"
-msgstr "अमान्य TLS प्रमाणपत्र"
+#: tls/gnutls/gtlsconnection-gnutls.c:936
+#, c-format
+msgid "Channel binding type tls-unique is not implemented in the TLS library"
+msgstr ""
+"च्यानल बाइन्डिङ प्रकार TLS-अद्धितिय च्यानल बाइन्डिङ डेटा होइन tls-unique TLS लाइब्रेरीमा "
+"कार्यान्वयन भएको छैन"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:940
+#, c-format
+msgid "Channel binding data for tls-unique is not yet available"
+msgstr "च्यानल बाइन्डिङ डेटा tls-unique का लागि अहिले सम्म उपलब्ध छैन"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:967 tls/gnutls/gtlsconnection-gnutls.c:979
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "जडानमा X.५०९ प्रमाणपत्र उपलब्ध छैन"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:992
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 प्रमाणपत्र उपलब्ध छैन वा अज्ञात ढाँचाको छ: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1562
+#: tls/gnutls/gtlsconnection-gnutls.c:1003 tls/openssl/gtlsconnection-openssl.c:641
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS सकेटबाट डाटा पढ्दा त्रुटि: %s"
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "प्रमाणपत्र हस्ताक्षर अल्गोरिदम फेला पार्न असक्षम"
-#: tls/gnutls/gtlsconnection-gnutls.c:1591
+#: tls/gnutls/gtlsconnection-gnutls.c:1019 tls/openssl/gtlsconnection-openssl.c:661
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS सकेटमा डाटा लेख्दा त्रुटि: %s"
+msgid "Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr "हालको X. 509 प्रमाणपत्रले अज्ञात वा असमर्थित हस्ताक्षर अल्गोरिदम प्रयोग गर्दछ"
-#: tls/gnutls/gtlsconnection-gnutls.c:1655
+#: tls/gnutls/gtlsconnection-gnutls.c:1105 tls/openssl/gtlsconnection-openssl.c:741
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "अनुरोध गरिएको च्यानल बाइन्डिङ प्रकार कार्यान्वयन गरिएको छैन"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1126 tls/gnutls/gtlsconnection-gnutls.c:1186
+#: tls/openssl/gtlsconnection-openssl.c:759 tls/openssl/gtlsconnection-openssl.c:855
+msgid "Error reading data from TLS socket"
+msgstr "TLS सकेटबाट डाटा पढ्दा त्रुटि"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1208 tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:934
+msgid "Error writing data to TLS socket"
+msgstr "TLS सकेटमा डाटा लेख्दा त्रुटि"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "DTLS जडानका लागि %lu बाइट साइजको सन्देश अति ठूलो छ"
+msgstr[1] "DTLS जडानका लागि %lu बाइट साइजको सन्देश अति ठूलो छ"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1243
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(अधिकतम %u बाइट हो)"
+msgstr[1] "(अधिकतम %u बाइट हो)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1290
#, c-format
msgid "Error performing TLS close: %s"
msgstr "TLS बन्द गर्दा त्रुटि: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:107
+#: tls/gnutls/gtlsdatabase-gnutls.c:578
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system trust"
+msgstr ""
+"प्रणाली विश्वास भण्डार लोड गर्न असफल भयो: GnuTLS प्रणाली विश्वाससँग कन्फिगर गरिएको थिएन ।"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:583 tls/openssl/gtlsdatabase-openssl.c:229
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "प्रणाली विश्वास भण्डार लोड गर्न असफल भयो: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153 tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "%s: %s विश्वास सूचीमा राख्न असफल"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "प्रमाणपत्रमा निजी कुञ्जी छैन"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "टोकन बन्द हुन यो पिन प्रविष्ट गर्न अन्तिम मौका हो।"
+#: tls/openssl/gtlsclientconnection-openssl.c:310
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "TLS सिफर सूची सेट गर्न सकेन: %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr "धेरै पिन प्रयास गलत छ, र अर्को असफलता पछि टोकन बन्द गरिनेछ।"
+#: tls/openssl/gtlsclientconnection-openssl.c:336
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "%d मा MAX प्रोटोकल सेट गर्न सकेन: %s"
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "प्रविष्ट पिन मिलेन"
+#: tls/openssl/gtlsclientconnection-openssl.c:397
+#: tls/openssl/gtlsserverconnection-openssl.c:433
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "TLS विषयवस्तु सिर्जना गर्न सकेन: %s"
-#: tls/pkcs11/gpkcs11slot.c:449
-msgid "Module"
-msgstr "मोड्युल"
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "अवैध TLS प्रमाणपत्र अधिकार"
-#: tls/pkcs11/gpkcs11slot.c:450
-msgid "PKCS#11 Module Pointer"
-msgstr ""
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "RSA कुञ्जीका लागि अति ठूलो डाइजेस्ट"
-#: tls/pkcs11/gpkcs11slot.c:457
-msgid "Slot ID"
-msgstr "सà¥\8dलà¤\9fà¤\86à¤\88डà¥\80"
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "सà¥\81रà¤\95à¥\8dषित पà¥\81न: वारà¥\8dता à¤\85à¤\95à¥\8dषम पारिà¤\8fà¤\95à¥\8b à¤\9b"
-#: tls/pkcs11/gpkcs11slot.c:458
-msgid "PKCS#11 Slot Identifier"
-msgstr ""
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: जडान विच्छेद भयो"
+
+#: tls/openssl/gtlsconnection-openssl.c:610
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "च्यानल बाइन्डिङ डेटा tls-unique उपलब्ध छैन"
+
+#: tls/openssl/gtlsconnection-openssl.c:633
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "जडानमा X.५०९ प्रमाणपत्र उपलब्ध छैन"
+
+#: tls/openssl/gtlsconnection-openssl.c:679
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "X. 509 प्रमाणपत्र उत्पन्न गर्न असफल भयो"
+
+#: tls/openssl/gtlsconnection-openssl.c:710
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS जडानले TLS-निर्यातकर्ता विशेषता समर्थन गर्दैन"
+
+#: tls/openssl/gtlsconnection-openssl.c:713
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "कुञ्जी डेटा निर्यात गर्दा अनपेक्षित त्रुटि"
+
+#: tls/openssl/gtlsconnection-openssl.c:995
+msgid "Error performing TLS close"
+msgstr "TLS बन्द सम्पादन गर्दा त्रुटि"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "कि-चेनबाट विश्वासिलो एङ्करहरू प्राप्त गर्न सकेन"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "CA भण्डारण सिर्जना गर्न सकेन"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "प्रमाणपत्रको व्यक्तिगत कुञ्जीमा समस्या छ: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "प्रमाणपत्रमा समस्या छ: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "सञ्चालन ब्लक थियो"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "सर्भरले वैध TLS प्रमाणपत्र फर्काउन सकेन"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is locked."
+#~ msgstr "टोकन बन्द हुन यो पिन प्रविष्ट गर्न अन्तिम मौका हो।"
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked after "
+#~ "further failures."
+#~ msgstr "धेरै पिन प्रयास गलत छ, र अर्को असफलता पछि टोकन बन्द गरिनेछ।"
+
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "प्रविष्ट पिन मिलेन"
+
+#~ msgid "Module"
+#~ msgstr "मोड्युल"
+
+#~ msgid "Slot ID"
+#~ msgstr "स्लटआईडी"
#
# Wouter Bolsterlee <wbolster@gnome.org>, 2011–2013
# Rachid <rachidbm@ubuntu.com>, 2012.
-# Nathan Follens <nthn@unseen.is>, 2017.
+# Nathan Follens <nfollens@gnome.org>, 2017, 2019, 2021.
#
-# Peer - andere kant van de verbinding (heel vrij vertaald)
msgid ""
msgstr ""
"Project-Id-Version: gconf\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
"issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-03 11:12+0100\n"
-"Last-Translator: Nathan Follens <nthn@unseen.is>\n"
-"Language-Team: Dutch <vertaling@vrijschrift.org>\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-09-13 17:12+0200\n"
+"Last-Translator: Nathan Follens <nfollens@gnome.org>\n"
+"Language-Team: Dutch <gnome-nl-list@gnome.org>\n"
"Language: nl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Poedit 3.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Interne fout in proxy-resolver."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Verbinding is gesloten"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Bewerking zou blokkeren"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Kan blokkeerbewerking tijdens TLS-handshake niet uitvoeren"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Time-out bij socket-I/O"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Server vereiste een TLS-certificaat"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Handshake is niet voltooid, nog geen kanaalbindingsinformatie"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Peer ondersteunt geen veilige heronderhandeling"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Onacceptabel TLS-certificaat"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Ontvangstvlaggen worden niet ondersteund"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Verstuurvlaggen worden niet ondersteund"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Kon DER-certificaat niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Kon PEM-certificaat niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Kon DER-privésleutel niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Kon PEM-privésleutel niet parseren: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Kon PKCS#11-certificaat-URL niet importeren: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Geen certificaatgegevens opgegeven"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Kon geen TLS-verbinding maken: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Kan peeridentiteit van onverwacht type %s niet verifiëren"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Kan blokkeerbewerking tijdens TLS-handshake niet uitvoeren"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Time-out bij socket-I/O"
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "Kon geen TLS-verbinding maken:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Andere kant van de verbinding gaf geen TLS-handshake"
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kon geen TLS-verbinding maken: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Andere kant van de verbinding gaf geen TLS-handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "TLS-verbinding onverwachts afgebroken"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS-verbinding van andere kant stuurde geen certificaat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Onacceptabel TLS-certificaat"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Andere kant van de verbinding stuurde fatale TLS-waarschuwing: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Downgrade-aanval op de protocolversie gedetecteerd"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Bericht is te groot voor DTLS-verbinding; maximaal %u byte"
msgstr[1] "Bericht is te groot voor DTLS-verbinding, maximaal %u bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Time-out bij bewerking"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Peer ondersteunt geen veilige heronderhandeling"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fout bij uitvoeren van TLS-handshake: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Fout bij uitvoeren van TLS-handshake"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Fout bij het lezen van de TLS-socket"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanaalbindingstype is niet geïmplementeerd in de TLS-bibliotheek"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Ontvangstvlaggen worden niet ondersteund"
+msgid "Channel binding data is not yet available"
+msgstr "Kanaalbindingsgegevens zijn nog niet beschikbaar"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509-certificaat is niet beschikbaar op de verbinding"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509-certificaat is niet beschikbaar of van een onbekend formaat: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Kon certificaatondertekeningsalgoritme niet verkrijgen"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Huidig X.509-certificaat gebruikt een onbekend of niet-ondersteund "
+"ondertekeningsalgoritme"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Gevraagd kanaalbindingstype is niet geïmplementeerd"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Fout bij het lezen van de TLS-socket"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Fout bij het schrijven naar de TLS-socket"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Bericht van grootte %lu byte is te groot voor DTLS-verbinding"
msgstr[1] "Bericht van grootte %lu bytes is te groot voor DTLS-verbinding"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(maximaal %u byte)"
msgstr[1] "(maximaal %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Verstuurvlaggen worden niet ondersteund"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Fout bij sluiten van TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Fout bij sluiten van TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Laden van vertrouwensopslag van systeem mislukt: GnuTLS is niet "
"geconfigureerd met een systeemvertrouwen"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Laden van vertrouwensopslag van systeem mislukt: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Vertrouwenslijst van %s invullen mislukt: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Certificaat heeft geen privésleutel"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Kon TLS-cipherlijst niet verkrijgen: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Kon MAX-protocol niet instellen op %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Kon geen TLS-context maken: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Onacceptabele TLS-certificaatautoriteit"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Digest te groot voor RSA-sleutel"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Veilige heronderhandeling is uitgeschakeld"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Fout bij uitvoeren van TLS-handshake: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: de verbinding is verbroken"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server gaf geen geldig TLS-certificaat weer"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanaalbindingsgegevens van tls-unique zijn niet beschikbaar"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Fout bij het lezen van de TLS-socket: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509-certificaat is niet beschikbaar op de verbinding"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Fout bij het schrijven naar de TLS-socket: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Aanmaken van X.509-certificaatsdigest mislukt"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Fout bij sluiten van TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-verbinding biedt geen ondersteuning voor TLS-Exporter-functie"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:781
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Probleem met certificaat: %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Onverwachte fout bij exporteren van sleutelgegevens"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Fout bij sluiten van TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Kon geen vertrouwde ankers ophalen uit sleutelbos"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Kon geen CA-opslag aanmaken"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Probleem met privésleutel van certificaat: %s"
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Probleem met certificaat: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "Andere kant van de verbinding verzocht een ongeldige TLS-rehandshake"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Laden van bestandspad mislukt: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Bewerking zou blokkeren"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Server gaf geen geldig TLS-certificaat weer"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Fout bij het lezen van de TLS-socket: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Fout bij het schrijven naar de TLS-socket: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2018-06-01 00:06+0000\n"
-"PO-Revision-Date: 2018-06-08 14:43+0200\n"
-"Last-Translator: Cédric Valmary (totenoc.eu) <cvalmary@yahoo.fr>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2021-12-20 15:37+0000\n"
+"PO-Revision-Date: 2021-12-29 18:40+0100\n"
+"Last-Translator: Quentin PAGÈS\n"
"Language-Team: Tot En Òc\n"
"Language: oc\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Virtaal 0.7.1\n"
+"X-Generator: Poedit 3.0\n"
"X-Launchpad-Export-Date: 2015-05-21 17:44+0000\n"
"X-Project-Style: gnome\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Error intèrna del resolvedor de servidor mandatari."
-#: tls/gnutls/gtlscertificate-gnutls.c:182
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "La connexion es tampada"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Realizacion impossibla d’accions de blocatge pendent una negociacion TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Las entradas/sortidas del connector an expirat"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "Lo servidor requerís un certificat TLS"
+
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"La negociacion es pas acabada, cap d’informacions de ligason de canal pas "
+"disponibla pel moment"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Lo par es pas compatible amb la renegociacion segura"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptable"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Las bandièras de recepcion son pas presas en carga"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Las bandièras de mandadís son pas presas en carga"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
-msgstr "Impossible d'analisar lo certificat DER : %s"
+msgstr "Impossible d'analisar lo certificat DER : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:203
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
-msgstr "Impossible d'analisar lo certificat PEM : %s"
+msgstr "Impossible d'analisar lo certificat PEM : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
-msgstr "Impossible d'analisar la clau privada DER : %s"
+msgstr "Impossible d'analisar la clau privada DER : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:265
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
-msgstr "Impossible d'analisar la clau privada PEM : %s"
+msgstr "Impossible d'analisar la clau privada PEM : %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:304
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Impossible d'importar lo certificat PKCS #11 de l’URI : %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Cap de donada de certificat pas provesida"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:421
-msgid "Server required TLS certificate"
-msgstr "Lo servidor requerís un certificat TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:396
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Impossible de crear una connexion TLS : %s"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:709
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
-msgid "Connection is closed"
-msgstr "La connexion es tampada"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Verificacion impossibla del par %s de tipe inesperat"
-#: tls/gnutls/gtlsconnection-gnutls.c:784
-#: tls/gnutls/gtlsconnection-gnutls.c:2201
-msgid "Operation would block"
-msgstr "L'operacion se poiriá blocar"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Impossible de crear una connexion TLS :"
-#: tls/gnutls/gtlsconnection-gnutls.c:825
-#: tls/gnutls/gtlsconnection-gnutls.c:1412
-msgid "Socket I/O timed out"
-msgstr "Las entradas/sortidas del connector an expirat"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:964
-#: tls/gnutls/gtlsconnection-gnutls.c:997
-msgid "Peer failed to perform TLS handshake"
-msgstr "La negociacion TLS amb lo servidor per a fracassat"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Impossible de crear una connexion TLS : %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:982
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Lo servidor per a demandat una renegociacion TLS pas autorizada"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Lo par a pas reüssit a realizar una negociacion TLS : %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "La connexion TLS es estada tampada d'un biais imprevist"
-#: tls/gnutls/gtlsconnection-gnutls.c:1013
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Lo per TLS a pas mandat cap de certificat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
-msgstr "Lo par a enviat una alèrta TLS fatala : %s"
+msgstr "Lo par a enviat una alèrta TLS fatala : %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:509
+msgid "Protocol version downgrade attack detected"
+msgstr "Atac de retrogradacion de version de protocòl detectat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1027
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] ""
"Lo messatge es tròp grand per la connexion DTLS ; lo maximum es de %u octets"
-#: tls/gnutls/gtlsconnection-gnutls.c:1034
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "L’operacion a expirat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1820
-#: tls/gnutls/gtlsconnection-gnutls.c:1871
-#| msgid "Error performing TLS handshake: %s"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Error al moment de la negociacion TLS : %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Error al moment de la negociacion TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1881
-msgid "Server did not return a valid TLS certificate"
-msgstr "Lo servidor a pas renviat cap de certificat TLS valid"
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr ""
+"De donadas de ligason voidas indican una anomalia dins la bibliotèca "
+"d’implementacion TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1963
-msgid "Unacceptable TLS certificate"
-msgstr "Certificat TLS inacceptable"
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Lo tipe de cana es pas implantat dins la bibliotèca TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2235
-#: tls/gnutls/gtlsconnection-gnutls.c:2327
-#| msgid "Error reading data from TLS socket: %s"
-msgid "Error reading data from TLS socket"
-msgstr "Error al moment de la lectura de donadas del connector TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "Las donadas de ligason son pas encara disponiblas"
-#: tls/gnutls/gtlsconnection-gnutls.c:2357
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Las bandièras de recepcion son pas presas en carga"
+msgid "X.509 certificate is not available on the connection"
+msgstr "certificat X.509 pas disponible sus la connexion"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "certificat X.509 indisponible o dins un format desconegut : %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Impossible d'obténer l'algoritme de signatura del certificat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Lo certificat actual X.509 utiliza un algoritme de signatura desconegut o "
+"pas pres en carga"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Lo tipe de ligason de canal demandat es pas implantat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Error al moment de la lectura de donadas del connector TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2434
-#: tls/gnutls/gtlsconnection-gnutls.c:2506
-#| msgid "Error writing data to TLS socket: %s"
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
msgid "Error writing data to TLS socket"
msgstr "Error al moment de l'escritura de donadas sul connector TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2476
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Un messatge de %lu octet es tròp grand per la connexion DTLS"
msgstr[1] "Un messatge de %lu octets es tròp grand per la connexion DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2478
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(lo maximum es de %u octet)"
msgstr[1] "(lo maximum es de %u octets)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2537
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
#, c-format
-msgid "Send flags are not supported"
-msgstr "Las bandièras de mandadís son pas presas en carga"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2640
-#| msgid "Error performing TLS close: %s"
-msgid "Error performing TLS close"
-msgstr "Error al moment de la tampadura TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Error al moment de la tampadura TLS : %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr ""
+"Cargament impossibla del magasin de fisança del sistèma : GnuTLS èra pas "
+"configurat amb un sistèma fisable"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
-msgstr ""
+msgstr "Cargament impossibla del magasin de fisança del sistèma : %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Fracàs de l'empliment de la lista fisabla %s: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:113
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Lo certificat a pas cap de clau privada"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de piuse "
-"siá verrolhada."
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Impossible de definir una lista de cipher TLS : %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Definicion impossibla de MAX protocol per %d : %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Creacion del contèxt TLS impossible : %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoritat de certificacion TLS inacceptabla"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "Digest tròp grand per la clau RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "La renogiciacion segura es desactivada"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s : la connexion es copada"
+
+#: tls/openssl/gtlsconnection-openssl.c:660
+#, c-format
+msgid "The request is invalid."
+msgstr "La requèsta es invalida."
+
+#: tls/openssl/gtlsconnection-openssl.c:683
+#, c-format
+msgid "Channel binding data tls-unique is not available"
msgstr ""
-"Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo "
-"verrolhatge de la carta de piuse."
+"Las donadas de ligason de canal perTLS sonque son pas encara disponiblas"
+
+#: tls/openssl/gtlsconnection-openssl.c:706
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "certificat X.509 pas disponible sus la connexion"
+
+#: tls/openssl/gtlsconnection-openssl.c:752
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Generacion pas reüssida del digèst del certificat X.509"
+
+#: tls/openssl/gtlsconnection-openssl.c:783
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "La connexion TLS pren pas en carga la foncionalitat TLS-Exporter"
+
+#: tls/openssl/gtlsconnection-openssl.c:786
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Error inesperada en exportant las donadas picadas"
+
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Error al moment de la tampadura TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Obtencion impossibla d’ancora de fisança de la Keychain"
+
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Impossible d'obténer lo magazin de certificat raiç"
+
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Impossible d'obténer lo magazin de certificat CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Creacion d’un magasin de CA impossibla"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "I a un problèma amb lo certificat : %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:193
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "I a un problèma amb la clau privada del certificat : %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "L'operacion se poiriá blocar"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Lo servidor per a demandat una renegociacion TLS pas autorizada"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Lo servidor a pas renviat cap de certificat TLS valid"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Es la darrièra chança d'entrar lo PIN corrècte abans que la carta de "
+#~ "piuse siá verrolhada."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Mantun PIN incorrèctes son estats picats, tota novèla error provocarà lo "
+#~ "verrolhatge de la carta de piuse."
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Lo PIN picat es incorrècte."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Lo PIN picat es incorrècte."
-#: tls/pkcs11/gpkcs11slot.c:447
-msgid "Module"
-msgstr "Modul"
+#~ msgid "Module"
+#~ msgstr "Modul"
-#: tls/pkcs11/gpkcs11slot.c:448
-msgid "PKCS#11 Module Pointer"
-msgstr "Puntador de modul PKCS#11"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Puntador de modul PKCS#11"
-#: tls/pkcs11/gpkcs11slot.c:455
-msgid "Slot ID"
-msgstr "ID del connectador"
+#~ msgid "Slot ID"
+#~ msgstr "ID del connectador"
-#: tls/pkcs11/gpkcs11slot.c:456
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificant d'emplaçament PKCS#11"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificant d'emplaçament PKCS#11"
#~ msgid "Connection is already closed"
#~ msgstr "La connexion es ja tampada"
# Polish translation for glib-networking.
-# Copyright © 2011-2019 the glib-networking authors.
+# Copyright © 2011-2021 the glib-networking authors.
# This file is distributed under the same license as the glib-networking package.
-# Piotr Drąg <piotrdrag@gmail.com>, 2011-2019.
-# Aviary.pl <community-poland@mozilla.org>, 2011-2019.
+# Piotr Drąg <piotrdrag@gmail.com>, 2011-2021.
+# Aviary.pl <community-poland@mozilla.org>, 2011-2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-02 10:12+0100\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-20 14:18+0100\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish <community-poland@mozilla.org>\n"
"Language: pl\n"
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
"|| n%100>=20) ? 1 : 2);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Wewnętrzny błąd rozwiązywania pośrednika."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Połączenie jest zamknięte"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Działanie zablokowałoby"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Nie można wykonać blokującego działania podczas powitania TLS"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Wejście/wyjście gniazda przekroczyło czas oczekiwania"
+
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Serwer wymaga certyfikatu TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Powitanie nie jest ukończone, nie ma jeszcze informacji o wiązaniu kanału"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Partner nie obsługuje zabezpieczonej ponownej negocjacji"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nieakceptowalny certyfikat TLS"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Flagi odbioru są nieobsługiwane"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Flagi wysyłki są nieobsługiwane"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nie można przetworzyć certyfikatu DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nie można przetworzyć certyfikatu PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nie można przetworzyć klucza prywatnego DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nie można przetworzyć klucza prywatnego PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nie można zaimportować adresu URI certyfikatu PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Nie podano danych certyfikatu"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Nie można utworzyć połączenia TLS: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Nie można wykonać blokującego działania podczas powitania TLS"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Nie można sprawdzić tożsamości partnera o nieoczekiwanym typie %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Wejście/wyjście gniazda przekroczyło czas oczekiwania"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Nie można utworzyć połączenia TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Wykonanie powitania TLS przez partnera się nie powiodło"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nie można utworzyć połączenia TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Partner zażądał niedozwolonego ponownego powitania TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Wykonanie powitania TLS przez partnera się nie powiodło: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Połączenie TLS zostało nieoczekiwanie zamknięte"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Partner połączenia TLS nie wysłał certyfikatu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Nieakceptowalny certyfikat TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Partner wysłał krytyczny alarm TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Wykryto atak typu zmniejszenie wersji protokołu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[1] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajty"
msgstr[2] "Komunikat jest za duży dla połączenia DTLS, maksimum to %u bajtów"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Działanie przekroczyło czas oczekiwania"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Partner nie obsługuje zabezpieczonej ponownej negocjacji"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Błąd podczas wykonywania powitania TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Błąd podczas wykonywania powitania TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Błąd podczas odczytywania danych z gniazda TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Typ wiązania kanału nie jest zaimplementowany w bibliotece TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Flagi odbioru są nieobsługiwane"
+msgid "Channel binding data is not yet available"
+msgstr "Dane wiązania kanału nie są jeszcze dostępne"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Certyfikat X.509 nie jest dostępny na połączeniu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Certyfikat X.509 jest niedostępny lub jest w nieznanym formacie: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nie można uzyskać algorytmu podpisu certyfikatu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Bieżący certyfikat X.509 używa nieznanego lub nieobsługiwane algorytmu "
+"podpisu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Żądany typ wiązania kanału nie jest zaimplementowany"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Błąd podczas odczytywania danych z gniazda TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Błąd podczas zapisywania danych do gniazda TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] "Komunikat o %lu bajtach jest za duży dla połączenia DTLS"
msgstr[2] "Komunikat o %lu bajtach jest za duży dla połączenia DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(maksimum to %u bajty)"
msgstr[2] "(maksimum to %u bajtów)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Flagi wysyłki są nieobsługiwane"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Błąd podczas wykonywania zamknięcia TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Błąd podczas wykonywania zamknięcia TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Wczytanie przechowalni zaufania systemu się nie powiodło: biblioteka GnuTLS "
"nie została skonfigurowana z zaufaniem systemu"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Wczytanie przechowalni zaufania systemu się nie powiodło: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Wypełnienie listy zaufania z %s się nie powiodło: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Certyfikat nie ma klucza prywatnego"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nie można ustawić listy szyfrów TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nie można ustawić protokołu MAX na %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Nie można utworzyć kontekstu TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Nieakceptowalny ośrodek certyfikacji certyfikatu TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Skrót jest za duży dla klucza RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Zabezpieczona ponowna negocjacja jest wyłączona"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Błąd podczas wykonywania powitania TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: połączenie jest uszkodzone"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Serwer nie zwrócił prawidłowego certyfikatu TLS"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Dane wiązania kanału „tls-unique” są niedostępne"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Błąd podczas odczytywania danych z gniazda TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Certyfikat X.509 nie jest dostępny na połączeniu"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Błąd podczas zapisywania danych do gniazda TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Utworzenie skrótu certyfikatu X.509 się nie powiodło"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Błąd podczas wykonywania zamknięcia TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "Połączenie TLS nie obsługuje funkcji „TLS-Exporter”"
+
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Nieoczekiwany błąd podczas eksportowania danych kluczowania"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Błąd podczas wykonywania zamknięcia TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nie można uzyskać zaufanych kotwic z bazy kluczy"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Nie można uzyskać przechowalni głównych certyfikatów"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Nie można uzyskać przechowalni certyfikatów CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Nie można utworzyć przechowalni CA"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Wystąpił problem z certyfikatem: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Wystąpił problem z kluczem prywatnym certyfikatu: %s"
-# Portuguese translation for glib-networking.\r
-# Copyright © 2011, 2012, 2013 glib-networking\r
-# This file is distributed under the same license as the glib-networking package.\r
-# Duarte Loreto <happyguy_pt@hotmail.com>, 2011, 2012, 2013.\r
-# \r
+# Portuguese translation for glib-networking.
+# Copyright © 2011, 2012, 2013 glib-networking
+# This file is distributed under the same license as the glib-networking package.
+#
+# Duarte Loreto <happyguy_pt@hotmail.com>, 2011, 2012, 2013.
# Pedro Albuquerque <palbuquerque73@openmailbox.com>, 2015.
+# Juliano de Souza Camargo <julianosc@protonmail.com>, 2020.
+# Hugo Carvalho <hugokarvalho@hotmail.com>, 2020, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: 3.8\n"
-"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2015-06-07 17:56+0000\n"
-"PO-Revision-Date: 2015-06-24 09:24+0100\n"
-"Last-Translator: Pedro Albuquerque <palbuquerque73@openmailbox.com>\n"
-"Language-Team: Português <palbuquerque73@openmailbox.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2021-12-18 16:29+0000\n"
+"PO-Revision-Date: 2021-12-20 15:35+0000\n"
+"Last-Translator: Hugo Carvalho <hugokarvalho@hotmail.com>\n"
+"Language-Team: Portuguese <gnome-pt-translation@googlegroups.com>\n"
"Language: pt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Gtranslator 2.91.6\n"
+"X-Generator: Poedit 3.0.1\n"
-#: ../proxy/libproxy/glibproxyresolver.c:157
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
-msgstr "Erro interno do solucionador de proxies."
+msgstr "Erro interno de resolução do proxy."
+
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "A ligação está fechada"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Impossível efetuar operação de bloqueio durante a comunicação inicial TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Expirou E/S do socket"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "O servidor requer um certificado TLS"
+
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"O aperto de mão não está terminado, ainda não há informação vinculativa do "
+"canal"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Destino não suporta renegociação segura"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceitável"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Opções de receção não são suportadas"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Opções de envio não são suportadas"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Impossível processar o certificado DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Impossível processar o certificado PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Impossível processar a chave privada DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Impossível processar a chave privada PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Impossível importar o certificado PKCS #11 URI: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Não foram indicados quaisquer dados de certificado"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:337
-msgid "Server required TLS certificate"
-msgstr "O servidor requer um certificado TLS"
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Não é possível verificar a identidade de pares do tipo inesperado %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Impossível criar uma ligação TLS:"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:305
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Impossível criar uma ligação TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:572
-msgid "Connection is closed"
-msgstr "A ligação está fechada"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:635
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1504
-msgid "Operation would block"
-msgstr "Operação iria bloquear"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:774
-#: ../tls/gnutls/gtlsconnection-gnutls.c:813
-msgid "Peer failed to perform TLS handshake"
-msgstr "O destino falhou ao estabelecer a ligação (handshake) TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:792
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Destino requereu novo handshake TLS ilegal"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Destino falhou em estabelecer a comunicação inicial TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:819
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Ligação TLS terminada inesperadamente"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:829
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "O parceiro de ligação TLS não enviou um certificado"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1212
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1245
+#: tls/gnutls/gtlsconnection-gnutls.c:499
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Destino enviou um alerta crítico TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:509
+msgid "Protocol version downgrade attack detected"
+msgstr "Ataque de protocolo em versão anterior detetado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:518
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] "Mensagem é demasiada longa para ligações DTLS; o máximo é %u byte"
+msgstr[1] ""
+"Mensagem é demasiada longa para ligações DTLS; o máximo são %u bytes"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:527
+msgid "The operation timed out"
+msgstr "A operação expirou"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:879
#, c-format
msgid "Error performing TLS handshake: %s"
msgstr "Erro ao estabelecer a ligação TLS (handshake): %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1255
-msgid "Server did not return a valid TLS certificate"
-msgstr "O servidor não devolveu um certificado TLS válido"
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
+msgid "Error performing TLS handshake"
+msgstr "Erro ao estabelecer a ligação TLS (handshake)"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1330
-msgid "Unacceptable TLS certificate"
-msgstr "Certificado TLS inaceitável"
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr ""
+"Dados de ligação do canal vazios indicam um problema na implementação da "
+"biblioteca TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1538
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Erro ao ler dados do socket TLS: %s"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "O tipo de ligação do canal não é implementado na biblioteca TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1567
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Erro ao escrever dados no socket TLS: %s"
+msgid "Channel binding data is not yet available"
+msgstr "Os dados de ligação do canal ainda não estão disponíveis"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1619
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Erro ao terminar a ligação TLS: %s"
+msgid "X.509 certificate is not available on the connection"
+msgstr "O certificado X.509 não está disponível na ligação"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
-msgid "Certificate has no private key"
-msgstr "Certificado não tem chave privada"
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"O certificado X.509 não está disponível ou é de formato desconhecido: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Incapaz de obter algoritmo de assinatura de certificado"
-#: ../tls/pkcs11/gpkcs11pin.c:108
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
+#, c-format
msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
msgstr ""
-"Esta é a última oportunidade para introduzir corretamente o PIN antes de que "
-"o símbolo seja trancado."
+"O certificado X.509 atual usa algoritmo de assinatura desconhecido ou não "
+"compatível"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "O tipo de ligação do canal solicitado não foi implementado"
-#: ../tls/pkcs11/gpkcs11pin.c:110
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Erro ao ler dados do socket TLS"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
+msgid "Error writing data to TLS socket"
+msgstr "Erro ao escrever dados no socket TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Mensagem de tamanho %lu byte é demasiada longa para ligações DTLS"
+msgstr[1] "Mensagem de tamanho %lu bytes é demasiada longa para ligações DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(máximo é %u byte)"
+msgstr[1] "(máximo são %u bytes)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
+#, c-format
+msgid "Error performing TLS close: %s"
+msgstr "Erro ao terminar a ligação TLS: %s"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
msgstr ""
-"Foram introduzidos vários PINs incorretos e o símbolo será trancado caso "
-"ocorram mais falhas."
+"Falhou em carregar um espaço seguro no sistema: o GnuTLS não foi definido "
+"com um sistema de segurança"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr "Falhou em carregar um espaço seguro no sistema: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Falhou ao povoar uma lista segura de %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+msgid "Certificate has no private key"
+msgstr "Certificado não tem chave privada"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Não foi possível definir a lista de cifras TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Não foi possível definir o protocolo MAX para %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Impossível criar um contexto TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoridade de certificação TLS inaceitável"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "O resumo é demasiado grande para chaves RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Renegociação segura está desativada"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: a ligação está interrompida"
+
+#: tls/openssl/gtlsconnection-openssl.c:660
+#, c-format
+msgid "The request is invalid."
+msgstr "O pedido é inválido."
+
+#: tls/openssl/gtlsconnection-openssl.c:683
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Os dados de ligação de canal tls-unique não estão disponíveis"
+
+#: tls/openssl/gtlsconnection-openssl.c:706
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "O certificado X.509 não está disponível na ligação"
+
+#: tls/openssl/gtlsconnection-openssl.c:752
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Falha ao gerar resumo do certificado X.509"
+
+#: tls/openssl/gtlsconnection-openssl.c:783
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "A ligação TLS não suporta a funcionalidade TLS-Exporter"
+
+#: tls/openssl/gtlsconnection-openssl.c:786
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Erro inesperado ao exportar dados de codificação"
+
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Erro ao terminar a ligação TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Não foi possível obter âncoras de confiança da cadeia de chaves"
+
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Não foi possível obter espaço de certificado root"
+
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Não foi possível obter espaço de certificado CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Não foi possível criar espaço CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Existe um problema com o certificado: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:193
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Existe um problema com a chave privada certificada: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Destino requereu novo handshake TLS ilegal"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Falhou ao abrir caminho do ficheiro: %s "
+
+#~ msgid "Operation would block"
+#~ msgstr "Operação iria bloquear"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "O servidor não devolveu um certificado TLS válido"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Esta é a última oportunidade para introduzir corretamente o PIN antes de "
+#~ "que o símbolo seja trancado."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Foram introduzidos vários PINs incorretos e o símbolo será trancado caso "
+#~ "ocorram mais falhas."
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "O PIN introduzido está incorreto."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "O PIN introduzido está incorreto."
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Módulo"
+#~ msgid "Module"
+#~ msgstr "Módulo"
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Ponteiro de módulo PKCS#11"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Ponteiro de módulo PKCS#11"
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "ID de slot"
+#~ msgid "Slot ID"
+#~ msgstr "ID de slot"
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Identificador de slot PKCS#11"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Identificador de slot PKCS#11"
#~ msgid "Connection is already closed"
#~ msgstr "A ligação já está fechada"
# Brazilian Portuguese translation of glib-networking.
-# Copyright (C) 2019 glib-networking's COPYRIGHT HOLDER
+# Copyright (C) 2021 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
# André Gondim <In memoriam>, 2011.
# Djavan Fagundes <djavan@comum.org>, 2011.
# Jonh Wendell <jwendell@gnome.org>, 2012.
-# Rafael Fontenelle <rafaelff@gnome.org>, 2012-2019.
+# Rafael Fontenelle <rafaelff@gnome.org>, 2012-2021.
+# Enrico Nicoletto <liverig@gmail.com>, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-06 09:09-0300\n"
-"Last-Translator: Rafael Fontenelle <rafaelff@gnome.org>\n"
-"Language-Team: Portuguese - Brazil <gnome-pt_br-list@gnome.org>\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-26 07:18-0300\n"
+"Last-Translator: Enrico Nicoletto <liverig@gmail.com>\n"
+"Language-Team: Brazilian Portuguese <gnome-pt_br-list@gnome.org>\n"
"Language: pt_BR\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n > 1)\n"
-"X-Generator: Gtranslator 3.31.90\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"X-Generator: Poedit 3.0\n"
"X-Project-Style: gnome\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Erro interno do resolvedor de proxy."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "A conexão está encerrada"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "A operação bloquearia"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Não foi possível realizar operação de bloqueio durante negociação TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Tempo de E/S do soquete foi esgotado"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "O servidor requer certificado TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"A negociação não foi concluída, nenhuma informação de ligação de canal ainda"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "O peer não possui suporte a negociação segura"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificado TLS inaceitável"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Não há suporte a recebimento de sinalizadores"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Não há suporte a envio de sinalizadores"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Não foi possível analisar certificado DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Não foi possível analisar certificado PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Não foi possível analisar chave privada DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Não foi possível analisar chave privada PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Não foi possível importar URI de certificado PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Nenhum dado de certificado fornecido"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Não foi possível criar conexão TLS: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Não foi possível verificar a identidade do par de tipo inesperado %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-#| msgid "Error performing TLS handshake"
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Não foi possível realizar operação de bloqueio durante negociação TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Não foi possível criar conexão TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Tempo de E/S do soquete foi esgotado"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Peer falhou ao realizar negociação TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Não foi possível criar conexão TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "O peer requisitou uma negociação TLS ilegal"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Peer falhou ao realizar negociação TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Conexão TLS fechou inesperadamente"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Conexão TLS não enviou um certificado"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificado TLS inaceitável"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "O peer enviou alerta TLS fatal: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Detectado ataque de downgrade de versão de protocolo"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "A mensagem é grande demais para conexão DTLS; máximo é %u byte"
msgstr[1] "A mensagem é grande demais para conexão DTLS; máximo é %u bytes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Tempo da operação foi esgotado"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "O peer não possui suporte a negociação segura"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Erro ao realizar negociação TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Erro executando negociação TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Erro ao ler dados do soquete TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "O tipo de ligação de canal não foi implementado na biblioteca TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Não há suporte a recebimento de sinalizadores"
+msgid "Channel binding data is not yet available"
+msgstr "Os dados de ligação de canal ainda não estão disponíveis"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "O certificado X.509 não está disponível na conexão"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"O certificado X.509 não está disponível ou é de formato desconhecido: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Não foi possível obter algoritmo de assinatura de certificado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"O certificado X.509 atual usa um algoritmo de assinatura desconhecido ou não "
+"compatível"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "O tipo de ligação de canal solicitado não foi implementado"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Erro ao ler dados do soquete TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Erro ao gravar dados para o soquete TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[1] ""
"Uma mensagem de tamanho %lu bytes é grande demais para uma conexão DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(máximo é %u byte)"
msgstr[1] "(máximo é %u bytes)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Não há suporte a envio de sinalizadores"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Erro ao executar fechamento TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Erro ao executar fechamento TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Falha ao carregar o armazenamento de confiança do sistema: GnuTLS não estava "
"configurado com uma confiança de sistema"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Falha ao carregar armazenamento de confiança do sistema: %s "
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Falha ao popular a lista de confiança de %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "O certificado não contém nenhuma chave privada"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Não foi possível definir a lista de cifras TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Não foi possível definir o protocolo MAX para %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Não foi possível criar contexto TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoridade de certificação TLS inaceitável"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Digest grande demais para chave RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Renegociação de segurança está desabilitada"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Erro ao realizar negociação TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: A conexão está quebrada"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Servidor não retornou certificado TLS"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Os dados de ligação de canal tls-unique não estão disponíveis"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Erro ao ler dados do soquete TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "O certificado X.509 não está disponível na conexão"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Erro ao gravar dados para o soquete TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Falha ao gerar resumo do certificado X.509"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Erro ao executar fechamento TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "A conexão TLS não tem suporte ao recurso TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Erro inesperado ao exportar dados de codificação"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Erro ao executar fechamento TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Não foi possível obter âncoras confiáveis do chaveiro"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Não foi possível obter loja de certificado raíz"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Não foi possível obter loja de certificado CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Não foi possível criar armazenamento de AC"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Há um problema com o certificado: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Há um problema com a chave privada do certificado: %s"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Falha ao carregar o caminho do arquivo: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "O peer requisitou uma negociação TLS ilegal"
+
+#~ msgid "Operation would block"
+#~ msgstr "A operação bloquearia"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Servidor não retornou certificado TLS"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Erro ao ler dados do soquete TLS: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Erro ao gravar dados para o soquete TLS: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-02 16:43+0100\n"
-"Last-Translator: Daniel Șerbănescu <daniel [at] serbanescu [dot] dk>\n"
+"POT-Creation-Date: 2021-12-02 07:39+0000\n"
+"PO-Revision-Date: 2021-12-10 11:15+0100\n"
+"Last-Translator: Florentina Mușat <florentina.musat.28@gmail.com>\n"
"Language-Team: Romanian Gnome Team <gnomero-list@lists.sourceforge.net>\n"
"Language: ro\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
"20)) ? 1 : 2);\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Poedit 3.0\n"
"X-Poedit-SourceCharset: UTF-8\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
-msgstr "Eroare internă în rezolvantul proxy."
-
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+msgstr "Eroare internă la rezolvatorul proxy."
+
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Conexiunea este închisă"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Operația ar bloca"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Nu se poate efectua operația de blocare în timpul handshake-ului TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "I/O de soclu a depășit limita de timp"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Serverul necesită certificat TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Strângerea de mână nu este terminată, nu există încă informații de legătură "
+"de canal"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Partenerul nu suportă renegociere în siguranță"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Certificat TLS inacceptabil"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Fanioanele de primire nu sunt suportate"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Trimite fanioanele care nu sunt suportate"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nu s-a putut parsa certificatul DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nu s-a putut parsa certificatul PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nu s-a putut parsa cheia privată DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nu s-a putut parsa cheia privată PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nu s-a putut importa URI-ul certificatului PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Nu s-au furnizat date de certificat"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Nu s-a putut crea conexiunea TLS: %s"
-
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Nu se poate efectua operația de blocare în timpul handshake-ului TLS"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr ""
+"Nu se poate verifica identitatea partenerului de conexiune de tipul "
+"neașteptat %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "I/O de soclu a depășit limita de timp"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Nu s-a putut crea conexiunea TLS:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Celălalt capăt al conexiunii nu a reușit să efectueze handshake-ul TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Nu s-a putut crea conexiunea TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
msgstr ""
-"Celălalt capăt al conexiunii a solicitat ilegal reefectuarea handshake-ului "
-"TLS"
+"Celălalt capăt al conexiunii nu a reușit să efectueze handshake-ul TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Conexiunea TLS a fost închisă în mod neașteptat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Partenerul conexiunii TLS nu a trimis un certificat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Certificat TLS inacceptabil"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Partenerul a trimis o alertă TLS fatală: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Atac de retrogradare a versiunii protocolului detectat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[2] ""
"Mesajul este prea mare pentru conexiunea DTLS; maxim este %u de octeți"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Operația a depășit limita de timp"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Partenerul nu suportă renegociere în siguranță"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Eroare la executarea handshake-ului TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Eroare la executarea handshake-ului TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Eroare la citirea datelor de la soclul TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1189
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Tipul de legare a canalului nu este implementat în biblioteca TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1193
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Fanioanele de primire nu sunt suportate"
+msgid "Channel binding data is not yet available"
+msgstr "Datele de legare a canalului nu sunt disponibile încă"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#: tls/gnutls/gtlsconnection-gnutls.c:1243
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Certificatul X.509 nu este disponibil pe conexiune"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1256
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr ""
+"Certificatul X.509 nu este disponibil sau nu este de format cunoscut: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1267
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nu s-a putut obține algoritmul de semnătură de certificat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Certificatul X.509 curent utilizează un algoritm de semnătură necunoscut sau "
+"nesuportat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1377
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Tipul de legătură de canal cerut nu este implementat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1398
+#: tls/gnutls/gtlsconnection-gnutls.c:1458
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Eroare la citirea datelor de la soclul TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1480
+#: tls/gnutls/gtlsconnection-gnutls.c:1543
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Eroare la scrierea datelor la soclul TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1513
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[2] ""
"Mesajul de dimensiunea %lu de octeți este prea mare pentru conexiunea DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1515
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(maxim este %u octeți)"
msgstr[2] "(maxim este %u de octeți)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
#, c-format
-msgid "Send flags are not supported"
-msgstr "Trimite fanioanele care nu sunt suportate"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Eroare la executarea închiderii TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Eroare la executarea închiderii TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Nu s-a putut încărca stocarea de încredere a sistemului: GnuTLS nu a fost "
"configurat cu o încredere de sistem"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Nu s-a putut încărca stocarea de încredere a sistemului: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Nu s-a putut umple lista de încredere de la %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Certificatul nu are nicio cheie privată"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nu s-a putut stabili lista de cifru TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nu s-a putut stabili protocolul MAX la %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Nu s-a putut crea contextul TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Autoritate de certificat TLS inacceptabilă"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Extras prea mare pentru cheia RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Renegocierea sigură este dezactivată"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Eroare la executarea handshake-ului TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Conexiunea este deteriorată"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Serverul nu a întors un certificat TLS valid"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Datele de legătură de canal tls-unique nu sunt disponibile"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Eroare la citirea datelor de la soclul TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Certificatul X.509 nu este disponibil pe conexiune"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Eroare la scrierea datelor la soclul TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Nu s-a putut genera rezumatul certificatului X.509"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Eroare la executarea închiderii TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "Conexiunea TLS nu suportă funcționalitatea TLS-Exporter"
+
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Eroare neașteptată în timpul exportării datelor de tastare"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Eroare la executarea închiderii TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nu s-au putut obține ancore de încredere de la lanțul de chei"
+
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Nu s-a putut obține depozitul rădăcină de certificate"
+
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Nu s-a putut obține depozitul de certificate CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Nu s-a putut crea spațiul de stocare CA"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Este o problemă la certificatul: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Este o problemă la cheia privată a certificatului: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr ""
+#~ "Celălalt capăt al conexiunii a solicitat ilegal reefectuarea handshake-"
+#~ "ului TLS"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Nu s-a putut încărca calea fișierului: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Operația ar bloca"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Serverul nu a întors un certificat TLS valid"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Eroare la citirea datelor de la soclul TLS: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Eroare la scrierea datelor la soclul TLS: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
-# Russian translation for glib-networking.
-# Copyright (C) 2011 glib-networking's COPYRIGHT HOLDER
-# This file is distributed under the same license as the glib-networking package.
-# Pavel Dmitriev <Kitchenknif@gmail.com>, 2011.
-# Yuri Myasoedov <omerta13@yandex.ru>, 2012.
-# Stas Solovey <whats_up@tut.by>, 2016, 2017, 2018.
+# translation of gtk+-master-po-ru-9735.merged.po to Russian
+# Russian translation of gtk+
+# Copyright (C) 1999-2009, 2010 Free Software Foundation, Inc.
+#
+#
+#
+# Sergey Panov <sipan@mit.edu>, 1999.
+# Valek Filippov <frob@df.ru>, 2000-2002.
+# Dmitry Mastrukov <dmitry@taurussoft.org>, 2002-2004.
+# Sun G11n <gnome_int_l10n@ireland.sun.com>, 2002.
+# Andrew W. Nosenko <awn@bcs.zp.ua>, 2003.
+# Leonid Kanter <leon@asplinux.ru>, 2004-2006.
+# Alexander Sigachov <alexander.sigachov@gmail.com>, 2006.
+# Vasiliy Faronov <qvvx@yandex.ru>, 2007.
+# Anton Shestakov <engored@ya.ru>, 2008.
+# Lebedev Roman <roman@lebedev.com>, 2009.
+# Yuri Kozlov <yuray@komyakino.ru>, 2010.
+# Yuri Myasoedov <omerta13@yandex.ru>, 2012, 2013.
+# Mihail Gurin <mikegurin@yandex.ru>, 2015.
+# Stas Solovey <whats_up@tut.by>, 2015, 2016.
#
msgid ""
msgstr ""
-"Project-Id-Version: glib-networking master\n"
+"Project-Id-Version: gtk+.master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-02-03 13:01+0000\n"
-"PO-Revision-Date: 2019-02-28 20:29+0300\n"
-"Last-Translator: Stas Solovey <whats_up@tut.by>\n"
+"POT-Creation-Date: 2021-12-20 15:37+0000\n"
+"PO-Revision-Date: 2021-12-21 19:37+0300\n"
+"Last-Translator: Aleksandr Melman <Alexmelman88@gmail.com>\n"
"Language-Team: Русский <gnome-cyr@gnome.org>\n"
"Language: ru\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Poedit 3.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Внутренняя ошибка распознавателя прокси."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Соединение закрыто"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Действие будет заблокировано"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Невозможно выполнить блокирующую операцию во время квитирования TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Превышено время ожидания ввода-вывода сокета"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Сервер требует сертификат TLS"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Квитирование не завершено, информация о привязке канала пока отсутствует"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Пир не поддерживает безопасное песогласование"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Недопустимый сертификат TLS"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Флаги приема не поддерживаются"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Флаги отправки не поддерживаются"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Не удалось обработать сертификат DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Не удалось обработать сертификат PER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Не удалось обработать личный ключ DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Не удалось обработать личный ключ PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Не удалось импортировать сертификат PKCS #11 URI: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Данные сертификата не предоставлены"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:537
-#: tls/openssl/gtlsserverconnection-openssl.c:401
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Не удалось создать соединение TLS: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Невозможно проверить идентификатор пира неожиданного типа %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:858
-#: tls/gnutls/gtlsconnection-gnutls.c:1468
-msgid "Socket I/O timed out"
-msgstr "Превышено время ожидания ввода-вывода сокета"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Не удалось создать TLS-соединение:"
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
-#: tls/gnutls/gtlsconnection-gnutls.c:1036
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Узлу не удалось квитировать выполнение связи TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Не удалось создать соединение TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/openssl/gtlsconnection-openssl.c:234
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Узел запросил недопустимое повторное квитирование связи TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Второй узел не смог осуществить квитирование TLS %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1042
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Соединение TLS неожиданно закрылось"
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:171
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Узел, с которым производится TLS-соединение, не предоставил сертификат"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
-#: tls/gnutls/gtlsconnection-gnutls.c:2160
-#: tls/openssl/gtlsconnection-openssl.c:416
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Недопустимый сертификат TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Узел отправил фатальное предупреждение TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1076
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Обнаружена атака основанная на понижении версии протокола"
-#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Слишком большое сообщение для соединения DTLS; максимум %u байт"
msgstr[1] "Слишком большое сообщение для соединения DTLS; максимум %u байта"
-msgstr[2] "Слишком большое сообщение для соединения DTLS; максимум %u байт"
+msgstr[2] "Слишком большое сообщение для соединения DTLS; максимум %u байтов"
-#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Превышено время ожидания операции"
-#: tls/gnutls/gtlsconnection-gnutls.c:1981
-msgid "Peer does not support safe renegotiation"
-msgstr "Пир не поддерживает безопасное песогласование"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Ошибка при выполнении квитирования TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2008
-#: tls/gnutls/gtlsconnection-gnutls.c:2058
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Ошибка выполнения квитирования связи TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2510
-#: tls/gnutls/gtlsconnection-gnutls.c:2602
-msgid "Error reading data from TLS socket"
-msgstr "Ошибка чтения данных из сокета TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr ""
+"Пустые данные привязки канала указывают на ошибку в реализации библиотеки TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Флаги приема не поддерживаются"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Тип привязки канала не реализован в библиотеке TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "Данные о привязке каналов пока отсутствуют"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Сертификат X.509 недоступен на соединении"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Сертификат X.509 недоступен или имеет неизвестный формат: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Невозможно получить алгоритм подписи сертификата"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Текущий сертификат X.509 использует неизвестный или неподдерживаемый "
+"алгоритм подписи"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Запрашиваемый тип привязки канала не реализован"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Ошибка чтения данных из сокета TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2709
-#: tls/gnutls/gtlsconnection-gnutls.c:2781
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
msgid "Error writing data to TLS socket"
msgstr "Ошибка записи данных в сокет TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Сообщение размером %lu байт слишком велико для соединения DTLS"
msgstr[1] "Сообщение размером %lu байта слишком велико для соединения DTLS"
-msgstr[2] "Сообщение размером %lu байт слишком велико для соединения DTLS"
+msgstr[2] "Сообщение размером %lu байтов слишком велико для соединения DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(максимум %u байт)"
msgstr[1] "(максимум %u байта)"
-msgstr[2] "(максимум %u байт)"
+msgstr[2] "(максимум %u байтов)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
#, c-format
-msgid "Send flags are not supported"
-msgstr "Флаги отправки не поддерживаются"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2915
-msgid "Error performing TLS close"
-msgstr "Ошибка закрытия TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Ошибка закрытия TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Не удалось загрузить хранилище системного доверия: GnuTLS не было настроено "
"с помощью системного доверия"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Не удалось загрузить хранилище системного доверия: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:328
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Не удалось заполнить список доверия из %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "У сертификата нет секретного ключа"
-#: tls/openssl/gtlsclientconnection-openssl.c:486
-#: tls/openssl/gtlsserverconnection-openssl.c:292
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Не удалось установить список шифров TLS: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Не удалось установить протокол MAX на %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Не удалось создать контекст TLS: %s"
-#: tls/openssl/gtlsconnection-openssl.c:179
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Неприемлемый центр сертификации TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Слишком большой дайджест для ключа RSA"
-#: tls/openssl/gtlsconnection-openssl.c:243
-#: tls/openssl/gtlsconnection-openssl.c:376
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Безопасное повторное согласование отключено"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Ошибка при выполнении квитирования TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Соединение разорвано"
-#: tls/openssl/gtlsconnection-openssl.c:386
-msgid "Server did not return a valid TLS certificate"
-msgstr "Сертификат TLS, возвращённый сервером, не является подлинным"
+#: tls/openssl/gtlsconnection-openssl.c:660
+#, c-format
+msgid "The request is invalid."
+msgstr "Запрос недействителен."
-#: tls/openssl/gtlsconnection-openssl.c:500
+#: tls/openssl/gtlsconnection-openssl.c:683
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Ð\9eÑ\88ибка Ñ\87Ñ\82ениÑ\8f даннÑ\8bÑ\85 из Ñ\81океÑ\82а TLS: %s"
+msgid "Channel binding data tls-unique is not available"
+msgstr "Ð\94аннÑ\8bе пÑ\80ивÑ\8fзки канала tls-unique недоÑ\81Ñ\82Ñ\83пнÑ\8b"
-#: tls/openssl/gtlsconnection-openssl.c:526
+#: tls/openssl/gtlsconnection-openssl.c:706
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Ð\9eÑ\88ибка запиÑ\81и даннÑ\8bÑ\85 в Ñ\81океÑ\82 TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "СеÑ\80Ñ\82иÑ\84икаÑ\82 X.509 недоÑ\81Ñ\82Ñ\83пен на Ñ\81оединении"
-#: tls/openssl/gtlsconnection-openssl.c:552
+#: tls/openssl/gtlsconnection-openssl.c:752
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Ð\9eÑ\88ибка закÑ\80Ñ\8bÑ\82иÑ\8f TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Ð\9dе Ñ\83далоÑ\81Ñ\8c Ñ\81генеÑ\80иÑ\80оваÑ\82Ñ\8c дайджеÑ\81Ñ\82 Ñ\81еÑ\80Ñ\82иÑ\84икаÑ\82а X.509"
-#: tls/openssl/gtlsserverconnection-openssl.c:335
+#: tls/openssl/gtlsconnection-openssl.c:783
#, c-format
-msgid "There is a problem with the certificate private key: %s"
-msgstr "Возникла проблема с приватным ключом сертификата: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-соединение не поддерживает функцию TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:344
+#: tls/openssl/gtlsconnection-openssl.c:786
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Ð\92озникла пÑ\80облема Ñ\81 Ñ\81еÑ\80Ñ\82иÑ\84икаÑ\82ом: %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Ð\9dеожиданнаÑ\8f оÑ\88ибка пÑ\80и Ñ\8dкÑ\81поÑ\80Ñ\82е даннÑ\8bÑ\85 о клÑ\8eÑ\87аÑ\85"
-#~ msgid ""
-#~ "This is the last chance to enter the PIN correctly before the token is "
-#~ "locked."
-#~ msgstr ""
-#~ "Это — последняя возможность ввести корректный PIN перед тем, как токен "
-#~ "будет заблокирован."
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Ошибка закрытия TLS"
-#~ msgid ""
-#~ "Several PIN attempts have been incorrect, and the token will be locked "
-#~ "after further failures."
-#~ msgstr ""
-#~ "PIN был несколько раз введён неправильно, токен будет заблокирован после "
-#~ "последующих неудачных попыток."
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Не удалось получить доверенные якоря из связки ключей"
-#~ msgid "The PIN entered is incorrect."
-#~ msgstr "Введён неверный PIN."
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Не удалось получить хранилище корневого сертификата"
-#~ msgid "Module"
-#~ msgstr "Модуль"
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Не удалось получить хранилище сертификата CA"
-#~ msgid "PKCS#11 Module Pointer"
-#~ msgstr "Указатель модуля PKCS#11"
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Не удалось создать хранилище CA"
-#~ msgid "Slot ID"
-#~ msgstr "ID слота"
+#: tls/openssl/gtlsserverconnection-openssl.c:184
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Возникла проблема с сертификатом: %s"
-#~ msgid "PKCS#11 Slot Identifier"
-#~ msgstr "Идентификатор слота PKCS#11"
+#: tls/openssl/gtlsserverconnection-openssl.c:193
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Возникла проблема с приватным ключом сертификата: %s"
-#~ msgid "Connection is already closed"
-#~ msgstr "Соединение было закрыто ранее"
# Copyright (C) 2012 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
# Richard Stanislavský <kenny.vv@gmail.com>, 2012.
+# Dušan Kazik <prescott66@gmail.com>, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2018-07-27 21:02+0000\n"
-"PO-Revision-Date: 2018-11-04 12:28+0100\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-10-05 08:47+0200\n"
"Last-Translator: Dušan Kazik <prescott66@gmail.com>\n"
"Language-Team: Slovak <gnome-sk-list@gnome.org>\n"
"Language: sk\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n==1) ? 1 : (n>=2 && n<=4) ? 2 : 0;\n"
-"X-Generator: Poedit 2.2\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 1 : (n>=2 && n<=4) ? 2 : 0\n"
+"X-Generator: Gtranslator 40.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Vnútorná chyba sprostredkovateľa."
-#: tls/gnutls/gtlscertificate-gnutls.c:182
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "Pripojenie je ukončené"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Nedá sa vykonať blokovanie operácie počas vzájomného spoznania s použitím TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Čas vstupno/výstupného soketu vypršal"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "Server požaduje certifikát pre TLS"
+
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Vzájomné spoznanie nie je dokončené, zatiaľ bez informácií o previazaní "
+"kanálov"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Partner nepodporuje bezpečné opätovné vyjednávanie"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Neprijateľný certifikát pre TLS"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Prijímanie značiek nie je podporované"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Odosielanie značiek nie je podporované"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Nepodarilo sa analyzovať certifikát v kodovaní DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:203
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Nepodarilo sa analyzovať certifikát v kodovaní PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní DER: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:265
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Nepodarilo sa analyzovať súkromný kľúč v kodovaní PEM: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:304
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Nepodarilo sa importovať URI certifikátu PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Nie sú dostupné údaje certifikátu"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:447
-msgid "Server required TLS certificate"
-msgstr "Server požaduje certifikát pre TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:398
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Nedá sa overiť identita partnera neočakávaného typu %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS connection:"
+msgstr "Nepodarilo sa vytvoriť pripojenie s použitím TLS:"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Nepodarilo sa vytvoriť pripojenie s použitím TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:711
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
-msgid "Connection is closed"
-msgstr "Pripojenie je ukončené"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:828
-#: tls/gnutls/gtlsconnection-gnutls.c:1432
-msgid "Socket I/O timed out"
-msgstr "Čas vstupno/výstupného soketu vypršal"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:973
-#: tls/gnutls/gtlsconnection-gnutls.c:1006
-msgid "Peer failed to perform TLS handshake"
-msgstr "Partner zlyhal pri vzájomnom spoznaní pomocou TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:991
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Partner žiadal nelegálne opätovné vzájomné spoznanie pomocou TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Partner zlyhal pri vzájomnom spoznaní pomocou TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1012
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "Pripojenie pomocou TLS bolo nečakane ukončené"
-#: tls/gnutls/gtlsconnection-gnutls.c:1022
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Partner neposlal certifikát pre pripojenie TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1028
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Partner odoslal závažnú výstrahu TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1040
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
-msgstr ""
+msgstr "Zistil sa útok pri prechode na staršiu verziu protokolu"
-#: tls/gnutls/gtlsconnection-gnutls.c:1047
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] ""
-"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajtov."
+"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajtov"
msgstr[1] ""
-"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajt."
+"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum je %u bajt"
msgstr[2] ""
-"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum sú %u bajty."
+"Správa je príliš veľká pre pripojenie s použitím DTLS. Maximum sú %u bajty"
-#: tls/gnutls/gtlsconnection-gnutls.c:1054
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Čas operácie vypršal"
-#: tls/gnutls/gtlsconnection-gnutls.c:1820
-msgid "Peer does not support safe renegotiation"
-msgstr ""
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Chyba vzájomného spoznania s použitím TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1847
-#: tls/gnutls/gtlsconnection-gnutls.c:1899
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Chyba vzájomného spoznania s použitím TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1909
-msgid "Server did not return a valid TLS certificate"
-msgstr "Server nevrátil platný certifikát pre TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Typ previazania kanálov nie je implementovaný v knižnici TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1991
-msgid "Unacceptable TLS certificate"
-msgstr "Neprijateľný certifikát pre TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "Údaje o previazaní kanálov zatiaľ nie sú dostupné"
-#: tls/gnutls/gtlsconnection-gnutls.c:2264
-#: tls/gnutls/gtlsconnection-gnutls.c:2356
-msgid "Error reading data from TLS socket"
-msgstr "Chyba pri čítaní údajov zo soketu s použitím TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Certifikát X.509 nie je dostupný v pripojení"
-#: tls/gnutls/gtlsconnection-gnutls.c:2386
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Prijímanie značiek nie je podporované"
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Certifikát X.509 nie je dostupný, alebo je v neznámom formáte: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+#| msgid "Unacceptable TLS certificate authority"
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Nie je možné prijať podpisový algoritmus certifikátu"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Aktuálny certifikát X.509 používa neznámy alebo nepodporovaný podpisový "
+"algoritmus"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Požadovaný typ previazania kanálov nie je implementovaný"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Chyba pri čítaní údajov zo soketu s použitím TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2463
-#: tls/gnutls/gtlsconnection-gnutls.c:2535
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Chyba pri zapisovaní údajov do soketu s použitím TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2505
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[2] ""
"Správa o veľkosti %lu bajty je príliš veľká pre pripojenie s použitím DTLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2507
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[1] "(maximum je %u bajt)"
msgstr[2] "(maximum sú %u bajty)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2566
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Odosielanie značiek nie je podporované"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2669
-msgid "Error performing TLS close"
-msgstr "Chyba pri uzatváraní spojenia s použitím TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Chyba pri uzatváraní spojenia s použitím TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Zlyhalo načítanie systémového dôveryhodného úložiska: GnuTLS nebolo "
"nakonfigurované so systémovou dôveryhodnosťou"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Zlyhalo načítanie systémového dôveryhodného úložiska: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Zlyhalo naplnenie dôveryhodného zoznamu z %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Certifikát nemá súkromný kľúč"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Toto je posledná možnosť na vloženie správneho kódu PIN predtým, ako bude "
-"token uzamknutý."
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+#| msgid "Could not create TLS context: %s"
+msgid "Could not set TLS cipher list: %s"
+msgstr "Nepodarilo sa nastaviť zoznam cifier použitím TLS: %s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr ""
-"Niekoľko pokusov zadať kód PIN bolo nesprávnych, po niekoľkých ďalších "
-"nesprávnych pokusoch bude token uzamknutý."
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+#| msgid "Could not set MAX protocol to %ld: %s"
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Nepodarilo sa nastaviť protokol MAX na %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Nepodarilo sa vytvoriť kontext s použitím TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Neprijateľná autorita certifikátu pre TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "Obsah je príliš veľký pre kľúč RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Zabezpečené opätovné vyjednávanie je zakázané"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: Pripojenie je poškodené"
+
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Údaje o previazaní kanálov tls-unique nie sú dostupné"
+
+#: tls/openssl/gtlsconnection-openssl.c:701
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Certifikát X.509 nie je dostupný v pripojení"
+
+#: tls/openssl/gtlsconnection-openssl.c:747
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Zlyhalo generovanie obsahu certifikátu X.509"
+
+#: tls/openssl/gtlsconnection-openssl.c:778
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "Pripojenie TLS nepodporuje funkciu TLS-Exporter"
+
+#: tls/openssl/gtlsconnection-openssl.c:781
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Neočakávaná chyba počas exportu údajov kľúčenky"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Chyba pri uzatváraní spojenia s použitím TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Nepodarilo sa získať dôveryhodné ukotvenia z kľúčenky"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Nepodarilo sa vytvoriť úložisko CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Vyskytol sa problém so súkromným kľúčom certifikátu: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Vyskytol sa problém s certifikátom: %s"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Zlyhalo načítanie cesty k súboru: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Partner žiadal nelegálne opätovné vzájomné spoznanie pomocou TLS"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Server nevrátil platný certifikát pre TLS"
+
+#~ msgid ""
+#~ "This is the last chance to enter the PIN correctly before the token is "
+#~ "locked."
+#~ msgstr ""
+#~ "Toto je posledná možnosť na vloženie správneho kódu PIN predtým, ako bude "
+#~ "token uzamknutý."
+
+#~ msgid ""
+#~ "Several PIN attempts have been incorrect, and the token will be locked "
+#~ "after further failures."
+#~ msgstr ""
+#~ "Niekoľko pokusov zadať kód PIN bolo nesprávnych, po niekoľkých ďalších "
+#~ "nesprávnych pokusoch bude token uzamknutý."
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "Vložený kód PIN je nesprávny."
+#~ msgid "The PIN entered is incorrect."
+#~ msgstr "Vložený kód PIN je nesprávny."
-#: tls/pkcs11/gpkcs11slot.c:447
-msgid "Module"
-msgstr "Modul"
+#~ msgid "Module"
+#~ msgstr "Modul"
-#: tls/pkcs11/gpkcs11slot.c:448
-msgid "PKCS#11 Module Pointer"
-msgstr "Ukazovateľ na modul štandardu PKCS č.11"
+#~ msgid "PKCS#11 Module Pointer"
+#~ msgstr "Ukazovateľ na modul štandardu PKCS č.11"
-#: tls/pkcs11/gpkcs11slot.c:455
-msgid "Slot ID"
-msgstr "Identifikátor slotu"
+#~ msgid "Slot ID"
+#~ msgstr "Identifikátor slotu"
-#: tls/pkcs11/gpkcs11slot.c:456
-msgid "PKCS#11 Slot Identifier"
-msgstr "Idntifikátor slotu štandardu PKCS č.11"
+#~ msgid "PKCS#11 Slot Identifier"
+#~ msgstr "Idntifikátor slotu štandardu PKCS č.11"
#~ msgid "Operation would block"
#~ msgstr "Operácia by blokovala"
# This file is distributed under the same license as the glib-networking package.
#
# Klemen Košir <klemen.kosir@gmx.com>, 2011.
-# Matej Urbančič <mateju@svn.gnome.org>, + 2017–2019.
+# Matej Urbančič <mateju@src.gnome.org>, + 2017–2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 16:15+0000\n"
-"PO-Revision-Date: 2019-03-02 21:04+0100\n"
-"Last-Translator: Matej Urbančič <mateju@svn.gnome.org>\n"
+"POT-Creation-Date: 2021-11-21 19:45+0000\n"
+"PO-Revision-Date: 2021-11-22 16:49+0100\n"
+"Last-Translator: Matej Urbančič <mateju@src.gnome.org>\n"
"Language-Team: Slovenian GNOME Translation Team <gnome-si@googlegroups.com>\n"
"Language: sl_SI\n"
"MIME-Version: 1.0\n"
"Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n"
"%100==4 ? 3 : 0);\n"
"X-Poedit-SourceCharset: utf-8\n"
-"X-Generator: Poedit 2.0.6\n"
+"X-Generator: Poedit 3.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Notranja napaka razreševalnika posredniškega strežnika."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Povezava je zaprta"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Opravilo bi zaustavilo delovanje"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Ni mogoče izvesti opravila med izvajanjem izmenjave signalov TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Vtič V/I naprave je časovno potekel"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
-msgstr "Strežnik zahteva potrdilo TLS."
+msgstr "Strežnik zahteva potrdilo TLS"
+
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Izmenjava podatkov še ni končana, zato ni še nobene informacije o vezavah "
+"kanalov."
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Soležnik ne omogoča varnega usklajevanja"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Nesprejemljivo potrdilo TLS"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Prejemanje zastavic ni podprto"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Pošiljanje zastavic ni podprto"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Potrdila DER ni mogoče razčleniti: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Potrdila PEM ni mogoče razčleniti: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Zasebnega ključa DER ni mogoče razčleniti: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Zasebnega ključa PEM ni mogoče razčleniti: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Ni mogoče uvoziti naslov URI potrdila PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Podatki potrdila niso podani"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Povezave TLS ni mogoče ustvariti: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Ni mogoče overiti istovetnosti predmeta nepričakovane vrste %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Ni mogoče izvesti opravila med izvajanjem izmenjave signalov TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Povezave TLS ni mogoče ustvariti:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Vtič V/I naprave je časovno potekel"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Soležniku ni uspelo izvesti izmenjave signalov TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Povezave TLS ni mogoče ustvariti: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Soležnik je zahteval nedovoljeno ponovno izmenjavo signalov TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Soležniku ni uspelo izvesti izmenjave signalov TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Povezava TLS je nepričakovano končana"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Povezani soležnik ni vrnil veljavnega potrdila TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Nesprejemljivo potrdilo TLS"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Soležnik vrača usodno opozorilo TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Zaznan je napad ponižanja različice protokola"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[3] ""
"Sporočilo je preveliko za povezavo DTLS; največja možna vrednost je %u bajti."
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Opravilo je časovno poteklo"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Soležnik ne omogoča varnega usklajevanja"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Napaka med izvajanjem izmenjave signalov TLS: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Napaka med izvajanjem izmenjave signalov TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Napaka med branjem podatkov iz vtiča TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Vrsta vezave kanalov ni vključena v knjižnico TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Prejemanje zastavic ni podprto"
+msgid "Channel binding data is not yet available"
+msgstr "Podatki o vezavah kanalov še niso na voljo"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Potrdilo X.509 na povezavi ni na voljo."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Potrdilo X.509 ni na voljo, ali pa je neznane oblike: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Ni mogoče pridobiti algoritma podpisa potrdila"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Trenutno potrdilo X.509 uporablja neznan ali nepodprt algoritem podpisa."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Zahtevana vrsta vezave kanala ni izvedena."
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Napaka med branjem podatkov iz vtiča TLS"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Napaka med zapisovanjem podatkov v vtič TLS"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[2] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS."
msgstr[3] "Sporočilo velikosti %lu bajtov je preveliko za povezavo DTLS."
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[2] "(največ %u bajta)"
msgstr[3] "(največ %u bajti)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Pošiljanje zastavic ni podprto"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Napaka med izvajanjem zapiranja TLS"
+msgid "Error performing TLS close: %s"
+msgstr "Napaka med izvajanjem zapiranja TLS: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Nalaganje varne sistemske shrambe je spodletelo: protokol GnuTLS ni ustrezno "
"nastavljen"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Nalaganje varne sistemske shrambe je spodletelo: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Nalaganje varnega seznama iz %s je spodletelo: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Potrdilo nima določenega zasebnega ključa"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Seznama šifrirnih kod TLS ni mogoče nastaviti: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Protokola MAX ni mogoče nastaviti na %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Povezave TLS ni mogoče ustvariti: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Nesprejemljiv pooblastitelj potrdila TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Povzetek je preobsežen za ključ RSA"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Varno ponovno povezovanje je onemogočeno"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Napaka med izvajanjem izmenjave signalov TLS: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: povezava je okvarjena."
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Strežnik ni vrnil veljavnega potrdila TLS"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Podatki o vezavah kanalov tls-unique niso na voljo."
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Napaka med branjem podatkov iz vtiča TLS: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Potrdilo X.509 na povezavi ni na voljo."
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Napaka med zapisovanjem podatkov v vtič TLS: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Ustvarjanje povzetka potrdila X.509 je spodletelo."
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Napaka med izvajanjem zapiranja TLS: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "Povezava TLS ne omogoča podpore zmožnostim TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Nepričakovana napaka pri izvozu podatkov o ključu"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Napaka med izvajanjem zapiranja TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Ni mogoče pridobiti zaupanja vrednih sidrišč programa Keychain"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Ni mogoče pridobiti shrambe korenskega potrdila"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Ni mogoče pridobiti shrambe potrdila CA"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Ni mogoče ustvariti shrambe CA"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Prišlo je do napake med uporabo potrdila: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Prišlo je do napake v zasebnem ključu potrdila: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Soležnik je zahteval nedovoljeno ponovno izmenjavo signalov TLS"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Nalaganje poti datoteke je spodletelo: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Opravilo bi zaustavilo delovanje"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Strežnik ni vrnil veljavnega potrdila TLS"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Napaka med branjem podatkov iz vtiča TLS: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Napaka med zapisovanjem podatkov v vtič TLS: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Serbian translation of glib-networking
-# Courtesy of Prevod.org team (http://prevod.org/) -- 2012â\80\942017.
+# Courtesy of Prevod.org team (http://prevod.org/) -- 2012â\80\932021.
# This file is distributed under the same license as the glib-networking package.
-# Ð\9cиÑ\80оÑ\81лав Ð\9dиколиÑ\9b <miroslavnikolic@rocketmail.com>, 2011â\80\942017.
+# Ð\9cиÑ\80оÑ\81лав Ð\9dиколиÑ\9b <miroslavnikolic@rocketmail.com>, 2011â\80\932021.
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
-"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
-"issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-02 22:37+0100\n"
-"Last-Translator: Марко М. Костић <marko.m.kostic@gmail.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-06-25 16:32+0000\n"
+"PO-Revision-Date: 2021-09-26 06:56+0200\n"
+"Last-Translator: Мирослав Николић <miroslavnikolic@rocketmail.com>\n"
"Language-Team: српски <gnome-sr@googlegroups.org>\n"
"Language: sr\n"
"MIME-Version: 1.0\n"
"Plural-Forms: nplurals=4; plural=n==1? 3 : n%10==1 && n%100!=11 ? 0 : n"
"%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
"X-Project-Style: gnome\n"
-"X-Generator: Poedit 2.2\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Унутрашња грешка решавача посредника."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Веза је затворена"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Поступак би блокирао"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Не могу да извршим блокирајућу радњу током ТЛС руковања"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Истекло време У/И утичнице"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "ТЛС уверење које захтева сервер"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Руковање није завршено, ниједан канал још увек не свезује информације"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "Парњак не подржава безбедно поновно преговарање"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:482
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:834
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Неприхватљиво ТЛС уверење"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Пријемне заставице нису подржане"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Отпремне заставице нису подржане"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Не могу да обрадим ДЕР уверење: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Не могу да обрадим ПЕМ уверење: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Не могу да обрадим приватни ДЕР кључ: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Не могу да обрадим приватни ПЕМ кључ: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Не могу да увезем путању уверења ПКЦС #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "Нису обезбеђени подаци уверења"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1033
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Не могу да потврдим идентитет парњака неочекиване врсте „%s“"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+#| msgid "Could not create TLS connection: %s"
+msgid "Could not create TLS connection:"
+msgstr "Не могу да направим ТЛС везу:"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:458
+#: tls/openssl/gtlsserverconnection-openssl.c:503
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Не могу да направим ТЛС везу: %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Не могу да извршим блокирајућу радњу током ТЛС руковања"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Истекло време У/И утичнице"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Парњак није успео да изврши ТЛС руковање"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Парњак је затражио илегално ТЛС поновно руковање"
+#: tls/gnutls/gtlsconnection-gnutls.c:426
+#: tls/gnutls/gtlsconnection-gnutls.c:437
+#: tls/gnutls/gtlsconnection-gnutls.c:451
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Парњак није успео да изврши ТЛС руковање: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:459
msgid "TLS connection closed unexpectedly"
msgstr "ТЛС веза је неочекивано затворена"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:474
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "Парњак ТЛС везе није послао уверење"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Неприхватљиво ТЛС уверење"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:490
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Парњак је послао кобно ТЛС упозорење: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:500
msgid "Protocol version downgrade attack detected"
msgstr "Уочен је напад уназађивања издања протокола"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:509
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[2] "Порука је предугачка за ДТЛС везу, највише је дозвољено %u бајтова"
msgstr[3] "Порука је предугачка за ДТЛС везу, највише је дозвољен један бајт"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:518
msgid "The operation timed out"
msgstr "Време извршавања радње је истекло"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Парњак не подржава безбедно поновно преговарање"
+#: tls/gnutls/gtlsconnection-gnutls.c:870
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Грешка у извршавању ТЛС руковања: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:973
+#: tls/openssl/gtlsconnection-openssl.c:618
msgid "Error performing TLS handshake"
msgstr "Грешка у извршавању ТЛС руковања"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Грешка приликом читања података са ТЛС прикључка"
+#: tls/gnutls/gtlsconnection-gnutls.c:1152
+#, c-format
+#| msgid ""
+#| "Channel binding type tls-unique is not implemented in the TLS library"
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Врста свезивања канала није примењена у ТЛС библиотеци"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1156
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Пријемне заставице нису подржане"
+#| msgid "Channel binding data for tls-unique is not yet available"
+msgid "Channel binding data is not yet available"
+msgstr "Свезивање података канала још није доступно"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1194
+#: tls/gnutls/gtlsconnection-gnutls.c:1206
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "„X.509“ уверење није доступно на вези"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "„X.509“ уверење није доступно на вези или је непознатог формата: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1230
+#: tls/openssl/gtlsconnection-openssl.c:709
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Не могу да набавим алгоритам потписа уверења"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1246
+#: tls/openssl/gtlsconnection-openssl.c:729
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Тренутно „X.509“ уверење користи непознат или неподржани алгоритам потписа"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1340
+#: tls/openssl/gtlsconnection-openssl.c:809
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Захтевана врста свезивања канала није примењена"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1361
+#: tls/gnutls/gtlsconnection-gnutls.c:1421
+#: tls/openssl/gtlsconnection-openssl.c:827
+#: tls/openssl/gtlsconnection-openssl.c:923
+msgid "Error reading data from TLS socket"
+msgstr "Грешка приликом читања података са ТЛС прикључка"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1443
+#: tls/gnutls/gtlsconnection-gnutls.c:1506
+#: tls/openssl/gtlsconnection-openssl.c:1002
msgid "Error writing data to TLS socket"
msgstr "Грешка приликом уписивања података у ТЛС прикључак"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1476
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[2] "Порука од %lu бајтова је предугачка за ДТЛС везу"
msgstr[3] "Порука од једног бајта је предугачка за ДТЛС везу"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1478
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[2] "(највише %u бајтова)"
msgstr[3] "(највише један бајт)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
#, c-format
-msgid "Send flags are not supported"
-msgstr "Отпремне заставице нису подржане"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Грешка у извршавању ТЛС затварања"
+msgid "Error performing TLS close: %s"
+msgstr "Грешка у извршавању ТЛС затварања: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Нисам успео да учитам системско складиште уверења: Гну-ТЛС није подешен са "
"системским уверењем"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Нисам успео да учитам системско складиште уверења: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Нисам успео да попуним списак уверења из %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
+#: tls/openssl/gtlsserverconnection-openssl.c:228
msgid "Certificate has no private key"
msgstr "Уверење нема приватни кључ"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:346
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Не могу да поставим списак ТЛС шифрера: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:372
+#, c-format
+#| msgid "Could not set MAX protocol to %ld: %s"
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Не могу да подесим МАКС протокол на %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:433
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Не могу да направим ТЛС контекст: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Неприхватљиво ТЛС сертификационо тело"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Збирка је превелика за РСА кључ"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Безбедно поновно преговарање је онемогућено"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Грешка у извршавању ТЛС руковања: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: веза је сломљена"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Сервер није вратио исправно ТЛС уверење"
+#: tls/openssl/gtlsconnection-openssl.c:678
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Подаци свезивања канала „tls-unique“ још није доступно"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:701
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Грешка приликом читања података са ТЛС прикључка: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "„X.509“ уверење није доступно на вези"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:747
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Ð\93Ñ\80еÑ\88ка пÑ\80иликом Ñ\83пиÑ\81иваÑ\9aа подаÑ\82ака Ñ\83 ТÐ\9bС пÑ\80икÑ\99Ñ\83Ñ\87ак: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да Ñ\81Ñ\82воÑ\80им â\80\9eX.509â\80\9c Ñ\83веÑ\80еÑ\9aе"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:778
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Ð\93Ñ\80еÑ\88ка Ñ\83 извÑ\80Ñ\88аваÑ\9aÑ\83 ТÐ\9bС заÑ\82ваÑ\80аÑ\9aа: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "ТÐ\9bС веза не подÑ\80жава Ñ\84Ñ\83нкÑ\86иÑ\98Ñ\83 ТÐ\9bС-Ð\98звозника"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:781
#, c-format
-msgid "There is a problem with the certificate: %s"
-msgstr "Постоји проблем са сертификатом: %s"
+msgid "Unexpected error while exporting keying data"
+msgstr "Неочекивана грешка приликом извоза података кључевања"
+
+#: tls/openssl/gtlsconnection-openssl.c:1063
+msgid "Error performing TLS close"
+msgstr "Грешка у извршавању ТЛС затварања"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Не могу да добавим поверљива сидра са ланца кључа"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "Не могу да направим складиште издавача уверења"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:179
+#: tls/openssl/gtlsserverconnection-openssl.c:247
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Постоји проблем са приватним кључем сертификата: %s"
+#: tls/openssl/gtlsserverconnection-openssl.c:188
+#: tls/openssl/gtlsserverconnection-openssl.c:239
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Постоји проблем са сертификатом: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Парњак је затражио илегално ТЛС поновно руковање"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Нисам успео да учитам датотеку из путање: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Поступак би блокирао"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Сервер није вратио исправно ТЛС уверење"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Грешка приликом читања података са ТЛС прикључка: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Грешка приликом уписивања података у ТЛС прикључак: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Swedish translation for glib-networking.
-# Copyright © 2011, 2014, 2017, 2018, 2019 Free Software Foundation, Inc.
+# Copyright © 2011-2021 Free Software Foundation, Inc.
# This file is distributed under the same license as the glib-networking package.
# Daniel Nylander <po@danielnylander.se>, 2011.
-# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2014, 2017, 2018, 2019.
+# Anders Jonsson <anders.jonsson@norsjovallen.se>, 2014, 2017, 2018, 2019, 2020, 2021.
+# Luna Jernberg <droidbittin@gmail.com>, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
"issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-02 17:14+0100\n"
+"POT-Creation-Date: 2021-11-19 15:02+0000\n"
+"PO-Revision-Date: 2021-11-19 22:56+0100\n"
"Last-Translator: Anders Jonsson <anders.jonsson@norsjovallen.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
"Language: sv\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 2.2.1\n"
+"X-Generator: Poedit 3.0\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Internt fel i proxyuppslag."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Anslutningen är stängd"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Operationen skulle blockera"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "Kan inte utföra blockerande åtgärd under TLS-handskakning"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Tidsgräns för in/ut på uttaget överskreds"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Servern krävde TLS-certifikat"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "Handskakningen är inte klar, ingen kanalbindningsinformation ännu"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Motparten stöder inte säker omförhandling"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Ej acceptabelt TLS-certifikat"
+
+#: tls/base/gtlsconnection-base.c:2155
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Mottagningsflaggor stöds inte"
+
+#: tls/base/gtlsconnection-base.c:2302
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Sändflaggor stöds inte"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Kunde inte tolka DER-certifikat: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Kunde inte tolka PEM-certifikat: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Kunde inte tolka privat DER-nyckel: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Kunde inte tolka privat PEM-nyckel: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Kunde inte importera URI för PKCS #11-certifikat: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Inga certifikatdata tillhandahölls"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "Kunde inte skapa TLS-anslutning: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Kan inte verifiera motpartsidentitet av oväntad typ %s"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "Kan inte utföra blockerande åtgärd under TLS-handskakning"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Kunde inte skapa TLS-anslutning:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "Tidsgräns för in/ut på uttaget överskreds"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Motparten misslyckades med att genomföra TLS-handskakning"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "Kunde inte skapa TLS-anslutning: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Motparten begärde otillåten TLS-återhandskakning"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Motparten misslyckades med att genomföra TLS-handskakning: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "TLS-anslutningen stängdes oväntat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS-anslutningens motpart sände inte ett certifikat"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Ej acceptabelt TLS-certifikat"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Motparten sände ödesdiger TLS-varning: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "Protokollversionsnedgraderingsattack upptäcktes"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "Meddelandet är för stort för DTLS-anslutning, max är %u byte"
msgstr[1] "Meddelandet är för stort för DTLS-anslutning, max är %u byte"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "Åtgärdens tidsgräns överskreds"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Motparten stöder inte säker omförhandling"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "Fel vid genomförande av TLS-handskakning: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "Fel vid genomförande av TLS-handskakning"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "Fel vid läsning av data från TLS-uttag"
+#: tls/gnutls/gtlsconnection-gnutls.c:1177
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanalbindningstypen är inte implementerad i TLS-biblioteket"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Mottagningsflaggor stöds inte"
+msgid "Channel binding data is not yet available"
+msgstr "Kanalbindningsdata är ännu inte tillgängliga"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1219
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509-certifikat är inte tillgängligt på anslutningen"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1244
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509-certifikat är inte tillgängligt eller av okänt format: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1255
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Kunde inte erhålla signaturalgoritm för certifikat"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1271
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Aktuellt X.509-certifikat använder en signaturalgoritm som är okänd eller "
+"inte stöds"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1365
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Begärd kanalbindningstyp är inte implementerad"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1386
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "Fel vid läsning av data från TLS-uttag"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/gnutls/gtlsconnection-gnutls.c:1531
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "Fel vid skrivning av data till TLS-uttag"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1501
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "Meddelande med storleken %lu byte är för stort för DTLS-anslutning"
msgstr[1] "Meddelande med storleken %lu byte är för stort för DTLS-anslutning"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1503
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(maximum är %u byte)"
msgstr[1] "(maximum är %u byte)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1550
#, c-format
-msgid "Send flags are not supported"
-msgstr "Sändflaggor stöds inte"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "Fel vid genomförande av TLS-stängning"
+msgid "Error performing TLS close: %s"
+msgstr "Fel vid genomförande av TLS-stängning: %s"
# osäker
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"inte med en system trust"
# osäker
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:288
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Misslyckades med att läsa in systemets trust store: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+# trust list är ett kommando
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Misslyckades med att fylla trust list från %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Certifikatet har ingen privat nyckel"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Kunde inte ställa in TLS-chifferlista: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Kunde inte ställa MAX-protokoll till %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "Kunde inte skapa TLS-kontext: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Ej acceptabel utfärdare av TLS-certifikat"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "Sammandrag för stort för RSA-nyckel"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Säker omförhandling är inaktiverad"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "Fel vid genomförande av TLS-handskakning: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Anslutningen är trasig"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Servern returnerade inte ett giltigt TLS-certifikat"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Kanalbindningsdata för tls-unique är inte tillgängliga"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Fel vid läsning av data från TLS-uttag: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509-certifikat är inte tillgängligt på anslutningen"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Fel vid skrivning av data till TLS-uttag: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Misslyckades med att generera X.509-certifikatsammandrag"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "Fel vid genomförande av TLS-stängning: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS-anslutningen stöder inte funktionen TLS-Exporter"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Oväntat fel vid export av nycklingsdata"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "Fel vid genomförande av TLS-stängning"
+
+#: tls/openssl/gtlsdatabase-openssl.c:200
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Kunde inte erhålla förtroendeankare från nyckelringen"
+
+#: tls/openssl/gtlsdatabase-openssl.c:265
+msgid "Could not get root certificate store"
+msgstr "Kunde inte erhålla rotcertifikatlagring"
+
+#: tls/openssl/gtlsdatabase-openssl.c:272
+msgid "Could not get CA certificate store"
+msgstr "Kunde inte erhålla CA-certifikatlagring"
+
+#: tls/openssl/gtlsdatabase-openssl.c:337
+msgid "Could not create CA store"
+msgstr "Kunde inte skapa CA-lagring"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Det har uppstått ett problem med certifikatet: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Det har uppstått ett problem med certifikatets privata nyckel: %s"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Misslyckades med att läsa in sökväg för fil: %s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Motparten begärde otillåten TLS-återhandskakning"
+
+#~ msgid "Operation would block"
+#~ msgstr "Operationen skulle blockera"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Servern returnerade inte ett giltigt TLS-certifikat"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "Fel vid läsning av data från TLS-uttag: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "Fel vid skrivning av data till TLS-uttag: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
# Ozan Çağlayan <ozancag@gmail.com>, 2013.
# Muhammet Kara <muhammetk@gmail.com>, 2011, 2012, 2013.
# Furkan Tokaç <developmentft@gmail.com>, 2017.
-# Emin Tufan Çetin <etcetin@gmail.com>, 2017-2019.
+# Emin Tufan Çetin <etcetin@gmail.com>, 2017-2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-03-02 02:19+0000\n"
-"PO-Revision-Date: 2019-03-02 09:36+0300\n"
+"POT-Creation-Date: 2021-12-10 10:16+0000\n"
+"PO-Revision-Date: 2021-12-17 17:54+0300\n"
"Last-Translator: Emin Tufan Çetin <etcetin@gmail.com>\n"
-"Language-Team: Türkçe <gnome-turk@gnome.org>\n"
+"Language-Team: Turkish <gnome-turk@gnome.org>\n"
"Language: tr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0\n"
-"X-Generator: Gtranslator 3.30.1\n"
+"X-Generator: Gtranslator 41.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Vekil çözücü iç hatası."
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "Bağlantı kapalı"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "Bloke eden işlem"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "TLS el sıkışması sırasında engelleme işlemi gerçekleştirilemez"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "G/Ç yuvası zaman aşımına uğradı"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:875
msgid "Server required TLS certificate"
msgstr "Sunucu, TLS sertifikası istedi"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "El sıkma tamamlanmadı, henüz kanal bağlama bilgisi yok"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr "Eş, güvenli yeniden anlaşmayı desteklemiyor"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Kabul edilemez bir TLS sertifikası"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Bayrak alma desteklenmiyor"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Bayrak gönderme desteklenmiyor"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "DER sertifikası ayrıştırılamadı: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "PEM sertifikası ayrıştırılamadı: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "DER özel anahtarı ayrıştırılamadı: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "PEM özel anahtarı ayrıştırılamadı: %s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "PKCS #11 sertifika URIʼsi içe aktarılamadı: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Sertifika verisi sağlanmadı"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:536
-#: tls/openssl/gtlsserverconnection-openssl.c:425
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
#, c-format
-msgid "Could not create TLS connection: %s"
-msgstr "TLS bağlantısı oluşturulamadı: %s"
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Beklenmedik %s türündeki eş kimliği doğrulamadı"
-#. Cannot perform a blocking operation during a handshake on the
-#. * same thread that triggered the handshake. The only way this can
-#. * occur is if the application is doing something weird in its
-#. * accept-certificate callback. Allowing a blocking op would stall
-#. * the handshake (forever, if there's no timeout). Even a close
-#. * op would deadlock here.
-#.
-#: tls/gnutls/gtlsconnection-gnutls.c:811
-#| msgid "Error performing TLS handshake"
-msgid "Cannot perform blocking operation during TLS handshake"
-msgstr "TLS el sıkışması sırasında engelleme işlemi gerçekleştirilemez"
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "TLS bağlantısı oluşturulamadı:"
-#: tls/gnutls/gtlsconnection-gnutls.c:874
-#: tls/gnutls/gtlsconnection-gnutls.c:1484
-msgid "Socket I/O timed out"
-msgstr "G/Ç yuvası zaman aşımına uğradı"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "Eş, TLS el sıkışmasını başaramadı"
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:523
+#: tls/openssl/gtlsserverconnection-openssl.c:456
+#, c-format
+msgid "Could not create TLS connection: %s"
+msgstr "TLS bağlantısı oluşturulamadı: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1037
-#: tls/openssl/gtlsconnection-openssl.c:238
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Eş, kural dışı bir TLS yeniden el sıkışması istedi"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Eş, TLS el sıkışmasını başaramadı: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "TLS bağlantısı beklenmedik biçimde sonlandı"
-#: tls/gnutls/gtlsconnection-gnutls.c:1068
-#: tls/openssl/gtlsconnection-openssl.c:175
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS bağlantısı eşi sertifika göndermedi"
-#: tls/gnutls/gtlsconnection-gnutls.c:1074
-#: tls/gnutls/gtlsconnection-gnutls.c:2176
-#: tls/openssl/gtlsconnection-openssl.c:420
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "Kabul edilemez bir TLS sertifikası"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1080
+#: tls/gnutls/gtlsconnection-gnutls.c:499
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "Eş, ölümcül TLS uyarısı gönderdi: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1092
+#: tls/gnutls/gtlsconnection-gnutls.c:509
msgid "Protocol version downgrade attack detected"
msgstr "İletişim kuralı sürümünü düşürme saldırısı saptandı"
-#: tls/gnutls/gtlsconnection-gnutls.c:1099
+#: tls/gnutls/gtlsconnection-gnutls.c:518
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "İleti, DTLS bağlantısı için çok büyük; azami %u bayt"
-#: tls/gnutls/gtlsconnection-gnutls.c:1106
+#: tls/gnutls/gtlsconnection-gnutls.c:527
msgid "The operation timed out"
msgstr "İşlem zaman aşımına uğradı"
-#: tls/gnutls/gtlsconnection-gnutls.c:1997
-msgid "Peer does not support safe renegotiation"
-msgstr "Eş, güvenli yeniden anlaşmayı desteklemiyor"
+#: tls/gnutls/gtlsconnection-gnutls.c:879
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "TLS el sıkışması sırasında hata: %s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2024
-#: tls/gnutls/gtlsconnection-gnutls.c:2074
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "TLS el sıkışması sırasında hata"
-#: tls/gnutls/gtlsconnection-gnutls.c:2526
-#: tls/gnutls/gtlsconnection-gnutls.c:2618
-msgid "Error reading data from TLS socket"
-msgstr "TLS yuvasından veri okurken hata"
+#: tls/gnutls/gtlsconnection-gnutls.c:1189
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Kanal bağlama türü TLS kütüphanesinde gerçeklenmedi"
-#: tls/gnutls/gtlsconnection-gnutls.c:2648
+#: tls/gnutls/gtlsconnection-gnutls.c:1193
#, c-format
-msgid "Receive flags are not supported"
-msgstr "Bayrak alma desteklenmiyor"
+msgid "Channel binding data is not yet available"
+msgstr "Kanal bağlama verisi henüz kullanılabilir değil"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1231
+#: tls/gnutls/gtlsconnection-gnutls.c:1243
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 sertifikası, bağlantıda kullanılabilir değil"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1256
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 sertifikası kullanılamıyor veya bilinmeyen biçimde: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1267
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Sertifika imza algoritması edinilemedi"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1283
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"Şu anki X.509 sertifikası bilinmeyen veya desteklenmeyen imza algoritması "
+"kullanıyor"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1377
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "İstenen kanal bağlama türü gerçeklenmedi"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1398
+#: tls/gnutls/gtlsconnection-gnutls.c:1458
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "TLS yuvasından veri okurken hata"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2725
-#: tls/gnutls/gtlsconnection-gnutls.c:2797
+#: tls/gnutls/gtlsconnection-gnutls.c:1480
+#: tls/gnutls/gtlsconnection-gnutls.c:1543
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "TLS yuvasına veri yazarken hata"
-#: tls/gnutls/gtlsconnection-gnutls.c:2767
+#: tls/gnutls/gtlsconnection-gnutls.c:1513
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "%lu bayt ileti boyutu DTLS bağlantısı için çok büyük"
-#: tls/gnutls/gtlsconnection-gnutls.c:2769
+#: tls/gnutls/gtlsconnection-gnutls.c:1515
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(azami %u bayt)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2828
+#: tls/gnutls/gtlsconnection-gnutls.c:1562
#, c-format
-msgid "Send flags are not supported"
-msgstr "Bayrak gönderme desteklenmiyor"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2931
-msgid "Error performing TLS close"
-msgstr "TLS kapatma işleminde hata"
+msgid "Error performing TLS close: %s"
+msgstr "TLS kapatma işleminde hata: %s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
"Sistem güven deposu yüklenemedi: GnuTLS, bir sistem güveniyle "
"yapılandırılmamış"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "Sistem güven deposu yüklenemedi: %s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:91
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "%s konumundan güven listesi doldurulamadı: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Sertifikanın özel anahtarı yok"
-#: tls/openssl/gtlsclientconnection-openssl.c:417
-#: tls/openssl/gtlsclientconnection-openssl.c:483
-#: tls/openssl/gtlsserverconnection-openssl.c:305
-#: tls/openssl/gtlsserverconnection-openssl.c:365
+#: tls/openssl/gtlsclientconnection-openssl.c:379
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "TLS şifreleyici listesi belirlenemedi: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:407
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "MAX iletişim kuralı %d olarak belirlenemedi: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:470
+#: tls/openssl/gtlsserverconnection-openssl.c:390
#, c-format
msgid "Could not create TLS context: %s"
msgstr "TLS bağlamı oluşturulamadı: %s"
-#: tls/openssl/gtlsconnection-openssl.c:183
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Kabul edilemez bir TLS sertifika otoritesi"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
msgid "Digest too big for RSA key"
msgstr "RSA anahtarı için çok büyük özet"
-#: tls/openssl/gtlsconnection-openssl.c:247
-#: tls/openssl/gtlsconnection-openssl.c:380
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Güvenli yeniden el sıkışma devre dışı"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
#, c-format
-msgid "Error performing TLS handshake: %s"
-msgstr "TLS el sıkışması sırasında hata: %s"
+msgid "%s: The connection is broken"
+msgstr "%s: Bağlantı kırık"
-#: tls/openssl/gtlsconnection-openssl.c:390
-msgid "Server did not return a valid TLS certificate"
-msgstr "Sunucu geçerli bir TLS sertifikası döndürmedi"
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "tls-unique kanal bağlama türü kullanılabilir değil"
-#: tls/openssl/gtlsconnection-openssl.c:504
+#: tls/openssl/gtlsconnection-openssl.c:697
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "TLS yuvasından veri okurken hata: %s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 Sertifikası, bağlantıda kullanılabilir değil"
-#: tls/openssl/gtlsconnection-openssl.c:530
+#: tls/openssl/gtlsconnection-openssl.c:743
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "TLS yuvasına veri yazarken hata: %s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "X.509 sertifika özeti oluşturulamadı"
-#: tls/openssl/gtlsconnection-openssl.c:556
+#: tls/openssl/gtlsconnection-openssl.c:774
#, c-format
-msgid "Error performing TLS close: %s"
-msgstr "TLS kapatma işleminde hata: %s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS Bağlantısı, TLS-Exporter özelliğini desteklemiyor"
-#: tls/openssl/gtlsserverconnection-openssl.c:102
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Anahtarlama verisi dışa aktarılırken beklenmedik hata"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "TLS kapatma işleminde hata"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Anahtarlıktan güven bağları alınamadı"
+
+#: tls/openssl/gtlsdatabase-openssl.c:232
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get root certificate store"
+msgstr "Kök sertifika deposu alınamadı"
+
+#: tls/openssl/gtlsdatabase-openssl.c:239
+#| msgid "Could not parse DER certificate: %s"
+msgid "Could not get CA certificate store"
+msgstr "CA sertifika deposu alınamadı"
+
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "CA deposu oluşturulamadı"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:184
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "Sertifikada sorun var: %s"
-#: tls/openssl/gtlsserverconnection-openssl.c:110
+#: tls/openssl/gtlsserverconnection-openssl.c:193
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "Sertifika özel anahtarında sorun var: %s"
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "Eş, kural dışı bir TLS yeniden el sıkışması istedi"
+
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Dosya yolu yüklenemedi: %s"
+
+#~ msgid "Operation would block"
+#~ msgstr "Bloke eden işlem"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "Sunucu geçerli bir TLS sertifikası döndürmedi"
+
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "TLS yuvasından veri okurken hata: %s"
+
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "TLS yuvasına veri yazarken hata: %s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
-# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
# Korostil Daniel <ted.korostiled@gmail.com>, 2011.
# Alexandr Toorchyn <ilex@mail.ua>, 2011.
+# Yuri Chornoivan <yurchor@ukr.net>, 2020, 2021.
msgid ""
msgstr ""
"Project-Id-Version: 1.0\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-12-11 14:49+0200\n"
-"PO-Revision-Date: 2011-12-11 14:59+0300\n"
-"Last-Translator: Korostil Daniel <ted.korostiled@gmail.com>\n"
-"Language-Team: translation@linux.org.ua\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
+"POT-Creation-Date: 2021-12-18 16:29+0000\n"
+"PO-Revision-Date: 2021-12-18 18:43+0200\n"
+"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
"Language: uk\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
-"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Virtaal 0.6.1\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"X-Generator: Lokalize 20.12.0\n"
"X-Project-Style: gnome\n"
-#: ../proxy/libproxy/glibproxyresolver.c:150
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "Внутрішня помилка розв'язника проксі."
-#: ../tls/gnutls/gtlscertificate-gnutls.c:173
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "З'єднання розірвано"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr ""
+"Не можна виконувати дію з блокування під час узгодження зв'язку за допомогою "
+"TLS"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "Перевищено час очікування на введення-виведення з гнізда"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "Сервер потребує сертифікат TLS"
+
+#: tls/base/gtlsconnection-base.c:1454
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr ""
+"Узгодження зв'язку не завершено, ми ще не маємо даних щодо прив'язки каналів"
+
+#: tls/base/gtlsconnection-base.c:1533
+msgid "Peer does not support safe renegotiation"
+msgstr ""
+"У налаштуваннях стороннього вузла не передбачено підтримки безпечного "
+"повторного узгодження"
+
+#: tls/base/gtlsconnection-base.c:1681 tls/gnutls/gtlsconnection-gnutls.c:491
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:839
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "Неприпустимий сертифікат TLS"
+
+#: tls/base/gtlsconnection-base.c:2153
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "Підтримки прапорців отримання не передбачено"
+
+#: tls/base/gtlsconnection-base.c:2300
+#, c-format
+msgid "Send flags are not supported"
+msgstr "Підтримки прапорців надсилання не передбачено"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:363
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "Неможливо проаналізувати сертифікат DER: %s "
-#: ../tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:384
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "Неможливо проаналізувати сертифікат PEM: %s "
-#: ../tls/gnutls/gtlscertificate-gnutls.c:225
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:404
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "Неможливо проаналізувати закритий ключ DER: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:256
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:424
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "Неможливо проаналізувати закритий ключ PEM: %s"
-#: ../tls/gnutls/gtlscertificate-gnutls.c:296
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "Не вдалося імпортувати адресу сертифіката PKCS #11: %s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:459
msgid "No certificate data provided"
msgstr "Не надано даних сертифіката"
-#: ../tls/gnutls/gtlsclientconnection-gnutls.c:349
-msgid "Server required TLS certificate"
-msgstr "Сервер потребує сертифікат TLS"
+#: tls/gnutls/gtlscertificate-gnutls.c:807
+#: tls/gnutls/gtlsconnection-gnutls.c:1058
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "Неможливо перевірити ідентичність вузла неочікуваного типу %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:204
+msgid "Could not create TLS connection:"
+msgstr "Неможливо створити з'єднання TLS:"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:202
+#: tls/gnutls/gtlsconnection-gnutls.c:214
+#: tls/gnutls/gtlsconnection-gnutls.c:234
+#: tls/openssl/gtlsclientconnection-openssl.c:512
+#: tls/openssl/gtlsserverconnection-openssl.c:456
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "Неможливо створити з'єднання TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:481
-msgid "Peer failed to perform TLS handshake"
-msgstr "Не вдалось виконати з'єднання TLS"
-
-#: ../tls/gnutls/gtlsconnection-gnutls.c:501
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "Ð\92Ñ\83зол поÑ\82Ñ\80ебÑ\83Ñ\94 нелегалÑ\8cного пеÑ\80ез'Ñ\94днаннÑ\8f TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:435
+#: tls/gnutls/gtlsconnection-gnutls.c:446
+#: tls/gnutls/gtlsconnection-gnutls.c:460
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f виконаÑ\82и Ñ\83згодженнÑ\8f зв'Ñ\8fзкÑ\83 за допомогоÑ\8e TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:519
+#: tls/gnutls/gtlsconnection-gnutls.c:468
msgid "TLS connection closed unexpectedly"
msgstr "Раптово закрито з'єднання TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:814
-#: ../tls/gnutls/gtlsconnection-gnutls.c:840
+#: tls/gnutls/gtlsconnection-gnutls.c:483
+#: tls/openssl/gtlsconnection-openssl.c:201
+msgid "TLS connection peer did not send a certificate"
+msgstr "Вузол з'єднання TLS не надіслав сертифіката"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:499
+#, c-format
+msgid "Peer sent fatal TLS alert: %s"
+msgstr "Вузлом надіслано попередження щодо критичної помилки TLS: %s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:509
+msgid "Protocol version downgrade attack detected"
+msgstr "Виявлено спробу атаки із використанням заниження версії протоколу"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:518
+#, c-format
+msgid "Message is too large for DTLS connection; maximum is %u byte"
+msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
+msgstr[0] ""
+"Повідомлення є надто великим для з'єднання DTLS; максимальний розмір — %u "
+"байт"
+msgstr[1] ""
+"Повідомлення є надто великим для з'єднання DTLS; максимальний розмір — %u "
+"байти"
+msgstr[2] ""
+"Повідомлення є надто великим для з'єднання DTLS; максимальний розмір — %u "
+"байтів"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:527
+msgid "The operation timed out"
+msgstr "Час очікування на завершення дії вичерпано"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:879
#, c-format
msgid "Error performing TLS handshake: %s"
-msgstr "Ð\9fомилка виконаннÑ\8f з'Ñ\94днаннÑ\8f TLS: %s"
+msgstr "Ð\9fомилка пÑ\96д Ñ\87аÑ\81 виконаннÑ\8f Ñ\83згодженнÑ\8f з'Ñ\94днаннÑ\8f за допомогоÑ\8e TLS: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:888
-msgid "Unacceptable TLS certificate"
-msgstr "Неприпустимий сертифікат TLS"
+#: tls/gnutls/gtlsconnection-gnutls.c:982
+#: tls/openssl/gtlsconnection-openssl.c:614
+msgid "Error performing TLS handshake"
+msgstr "Помилка під час виконання узгодження зв'язку за допомогою TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1181
+#, c-format
+#| msgid "Channel binding type is not implemented in the TLS library"
+msgid ""
+"Empty channel binding data indicates a bug in the TLS library implementation"
+msgstr "Порожні дані пов'язування каналу вказують на ваду у реалізації бібліотеки TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1199
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "Тип прив'язки каналу не реалізовано у бібліотеці TLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1203
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "Дані прив'язки каналів ще не доступні"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1241
+#: tls/gnutls/gtlsconnection-gnutls.c:1253
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "Немає доступу до сертифікат X.509 з'єднання"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1266
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "Сертифікат X.509 є недоступним або записаним у невідомому форматі: %s"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1025
+#: tls/gnutls/gtlsconnection-gnutls.c:1277
+#: tls/openssl/gtlsconnection-openssl.c:714
#, c-format
-msgid "Error reading data from TLS socket: %s"
-msgstr "Ð\9fомилка зÑ\87иÑ\82Ñ\83ваннÑ\8f даниÑ\85 з гнÑ\96зда TLS: %s"
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f оÑ\82Ñ\80имаÑ\82и алгоÑ\80иÑ\82м пÑ\96дпиÑ\81Ñ\83ваннÑ\8f Ñ\81еÑ\80Ñ\82иÑ\84Ñ\96каÑ\82а"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1051
+#: tls/gnutls/gtlsconnection-gnutls.c:1293
+#: tls/openssl/gtlsconnection-openssl.c:734
#, c-format
-msgid "Error writing data to TLS socket: %s"
-msgstr "Помилка запису даних у гніздо TLS: %s"
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr ""
+"У поточному сертифікаті X.509 використано невідомий або непідтримуваний "
+"алгоритм підписування"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1387
+#: tls/openssl/gtlsconnection-openssl.c:814
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "Запитаний тип прив'язки каналів не реалізовано"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1408
+#: tls/gnutls/gtlsconnection-gnutls.c:1468
+#: tls/openssl/gtlsconnection-openssl.c:832
+#: tls/openssl/gtlsconnection-openssl.c:928
+msgid "Error reading data from TLS socket"
+msgstr "Помилка зчитування даних з гнізда TLS"
+
+#. flags
+#: tls/gnutls/gtlsconnection-gnutls.c:1490
+#: tls/gnutls/gtlsconnection-gnutls.c:1553
+#: tls/openssl/gtlsconnection-openssl.c:1007
+msgid "Error writing data to TLS socket"
+msgstr "Помилка запису даних у гніздо TLS"
-#: ../tls/gnutls/gtlsconnection-gnutls.c:1097
+#: tls/gnutls/gtlsconnection-gnutls.c:1523
+#, c-format
+msgid "Message of size %lu byte is too large for DTLS connection"
+msgid_plural "Message of size %lu bytes is too large for DTLS connection"
+msgstr[0] "Повідомлення розміром %lu байт є надто великим для з'єднання DTLS"
+msgstr[1] "Повідомлення розміром %lu байти є надто великим для з'єднання DTLS"
+msgstr[2] "Повідомлення розміром %lu байтів є надто великим для з'єднання DTLS"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1525
+#, c-format
+msgid "(maximum is %u byte)"
+msgid_plural "(maximum is %u bytes)"
+msgstr[0] "(максимальним є значення у %u байт)"
+msgstr[1] "(максимальним є значення у %u байти)"
+msgstr[2] "(максимальним є значення у %u байтів)"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1572
#, c-format
msgid "Error performing TLS close: %s"
msgstr "Помилка закриття TLS: %s"
-#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103
+#: tls/gnutls/gtlsdatabase-gnutls.c:556
+msgid ""
+"Failed to load system trust store: GnuTLS was not configured with a system "
+"trust"
+msgstr ""
+"Не вдалося завантажити загальносистемне сховище довірених сертифікатів: "
+"GnuTLS не налаштовано із загально системною довірою"
+
+#: tls/gnutls/gtlsdatabase-gnutls.c:561 tls/openssl/gtlsdatabase-openssl.c:255
+#, c-format
+msgid "Failed to load system trust store: %s"
+msgstr ""
+"Не вдалося завантажити загальносистемне сховище довірених сертифікатів: %s"
+
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:456
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "Не вдалося заповнити список довіри на основі %s: %s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:172
msgid "Certificate has no private key"
msgstr "Сертифікат не має закритого ключа"
-#: ../tls/pkcs11/gpkcs11pin.c:108
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr ""
-"Це останній шанс, щоб ввести код PIN правильно, перш ніж розпізнавальний "
-"знак заблокується."
+#: tls/openssl/gtlsclientconnection-openssl.c:368
+#: tls/openssl/gtlsserverconnection-openssl.c:299
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "Не вдалося встановити список шифрувань TLS: %s"
-#: ../tls/pkcs11/gpkcs11pin.c:110
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
+#: tls/openssl/gtlsclientconnection-openssl.c:396
+#: tls/openssl/gtlsserverconnection-openssl.c:327
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "Не вдалося встановити для MAX протоколу значення %d: %s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:459
+#: tls/openssl/gtlsserverconnection-openssl.c:390
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "Не вдалося створити контекст TLS: %s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "Неприйнятна служба сертифікації TLS"
+
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "Контрольна сума є надто великою для ключа RSA"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "Безпечне повторне узгодження вимкнено"
+
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s: з'єднання є непрацездатним"
+
+#: tls/openssl/gtlsconnection-openssl.c:660
+#, c-format
+msgid "The request is invalid."
msgstr ""
-"Кілька спроб вводу коду PIN були неправильними, і розпізнавальний знак буде "
-"заблокований після подальших невдач."
+"Запит є некоректним."
+
+#: tls/openssl/gtlsconnection-openssl.c:683
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "Дані прив'язки каналів для tls-unique не доступні"
+
+#: tls/openssl/gtlsconnection-openssl.c:706
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "Немає доступу до сертифікат X.509 з'єднання"
+
+#: tls/openssl/gtlsconnection-openssl.c:752
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "Не вдалося створити контрольну суму сертифіката X.509"
+
+#: tls/openssl/gtlsconnection-openssl.c:783
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "У з'єднанні TLS не передбачено підтримки можливості TLS-Exporter"
+
+#: tls/openssl/gtlsconnection-openssl.c:786
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "Неочікувана помилка під час експортування пов'язаних із ключем даних"
+
+#: tls/openssl/gtlsconnection-openssl.c:1068
+msgid "Error performing TLS close"
+msgstr "Помилка закриття TLS"
+
+#: tls/openssl/gtlsdatabase-openssl.c:167
+msgid "Could not get trusted anchors from Keychain"
+msgstr "Не вдалося отримати довірених прив'язок від Keychain"
-#: ../tls/pkcs11/gpkcs11pin.c:112
-msgid "The PIN entered is incorrect."
-msgstr "Ð\9aод PIN Ñ\83ведено непÑ\80авилÑ\8cно."
+#: tls/openssl/gtlsdatabase-openssl.c:232
+msgid "Could not get root certificate store"
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f оÑ\82Ñ\80имаÑ\82и данÑ\96 зÑ\96 Ñ\81Ñ\85овиÑ\89а коÑ\80еневиÑ\85 Ñ\81еÑ\80Ñ\82иÑ\84Ñ\96каÑ\82Ñ\96в"
-#: ../tls/pkcs11/gpkcs11slot.c:446
-msgid "Module"
-msgstr "Ð\9cодÑ\83лÑ\8c"
+#: tls/openssl/gtlsdatabase-openssl.c:239
+msgid "Could not get CA certificate store"
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f оÑ\82Ñ\80имаÑ\82и данÑ\96 зÑ\96 Ñ\81Ñ\85овиÑ\89а Ñ\81еÑ\80Ñ\82иÑ\84Ñ\96каÑ\82Ñ\96в CA"
-#: ../tls/pkcs11/gpkcs11slot.c:447
-msgid "PKCS#11 Module Pointer"
-msgstr "Ð\9cодÑ\83лÑ\8c покажÑ\87ика PKCS#11"
+#: tls/openssl/gtlsdatabase-openssl.c:304
+msgid "Could not create CA store"
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f Ñ\81Ñ\82воÑ\80иÑ\82и Ñ\81Ñ\85овиÑ\89е CA"
-#: ../tls/pkcs11/gpkcs11slot.c:454
-msgid "Slot ID"
-msgstr "Ідентифікатор слоту"
+#: tls/openssl/gtlsserverconnection-openssl.c:184
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "Маємо проблему із сертифікатом: %s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:193
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "Маємо проблему із закритим ключем сертифіката: %s"
-#: ../tls/pkcs11/gpkcs11slot.c:455
-msgid "PKCS#11 Slot Identifier"
-msgstr "Ідентифікатор слоту PKCS#11"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "Не вдалося завантажити файл за шляхом: %s"
# Chinese (China) translation for glib-networking.
-# Copyright (C) 2011-2018 glib-networking's COPYRIGHT HOLDER
+# Copyright (C) 2011-2019 glib-networking's COPYRIGHT HOLDER
# This file is distributed under the same license as the glib-networking package.
# Funda Wang <fundawang@gmail.com>, 2011
# YunQiang Su <wzssyqa@gmail.com>, 2012.
# Mingcong Bai <jeffbai@aosc.xyz>, 2017.
-# Dingzhong Chen <wsxy162@@gmail.com>, 2018.
+# liushuyu <liushuyu011@gmail.com>, 2018.
+# Merrick Zhang <anphorea@gmail.com>, 2020.
+# Dingzhong Chen <wsxy162@gmail.com>, 2018-2021.
+# Zhou Nan <zhounan@nfschina.com>, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: glib-networking master\n"
-"Report-Msgid-Bugs-To: https://bugzilla.gnome.org/enter_bug.cgi?"
-"product=glib&keywords=I18N+L10N&component=network\n"
-"POT-Creation-Date: 2018-04-22 05:27+0000\n"
-"PO-Revision-Date: 2018-05-10 12:10-0500\n"
-"Last-Translator: Mingcong Bai <jeffbai@aosc.xyz>\n"
-"Language-Team: Chinese (China) <i18n-zh@googlegroups.com>\n"
+"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/"
+"issues\n"
+"POT-Creation-Date: 2021-07-15 17:24+0000\n"
+"PO-Revision-Date: 2021-08-02 16:06-0400\n"
+"Last-Translator: Boyuan Yang <073plan@gmail.com>\n"
+"Language-Team: Chinese - China <i18n-zh@googlegroups.com>\n"
"Language: zh_CN\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Poedit 2.0.6\n"
+"X-Generator: Poedit 3.0\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "代理服务器解析器内部错误。"
-#: tls/gnutls/gtlscertificate-gnutls.c:182
+#: tls/base/gtlsconnection-base.c:562 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
+msgid "Connection is closed"
+msgstr "连接被关闭"
+
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:636
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "无法在 TLS 握手期间执行阻塞操作"
+
+#: tls/base/gtlsconnection-base.c:701 tls/base/gtlsconnection-base.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:358
+msgid "Socket I/O timed out"
+msgstr "套接字 I/O 超时"
+
+#: tls/base/gtlsconnection-base.c:875
+msgid "Server required TLS certificate"
+msgstr "服务器需要 TLS 证书"
+
+#: tls/base/gtlsconnection-base.c:1451
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "通讯握手未完成,尚无信道绑定信息"
+
+#: tls/base/gtlsconnection-base.c:1530
+msgid "Peer does not support safe renegotiation"
+msgstr "对等端不支持安全再协商"
+
+#: tls/base/gtlsconnection-base.c:1678 tls/gnutls/gtlsconnection-gnutls.c:485
+#: tls/openssl/gtlsconnection-openssl.c:209
+#: tls/openssl/gtlsconnection-openssl.c:830
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "无法接受的 TLS 证书"
+
+#: tls/base/gtlsconnection-base.c:2152
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "不支持接收标志"
+
+#: tls/base/gtlsconnection-base.c:2299
+#, c-format
+msgid "Send flags are not supported"
+msgstr "不支持发送标志"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:361
+#: tls/openssl/gtlscertificate-openssl.c:362
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "无法分析 DER 证书:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:203
+#: tls/gnutls/gtlscertificate-gnutls.c:382
+#: tls/openssl/gtlscertificate-openssl.c:382
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "无法分析 PEM 证书:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:234
+#: tls/gnutls/gtlscertificate-gnutls.c:405
+#: tls/openssl/gtlscertificate-openssl.c:401
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "无法分析 DER 私钥:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:265
+#: tls/gnutls/gtlscertificate-gnutls.c:428
+#: tls/openssl/gtlscertificate-openssl.c:420
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "无法分析 PEM 私钥:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:304
+#: tls/gnutls/gtlscertificate-gnutls.c:455
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "无法导入 PKCS #11 证书 URI:%s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:497
+#: tls/openssl/gtlscertificate-openssl.c:455
msgid "No certificate data provided"
msgstr "没有提供证书数据"
-#: tls/gnutls/gtlsclientconnection-gnutls.c:421
-msgid "Server required TLS certificate"
-msgstr "服务器需要 TLS 证书"
+#: tls/gnutls/gtlscertificate-gnutls.c:806
+#: tls/gnutls/gtlsconnection-gnutls.c:1036
+#, c-format
+msgid "Cannot verify peer identity of unexpected type %s"
+msgstr "无法验证意外类型 %s 的对等体标识"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:198
+msgid "Could not create TLS connection:"
+msgstr "无法创建 TLS 连接:"
-#: tls/gnutls/gtlsconnection-gnutls.c:396
+#: tls/gnutls/gtlsconnection-gnutls.c:208
+#: tls/gnutls/gtlsconnection-gnutls.c:228
+#: tls/openssl/gtlsclientconnection-openssl.c:456
+#: tls/openssl/gtlsserverconnection-openssl.c:440
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "无法创建 TLS 连接:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:709
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
-msgid "Connection is closed"
-msgstr "连接被关闭"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:784
-#: tls/gnutls/gtlsconnection-gnutls.c:2201
-msgid "Operation would block"
-msgstr "操作被阻塞"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:825
-#: tls/gnutls/gtlsconnection-gnutls.c:1412
-msgid "Socket I/O timed out"
-msgstr "套接字 I/O 超时"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:964
-#: tls/gnutls/gtlsconnection-gnutls.c:997
-msgid "Peer failed to perform TLS handshake"
-msgstr "执行 TLS 握手失败"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:982
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "请求了无效的 TLS 再握手"
+#: tls/gnutls/gtlsconnection-gnutls.c:429
+#: tls/gnutls/gtlsconnection-gnutls.c:440
+#: tls/gnutls/gtlsconnection-gnutls.c:454
+#: tls/openssl/gtlsconnection-openssl.c:176
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "执行 TLS 握手失败:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
+#: tls/gnutls/gtlsconnection-gnutls.c:462
msgid "TLS connection closed unexpectedly"
msgstr "TLS 连接被异常关闭"
-#: tls/gnutls/gtlsconnection-gnutls.c:1013
+#: tls/gnutls/gtlsconnection-gnutls.c:477
+#: tls/openssl/gtlsconnection-openssl.c:201
msgid "TLS connection peer did not send a certificate"
msgstr "TLS 连接的对方未发送证书"
-#: tls/gnutls/gtlsconnection-gnutls.c:1019
+#: tls/gnutls/gtlsconnection-gnutls.c:493
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "对方发送了致命 TLS 警报:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1027
+#: tls/gnutls/gtlsconnection-gnutls.c:503
+msgid "Protocol version downgrade attack detected"
+msgstr "检测到协议降级攻击"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:512
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
-msgstr[0] "消息对于 DTLS 连接太长;最大为 %u 字节"
+msgstr[0] "消息对于 DTLS 连接来说太长;最大为 %u 字节"
-#: tls/gnutls/gtlsconnection-gnutls.c:1034
+#: tls/gnutls/gtlsconnection-gnutls.c:521
msgid "The operation timed out"
msgstr "操作超时"
-#: tls/gnutls/gtlsconnection-gnutls.c:1820
-#: tls/gnutls/gtlsconnection-gnutls.c:1871
+#: tls/gnutls/gtlsconnection-gnutls.c:873
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "执行 TLS 握手时出错:%s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:976
+#: tls/openssl/gtlsconnection-openssl.c:614
msgid "Error performing TLS handshake"
msgstr "执行 TLS 握手时出错"
-#: tls/gnutls/gtlsconnection-gnutls.c:1881
-msgid "Server did not return a valid TLS certificate"
-msgstr "服务器未返回有效的 TLS 证书"
+#: tls/gnutls/gtlsconnection-gnutls.c:1155
+#, c-format
+msgid "Channel binding type is not implemented in the TLS library"
+msgstr "信道绑定类型未在 TLS 库中实现"
-#: tls/gnutls/gtlsconnection-gnutls.c:1963
-msgid "Unacceptable TLS certificate"
-msgstr "无法接受的 TLS 证书"
+#: tls/gnutls/gtlsconnection-gnutls.c:1159
+#, c-format
+msgid "Channel binding data is not yet available"
+msgstr "信道绑定数据暂不可用"
-#: tls/gnutls/gtlsconnection-gnutls.c:2235
-#: tls/gnutls/gtlsconnection-gnutls.c:2327
-msgid "Error reading data from TLS socket"
-msgstr "从 TLS 套接字读取数据时出错"
+#: tls/gnutls/gtlsconnection-gnutls.c:1197
+#: tls/gnutls/gtlsconnection-gnutls.c:1209
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 证书在该连接上不可用"
-#: tls/gnutls/gtlsconnection-gnutls.c:2357
+#: tls/gnutls/gtlsconnection-gnutls.c:1222
#, c-format
-msgid "Receive flags are not supported"
-msgstr "不支持接收标志"
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 证书不可用,或格式未知:%s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1233
+#: tls/openssl/gtlsconnection-openssl.c:705
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "无法取得证书签名算法"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1249
+#: tls/openssl/gtlsconnection-openssl.c:725
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr "当前的 X.509 证书使用了未知或不支持的签名算法"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1343
+#: tls/openssl/gtlsconnection-openssl.c:805
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "所请求的信道绑定类型未实现"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1364
+#: tls/gnutls/gtlsconnection-gnutls.c:1424
+#: tls/openssl/gtlsconnection-openssl.c:823
+#: tls/openssl/gtlsconnection-openssl.c:919
+msgid "Error reading data from TLS socket"
+msgstr "从 TLS 套接字读取数据时出错"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2434
-#: tls/gnutls/gtlsconnection-gnutls.c:2506
+#: tls/gnutls/gtlsconnection-gnutls.c:1446
+#: tls/gnutls/gtlsconnection-gnutls.c:1509
+#: tls/openssl/gtlsconnection-openssl.c:998
msgid "Error writing data to TLS socket"
msgstr "向 TLS 套接字写入数据时出错"
-#: tls/gnutls/gtlsconnection-gnutls.c:2476
+#: tls/gnutls/gtlsconnection-gnutls.c:1479
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "%lu 字节大小的消息对于 DTLS 连接太大了"
-#: tls/gnutls/gtlsconnection-gnutls.c:2478
+#: tls/gnutls/gtlsconnection-gnutls.c:1481
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(最大为 %u 字节)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2537
+#: tls/gnutls/gtlsconnection-gnutls.c:1528
#, c-format
-msgid "Send flags are not supported"
-msgstr "不支持发送标志"
+msgid "Error performing TLS close: %s"
+msgstr "执行 TLS 关闭时出错:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2640
-msgid "Error performing TLS close"
-msgstr "执行 TLS 关闭时出错"
-
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:688
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr "无法载入系统信任存储:GnuTLS 未配置系统信任库"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:693 tls/openssl/gtlsdatabase-openssl.c:229
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "无法载入系统信任存储:%s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:113
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "无法从 %s 产生信任列表:%s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:171
msgid "Certificate has no private key"
msgstr "证书没有私钥"
-#: tls/pkcs11/gpkcs11pin.c:111
-msgid ""
-"This is the last chance to enter the PIN correctly before the token is "
-"locked."
-msgstr "这是最后一次输入正确 PIN 的机会,之后令牌会锁定。"
+#: tls/openssl/gtlsclientconnection-openssl.c:317
+#: tls/openssl/gtlsserverconnection-openssl.c:288
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "无法设置 TLS 密码列表:%s"
-#: tls/pkcs11/gpkcs11pin.c:113
-msgid ""
-"Several PIN attempts have been incorrect, and the token will be locked after "
-"further failures."
-msgstr "几次 PIN 尝试都不正确,如果再出错令牌将会锁定。"
+#: tls/openssl/gtlsclientconnection-openssl.c:343
+#: tls/openssl/gtlsserverconnection-openssl.c:314
+#, c-format
+msgid "Could not set MAX protocol to %d: %s"
+msgstr "无法将 MAX 协议设置为 %d:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:404
+#: tls/openssl/gtlsserverconnection-openssl.c:375
+#, c-format
+msgid "Could not create TLS context: %s"
+msgstr "无法创建 TLS 上下文:%s"
+
+#: tls/openssl/gtlsconnection-openssl.c:217
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "无法接受的 TLS 证书颁发机构"
-#: tls/pkcs11/gpkcs11pin.c:115
-msgid "The PIN entered is incorrect."
-msgstr "输入的 PIN 不正确。"
+#: tls/openssl/gtlsconnection-openssl.c:225
+msgid "Digest too big for RSA key"
+msgstr "摘要对于 RSA 密钥太大了"
-#: tls/pkcs11/gpkcs11slot.c:447
-msgid "Module"
-msgstr "模块"
+#: tls/openssl/gtlsconnection-openssl.c:234
+msgid "Secure renegotiation is disabled"
+msgstr "安全重协商已被禁用"
-#: tls/pkcs11/gpkcs11slot.c:448
-msgid "PKCS#11 Module Pointer"
-msgstr "PKCS#11 模块指针"
+#: tls/openssl/gtlsconnection-openssl.c:253
+#, c-format
+msgid "%s: The connection is broken"
+msgstr "%s:连接已中断"
+
+#: tls/openssl/gtlsconnection-openssl.c:674
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "类型为 tls-unique 的信道绑定数据暂不可用"
-#: tls/pkcs11/gpkcs11slot.c:455
-msgid "Slot ID"
-msgstr "槽 ID"
+#: tls/openssl/gtlsconnection-openssl.c:697
+#, c-format
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 证书在该连接上不可用"
-#: tls/pkcs11/gpkcs11slot.c:456
-msgid "PKCS#11 Slot Identifier"
-msgstr "PKCS#11 槽标识符"
+#: tls/openssl/gtlsconnection-openssl.c:743
+#, c-format
+msgid "Failed to generate X.509 certificate digest"
+msgstr "生成 X.509 证书摘要失败"
-#~ msgid "Connection is already closed"
-#~ msgstr "连接已经关闭"
+#: tls/openssl/gtlsconnection-openssl.c:774
+#, c-format
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS 连接不支持 TLS-Exporter 功能"
+
+#: tls/openssl/gtlsconnection-openssl.c:777
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "导出密钥数据时发生意外错误"
+
+#: tls/openssl/gtlsconnection-openssl.c:1059
+msgid "Error performing TLS close"
+msgstr "执行 TLS 关闭时出错"
+
+#: tls/openssl/gtlsdatabase-openssl.c:197
+msgid "Could not get trusted anchors from Keychain"
+msgstr "不能从密钥环中得到可信的锚"
+
+#: tls/openssl/gtlsdatabase-openssl.c:269
+msgid "Could not create CA store"
+msgstr "无法创建 CA 存储"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:182
+#, c-format
+msgid "There is a problem with the certificate: %s"
+msgstr "证书存在问题:%s"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:190
+#, c-format
+msgid "There is a problem with the certificate private key: %s"
+msgstr "证书私钥存在问题:%s"
msgstr ""
"Project-Id-Version: glib-networking 2.31.6\n"
"Report-Msgid-Bugs-To: https://gitlab.gnome.org/GNOME/glib-networking/issues\n"
-"POT-Creation-Date: 2019-02-03 13:01+0000\n"
-"PO-Revision-Date: 2019-02-17 23:32+0800\n"
-"Last-Translator: pan93412 <pan93412@gmail.com>\n"
-"Language-Team: Chinese <zh-l10n@linux.org.tw>\n"
+"POT-Creation-Date: 2020-12-04 17:58+0000\n"
+"PO-Revision-Date: 2021-04-25 10:53+0000\n"
+"Last-Translator: Chao-Hsiung Liao <j_h_liau@yahoo.com.tw>\n"
+"Language-Team: Chinese (Traditional) <http://darkbear.ddns.net/projects/"
+"gnome-40/glib-networking-master-zh_tw/zh_Hant/>\n"
"Language: zh_TW\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 18.12.2\n"
"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Weblate 4.6\n"
-#: proxy/libproxy/glibproxyresolver.c:159
+#: proxy/libproxy/glibproxyresolver.c:164
msgid "Proxy resolver internal error."
msgstr "代理伺服器解析器內部錯誤。"
-#: tls/base/gtlsconnection-base.c:282 tls/base/gtlsinputstream-base.c:74
-#: tls/base/gtlsoutputstream-base.c:74 tls/gnutls/gtlsconnection-gnutls.c:740
-#: tls/gnutls/gtlsinputstream-gnutls.c:78
-#: tls/gnutls/gtlsinputstream-gnutls.c:141
-#: tls/gnutls/gtlsoutputstream-gnutls.c:78
-#: tls/gnutls/gtlsoutputstream-gnutls.c:143
+#: tls/base/gtlsconnection-base.c:544 tls/base/gtlsinputstream.c:78
+#: tls/base/gtlsinputstream.c:141 tls/base/gtlsoutputstream.c:78
+#: tls/base/gtlsoutputstream.c:143
msgid "Connection is closed"
msgstr "連線已關閉"
-#: tls/base/gtlsconnection-base.c:355 tls/base/gtlsconnection-base.c:1015
-msgid "Operation would block"
-msgstr "操作會阻擋"
+#. Cannot perform a blocking operation during a handshake on the
+#. * same thread that triggered the handshake. The only way this can
+#. * occur is if the application is doing something weird in its
+#. * accept-certificate callback. Allowing a blocking op would stall
+#. * the handshake (forever, if there's no timeout). Even a close
+#. * op would deadlock here.
+#.
+#: tls/base/gtlsconnection-base.c:618
+msgid "Cannot perform blocking operation during TLS handshake"
+msgstr "無法在 TLS 交握期間執行封鎖動作"
+
+#: tls/base/gtlsconnection-base.c:683 tls/base/gtlsconnection-base.c:1225
+msgid "Socket I/O timed out"
+msgstr "I/O 接口逾時"
-#: tls/base/gtlsconnection-base.c:809
-#: tls/gnutls/gtlsclientconnection-gnutls.c:454
+#: tls/base/gtlsconnection-base.c:851
msgid "Server required TLS certificate"
msgstr "伺服器要求的 TLS 憑證"
-#: tls/gnutls/gtlscertificate-gnutls.c:178
-#: tls/openssl/gtlscertificate-openssl.c:177
+#: tls/base/gtlsconnection-base.c:1425
+#, c-format
+msgid "Handshake is not finished, no channel binding information yet"
+msgstr "交握尚未完成,尚無頻道綁定資訊"
+
+#: tls/base/gtlsconnection-base.c:1484
+msgid "Peer does not support safe renegotiation"
+msgstr "目標主機不支援 safe renegotiation"
+
+#: tls/base/gtlsconnection-base.c:1628 tls/gnutls/gtlsconnection-gnutls.c:428
+#: tls/openssl/gtlsconnection-openssl.c:189
+#: tls/openssl/gtlsconnection-openssl.c:648
+#, c-format
+msgid "Unacceptable TLS certificate"
+msgstr "不接受的 TLS 憑證"
+
+#: tls/base/gtlsconnection-base.c:2093
+#, c-format
+msgid "Receive flags are not supported"
+msgstr "接收旗標不被支援"
+
+#: tls/base/gtlsconnection-base.c:2245
+#, c-format
+msgid "Send flags are not supported"
+msgstr "傳送旗標不被支援"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:194
+#: tls/openssl/gtlscertificate-openssl.c:170
#, c-format
msgid "Could not parse DER certificate: %s"
msgstr "無法解析 DER 編碼的憑證:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:199
-#: tls/openssl/gtlscertificate-openssl.c:197
+#: tls/gnutls/gtlscertificate-gnutls.c:215
+#: tls/openssl/gtlscertificate-openssl.c:190
#, c-format
msgid "Could not parse PEM certificate: %s"
msgstr "無法解析 PEM 編碼的憑證:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:230
-#: tls/openssl/gtlscertificate-openssl.c:216
+#: tls/gnutls/gtlscertificate-gnutls.c:238
+#: tls/openssl/gtlscertificate-openssl.c:209
#, c-format
msgid "Could not parse DER private key: %s"
msgstr "無法解析 DER 編碼的私鑰:%s"
#: tls/gnutls/gtlscertificate-gnutls.c:261
-#: tls/openssl/gtlscertificate-openssl.c:235
+#: tls/openssl/gtlscertificate-openssl.c:228
#, c-format
msgid "Could not parse PEM private key: %s"
msgstr "無法解析 PEM 編碼的私鑰:%s"
-#: tls/gnutls/gtlscertificate-gnutls.c:297
-#: tls/openssl/gtlscertificate-openssl.c:273
+#: tls/gnutls/gtlscertificate-gnutls.c:288
+#, c-format
+msgid "Could not import PKCS #11 certificate URI: %s"
+msgstr "無法匯入 PKCS #11 憑證 URI:%s"
+
+#: tls/gnutls/gtlscertificate-gnutls.c:330
+#: tls/openssl/gtlscertificate-openssl.c:263
msgid "No certificate data provided"
msgstr "沒有提供憑證資料"
-#: tls/gnutls/gtlsconnection-gnutls.c:405
-#: tls/openssl/gtlsclientconnection-openssl.c:537
-#: tls/openssl/gtlsserverconnection-openssl.c:401
+#: tls/gnutls/gtlsconnection-gnutls.c:143
+#: tls/gnutls/gtlsconnection-gnutls.c:161
+#: tls/openssl/gtlsclientconnection-openssl.c:428
+#: tls/openssl/gtlsserverconnection-openssl.c:480
#, c-format
msgid "Could not create TLS connection: %s"
msgstr "無法建立 TLS 連線:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:858
-#: tls/gnutls/gtlsconnection-gnutls.c:1468
-msgid "Socket I/O timed out"
-msgstr "I/O 接口逾時"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1003
-#: tls/gnutls/gtlsconnection-gnutls.c:1036
-#: tls/openssl/gtlsconnection-openssl.c:150
-msgid "Peer failed to perform TLS handshake"
-msgstr "目標主機執行 TLS 交握時失敗"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1021
-#: tls/openssl/gtlsconnection-openssl.c:234
-msgid "Peer requested illegal TLS rehandshake"
-msgstr "目標主機要求了不合法的 TLS 重新交握"
+#: tls/gnutls/gtlsconnection-gnutls.c:372
+#: tls/gnutls/gtlsconnection-gnutls.c:383
+#: tls/gnutls/gtlsconnection-gnutls.c:397
+#: tls/openssl/gtlsconnection-openssl.c:156
+#, c-format
+msgid "Peer failed to perform TLS handshake: %s"
+msgstr "目標主機執行 TLS 交握時失敗:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1042
+#: tls/gnutls/gtlsconnection-gnutls.c:405
msgid "TLS connection closed unexpectedly"
msgstr "TLS 連線無預警的關閉了"
-#: tls/gnutls/gtlsconnection-gnutls.c:1052
-#: tls/openssl/gtlsconnection-openssl.c:171
+#: tls/gnutls/gtlsconnection-gnutls.c:420
+#: tls/openssl/gtlsconnection-openssl.c:181
msgid "TLS connection peer did not send a certificate"
msgstr "TLS 連線目標主機沒有傳回憑證"
-#: tls/gnutls/gtlsconnection-gnutls.c:1058
-#: tls/gnutls/gtlsconnection-gnutls.c:2160
-#: tls/openssl/gtlsconnection-openssl.c:416
-#, c-format
-msgid "Unacceptable TLS certificate"
-msgstr "不接受的 TLS 憑證"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:1064
+#: tls/gnutls/gtlsconnection-gnutls.c:436
#, c-format
msgid "Peer sent fatal TLS alert: %s"
msgstr "目標主機送出了重大 TLS 警告:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:1076
+#: tls/gnutls/gtlsconnection-gnutls.c:446
msgid "Protocol version downgrade attack detected"
msgstr "偵測到協定版本降級攻擊"
-#: tls/gnutls/gtlsconnection-gnutls.c:1083
+#: tls/gnutls/gtlsconnection-gnutls.c:455
#, c-format
msgid "Message is too large for DTLS connection; maximum is %u byte"
msgid_plural "Message is too large for DTLS connection; maximum is %u bytes"
msgstr[0] "對於 DTLS 來說,訊息太大;最大值為 %u 位元組"
-#: tls/gnutls/gtlsconnection-gnutls.c:1090
+#: tls/gnutls/gtlsconnection-gnutls.c:464
msgid "The operation timed out"
msgstr "動作逾時"
-#: tls/gnutls/gtlsconnection-gnutls.c:1981
-msgid "Peer does not support safe renegotiation"
-msgstr "目標主機不支援 safe renegotiation"
+#: tls/gnutls/gtlsconnection-gnutls.c:796
+#, c-format
+msgid "Error performing TLS handshake: %s"
+msgstr "執行 TLS 交握時發生錯誤:%s"
-#: tls/gnutls/gtlsconnection-gnutls.c:2008
-#: tls/gnutls/gtlsconnection-gnutls.c:2058
+#: tls/gnutls/gtlsconnection-gnutls.c:899
+#: tls/openssl/gtlsconnection-openssl.c:427
+#: tls/openssl/gtlsconnection-openssl.c:641
msgid "Error performing TLS handshake"
msgstr "執行 TLS 交握時發生錯誤"
-#: tls/gnutls/gtlsconnection-gnutls.c:2510
-#: tls/gnutls/gtlsconnection-gnutls.c:2602
-msgid "Error reading data from TLS socket"
-msgstr "從 TLS socket 讀取資料時發生錯誤"
+#: tls/gnutls/gtlsconnection-gnutls.c:957
+#, c-format
+msgid "Channel binding type tls-unique is not implemented in the TLS library"
+msgstr "類型為 tls-unique 的頻道綁定未在 TLS 程式庫中實作"
-#: tls/gnutls/gtlsconnection-gnutls.c:2632
+#: tls/gnutls/gtlsconnection-gnutls.c:961
#, c-format
-msgid "Receive flags are not supported"
-msgstr "接收旗標不被支援"
+msgid "Channel binding data for tls-unique is not yet available"
+msgstr "tls-unique 的頻道綁定資料暫不可用"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:988
+#: tls/gnutls/gtlsconnection-gnutls.c:1000
+#, c-format
+msgid "X.509 certificate is not available on the connection"
+msgstr "X.509 憑證在該連線上不可用"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1013
+#, c-format
+msgid "X.509 certificate is not available or is of unknown format: %s"
+msgstr "X.509 憑證不可用或格式未知:%s"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1024
+#: tls/openssl/gtlsconnection-openssl.c:520
+#, c-format
+msgid "Unable to obtain certificate signature algorithm"
+msgstr "無法取得憑證簽章演算法"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1040
+#: tls/openssl/gtlsconnection-openssl.c:540
+#, c-format
+msgid ""
+"Current X.509 certificate uses unknown or unsupported signature algorithm"
+msgstr "目前的 X.509 憑證使用未知或不支援的簽章演算法"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1126
+#: tls/openssl/gtlsconnection-openssl.c:620
+#, c-format
+msgid "Requested channel binding type is not implemented"
+msgstr "要求的頻道綁定類型未實作"
+
+#: tls/gnutls/gtlsconnection-gnutls.c:1147
+#: tls/gnutls/gtlsconnection-gnutls.c:1207
+#: tls/openssl/gtlsconnection-openssl.c:752
+msgid "Error reading data from TLS socket"
+msgstr "從 TLS socket 讀取資料時發生錯誤"
#. flags
-#: tls/gnutls/gtlsconnection-gnutls.c:2709
-#: tls/gnutls/gtlsconnection-gnutls.c:2781
+#: tls/gnutls/gtlsconnection-gnutls.c:1229
+#: tls/gnutls/gtlsconnection-gnutls.c:1292
+#: tls/openssl/gtlsconnection-openssl.c:796
msgid "Error writing data to TLS socket"
msgstr "寫入資料到 TLS socket 時發生錯誤"
-#: tls/gnutls/gtlsconnection-gnutls.c:2751
+#: tls/gnutls/gtlsconnection-gnutls.c:1262
#, c-format
msgid "Message of size %lu byte is too large for DTLS connection"
msgid_plural "Message of size %lu bytes is too large for DTLS connection"
msgstr[0] "訊息大小 %lu 位元組對於 DTLS 連線來說太大"
-#: tls/gnutls/gtlsconnection-gnutls.c:2753
+#: tls/gnutls/gtlsconnection-gnutls.c:1264
#, c-format
msgid "(maximum is %u byte)"
msgid_plural "(maximum is %u bytes)"
msgstr[0] "(最大值為 %u 位元組)"
-#: tls/gnutls/gtlsconnection-gnutls.c:2812
+#: tls/gnutls/gtlsconnection-gnutls.c:1311
#, c-format
-msgid "Send flags are not supported"
-msgstr "傳送旗標不被支援"
-
-#: tls/gnutls/gtlsconnection-gnutls.c:2915
-msgid "Error performing TLS close"
-msgstr "執行 TLS 關閉時發生錯誤"
+msgid "Error performing TLS close: %s"
+msgstr "執行 TLS 關閉時發生錯誤:%s"
-#: tls/gnutls/gtlsdatabase-gnutls.c:553
+#: tls/gnutls/gtlsdatabase-gnutls.c:575
msgid ""
"Failed to load system trust store: GnuTLS was not configured with a system "
"trust"
msgstr "載入系統信任儲存區失敗:GnuTLS 沒透過系統信任設定"
-#: tls/gnutls/gtlsdatabase-gnutls.c:558
+#: tls/gnutls/gtlsdatabase-gnutls.c:580 tls/openssl/gtlsdatabase-openssl.c:187
#, c-format
msgid "Failed to load system trust store: %s"
msgstr "載入系統信任儲存區失敗:%s"
-#: tls/gnutls/gtlsserverconnection-gnutls.c:137
-#: tls/openssl/gtlsserverconnection-openssl.c:328
+#: tls/gnutls/gtlsfiledatabase-gnutls.c:153
+#: tls/openssl/gtlsfiledatabase-openssl.c:454
+#, c-format
+msgid "Failed to populate trust list from %s: %s"
+msgstr "無法從 %s 住居信任名單 :%s"
+
+#: tls/gnutls/gtlsserverconnection-gnutls.c:124
+#: tls/openssl/gtlsserverconnection-openssl.c:170
+#: tls/openssl/gtlsserverconnection-openssl.c:226
msgid "Certificate has no private key"
msgstr "憑證沒有私鑰"
-#: tls/openssl/gtlsclientconnection-openssl.c:486
-#: tls/openssl/gtlsserverconnection-openssl.c:292
+#: tls/openssl/gtlsclientconnection-openssl.c:308
+#: tls/openssl/gtlsserverconnection-openssl.c:344
+#, c-format
+msgid "Could not set TLS cipher list: %s"
+msgstr "無法設定 TLS 密碼列表:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:324
+#: tls/openssl/gtlsserverconnection-openssl.c:360
+#, c-format
+msgid "Could not set MAX protocol to %ld: %s"
+msgstr "無法設定 MAX 協定為 %ld:%s"
+
+#: tls/openssl/gtlsclientconnection-openssl.c:377
+#: tls/openssl/gtlsserverconnection-openssl.c:413
#, c-format
-#| msgid "Could not create TLS connection: %s"
msgid "Could not create TLS context: %s"
msgstr "無法建立 TLS 上下文:%s"
-#: tls/openssl/gtlsconnection-openssl.c:179
+#: tls/openssl/gtlsconnection-openssl.c:197
+#, c-format
+msgid "Unacceptable TLS certificate authority"
+msgstr "無法接受的 TLS 憑證授權"
+
+#: tls/openssl/gtlsconnection-openssl.c:205
msgid "Digest too big for RSA key"
msgstr "RSA 金鑰的摘要過長"
-#: tls/openssl/gtlsconnection-openssl.c:243
-#: tls/openssl/gtlsconnection-openssl.c:376
+#: tls/openssl/gtlsconnection-openssl.c:213
+msgid "Secure renegotiation is disabled"
+msgstr "安全重新協調已停用"
+
+#: tls/openssl/gtlsconnection-openssl.c:234
#, c-format
-#| msgid "Error performing TLS handshake"
-msgid "Error performing TLS handshake: %s"
-msgstr "執行 TLS 交握時發生錯誤:%s"
+msgid "%s: The connection is broken"
+msgstr "%s:連線已損壞"
-#: tls/openssl/gtlsconnection-openssl.c:386
-msgid "Server did not return a valid TLS certificate"
-msgstr "伺服器沒有回傳有效的 TLS 憑證"
+#: tls/openssl/gtlsconnection-openssl.c:489
+#, c-format
+msgid "Channel binding data tls-unique is not available"
+msgstr "tls-unique 的頻道綁定資料不可使用"
-#: tls/openssl/gtlsconnection-openssl.c:500
+#: tls/openssl/gtlsconnection-openssl.c:512
#, c-format
-#| msgid "Error reading data from TLS socket"
-msgid "Error reading data from TLS socket: %s"
-msgstr "從 TLS socket 讀取資料時發生錯誤:%s"
+msgid "X.509 Certificate is not available on the connection"
+msgstr "X.509 憑證在該連線上不可用"
-#: tls/openssl/gtlsconnection-openssl.c:526
+#: tls/openssl/gtlsconnection-openssl.c:558
#, c-format
-#| msgid "Error writing data to TLS socket"
-msgid "Error writing data to TLS socket: %s"
-msgstr "寫入資料到 TLS socket 時發生錯誤:%s"
+msgid "Failed to generate X.509 certificate digest"
+msgstr "無法產生 X.509 憑證摘要"
-#: tls/openssl/gtlsconnection-openssl.c:552
+#: tls/openssl/gtlsconnection-openssl.c:589
#, c-format
-#| msgid "Error performing TLS close"
-msgid "Error performing TLS close: %s"
-msgstr "執行 TLS 關閉時發生錯誤:%s"
+msgid "TLS Connection does not support TLS-Exporter feature"
+msgstr "TLS 連線不支援 TLS-Exporter 功能"
-#: tls/openssl/gtlsserverconnection-openssl.c:335
+#: tls/openssl/gtlsconnection-openssl.c:592
+#, c-format
+msgid "Unexpected error while exporting keying data"
+msgstr "匯出密鑰資料時發生意外錯誤"
+
+#: tls/openssl/gtlsconnection-openssl.c:833
+msgid "Error performing TLS close"
+msgstr "執行 TLS 關閉時發生錯誤"
+
+#: tls/openssl/gtlsdatabase-openssl.c:227
+msgid "Could not create CA store"
+msgstr "無法建立 CA 儲存區"
+
+#: tls/openssl/gtlsserverconnection-openssl.c:177
+#: tls/openssl/gtlsserverconnection-openssl.c:245
#, c-format
msgid "There is a problem with the certificate private key: %s"
msgstr "憑證私鑰發現問題:%s"
-#: tls/openssl/gtlsserverconnection-openssl.c:344
+#: tls/openssl/gtlsserverconnection-openssl.c:186
+#: tls/openssl/gtlsserverconnection-openssl.c:237
#, c-format
msgid "There is a problem with the certificate: %s"
msgstr "憑證發現問題:%s"
+#~ msgid "Failed to load file path: %s"
+#~ msgstr "無法載入檔案路徑:%s"
+
+#~ msgid "Peer requested illegal TLS rehandshake"
+#~ msgstr "目標主機要求了不合法的 TLS 重新交握"
+
+#~ msgid "Operation would block"
+#~ msgstr "操作會阻擋"
+
+#~ msgid "Server did not return a valid TLS certificate"
+#~ msgstr "伺服器沒有回傳有效的 TLS 憑證"
+
+#~| msgid "Error reading data from TLS socket"
+#~ msgid "Error reading data from TLS socket: %s"
+#~ msgstr "從 TLS socket 讀取資料時發生錯誤:%s"
+
+#~| msgid "Error writing data to TLS socket"
+#~ msgid "Error writing data to TLS socket: %s"
+#~ msgstr "寫入資料到 TLS socket 時發生錯誤:%s"
+
#~ msgid ""
#~ "This is the last chance to enter the PIN correctly before the token is "
#~ "locked."
const char *desktops;
desktops = g_getenv ("XDG_CURRENT_DESKTOP");
- if (desktops == NULL)
+ if (!desktops)
return FALSE;
/* Remember that XDG_CURRENT_DESKTOP is a list of strings. Desktops that
return strstr (desktops, "GNOME") != NULL;
}
-static inline gchar **
-make_proxies (const gchar *proxy)
-{
- gchar **proxies;
-
- proxies = g_new (gchar *, 2);
- proxies[0] = g_strdup (proxy);
- proxies[1] = NULL;
-
- return proxies;
-}
-
/* Threadsafely determines what to do with @uri; returns %FALSE if an
* error occurs, %TRUE and an array of proxies if the mode is NONE or
* MANUAL, or if @uri is covered by ignore-hosts, or %TRUE and a
task = g_task_new (resolver, cancellable, callback, user_data);
g_task_set_source_tag (task, g_proxy_resolver_gnome_lookup_async);
+ g_task_set_name (task, "[glib-networking] g_proxy_resolver_gnome_lookup_async");
if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri,
&proxies, &pacrunner, &autoconfig_url,
GError **error)
{
g_return_val_if_fail (g_task_is_valid (result, resolver), NULL);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_proxy_resolver_gnome_lookup_async, NULL);
return g_task_propagate_pointer (G_TASK (result), error);
}
g_proxy_resolver_gnome_register (GIOModule *module)
{
g_proxy_resolver_gnome_register_type (G_TYPE_MODULE (module));
- if (module == NULL)
+ if (!module)
g_io_extension_point_register (G_PROXY_RESOLVER_EXTENSION_POINT_NAME);
g_io_extension_point_implement (G_PROXY_RESOLVER_EXTENSION_POINT_NAME,
g_proxy_resolver_gnome_get_type(),
* <http://www.gnu.org/licenses/>.
*/
-#ifndef __G_PROXY_RESOLVER_GNOME_H__
-#define __G_PROXY_RESOLVER_GNOME_H__
+#pragma once
#include <glib-object.h>
#include <gio/gio.h>
void g_proxy_resolver_gnome_register (GIOModule *module);
G_END_DECLS
-
-#endif /* __G_PROXY_RESOLVER_GNOME_H__ */
return copy;
}
+/* FIXME: this function should be removed and replaced by a call to
+ * px_proxy_factory_free_proxies() once libproxy 0.4.16 is released.
+ * Sadly libproxy does not have any version check macros so it will
+ * have to be a hard dep.
+ */
static void
free_libproxy_proxies (gchar **proxies)
{
gchar **proxies;
task = g_task_new (resolver, cancellable, NULL, NULL);
- g_task_set_source_tag (task, g_libproxy_resolver_lookup);
+ g_task_set_name (task, "[glib-networking] g_libproxy_resolver_lookup");
g_task_set_task_data (task, g_strdup (uri), g_free);
g_task_set_return_on_cancel (task, TRUE);
task = g_task_new (resolver, cancellable, callback, user_data);
g_task_set_source_tag (task, g_libproxy_resolver_lookup_async);
+ g_task_set_name (task, "[glib-networking] g_libproxy_resolver_lookup_async");
g_task_set_task_data (task, g_strdup (uri), g_free);
g_task_set_return_on_cancel (task, TRUE);
g_task_run_in_thread (task, get_libproxy_proxies);
GError **error)
{
g_return_val_if_fail (g_task_is_valid (result, resolver), NULL);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_libproxy_resolver_lookup_async, NULL);
return g_task_propagate_pointer (G_TASK (result), error);
}
g_libproxy_resolver_register (GIOModule *module)
{
g_libproxy_resolver_register_type (G_TYPE_MODULE (module));
- if (module == NULL)
+ if (!module)
g_io_extension_point_register (G_PROXY_RESOLVER_EXTENSION_POINT_NAME);
g_io_extension_point_implement (G_PROXY_RESOLVER_EXTENSION_POINT_NAME,
g_libproxy_resolver_get_type(),
* Author: Nicolas Dufresne <nicolas.dufresne@collabora.co.uk>
*/
-#ifndef __G_LIBPROXY_RESOLVER_H__
-#define __G_LIBPROXY_RESOLVER_H__
+#pragma once
#include <glib-object.h>
#include <gio/gio.h>
void g_libproxy_resolver_register (GIOModule *module);
G_END_DECLS
-
-#endif /* __G_LIBPROXY_RESOLVER_H__ */
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
*
* Copyright 2009-2011 Red Hat, Inc
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
+ * version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
#include <errno.h>
#include "gtlsconnection-base.h"
-#include "gtlsinputstream-base.h"
-#include "gtlsoutputstream-base.h"
+#include "gtlsinputstream.h"
+#include "gtlslog.h"
+#include "gtlsoutputstream.h"
#include <glib/gi18n-lib.h>
+#include <glib/gprintf.h>
+
+/*
+ * GTlsConnectionBase is the base abstract implementation of TLS and DTLS
+ * support, for both the client and server side of a connection. The choice
+ * between TLS and DTLS is made by setting the base-io-stream or
+ * base-socket properties — exactly one of them must be set at
+ * construction time.
+ *
+ * Client- and server-specific code is in the client and server concrete
+ * subclasses, although the line about where code is put is a little blurry,
+ * and there are various places in GTlsConnectionBase which check
+ * G_IS_TLS_CLIENT_CONNECTION(self) to switch to a client-only code path.
+ *
+ * This abstract class implements a lot of interfaces:
+ * • Derived from GTlsConnection (itself from GIOStream), for TLS and streaming
+ * communications.
+ * • Implements GDtlsConnection and GDatagramBased, for DTLS and datagram
+ * communications.
+ * • Implements GInitable for failable initialisation.
+ */
+
+typedef struct
+{
+ /* When operating in stream mode, as a GTlsConnection. These are
+ * mutually-exclusive with base_socket. There are two different
+ * GIOStreams here: (a) base_io_stream and (b) the GTlsConnection
+ * itself. base_io_stream is the GIOStream used to create the GTlsConnection,
+ * and corresponds to the GTlsConnection::base-io-stream property.
+ * base_istream and base_ostream are the GInputStream and GOutputStream,
+ * respectively, of base_io_stream. These are for the underlying sockets that
+ * don't know about TLS.
+ *
+ * Then the GTlsConnection also has tls_istream and tls_ostream, which
+ * wrap the aforementioned base streams with a TLS session.
+ *
+ * When operating in datagram mode, none of these are used.
+ */
+ GIOStream *base_io_stream;
+ GPollableInputStream *base_istream;
+ GPollableOutputStream *base_ostream;
+ GInputStream *tls_istream;
+ GOutputStream *tls_ostream;
+
+ /* When operating in datagram mode, as a GDtlsConnection, the
+ * GTlsConnection is itself the DTLS GDatagramBased. It uses base_socket
+ * for the underlying I/O. It is mutually-exclusive with base_io_stream and
+ * the other streams.
+ */
+ GDatagramBased *base_socket;
+
+ GTlsDatabase *database;
+ GTlsInteraction *interaction;
+
+ GTlsCertificate *certificate;
+ gboolean missing_requested_client_certificate;
+ GError *interaction_error;
+ GTlsCertificate *peer_certificate;
+ GTlsCertificateFlags peer_certificate_errors;
+
+ GMutex verify_certificate_mutex;
+ GCond verify_certificate_condition;
+ gboolean peer_certificate_accepted;
+ gboolean peer_certificate_examined;
+
+ gboolean require_close_notify;
+
+G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+ GTlsRehandshakeMode rehandshake_mode;
+G_GNUC_END_IGNORE_DEPRECATIONS
+
+ /* need_handshake means the next claim_op() will get diverted into
+ * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
+ * need_finish_handshake means the next claim_op() will get diverted
+ * into finish_handshake() (unless it's an OP_CLOSE*).
+ *
+ * handshaking is TRUE as soon as a handshake thread is queued. For
+ * a sync handshake it becomes FALSE after finish_handshake()
+ * completes in the calling thread, but for an async implicit
+ * handshake, it becomes FALSE (and need_finish_handshake becomes
+ * TRUE) at the end of the handshaking thread (and then the next
+ * non-close op will call finish_handshake()). We can't just wait
+ * for async_handshake_thread_completed() to run, because it's
+ * possible that its main loop is being blocked by a synchronous op
+ * which is waiting for handshaking to become FALSE...
+ *
+ * started_handshake indicates that the current handshake attempt
+ * got at least as far as sending the first handshake packet (and so
+ * any error should be copied to handshake_error and returned on all
+ * future operations). ever_handshaked indicates that TLS has been
+ * successfully negotiated at some point.
+ */
+ gboolean need_handshake;
+ gboolean need_finish_handshake;
+ gboolean sync_handshake_in_progress;
+ gboolean started_handshake;
+ gboolean handshaking;
+ gboolean ever_handshaked;
+ GMainContext *handshake_context;
+ GTask *implicit_handshake;
+ GError *handshake_error;
+ GByteArray *app_data_buf;
+
+ /* read_closed means the read direction has closed; write_closed similarly.
+ * If (and only if) both are set, the entire GTlsConnection is closed. */
+ gboolean read_closing, read_closed;
+ gboolean write_closing, write_closed;
+
+ gboolean reading;
+ gint64 read_timeout;
+ GError *read_error;
+ GCancellable *read_cancellable;
+
+ gboolean writing;
+ gint64 write_timeout;
+ GError *write_error;
+ GCancellable *write_cancellable;
+
+ gboolean successful_read_op;
+
+ gboolean is_system_certdb;
+ gboolean database_is_unset;
+
+ GMutex op_mutex;
+ GCancellable *waiting_for_op;
+
+ gchar **advertised_protocols;
+ gchar *negotiated_protocol;
+
+ GTlsProtocolVersion protocol_version;
+ gchar *ciphersuite_name;
+} GTlsConnectionBasePrivate;
+
+static void g_tls_connection_base_dtls_connection_iface_init (GDtlsConnectionInterface *iface);
+
+static void g_tls_connection_base_datagram_based_iface_init (GDatagramBasedInterface *iface);
static gboolean do_implicit_handshake (GTlsConnectionBase *tls,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error);
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
+
static gboolean finish_handshake (GTlsConnectionBase *tls,
- GTask *task,
- GError **error);
+ GTask *task,
+ GError **error);
+
+static void g_tls_connection_base_handshake_async (GTlsConnection *conn,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+
+static gboolean g_tls_connection_base_handshake (GTlsConnection *conn,
+ GCancellable *cancellable,
+ GError **error);
+
+G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionBase, g_tls_connection_base, G_TYPE_TLS_CONNECTION,
+ G_ADD_PRIVATE (GTlsConnectionBase);
+ G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED,
+ g_tls_connection_base_datagram_based_iface_init);
+ G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION,
+ g_tls_connection_base_dtls_connection_iface_init);
+ );
-G_DEFINE_ABSTRACT_TYPE (GTlsConnectionBase, g_tls_connection_base, G_TYPE_TLS_CONNECTION);
enum
{
PROP_0,
+ /* For this class: */
PROP_BASE_IO_STREAM,
+ PROP_BASE_SOCKET,
+ /* For GTlsConnection and GDtlsConnection: */
PROP_REQUIRE_CLOSE_NOTIFY,
PROP_REHANDSHAKE_MODE,
PROP_USE_SYSTEM_CERTDB,
PROP_CERTIFICATE,
PROP_INTERACTION,
PROP_PEER_CERTIFICATE,
- PROP_PEER_CERTIFICATE_ERRORS
+ PROP_PEER_CERTIFICATE_ERRORS,
+ PROP_ADVERTISED_PROTOCOLS,
+ PROP_NEGOTIATED_PROTOCOL,
+ PROP_PROTOCOL_VERSION,
+ PROP_CIPHERSUITE_NAME
};
+gboolean
+g_tls_connection_base_is_dtls (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->base_socket != NULL;
+}
+
static void
g_tls_connection_base_init (GTlsConnectionBase *tls)
{
- tls->need_handshake = TRUE;
- tls->database_is_unset = TRUE;
- tls->is_system_certdb = TRUE;
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ priv->need_handshake = TRUE;
+ priv->database_is_unset = TRUE;
+ priv->is_system_certdb = TRUE;
- g_mutex_init (&tls->op_mutex);
- tls->waiting_for_op = g_cancellable_new ();
- g_cancellable_cancel (tls->waiting_for_op);
+ g_mutex_init (&priv->verify_certificate_mutex);
+ g_cond_init (&priv->verify_certificate_condition);
+
+ g_mutex_init (&priv->op_mutex);
+
+ priv->waiting_for_op = g_cancellable_new ();
}
static void
g_tls_connection_base_finalize (GObject *object)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_clear_object (&priv->base_io_stream);
+ g_clear_object (&priv->base_socket);
+
+ g_clear_object (&priv->tls_istream);
+ g_clear_object (&priv->tls_ostream);
- g_clear_object (&tls->base_io_stream);
+ g_clear_object (&priv->database);
+ g_clear_object (&priv->certificate);
+ g_clear_error (&priv->interaction_error);
+ g_clear_object (&priv->peer_certificate);
- g_clear_object (&tls->tls_istream);
- g_clear_object (&tls->tls_ostream);
+ g_mutex_clear (&priv->verify_certificate_mutex);
+ g_cond_clear (&priv->verify_certificate_condition);
- g_clear_object (&tls->database);
- g_clear_object (&tls->certificate);
- g_clear_error (&tls->certificate_error);
- g_clear_object (&tls->peer_certificate);
+ g_clear_object (&priv->interaction);
- g_clear_object (&tls->interaction);
+ g_clear_pointer (&priv->handshake_context, g_main_context_unref);
- /* This must always be NULL at this, as it holds a referehce to @gnutls as
+ /* This must always be NULL at this point, as it holds a reference to @tls as
* its source object. However, we clear it anyway just in case this changes
* in future. */
- g_clear_object (&tls->implicit_handshake);
+ g_clear_object (&priv->implicit_handshake);
- g_clear_error (&tls->handshake_error);
- g_clear_error (&tls->read_error);
- g_clear_error (&tls->write_error);
- g_clear_object (&tls->read_cancellable);
- g_clear_object (&tls->write_cancellable);
+ g_clear_error (&priv->handshake_error);
+ g_clear_error (&priv->read_error);
+ g_clear_error (&priv->write_error);
+ g_clear_object (&priv->read_cancellable);
+ g_clear_object (&priv->write_cancellable);
- g_clear_object (&tls->waiting_for_op);
- g_mutex_clear (&tls->op_mutex);
+ g_clear_object (&priv->waiting_for_op);
+ g_mutex_clear (&priv->op_mutex);
- g_clear_pointer (&tls->app_data_buf, g_byte_array_unref);
+ g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
+
+ g_clear_pointer (&priv->advertised_protocols, g_strfreev);
+ g_clear_pointer (&priv->negotiated_protocol, g_free);
+
+ g_clear_pointer (&priv->ciphersuite_name, g_free);
G_OBJECT_CLASS (g_tls_connection_base_parent_class)->finalize (object);
}
static void
g_tls_connection_base_get_property (GObject *object,
- guint prop_id,
- GValue *value,
- GParamSpec *pspec)
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GTlsBackend *backend;
switch (prop_id)
{
case PROP_BASE_IO_STREAM:
- g_value_set_object (value, tls->base_io_stream);
+ g_value_set_object (value, priv->base_io_stream);
+ break;
+
+ case PROP_BASE_SOCKET:
+ g_value_set_object (value, priv->base_socket);
break;
case PROP_REQUIRE_CLOSE_NOTIFY:
- g_value_set_boolean (value, tls->require_close_notify);
+ g_value_set_boolean (value, priv->require_close_notify);
break;
case PROP_REHANDSHAKE_MODE:
- g_value_set_enum (value, tls->rehandshake_mode);
+ g_value_set_enum (value, priv->rehandshake_mode);
break;
case PROP_USE_SYSTEM_CERTDB:
- g_value_set_boolean (value, tls->is_system_certdb);
+ g_value_set_boolean (value, priv->is_system_certdb);
break;
case PROP_DATABASE:
- if (tls->database_is_unset)
+ if (priv->database_is_unset)
{
backend = g_tls_backend_get_default ();
- tls->database = g_tls_backend_get_default_database (backend);
- tls->database_is_unset = FALSE;
+ priv->database = g_tls_backend_get_default_database (backend);
+ priv->database_is_unset = FALSE;
}
- g_value_set_object (value, tls->database);
+ g_value_set_object (value, priv->database);
break;
case PROP_CERTIFICATE:
- g_value_set_object (value, tls->certificate);
+ g_value_set_object (value, priv->certificate);
break;
case PROP_INTERACTION:
- g_value_set_object (value, tls->interaction);
+ g_value_set_object (value, priv->interaction);
break;
case PROP_PEER_CERTIFICATE:
- g_value_set_object (value, tls->peer_certificate);
+ g_value_set_object (value, priv->peer_certificate);
break;
case PROP_PEER_CERTIFICATE_ERRORS:
- g_value_set_flags (value, tls->peer_certificate_errors);
+ g_value_set_flags (value, priv->peer_certificate_errors);
+ break;
+
+ case PROP_ADVERTISED_PROTOCOLS:
+ g_value_set_boxed (value, priv->advertised_protocols);
+ break;
+
+ case PROP_NEGOTIATED_PROTOCOL:
+ g_value_set_string (value, priv->negotiated_protocol);
+ break;
+
+ case PROP_PROTOCOL_VERSION:
+ g_value_set_enum (value, priv->protocol_version);
+ break;
+
+ case PROP_CIPHERSUITE_NAME:
+ g_value_set_string (value, priv->ciphersuite_name);
break;
default:
static void
g_tls_connection_base_set_property (GObject *object,
- guint prop_id,
- const GValue *value,
- GParamSpec *pspec)
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GInputStream *istream;
GOutputStream *ostream;
gboolean system_certdb;
switch (prop_id)
{
case PROP_BASE_IO_STREAM:
- if (tls->base_io_stream)
- {
- g_object_unref (tls->base_io_stream);
- tls->base_istream = NULL;
- tls->base_ostream = NULL;
- }
- tls->base_io_stream = g_value_dup_object (value);
- if (!tls->base_io_stream)
- return;
-
- istream = g_io_stream_get_input_stream (tls->base_io_stream);
- ostream = g_io_stream_get_output_stream (tls->base_io_stream);
+ g_assert (!g_value_get_object (value) || !priv->base_socket);
+
+ if (priv->base_io_stream)
+ {
+ g_object_unref (priv->base_io_stream);
+ priv->base_istream = NULL;
+ priv->base_ostream = NULL;
+ }
+ priv->base_io_stream = g_value_dup_object (value);
+ if (!priv->base_io_stream)
+ return;
+
+ istream = g_io_stream_get_input_stream (priv->base_io_stream);
+ ostream = g_io_stream_get_output_stream (priv->base_io_stream);
if (G_IS_POLLABLE_INPUT_STREAM (istream) &&
- g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
- {
- tls->base_istream = G_POLLABLE_INPUT_STREAM (istream);
- tls->tls_istream = g_tls_input_stream_base_new (tls);
- }
+ g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
+ {
+ priv->base_istream = G_POLLABLE_INPUT_STREAM (istream);
+ priv->tls_istream = g_tls_input_stream_new (tls);
+ }
if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) &&
- g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
- {
- tls->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
- tls->tls_ostream = g_tls_output_stream_base_new (tls);
- }
+ g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
+ {
+ priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
+ priv->tls_ostream = g_tls_output_stream_new (tls);
+ }
+ break;
+
+ case PROP_BASE_SOCKET:
+ g_assert (!g_value_get_object (value) || !priv->base_io_stream);
+
+ g_clear_object (&priv->base_socket);
+ priv->base_socket = g_value_dup_object (value);
break;
case PROP_REQUIRE_CLOSE_NOTIFY:
- tls->require_close_notify = g_value_get_boolean (value);
+ priv->require_close_notify = g_value_get_boolean (value);
break;
case PROP_REHANDSHAKE_MODE:
- tls->rehandshake_mode = g_value_get_enum (value);
+ priv->rehandshake_mode = g_value_get_enum (value);
break;
case PROP_USE_SYSTEM_CERTDB:
system_certdb = g_value_get_boolean (value);
- if (system_certdb != tls->is_system_certdb)
+ if (system_certdb != priv->is_system_certdb)
{
- g_clear_object (&tls->database);
+ g_clear_object (&priv->database);
if (system_certdb)
{
backend = g_tls_backend_get_default ();
- tls->database = g_tls_backend_get_default_database (backend);
+ priv->database = g_tls_backend_get_default_database (backend);
}
- tls->is_system_certdb = system_certdb;
- tls->database_is_unset = FALSE;
+ priv->is_system_certdb = system_certdb;
+ priv->database_is_unset = FALSE;
}
break;
case PROP_DATABASE:
- g_clear_object (&tls->database);
- tls->database = g_value_dup_object (value);
- tls->is_system_certdb = FALSE;
- tls->database_is_unset = FALSE;
+ g_clear_object (&priv->database);
+ priv->database = g_value_dup_object (value);
+ priv->is_system_certdb = FALSE;
+ priv->database_is_unset = FALSE;
break;
case PROP_CERTIFICATE:
- if (tls->certificate)
- g_object_unref (tls->certificate);
- tls->certificate = g_value_dup_object (value);
+ if (priv->certificate)
+ g_object_unref (priv->certificate);
+ priv->certificate = g_value_dup_object (value);
break;
case PROP_INTERACTION:
- g_clear_object (&tls->interaction);
- tls->interaction = g_value_dup_object (value);
+ g_clear_object (&priv->interaction);
+ priv->interaction = g_value_dup_object (value);
+ break;
+
+ case PROP_ADVERTISED_PROTOCOLS:
+ g_clear_pointer (&priv->advertised_protocols, g_strfreev);
+ priv->advertised_protocols = g_value_dup_boxed (value);
break;
default:
G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH,
} GTlsConnectionBaseOp;
+static const gchar *
+op_to_string (GTlsConnectionBaseOp op)
+{
+ switch (op)
+ {
+ case G_TLS_CONNECTION_BASE_OP_HANDSHAKE:
+ return "OP_HANDSHAKE";
+ case G_TLS_CONNECTION_BASE_OP_READ:
+ return "OP_READ";
+ case G_TLS_CONNECTION_BASE_OP_WRITE:
+ return "OP_WRITE";
+ case G_TLS_CONNECTION_BASE_OP_CLOSE_READ:
+ return "OP_CLOSE_READ";
+ case G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE:
+ return "OP_CLOSE_WRITE";
+ case G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH:
+ return "OP_CLOSE_BOTH";
+ }
+
+ g_assert_not_reached ();
+
+ return "UNKNOWN_OP";
+}
+
+static const gchar *
+status_to_string (GTlsConnectionBaseStatus st)
+{
+ switch (st)
+ {
+ case G_TLS_CONNECTION_BASE_OK:
+ return "BASE_OK";
+ case G_TLS_CONNECTION_BASE_WOULD_BLOCK:
+ return "WOULD_BLOCK";
+ case G_TLS_CONNECTION_BASE_TIMED_OUT:
+ return "TIMED_OUT";
+ case G_TLS_CONNECTION_BASE_REHANDSHAKE:
+ return "REHANDSHAKE";
+ case G_TLS_CONNECTION_BASE_TRY_AGAIN:
+ return "TRY_AGAIN";
+ case G_TLS_CONNECTION_BASE_ERROR:
+ return "ERROR";
+ }
+
+ g_assert_not_reached ();
+
+ return "UNKNOWN_STATUS";
+}
+
static gboolean
claim_op (GTlsConnectionBase *tls,
- GTlsConnectionBaseOp op,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error)
+ GTlsConnectionBaseOp op,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_tls_log_debug (tls, "claiming operation %s", op_to_string (op));
+
try_again:
if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return FALSE;
+ {
+ g_tls_log_debug (tls, "claim_op failed: cancelled");
+ return FALSE;
+ }
- g_mutex_lock (&tls->op_mutex);
+ g_mutex_lock (&priv->op_mutex);
if (((op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE ||
op == G_TLS_CONNECTION_BASE_OP_READ) &&
- (tls->read_closing || tls->read_closed)) ||
+ (priv->read_closing || priv->read_closed)) ||
((op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE ||
op == G_TLS_CONNECTION_BASE_OP_WRITE) &&
- (tls->write_closing || tls->write_closed)))
+ (priv->write_closing || priv->write_closed)))
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- g_mutex_unlock (&tls->op_mutex);
+ _("Connection is closed"));
+ g_mutex_unlock (&priv->op_mutex);
+ g_tls_log_debug (tls, "claim_op failed: connection is closed");
return FALSE;
}
- if (tls->handshake_error &&
+ if (priv->handshake_error &&
op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
{
if (error)
- *error = g_error_copy (tls->handshake_error);
- g_mutex_unlock (&tls->op_mutex);
+ *error = g_error_copy (priv->handshake_error);
+ g_mutex_unlock (&priv->op_mutex);
+ g_tls_log_debug (tls, "claim_op failed: %s", priv->handshake_error->message);
return FALSE;
}
if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
- tls->need_handshake && !tls->handshaking)
- {
- tls->handshaking = TRUE;
- if (!do_implicit_handshake (tls, blocking, cancellable, error))
- {
- g_cancellable_reset (tls->waiting_for_op);
- g_mutex_unlock (&tls->op_mutex);
- return FALSE;
- }
- }
-
- if (tls->need_finish_handshake &&
- tls->implicit_handshake)
- {
- GError *my_error = NULL;
- gboolean success;
-
- tls->need_finish_handshake = FALSE;
-
- g_mutex_unlock (&tls->op_mutex);
- success = finish_handshake (tls, tls->implicit_handshake, &my_error);
- g_clear_object (&tls->implicit_handshake);
- g_mutex_lock (&tls->op_mutex);
-
- if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
- (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
- {
- g_propagate_error (error, my_error);
- g_mutex_unlock (&tls->op_mutex);
- return FALSE;
- }
-
- g_clear_error (&my_error);
- }
+ priv->need_handshake && !priv->handshaking)
+ {
+ priv->handshaking = TRUE;
+ if (!do_implicit_handshake (tls, timeout, cancellable, error))
+ {
+ g_mutex_unlock (&priv->op_mutex);
+ g_tls_log_debug (tls, "claim_op failed: implicit handshake required");
+ return FALSE;
+ }
+ }
+
+ if (priv->need_finish_handshake &&
+ priv->implicit_handshake)
+ {
+ GError *my_error = NULL;
+ gboolean success;
+
+ priv->need_finish_handshake = FALSE;
+
+ g_mutex_unlock (&priv->op_mutex);
+ success = finish_handshake (tls, priv->implicit_handshake, &my_error);
+ g_clear_object (&priv->implicit_handshake);
+ g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+ g_mutex_lock (&priv->op_mutex);
+
+ if (op != G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_READ &&
+ op != G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE &&
+ (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
+ {
+ g_propagate_error (error, my_error);
+ g_mutex_unlock (&priv->op_mutex);
+ g_tls_log_debug (tls, "claim_op failed: finish_handshake failed or operation has been cancelled");
+ return FALSE;
+ }
+
+ g_clear_error (&my_error);
+ }
+ }
+
+ if (priv->handshaking &&
+ timeout != 0 &&
+ g_main_context_is_owner (priv->handshake_context))
+ {
+ /* Cannot perform a blocking operation during a handshake on the
+ * same thread that triggered the handshake. The only way this can
+ * occur is if the application is doing something weird in its
+ * accept-certificate callback. Allowing a blocking op would stall
+ * the handshake (forever, if there's no timeout). Even a close
+ * op would deadlock here.
+ */
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _("Cannot perform blocking operation during TLS handshake"));
+ g_mutex_unlock (&priv->op_mutex);
+ g_tls_log_debug (tls, "claim_op failed: cannot perform blocking operation during TLS handshake");
+ return FALSE;
}
- if ((op != G_TLS_CONNECTION_BASE_OP_WRITE && tls->reading) ||
- (op != G_TLS_CONNECTION_BASE_OP_READ && tls->writing) ||
- (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE && tls->handshaking))
+ if ((op != G_TLS_CONNECTION_BASE_OP_WRITE && priv->reading) ||
+ (op != G_TLS_CONNECTION_BASE_OP_READ && priv->writing) ||
+ (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE && priv->handshaking))
{
GPollFD fds[2];
int nfds;
+ gint64 start_time;
+ gint result = 1; /* if the loop is never entered, it's as if we cancelled early */
- g_cancellable_reset (tls->waiting_for_op);
+ g_cancellable_reset (priv->waiting_for_op);
- g_mutex_unlock (&tls->op_mutex);
+ g_mutex_unlock (&priv->op_mutex);
- if (!blocking)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
- _("Operation would block"));
- return FALSE;
- }
+ if (timeout == 0)
+ {
+ /* Intentionally not translated because this is not a fatal error to be
+ * presented to the user, and to avoid this showing up in profiling. */
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, "Operation would block");
+ g_tls_log_debug (tls, "claim_op failed: operation would block");
+ return FALSE;
+ }
- g_cancellable_make_pollfd (tls->waiting_for_op, &fds[0]);
+ g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
if (g_cancellable_make_pollfd (cancellable, &fds[1]))
- nfds = 2;
+ nfds = 2;
else
- nfds = 1;
+ nfds = 1;
- g_poll (fds, nfds, -1);
+ /* Convert from microseconds to milliseconds. */
+ if (timeout != -1)
+ timeout /= 1000;
+
+ /* Poll until cancellation or the timeout is reached. */
+ start_time = g_get_monotonic_time ();
+
+ while (!g_cancellable_is_cancelled (priv->waiting_for_op) &&
+ !g_cancellable_is_cancelled (cancellable))
+ {
+ result = g_poll (fds, nfds, timeout);
+
+ if (result == 0)
+ break;
+ if (result != -1 || errno != EINTR)
+ continue;
+
+ if (timeout != -1)
+ {
+ timeout -= (g_get_monotonic_time () - start_time) / 1000;
+ if (timeout < 0)
+ timeout = 0;
+ }
+ }
if (nfds > 1)
g_cancellable_release_fd (cancellable);
+ if (result == 0)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
+ _("Socket I/O timed out"));
+ g_tls_log_debug (tls, "claim_op failed: socket I/O timed out");
+ return FALSE;
+ }
+
goto try_again;
}
if (op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
- tls->handshaking = TRUE;
+ priv->handshaking = TRUE;
if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
op == G_TLS_CONNECTION_BASE_OP_CLOSE_READ)
- tls->read_closing = TRUE;
+ priv->read_closing = TRUE;
if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
op == G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
- tls->write_closing = TRUE;
+ priv->write_closing = TRUE;
if (op != G_TLS_CONNECTION_BASE_OP_WRITE)
- tls->reading = TRUE;
+ priv->reading = TRUE;
if (op != G_TLS_CONNECTION_BASE_OP_READ)
- tls->writing = TRUE;
+ priv->writing = TRUE;
- g_mutex_unlock (&tls->op_mutex);
+ g_mutex_unlock (&priv->op_mutex);
+ g_tls_log_debug (tls, "claiming operation %s succeeded", op_to_string (op));
return TRUE;
}
static void
yield_op (GTlsConnectionBase *tls,
- GTlsConnectionBaseOp op,
- GTlsConnectionBaseStatus status)
+ GTlsConnectionBaseOp op,
+ GTlsConnectionBaseStatus status)
{
- g_mutex_lock (&tls->op_mutex);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_tls_log_debug (tls, "yielding operation %s", op_to_string (op));
+
+ g_mutex_lock (&priv->op_mutex);
if (op == G_TLS_CONNECTION_BASE_OP_HANDSHAKE)
- tls->handshaking = FALSE;
- else if (status == G_TLS_CONNECTION_BASE_REHANDSHAKE && !tls->handshaking)
- tls->need_handshake = TRUE;
+ priv->handshaking = FALSE;
+ else if (status == G_TLS_CONNECTION_BASE_REHANDSHAKE && !priv->handshaking)
+ priv->need_handshake = TRUE;
if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
op == G_TLS_CONNECTION_BASE_OP_CLOSE_READ)
- tls->read_closing = FALSE;
+ priv->read_closing = FALSE;
if (op == G_TLS_CONNECTION_BASE_OP_CLOSE_BOTH ||
op == G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE)
- tls->write_closing = FALSE;
+ priv->write_closing = FALSE;
if (op != G_TLS_CONNECTION_BASE_OP_WRITE)
- tls->reading = FALSE;
+ priv->reading = FALSE;
if (op != G_TLS_CONNECTION_BASE_OP_READ)
- tls->writing = FALSE;
+ priv->writing = FALSE;
- g_cancellable_cancel (tls->waiting_for_op);
- g_mutex_unlock (&tls->op_mutex);
+ g_cancellable_cancel (priv->waiting_for_op);
+ g_mutex_unlock (&priv->op_mutex);
}
static void
g_tls_connection_base_real_push_io (GTlsConnectionBase *tls,
GIOCondition direction,
- gboolean blocking,
+ gint64 timeout,
GCancellable *cancellable)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
if (direction & G_IO_IN)
{
- tls->read_blocking = blocking;
- tls->read_cancellable = cancellable;
- g_clear_error (&tls->read_error);
+ priv->read_timeout = timeout;
+ priv->read_cancellable = cancellable;
+ g_clear_error (&priv->read_error);
}
if (direction & G_IO_OUT)
{
- tls->write_blocking = blocking;
- tls->write_cancellable = cancellable;
- g_clear_error (&tls->write_error);
+ priv->write_timeout = timeout;
+ priv->write_cancellable = cancellable;
+ g_clear_error (&priv->write_error);
}
}
void
g_tls_connection_base_push_io (GTlsConnectionBase *tls,
GIOCondition direction,
- gboolean blocking,
+ gint64 timeout,
GCancellable *cancellable)
{
g_assert (direction & (G_IO_IN | G_IO_OUT));
g_return_if_fail (G_IS_TLS_CONNECTION_BASE (tls));
G_TLS_CONNECTION_BASE_GET_CLASS (tls)->push_io (tls, direction,
- blocking, cancellable);
+ timeout, cancellable);
}
static GTlsConnectionBaseStatus
gboolean success,
GError **error)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GError *my_error = NULL;
+ /* This function MAY or MAY NOT set error when it fails! */
+
if (direction & G_IO_IN)
{
- tls->read_cancellable = NULL;
+ priv->read_cancellable = NULL;
if (!success)
- {
- my_error = tls->read_error;
- tls->read_error = NULL;
- }
+ {
+ my_error = priv->read_error;
+ priv->read_error = NULL;
+ }
else
- g_clear_error (&tls->read_error);
+ g_clear_error (&priv->read_error);
}
+
if (direction & G_IO_OUT)
{
- tls->write_cancellable = NULL;
+ priv->write_cancellable = NULL;
if (!success && !my_error)
- {
- my_error = tls->write_error;
- tls->write_error = NULL;
- }
+ {
+ my_error = priv->write_error;
+ priv->write_error = NULL;
+ }
else
- g_clear_error (&tls->write_error);
+ g_clear_error (&priv->write_error);
}
if (success)
g_propagate_error (error, my_error);
return G_TLS_CONNECTION_BASE_WOULD_BLOCK;
}
- else if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
+
+ if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
{
g_propagate_error (error, my_error);
return G_TLS_CONNECTION_BASE_TIMED_OUT;
}
+
+ if (priv->missing_requested_client_certificate &&
+ !priv->successful_read_op)
+ {
+ g_assert (G_IS_TLS_CLIENT_CONNECTION (tls));
+
+ /* Probably the server requires a client certificate, but we failed to
+ * provide one. With TLS 1.3, the server is no longer able to tell us
+ * this, so we just have to guess. If there is an error from the TLS
+ * interaction (request for user certificate), we provide that. Otherwise,
+ * guess that G_TLS_ERROR_CERTIFICATE_REQUIRED is probably appropriate.
+ * This could be wrong, but only applies to the small minority of
+ * connections where a client cert is requested but not provided, and then
+ * then only if the client has never successfully read any data from the
+ * connection. This should hopefully be a rare enough case that returning
+ * G_TLS_ERROR_CERTIFICATE_REQUIRED incorrectly should not be common.
+ * Beware that a successful write operation does *not* indicate that the
+ * server has accepted our certificate: a write op can succeed on the
+ * client side before the client notices that the server has closed the
+ * connection.
+ */
+ if (priv->interaction_error)
+ {
+ g_propagate_error (error, priv->interaction_error);
+ priv->interaction_error = NULL;
+ }
+ else
+ {
+ g_clear_error (error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("Server required TLS certificate"));
+ }
+ g_clear_error (&my_error);
+ }
else if (my_error)
- g_propagate_error (error, my_error);
+ {
+ g_propagate_error (error, my_error);
+ }
return G_TLS_CONNECTION_BASE_ERROR;
}
success, error);
}
+/* Checks whether the underlying base stream or GDatagramBased meets
+ * @condition. */
+gboolean
+g_tls_connection_base_base_check (GTlsConnectionBase *tls,
+ GIOCondition condition)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ if (g_tls_connection_base_is_dtls (tls))
+ return g_datagram_based_condition_check (priv->base_socket, condition);
+
+ if (condition & G_IO_IN)
+ return g_pollable_input_stream_is_readable (priv->base_istream);
+
+ if (condition & G_IO_OUT)
+ return g_pollable_output_stream_is_writable (priv->base_ostream);
+
+ g_assert_not_reached ();
+ return FALSE;
+}
+
+/* Checks whether the (D)TLS stream meets @condition; not the underlying base
+ * stream or GDatagramBased. */
gboolean
g_tls_connection_base_check (GTlsConnectionBase *tls,
- GIOCondition condition)
+ GIOCondition condition)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
/* Racy, but worst case is that we just get WOULD_BLOCK back */
- if (tls->need_finish_handshake)
+ if (priv->need_finish_handshake)
return TRUE;
/* If a handshake or close is in progress, then tls_istream and
* tls_ostream are blocked, regardless of the base stream status.
*/
- if (tls->handshaking)
+ if (priv->handshaking)
return FALSE;
- if (((condition & G_IO_IN) && tls->read_closing) ||
- ((condition & G_IO_OUT) && tls->write_closing))
+ if (((condition & G_IO_IN) && priv->read_closing) ||
+ ((condition & G_IO_OUT) && priv->write_closing))
return FALSE;
- if (condition & G_IO_IN)
- return g_pollable_input_stream_is_readable (tls->base_istream);
- else
- return g_pollable_output_stream_is_writable (tls->base_ostream);
+ /* Defer to the base stream or GDatagramBased. */
+ return g_tls_connection_base_base_check (tls, condition);
}
typedef struct {
GSource source;
GTlsConnectionBase *tls;
- GObject *stream;
+
+ /* Either a GDatagramBased (datagram mode), or a GPollableInputStream or
+ * a GPollableOutputStream (streaming mode):
+ */
+ GObject *base;
GSource *child_source;
GIOCondition condition;
gboolean op_waiting;
} GTlsConnectionBaseSource;
+/* Use a custom dummy callback instead of g_source_set_dummy_callback(), as that
+ * uses a GClosure and is slow. (The GClosure is necessary to deal with any
+ * function prototype.) */
static gboolean
-tls_source_prepare (GSource *source,
- gint *timeout)
+dummy_callback (gpointer data)
{
- *timeout = -1;
- return FALSE;
-}
-
-static gboolean
-tls_source_check (GSource *source)
-{
- return FALSE;
+ return G_SOURCE_CONTINUE;
}
static void
tls_source_sync (GTlsConnectionBaseSource *tls_source)
{
GTlsConnectionBase *tls = tls_source->tls;
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
gboolean io_waiting, op_waiting;
/* Was the source destroyed earlier in this main context iteration? */
- if (g_source_is_destroyed ((GSource *) tls_source))
+ if (g_source_is_destroyed ((GSource *)tls_source))
return;
- g_mutex_lock (&tls->op_mutex);
- if (((tls_source->condition & G_IO_IN) && tls->reading) ||
- ((tls_source->condition & G_IO_OUT) && tls->writing) ||
- (tls->handshaking && !tls->need_finish_handshake))
+ g_mutex_lock (&priv->op_mutex);
+ if (((tls_source->condition & G_IO_IN) && priv->reading) ||
+ ((tls_source->condition & G_IO_OUT) && priv->writing) ||
+ (priv->handshaking && !priv->need_finish_handshake))
op_waiting = TRUE;
else
op_waiting = FALSE;
- if (!op_waiting && !tls->need_handshake &&
- !tls->need_finish_handshake)
+ if (!op_waiting && !priv->need_handshake &&
+ !priv->need_finish_handshake)
io_waiting = TRUE;
else
io_waiting = FALSE;
- g_mutex_unlock (&tls->op_mutex);
+ g_mutex_unlock (&priv->op_mutex);
if (op_waiting == tls_source->op_waiting &&
io_waiting == tls_source->io_waiting)
if (tls_source->child_source)
{
g_source_remove_child_source ((GSource *)tls_source,
- tls_source->child_source);
+ tls_source->child_source);
g_source_unref (tls_source->child_source);
}
if (op_waiting)
- tls_source->child_source = g_cancellable_source_new (tls->waiting_for_op);
- else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (tls_source->stream))
- tls_source->child_source = g_pollable_input_stream_create_source (tls->base_istream, NULL);
- else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (tls_source->stream))
- tls_source->child_source = g_pollable_output_stream_create_source (tls->base_ostream, NULL);
+ tls_source->child_source = g_cancellable_source_new (priv->waiting_for_op);
+ else if (io_waiting && G_IS_DATAGRAM_BASED (tls_source->base))
+ tls_source->child_source = g_datagram_based_create_source (priv->base_socket, tls_source->condition, NULL);
+ else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (tls_source->base))
+ tls_source->child_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
+ else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (tls_source->base))
+ tls_source->child_source = g_pollable_output_stream_create_source (priv->base_ostream, NULL);
else
tls_source->child_source = g_timeout_source_new (0);
- g_source_set_dummy_callback (tls_source->child_source);
+ g_source_set_callback (tls_source->child_source, dummy_callback, NULL, NULL);
g_source_add_child_source ((GSource *)tls_source, tls_source->child_source);
}
static gboolean
tls_source_dispatch (GSource *source,
- GSourceFunc callback,
- gpointer user_data)
+ GSourceFunc callback,
+ gpointer user_data)
{
- GPollableSourceFunc func = (GPollableSourceFunc)callback;
+ GDatagramBasedSourceFunc datagram_based_func = (GDatagramBasedSourceFunc)callback;
+ GPollableSourceFunc pollable_func = (GPollableSourceFunc)callback;
GTlsConnectionBaseSource *tls_source = (GTlsConnectionBaseSource *)source;
gboolean ret;
- ret = (*func) (tls_source->stream, user_data);
+ if (G_IS_DATAGRAM_BASED (tls_source->base))
+ ret = (*datagram_based_func) (G_DATAGRAM_BASED (tls_source->base),
+ tls_source->condition, user_data);
+ else
+ ret = (*pollable_func) (tls_source->base, user_data);
+
if (ret)
tls_source_sync (tls_source);
static gboolean
g_tls_connection_tls_source_closure_callback (GObject *stream,
- gpointer data)
+ gpointer data)
{
GClosure *closure = data;
return result;
}
+static gboolean
+g_tls_connection_tls_source_dtls_closure_callback (GDatagramBased *datagram_based,
+ GIOCondition condition,
+ gpointer data)
+{
+ GClosure *closure = data;
+
+ GValue param[2] = { G_VALUE_INIT, G_VALUE_INIT };
+ GValue result_value = G_VALUE_INIT;
+ gboolean result;
+
+ g_value_init (&result_value, G_TYPE_BOOLEAN);
+
+ g_value_init (¶m[0], G_TYPE_DATAGRAM_BASED);
+ g_value_set_object (¶m[0], datagram_based);
+ g_value_init (¶m[1], G_TYPE_IO_CONDITION);
+ g_value_set_flags (¶m[1], condition);
+
+ g_closure_invoke (closure, &result_value, 2, param, NULL);
+
+ result = g_value_get_boolean (&result_value);
+ g_value_unset (&result_value);
+ g_value_unset (¶m[0]);
+ g_value_unset (¶m[1]);
+
+ return result;
+}
+
static GSourceFuncs tls_source_funcs =
{
- tls_source_prepare,
- tls_source_check,
+ NULL,
+ NULL,
tls_source_dispatch,
tls_source_finalize,
(GSourceFunc)g_tls_connection_tls_source_closure_callback,
(GSourceDummyMarshal)g_cclosure_marshal_generic
};
+static GSourceFuncs dtls_source_funcs =
+{
+ NULL,
+ NULL,
+ tls_source_dispatch,
+ tls_source_finalize,
+ (GSourceFunc)g_tls_connection_tls_source_dtls_closure_callback,
+ (GSourceDummyMarshal)g_cclosure_marshal_generic
+};
+
GSource *
g_tls_connection_base_create_source (GTlsConnectionBase *tls,
- GIOCondition condition,
- GCancellable *cancellable)
+ GIOCondition condition,
+ GCancellable *cancellable)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GSource *source, *cancellable_source;
GTlsConnectionBaseSource *tls_source;
- source = g_source_new (&tls_source_funcs, sizeof (GTlsConnectionBaseSource));
+ if (g_tls_connection_base_is_dtls (tls))
+ {
+ source = g_source_new (&dtls_source_funcs,
+ sizeof (GTlsConnectionBaseSource));
+ }
+ else
+ {
+ source = g_source_new (&tls_source_funcs,
+ sizeof (GTlsConnectionBaseSource));
+ }
g_source_set_name (source, "GTlsConnectionBaseSource");
tls_source = (GTlsConnectionBaseSource *)source;
tls_source->tls = g_object_ref (tls);
tls_source->condition = condition;
- if (condition & G_IO_IN)
- tls_source->stream = G_OBJECT (tls->tls_istream);
- else if (condition & G_IO_OUT)
- tls_source->stream = G_OBJECT (tls->tls_ostream);
+ if (g_tls_connection_base_is_dtls (tls))
+ tls_source->base = G_OBJECT (tls);
+ else if (priv->tls_istream && condition & G_IO_IN)
+ tls_source->base = G_OBJECT (priv->tls_istream);
+ else if (priv->tls_ostream && condition & G_IO_OUT)
+ tls_source->base = G_OBJECT (priv->tls_ostream);
+ else
+ g_assert_not_reached ();
tls_source->op_waiting = (gboolean) -1;
tls_source->io_waiting = (gboolean) -1;
if (cancellable)
{
cancellable_source = g_cancellable_source_new (cancellable);
- g_source_set_dummy_callback (cancellable_source);
+ g_source_set_callback (cancellable_source, dummy_callback, NULL, NULL);
g_source_add_child_source (source, cancellable_source);
g_source_unref (cancellable_source);
}
return source;
}
-gboolean
-g_tls_connection_base_accept_peer_certificate (GTlsConnectionBase *tls,
- GTlsCertificate *peer_certificate,
- GTlsCertificateFlags peer_certificate_errors)
+static GSource *
+g_tls_connection_base_dtls_create_source (GDatagramBased *datagram_based,
+ GIOCondition condition,
+ GCancellable *cancellable)
{
- gboolean accepted = FALSE;
-
- if (G_IS_TLS_CLIENT_CONNECTION (tls))
- {
- GTlsCertificateFlags validation_flags =
- g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (tls));
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
- if ((peer_certificate_errors & validation_flags) == 0)
- accepted = TRUE;
- }
+ return g_tls_connection_base_create_source (tls, condition, cancellable);
+}
- if (!accepted)
- {
- accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (tls),
- peer_certificate,
- peer_certificate_errors);
- }
+static GIOCondition
+g_tls_connection_base_condition_check (GDatagramBased *datagram_based,
+ GIOCondition condition)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
- return accepted;
+ return g_tls_connection_base_check (tls, condition) ? condition : 0;
}
-void
-g_tls_connection_base_set_peer_certificate (GTlsConnectionBase *tls,
- GTlsCertificate *peer_certificate,
- GTlsCertificateFlags peer_certificate_errors)
+static gboolean
+g_tls_connection_base_condition_wait (GDatagramBased *datagram_based,
+ GIOCondition condition,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
- g_set_object (&tls->peer_certificate, peer_certificate);
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GPollFD fds[2];
+ guint n_fds;
+ gint result = 1; /* if the loop is never entered, it's as if we cancelled early */
+ gint64 start_time;
- tls->peer_certificate_errors = peer_certificate_errors;
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
- g_object_notify (G_OBJECT (tls), "peer-certificate");
- g_object_notify (G_OBJECT (tls), "peer-certificate-errors");
-}
+ /* Convert from microseconds to milliseconds. */
+ if (timeout != -1)
+ timeout = timeout / 1000;
-static void
-handshake_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsConnectionBase *tls = object;
- GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
- GError *error = NULL;
+ start_time = g_get_monotonic_time ();
- tls->started_handshake = FALSE;
- tls->certificate_requested = FALSE;
+ g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
+ n_fds = 1;
- if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
- TRUE, cancellable, &error))
+ if (g_cancellable_make_pollfd (cancellable, &fds[1]))
+ n_fds++;
+
+ while (!g_tls_connection_base_condition_check (datagram_based, condition) &&
+ !g_cancellable_is_cancelled (cancellable))
{
- g_task_return_error (task, error);
- return;
+ result = g_poll (fds, n_fds, timeout);
+ if (result == 0)
+ break;
+ if (result != -1 || errno != EINTR)
+ continue;
+
+ if (timeout != -1)
+ {
+ timeout -= (g_get_monotonic_time () - start_time) / 1000;
+ if (timeout < 0)
+ timeout = 0;
+ }
}
- g_clear_error (&tls->handshake_error);
+ if (n_fds > 1)
+ g_cancellable_release_fd (cancellable);
- if (tls->ever_handshaked && !tls->need_handshake)
+ if (result == 0)
{
- GTlsConnectionBaseStatus status;
-
- status = tls_class->request_rehandshake (tls, cancellable, &error);
- if (status != G_TLS_CONNECTION_BASE_OK)
- {
- g_task_return_error (task, error);
- return;
- }
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
+ _("Socket I/O timed out"));
+ return FALSE;
}
- g_clear_object (&tls->peer_certificate);
- tls->peer_certificate_errors = 0;
+ return !g_cancellable_set_error_if_cancelled (cancellable, error);
+}
- tls->started_handshake = TRUE;
- tls_class->handshake (tls, cancellable, &error);
- tls->need_handshake = FALSE;
+static GTlsCertificateFlags
+verify_peer_certificate (GTlsConnectionBase *tls,
+ GTlsCertificate *peer_certificate)
+{
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ GSocketConnectable *peer_identity = NULL;
+ GTlsDatabase *database;
+ GTlsCertificateFlags errors = 0;
+ gboolean is_client;
- if (error)
+ is_client = G_IS_TLS_CLIENT_CONNECTION (tls);
+
+ if (is_client)
{
- if ((g_error_matches (error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
-#if GLIB_CHECK_VERSION (2, 35, 3)
- g_error_matches (error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
-#endif
- g_error_matches (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS)) &&
- tls->certificate_requested)
- {
- g_clear_error (&error);
- if (tls->certificate_error)
- {
- error = tls->certificate_error;
- tls->certificate_error = NULL;
- }
- else
- {
- g_set_error_literal (&error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
- _("Server required TLS certificate"));
- }
- }
- g_task_return_error (task, error);
+ if (!g_tls_connection_base_is_dtls (tls))
+ peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (tls));
+ else
+ peer_identity = g_dtls_client_connection_get_server_identity (G_DTLS_CLIENT_CONNECTION (tls));
+
+ if (!peer_identity)
+ errors |= G_TLS_CERTIFICATE_BAD_IDENTITY;
+ }
+
+ database = g_tls_connection_get_database (G_TLS_CONNECTION (tls));
+ if (!database)
+ {
+ errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
+ errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL);
}
else
{
- tls->ever_handshaked = TRUE;
- g_task_return_boolean (task, TRUE);
+ GError *error = NULL;
+
+ g_assert (tls_class->verify_chain);
+ errors |= tls_class->verify_chain (tls,
+ peer_certificate,
+ is_client ? G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER : G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
+ peer_identity,
+ g_tls_connection_get_interaction (G_TLS_CONNECTION (tls)),
+ G_TLS_DATABASE_VERIFY_NONE,
+ NULL,
+ &error);
+ if (error)
+ {
+ g_tls_log_debug (tls, "failure verifying certificate chain: %s", error->message);
+ g_assert (errors != 0);
+ g_clear_error (&error);
+ }
}
+
+ if (tls_class->verify_peer_certificate)
+ errors |= tls_class->verify_peer_certificate (tls, peer_certificate, errors);
+
+ return errors;
}
static gboolean
-finish_handshake (GTlsConnectionBase *tls,
- GTask *task,
- GError **error)
+accept_or_reject_peer_certificate (gpointer user_data)
{
- GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
- GError *my_error = NULL;
+ GTlsConnectionBase *tls = user_data;
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsCertificate *peer_certificate = NULL;
+ GTlsCertificateFlags peer_certificate_errors = 0;
+ gboolean accepted = FALSE;
- if (g_task_propagate_boolean (task, &my_error))
- tls_class->complete_handshake (tls, &my_error);
+ /* This function must be called from the handshake context thread
+ * (probably the main thread, NOT the handshake thread) because
+ * it emits notifies that are application-visible.
+ */
+ g_assert (priv->handshake_context);
+ g_assert (g_main_context_is_owner (priv->handshake_context));
- if (my_error && tls->started_handshake)
- tls->handshake_error = g_error_copy (my_error);
+ peer_certificate = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->retrieve_peer_certificate (tls);
- if (!my_error)
- return TRUE;
+ if (peer_certificate)
+ {
+ peer_certificate_errors = verify_peer_certificate (tls, peer_certificate);
- g_propagate_error (error, my_error);
- return FALSE;
-}
+ if (G_IS_TLS_CLIENT_CONNECTION (tls))
+ {
+ GTlsCertificateFlags validation_flags;
-static gboolean
-g_tls_connection_base_handshake (GTlsConnection *conn,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
- GTask *task;
- gboolean success;
- GError *my_error = NULL;
+ if (!g_tls_connection_base_is_dtls (tls))
+ validation_flags =
+ g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (tls));
+ else
+ validation_flags =
+ g_dtls_client_connection_get_validation_flags (G_DTLS_CLIENT_CONNECTION (tls));
- task = g_task_new (conn, cancellable, NULL, NULL);
- g_task_set_source_tag (task, g_tls_connection_base_handshake);
- g_task_run_in_thread_sync (task, handshake_thread);
- success = finish_handshake (tls, task, &my_error);
- g_object_unref (task);
+ if ((peer_certificate_errors & validation_flags) == 0)
+ accepted = TRUE;
+ }
+
+ if (!accepted)
+ {
+ gboolean sync_handshake_in_progress;
+
+ g_mutex_lock (&priv->op_mutex);
+ sync_handshake_in_progress = priv->sync_handshake_in_progress;
+ g_mutex_unlock (&priv->op_mutex);
+
+ if (sync_handshake_in_progress)
+ g_main_context_pop_thread_default (priv->handshake_context);
+
+ accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (tls),
+ peer_certificate,
+ peer_certificate_errors);
+
+ if (sync_handshake_in_progress)
+ g_main_context_push_thread_default (priv->handshake_context);
+ }
+ }
+ else if (G_IS_TLS_SERVER_CONNECTION (tls))
+ {
+ GTlsAuthenticationMode mode = 0;
+
+ g_object_get (tls,
+ "authentication-mode", &mode,
+ NULL);
+
+ if (mode != G_TLS_AUTHENTICATION_REQUIRED)
+ accepted = TRUE;
+ }
+
+ g_mutex_lock (&priv->verify_certificate_mutex);
+
+ priv->peer_certificate_accepted = accepted;
+
+ /* Warning: the API documentation indicates that these properties are not
+ * set until *after* accept-certificate.
+ */
+ g_clear_object (&priv->peer_certificate);
+ priv->peer_certificate = g_steal_pointer (&peer_certificate);
+ priv->peer_certificate_errors = peer_certificate_errors;
+
+ g_object_notify (G_OBJECT (tls), "peer-certificate");
+ g_object_notify (G_OBJECT (tls), "peer-certificate-errors");
+
+ /* This has to be the very last statement before signaling the
+ * condition variable because otherwise the code could spuriously
+ * wakeup and continue before we are done here.
+ */
+ priv->peer_certificate_examined = TRUE;
+
+ g_cond_signal (&priv->verify_certificate_condition);
+ g_mutex_unlock (&priv->verify_certificate_mutex);
+
+ return G_SOURCE_REMOVE;
+}
+
+gboolean
+g_tls_connection_base_handshake_thread_verify_certificate (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ gboolean accepted;
+
+ g_tls_log_debug (tls, "verifying peer certificate");
+
+ g_mutex_lock (&priv->verify_certificate_mutex);
+ priv->peer_certificate_examined = FALSE;
+ priv->peer_certificate_accepted = FALSE;
+ g_mutex_unlock (&priv->verify_certificate_mutex);
+
+ /* Invoke the callback on the handshake context's thread. This is
+ * necessary because we need to ensure the accept-certificate signal
+ * is emitted on the original thread.
+ */
+ g_assert (priv->handshake_context);
+ g_main_context_invoke (priv->handshake_context, accept_or_reject_peer_certificate, tls);
+
+ /* We'll block the handshake thread until the original thread has
+ * decided whether to accept the certificate.
+ */
+ g_mutex_lock (&priv->verify_certificate_mutex);
+ while (!priv->peer_certificate_examined)
+ g_cond_wait (&priv->verify_certificate_condition, &priv->verify_certificate_mutex);
+ accepted = priv->peer_certificate_accepted;
+ g_mutex_unlock (&priv->verify_certificate_mutex);
+
+ return accepted;
+}
+
+static gboolean
+g_tls_connection_base_get_binding_data (GTlsConnection *conn,
+ GTlsChannelBindingType type,
+ GByteArray *data,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+
+ g_assert (tls_class->get_channel_binding_data);
+
+ if (!priv->ever_handshaked || priv->need_handshake)
+ {
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR,
+ G_TLS_CHANNEL_BINDING_ERROR_INVALID_STATE,
+ _("Handshake is not finished, no channel binding information yet"));
+ return FALSE;
+ }
+
+ return tls_class->get_channel_binding_data (tls, type, data, error);
+}
+
+static gboolean
+g_tls_connection_base_dtls_get_binding_data (GDtlsConnection *conn,
+ GTlsChannelBindingType type,
+ GByteArray *data,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+
+ return g_tls_connection_base_get_binding_data ((GTlsConnection *)tls,
+ type, data, error);
+}
+
+#if GLIB_CHECK_VERSION(2, 69, 0)
+static const gchar *
+g_tls_connection_base_get_negotiated_protocol (GTlsConnection *conn)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->negotiated_protocol;
+}
+#endif
+
+static const gchar *
+g_tls_connection_base_dtls_get_negotiated_protocol (GDtlsConnection *conn)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->negotiated_protocol;
+}
+
+static void
+handshake_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsConnectionBase *tls = object;
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ GError *error = NULL;
+ gint64 start_time;
+ gint64 timeout;
+
+ g_tls_log_debug (tls, "TLS handshake thread starts");
+
+ /* A timeout, in microseconds, must be provided as a gint64* task_data. */
+ g_assert (task_data);
+ start_time = g_get_monotonic_time ();
+ timeout = *((gint64 *)task_data);
+
+ priv->started_handshake = FALSE;
+ priv->missing_requested_client_certificate = FALSE;
+
+ if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
+ timeout, cancellable, &error))
+ {
+ g_task_return_error (task, error);
+ g_tls_log_debug (tls, "TLS handshake thread failed: claiming op failed");
+ return;
+ }
+
+ g_clear_error (&priv->handshake_error);
+
+ if (priv->ever_handshaked && !priv->need_handshake)
+ {
+ GTlsConnectionBaseStatus status;
+
+ if (tls_class->handshake_thread_safe_renegotiation_status (tls) != G_TLS_SAFE_RENEGOTIATION_SUPPORTED_BY_PEER)
+ {
+ g_task_return_new_error (task, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Peer does not support safe renegotiation"));
+ g_tls_log_debug (tls, "TLS handshake thread failed: peer does not support safe renegotiation");
+ return;
+ }
+
+ /* Adjust the timeout for the next operation in the sequence. */
+ if (timeout > 0)
+ {
+ timeout -= (g_get_monotonic_time () - start_time);
+ if (timeout <= 0)
+ timeout = 1;
+ }
+
+ status = tls_class->handshake_thread_request_rehandshake (tls, timeout, cancellable, &error);
+ if (status != G_TLS_CONNECTION_BASE_OK)
+ {
+ g_task_return_error (task, error);
+ g_tls_log_debug (tls, "TLS handshake thread failed: %s", error->message);
+ return;
+ }
+ }
+
+ /* Adjust the timeout for the next operation in the sequence. */
+ if (timeout > 0)
+ {
+ timeout -= (g_get_monotonic_time () - start_time);
+ if (timeout <= 0)
+ timeout = 1;
+ }
+
+ priv->started_handshake = TRUE;
+ tls_class->handshake_thread_handshake (tls, timeout, cancellable, &error);
+ priv->need_handshake = FALSE;
+
+ if (error)
+ {
+ g_task_return_error (task, error);
+ g_tls_log_debug (tls, "TLS handshake thread failed: %s", error->message);
+ }
+ else
+ {
+ priv->ever_handshaked = TRUE;
+ g_task_return_boolean (task, TRUE);
+ g_tls_log_debug (tls, "TLS handshake thread succeeded");
+ }
+}
+
+static void
+sync_handshake_thread_completed (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ gpointer source_tag;
+
+ g_tls_log_debug (tls, "synchronous TLS handshake thread completed");
+
+ source_tag = g_task_get_source_tag (G_TASK (result));
+ g_assert (source_tag == do_implicit_handshake || source_tag == g_tls_connection_base_handshake);
+ g_assert (g_task_is_valid (result, object));
+
+ g_assert (g_main_context_is_owner (priv->handshake_context));
+
+ g_mutex_lock (&priv->op_mutex);
+ priv->sync_handshake_in_progress = FALSE;
+ g_mutex_unlock (&priv->op_mutex);
+
+ g_main_context_wakeup (priv->handshake_context);
+}
+
+static void
+crank_sync_handshake_context (GTlsConnectionBase *tls,
+ GCancellable *cancellable)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ /* need_finish_handshake will be set inside sync_handshake_thread_completed(),
+ * which should only ever be invoked while iterating the handshake context
+ * here. So need_finish_handshake should only change on this thread.
+ *
+ * FIXME: This function is not cancellable. We should figure out how to
+ * support cancellation. We must not return from this function before it is
+ * safe to destroy handshake_context, but it's not safe to destroy
+ * handshake_context until after the handshake has completed. And the
+ * handshake operation is not cancellable, so we have a problem.
+ */
+ g_mutex_lock (&priv->op_mutex);
+ priv->sync_handshake_in_progress = TRUE;
+ while (priv->sync_handshake_in_progress)
+ {
+ g_mutex_unlock (&priv->op_mutex);
+ g_main_context_iteration (priv->handshake_context, TRUE);
+ g_mutex_lock (&priv->op_mutex);
+ }
+ g_mutex_unlock (&priv->op_mutex);
+}
+
+static gboolean
+finish_handshake (GTlsConnectionBase *tls,
+ GTask *task,
+ GError **error)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ gchar *original_negotiated_protocol;
+ gchar *original_ciphersuite_name;
+ GTlsProtocolVersion original_protocol_version;
+ gboolean success;
+ GError *my_error = NULL;
+
+ g_tls_log_debug (tls, "finishing TLS handshake");
+
+ original_negotiated_protocol = g_steal_pointer (&priv->negotiated_protocol);
+ original_ciphersuite_name = g_steal_pointer (&priv->ciphersuite_name);
+ original_protocol_version = priv->protocol_version;
+
+ success = g_task_propagate_boolean (task, &my_error);
+ if (success)
+ {
+ if (tls_class->is_session_resumed && tls_class->is_session_resumed (tls))
+ {
+ /* Because this session was resumed, we skipped certificate
+ * verification on this handshake, so we missed our earlier
+ * chance to set peer_certificate and peer_certificate_errors.
+ * Do so here instead.
+ *
+ * The certificate has already been accepted, so we don't do
+ * anything with the result here.
+ */
+ g_mutex_lock (&priv->verify_certificate_mutex);
+
+ g_clear_object (&priv->peer_certificate);
+ priv->peer_certificate = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->retrieve_peer_certificate (tls);
+ priv->peer_certificate_errors = verify_peer_certificate (tls, priv->peer_certificate);
+
+ g_object_notify (G_OBJECT (tls), "peer-certificate");
+ g_object_notify (G_OBJECT (tls), "peer-certificate-errors");
+
+ priv->peer_certificate_examined = TRUE;
+ priv->peer_certificate_accepted = TRUE;
+ g_mutex_unlock (&priv->verify_certificate_mutex);
+ }
+
+ /* FIXME: Return an error from the handshake thread instead. */
+ if (priv->peer_certificate && !priv->peer_certificate_accepted)
+ {
+ g_set_error_literal (&my_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Unacceptable TLS certificate"));
+ success = FALSE;
+ }
+ }
+
+ tls_class->complete_handshake (tls,
+ success,
+ &priv->negotiated_protocol,
+ &priv->protocol_version,
+ &priv->ciphersuite_name,
+ /* If we already have an error, ignore further errors. */
+ my_error ? NULL : &my_error);
+
+ if (g_strcmp0 (original_negotiated_protocol, priv->negotiated_protocol) != 0)
+ g_object_notify (G_OBJECT (tls), "negotiated-protocol");
+ g_free (original_negotiated_protocol);
+
+ if (original_protocol_version != priv->protocol_version)
+ g_object_notify (G_OBJECT (tls), "protocol-version");
+
+ if (g_strcmp0 (original_ciphersuite_name, priv->ciphersuite_name) != 0)
+ g_object_notify (G_OBJECT (tls), "ciphersuite-name");
+ g_free (original_ciphersuite_name);
+
+ if (my_error && priv->started_handshake)
+ priv->handshake_error = g_error_copy (my_error);
+
+ if (!my_error) {
+ g_tls_log_debug (tls, "TLS handshake has finished successfully");
+ return TRUE;
+ }
+
+ g_tls_log_debug (tls, "TLS handshake has finished with error: %s", my_error->message);
+ g_propagate_error (error, my_error);
+ return FALSE;
+}
+
+static gboolean
+g_tls_connection_base_handshake (GTlsConnection *conn,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ GTask *task;
+ gboolean success;
+ gint64 *timeout = NULL;
+ GError *my_error = NULL;
+
+ g_tls_log_debug (tls, "Starting synchronous TLS handshake");
+
+ g_assert (!priv->handshake_context);
+ priv->handshake_context = g_main_context_new ();
+
+ g_main_context_push_thread_default (priv->handshake_context);
+
+ if (tls_class->prepare_handshake)
+ tls_class->prepare_handshake (tls, priv->advertised_protocols);
+
+ task = g_task_new (conn, cancellable, sync_handshake_thread_completed, NULL);
+ g_task_set_source_tag (task, g_tls_connection_base_handshake);
+ g_task_set_name (task, "[glib-networking] g_tls_connection_base_handshake");
+
+ timeout = g_new0 (gint64, 1);
+ *timeout = -1; /* blocking */
+ g_task_set_task_data (task, timeout, g_free);
+
+ g_task_run_in_thread (task, handshake_thread);
+ crank_sync_handshake_context (tls, cancellable);
+
+ success = finish_handshake (tls, task, &my_error);
+ g_object_unref (task);
+
+ g_main_context_pop_thread_default (priv->handshake_context);
+ g_clear_pointer (&priv->handshake_context, g_main_context_unref);
yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
- G_TLS_CONNECTION_BASE_OK);
+ G_TLS_CONNECTION_BASE_OK);
if (my_error)
g_propagate_error (error, my_error);
return success;
}
+static gboolean
+g_tls_connection_base_dtls_handshake (GDtlsConnection *conn,
+ GCancellable *cancellable,
+ GError **error)
+{
+ return g_tls_connection_base_handshake (G_TLS_CONNECTION (conn),
+ cancellable, error);
+}
+
/* In the async version we use two GTasks; one to run
- * handshake_thread() and then call handshake_thread_completed(), and
- * a second to call the caller's original callback after we call
+ * handshake_thread() and then call async_handshake_thread_completed(),
+ * and a second to call the caller's original callback after we call
* finish_handshake().
*/
static void
-handshake_thread_completed (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
+async_handshake_thread_completed (GObject *object,
+ GAsyncResult *result,
+ gpointer user_data)
{
GTask *caller_task = user_data;
GTlsConnectionBase *tls = g_task_get_source_object (caller_task);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GError *error = NULL;
gboolean need_finish_handshake, success;
- g_mutex_lock (&tls->op_mutex);
- if (tls->need_finish_handshake)
+ g_tls_log_debug (tls, "Asynchronous TLS handshake thread completed");
+
+ g_assert (g_task_is_valid (result, object));
+ g_assert (g_task_get_source_tag (G_TASK (result)) == g_tls_connection_base_handshake_async);
+
+ g_mutex_lock (&priv->op_mutex);
+ if (priv->need_finish_handshake)
{
need_finish_handshake = TRUE;
- tls->need_finish_handshake = FALSE;
+ priv->need_finish_handshake = FALSE;
}
else
need_finish_handshake = FALSE;
- g_mutex_unlock (&tls->op_mutex);
+ g_mutex_unlock (&priv->op_mutex);
+ /* We have to clear handshake_context before g_task_return_* because it can
+ * return immediately to application code inside g_task_return_*,
+ * and the application code could then start a new TLS operation.
+ *
+ * But we can't clear until after finish_handshake().
+ */
if (need_finish_handshake)
{
success = finish_handshake (tls, G_TASK (result), &error);
+
+ g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+
if (success)
- g_task_return_boolean (caller_task, TRUE);
+ g_task_return_boolean (caller_task, TRUE);
else
- g_task_return_error (caller_task, error);
+ g_task_return_error (caller_task, error);
}
- else if (tls->handshake_error)
- g_task_return_error (caller_task, g_error_copy (tls->handshake_error));
else
- g_task_return_boolean (caller_task, TRUE);
+ {
+ g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+
+ if (priv->handshake_error)
+ g_task_return_error (caller_task, g_error_copy (priv->handshake_error));
+ else
+ g_task_return_boolean (caller_task, TRUE);
+ }
g_object_unref (caller_task);
}
static void
async_handshake_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
{
GTlsConnectionBase *tls = object;
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_tls_log_debug (tls, "Asynchronous TLS handshake thread starts");
handshake_thread (task, object, task_data, cancellable);
- g_mutex_lock (&tls->op_mutex);
- tls->need_finish_handshake = TRUE;
+ g_mutex_lock (&priv->op_mutex);
+ priv->need_finish_handshake = TRUE;
/* yield_op will clear handshaking too, but we don't want the
* connection to be briefly "handshaking && need_finish_handshake"
* after we unlock the mutex.
*/
- tls->handshaking = FALSE;
- g_mutex_unlock (&tls->op_mutex);
+ priv->handshaking = FALSE;
+ g_mutex_unlock (&priv->op_mutex);
yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
- G_TLS_CONNECTION_BASE_OK);
+ G_TLS_CONNECTION_BASE_OK);
}
static void
-g_tls_connection_base_handshake_async (GTlsConnection *conn,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
+g_tls_connection_base_handshake_async (GTlsConnection *conn,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (conn);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
GTask *thread_task, *caller_task;
+ gint64 *timeout = NULL;
+
+ g_tls_log_debug (tls, "Starting asynchronous TLS handshake");
+
+ g_assert (!priv->handshake_context);
+ priv->handshake_context = g_main_context_ref_thread_default ();
+
+ if (tls_class->prepare_handshake)
+ tls_class->prepare_handshake (tls, priv->advertised_protocols);
caller_task = g_task_new (conn, cancellable, callback, user_data);
g_task_set_source_tag (caller_task, g_tls_connection_base_handshake_async);
+ g_task_set_name (caller_task, "[glib-networking] g_tls_connection_base_handshake_async (caller task)");
g_task_set_priority (caller_task, io_priority);
- thread_task = g_task_new (conn, cancellable, handshake_thread_completed, caller_task);
+
+ thread_task = g_task_new (conn, cancellable, async_handshake_thread_completed, caller_task);
g_task_set_source_tag (thread_task, g_tls_connection_base_handshake_async);
+ g_task_set_name (caller_task, "[glib-networking] g_tls_connection_base_handshake_async (thread task)");
g_task_set_priority (thread_task, io_priority);
+ timeout = g_new0 (gint64, 1);
+ *timeout = -1; /* blocking */
+ g_task_set_task_data (thread_task, timeout, g_free);
+
g_task_run_in_thread (thread_task, async_handshake_thread);
g_object_unref (thread_task);
}
static gboolean
-g_tls_connection_base_handshake_finish (GTlsConnection *conn,
- GAsyncResult *result,
- GError **error)
+g_tls_connection_base_handshake_finish (GTlsConnection *conn,
+ GAsyncResult *result,
+ GError **error)
{
g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_tls_connection_base_handshake_async, FALSE);
return g_task_propagate_boolean (G_TASK (result), error);
}
static void
-implicit_handshake_completed (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
+g_tls_connection_base_dtls_handshake_async (GDtlsConnection *conn,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
- GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (object);
-
- g_mutex_lock (&tls->op_mutex);
- tls->need_finish_handshake = TRUE;
- g_mutex_unlock (&tls->op_mutex);
+ g_tls_connection_base_handshake_async (G_TLS_CONNECTION (conn), io_priority,
+ cancellable, callback, user_data);
+}
- yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
- G_TLS_CONNECTION_BASE_OK);
+static gboolean
+g_tls_connection_base_dtls_handshake_finish (GDtlsConnection *conn,
+ GAsyncResult *result,
+ GError **error)
+{
+ return g_tls_connection_base_handshake_finish (G_TLS_CONNECTION (conn),
+ result, error);
}
static gboolean
do_implicit_handshake (GTlsConnectionBase *tls,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error)
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseClass *tls_class = G_TLS_CONNECTION_BASE_GET_CLASS (tls);
+ gint64 *thread_timeout = NULL;
+
+ g_tls_log_debug (tls, "Implicit TLS handshaking starts");
+
/* We have op_mutex */
- tls->implicit_handshake = g_task_new (tls, cancellable,
- implicit_handshake_completed,
- NULL);
- g_task_set_source_tag (tls->implicit_handshake, do_implicit_handshake);
+ g_assert (!priv->handshake_context);
+ if (timeout != 0)
+ {
+ priv->handshake_context = g_main_context_new ();
+ g_main_context_push_thread_default (priv->handshake_context);
+ }
+ else
+ {
+ priv->handshake_context = g_main_context_ref_thread_default ();
+ }
+
+ g_assert (!priv->implicit_handshake);
+ priv->implicit_handshake = g_task_new (tls, cancellable,
+ timeout ? sync_handshake_thread_completed : NULL,
+ NULL);
+ g_task_set_source_tag (priv->implicit_handshake, do_implicit_handshake);
+ g_task_set_name (priv->implicit_handshake, "[glib-networking] do_implicit_handshake");
+
+ thread_timeout = g_new0 (gint64, 1);
+ g_task_set_task_data (priv->implicit_handshake,
+ thread_timeout, g_free);
+
+ if (tls_class->prepare_handshake)
+ tls_class->prepare_handshake (tls, priv->advertised_protocols);
- if (blocking)
+ if (timeout != 0)
{
GError *my_error = NULL;
gboolean success;
- g_mutex_unlock (&tls->op_mutex);
- g_task_run_in_thread_sync (tls->implicit_handshake,
- handshake_thread);
+ /* In the blocking case, run the handshake operation synchronously in
+ * another thread, and delegate handling the timeout to that thread; it
+ * should return G_IO_ERROR_TIMED_OUT iff (timeout > 0) and the operation
+ * times out. If (timeout < 0) it should block indefinitely until the
+ * operation is complete or errors. */
+ *thread_timeout = timeout;
+
+ g_mutex_unlock (&priv->op_mutex);
+
+ g_task_run_in_thread (priv->implicit_handshake, handshake_thread);
+
+ crank_sync_handshake_context (tls, cancellable);
+
success = finish_handshake (tls,
- tls->implicit_handshake,
- &my_error);
- g_clear_object (&tls->implicit_handshake);
+ priv->implicit_handshake,
+ &my_error);
+
+ g_main_context_pop_thread_default (priv->handshake_context);
+ g_clear_pointer (&priv->handshake_context, g_main_context_unref);
+ g_clear_object (&priv->implicit_handshake);
+
yield_op (tls, G_TLS_CONNECTION_BASE_OP_HANDSHAKE,
- G_TLS_CONNECTION_BASE_OK);
- g_mutex_lock (&tls->op_mutex);
+ G_TLS_CONNECTION_BASE_OK);
+
+ g_mutex_lock (&priv->op_mutex);
if (my_error)
- g_propagate_error (error, my_error);
+ g_propagate_error (error, my_error);
return success;
}
else
{
- g_task_run_in_thread (tls->implicit_handshake,
- handshake_thread);
-
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
- _("Operation would block"));
+ /* In the non-blocking case, start the asynchronous handshake operation
+ * and return EWOULDBLOCK to the caller, who will handle polling for
+ * completion of the handshake and whatever operation they actually cared
+ * about. Run the actual operation as blocking in its thread. */
+ *thread_timeout = -1; /* blocking */
+
+ g_task_run_in_thread (priv->implicit_handshake,
+ async_handshake_thread);
+
+ /* Intentionally not translated because this is not a fatal error to be
+ * presented to the user, and to avoid this showing up in profiling. */
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, "Operation would block");
return FALSE;
}
}
gssize
g_tls_connection_base_read (GTlsConnectionBase *tls,
- void *buffer,
- gsize count,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error)
+ void *buffer,
+ gsize count,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GTlsConnectionBaseStatus status;
gssize nread;
+ g_tls_log_debug (tls, "starting to read data from TLS connection");
+
do
{
if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_READ,
- blocking, cancellable, error))
- return -1;
-
- if (tls->app_data_buf && !tls->handshaking)
- {
- nread = MIN (count, tls->app_data_buf->len);
- memcpy (buffer, tls->app_data_buf->data, nread);
- if (nread == tls->app_data_buf->len)
- g_clear_pointer (&tls->app_data_buf, g_byte_array_unref);
- else
- g_byte_array_remove_range (tls->app_data_buf, 0, nread);
- status = G_TLS_CONNECTION_BASE_OK;
- }
+ timeout, cancellable, error))
+ return -1;
+
+ if (priv->app_data_buf && !priv->handshaking)
+ {
+ nread = MIN (count, priv->app_data_buf->len);
+ memcpy (buffer, priv->app_data_buf->data, nread);
+ if (nread == priv->app_data_buf->len)
+ g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
+ else
+ g_byte_array_remove_range (priv->app_data_buf, 0, nread);
+ status = G_TLS_CONNECTION_BASE_OK;
+ }
else
- {
- status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
- read_fn (tls, buffer, count, blocking, &nread, cancellable, error);
- }
+ {
+ status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+ read_fn (tls, buffer, count, timeout, &nread, cancellable, error);
+ }
yield_op (tls, G_TLS_CONNECTION_BASE_OP_READ, status);
}
while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
if (status == G_TLS_CONNECTION_BASE_OK)
- return nread;
- else
- return -1;
+ {
+ priv->successful_read_op = TRUE;
+ g_tls_log_debug (tls, "successfully read %" G_GSSIZE_FORMAT " bytes from TLS connection", nread);
+ return nread;
+ }
+
+ g_tls_log_debug (tls, "reading data from TLS connection has failed: %s", status_to_string (status));
+ return -1;
+}
+
+static gssize
+g_tls_connection_base_read_message (GTlsConnectionBase *tls,
+ GInputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsConnectionBaseStatus status = G_TLS_CONNECTION_BASE_OK;
+ gssize nread;
+
+ g_tls_log_debug (tls, "starting to read messages from TLS connection");
+
+ do {
+ if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_READ,
+ timeout, cancellable, error))
+ return -1;
+
+ /* Copy data out of the app data buffer first. */
+ if (priv->app_data_buf && !priv->handshaking)
+ {
+ nread = 0;
+
+ for (guint i = 0; i < num_vectors && priv->app_data_buf; i++)
+ {
+ gsize count;
+ GInputVector *vec = &vectors[i];
+
+ count = MIN (vec->size, priv->app_data_buf->len);
+ nread += count;
+
+ memcpy (vec->buffer, priv->app_data_buf->data, count);
+ if (count == priv->app_data_buf->len)
+ g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
+ else
+ g_byte_array_remove_range (priv->app_data_buf, 0, count);
+ }
+ }
+ else
+ {
+ g_assert (G_TLS_CONNECTION_BASE_GET_CLASS (tls)->read_message_fn);
+ status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+ read_message_fn (tls, vectors, num_vectors, timeout, &nread, cancellable, error);
+ }
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_READ, status);
+ } while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
+
+ if (status == G_TLS_CONNECTION_BASE_OK)
+ {
+ priv->successful_read_op = TRUE;
+ g_tls_log_debug (tls, "successfully read %" G_GSSIZE_FORMAT " bytes from TLS connection", nread);
+ return nread;
+ }
+
+ g_tls_log_debug (tls, "reading message from TLS connection has failed: %s", status_to_string (status));
+ return -1;
+}
+
+static gint
+g_tls_connection_base_receive_messages (GDatagramBased *datagram_based,
+ GInputMessage *messages,
+ guint num_messages,
+ gint flags,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ guint i;
+ GError *child_error = NULL;
+
+ if (flags != G_SOCKET_MSG_NONE)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+ _("Receive flags are not supported"));
+ return -1;
+ }
+
+ for (i = 0; i < num_messages && !child_error; i++)
+ {
+ GInputMessage *message = &messages[i];
+ gssize n_bytes_read;
+
+ n_bytes_read = g_tls_connection_base_read_message (tls,
+ message->vectors,
+ message->num_vectors,
+ timeout,
+ cancellable,
+ &child_error);
+
+ if (message->address)
+ *message->address = NULL;
+ message->flags = G_SOCKET_MSG_NONE;
+ if (message->control_messages)
+ *message->control_messages = NULL;
+ message->num_control_messages = 0;
+
+ if (n_bytes_read > 0)
+ {
+ message->bytes_received = n_bytes_read;
+ }
+ else if (n_bytes_read == 0)
+ {
+ /* EOS. */
+ break;
+ }
+ else if (i > 0 &&
+ (g_error_matches (child_error,
+ G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) ||
+ g_error_matches (child_error,
+ G_IO_ERROR, G_IO_ERROR_TIMED_OUT)))
+ {
+ /* Blocked or timed out after receiving some messages successfully. */
+ g_clear_error (&child_error);
+ break;
+ }
+ else
+ {
+ /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT on
+ * the first message; or G_IO_ERROR_CANCELLED at any time. */
+ break;
+ }
+ }
+
+ if (child_error)
+ {
+ g_propagate_error (error, child_error);
+ return -1;
+ }
+
+ priv->successful_read_op = TRUE;
+ return i;
}
gssize
g_tls_connection_base_write (GTlsConnectionBase *tls,
- const void *buffer,
- gsize count,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error)
+ const void *buffer,
+ gsize count,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsConnectionBaseStatus status;
gssize nwrote;
+ g_tls_log_debug (tls, "starting to write %" G_GSIZE_FORMAT " bytes to TLS connection", count);
+
do
{
if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE,
- blocking, cancellable, error))
- return -1;
+ timeout, cancellable, error))
+ return -1;
status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
- write_fn (tls, buffer, count, blocking, &nwrote, cancellable, error);
+ write_fn (tls, buffer, count, timeout, &nwrote, cancellable, error);
yield_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE, status);
}
while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
if (status == G_TLS_CONNECTION_BASE_OK)
- return nwrote;
- else
- return -1;
+ {
+ g_tls_log_debug (tls, "successfully write %" G_GSSIZE_FORMAT " bytes to TLS connection", nwrote);
+ return nwrote;
+ }
+
+ g_tls_log_debug (tls, "writing data to TLS connection has failed: %s", status_to_string (status));
+ return -1;
+}
+
+static gssize
+g_tls_connection_base_write_message (GTlsConnectionBase *tls,
+ GOutputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBaseStatus status;
+ gssize nwrote;
+
+ g_tls_log_debug (tls, "starting to write messages to TLS connection");
+
+ do {
+ if (!claim_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE,
+ timeout, cancellable, error))
+ return -1;
+
+ g_assert (G_TLS_CONNECTION_BASE_GET_CLASS (tls)->read_message_fn);
+ status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
+ write_message_fn (tls, vectors, num_vectors, timeout, &nwrote, cancellable, error);
+
+ yield_op (tls, G_TLS_CONNECTION_BASE_OP_WRITE, status);
+ } while (status == G_TLS_CONNECTION_BASE_REHANDSHAKE);
+
+ if (status == G_TLS_CONNECTION_BASE_OK)
+ {
+ g_tls_log_debug (tls, "successfully write %" G_GSSIZE_FORMAT " bytes to TLS connection", nwrote);
+ return nwrote;
+ }
+
+ g_tls_log_debug (tls, "writing messages to TLS connection has failed: %s", status_to_string (status));
+ return -1;
+}
+
+static gint
+g_tls_connection_base_send_messages (GDatagramBased *datagram_based,
+ GOutputMessage *messages,
+ guint num_messages,
+ gint flags,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (datagram_based);
+ guint i;
+ GError *child_error = NULL;
+
+ if (flags != G_SOCKET_MSG_NONE)
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
+ _("Send flags are not supported"));
+ return -1;
+ }
+
+ for (i = 0; i < num_messages && !child_error; i++)
+ {
+ GOutputMessage *message = &messages[i];
+ gssize n_bytes_sent;
+
+ n_bytes_sent = g_tls_connection_base_write_message (tls,
+ message->vectors,
+ message->num_vectors,
+ timeout,
+ cancellable,
+ &child_error);
+
+ if (n_bytes_sent >= 0)
+ {
+ message->bytes_sent = n_bytes_sent;
+ }
+ else if (i > 0 &&
+ (g_error_matches (child_error,
+ G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) ||
+ g_error_matches (child_error,
+ G_IO_ERROR, G_IO_ERROR_TIMED_OUT)))
+ {
+ /* Blocked or timed out after sending some messages successfully. */
+ g_clear_error (&child_error);
+ break;
+ }
+ else
+ {
+ /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT
+ * on the first message; or G_IO_ERROR_CANCELLED at any time. */
+ break;
+ }
+ }
+
+ if (child_error)
+ {
+ g_propagate_error (error, child_error);
+ return -1;
+ }
+
+ return i;
}
static GInputStream *
g_tls_connection_base_get_input_stream (GIOStream *stream)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
- return tls->tls_istream;
+ return priv->tls_istream;
}
static GOutputStream *
g_tls_connection_base_get_output_stream (GIOStream *stream)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
- return tls->tls_ostream;
+ return priv->tls_ostream;
}
gboolean
-g_tls_connection_base_close_internal (GIOStream *stream,
- GTlsDirection direction,
- GCancellable *cancellable,
- GError **error)
+g_tls_connection_base_close_internal (GIOStream *stream,
+ GTlsDirection direction,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (stream);
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
GTlsConnectionBaseOp op;
GTlsConnectionBaseStatus status;
gboolean success = TRUE;
GError *close_error = NULL, *stream_error = NULL;
- /* This can be called from g_io_stream_close(), g_input_stream_close() or
- * g_output_stream_close(). In all cases, we only do the close_fn() for
- * writing. The difference is how we set the flags on this class and how
- * the underlying stream is closed.
+ g_tls_log_debug (tls, "starting to close the TLS connection");
+
+ /* This can be called from g_io_stream_close(), g_input_stream_close(),
+ * g_output_stream_close(), or g_tls_connection_close(). In all cases, we only
+ * do the close_fn() for writing. The difference is how we set the flags on
+ * this class and how the underlying stream is closed.
*/
g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
else
op = G_TLS_CONNECTION_BASE_OP_CLOSE_WRITE;
- if (!claim_op (tls, op, TRUE, cancellable, error))
+ if (!claim_op (tls, op, timeout, cancellable, error))
return FALSE;
- if (tls->ever_handshaked && !tls->write_closed &&
+ if (priv->ever_handshaked && !priv->write_closed &&
direction & G_TLS_DIRECTION_WRITE)
{
status = G_TLS_CONNECTION_BASE_GET_CLASS (tls)->
- close_fn (tls, cancellable, &close_error);
+ close_fn (tls, timeout, cancellable, &close_error);
- tls->write_closed = TRUE;
+ priv->write_closed = TRUE;
}
else
status = G_TLS_CONNECTION_BASE_OK;
- if (!tls->read_closed && direction & G_TLS_DIRECTION_READ)
- tls->read_closed = TRUE;
+ if (!priv->read_closed && direction & G_TLS_DIRECTION_READ)
+ priv->read_closed = TRUE;
/* Close the underlying streams. Do this even if the close_fn() call failed,
* as the parent GIOStream will have set its internal closed flag and hence
* this implementation will never be called again. */
- if (direction == G_TLS_DIRECTION_BOTH)
- success = g_io_stream_close (tls->base_io_stream,
- cancellable, &stream_error);
- else if (direction & G_TLS_DIRECTION_READ)
- success = g_input_stream_close (g_io_stream_get_input_stream (tls->base_io_stream),
- cancellable, &stream_error);
- else if (direction & G_TLS_DIRECTION_WRITE)
- success = g_output_stream_close (g_io_stream_get_output_stream (tls->base_io_stream),
+ if (priv->base_io_stream)
+ {
+ if (direction == G_TLS_DIRECTION_BOTH)
+ success = g_io_stream_close (priv->base_io_stream,
cancellable, &stream_error);
+ else if (direction & G_TLS_DIRECTION_READ)
+ success = g_input_stream_close (g_io_stream_get_input_stream (priv->base_io_stream),
+ cancellable, &stream_error);
+ else if (direction & G_TLS_DIRECTION_WRITE)
+ success = g_output_stream_close (g_io_stream_get_output_stream (priv->base_io_stream),
+ cancellable, &stream_error);
+ }
+ else if (g_tls_connection_base_is_dtls (tls))
+ {
+ /* We do not close underlying #GDatagramBaseds. There is no
+ * g_datagram_based_close() method since different datagram-based
+ * protocols vary wildly in how they close. */
+ success = TRUE;
+ }
+ else
+ {
+ g_assert_not_reached ();
+ }
yield_op (tls, op, status);
/* Propagate errors. */
if (status != G_TLS_CONNECTION_BASE_OK)
{
+ g_tls_log_debug (tls, "error closing TLS connection: %s", close_error->message);
g_propagate_error (error, close_error);
g_clear_error (&stream_error);
}
else if (!success)
{
+ g_tls_log_debug (tls, "error closing TLS connection: %s", stream_error->message);
g_propagate_error (error, stream_error);
g_clear_error (&close_error);
}
+ else
+ {
+ g_tls_log_debug (tls, "the TLS connection has been closed successfully");
+ }
return success && status == G_TLS_CONNECTION_BASE_OK;
}
{
return g_tls_connection_base_close_internal (stream,
G_TLS_DIRECTION_BOTH,
+ -1, /* blocking */
+ cancellable, error);
+}
+
+static gboolean
+g_tls_connection_base_dtls_shutdown (GDtlsConnection *conn,
+ gboolean shutdown_read,
+ gboolean shutdown_write,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDirection direction = G_TLS_DIRECTION_NONE;
+
+ if (shutdown_read)
+ direction |= G_TLS_DIRECTION_READ;
+ if (shutdown_write)
+ direction |= G_TLS_DIRECTION_WRITE;
+
+ return g_tls_connection_base_close_internal (G_IO_STREAM (conn),
+ direction,
+ -1, /* blocking */
cancellable, error);
}
*/
static void
close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
{
GIOStream *stream = object;
+ GTlsDirection direction;
GError *error = NULL;
- if (!g_tls_connection_base_close (stream, cancellable, &error))
+ direction = GPOINTER_TO_INT (g_task_get_task_data (task));
+
+ if (!g_tls_connection_base_close_internal (stream, direction,
+ -1, /* blocking */
+ cancellable, &error))
g_task_return_error (task, error);
else
g_task_return_boolean (task, TRUE);
}
static void
-g_tls_connection_base_close_async (GIOStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
+g_tls_connection_base_close_internal_async (GIOStream *stream,
+ GTlsDirection direction,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
GTask *task;
task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_connection_base_close_async);
+ g_task_set_source_tag (task, g_tls_connection_base_close_internal_async);
+ g_task_set_name (task, "[glib-networking] g_tls_connection_base_close_internal_async");
g_task_set_priority (task, io_priority);
+ g_task_set_task_data (task, GINT_TO_POINTER (direction), NULL);
g_task_run_in_thread (task, close_thread);
g_object_unref (task);
}
+static void
+g_tls_connection_base_close_async (GIOStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ g_tls_connection_base_close_internal_async (stream, G_TLS_DIRECTION_BOTH,
+ io_priority, cancellable,
+ callback, user_data);
+}
+
static gboolean
g_tls_connection_base_close_finish (GIOStream *stream,
- GAsyncResult *result,
- GError **error)
+ GAsyncResult *result,
+ GError **error)
{
g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_tls_connection_base_close_internal_async, FALSE);
return g_task_propagate_boolean (G_TASK (result), error);
}
static void
+g_tls_connection_base_dtls_shutdown_async (GDtlsConnection *conn,
+ gboolean shutdown_read,
+ gboolean shutdown_write,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTlsDirection direction = G_TLS_DIRECTION_NONE;
+
+ if (shutdown_read)
+ direction |= G_TLS_DIRECTION_READ;
+ if (shutdown_write)
+ direction |= G_TLS_DIRECTION_WRITE;
+
+ g_tls_connection_base_close_internal_async (G_IO_STREAM (conn), direction,
+ io_priority, cancellable,
+ callback, user_data);
+}
+
+static gboolean
+g_tls_connection_base_dtls_shutdown_finish (GDtlsConnection *conn,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_tls_connection_base_close_internal_async, FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_connection_base_dtls_set_advertised_protocols (GDtlsConnection *conn,
+ const gchar * const *protocols)
+{
+ g_object_set (conn, "advertised-protocols", protocols, NULL);
+}
+
+GDatagramBased *
+g_tls_connection_base_get_base_socket (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_assert (g_tls_connection_base_is_dtls (tls));
+
+ return priv->base_socket;
+}
+
+GIOStream *
+g_tls_connection_base_get_base_iostream (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_assert (!g_tls_connection_base_is_dtls (tls));
+
+ return priv->base_io_stream;
+}
+
+GPollableInputStream *
+g_tls_connection_base_get_base_istream (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_assert (!g_tls_connection_base_is_dtls (tls));
+
+ return priv->base_istream;
+}
+
+GPollableOutputStream *
+g_tls_connection_base_get_base_ostream (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ g_assert (!g_tls_connection_base_is_dtls (tls));
+
+ return priv->base_ostream;
+}
+
+void
+g_tls_connection_base_handshake_thread_set_missing_requested_client_certificate (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ priv->missing_requested_client_certificate = TRUE;
+}
+
+GError **
+g_tls_connection_base_get_read_error (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return &priv->read_error;
+}
+
+GError **
+g_tls_connection_base_get_write_error (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return &priv->write_error;
+}
+
+gint64
+g_tls_connection_base_get_read_timeout (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->read_timeout;
+}
+
+gint64
+g_tls_connection_base_get_write_timeout (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->write_timeout;
+}
+
+GCancellable *
+g_tls_connection_base_get_read_cancellable (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->read_cancellable;
+}
+
+GCancellable *
+g_tls_connection_base_get_write_cancellable (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->write_cancellable;
+}
+
+gboolean
+g_tls_connection_base_is_handshaking (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->handshaking;
+}
+
+gboolean
+g_tls_connection_base_ever_handshaked (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ return priv->ever_handshaked;
+}
+
+gboolean
+g_tls_connection_base_handshake_thread_request_certificate (GTlsConnectionBase *tls)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+ GTlsInteraction *interaction;
+ GTlsConnection *conn;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_BASE (tls), FALSE);
+
+ conn = G_TLS_CONNECTION (tls);
+
+ g_clear_error (&priv->interaction_error);
+
+ interaction = g_tls_connection_get_interaction (conn);
+ if (!interaction)
+ return FALSE;
+
+ res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
+ priv->read_cancellable,
+ &priv->interaction_error);
+ return res != G_TLS_INTERACTION_FAILED;
+}
+
+gboolean
+g_tls_connection_base_handshake_thread_ask_password (GTlsConnectionBase *tls,
+ GTlsPassword *password)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+ GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+ GTlsInteraction *interaction;
+
+ g_return_val_if_fail (G_IS_TLS_CONNECTION_BASE (tls), FALSE);
+
+ g_clear_error (&priv->interaction_error);
+
+ interaction = g_tls_connection_get_interaction (G_TLS_CONNECTION (tls));
+ if (!interaction)
+ return FALSE;
+
+ res = g_tls_interaction_invoke_ask_password (interaction, password,
+ priv->read_cancellable,
+ &priv->interaction_error);
+ return res != G_TLS_INTERACTION_FAILED;
+}
+
+void
+g_tls_connection_base_handshake_thread_buffer_application_data (GTlsConnectionBase *tls,
+ guint8 *data,
+ gsize length)
+{
+ GTlsConnectionBasePrivate *priv = g_tls_connection_base_get_instance_private (tls);
+
+ if (!priv->app_data_buf)
+ priv->app_data_buf = g_byte_array_new ();
+
+ g_byte_array_append (priv->app_data_buf, data, length);
+}
+
+static void
g_tls_connection_base_class_init (GTlsConnectionBaseClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
gobject_class->set_property = g_tls_connection_base_set_property;
gobject_class->finalize = g_tls_connection_base_finalize;
- connection_class->handshake = g_tls_connection_base_handshake;
- connection_class->handshake_async = g_tls_connection_base_handshake_async;
- connection_class->handshake_finish = g_tls_connection_base_handshake_finish;
+ connection_class->handshake = g_tls_connection_base_handshake;
+ connection_class->handshake_async = g_tls_connection_base_handshake_async;
+ connection_class->handshake_finish = g_tls_connection_base_handshake_finish;
+ connection_class->get_binding_data = g_tls_connection_base_get_binding_data;
+#if GLIB_CHECK_VERSION(2, 69, 0)
+ connection_class->get_negotiated_protocol = g_tls_connection_base_get_negotiated_protocol;
+#endif
iostream_class->get_input_stream = g_tls_connection_base_get_input_stream;
iostream_class->get_output_stream = g_tls_connection_base_get_output_stream;
klass->push_io = g_tls_connection_base_real_push_io;
klass->pop_io = g_tls_connection_base_real_pop_io;
+ /* For GTlsConnection and GDtlsConnection: */
g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
+ g_object_class_override_property (gobject_class, PROP_BASE_SOCKET, "base-socket");
g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
g_object_class_override_property (gobject_class, PROP_INTERACTION, "interaction");
g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE, "peer-certificate");
g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
+ g_object_class_override_property (gobject_class, PROP_ADVERTISED_PROTOCOLS, "advertised-protocols");
+ g_object_class_override_property (gobject_class, PROP_NEGOTIATED_PROTOCOL, "negotiated-protocol");
+ g_object_class_override_property (gobject_class, PROP_PROTOCOL_VERSION, "protocol-version");
+ g_object_class_override_property (gobject_class, PROP_CIPHERSUITE_NAME, "ciphersuite-name");
+}
+
+static void
+g_tls_connection_base_dtls_connection_iface_init (GDtlsConnectionInterface *iface)
+{
+ iface->handshake = g_tls_connection_base_dtls_handshake;
+ iface->handshake_async = g_tls_connection_base_dtls_handshake_async;
+ iface->handshake_finish = g_tls_connection_base_dtls_handshake_finish;
+ iface->shutdown = g_tls_connection_base_dtls_shutdown;
+ iface->shutdown_async = g_tls_connection_base_dtls_shutdown_async;
+ iface->shutdown_finish = g_tls_connection_base_dtls_shutdown_finish;
+ iface->set_advertised_protocols = g_tls_connection_base_dtls_set_advertised_protocols;
+ iface->get_negotiated_protocol = g_tls_connection_base_dtls_get_negotiated_protocol;
+ iface->get_binding_data = g_tls_connection_base_dtls_get_binding_data;
+}
+
+static void
+g_tls_connection_base_datagram_based_iface_init (GDatagramBasedInterface *iface)
+{
+ iface->receive_messages = g_tls_connection_base_receive_messages;
+ iface->send_messages = g_tls_connection_base_send_messages;
+ iface->create_source = g_tls_connection_base_dtls_create_source;
+ iface->condition_check = g_tls_connection_base_condition_check;
+ iface->condition_wait = g_tls_connection_base_condition_wait;
}
-/* GIO - GLib Input, Output and Streaming Library
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
*
- * Copyright 2009-2011 Red Hat, Inc.
+ * Copyright 2009-2011 Red Hat, Inc
*
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
*
- * See the included COPYING file for more information.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
*
* In addition, when the library is used with OpenSSL, a special
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_CONNECTION_BASE_H__
-#define __G_TLS_CONNECTION_BASE_H__
+#pragma once
#include <gio/gio.h>
G_BEGIN_DECLS
#define G_TYPE_TLS_CONNECTION_BASE (g_tls_connection_base_get_type ())
-#define G_TLS_CONNECTION_BASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBase))
-#define G_TLS_CONNECTION_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBaseClass))
-#define G_IS_TLS_CONNECTION_BASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CONNECTION_BASE))
-#define G_IS_TLS_CONNECTION_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CONNECTION_BASE))
-#define G_TLS_CONNECTION_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CONNECTION_BASE, GTlsConnectionBaseClass))
-typedef struct _GTlsConnectionBasePrivate GTlsConnectionBasePrivate;
-typedef struct _GTlsConnectionBaseClass GTlsConnectionBaseClass;
-typedef struct _GTlsConnectionBase GTlsConnectionBase;
+G_DECLARE_DERIVABLE_TYPE (GTlsConnectionBase, g_tls_connection_base, G, TLS_CONNECTION_BASE, GTlsConnection)
typedef enum {
G_TLS_CONNECTION_BASE_OK,
G_TLS_CONNECTION_BASE_ERROR,
} GTlsConnectionBaseStatus;
+typedef enum {
+ G_TLS_DIRECTION_NONE = 0,
+ G_TLS_DIRECTION_READ = 1 << 0,
+ G_TLS_DIRECTION_WRITE = 1 << 1,
+} GTlsDirection;
+
+typedef enum {
+ G_TLS_SAFE_RENEGOTIATION_SUPPORTED_BY_PEER,
+ G_TLS_SAFE_RENEGOTIATION_UNSUPPORTED
+} GTlsSafeRenegotiationStatus;
+
+#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
+
struct _GTlsConnectionBaseClass
{
GTlsConnectionClass parent_class;
- GTlsConnectionBaseStatus (*request_rehandshake) (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error);
- GTlsConnectionBaseStatus (*handshake) (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error);
- GTlsConnectionBaseStatus (*complete_handshake) (GTlsConnectionBase *tls,
- GError **error);
-
- void (*push_io) (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean blocking,
- GCancellable *cancellable);
- GTlsConnectionBaseStatus (*pop_io) (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean success,
- GError **error);
-
- GTlsConnectionBaseStatus (*read_fn) (GTlsConnectionBase *tls,
- void *buffer,
- gsize count,
- gboolean blocking,
- gssize *nread,
- GCancellable *cancellable,
- GError **error);
- GTlsConnectionBaseStatus (*write_fn) (GTlsConnectionBase *tls,
- const void *buffer,
- gsize count,
- gboolean blocking,
- gssize *nwrote,
- GCancellable *cancellable,
- GError **error);
-
- GTlsConnectionBaseStatus (*close_fn) (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error);
-};
-
-struct _GTlsConnectionBase
-{
- GTlsConnection parent_instance;
-
- GIOStream *base_io_stream;
- GPollableInputStream *base_istream;
- GPollableOutputStream *base_ostream;
-
- GTlsDatabase *database;
- GTlsInteraction *interaction;
-
- GTlsCertificate *certificate;
- gboolean certificate_requested;
- GError *certificate_error;
- GTlsCertificate *peer_certificate;
- GTlsCertificateFlags peer_certificate_errors;
-
- gboolean require_close_notify;
- GTlsRehandshakeMode rehandshake_mode;
-
- /* need_handshake means the next claim_op() will get diverted into
- * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
- * need_finish_handshake means the next claim_op() will get diverted
- * into finish_handshake() (unless it's an OP_CLOSE*).
- *
- * handshaking is TRUE as soon as a handshake thread is queued. For
- * a sync handshake it becomes FALSE after finish_handshake()
- * completes in the calling thread, but for an async implicit
- * handshake, it becomes FALSE (and need_finish_handshake becomes
- * TRUE) at the end of the handshaking thread (and then the next
- * non-close op will call finish_handshake()). We can't just wait
- * for handshake_thread_completed() to run, because it's possible
- * that its main loop is being blocked by a synchronous op which is
- * waiting for handshaking to become FALSE...
- *
- * started_handshake indicates that the current handshake attempt
- * got at least as far as sending the first handshake packet (and so
- * any error should be copied to handshake_error and returned on all
- * future operations). ever_handshaked indicates that TLS has been
- * successfully negotiated at some point.
- */
- gboolean need_handshake;
- gboolean need_finish_handshake;
- gboolean started_handshake;
- gboolean handshaking;
- gboolean ever_handshaked;
- GTask *implicit_handshake;
- GError *handshake_error;
- GByteArray *app_data_buf;
-
- /* read_closed means the read direction has closed; write_closed similarly.
- * If (and only if) both are set, the entire GTlsConnection is closed. */
- gboolean read_closing, read_closed;
- gboolean write_closing, write_closed;
-
- gboolean reading;
- gboolean read_blocking;
- GError *read_error;
- GCancellable *read_cancellable;
-
- gboolean writing;
- gboolean write_blocking;
- GError *write_error;
- GCancellable *write_cancellable;
-
- /*< private >*/
- gboolean is_system_certdb;
- gboolean database_is_unset;
-
- GInputStream *tls_istream;
- GOutputStream *tls_ostream;
-
- GMutex op_mutex;
- GCancellable *waiting_for_op;
+ void (*prepare_handshake) (GTlsConnectionBase *tls,
+ gchar **advertised_protocols);
+ GTlsSafeRenegotiationStatus (*handshake_thread_safe_renegotiation_status)
+ (GTlsConnectionBase *tls);
+ GTlsConnectionBaseStatus (*handshake_thread_request_rehandshake)
+ (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsConnectionBaseStatus (*handshake_thread_handshake) (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsCertificate *(*retrieve_peer_certificate) (GTlsConnectionBase *tls);
+ GTlsCertificateFlags (*verify_chain) (GTlsConnectionBase *tls,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsCertificateFlags (*verify_peer_certificate) (GTlsConnectionBase *tls,
+ GTlsCertificate *certificate,
+ GTlsCertificateFlags flags);
+ void (*complete_handshake) (GTlsConnectionBase *tls,
+ gboolean handshake_succeeded,
+ gchar **negotiated_protocol,
+ GTlsProtocolVersion *protocol_version,
+ gchar **ciphersuite_name,
+ GError **error);
+
+ gboolean (*is_session_resumed) (GTlsConnectionBase *tls);
+
+ gboolean (*get_channel_binding_data) (GTlsConnectionBase *tls,
+ GTlsChannelBindingType type,
+ GByteArray *data,
+ GError **error);
+
+ void (*push_io) (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gint64 timeout,
+ GCancellable *cancellable);
+ GTlsConnectionBaseStatus (*pop_io) (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error);
+
+ GTlsConnectionBaseStatus (*read_fn) (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize count,
+ gint64 timeout,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsConnectionBaseStatus (*read_message_fn) (GTlsConnectionBase *tls,
+ GInputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error);
+
+ GTlsConnectionBaseStatus (*write_fn) (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize count,
+ gint64 timeout,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error);
+ GTlsConnectionBaseStatus (*write_message_fn) (GTlsConnectionBase *tls,
+ GOutputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error);
+
+ GTlsConnectionBaseStatus (*close_fn) (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
};
-GType g_tls_connection_base_get_type (void) G_GNUC_CONST;
-
-gboolean g_tls_connection_base_accept_peer_certificate (GTlsConnectionBase *tls,
- GTlsCertificate *peer_certificate,
- GTlsCertificateFlags peer_certificate_errors);
-
-void g_tls_connection_base_set_peer_certificate (GTlsConnectionBase *tls,
- GTlsCertificate *peer_certificate,
- GTlsCertificateFlags peer_certificate_errors);
-
-void g_tls_connection_base_push_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean blocking,
- GCancellable *cancellable);
-GTlsConnectionBaseStatus
- g_tls_connection_base_pop_io (GTlsConnectionBase *tls,
- GIOCondition direction,
- gboolean success,
- GError **error);
-
-gssize g_tls_connection_base_read (GTlsConnectionBase *tls,
- void *buffer,
- gsize size,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error);
-gssize g_tls_connection_base_write (GTlsConnectionBase *tls,
- const void *buffer,
- gsize size,
- gboolean blocking,
- GCancellable *cancellable,
- GError **error);
-
-gboolean g_tls_connection_base_check (GTlsConnectionBase *tls,
- GIOCondition condition);
-GSource *g_tls_connection_base_create_source (GTlsConnectionBase *tls,
- GIOCondition condition,
- GCancellable *cancellable);
-
-typedef enum {
- G_TLS_DIRECTION_NONE = 0,
- G_TLS_DIRECTION_READ = 1 << 0,
- G_TLS_DIRECTION_WRITE = 1 << 1,
-} GTlsDirection;
-
-#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
-
-gboolean g_tls_connection_base_close_internal (GIOStream *stream,
- GTlsDirection direction,
- GCancellable *cancellable,
- GError **error);
+gboolean g_tls_connection_base_handshake_thread_verify_certificate
+ (GTlsConnectionBase *tls);
+
+void g_tls_connection_base_push_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gint64 timeout,
+ GCancellable *cancellable);
+GTlsConnectionBaseStatus g_tls_connection_base_pop_io (GTlsConnectionBase *tls,
+ GIOCondition direction,
+ gboolean success,
+ GError **error);
+
+gssize g_tls_connection_base_read (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize size,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
+gssize g_tls_connection_base_write (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize size,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
+
+gboolean g_tls_connection_base_check (GTlsConnectionBase *tls,
+ GIOCondition condition);
+gboolean g_tls_connection_base_base_check (GTlsConnectionBase *tls,
+ GIOCondition condition);
+GSource *g_tls_connection_base_create_source (GTlsConnectionBase *tls,
+ GIOCondition condition,
+ GCancellable *cancellable);
+
+gboolean g_tls_connection_base_close_internal (GIOStream *stream,
+ GTlsDirection direction,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error);
+
+gboolean g_tls_connection_base_is_dtls (GTlsConnectionBase *tls);
+
+GDatagramBased *g_tls_connection_base_get_base_socket (GTlsConnectionBase *tls);
+
+GIOStream *g_tls_connection_base_get_base_iostream (GTlsConnectionBase *tls);
+GPollableInputStream *g_tls_connection_base_get_base_istream (GTlsConnectionBase *tls);
+GPollableOutputStream *g_tls_connection_base_get_base_ostream (GTlsConnectionBase *tls);
+
+void g_tls_connection_base_handshake_thread_set_missing_requested_client_certificate
+ (GTlsConnectionBase *tls);
+
+GError **g_tls_connection_base_get_read_error (GTlsConnectionBase *tls);
+GError **g_tls_connection_base_get_write_error (GTlsConnectionBase *tls);
+
+gint64 g_tls_connection_base_get_read_timeout (GTlsConnectionBase *tls);
+gint64 g_tls_connection_base_get_write_timeout (GTlsConnectionBase *tls);
+
+GCancellable *g_tls_connection_base_get_read_cancellable (GTlsConnectionBase *tls);
+GCancellable *g_tls_connection_base_get_write_cancellable (GTlsConnectionBase *tls);
+
+gboolean g_tls_connection_base_is_handshaking (GTlsConnectionBase *tls);
+
+gboolean g_tls_connection_base_ever_handshaked (GTlsConnectionBase *tls);
+
+gboolean g_tls_connection_base_handshake_thread_request_certificate
+ (GTlsConnectionBase *tls);
+gboolean g_tls_connection_base_handshake_thread_ask_password
+ (GTlsConnectionBase *tls,
+ GTlsPassword *password);
+
+void g_tls_connection_base_handshake_thread_buffer_application_data
+ (GTlsConnectionBase *tls,
+ guint8 *data,
+ gsize length);
G_END_DECLS
-
-#endif /* __G_TLS_CONNECTION_BASE_H___ */
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2021 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+
+#ifdef HAVE_RTLD_NOLOAD
+#include <dlfcn.h>
+#endif
+
+#include "gtlshttp.h"
+
+typedef gpointer SoupSession;
+typedef gpointer SoupMessage;
+
+static SoupSession *(*soup_session_new)(void);
+static SoupMessage *(*soup_message_new)(const char *method, const char *uri);
+static GInputStream *(*soup_session_send)(SoupSession *, SoupMessage *, GCancellable *, GError **);
+
+static gsize libsoup_initialized;
+static GModule *libsoup_module;
+
+#define LIBSOUP_3_SONAME "libsoup-3.0.so.0"
+#define LIBSOUP_2_SONAME "libsoup-2.4.so.1"
+
+static void
+init_libsoup (void)
+{
+ const char *libsoup_sonames[3] = { 0 };
+
+ g_assert (g_module_supported ());
+
+#ifdef HAVE_RTLD_NOLOAD
+ {
+ gpointer handle = NULL;
+
+ /* In order to avoid causing conflicts we detect if libsoup 2 or 3 is loaded already.
+ * If so use that. Otherwise we will try to load our own version to use preferring 3. */
+
+ if ((handle = dlopen (LIBSOUP_3_SONAME, RTLD_NOW | RTLD_NOLOAD)))
+ libsoup_sonames[0] = LIBSOUP_3_SONAME;
+ else if ((handle = dlopen (LIBSOUP_2_SONAME, RTLD_NOW | RTLD_NOLOAD)))
+ libsoup_sonames[0] = LIBSOUP_2_SONAME;
+ else
+ {
+ libsoup_sonames[0] = LIBSOUP_3_SONAME;
+ libsoup_sonames[1] = LIBSOUP_2_SONAME;
+ }
+
+ g_clear_pointer (&handle, dlclose);
+ }
+#else
+#ifdef G_OS_WIN32
+#ifdef _MSC_VER
+ libsoup_sonames[0] = "soup-3.0-0.dll";
+ libsoup_sonames[1] = "soup-2.4-1.dll";
+#else
+ libsoup_sonames[0] = "libsoup-3.0.dll";
+ libsoup_sonames[1] = "libsoup-2.4.dll";
+#endif
+#else
+ libsoup_sonames[0] = LIBSOUP_3_SONAME;
+ libsoup_sonames[1] = LIBSOUP_2_SONAME;
+#endif
+#endif
+
+ for (guint i = 0; libsoup_sonames[i]; i++)
+ {
+ libsoup_module = g_module_open (libsoup_sonames[i], G_MODULE_BIND_LAZY | G_MODULE_BIND_LOCAL);
+ if (libsoup_module)
+ {
+ g_debug ("Loaded %s", g_module_name (libsoup_module));
+ if (!g_module_symbol (libsoup_module, "soup_session_new", (gpointer *)&soup_session_new) ||
+ !g_module_symbol (libsoup_module, "soup_message_new", (gpointer *)&soup_message_new) ||
+ !g_module_symbol (libsoup_module, "soup_session_send", (gpointer *)&soup_session_send))
+ {
+ g_debug ("Failed to find all libsoup symbols");
+ g_clear_pointer (&libsoup_module, g_module_close);
+ continue;
+ }
+ break;
+ }
+ }
+
+ if (!libsoup_module)
+ g_debug ("Failed to load libsoup");
+}
+
+/**
+ * g_tls_request_uri:
+ * @uri: An HTTP URI to request
+ * @cancellable: (nullable): A #GCancellable
+ * @error: A #GError
+ *
+ * Synchronously requests an HTTP uri using the best available method.
+ *
+ * Note this is thread-safe.
+ *
+ * Returns: A #GInputStream of the response body or %NULL on failure
+ */
+GInputStream *
+g_tls_request_uri (const char *uri,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GInputStream *istream = NULL;
+
+ if (g_once_init_enter (&libsoup_initialized))
+ {
+ init_libsoup ();
+ g_once_init_leave (&libsoup_initialized, TRUE);
+ }
+
+ if (libsoup_module)
+ {
+ SoupSession *session = soup_session_new ();
+ SoupMessage *message = soup_message_new ("GET", uri);
+
+ if (!message)
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Failed to parse URI \"%s\"", uri);
+ else
+ {
+ istream = soup_session_send (session, message, cancellable, error);
+ g_object_unref (message);
+ }
+
+ g_object_unref (session);
+ }
+ else
+ {
+ GFile *file = g_file_new_for_uri (uri);
+ istream = G_INPUT_STREAM (g_file_read (file, cancellable, error));
+ g_object_unref (file);
+ }
+
+ return istream;
+}
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2021 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#pragma once
+
+#include <gio/gio.h>
+
+GInputStream *g_tls_request_uri (const char *uri,
+ GCancellable *cancellable,
+ GError **error);
+++ /dev/null
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2010 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, see
- * <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#include "config.h"
-#include "gtlsinputstream-base.h"
-
-#include <glib/gi18n.h>
-
-static void g_tls_input_stream_base_pollable_iface_init (GPollableInputStreamInterface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamBase, g_tls_input_stream_base, G_TYPE_INPUT_STREAM,
- G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_base_pollable_iface_init)
- )
-
-struct _GTlsInputStreamBasePrivate
-{
- GWeakRef weak_conn;
-};
-
-static void
-g_tls_input_stream_base_dispose (GObject *object)
-{
- GTlsInputStreamBase *stream = G_TLS_INPUT_STREAM_BASE (object);
-
- g_weak_ref_set (&stream->priv->weak_conn, NULL);
-
- G_OBJECT_CLASS (g_tls_input_stream_base_parent_class)->dispose (object);
-}
-
-static void
-g_tls_input_stream_base_finalize (GObject *object)
-{
- GTlsInputStreamBase *stream = G_TLS_INPUT_STREAM_BASE (object);
-
- g_weak_ref_clear (&stream->priv->weak_conn);
-
- G_OBJECT_CLASS (g_tls_input_stream_base_parent_class)->finalize (object);
-}
-
-static gssize
-g_tls_input_stream_base_read (GInputStream *stream,
- void *buffer,
- gsize count,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (stream);
- GTlsConnectionBase *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- if (conn == NULL)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- return -1;
- }
-
- ret = g_tls_connection_base_read (conn,
- buffer, count, TRUE,
- cancellable, error);
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_input_stream_base_pollable_is_readable (GPollableInputStream *pollable)
-{
- GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
- GTlsConnectionBase *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, FALSE);
-
- ret = g_tls_connection_base_check (conn, G_IO_IN);
-
- g_object_unref (conn);
- return ret;
-}
-
-static GSource *
-g_tls_input_stream_base_pollable_create_source (GPollableInputStream *pollable,
- GCancellable *cancellable)
-{
- GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
- GTlsConnectionBase *conn;
- GSource *ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, NULL);
-
- ret = g_tls_connection_base_create_source (conn, G_IO_IN, cancellable);
- g_object_unref (conn);
- return ret;
-}
-
-static gssize
-g_tls_input_stream_base_pollable_read_nonblocking (GPollableInputStream *pollable,
- void *buffer,
- gsize size,
- GError **error)
-{
- GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (pollable);
- GTlsConnectionBase *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, -1);
-
- ret = g_tls_connection_base_read (conn, buffer, size, FALSE, NULL, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_input_stream_base_close (GInputStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsInputStreamBase *tls_stream = G_TLS_INPUT_STREAM_BASE (stream);
- GIOStream *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- /* Special case here because this is called by the finalize
- * of the main GTlsConnection object.
- */
- if (conn == NULL)
- return TRUE;
-
- ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_READ,
- cancellable, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
-static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsInputStreamBase *tls_stream = object;
- GError *error = NULL;
- GIOStream *conn;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- if (conn && !g_tls_connection_base_close_internal (conn,
- G_TLS_DIRECTION_READ,
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-
- if (conn)
- g_object_unref (conn);
-}
-
-
-static void
-g_tls_input_stream_base_close_async (GInputStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_input_stream_base_close_async);
- g_task_set_priority (task, io_priority);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static gboolean
-g_tls_input_stream_base_close_finish (GInputStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
- g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
- g_tls_input_stream_base_close_async, FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-static void
-g_tls_input_stream_base_class_init (GTlsInputStreamBaseClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
-
- g_type_class_add_private (klass, sizeof (GTlsInputStreamBasePrivate));
-
- gobject_class->dispose = g_tls_input_stream_base_dispose;
- gobject_class->finalize = g_tls_input_stream_base_finalize;
-
- input_stream_class->read_fn = g_tls_input_stream_base_read;
- input_stream_class->close_fn = g_tls_input_stream_base_close;
- input_stream_class->close_async = g_tls_input_stream_base_close_async;
- input_stream_class->close_finish = g_tls_input_stream_base_close_finish;
-}
-
-static void
-g_tls_input_stream_base_pollable_iface_init (GPollableInputStreamInterface *iface)
-{
- iface->is_readable = g_tls_input_stream_base_pollable_is_readable;
- iface->create_source = g_tls_input_stream_base_pollable_create_source;
- iface->read_nonblocking = g_tls_input_stream_base_pollable_read_nonblocking;
-}
-
-static void
-g_tls_input_stream_base_init (GTlsInputStreamBase *stream)
-{
- stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBasePrivate);
-}
-
-GInputStream *
-g_tls_input_stream_base_new (GTlsConnectionBase *conn)
-{
- GTlsInputStreamBase *tls_stream;
-
- tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_BASE, NULL);
- g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
-
- return G_INPUT_STREAM (tls_stream);
-}
+++ /dev/null
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2010 Red Hat, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#ifndef __G_TLS_INPUT_STREAM_BASE_H__
-#define __G_TLS_INPUT_STREAM_BASE_H__
-
-#include <gio/gio.h>
-#include "gtlsconnection-base.h"
-
-G_BEGIN_DECLS
-
-#define G_TYPE_TLS_INPUT_STREAM_BASE (g_tls_input_stream_base_get_type ())
-#define G_TLS_INPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBase))
-#define G_TLS_INPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBaseClass))
-#define G_IS_TLS_INPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_INPUT_STREAM_BASE))
-#define G_IS_TLS_INPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_INPUT_STREAM_BASE))
-#define G_TLS_INPUT_STREAM_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_INPUT_STREAM_BASE, GTlsInputStreamBaseClass))
-
-typedef struct _GTlsInputStreamBasePrivate GTlsInputStreamBasePrivate;
-typedef struct _GTlsInputStreamBaseClass GTlsInputStreamBaseClass;
-typedef struct _GTlsInputStreamBase GTlsInputStreamBase;
-
-struct _GTlsInputStreamBaseClass
-{
- GInputStreamClass parent_class;
-};
-
-struct _GTlsInputStreamBase
-{
- GInputStream parent_instance;
- GTlsInputStreamBasePrivate *priv;
-};
-
-GType g_tls_input_stream_base_get_type (void) G_GNUC_CONST;
-GInputStream *g_tls_input_stream_base_new (GTlsConnectionBase *conn);
-
-G_END_DECLS
-
-#endif /* __G_TLS_INPUT_STREAM_BASE_H___ */
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "gtlsinputstream.h"
+
+#include <glib/gi18n-lib.h>
+
+struct _GTlsInputStream
+{
+ GInputStream parent_instance;
+
+ GWeakRef weak_conn;
+};
+
+static void g_tls_input_stream_pollable_iface_init (GPollableInputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsInputStream, g_tls_input_stream, G_TYPE_INPUT_STREAM,
+ G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_pollable_iface_init)
+ )
+
+static void
+g_tls_input_stream_dispose (GObject *object)
+{
+ GTlsInputStream *stream = G_TLS_INPUT_STREAM (object);
+
+ g_weak_ref_set (&stream->weak_conn, NULL);
+
+ G_OBJECT_CLASS (g_tls_input_stream_parent_class)->dispose (object);
+}
+
+static void
+g_tls_input_stream_finalize (GObject *object)
+{
+ GTlsInputStream *stream = G_TLS_INPUT_STREAM (object);
+
+ g_weak_ref_clear (&stream->weak_conn);
+
+ G_OBJECT_CLASS (g_tls_input_stream_parent_class)->finalize (object);
+}
+
+static gssize
+g_tls_input_stream_read (GInputStream *stream,
+ void *buffer,
+ gsize count,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsInputStream *tls_stream = G_TLS_INPUT_STREAM (stream);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+ _("Connection is closed"));
+ return -1;
+ }
+
+ ret = g_tls_connection_base_read (conn,
+ buffer, count, -1 /* blocking */,
+ cancellable, error);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_input_stream_pollable_is_readable (GPollableInputStream *pollable)
+{
+ GTlsInputStream *tls_stream = G_TLS_INPUT_STREAM (pollable);
+ GTlsConnectionBase *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ return FALSE;
+
+ ret = g_tls_connection_base_check (conn, G_IO_IN);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static GSource *
+g_tls_input_stream_pollable_create_source (GPollableInputStream *pollable,
+ GCancellable *cancellable)
+{
+ GTlsInputStream *tls_stream = G_TLS_INPUT_STREAM (pollable);
+ GTlsConnectionBase *conn;
+ GSource *ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ {
+ ret = g_idle_source_new ();
+ g_source_set_name (ret, "[glib-networking] g_tls_input_stream_pollable_create_source dummy source");
+ return ret;
+ }
+
+ ret = g_tls_connection_base_create_source (conn, G_IO_IN, cancellable);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gssize
+g_tls_input_stream_pollable_read_nonblocking (GPollableInputStream *pollable,
+ void *buffer,
+ gsize size,
+ GError **error)
+{
+ GTlsInputStream *tls_stream = G_TLS_INPUT_STREAM (pollable);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+ _("Connection is closed"));
+ return -1;
+ }
+
+ ret = g_tls_connection_base_read (conn, buffer, size,
+ 0 /* non-blocking */, NULL, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_input_stream_close (GInputStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsInputStream *tls_stream = G_TLS_INPUT_STREAM (stream);
+ GIOStream *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+
+ if (!conn)
+ return TRUE;
+
+ ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_READ,
+ -1, /* blocking */
+ cancellable, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsInputStream *tls_stream = object;
+ GError *error = NULL;
+ GIOStream *conn;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+
+ if (conn && !g_tls_connection_base_close_internal (conn,
+ G_TLS_DIRECTION_READ,
+ -1, /* blocking */
+ cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+
+ if (conn)
+ g_object_unref (conn);
+}
+
+
+static void
+g_tls_input_stream_close_async (GInputStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_input_stream_close_async);
+ g_task_set_name (task, "[glib-networking] g_tls_input_stream_close_async");
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_input_stream_close_finish (GInputStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_tls_input_stream_close_async, FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_input_stream_class_init (GTlsInputStreamClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
+
+ gobject_class->dispose = g_tls_input_stream_dispose;
+ gobject_class->finalize = g_tls_input_stream_finalize;
+
+ input_stream_class->read_fn = g_tls_input_stream_read;
+ input_stream_class->close_fn = g_tls_input_stream_close;
+ input_stream_class->close_async = g_tls_input_stream_close_async;
+ input_stream_class->close_finish = g_tls_input_stream_close_finish;
+}
+
+static void
+g_tls_input_stream_pollable_iface_init (GPollableInputStreamInterface *iface)
+{
+ iface->is_readable = g_tls_input_stream_pollable_is_readable;
+ iface->create_source = g_tls_input_stream_pollable_create_source;
+ iface->read_nonblocking = g_tls_input_stream_pollable_read_nonblocking;
+}
+
+static void
+g_tls_input_stream_init (GTlsInputStream *stream)
+{
+}
+
+GInputStream *
+g_tls_input_stream_new (GTlsConnectionBase *conn)
+{
+ GTlsInputStream *tls_stream;
+
+ tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM, NULL);
+ g_weak_ref_init (&tls_stream->weak_conn, conn);
+
+ return G_INPUT_STREAM (tls_stream);
+}
/*
* GIO - GLib Input, Output and Streaming Library
*
- * Copyright 2010 Red Hat, Inc.
+ * Copyright 2010 Red Hat, Inc
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_INPUT_STREAM_GNUTLS_H__
-#define __G_TLS_INPUT_STREAM_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
-#include "gtlsconnection-gnutls.h"
+#include "gtlsconnection-base.h"
G_BEGIN_DECLS
-#define G_TYPE_TLS_INPUT_STREAM_GNUTLS (g_tls_input_stream_gnutls_get_type ())
+#define G_TYPE_TLS_INPUT_STREAM (g_tls_input_stream_get_type ())
-G_DECLARE_FINAL_TYPE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G, TLS_INPUT_STREAM_GNUTLS, GInputStream)
+G_DECLARE_FINAL_TYPE (GTlsInputStream, g_tls_input_stream, G, TLS_INPUT_STREAM, GInputStream)
-GInputStream *g_tls_input_stream_gnutls_new (GTlsConnectionGnutls *conn);
+GInputStream *g_tls_input_stream_new (GTlsConnectionBase *conn);
G_END_DECLS
-
-#endif /* __G_TLS_INPUT_STREAM_GNUTLS_H___ */
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2009 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+
+#include <gio/gio.h>
+#include <glib.h>
+#include <glib/gprintf.h>
+#include <stdarg.h>
+
+#include "gtlslog.h"
+
+void g_tls_log (GLogLevelFlags level,
+ gpointer conn,
+ const gchar *file,
+ const gchar *line,
+ const gchar *func,
+ const gchar *format,
+ ...)
+{
+ gchar *header = NULL;
+ gchar *message = NULL;
+ gchar *thread = NULL;
+ va_list args;
+ int ret;
+
+ va_start (args, format);
+ ret = g_vasprintf (&message, format, args);
+ va_end (args);
+
+ if (ret <= 0)
+ goto out;
+
+ if (conn && G_IS_TLS_CONNECTION (conn)) {
+ if (G_IS_TLS_CLIENT_CONNECTION (conn))
+ header = g_strdup_printf ("CLIENT[%p]: ", conn);
+ else if (G_IS_TLS_SERVER_CONNECTION (conn))
+ header = g_strdup_printf ("SERVER[%p]: ", conn);
+ else
+ g_assert_not_reached ();
+ } else {
+ header = g_strdup ("");
+ }
+
+ thread = g_strdup_printf ("%p", g_thread_self ());
+ g_log_structured (G_LOG_DOMAIN, level,
+ "GLIB_NET_THREAD", thread,
+ "CODE_FILE", file,
+ "CODE_LINE", line,
+ "CODE_FUNC", func,
+ "MESSAGE", "%s%s", header, message);
+
+out:
+ g_free (header);
+ g_free (message);
+ g_free (thread);
+}
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#ifndef __G_TLS_LOG_H__
+#define __G_TLS_LOG_H__
+
+#include <glib.h>
+
+G_BEGIN_DECLS
+
+void g_tls_log (GLogLevelFlags level,
+ gpointer conn,
+ const gchar *file,
+ const gchar *line,
+ const gchar *func,
+ const gchar *format,
+ ...) G_GNUC_PRINTF (6, 7);
+
+#define g_tls_log_debug(_conn, _format, ...) g_tls_log (G_LOG_LEVEL_DEBUG, _conn, \
+ __FILE__, G_STRINGIFY (__LINE__), \
+ G_STRFUNC, _format, ## __VA_ARGS__)
+
+/* The following functions are for local debugging only. */
+#if 0
+#define g_tls_log_info(_conn, _format, ...) g_tls_log (G_LOG_LEVEL_INFO, _conn, \
+ __FILE__, G_STRINGIFY (__LINE__), \
+ G_STRFUNC, _format, ## __VA_ARGS__)
+#define g_tls_log_warning(_conn, _format, ...) g_tls_log (G_LOG_LEVEL_WARNING, _conn, \
+ __FILE__, G_STRINGIFY (__LINE__), \
+ G_STRFUNC, _format, ## __VA_ARGS__)
+#define g_tls_log_error(_conn, _format, ...) g_tls_log (G_LOG_LEVEL_ERROR, _conn, \
+ __FILE__, G_STRINGIFY (__LINE__), \
+ G_STRFUNC, _format, ## __VA_ARGS__)
+#endif
+
+G_END_DECLS
+
+#endif /* __G_TLS_LOG_H__ */
+++ /dev/null
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2010 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, see
- * <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#include "config.h"
-#include "gtlsoutputstream-base.h"
-
-#include <glib/gi18n.h>
-
-static void g_tls_output_stream_base_pollable_iface_init (GPollableOutputStreamInterface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamBase, g_tls_output_stream_base, G_TYPE_OUTPUT_STREAM,
- G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_base_pollable_iface_init)
- )
-
-struct _GTlsOutputStreamBasePrivate
-{
- GWeakRef weak_conn;
-};
-
-static void
-g_tls_output_stream_base_dispose (GObject *object)
-{
- GTlsOutputStreamBase *stream = G_TLS_OUTPUT_STREAM_BASE (object);
-
- g_weak_ref_set (&stream->priv->weak_conn, NULL);
-
- G_OBJECT_CLASS (g_tls_output_stream_base_parent_class)->dispose (object);
-}
-
-static void
-g_tls_output_stream_base_finalize (GObject *object)
-{
- GTlsOutputStreamBase *stream = G_TLS_OUTPUT_STREAM_BASE (object);
-
- g_weak_ref_clear (&stream->priv->weak_conn);
-
- G_OBJECT_CLASS (g_tls_output_stream_base_parent_class)->finalize (object);
-}
-
-static gssize
-g_tls_output_stream_base_write (GOutputStream *stream,
- const void *buffer,
- gsize count,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (stream);
- GTlsConnectionBase *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- if (conn == NULL)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- return -1;
- }
-
- ret = g_tls_connection_base_write (conn, buffer, count, TRUE,
- cancellable, error);
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_output_stream_base_pollable_is_writable (GPollableOutputStream *pollable)
-{
- GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
- GTlsConnectionBase *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, FALSE);
-
- ret = g_tls_connection_base_check (conn, G_IO_OUT);
-
- g_object_unref (conn);
-
- return ret;
-}
-
-static GSource *
-g_tls_output_stream_base_pollable_create_source (GPollableOutputStream *pollable,
- GCancellable *cancellable)
-{
- GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
- GTlsConnectionBase *conn;
- GSource *ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, NULL);
-
- ret = g_tls_connection_base_create_source (conn,
- G_IO_OUT,
- cancellable);
- g_object_unref (conn);
- return ret;
-}
-
-static gssize
-g_tls_output_stream_base_pollable_write_nonblocking (GPollableOutputStream *pollable,
- const void *buffer,
- gsize size,
- GError **error)
-{
- GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (pollable);
- GTlsConnectionBase *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
- g_return_val_if_fail (conn != NULL, -1);
-
- ret = g_tls_connection_base_write (conn, buffer, size, FALSE, NULL, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_output_stream_base_close (GOutputStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsOutputStreamBase *tls_stream = G_TLS_OUTPUT_STREAM_BASE (stream);
- GIOStream *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- /* Special case here because this is called by the finalize
- * of the main GTlsConnection object.
- */
- if (conn == NULL)
- return TRUE;
-
- ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_WRITE,
- cancellable, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
-static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsOutputStreamBase *tls_stream = object;
- GError *error = NULL;
- GIOStream *conn;
-
- conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
-
- if (conn && !g_tls_connection_base_close_internal (conn,
- G_TLS_DIRECTION_WRITE,
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-
- if (conn)
- g_object_unref (conn);
-}
-
-
-static void
-g_tls_output_stream_base_close_async (GOutputStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_output_stream_base_close_async);
- g_task_set_priority (task, io_priority);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static gboolean
-g_tls_output_stream_base_close_finish (GOutputStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
- g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
- g_tls_output_stream_base_close_async, FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-static void
-g_tls_output_stream_base_class_init (GTlsOutputStreamBaseClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
-
- g_type_class_add_private (klass, sizeof (GTlsOutputStreamBasePrivate));
-
- gobject_class->dispose = g_tls_output_stream_base_dispose;
- gobject_class->finalize = g_tls_output_stream_base_finalize;
-
- output_stream_class->write_fn = g_tls_output_stream_base_write;
- output_stream_class->close_fn = g_tls_output_stream_base_close;
- output_stream_class->close_async = g_tls_output_stream_base_close_async;
- output_stream_class->close_finish = g_tls_output_stream_base_close_finish;
-}
-
-static void
-g_tls_output_stream_base_pollable_iface_init (GPollableOutputStreamInterface *iface)
-{
- iface->is_writable = g_tls_output_stream_base_pollable_is_writable;
- iface->create_source = g_tls_output_stream_base_pollable_create_source;
- iface->write_nonblocking = g_tls_output_stream_base_pollable_write_nonblocking;
-}
-
-static void
-g_tls_output_stream_base_init (GTlsOutputStreamBase *stream)
-{
- stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBasePrivate);
-}
-
-GOutputStream *
-g_tls_output_stream_base_new (GTlsConnectionBase *conn)
-{
- GTlsOutputStreamBase *tls_stream;
-
- tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_BASE, NULL);
- g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
-
- return G_OUTPUT_STREAM (tls_stream);
-}
+++ /dev/null
-/* GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2010 Red Hat, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2 of the licence or (at
- * your option) any later version.
- *
- * See the included COPYING file for more information.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#ifndef __G_TLS_OUTPUT_STREAM_BASE_H__
-#define __G_TLS_OUTPUT_STREAM_BASE_H__
-
-#include <gio/gio.h>
-#include "gtlsconnection-base.h"
-
-G_BEGIN_DECLS
-
-#define G_TYPE_TLS_OUTPUT_STREAM_BASE (g_tls_output_stream_base_get_type ())
-#define G_TLS_OUTPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBase))
-#define G_TLS_OUTPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBaseClass))
-#define G_IS_TLS_OUTPUT_STREAM_BASE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_OUTPUT_STREAM_BASE))
-#define G_IS_TLS_OUTPUT_STREAM_BASE_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_OUTPUT_STREAM_BASE))
-#define G_TLS_OUTPUT_STREAM_BASE_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_OUTPUT_STREAM_BASE, GTlsOutputStreamBaseClass))
-
-typedef struct _GTlsOutputStreamBasePrivate GTlsOutputStreamBasePrivate;
-typedef struct _GTlsOutputStreamBaseClass GTlsOutputStreamBaseClass;
-typedef struct _GTlsOutputStreamBase GTlsOutputStreamBase;
-
-struct _GTlsOutputStreamBaseClass
-{
- GOutputStreamClass parent_class;
-};
-
-struct _GTlsOutputStreamBase
-{
- GOutputStream parent_instance;
- GTlsOutputStreamBasePrivate *priv;
-};
-
-GType g_tls_output_stream_base_get_type (void) G_GNUC_CONST;
-GOutputStream *g_tls_output_stream_base_new (GTlsConnectionBase *conn);
-
-G_END_DECLS
-
-#endif /* __G_TLS_OUTPUT_STREAM_BASE_H___ */
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2010 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+#include "gtlsoutputstream.h"
+
+#include <glib/gi18n-lib.h>
+
+struct _GTlsOutputStream
+{
+ GOutputStream parent_instance;
+
+ GWeakRef weak_conn;
+};
+
+static void g_tls_output_stream_pollable_iface_init (GPollableOutputStreamInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsOutputStream, g_tls_output_stream, G_TYPE_OUTPUT_STREAM,
+ G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_pollable_iface_init)
+ )
+
+static void
+g_tls_output_stream_dispose (GObject *object)
+{
+ GTlsOutputStream *stream = G_TLS_OUTPUT_STREAM (object);
+
+ g_weak_ref_set (&stream->weak_conn, NULL);
+
+ G_OBJECT_CLASS (g_tls_output_stream_parent_class)->dispose (object);
+}
+
+static void
+g_tls_output_stream_finalize (GObject *object)
+{
+ GTlsOutputStream *stream = G_TLS_OUTPUT_STREAM (object);
+
+ g_weak_ref_clear (&stream->weak_conn);
+
+ G_OBJECT_CLASS (g_tls_output_stream_parent_class)->finalize (object);
+}
+
+static gssize
+g_tls_output_stream_write (GOutputStream *stream,
+ const void *buffer,
+ gsize count,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsOutputStream *tls_stream = G_TLS_OUTPUT_STREAM (stream);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+ _("Connection is closed"));
+ return -1;
+ }
+
+ ret = g_tls_connection_base_write (conn, buffer, count, -1 /* blocking */,
+ cancellable, error);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_output_stream_pollable_is_writable (GPollableOutputStream *pollable)
+{
+ GTlsOutputStream *tls_stream = G_TLS_OUTPUT_STREAM (pollable);
+ GTlsConnectionBase *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ return FALSE;
+
+ ret = g_tls_connection_base_check (conn, G_IO_OUT);
+
+ g_object_unref (conn);
+
+ return ret;
+}
+
+static GSource *
+g_tls_output_stream_pollable_create_source (GPollableOutputStream *pollable,
+ GCancellable *cancellable)
+{
+ GTlsOutputStream *tls_stream = G_TLS_OUTPUT_STREAM (pollable);
+ GTlsConnectionBase *conn;
+ GSource *ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ {
+ ret = g_idle_source_new ();
+ g_source_set_name (ret, "[glib-networking] g_tls_output_stream_pollable_create_source dummy source");
+ return ret;
+ }
+
+ ret = g_tls_connection_base_create_source (conn,
+ G_IO_OUT,
+ cancellable);
+ g_object_unref (conn);
+ return ret;
+}
+
+static gssize
+g_tls_output_stream_pollable_write_nonblocking (GPollableOutputStream *pollable,
+ const void *buffer,
+ gsize size,
+ GError **error)
+{
+ GTlsOutputStream *tls_stream = G_TLS_OUTPUT_STREAM (pollable);
+ GTlsConnectionBase *conn;
+ gssize ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+ if (!conn)
+ {
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
+ _("Connection is closed"));
+ return -1;
+ }
+
+ ret = g_tls_connection_base_write (conn, buffer, size,
+ 0 /* non-blocking */, NULL, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+static gboolean
+g_tls_output_stream_close (GOutputStream *stream,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsOutputStream *tls_stream = G_TLS_OUTPUT_STREAM (stream);
+ GIOStream *conn;
+ gboolean ret;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+
+ if (!conn)
+ return TRUE;
+
+ ret = g_tls_connection_base_close_internal (conn, G_TLS_DIRECTION_WRITE,
+ -1, /* blocking */
+ cancellable, error);
+
+ g_object_unref (conn);
+ return ret;
+}
+
+/* We do async close as synchronous-in-a-thread so we don't need to
+ * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
+ * (since handshakes are also done synchronously now).
+ */
+static void
+close_thread (GTask *task,
+ gpointer object,
+ gpointer task_data,
+ GCancellable *cancellable)
+{
+ GTlsOutputStream *tls_stream = object;
+ GError *error = NULL;
+ GIOStream *conn;
+
+ conn = g_weak_ref_get (&tls_stream->weak_conn);
+
+ if (conn && !g_tls_connection_base_close_internal (conn,
+ G_TLS_DIRECTION_WRITE,
+ -1, /* blocking */
+ cancellable, &error))
+ g_task_return_error (task, error);
+ else
+ g_task_return_boolean (task, TRUE);
+
+ if (conn)
+ g_object_unref (conn);
+}
+
+
+static void
+g_tls_output_stream_close_async (GOutputStream *stream,
+ int io_priority,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GTask *task;
+
+ task = g_task_new (stream, cancellable, callback, user_data);
+ g_task_set_source_tag (task, g_tls_output_stream_close_async);
+ g_task_set_name (task, "[glib-networking] g_tls_output_stream_close_async");
+ g_task_set_priority (task, io_priority);
+ g_task_run_in_thread (task, close_thread);
+ g_object_unref (task);
+}
+
+static gboolean
+g_tls_output_stream_close_finish (GOutputStream *stream,
+ GAsyncResult *result,
+ GError **error)
+{
+ g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == g_tls_output_stream_close_async, FALSE);
+
+ return g_task_propagate_boolean (G_TASK (result), error);
+}
+
+static void
+g_tls_output_stream_class_init (GTlsOutputStreamClass *klass)
+{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
+
+ gobject_class->dispose = g_tls_output_stream_dispose;
+ gobject_class->finalize = g_tls_output_stream_finalize;
+
+ output_stream_class->write_fn = g_tls_output_stream_write;
+ output_stream_class->close_fn = g_tls_output_stream_close;
+ output_stream_class->close_async = g_tls_output_stream_close_async;
+ output_stream_class->close_finish = g_tls_output_stream_close_finish;
+}
+
+static void
+g_tls_output_stream_pollable_iface_init (GPollableOutputStreamInterface *iface)
+{
+ iface->is_writable = g_tls_output_stream_pollable_is_writable;
+ iface->create_source = g_tls_output_stream_pollable_create_source;
+ iface->write_nonblocking = g_tls_output_stream_pollable_write_nonblocking;
+}
+
+static void
+g_tls_output_stream_init (GTlsOutputStream *stream)
+{
+}
+
+GOutputStream *
+g_tls_output_stream_new (GTlsConnectionBase *conn)
+{
+ GTlsOutputStream *tls_stream;
+
+ tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM, NULL);
+ g_weak_ref_init (&tls_stream->weak_conn, conn);
+
+ return G_OUTPUT_STREAM (tls_stream);
+}
/*
* GIO - GLib Input, Output and Streaming Library
*
- * Copyright 2010 Red Hat, Inc.
+ * Copyright 2010 Red Hat, Inc
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_OUTPUT_STREAM_GNUTLS_H__
-#define __G_TLS_OUTPUT_STREAM_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
-#include "gtlsconnection-gnutls.h"
+#include "gtlsconnection-base.h"
G_BEGIN_DECLS
-#define G_TYPE_TLS_OUTPUT_STREAM_GNUTLS (g_tls_output_stream_gnutls_get_type ())
+#define G_TYPE_TLS_OUTPUT_STREAM (g_tls_output_stream_get_type ())
-G_DECLARE_FINAL_TYPE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G, TLS_OUTPUT_STREAM_GNUTLS, GOutputStream)
+G_DECLARE_FINAL_TYPE (GTlsOutputStream, g_tls_output_stream, G, TLS_OUTPUT_STREAM, GOutputStream)
-GOutputStream *g_tls_output_stream_gnutls_new (GTlsConnectionGnutls *conn);
+GOutputStream *g_tls_output_stream_new (GTlsConnectionBase *conn);
G_END_DECLS
-
-#endif /* __G_TLS_OUTPUT_STREAM_GNUTLS_H___ */
-tlsbase_headers = files(
- 'gtlsconnection-base.h',
- 'gtlsinputstream-base.h',
- 'gtlsoutputstream-base.h',
-)
-
tlsbase_sources = files(
'gtlsconnection-base.c',
- 'gtlsinputstream-base.c',
- 'gtlsoutputstream-base.c',
+ 'gtlshttp.c',
+ 'gtlsinputstream.c',
+ 'gtlslog.c',
+ 'gtlsoutputstream.c',
)
tlsbase = static_library('tlsbase',
- tlsbase_sources + tlsbase_headers,
- dependencies: gio_dep,
+ tlsbase_sources,
+ dependencies: [gio_dep, gmodule_dep],
include_directories: top_inc)
tlsbase_dep = declare_dependency(link_with: tlsbase,
/* Leak the module to keep it from being unloaded. */
plugin = g_type_get_plugin (G_TYPE_TLS_BACKEND_GNUTLS);
- if (plugin != NULL)
+ if (plugin)
g_type_plugin_use (plugin);
return NULL;
}
{
}
-static GTlsDatabase*
+static GTlsDatabase *
g_tls_backend_gnutls_get_default_database (GTlsBackend *backend)
{
GTlsBackendGnutls *self = G_TLS_BACKEND_GNUTLS (backend);
iface->get_dtls_server_connection_type = g_tls_server_connection_gnutls_get_type;
}
-/* Session cache support; all the details are sort of arbitrary. Note
- * that having session_cache_cleanup() be a little bit slow isn't the
- * end of the world, since it will still be faster than the network
- * is. (NSS uses a linked list for its cache...)
+/* Session cache support. We try to be careful of TLS session tracking
+ * and so have adopted the recommendations of arXiv:1810.07304 section 6
+ * in using a 10-minute cache lifetime and in never updating the
+ * expiration time of cache entries when they are accessed to ensure a
+ * new session gets used after 10 minutes even if the cached one was
+ * resumed more recently.
+ *
+ * https://arxiv.org/abs/1810.07304
*/
G_LOCK_DEFINE_STATIC (session_cache_lock);
-GHashTable *client_session_cache, *server_session_cache;
+GHashTable *client_session_cache; /* (owned) GBytes -> (owned) GTlsBackendGnutlsCacheData */
#define SESSION_CACHE_MAX_SIZE 50
-#define SESSION_CACHE_MAX_AGE (60 * 60) /* one hour */
+#define SESSION_CACHE_MAX_AGE (10ll * 60ll * G_USEC_PER_SEC) /* ten minutes */
typedef struct {
- GBytes *session_id;
- GBytes *session_data;
- time_t last_used;
+ GQueue *session_tickets; /* (owned) GBytes */
+ gint64 expiration_time;
} GTlsBackendGnutlsCacheData;
static void
GHashTableIter iter;
gpointer key, value;
GTlsBackendGnutlsCacheData *cache_data;
- time_t expired = time (NULL) - SESSION_CACHE_MAX_AGE;
g_hash_table_iter_init (&iter, cache);
while (g_hash_table_iter_next (&iter, &key, &value))
{
cache_data = value;
- if (cache_data->last_used < expired)
+ if (g_get_monotonic_time () > cache_data->expiration_time)
g_hash_table_iter_remove (&iter);
}
}
static void
-cache_data_free (gpointer data)
+cache_data_free (GTlsBackendGnutlsCacheData *data)
{
- GTlsBackendGnutlsCacheData *cache_data = data;
-
- g_bytes_unref (cache_data->session_id);
- g_bytes_unref (cache_data->session_data);
- g_free (cache_data);
+ g_queue_free_full (data->session_tickets, (GDestroyNotify)g_bytes_unref);
+ g_free (data);
}
static GHashTable *
-get_session_cache (unsigned int type,
- gboolean create)
+get_session_cache (gboolean create)
{
- GHashTable **cache_p;
-
- cache_p = (type == GNUTLS_CLIENT) ? &client_session_cache : &server_session_cache;
- if (!*cache_p && create)
+ if (!client_session_cache && create)
{
- *cache_p = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
- NULL, cache_data_free);
+ client_session_cache = g_hash_table_new_full (g_bytes_hash, g_bytes_equal,
+ (GDestroyNotify)g_bytes_unref, (GDestroyNotify)cache_data_free);
}
- return *cache_p;
+ return client_session_cache;
}
void
-g_tls_backend_gnutls_store_session (unsigned int type,
- GBytes *session_id,
- GBytes *session_data)
+g_tls_backend_gnutls_store_session_data (GBytes *session_id,
+ GBytes *session_data)
{
GTlsBackendGnutlsCacheData *cache_data;
GHashTable *cache;
G_LOCK (session_cache_lock);
- cache = get_session_cache (type, TRUE);
+ cache = get_session_cache (TRUE);
cache_data = g_hash_table_lookup (cache, session_id);
- if (cache_data)
- {
- if (!g_bytes_equal (cache_data->session_data, session_data))
- {
- g_bytes_unref (cache_data->session_data);
- cache_data->session_data = g_bytes_ref (session_data);
- }
- }
- else
+ if (!cache_data)
{
if (g_hash_table_size (cache) >= SESSION_CACHE_MAX_SIZE)
session_cache_cleanup (cache);
cache_data = g_new (GTlsBackendGnutlsCacheData, 1);
- cache_data->session_id = g_bytes_ref (session_id);
- cache_data->session_data = g_bytes_ref (session_data);
-
- g_hash_table_insert (cache, cache_data->session_id, cache_data);
+ cache_data->session_tickets = g_queue_new ();
+ g_hash_table_insert (cache, g_bytes_ref (session_id), cache_data);
}
- cache_data->last_used = time (NULL);
- G_UNLOCK (session_cache_lock);
-}
-
-void
-g_tls_backend_gnutls_remove_session (unsigned int type,
- GBytes *session_id)
-{
- GHashTable *cache;
-
- G_LOCK (session_cache_lock);
-
- cache = get_session_cache (type, FALSE);
- if (cache)
- g_hash_table_remove (cache, session_id);
+ g_queue_push_tail (cache_data->session_tickets, g_bytes_ref (session_data));
+ cache_data->expiration_time = g_get_monotonic_time () + SESSION_CACHE_MAX_AGE;
G_UNLOCK (session_cache_lock);
}
GBytes *
-g_tls_backend_gnutls_lookup_session (unsigned int type,
- GBytes *session_id)
+g_tls_backend_gnutls_lookup_session_data (GBytes *session_id)
{
GTlsBackendGnutlsCacheData *cache_data;
GBytes *session_data = NULL;
G_LOCK (session_cache_lock);
- cache = get_session_cache (type, FALSE);
+ cache = get_session_cache (FALSE);
if (cache)
{
cache_data = g_hash_table_lookup (cache, session_id);
if (cache_data)
{
- cache_data->last_used = time (NULL);
- session_data = g_bytes_ref (cache_data->session_data);
+ /* Note that session tickets should be used only once since TLS 1.3,
+ * so we remove from the queue after retrieval. See RFC 8446 §C.4.
+ */
+ session_data = g_queue_pop_head (cache_data->session_tickets);
}
}
g_tls_backend_gnutls_register (GIOModule *module)
{
g_tls_backend_gnutls_register_type (G_TYPE_MODULE (module));
- if (module == NULL)
+ if (!module)
g_io_extension_point_register (G_TLS_BACKEND_EXTENSION_POINT_NAME);
g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
- g_tls_backend_gnutls_get_type(),
+ g_tls_backend_gnutls_get_type (),
"gnutls",
0);
}
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_BACKEND_GNUTLS_H__
-#define __G_TLS_BACKEND_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
#include <gnutls/gnutls.h>
void g_tls_backend_gnutls_register (GIOModule *module);
-void g_tls_backend_gnutls_store_session (unsigned int type,
- GBytes *session_id,
- GBytes *session_data);
-void g_tls_backend_gnutls_remove_session (unsigned int type,
- GBytes *session_id);
-GBytes *g_tls_backend_gnutls_lookup_session (unsigned int type,
- GBytes *session_id);
+void g_tls_backend_gnutls_store_session_data (GBytes *session_id,
+ GBytes *session_data);
+GBytes *g_tls_backend_gnutls_lookup_session_data (GBytes *session_id);
G_END_DECLS
-
-#endif /* __G_TLS_BACKEND_GNUTLS_H___ */
PROP_CERTIFICATE_PEM,
PROP_PRIVATE_KEY,
PROP_PRIVATE_KEY_PEM,
- PROP_ISSUER
+ PROP_ISSUER,
+ PROP_PKCS11_URI,
+ PROP_PRIVATE_KEY_PKCS11_URI,
+ PROP_NOT_VALID_BEFORE,
+ PROP_NOT_VALID_AFTER,
+ PROP_SUBJECT_NAME,
+ PROP_ISSUER_NAME,
+ PROP_DNS_NAMES,
+ PROP_IP_ADDRESSES,
};
struct _GTlsCertificateGnutls
GTlsCertificate parent_instance;
gnutls_x509_crt_t cert;
- gnutls_x509_privkey_t key;
+ gnutls_privkey_t key;
+
+ gchar *pkcs11_uri;
+ gchar *private_key_pkcs11_uri;
GTlsCertificateGnutls *issuer;
GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
g_clear_pointer (&gnutls->cert, gnutls_x509_crt_deinit);
- g_clear_pointer (&gnutls->key, gnutls_x509_privkey_deinit);
+ g_clear_pointer (&gnutls->key, gnutls_privkey_deinit);
+
+ g_clear_pointer (&gnutls->pkcs11_uri, g_free);
+ g_clear_pointer (&gnutls->private_key_pkcs11_uri, g_free);
g_clear_object (&gnutls->issuer);
G_OBJECT_CLASS (g_tls_certificate_gnutls_parent_class)->finalize (object);
}
+static GPtrArray *
+get_subject_alt_names (GTlsCertificateGnutls *cert,
+ gnutls_x509_subject_alt_name_t type)
+{
+ GPtrArray *data = NULL;
+ guint8 *san = NULL;
+ size_t san_size;
+ guint san_type;
+ guint critical;
+ guint i;
+ guint status;
+
+ if (type == GNUTLS_SAN_IPADDRESS)
+ data = g_ptr_array_new_with_free_func (g_object_unref);
+ else
+ data = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
+
+ for (i = 0; ; i++)
+ {
+ san_size = 0;
+ san = NULL;
+ status = gnutls_x509_crt_get_subject_alt_name2 (cert->cert, i, san, &san_size, &san_type, &critical);
+ if (status == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return data;
+ else if (san_type != (guint)type)
+ continue;
+
+ if (san_size == 0)
+ continue;
+
+ san = g_malloc (san_size);
+ status = gnutls_x509_crt_get_subject_alt_name2 (cert->cert, i, san, &san_size, &san_type, &critical);
+ if (status == (guint)type)
+ {
+ if (status == (guint)GNUTLS_SAN_IPADDRESS)
+ {
+ if (san_size == 4)
+ g_ptr_array_add (data, g_inet_address_new_from_bytes (san, G_SOCKET_FAMILY_IPV4));
+ else if (san_size == 16)
+ g_ptr_array_add (data, g_inet_address_new_from_bytes (san, G_SOCKET_FAMILY_IPV6));
+ }
+ else
+ {
+ g_assert (status == (guint)GNUTLS_SAN_DNSNAME);
+ g_ptr_array_add (data, g_bytes_new (san, san_size));
+ }
+ }
+
+ g_free (san);
+ }
+
+ return data;
+}
+
+static void
+export_privkey (GTlsCertificateGnutls *gnutls,
+ gnutls_x509_crt_fmt_t format,
+ void **output_data,
+ size_t *output_size)
+{
+ gnutls_x509_privkey_t x509_privkey = NULL;
+ int status;
+
+ if (!gnutls->key)
+ goto err;
+
+ status = gnutls_privkey_export_x509 (gnutls->key, &x509_privkey);
+ if (status != 0)
+ goto err;
+
+ *output_size = 0;
+ status = gnutls_x509_privkey_export_pkcs8 (x509_privkey,
+ format,
+ NULL, GNUTLS_PKCS_PLAIN,
+ NULL, output_size);
+ if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ goto err;
+
+ *output_data = g_malloc (*output_size);
+ status = gnutls_x509_privkey_export_pkcs8 (x509_privkey,
+ format,
+ NULL, GNUTLS_PKCS_PLAIN,
+ *output_data, output_size);
+ if (status == 0)
+ {
+ gnutls_x509_privkey_deinit (x509_privkey);
+ return;
+ }
+
+ g_free (*output_data);
+
+err:
+ *output_data = NULL;
+ *output_size = 0;
+
+ if (x509_privkey)
+ gnutls_x509_privkey_deinit (x509_privkey);
+}
+
static void
g_tls_certificate_gnutls_get_property (GObject *object,
guint prop_id,
GParamSpec *pspec)
{
GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
- GByteArray *certificate;
- char *certificate_pem;
+ GByteArray *byte_array;
+ char *pem;
+ guint8 *der;
int status;
size_t size;
+ gnutls_x509_dn_t dn;
+ gnutls_datum_t data;
+ time_t time;
switch (prop_id)
{
GNUTLS_X509_FMT_DER,
NULL, &size);
if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
- certificate = NULL;
+ byte_array = NULL;
else
{
- certificate = g_byte_array_sized_new (size);
- certificate->len = size;
+ byte_array = g_byte_array_sized_new (size);
+ byte_array->len = size;
status = gnutls_x509_crt_export (gnutls->cert,
GNUTLS_X509_FMT_DER,
- certificate->data, &size);
+ byte_array->data, &size);
if (status != 0)
{
- g_byte_array_free (certificate, TRUE);
- certificate = NULL;
+ g_byte_array_free (byte_array, TRUE);
+ byte_array = NULL;
}
}
- g_value_take_boxed (value, certificate);
+ g_value_take_boxed (value, byte_array);
break;
case PROP_CERTIFICATE_PEM:
GNUTLS_X509_FMT_PEM,
NULL, &size);
if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
- certificate_pem = NULL;
+ pem = NULL;
else
{
- certificate_pem = g_malloc (size);
+ pem = g_malloc (size);
status = gnutls_x509_crt_export (gnutls->cert,
GNUTLS_X509_FMT_PEM,
- certificate_pem, &size);
+ pem, &size);
if (status != 0)
- {
- g_free (certificate_pem);
- certificate_pem = NULL;
- }
+ g_clear_pointer (&pem, g_free);
+ }
+ g_value_take_string (value, pem);
+ break;
+
+ case PROP_PRIVATE_KEY:
+ export_privkey (gnutls, GNUTLS_X509_FMT_DER, (void **)&der, &size);
+ if (size > 0 && size <= G_MAXUINT)
+ {
+ byte_array = g_byte_array_new_take (der, size);
+ g_value_take_boxed (value, byte_array);
}
- g_value_take_string (value, certificate_pem);
+ break;
+
+ case PROP_PRIVATE_KEY_PEM:
+ export_privkey (gnutls, GNUTLS_X509_FMT_PEM, (void **)&pem, &size);
+ if (size > 0)
+ g_value_take_string (value, pem);
break;
case PROP_ISSUER:
g_value_set_object (value, gnutls->issuer);
break;
+ case PROP_PKCS11_URI:
+ g_value_set_string (value, gnutls->pkcs11_uri);
+ break;
+
+ case PROP_PRIVATE_KEY_PKCS11_URI:
+ g_value_set_string (value, gnutls->private_key_pkcs11_uri);
+ break;
+
+ case PROP_NOT_VALID_BEFORE:
+ time = gnutls_x509_crt_get_activation_time (gnutls->cert);
+ if (time != (time_t)-1)
+ g_value_take_boxed (value, g_date_time_new_from_unix_utc (time));
+ break;
+
+ case PROP_NOT_VALID_AFTER:
+ time = gnutls_x509_crt_get_expiration_time (gnutls->cert);
+ if (time != (time_t)-1)
+ g_value_take_boxed (value, g_date_time_new_from_unix_utc (time));
+ break;
+
+ case PROP_SUBJECT_NAME:
+ status = gnutls_x509_crt_get_subject (gnutls->cert, &dn);
+ if (status != GNUTLS_E_SUCCESS)
+ return;
+
+ status = gnutls_x509_dn_get_str (dn, &data);
+ if (status != GNUTLS_E_SUCCESS)
+ return;
+
+ g_value_take_string (value, g_strndup ((gchar *)data.data, data.size));
+ gnutls_free (data.data);
+ break;
+
+ case PROP_ISSUER_NAME:
+ status = gnutls_x509_crt_get_issuer (gnutls->cert, &dn);
+ if (status != GNUTLS_E_SUCCESS)
+ return;
+
+ status = gnutls_x509_dn_get_str (dn, &data);
+ if (status != GNUTLS_E_SUCCESS)
+ return;
+
+ g_value_take_string (value, g_strndup ((gchar *)data.data, data.size));
+ gnutls_free (data.data);
+ break;
+
+ case PROP_DNS_NAMES:
+ g_value_take_boxed (value, get_subject_alt_names (gnutls, GNUTLS_SAN_DNSNAME));
+ break;
+
+ case PROP_IP_ADDRESSES:
+ g_value_take_boxed (value, get_subject_alt_names (gnutls, GNUTLS_SAN_IPADDRESS));
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
}
data.data = bytes->data;
data.size = bytes->len;
if (!gnutls->key)
- gnutls_x509_privkey_init (&gnutls->key);
- status = gnutls_x509_privkey_import (gnutls->key, &data,
- GNUTLS_X509_FMT_DER);
- if (status != 0)
- {
- int pkcs8_status =
- gnutls_x509_privkey_import_pkcs8 (gnutls->key, &data,
- GNUTLS_X509_FMT_DER, NULL,
- GNUTLS_PKCS_PLAIN);
- if (pkcs8_status == 0)
- status = 0;
- }
+ gnutls_privkey_init (&gnutls->key);
+ status = gnutls_privkey_import_x509_raw (gnutls->key, &data,
+ GNUTLS_X509_FMT_DER,
+ NULL, GNUTLS_PKCS_PLAIN);
if (status == 0)
gnutls->have_key = TRUE;
else if (!gnutls->construct_error)
data.data = (void *)string;
data.size = strlen (string);
if (!gnutls->key)
- gnutls_x509_privkey_init (&gnutls->key);
- status = gnutls_x509_privkey_import (gnutls->key, &data,
- GNUTLS_X509_FMT_PEM);
- if (status != 0)
- {
- int pkcs8_status =
- gnutls_x509_privkey_import_pkcs8 (gnutls->key, &data,
- GNUTLS_X509_FMT_PEM, NULL,
- GNUTLS_PKCS_PLAIN);
- if (pkcs8_status == 0)
- status = 0;
- }
+ gnutls_privkey_init (&gnutls->key);
+ status = gnutls_privkey_import_x509_raw (gnutls->key, &data,
+ GNUTLS_X509_FMT_PEM,
+ NULL, GNUTLS_PKCS_PLAIN);
if (status == 0)
gnutls->have_key = TRUE;
else if (!gnutls->construct_error)
gnutls->issuer = g_value_dup_object (value);
break;
+ case PROP_PKCS11_URI:
+ string = g_value_get_string (value);
+ if (!string)
+ break;
+ g_return_if_fail (gnutls->have_cert == FALSE);
+ g_return_if_fail (!gnutls->pkcs11_uri);
+
+ gnutls->pkcs11_uri = g_strdup (string);
+
+ status = gnutls_x509_crt_import_url (gnutls->cert, string, GNUTLS_PKCS11_OBJ_FLAG_CRT);
+ if (status == GNUTLS_E_SUCCESS)
+ {
+ gnutls->have_cert = TRUE;
+ }
+ else if (!gnutls->construct_error)
+ {
+ gnutls->construct_error =
+ g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Could not import PKCS #11 certificate URI: %s"),
+ gnutls_strerror (status));
+ }
+ break;
+
+ case PROP_PRIVATE_KEY_PKCS11_URI:
+ string = g_value_get_string (value);
+ if (!string)
+ break;
+ g_return_if_fail (gnutls->have_key == FALSE);
+ g_return_if_fail (!gnutls->private_key_pkcs11_uri);
+
+ gnutls->private_key_pkcs11_uri = g_strdup (string);
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
}
guint num_certs, i;
gnutls_x509_crt_t *chain;
GTlsCertificateFlags gtls_flags;
+ GError *error = NULL;
cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
num_certs = 0;
g_free (chain);
if (identity)
- gtls_flags |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (cert), identity);
+ {
+ gtls_flags |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (cert), identity, &error);
+ if (error)
+ {
+ g_warning ("Error verifying TLS certificate: %s", error->message);
+ g_error_free (error);
+ }
+ }
return gtls_flags;
}
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer");
+ g_object_class_override_property (gobject_class, PROP_PKCS11_URI, "pkcs11-uri");
+ g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PKCS11_URI, "private-key-pkcs11-uri");
+ g_object_class_override_property (gobject_class, PROP_NOT_VALID_BEFORE, "not-valid-before");
+ g_object_class_override_property (gobject_class, PROP_NOT_VALID_AFTER, "not-valid-after");
+ g_object_class_override_property (gobject_class, PROP_SUBJECT_NAME, "subject-name");
+ g_object_class_override_property (gobject_class, PROP_ISSUER_NAME, "issuer-name");
+ g_object_class_override_property (gobject_class, PROP_DNS_NAMES, "dns-names");
+ g_object_class_override_property (gobject_class, PROP_IP_ADDRESSES, "ip-addresses");
}
static void
}
gboolean
+g_tls_certificate_gnutls_is_pkcs11_backed (GTlsCertificateGnutls *gnutls)
+{
+ return gnutls->pkcs11_uri != NULL;
+}
+
+gboolean
g_tls_certificate_gnutls_has_key (GTlsCertificateGnutls *gnutls)
{
return gnutls->have_key;
int status;
g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls));
- g_return_if_fail (pcert != NULL);
- g_return_if_fail (pcert_length != NULL);
- g_return_if_fail (pkey != NULL);
+ g_return_if_fail (pcert);
+ g_return_if_fail (pcert_length);
+ g_return_if_fail (pkey);
/* We will do this loop twice. It's probably more efficient than
* re-allocating memory.
*/
chain = gnutls;
- while (chain != NULL)
+ while (chain)
{
num_certs++;
chain = chain->issuer;
/* Now do the actual copy of the whole chain. */
chain = gnutls;
- while (chain != NULL)
+ while (chain)
{
gnutls_x509_crt_t cert;
gnutls_datum_t data;
chain = chain->issuer;
}
- if (gnutls->key != NULL)
- {
- gnutls_x509_privkey_t x509_privkey;
- gnutls_privkey_t privkey;
+ if (gnutls->key)
+ {
+ gnutls_x509_privkey_t x509_privkey;
- gnutls_x509_privkey_init (&x509_privkey);
- gnutls_x509_privkey_cpy (x509_privkey, gnutls->key);
+ gnutls_privkey_export_x509 (gnutls->key, &x509_privkey);
+ gnutls_privkey_import_x509 (*pkey, x509_privkey, GNUTLS_PRIVKEY_IMPORT_COPY);
+ gnutls_x509_privkey_deinit (x509_privkey);
+ }
+ else if (gnutls->private_key_pkcs11_uri || gnutls->pkcs11_uri)
+ {
+ int status;
- gnutls_privkey_init (&privkey);
- gnutls_privkey_import_x509 (privkey, x509_privkey, GNUTLS_PRIVKEY_IMPORT_COPY);
- *pkey = privkey;
- gnutls_x509_privkey_deinit (x509_privkey);
- }
- else
- {
- *pkey = NULL;
- }
+ status = gnutls_privkey_import_pkcs11_url (*pkey,
+ gnutls->private_key_pkcs11_uri ? gnutls->private_key_pkcs11_uri : gnutls->pkcs11_uri);
+ if (status != GNUTLS_E_SUCCESS)
+ {
+ gnutls_privkey_deinit (*pkey);
+ *pkey = NULL;
+ g_info ("Failed to copy PKCS #11 private key: %s", gnutls_strerror (status));
+ }
+ }
+ else
+ {
+ gnutls_privkey_deinit (*pkey);
+ *pkey = NULL;
+ }
}
void
unsigned int pcert_length,
gnutls_privkey_t pkey)
{
- if (pcert != NULL)
+ if (pcert)
{
for (unsigned int i = 0; i < pcert_length; i++)
gnutls_pcert_deinit (&pcert[i]);
g_free (pcert);
}
- if (pkey != NULL)
+ if (pkey)
gnutls_privkey_deinit (pkey);
}
return gtls_flags;
}
-static gboolean
-verify_identity_hostname (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
+GTlsCertificateFlags
+g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
+ GSocketConnectable *identity,
+ GError **error)
{
+ GTlsCertificateFlags result = 0;
const char *hostname;
+ char *free_hostname = NULL;
if (G_IS_NETWORK_ADDRESS (identity))
hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
else if (G_IS_NETWORK_SERVICE (identity))
hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
- else
- return FALSE;
-
- return gnutls_x509_crt_check_hostname (gnutls->cert, hostname);
-}
-
-static gboolean
-verify_identity_ip (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
-{
- GInetAddress *addr;
- int i, ret = 0;
- gsize addr_size;
- const guint8 *addr_bytes;
-
- if (G_IS_INET_SOCKET_ADDRESS (identity))
- addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)));
- else {
- const char *hostname;
-
- if (G_IS_NETWORK_ADDRESS (identity))
- hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
- else if (G_IS_NETWORK_SERVICE (identity))
- hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
- else
- return FALSE;
-
- addr = g_inet_address_new_from_string (hostname);
- if (!addr)
- return FALSE;
- }
-
- addr_bytes = g_inet_address_to_bytes (addr);
- addr_size = g_inet_address_get_native_size (addr);
-
- for (i = 0; ret >= 0; i++)
+ else if (G_IS_INET_SOCKET_ADDRESS (identity))
{
- char san[500];
- size_t san_size;
+ GInetAddress *addr;
- san_size = sizeof (san);
- ret = gnutls_x509_crt_get_subject_alt_name (gnutls->cert, i,
- san, &san_size, NULL);
-
- if ((ret == GNUTLS_SAN_IPADDRESS) && (addr_size == san_size))
- {
- if (memcmp (addr_bytes, san, addr_size) == 0)
- {
- g_object_unref (addr);
- return TRUE;
- }
- }
+ addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
+ hostname = free_hostname = g_inet_address_to_string (addr);
+ }
+ else
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Cannot verify peer identity of unexpected type %s"), G_OBJECT_TYPE_NAME (identity));
+ return G_TLS_CERTIFICATE_BAD_IDENTITY;
}
- g_object_unref (addr);
- return FALSE;
-}
-
-GTlsCertificateFlags
-g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity)
-{
- if (verify_identity_hostname (gnutls, identity))
- return 0;
- else if (verify_identity_ip (gnutls, identity))
- return 0;
+ g_assert (hostname);
+ if (!gnutls_x509_crt_check_hostname (gnutls->cert, hostname))
+ result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
- /* FIXME: check sRVName and uniformResourceIdentifier
- * subjectAltNames, if appropriate for @identity.
- */
+ g_free (free_hostname);
- return G_TLS_CERTIFICATE_BAD_IDENTITY;
+ return result;
}
void
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_CERTIFICATE_GNUTLS_H__
-#define __G_TLS_CERTIFICATE_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
#include <gnutls/abstract.h>
const gnutls_x509_crt_t g_tls_certificate_gnutls_get_cert (GTlsCertificateGnutls *gnutls);
gboolean g_tls_certificate_gnutls_has_key (GTlsCertificateGnutls *gnutls);
+gboolean g_tls_certificate_gnutls_is_pkcs11_backed (GTlsCertificateGnutls *gnutls);
void g_tls_certificate_gnutls_copy (GTlsCertificateGnutls *gnutls,
const gchar *interaction_id,
unsigned int pcert_length,
gnutls_privkey_t pkey);
-GTlsCertificateFlags g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
- GSocketConnectable *identity);
+GTlsCertificateFlags g_tls_certificate_gnutls_verify_identity (GTlsCertificateGnutls *gnutls,
+ GSocketConnectable *identity,
+ GError **error);
GTlsCertificateFlags g_tls_certificate_gnutls_convert_flags (guint gnutls_flags);
gnutls_x509_crt_fmt_t format);
G_END_DECLS
-
-#endif /* __G_TLS_CERTIFICATE_GNUTLS_H___ */
#include <gnutls/x509.h>
#include <string.h>
+#include "gtlsconnection-base.h"
#include "gtlsclientconnection-gnutls.h"
#include "gtlsbackend-gnutls.h"
#include "gtlscertificate-gnutls.h"
GTlsCertificateFlags validation_flags;
GSocketConnectable *server_identity;
gboolean use_ssl3;
- gboolean session_data_override;
+ /* session_data is either the session ticket that was used to resume this
+ * connection, or the most recent session ticket received from the server.
+ * Because session ticket reuse is generally undesirable, it should only be
+ * accessed if session_data_override is set.
+ */
GBytes *session_id;
GBytes *session_data;
+ gboolean session_data_override;
- gboolean requested_cert_missing;
- GError *cert_error;
GPtrArray *accepted_cas;
+ gboolean accepted_cas_changed;
gnutls_pcert_st *pcert;
unsigned int pcert_length;
gnutls_privkey_t pkey;
};
-static void g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface);
+static void g_tls_client_connection_gnutls_initable_interface_init (GInitableIface *iface);
static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface *iface);
static void g_tls_client_connection_gnutls_dtls_client_connection_interface_init (GDtlsClientConnectionInterface *iface);
-static int g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t session,
- const gnutls_datum_t *req_ca_rdn,
- int nreqs,
- const gnutls_pk_algorithm_t *pk_algos,
- int pk_algos_length,
- gnutls_pcert_st **pcert,
- unsigned int *pcert_length,
- gnutls_privkey_t *pkey);
+static int g_tls_client_connection_gnutls_handshake_thread_retrieve_function (gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn,
+ int nreqs,
+ const gnutls_pk_algorithm_t *pk_algos,
+ int pk_algos_length,
+ gnutls_pcert_st **pcert,
+ unsigned int *pcert_length,
+ gnutls_privkey_t *pkey);
static GInitableIface *g_tls_client_connection_gnutls_parent_initable_iface;
g_tls_client_connection_gnutls_dtls_client_connection_interface_init));
static void
-clear_gnutls_certificate_copy (GTlsClientConnectionGnutls *gnutls)
+clear_gnutls_certificate_copy (gnutls_pcert_st **pcert,
+ guint *pcert_length,
+ gnutls_privkey_t *pkey)
{
- g_tls_certificate_gnutls_copy_free (gnutls->pcert, gnutls->pcert_length, gnutls->pkey);
+ g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
- gnutls->pcert = NULL;
- gnutls->pcert_length = 0;
- gnutls->pkey = NULL;
+ *pcert = NULL;
+ *pcert_length = 0;
+ *pkey = NULL;
}
static void
g_tls_client_connection_gnutls_init (GTlsClientConnectionGnutls *gnutls)
{
- gnutls_certificate_credentials_t creds;
-
- creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_certificate_set_retrieve_function2 (creds, g_tls_client_connection_gnutls_retrieve_function);
}
static const gchar *
GInetAddress *iaddr;
guint port;
- /* Create a TLS session ID. We base it on the IP address since
+ /* The testsuite expects handshakes to actually happen. E.g. a test might
+ * check to see that a handshake succeeds and then later check that a new
+ * handshake fails. If we get really unlucky and the same port number is
+ * reused for the server socket between connections, then we'll accidentally
+ * resume the old session and skip certificate verification. Such failures
+ * are difficult to debug because they require running the tests hundreds of
+ * times simultaneously to reproduce (the port number does not get reused
+ * quickly enough if the tests are run sequentially).
+ *
+ * So session resumption will just need to be tested manually.
+ */
+ if (g_test_initialized ())
+ return;
+
+ /* Create a TLS "session ID." We base it on the IP address since
* different hosts serving the same hostname/service will probably
* not share the same session cache. We base it on the
* server-identity because at least some servers will fail (rather
* than just failing to resume the session) if we don't.
* (https://bugs.launchpad.net/bugs/823325)
+ *
+ * Note that our session IDs have no relation to TLS protocol
+ * session IDs, e.g. as provided by gnutls_session_get_id2(). Unlike
+ * our session IDs, actual TLS session IDs can no longer be used for
+ * session resumption.
*/
g_object_get (G_OBJECT (gnutls), "base-io-stream", &base_conn, NULL);
if (G_IS_SOCKET_CONNECTION (base_conn))
/* If we have a certificate, make its hash part of the session ID, so
* that different connections to the same server can use different
- * certificates. */
+ * certificates.
+ */
g_object_get (G_OBJECT (gnutls), "certificate", &cert, NULL);
if (cert)
{
g_clear_object (&base_conn);
}
+static int
+handshake_thread_session_ticket_received_cb (gnutls_session_t session,
+ guint htype,
+ guint when,
+ guint incoming,
+ const gnutls_datum_t *msg)
+{
+ GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls_session_get_ptr (session));
+ gnutls_datum_t session_datum;
+
+ if (gnutls_session_get_data2 (session, &session_datum) == GNUTLS_E_SUCCESS)
+ {
+ g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+ gnutls->session_data = g_bytes_new_with_free_func (session_datum.data,
+ session_datum.size,
+ (GDestroyNotify)gnutls_free,
+ session_datum.data);
+
+ if (gnutls->session_id)
+ {
+ g_tls_backend_gnutls_store_session_data (gnutls->session_id,
+ gnutls->session_data);
+ }
+ }
+
+ return 0;
+}
+
static void
g_tls_client_connection_gnutls_finalize (GObject *object)
{
g_clear_pointer (&gnutls->accepted_cas, g_ptr_array_unref);
g_clear_pointer (&gnutls->session_id, g_bytes_unref);
g_clear_pointer (&gnutls->session_data, g_bytes_unref);
- g_clear_error (&gnutls->cert_error);
- clear_gnutls_certificate_copy (gnutls);
+ clear_gnutls_certificate_copy (&gnutls->pcert, &gnutls->pcert_length, &gnutls->pkey);
G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->finalize (object);
}
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
gnutls_session_t session;
const gchar *hostname;
+ gnutls_certificate_credentials_t creds;
- if (!g_tls_client_connection_gnutls_parent_initable_iface->
- init (initable, cancellable, error))
+ if (!g_tls_client_connection_gnutls_parent_initable_iface->init (initable, cancellable, error))
return FALSE;
+ creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
+ gnutls_certificate_set_retrieve_function2 (creds, g_tls_client_connection_gnutls_handshake_thread_retrieve_function);
+
session = g_tls_connection_gnutls_get_session (gnutls);
hostname = get_server_identity (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
if (hostname)
g_free (normalized_hostname);
}
+ gnutls_handshake_set_hook_function (session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
+ GNUTLS_HOOK_POST, handshake_thread_session_ticket_received_cb);
+
return TRUE;
}
gnutls->server_identity = g_value_dup_object (value);
hostname = get_server_identity (gnutls);
- if (hostname)
+ if (hostname && !g_hostname_is_ip_address (hostname))
{
gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
* initialization */
if (session)
{
+ gchar *normalized_hostname = g_strdup (hostname);
+
+ if (hostname[strlen (hostname) - 1] == '.')
+ normalized_hostname[strlen (hostname) - 1] = '\0';
+
gnutls_server_name_set (session, GNUTLS_NAME_DNS,
- hostname, strlen (hostname));
+ normalized_hostname, strlen (normalized_hostname));
+
+ g_free (normalized_hostname);
}
}
break;
}
static int
-g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t session,
- const gnutls_datum_t *req_ca_rdn,
- int nreqs,
- const gnutls_pk_algorithm_t *pk_algos,
- int pk_algos_length,
- gnutls_pcert_st **pcert,
- unsigned int *pcert_length,
- gnutls_privkey_t *pkey)
+g_tls_client_connection_gnutls_handshake_thread_retrieve_function (gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn,
+ int nreqs,
+ const gnutls_pk_algorithm_t *pk_algos,
+ int pk_algos_length,
+ gnutls_pcert_st **pcert,
+ unsigned int *pcert_length,
+ gnutls_privkey_t *pkey)
{
+ GTlsConnectionBase *tls = gnutls_transport_get_ptr (session);
GTlsClientConnectionGnutls *gnutls = gnutls_transport_get_ptr (session);
GTlsConnectionGnutls *conn = G_TLS_CONNECTION_GNUTLS (gnutls);
GPtrArray *accepted_cas;
+ gboolean had_accepted_cas;
GByteArray *dn;
int i;
* the algorithms given in pk_algos.
*/
+ had_accepted_cas = gnutls->accepted_cas != NULL;
+
accepted_cas = g_ptr_array_new_with_free_func ((GDestroyNotify)g_byte_array_unref);
for (i = 0; i < nreqs; i++)
{
if (gnutls->accepted_cas)
g_ptr_array_unref (gnutls->accepted_cas);
gnutls->accepted_cas = accepted_cas;
- g_object_notify (G_OBJECT (gnutls), "accepted-cas");
- clear_gnutls_certificate_copy (gnutls);
- g_tls_connection_gnutls_get_certificate (conn, pcert, pcert_length, pkey);
+ gnutls->accepted_cas_changed = gnutls->accepted_cas || had_accepted_cas;
+
+ clear_gnutls_certificate_copy (&gnutls->pcert, &gnutls->pcert_length, &gnutls->pkey);
+ g_tls_connection_gnutls_handshake_thread_get_certificate (conn, pcert, pcert_length, pkey);
if (*pcert_length == 0)
{
- g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
- g_clear_error (&gnutls->cert_error);
+ clear_gnutls_certificate_copy (pcert, pcert_length, pkey);
- if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->cert_error))
- g_tls_connection_gnutls_get_certificate (conn, pcert, pcert_length, pkey);
+ if (g_tls_connection_base_handshake_thread_request_certificate (tls))
+ g_tls_connection_gnutls_handshake_thread_get_certificate (conn, pcert, pcert_length, pkey);
if (*pcert_length == 0)
{
- g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
+ clear_gnutls_certificate_copy (pcert, pcert_length, pkey);
/* If there is still no client certificate, this connection will
- * probably fail, but no reason to give up: let's try anyway.
+ * probably fail, but we must not give up yet. The certificate might
+ * be optional, e.g. if the server is using
+ * G_TLS_AUTHENTICATION_REQUESTED, not G_TLS_AUTHENTICATION_REQUIRED.
*/
- gnutls->requested_cert_missing = TRUE;
+ g_tls_connection_base_handshake_thread_set_missing_requested_client_certificate (tls);
return 0;
}
}
- if (*pkey == NULL)
+ if (!*pkey)
{
- g_tls_certificate_gnutls_copy_free (*pcert, *pcert_length, *pkey);
+ clear_gnutls_certificate_copy (pcert, pcert_length, pkey);
/* No private key. GnuTLS expects it to be non-null if pcert_length is
* nonzero, so we have to abort now.
*/
- gnutls->requested_cert_missing = TRUE;
+ g_tls_connection_base_handshake_thread_set_missing_requested_client_certificate (tls);
return -1;
}
+ /* We'll assume ownership. The return values are unowned. */
gnutls->pcert = *pcert;
gnutls->pcert_length = *pcert_length;
gnutls->pkey = *pkey;
}
static void
-g_tls_client_connection_gnutls_failed (GTlsConnectionGnutls *conn)
+g_tls_client_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
+ gchar **advertised_protocols)
{
- GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
-
- gnutls->session_data_override = FALSE;
- g_clear_pointer (&gnutls->session_data, g_bytes_unref);
- if (gnutls->session_id)
- g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id);
-}
-
-static void
-g_tls_client_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
-{
- GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
+ GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (tls);
g_tls_client_connection_gnutls_compute_session_id (gnutls);
- /* Try to get a cached session */
if (gnutls->session_data_override)
{
- gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
+ g_assert (gnutls->session_data);
+ gnutls_session_set_data (g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls)),
g_bytes_get_data (gnutls->session_data, NULL),
g_bytes_get_size (gnutls->session_data));
}
{
GBytes *session_data;
- session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_CLIENT, gnutls->session_id);
+ session_data = g_tls_backend_gnutls_lookup_session_data (gnutls->session_id);
if (session_data)
{
- gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
+ gnutls_session_set_data (g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls)),
g_bytes_get_data (session_data, NULL),
g_bytes_get_size (session_data));
g_clear_pointer (&gnutls->session_data, g_bytes_unref);
- gnutls->session_data = session_data;
+ gnutls->session_data = g_steal_pointer (&session_data);
}
}
- gnutls->requested_cert_missing = FALSE;
+ G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_gnutls_parent_class)->
+ prepare_handshake (tls, advertised_protocols);
}
static void
-g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls *conn,
- GError **inout_error)
+g_tls_client_connection_gnutls_complete_handshake (GTlsConnectionBase *tls,
+ gboolean handshake_succeeded,
+ gchar **negotiated_protocol,
+ GTlsProtocolVersion *protocol_version,
+ gchar **ciphersuite_name,
+ GError **error)
{
- GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
- int resumed;
-
- g_assert (inout_error != NULL);
+ GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (tls);
+ gnutls_session_t session;
+ gnutls_protocol_t version;
- if (*inout_error != NULL && gnutls->requested_cert_missing)
- {
- g_clear_error (inout_error);
- if (gnutls->cert_error)
- {
- *inout_error = gnutls->cert_error;
- gnutls->cert_error = NULL;
- }
- else
- {
- g_set_error_literal (inout_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
- _("Server required TLS certificate"));
- }
- }
+ G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_gnutls_parent_class)->complete_handshake (tls,
+ handshake_succeeded,
+ negotiated_protocol,
+ protocol_version,
+ ciphersuite_name,
+ error);
- resumed = gnutls_session_is_resumed (g_tls_connection_gnutls_get_session (conn));
- if (*inout_error || !resumed)
- {
- /* Clear session data since the server did not accept what we provided. */
- gnutls->session_data_override = FALSE;
- g_clear_pointer (&gnutls->session_data, g_bytes_unref);
- if (gnutls->session_id)
- g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id);
- }
+ /* It may have changed during the handshake, but we have to wait until here
+ * because we can't emit notifies on the handshake thread.
+ */
+ if (gnutls->accepted_cas_changed)
+ g_object_notify (G_OBJECT (gnutls), "accepted-cas");
- if (!*inout_error && !resumed)
+ if (handshake_succeeded)
{
- gnutls_datum_t session_datum;
-
- if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
- &session_datum) == 0)
+ /* If we're not using TLS 1.3, store the session ticket here. We
+ * don't normally perform session resumption in TLS 1.2, but we still
+ * support it if the application calls copy_session_state() (which
+ * doesn't exist for DTLS, so do this for TLS only).
+ *
+ * Note to distant future: remove this when dropping TLS 1.2 support.
+ */
+ session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls));
+ version = gnutls_protocol_get_version (session);
+ if (version <= GNUTLS_TLS1_2 && !g_tls_connection_base_is_dtls (tls))
{
- gnutls->session_data = g_bytes_new_with_free_func (session_datum.data,
- session_datum.size,
- (GDestroyNotify)gnutls_free,
- session_datum.data);
-
- if (gnutls->session_id)
- g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
- gnutls->session_id,
- gnutls->session_data);
+ gnutls_datum_t session_datum;
+
+ if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls)),
+ &session_datum) == 0)
+ {
+ g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+ gnutls->session_data = g_bytes_new_with_free_func (session_datum.data,
+ session_datum.size,
+ (GDestroyNotify)gnutls_free,
+ session_datum.data);
+ }
}
- }
+ }
}
static void
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
GTlsClientConnectionGnutls *gnutls_source = G_TLS_CLIENT_CONNECTION_GNUTLS (source);
- if (gnutls_source->session_data)
+ /* Precondition: source has handshaked, conn has not. */
+ g_return_if_fail (!gnutls->session_id);
+ g_return_if_fail (gnutls_source->session_id);
+ g_return_if_fail (!gnutls->session_data);
+
+ /* Prefer to use a new session ticket, if possible. */
+ gnutls->session_data = g_tls_backend_gnutls_lookup_session_data (gnutls_source->session_id);
+
+ if (!gnutls->session_data && gnutls_source->session_data)
{
- gnutls->session_data_override = TRUE;
+ /* If it's not possible, we'll try to reuse the old ticket, even though
+ * this is a privacy risk. Applications should not use this function
+ * unless they need us to try as hard as possible to resume a session,
+ * even at the cost of privacy.
+ */
gnutls->session_data = g_bytes_ref (gnutls_source->session_data);
-
- if (gnutls->session_id)
- g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
- gnutls->session_id,
- gnutls->session_data);
}
+
+ gnutls->session_data_override = !!gnutls->session_data;
+}
+
+static void
+g_tls_client_connection_gnutls_update_credentials (GTlsConnectionGnutls *gnutls,
+ gnutls_certificate_credentials_t credentials)
+{
+ gnutls_certificate_set_retrieve_function2 (credentials, g_tls_client_connection_gnutls_handshake_thread_retrieve_function);
}
static void
g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+ GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
gobject_class->get_property = g_tls_client_connection_gnutls_get_property;
gobject_class->set_property = g_tls_client_connection_gnutls_set_property;
gobject_class->finalize = g_tls_client_connection_gnutls_finalize;
- connection_gnutls_class->failed = g_tls_client_connection_gnutls_failed;
- connection_gnutls_class->begin_handshake = g_tls_client_connection_gnutls_begin_handshake;
- connection_gnutls_class->finish_handshake = g_tls_client_connection_gnutls_finish_handshake;
+ base_class->prepare_handshake = g_tls_client_connection_gnutls_prepare_handshake;
+ base_class->complete_handshake = g_tls_client_connection_gnutls_complete_handshake;
+
+ gnutls_class->update_credentials = g_tls_client_connection_gnutls_update_credentials;
g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_CLIENT_CONNECTION_GNUTLS_H__
-#define __G_TLS_CLIENT_CONNECTION_GNUTLS_H__
+#pragma once
#include "gtlsconnection-gnutls.h"
G_DECLARE_FINAL_TYPE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G, TLS_CLIENT_CONNECTION_GNUTLS, GTlsConnectionGnutls)
G_END_DECLS
-
-#endif /* __G_TLS_CLIENT_CONNECTION_GNUTLS_H___ */
#include "gtlsbackend-gnutls.h"
#include "gtlscertificate-gnutls.h"
#include "gtlsclientconnection-gnutls.h"
-#include "gtlsinputstream-gnutls.h"
-#include "gtlsoutputstream-gnutls.h"
-#include "gtlsserverconnection-gnutls.h"
+#include "gtlsdatabase-gnutls.h"
+#include "gtlslog.h"
+#include "gtlsgnutls-version.h"
#ifdef G_OS_WIN32
#include <winsock2.h>
#include <glib/gi18n-lib.h>
#include <glib/gprintf.h>
-/*
- * GTlsConnectionGnutls is the base abstract implementation of TLS and DTLS
- * support, for both the client and server side of a connection. The choice
- * between TLS and DTLS is made by setting the base-io-stream or
- * base-socket properties — exactly one of them must be set at
- * construction time.
- *
- * Client and server specific code is in the GTlsClientConnectionGnutls and
- * GTlsServerConnectionGnutls concrete subclasses, although the line about where
- * code is put is a little blurry, and there are various places in
- * GTlsConnectionGnutls which check G_IS_TLS_CLIENT_CONNECTION(self) to switch
- * to a client-only code path.
- *
- * This abstract class implements a lot of interfaces:
- * • Derived from GTlsConnection (itself from GIOStream), for TLS and streaming
- * communications.
- * • Implements GDtlsConnection and GDatagramBased, for DTLS and datagram
- * communications.
- * • Implements GInitable for failable GnuTLS initialisation.
- *
- * The GTlsClientConnectionGnutls and GTlsServerConnectionGnutls subclasses are
- * both derived from GTlsConnectionGnutls (and hence GIOStream), and both
- * implement the relevant TLS and DTLS interfaces:
- * • GTlsClientConnection
- * • GDtlsClientConnection
- * • GTlsServerConnection
- * • GDtlsServerConnection
- */
-
static ssize_t g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t transport_data,
const void *buf,
size_t buflen);
static int g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data,
unsigned int ms);
-
-static void g_tls_connection_gnutls_initable_iface_init (GInitableIface *iface);
-static gboolean g_tls_connection_gnutls_initable_init (GInitable *initable,
- GCancellable *cancellable,
- GError **error);
-static void g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface);
-static void g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *iface);
-
-static void g_tls_connection_gnutls_init_priorities (void);
+static void g_tls_connection_gnutls_initable_iface_init (GInitableIface *iface);
static int verify_certificate_cb (gnutls_session_t session);
-static gboolean do_implicit_handshake (GTlsConnectionGnutls *gnutls,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error);
-static gboolean finish_handshake (GTlsConnectionGnutls *gnutls,
- GTask *task,
- GError **error);
-
-enum
-{
- PROP_0,
- /* For this class: */
- PROP_BASE_IO_STREAM,
- PROP_BASE_SOCKET,
- /* For GTlsConnection and GDtlsConnection: */
- PROP_REQUIRE_CLOSE_NOTIFY,
- PROP_REHANDSHAKE_MODE,
- PROP_USE_SYSTEM_CERTDB,
- PROP_DATABASE,
- PROP_CERTIFICATE,
- PROP_INTERACTION,
- PROP_PEER_CERTIFICATE,
- PROP_PEER_CERTIFICATE_ERRORS,
-#if GLIB_CHECK_VERSION(2, 60, 0)
- PROP_ADVERTISED_PROTOCOLS,
- PROP_NEGOTIATED_PROTOCOL,
-#endif
-};
+static gnutls_priority_t priority;
typedef struct
{
- /* When operating in stream mode, as a GTlsConnection. These are
- * mutually-exclusive with base_socket. There are two different
- * GIOStreams here: (a) base_io_stream and (b) the GTlsConnectionGnutls
- * itself. base_io_stream is the GIOStream used to create the GTlsConnection,
- * and corresponds to the GTlsConnection::base-io-stream property.
- * base_istream and base_ostream are the GInputStream and GOutputStream,
- * respectively, of base_io_stream. These are for the underlying sockets that
- * don't know about TLS.
- *
- * Then the GTlsConnectionGnutls also has tls_istream and tls_ostream which
- * wrap the aforementioned base streams with a TLS session.
- *
- * When operating in datagram mode, none of these are used.
- */
- GIOStream *base_io_stream;
- GPollableInputStream *base_istream;
- GPollableOutputStream *base_ostream;
- GInputStream *tls_istream;
- GOutputStream *tls_ostream;
-
- /* When operating in datagram mode, as a GDtlsConnection, the
- * GTlsConnectionGnutls is itself the DTLS GDatagramBased. It uses base_socket
- * for the underlying I/O. It is mutually-exclusive with base_io_stream and
- * the other streams.
- */
- GDatagramBased *base_socket;
-
gnutls_certificate_credentials_t creds;
gnutls_session_t session;
-
- GTlsCertificate *certificate, *peer_certificate;
- GTlsCertificateFlags peer_certificate_errors;
-
- GMutex verify_certificate_mutex;
- GCond verify_certificate_condition;
- gboolean peer_certificate_accepted;
- gboolean peer_certificate_examined;
-
- gboolean require_close_notify;
- GTlsRehandshakeMode rehandshake_mode;
- gboolean is_system_certdb;
- GTlsDatabase *database;
- gboolean database_is_unset;
-
- /* need_handshake means the next claim_op() will get diverted into
- * an implicit handshake (unless it's an OP_HANDSHAKE or OP_CLOSE*).
- * need_finish_handshake means the next claim_op() will get diverted
- * into finish_handshake() (unless it's an OP_CLOSE*).
- *
- * handshaking is TRUE as soon as a handshake thread is queued. For
- * a sync handshake it becomes FALSE after finish_handshake()
- * completes in the calling thread, but for an async implicit
- * handshake, it becomes FALSE (and need_finish_handshake becomes
- * TRUE) at the end of the handshaking thread (and then the next
- * non-close op will call finish_handshake()). We can't just wait
- * for handshake_thread_completed() to run, because it's possible
- * that its main loop is being blocked by a synchronous op which is
- * waiting for handshaking to become FALSE...
- *
- * started_handshake indicates that the current handshake attempt
- * got at least as far as calling gnutls_handshake() (and so any
- * error should be copied to handshake_error and returned on all
- * future operations). ever_handshaked indicates that TLS has
- * been successfully negotiated at some point.
- */
- gboolean need_handshake, need_finish_handshake, sync_handshake_completed;
- gboolean started_handshake, handshaking, ever_handshaked;
- GMainContext *handshake_context;
- GTask *implicit_handshake;
- GError *handshake_error;
- GByteArray *app_data_buf;
-
- /* read_closed means the read direction has closed; write_closed similarly.
- * If (and only if) both are set, the entire GTlsConnection is closed. */
- gboolean read_closing, read_closed;
- gboolean write_closing, write_closed;
-
- GTlsInteraction *interaction;
gchar *interaction_id;
-
-#if GLIB_CHECK_VERSION(2, 60, 0)
- gchar **advertised_protocols;
- gchar *negotiated_protocol;
-#endif
-
- GMutex op_mutex;
- GCancellable *waiting_for_op;
-
- gboolean reading;
- gint64 read_timeout;
- GError *read_error;
- GCancellable *read_cancellable;
-
- gboolean writing;
- gint64 write_timeout;
- GError *write_error;
- GCancellable *write_cancellable;
+ GCancellable *cancellable;
} GTlsConnectionGnutlsPrivate;
-G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION,
+G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION_BASE,
G_ADD_PRIVATE (GTlsConnectionGnutls);
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_tls_connection_gnutls_initable_iface_init);
- G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED,
- g_tls_connection_gnutls_datagram_based_iface_init);
- G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION,
- g_tls_connection_gnutls_dtls_connection_iface_init);
- g_tls_connection_gnutls_init_priorities ();
);
static gint unique_interaction_id = 0;
g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls)
{
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gint unique_id;
-
- gnutls_certificate_allocate_credentials (&priv->creds);
-
- g_mutex_init (&priv->verify_certificate_mutex);
- g_cond_init (&priv->verify_certificate_condition);
-
- priv->need_handshake = TRUE;
-
- priv->database_is_unset = TRUE;
- priv->is_system_certdb = TRUE;
+ int unique_id;
unique_id = g_atomic_int_add (&unique_interaction_id, 1);
priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
- priv->waiting_for_op = g_cancellable_new ();
- g_cancellable_cancel (priv->waiting_for_op);
- g_mutex_init (&priv->op_mutex);
+ priv->cancellable = g_cancellable_new ();
}
-/* First field is "fallback", second is "allow unsafe rehandshaking" */
-static gnutls_priority_t priorities[2][2];
-
-/* TODO: Get rid of this in favor of gnutls_set_default_priority_append()
- * when upgrading to GnuTLS 3.6.3.
- */
-#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT"
-
static void
-g_tls_connection_gnutls_init_priorities (void)
+g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
{
- const gchar *base_priority;
- gchar *fallback_priority, *unsafe_rehandshake_priority, *fallback_unsafe_rehandshake_priority;
- const guint *protos;
- int ret, i, nprotos, fallback_proto;
-
- base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY");
- if (!base_priority)
- base_priority = DEFAULT_BASE_PRIORITY;
- ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- g_warning ("G_TLS_GNUTLS_PRIORITY is invalid; ignoring!");
- base_priority = DEFAULT_BASE_PRIORITY;
- ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL);
- g_warn_if_fail (ret == 0);
- }
-
- unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", base_priority);
- ret = gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL);
- g_warn_if_fail (ret == 0);
- g_free (unsafe_rehandshake_priority);
+ GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ int ret;
- /* Figure out the lowest SSl/TLS version supported by base_priority */
- nprotos = gnutls_priority_protocol_list (priorities[FALSE][FALSE], &protos);
- fallback_proto = G_MAXUINT;
- for (i = 0; i < nprotos; i++)
- {
- if (protos[i] < fallback_proto)
- fallback_proto = protos[i];
- }
- if (fallback_proto == G_MAXUINT)
+ if (!priority)
{
- g_warning ("All GNUTLS protocol versions disabled?");
- fallback_priority = g_strdup (base_priority);
- }
- else
- {
- /* %COMPAT is intentionally duplicated here, to ensure it gets added for
- * the fallback even if the default priority has been changed. */
- fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s:%%FALLBACK_SCSV",
- DEFAULT_BASE_PRIORITY,
- gnutls_protocol_get_name (fallback_proto));
+ /* initialize_gnutls_priority() previously failed and printed a warning,
+ * so no need for further warnings here.
+ */
+ return;
}
- fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION",
- fallback_priority);
-
- ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL);
- g_warn_if_fail (ret == 0);
- ret = gnutls_priority_init (&priorities[TRUE][TRUE], fallback_unsafe_rehandshake_priority, NULL);
- g_warn_if_fail (ret == 0);
- g_free (fallback_priority);
- g_free (fallback_unsafe_rehandshake_priority);
+
+ ret = gnutls_priority_set (priv->session, priority);
+ if (ret != GNUTLS_E_SUCCESS)
+ g_warning ("Failed to set GnuTLS session priority: %s", gnutls_strerror (ret));
}
static void
-g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
+update_credentials_cb (GObject *gobject,
+ GParamSpec *pspec,
+ gpointer user_data)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (gobject);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gboolean fallback, unsafe_rehandshake;
+ GTlsConnectionGnutlsClass *connection_class = G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls);
+ gnutls_certificate_credentials_t credentials;
+ GTlsDatabase *database;
+ GError *error = NULL;
+ int ret;
- if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
+ database = g_tls_connection_get_database (G_TLS_CONNECTION (gnutls));
+ if (database && G_IS_TLS_DATABASE_GNUTLS (database))
{
-#if defined(__GNUC__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
- fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls));
-#if defined(__GNUC__)
-#pragma GCC diagnostic pop
-#endif
+ credentials = g_tls_database_gnutls_get_credentials (G_TLS_DATABASE_GNUTLS (database), &error);
+ if (!credentials)
+ {
+ g_warning ("Failed to update credentials: %s", error->message);
+ g_error_free (error);
+ return;
+ }
}
else
- fallback = FALSE;
- unsafe_rehandshake = (priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
- gnutls_priority_set (priv->session,
- priorities[fallback][unsafe_rehandshake]);
-}
+ {
+ ret = gnutls_certificate_allocate_credentials (&credentials);
+ if (ret != 0)
+ {
+ g_warning ("Failed to update credentials: %s", gnutls_strerror (ret));
+ return;
+ }
+ }
-static gboolean
-g_tls_connection_gnutls_is_dtls (GTlsConnectionGnutls *gnutls)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ ret = gnutls_credentials_set (priv->session, GNUTLS_CRD_CERTIFICATE, credentials);
+ if (ret != 0)
+ {
+ g_warning ("Failed to update credentials: %s", gnutls_strerror (ret));
+ gnutls_certificate_free_credentials (credentials);
+ return;
+ }
- return (priv->base_socket != NULL);
+ gnutls_certificate_free_credentials (priv->creds);
+ priv->creds = credentials;
+
+ g_assert (connection_class->update_credentials);
+ connection_class->update_credentials (gnutls, credentials);
}
static gboolean
{
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsDatabase *database;
+ GIOStream *base_io_stream = NULL;
+ GDatagramBased *base_socket = NULL;
gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER;
- int status;
+ GError *my_error = NULL;
+ gboolean success = FALSE;
+ int ret;
- g_return_val_if_fail ((priv->base_istream == NULL) ==
- (priv->base_ostream == NULL), FALSE);
- g_return_val_if_fail ((priv->base_socket == NULL) !=
- (priv->base_istream == NULL), FALSE);
+ g_object_get (gnutls,
+ "base-io-stream", &base_io_stream,
+ "base-socket", &base_socket,
+ NULL);
- /* Check whether to use DTLS or TLS. */
- if (g_tls_connection_gnutls_is_dtls (gnutls))
+ /* Ensure we are in TLS mode or DTLS mode. */
+ g_return_val_if_fail (!!base_io_stream != !!base_socket, FALSE);
+
+ if (base_socket)
flags |= GNUTLS_DATAGRAM;
+ database = g_tls_connection_get_database (G_TLS_CONNECTION (gnutls));
+ if (database && G_IS_TLS_DATABASE_GNUTLS (database))
+ {
+ priv->creds = g_tls_database_gnutls_get_credentials (G_TLS_DATABASE_GNUTLS (database), &my_error);
+ if (!priv->creds)
+ {
+ g_propagate_prefixed_error (error, my_error, _("Could not create TLS connection:"));
+ goto out;
+ }
+ }
+ else
+ {
+ ret = gnutls_certificate_allocate_credentials (&priv->creds);
+ if (ret != 0)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS connection: %s"),
+ gnutls_strerror (ret));
+ goto out;
+ }
+ }
+
+ g_signal_connect (gnutls, "notify::database", G_CALLBACK (update_credentials_cb), NULL);
+ g_signal_connect (gnutls, "notify::use-system-certdb", G_CALLBACK (update_credentials_cb), NULL);
+
gnutls_init (&priv->session, flags);
gnutls_session_set_ptr (priv->session, gnutls);
gnutls_session_set_verify_function (priv->session, verify_certificate_cb);
- status = gnutls_credentials_set (priv->session,
- GNUTLS_CRD_CERTIFICATE,
- priv->creds);
- if (status != 0)
+ ret = gnutls_credentials_set (priv->session,
+ GNUTLS_CRD_CERTIFICATE,
+ priv->creds);
+ if (ret != 0)
{
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS connection: %s"),
- gnutls_strerror (status));
- return FALSE;
+ gnutls_strerror (ret));
+ goto out;
}
gnutls_transport_set_push_function (priv->session,
gnutls_transport_set_ptr (priv->session, gnutls);
/* GDatagramBased supports vectored I/O; GPollableOutputStream does not. */
- if (priv->base_socket != NULL)
+ if (base_socket)
{
gnutls_transport_set_vec_push_function (priv->session,
g_tls_connection_gnutls_vec_push_func);
if (flags & GNUTLS_DATAGRAM)
gnutls_dtls_set_mtu (priv->session, 1400);
- /* Create output streams if operating in streaming mode. */
- if (!(flags & GNUTLS_DATAGRAM))
- {
- priv->tls_istream = g_tls_input_stream_gnutls_new (gnutls);
- priv->tls_ostream = g_tls_output_stream_gnutls_new (gnutls);
- }
+ success = TRUE;
- return TRUE;
+out:
+ g_clear_object (&base_io_stream);
+ g_clear_object (&base_socket);
+
+ return success;
}
static void
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- g_clear_object (&priv->base_io_stream);
- g_clear_object (&priv->base_socket);
-
- g_clear_object (&priv->tls_istream);
- g_clear_object (&priv->tls_ostream);
-
if (priv->session)
gnutls_deinit (priv->session);
if (priv->creds)
gnutls_certificate_free_credentials (priv->creds);
- g_clear_object (&priv->database);
- g_clear_object (&priv->certificate);
- g_clear_object (&priv->peer_certificate);
-
- g_mutex_clear (&priv->verify_certificate_mutex);
- g_cond_clear (&priv->verify_certificate_condition);
-
- g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
-
- g_free (priv->interaction_id);
- g_clear_object (&priv->interaction);
-
-#if GLIB_CHECK_VERSION(2, 60, 0)
- g_clear_pointer (&priv->advertised_protocols, g_strfreev);
- g_clear_pointer (&priv->negotiated_protocol, g_free);
-#endif
-
- g_clear_error (&priv->handshake_error);
- g_clear_error (&priv->read_error);
- g_clear_error (&priv->write_error);
-
- g_clear_pointer (&priv->handshake_context, g_main_context_unref);
-
- /* This must always be NULL here, as it holds a reference to @gnutls as
- * its source object. However, we clear it anyway just in case this changes
- * in future. */
- g_clear_object (&priv->implicit_handshake);
-
- g_clear_object (&priv->read_cancellable);
- g_clear_object (&priv->write_cancellable);
-
- g_clear_object (&priv->waiting_for_op);
- g_mutex_clear (&priv->op_mutex);
-
- G_OBJECT_CLASS (g_tls_connection_gnutls_parent_class)->finalize (object);
-}
-
-static void
-g_tls_connection_gnutls_get_property (GObject *object,
- guint prop_id,
- GValue *value,
- GParamSpec *pspec)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GTlsBackend *backend;
-
- switch (prop_id)
+ if (priv->cancellable)
{
- case PROP_BASE_IO_STREAM:
- g_value_set_object (value, priv->base_io_stream);
- break;
-
- case PROP_BASE_SOCKET:
- g_value_set_object (value, priv->base_socket);
- break;
-
- case PROP_REQUIRE_CLOSE_NOTIFY:
- g_value_set_boolean (value, priv->require_close_notify);
- break;
-
- case PROP_REHANDSHAKE_MODE:
- g_value_set_enum (value, priv->rehandshake_mode);
- break;
-
- case PROP_USE_SYSTEM_CERTDB:
- g_value_set_boolean (value, priv->is_system_certdb);
- break;
-
- case PROP_DATABASE:
- if (priv->database_is_unset)
- {
- backend = g_tls_backend_get_default ();
- priv->database = g_tls_backend_get_default_database (backend);
- priv->database_is_unset = FALSE;
- }
- g_value_set_object (value, priv->database);
- break;
-
- case PROP_CERTIFICATE:
- g_value_set_object (value, priv->certificate);
- break;
-
- case PROP_INTERACTION:
- g_value_set_object (value, priv->interaction);
- break;
-
- case PROP_PEER_CERTIFICATE:
- g_value_set_object (value, priv->peer_certificate);
- break;
-
- case PROP_PEER_CERTIFICATE_ERRORS:
- g_value_set_flags (value, priv->peer_certificate_errors);
- break;
-
-#if GLIB_CHECK_VERSION(2, 60, 0)
- case PROP_ADVERTISED_PROTOCOLS:
- g_value_set_boxed (value, priv->advertised_protocols);
- break;
-
- case PROP_NEGOTIATED_PROTOCOL:
- g_value_set_string (value, priv->negotiated_protocol);
- break;
-#endif
-
- default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ g_cancellable_cancel (priv->cancellable);
+ g_clear_object (&priv->cancellable);
}
-}
-
-static void
-g_tls_connection_gnutls_set_property (GObject *object,
- guint prop_id,
- const GValue *value,
- GParamSpec *pspec)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GInputStream *istream;
- GOutputStream *ostream;
- gboolean system_certdb;
- GTlsBackend *backend;
-
- switch (prop_id)
- {
- case PROP_BASE_IO_STREAM:
- g_assert (g_value_get_object (value) == NULL ||
- priv->base_socket == NULL);
-
- if (priv->base_io_stream)
- {
- g_object_unref (priv->base_io_stream);
- priv->base_istream = NULL;
- priv->base_ostream = NULL;
- }
- priv->base_io_stream = g_value_dup_object (value);
- if (!priv->base_io_stream)
- return;
-
- istream = g_io_stream_get_input_stream (priv->base_io_stream);
- ostream = g_io_stream_get_output_stream (priv->base_io_stream);
-
- if (G_IS_POLLABLE_INPUT_STREAM (istream) &&
- g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
- priv->base_istream = G_POLLABLE_INPUT_STREAM (istream);
- if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) &&
- g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
- priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
- break;
-
- case PROP_BASE_SOCKET:
- g_assert (g_value_get_object (value) == NULL ||
- priv->base_io_stream == NULL);
-
- g_clear_object (&priv->base_socket);
- priv->base_socket = g_value_dup_object (value);
- break;
-
- case PROP_REQUIRE_CLOSE_NOTIFY:
- priv->require_close_notify = g_value_get_boolean (value);
- break;
-
- case PROP_REHANDSHAKE_MODE:
- priv->rehandshake_mode = g_value_get_enum (value);
- break;
-
- case PROP_USE_SYSTEM_CERTDB:
- system_certdb = g_value_get_boolean (value);
- if (system_certdb != priv->is_system_certdb)
- {
- g_clear_object (&priv->database);
- if (system_certdb)
- {
- backend = g_tls_backend_get_default ();
- priv->database = g_tls_backend_get_default_database (backend);
- }
- priv->is_system_certdb = system_certdb;
- priv->database_is_unset = FALSE;
- }
- break;
-
- case PROP_DATABASE:
- g_clear_object (&priv->database);
- priv->database = g_value_dup_object (value);
- priv->is_system_certdb = FALSE;
- priv->database_is_unset = FALSE;
- break;
-
- case PROP_CERTIFICATE:
- if (priv->certificate)
- g_object_unref (priv->certificate);
- priv->certificate = g_value_dup_object (value);
- break;
-
- case PROP_INTERACTION:
- g_clear_object (&priv->interaction);
- priv->interaction = g_value_dup_object (value);
- break;
-#if GLIB_CHECK_VERSION(2, 60, 0)
- case PROP_ADVERTISED_PROTOCOLS:
- g_clear_pointer (&priv->advertised_protocols, g_strfreev);
- priv->advertised_protocols = g_value_dup_boxed (value);
- break;
-#endif
+ g_free (priv->interaction_id);
- default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
- }
+ G_OBJECT_CLASS (g_tls_connection_gnutls_parent_class)->finalize (object);
}
gnutls_certificate_credentials_t
return priv->session;
}
+static int
+on_pin_request (void *userdata,
+ int attempt,
+ const char *token_url,
+ const char *token_label,
+ unsigned int callback_flags,
+ char *pin,
+ size_t pin_max)
+{
+ GTlsConnection *connection = G_TLS_CONNECTION (userdata);
+ GTlsInteraction *interaction = g_tls_connection_get_interaction (connection);
+ GTlsPassword *password;
+ GTlsPasswordFlags password_flags = 0;
+ gchar *description;
+ int ret = -1;
+
+ if (!interaction)
+ return -1;
+
+ if (callback_flags & GNUTLS_PIN_WRONG)
+ password_flags |= G_TLS_PASSWORD_RETRY;
+ if (callback_flags & GNUTLS_PIN_COUNT_LOW)
+ password_flags |= G_TLS_PASSWORD_MANY_TRIES;
+ if (callback_flags & GNUTLS_PIN_FINAL_TRY || attempt > 5) /* Give up at some point */
+ password_flags |= G_TLS_PASSWORD_FINAL_TRY;
+
+ if (callback_flags & GNUTLS_PIN_USER)
+ password_flags |= G_TLS_PASSWORD_PKCS11_USER;
+ if (callback_flags & GNUTLS_PIN_SO)
+ password_flags |= G_TLS_PASSWORD_PKCS11_SECURITY_OFFICER;
+ if (callback_flags & GNUTLS_PIN_CONTEXT_SPECIFIC)
+ password_flags |= G_TLS_PASSWORD_PKCS11_CONTEXT_SPECIFIC;
+
+ description = g_strdup_printf (" %s (%s)", token_label, token_url);
+ password = g_tls_password_new (password_flags, description);
+ if (g_tls_connection_base_handshake_thread_ask_password (G_TLS_CONNECTION_BASE (connection), password))
+ {
+ gsize password_size;
+ const guchar *password_data = g_tls_password_get_value (password, &password_size);
+ if (password_size > pin_max - 1)
+ g_info ("PIN is larger than max PIN size");
+
+ /* Ensure NUL-termination */
+ memset (pin, 0, pin_max);
+ memcpy (pin, password_data, MIN (password_size, pin_max - 1));
+
+ ret = GNUTLS_E_SUCCESS;
+ }
+
+ g_free (description);
+ g_object_unref (password);
+ return ret;
+}
+
void
-g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
- gnutls_pcert_st **pcert,
- unsigned int *pcert_length,
- gnutls_privkey_t *pkey)
+g_tls_connection_gnutls_handshake_thread_get_certificate (GTlsConnectionGnutls *gnutls,
+ gnutls_pcert_st **pcert,
+ unsigned int *pcert_length,
+ gnutls_privkey_t *pkey)
{
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
GTlsCertificate *cert;
if (cert)
{
+ /* Send along a pre-initialized privkey so we can handle the callback here. */
+ gnutls_privkey_t privkey;
+ gnutls_privkey_init (&privkey);
+ gnutls_privkey_set_pin_function (privkey, on_pin_request, gnutls);
+
g_tls_certificate_gnutls_copy (G_TLS_CERTIFICATE_GNUTLS (cert),
priv->interaction_id,
- pcert, pcert_length, pkey);
+ pcert, pcert_length, &privkey);
+ *pkey = privkey;
}
else
{
}
}
-typedef enum {
- G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE,
- G_TLS_CONNECTION_GNUTLS_OP_READ,
- G_TLS_CONNECTION_GNUTLS_OP_WRITE,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE,
- G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH,
-} GTlsConnectionGnutlsOp;
-
-static gboolean
-claim_op (GTlsConnectionGnutls *gnutls,
- GTlsConnectionGnutlsOp op,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+static GTlsConnectionBaseStatus
+end_gnutls_io (GTlsConnectionGnutls *gnutls,
+ GIOCondition direction,
+ int ret,
+ GError **error,
+ const char *err_prefix)
{
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (gnutls);
+ GTlsConnectionBaseStatus status;
+ gboolean handshaking;
+ gboolean ever_handshaked;
+ GError *my_error = NULL;
- try_again:
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return FALSE;
-
- g_mutex_lock (&priv->op_mutex);
+ /* We intentionally do not check for GNUTLS_E_INTERRUPTED here
+ * Instead, the caller may poll for the source to become ready again.
+ * (Note that GTlsOutputStreamGnutls and GTlsInputStreamGnutls inherit
+ * from GPollableOutputStream and GPollableInputStream, respectively.)
+ * See also the comment in set_gnutls_error().
+ */
+ if (ret == GNUTLS_E_AGAIN ||
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ return G_TLS_CONNECTION_BASE_TRY_AGAIN;
- if (((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
- op == G_TLS_CONNECTION_GNUTLS_OP_READ) &&
- (priv->read_closing || priv->read_closed)) ||
- ((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
- op == G_TLS_CONNECTION_GNUTLS_OP_WRITE) &&
- (priv->write_closing || priv->write_closed)))
+ status = g_tls_connection_base_pop_io (tls, direction, ret >= 0, &my_error);
+ if (status == G_TLS_CONNECTION_BASE_OK ||
+ status == G_TLS_CONNECTION_BASE_WOULD_BLOCK ||
+ status == G_TLS_CONNECTION_BASE_TIMED_OUT)
{
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- g_mutex_unlock (&priv->op_mutex);
- return FALSE;
+ if (my_error)
+ g_propagate_error (error, my_error);
+ return status;
}
- if (priv->handshake_error &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
- {
- if (error)
- *error = g_error_copy (priv->handshake_error);
- g_mutex_unlock (&priv->op_mutex);
- return FALSE;
- }
+ g_assert (status == G_TLS_CONNECTION_BASE_ERROR);
+
+ handshaking = g_tls_connection_base_is_handshaking (tls);
+ ever_handshaked = g_tls_connection_base_ever_handshaked (tls);
- if (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
+ if (handshaking && !ever_handshaked)
{
- if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
- priv->need_handshake)
+ if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
+ g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
{
- priv->need_handshake = FALSE;
- priv->handshaking = TRUE;
- if (!do_implicit_handshake (gnutls, timeout, cancellable, error))
- {
- g_mutex_unlock (&priv->op_mutex);
- return FALSE;
- }
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+ _("Peer failed to perform TLS handshake: %s"), my_error->message);
+ g_clear_error (&my_error);
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- if (priv->need_finish_handshake &&
- priv->implicit_handshake)
+ if (ret == GNUTLS_E_UNEXPECTED_PACKET_LENGTH ||
+ ret == GNUTLS_E_DECRYPTION_FAILED ||
+ ret == GNUTLS_E_UNSUPPORTED_VERSION_PACKET)
{
- GError *my_error = NULL;
- gboolean success;
-
- priv->need_finish_handshake = FALSE;
-
- g_mutex_unlock (&priv->op_mutex);
- success = finish_handshake (gnutls, priv->implicit_handshake, &my_error);
- g_clear_object (&priv->implicit_handshake);
- g_clear_pointer (&priv->handshake_context, g_main_context_unref);
- g_mutex_lock (&priv->op_mutex);
-
- if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
- op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
- (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
- {
- g_propagate_error (error, my_error);
- g_mutex_unlock (&priv->op_mutex);
- return FALSE;
- }
-
g_clear_error (&my_error);
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+ _("Peer failed to perform TLS handshake: %s"), gnutls_strerror (ret));
+ return G_TLS_CONNECTION_BASE_ERROR;
}
}
- if (priv->handshaking &&
- timeout != 0 &&
- g_main_context_is_owner (priv->handshake_context))
- {
- /* Cannot perform a blocking operation during a handshake on the
- * same thread that triggered the handshake. The only way this can
- * occur is if the application is doing something weird in its
- * accept-certificate callback. Allowing a blocking op would stall
- * the handshake (forever, if there's no timeout). Even a close
- * op would deadlock here.
- */
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _("Cannot perform blocking operation during TLS handshake"));
- g_mutex_unlock (&priv->op_mutex);
- return FALSE;
- }
+ if (ret == GNUTLS_E_REHANDSHAKE)
+ return G_TLS_CONNECTION_BASE_REHANDSHAKE;
- if ((op != G_TLS_CONNECTION_GNUTLS_OP_WRITE && priv->reading) ||
- (op != G_TLS_CONNECTION_GNUTLS_OP_READ && priv->writing) ||
- (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE && priv->handshaking))
+ if (ret == GNUTLS_E_PREMATURE_TERMINATION)
{
- GPollFD fds[2];
- int nfds;
- gint64 start_time;
- gint result = 1; /* if the loop is never entered, it’s as if we cancelled early */
-
- g_cancellable_reset (priv->waiting_for_op);
-
- g_mutex_unlock (&priv->op_mutex);
-
- if (timeout == 0)
- {
- /* Intentionally not translated because this is not a fatal error to be
- * presented to the user, and to avoid this showing up in profiling. */
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, "Operation would block");
- return FALSE;
- }
-
- g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
- if (g_cancellable_make_pollfd (cancellable, &fds[1]))
- nfds = 2;
- else
- nfds = 1;
-
- /* Convert from microseconds to milliseconds. */
- if (timeout != -1)
- timeout = timeout / 1000;
-
- /* Poll until cancellation or the timeout is reached. */
- start_time = g_get_monotonic_time ();
-
- while (!g_cancellable_is_cancelled (priv->waiting_for_op) &&
- !g_cancellable_is_cancelled (cancellable))
+ if (handshaking && !ever_handshaked)
{
- result = g_poll (fds, nfds, timeout);
-
- if (result == 0)
- break;
- if (result != -1 || errno != EINTR)
- continue;
-
- if (timeout != -1)
- {
- timeout -= (g_get_monotonic_time () - start_time) / 1000;
- if (timeout < 0)
- timeout = 0;
- }
+ g_clear_error (&my_error);
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+ _("Peer failed to perform TLS handshake: %s"), gnutls_strerror (ret));
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- if (nfds > 1)
- g_cancellable_release_fd (cancellable);
-
- if (result == 0)
+ if (g_tls_connection_get_require_close_notify (G_TLS_CONNECTION (gnutls)))
{
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
- _("Socket I/O timed out"));
- return FALSE;
+ g_clear_error (&my_error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF,
+ _("TLS connection closed unexpectedly"));
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- goto try_again;
+ return G_TLS_CONNECTION_BASE_OK;
}
- if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND
+#ifdef GNUTLS_E_CERTIFICATE_REQUIRED
+ || ret == GNUTLS_E_CERTIFICATE_REQUIRED /* Added in GnuTLS 3.6.7 */
+#endif
+ )
{
- priv->handshaking = TRUE;
- priv->need_handshake = FALSE;
+ g_clear_error (&my_error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
+ _("TLS connection peer did not send a certificate"));
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
- priv->read_closing = TRUE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
- priv->write_closing = TRUE;
-
- if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
- priv->reading = TRUE;
- if (op != G_TLS_CONNECTION_GNUTLS_OP_READ)
- priv->writing = TRUE;
-
- g_mutex_unlock (&priv->op_mutex);
- return TRUE;
-}
-
-static void
-yield_op (GTlsConnectionGnutls *gnutls,
- GTlsConnectionGnutlsOp op)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- g_mutex_lock (&priv->op_mutex);
-
- if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
- priv->handshaking = FALSE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
- priv->read_closing = FALSE;
- if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
- op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
- priv->write_closing = FALSE;
-
- if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
- priv->reading = FALSE;
- if (op != G_TLS_CONNECTION_GNUTLS_OP_READ)
- priv->writing = FALSE;
-
- g_cancellable_cancel (priv->waiting_for_op);
- g_mutex_unlock (&priv->op_mutex);
-}
-
-static void
-begin_gnutls_io (GTlsConnectionGnutls *gnutls,
- GIOCondition direction,
- gint64 timeout,
- GCancellable *cancellable)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- g_assert (direction & (G_IO_IN | G_IO_OUT));
- if (direction & G_IO_IN)
+ if (ret == GNUTLS_E_CERTIFICATE_ERROR)
{
- priv->read_timeout = timeout;
- priv->read_cancellable = cancellable;
- g_clear_error (&priv->read_error);
+ g_clear_error (&my_error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Unacceptable TLS certificate"));
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- if (direction & G_IO_OUT)
- {
- priv->write_timeout = timeout;
- priv->write_cancellable = cancellable;
- g_clear_error (&priv->write_error);
- }
-}
-
-static int
-end_gnutls_io (GTlsConnectionGnutls *gnutls,
- GIOCondition direction,
- int status,
- GError **error,
- const char *err_prefix);
-
-static int
-end_gnutls_io (GTlsConnectionGnutls *gnutls,
- GIOCondition direction,
- int status,
- GError **error,
- const char *err_prefix)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GError *my_error = NULL;
-
- g_assert (direction & (G_IO_IN | G_IO_OUT));
- g_assert (!error || !*error);
-
- /* We intentionally do not check for GNUTLS_E_INTERRUPTED here
- * Instead, the caller may poll for the source to become ready again.
- * (Note that GTlsOutputStreamGnutls and GTlsInputStreamGnutls inherit
- * from GPollableOutputStream and GPollableInputStream, respectively.)
- * See also the comment in set_gnutls_error().
- */
- if (status == GNUTLS_E_AGAIN ||
- status == GNUTLS_E_WARNING_ALERT_RECEIVED)
- return GNUTLS_E_AGAIN;
-
- if (direction & G_IO_IN)
- {
- priv->read_cancellable = NULL;
- if (status < 0)
- {
- my_error = priv->read_error;
- priv->read_error = NULL;
- }
- else
- g_clear_error (&priv->read_error);
- }
- if (direction & G_IO_OUT)
- {
- priv->write_cancellable = NULL;
- if (status < 0 && !my_error)
- {
- my_error = priv->write_error;
- priv->write_error = NULL;
- }
- else
- g_clear_error (&priv->write_error);
- }
-
- if (status >= 0)
- return status;
-
- if (priv->handshaking && !priv->ever_handshaked)
- {
- if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
- g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
- status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH ||
- status == GNUTLS_E_DECRYPTION_FAILED ||
- status == GNUTLS_E_UNSUPPORTED_VERSION_PACKET)
- {
- g_clear_error (&my_error);
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
- _("Peer failed to perform TLS handshake"));
- return GNUTLS_E_PULL_ERROR;
- }
- }
-
- if (my_error)
- {
- if (!g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) &&
- !g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
- G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
- g_propagate_error (error, my_error);
- return status;
- }
- else if (status == GNUTLS_E_REHANDSHAKE)
- {
- if (priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
- {
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
- _("Peer requested illegal TLS rehandshake"));
- return GNUTLS_E_PULL_ERROR;
- }
-
- g_mutex_lock (&priv->op_mutex);
- if (!priv->handshaking)
- priv->need_handshake = TRUE;
- g_mutex_unlock (&priv->op_mutex);
- return status;
- }
- else if (status == GNUTLS_E_PREMATURE_TERMINATION)
- {
- if (priv->handshaking && !priv->ever_handshaked)
- {
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
- _("Peer failed to perform TLS handshake"));
- return GNUTLS_E_PULL_ERROR;
- }
- else if (priv->require_close_notify)
- {
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF,
- _("TLS connection closed unexpectedly"));
- G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
- return status;
- }
- else
- return 0;
- }
- else if (status == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
- _("TLS connection peer did not send a certificate"));
- return status;
- }
- else if (status == GNUTLS_E_CERTIFICATE_ERROR)
- {
- g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Unacceptable TLS certificate"));
- return status;
- }
- else if (status == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
{
+ g_clear_error (&my_error);
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Peer sent fatal TLS alert: %s"),
gnutls_alert_get_name (gnutls_alert_get (priv->session)));
- return status;
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- else if (status == GNUTLS_E_INAPPROPRIATE_FALLBACK)
+
+ if (ret == GNUTLS_E_INAPPROPRIATE_FALLBACK)
{
+ g_clear_error (&my_error);
g_set_error_literal (error, G_TLS_ERROR,
-#if GLIB_CHECK_VERSION(2, 60, 0)
G_TLS_ERROR_INAPPROPRIATE_FALLBACK,
-#else
- G_TLS_ERROR_MISC,
-#endif
_("Protocol version downgrade attack detected"));
- return status;
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- else if (status == GNUTLS_E_LARGE_PACKET)
+
+ if (ret == GNUTLS_E_LARGE_PACKET)
{
guint mtu = gnutls_dtls_get_data_mtu (priv->session);
+ g_clear_error (&my_error);
g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE,
ngettext ("Message is too large for DTLS connection; maximum is %u byte",
"Message is too large for DTLS connection; maximum is %u bytes", mtu), mtu);
- return status;
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- else if (status == GNUTLS_E_TIMEDOUT)
+
+ if (ret == GNUTLS_E_TIMEDOUT)
{
+ g_clear_error (&my_error);
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
_("The operation timed out"));
- return status;
+ return G_TLS_CONNECTION_BASE_ERROR;
}
- if (error)
+ if (error && my_error)
+ g_propagate_error (error, my_error);
+
+ if (error && !*error)
{
*error = g_error_new (G_TLS_ERROR, G_TLS_ERROR_MISC, "%s: %s",
- err_prefix, gnutls_strerror (status));
+ err_prefix, gnutls_strerror (ret));
}
- return status;
+
+ return G_TLS_CONNECTION_BASE_ERROR;
}
#define BEGIN_GNUTLS_IO(gnutls, direction, timeout, cancellable) \
- begin_gnutls_io (gnutls, direction, timeout, cancellable); \
+ g_tls_connection_base_push_io (G_TLS_CONNECTION_BASE (gnutls), \
+ direction, timeout, cancellable); \
do {
-#define END_GNUTLS_IO(gnutls, direction, ret, errmsg, err) \
- } while ((ret = end_gnutls_io (gnutls, direction, ret, err, errmsg)) == GNUTLS_E_AGAIN);
-
-/* Checks whether the underlying base stream or GDatagramBased meets
- * @condition. */
-static gboolean
-g_tls_connection_gnutls_base_check (GTlsConnectionGnutls *gnutls,
- GIOCondition condition)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- if (g_tls_connection_gnutls_is_dtls (gnutls))
- return g_datagram_based_condition_check (priv->base_socket,
- condition);
- else if (condition & G_IO_IN)
- return g_pollable_input_stream_is_readable (priv->base_istream);
- else if (condition & G_IO_OUT)
- return g_pollable_output_stream_is_writable (priv->base_ostream);
- else
- g_assert_not_reached ();
-}
-
-/* Checks whether the (D)TLS stream meets @condition; not the underlying base
- * stream or GDatagramBased. */
-gboolean
-g_tls_connection_gnutls_check (GTlsConnectionGnutls *gnutls,
- GIOCondition condition)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- /* Racy, but worst case is that we just get WOULD_BLOCK back */
- if (priv->need_finish_handshake)
- return TRUE;
-
- /* If a handshake or close is in progress, then tls_istream and
- * tls_ostream are blocked, regardless of the base stream status.
- */
- if (priv->handshaking)
- return FALSE;
-
- if (((condition & G_IO_IN) && priv->read_closing) ||
- ((condition & G_IO_OUT) && priv->write_closing))
- return FALSE;
-
- /* Defer to the base stream or GDatagramBased. */
- return g_tls_connection_gnutls_base_check (gnutls, condition);
-}
-
-typedef struct {
- GSource source;
-
- GTlsConnectionGnutls *gnutls;
- /* Either a GDatagramBased (datagram mode), or a GPollableInputStream or
- * GPollableOutputStream (streaming mode):
- */
- GObject *base;
-
- GSource *child_source;
- GIOCondition condition;
-
- gboolean io_waiting;
- gboolean op_waiting;
-} GTlsConnectionGnutlsSource;
-
-static gboolean
-gnutls_source_prepare (GSource *source,
- gint *timeout)
-{
- *timeout = -1;
- return FALSE;
-}
-
-static gboolean
-gnutls_source_check (GSource *source)
-{
- return FALSE;
-}
-
-/* Use a custom dummy callback instead of g_source_set_dummy_callback(), as that
- * uses a GClosure and is slow. (The GClosure is necessary to deal with any
- * function prototype.) */
-static gboolean
-dummy_callback (gpointer data)
-{
- return G_SOURCE_CONTINUE;
-}
-
-static void
-gnutls_source_sync (GTlsConnectionGnutlsSource *gnutls_source)
-{
- GTlsConnectionGnutls *gnutls = gnutls_source->gnutls;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gboolean io_waiting, op_waiting;
-
- /* Was the source destroyed earlier in this main context iteration? */
- if (g_source_is_destroyed ((GSource *)gnutls_source))
- return;
-
- g_mutex_lock (&priv->op_mutex);
- if (((gnutls_source->condition & G_IO_IN) && priv->reading) ||
- ((gnutls_source->condition & G_IO_OUT) && priv->writing) ||
- (priv->handshaking && !priv->need_finish_handshake))
- op_waiting = TRUE;
- else
- op_waiting = FALSE;
-
- if (!op_waiting && !priv->need_handshake &&
- !priv->need_finish_handshake)
- io_waiting = TRUE;
- else
- io_waiting = FALSE;
- g_mutex_unlock (&priv->op_mutex);
-
- if (op_waiting == gnutls_source->op_waiting &&
- io_waiting == gnutls_source->io_waiting)
- return;
- gnutls_source->op_waiting = op_waiting;
- gnutls_source->io_waiting = io_waiting;
-
- if (gnutls_source->child_source)
- {
- g_source_remove_child_source ((GSource *)gnutls_source,
- gnutls_source->child_source);
- g_source_unref (gnutls_source->child_source);
- }
-
- if (op_waiting)
- gnutls_source->child_source = g_cancellable_source_new (priv->waiting_for_op);
- else if (io_waiting && G_IS_DATAGRAM_BASED (gnutls_source->base))
- gnutls_source->child_source = g_datagram_based_create_source (priv->base_socket, gnutls_source->condition, NULL);
- else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (gnutls_source->base))
- gnutls_source->child_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
- else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (gnutls_source->base))
- gnutls_source->child_source = g_pollable_output_stream_create_source (priv->base_ostream, NULL);
- else
- gnutls_source->child_source = g_timeout_source_new (0);
-
- g_source_set_callback (gnutls_source->child_source, dummy_callback, NULL, NULL);
- g_source_add_child_source ((GSource *)gnutls_source, gnutls_source->child_source);
-}
-
-static gboolean
-gnutls_source_dispatch (GSource *source,
- GSourceFunc callback,
- gpointer user_data)
-{
- GDatagramBasedSourceFunc datagram_based_func = (GDatagramBasedSourceFunc)callback;
- GPollableSourceFunc pollable_func = (GPollableSourceFunc)callback;
- GTlsConnectionGnutlsSource *gnutls_source = (GTlsConnectionGnutlsSource *)source;
- gboolean ret;
-
- if (G_IS_DATAGRAM_BASED (gnutls_source->base))
- ret = (*datagram_based_func) (G_DATAGRAM_BASED (gnutls_source->base),
- gnutls_source->condition, user_data);
- else
- ret = (*pollable_func) (gnutls_source->base, user_data);
-
- if (ret)
- gnutls_source_sync (gnutls_source);
-
- return ret;
-}
-
-static void
-gnutls_source_finalize (GSource *source)
-{
- GTlsConnectionGnutlsSource *gnutls_source = (GTlsConnectionGnutlsSource *)source;
-
- g_object_unref (gnutls_source->gnutls);
- g_source_unref (gnutls_source->child_source);
-}
-
-static gboolean
-g_tls_connection_gnutls_source_closure_callback (GObject *stream,
- gpointer data)
-{
- GClosure *closure = data;
-
- GValue param = { 0, };
- GValue result_value = { 0, };
- gboolean result;
-
- g_value_init (&result_value, G_TYPE_BOOLEAN);
-
- g_value_init (¶m, G_TYPE_OBJECT);
- g_value_set_object (¶m, stream);
-
- g_closure_invoke (closure, &result_value, 1, ¶m, NULL);
-
- result = g_value_get_boolean (&result_value);
- g_value_unset (&result_value);
- g_value_unset (¶m);
-
- return result;
-}
-
-static gboolean
-g_tls_connection_gnutls_source_dtls_closure_callback (GObject *stream,
- GIOCondition condition,
- gpointer data)
-{
- GClosure *closure = data;
-
- GValue param[2] = { G_VALUE_INIT, G_VALUE_INIT };
- GValue result_value = G_VALUE_INIT;
- gboolean result;
-
- g_value_init (&result_value, G_TYPE_BOOLEAN);
-
- g_value_init (¶m[0], G_TYPE_DATAGRAM_BASED);
- g_value_set_object (¶m[0], stream);
- g_value_init (¶m[1], G_TYPE_IO_CONDITION);
- g_value_set_flags (¶m[1], condition);
-
- g_closure_invoke (closure, &result_value, 2, param, NULL);
-
- result = g_value_get_boolean (&result_value);
- g_value_unset (&result_value);
- g_value_unset (¶m[0]);
- g_value_unset (¶m[1]);
-
- return result;
-}
-
-static GSourceFuncs gnutls_tls_source_funcs =
-{
- gnutls_source_prepare,
- gnutls_source_check,
- gnutls_source_dispatch,
- gnutls_source_finalize,
- (GSourceFunc)g_tls_connection_gnutls_source_closure_callback,
- (GSourceDummyMarshal)g_cclosure_marshal_generic
-};
-
-static GSourceFuncs gnutls_dtls_source_funcs =
-{
- gnutls_source_prepare,
- gnutls_source_check,
- gnutls_source_dispatch,
- gnutls_source_finalize,
- (GSourceFunc)g_tls_connection_gnutls_source_dtls_closure_callback,
- (GSourceDummyMarshal)g_cclosure_marshal_generic
-};
-
-GSource *
-g_tls_connection_gnutls_create_source (GTlsConnectionGnutls *gnutls,
- GIOCondition condition,
- GCancellable *cancellable)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GSource *source, *cancellable_source;
- GTlsConnectionGnutlsSource *gnutls_source;
-
- if (g_tls_connection_gnutls_is_dtls (gnutls))
- {
- source = g_source_new (&gnutls_dtls_source_funcs,
- sizeof (GTlsConnectionGnutlsSource));
- }
- else
- {
- source = g_source_new (&gnutls_tls_source_funcs,
- sizeof (GTlsConnectionGnutlsSource));
- }
- g_source_set_name (source, "GTlsConnectionGnutlsSource");
- gnutls_source = (GTlsConnectionGnutlsSource *)source;
- gnutls_source->gnutls = g_object_ref (gnutls);
- gnutls_source->condition = condition;
- if (g_tls_connection_gnutls_is_dtls (gnutls))
- gnutls_source->base = G_OBJECT (gnutls);
- else if (priv->tls_istream != NULL && condition & G_IO_IN)
- gnutls_source->base = G_OBJECT (priv->tls_istream);
- else if (priv->tls_ostream != NULL && condition & G_IO_OUT)
- gnutls_source->base = G_OBJECT (priv->tls_ostream);
- else
- g_assert_not_reached ();
-
- gnutls_source->op_waiting = (gboolean) -1;
- gnutls_source->io_waiting = (gboolean) -1;
- gnutls_source_sync (gnutls_source);
-
- if (cancellable)
- {
- cancellable_source = g_cancellable_source_new (cancellable);
- g_source_set_dummy_callback (cancellable_source);
- g_source_add_child_source (source, cancellable_source);
- g_source_unref (cancellable_source);
- }
-
- return source;
-}
-
-static GSource *
-g_tls_connection_gnutls_dtls_create_source (GDatagramBased *datagram_based,
- GIOCondition condition,
- GCancellable *cancellable)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
-
- return g_tls_connection_gnutls_create_source (gnutls, condition, cancellable);
-}
-
-static GIOCondition
-g_tls_connection_gnutls_condition_check (GDatagramBased *datagram_based,
- GIOCondition condition)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
-
- return (g_tls_connection_gnutls_check (gnutls, condition)) ? condition : 0;
-}
-
-static gboolean
-g_tls_connection_gnutls_condition_wait (GDatagramBased *datagram_based,
- GIOCondition condition,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GPollFD fds[2];
- guint n_fds;
- gint result = 1; /* if the loop is never entered, it’s as if we cancelled early */
- gint64 start_time;
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return FALSE;
-
- /* Convert from microseconds to milliseconds. */
- if (timeout != -1)
- timeout = timeout / 1000;
-
- start_time = g_get_monotonic_time ();
-
- g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
- n_fds = 1;
-
- if (g_cancellable_make_pollfd (cancellable, &fds[1]))
- n_fds++;
-
- while (!g_tls_connection_gnutls_condition_check (datagram_based, condition) &&
- !g_cancellable_is_cancelled (cancellable))
- {
- result = g_poll (fds, n_fds, timeout);
- if (result == 0)
- break;
- if (result != -1 || errno != EINTR)
- continue;
-
- if (timeout != -1)
- {
- timeout -= (g_get_monotonic_time () - start_time) / 1000;
- if (timeout < 0)
- timeout = 0;
- }
- }
-
- if (n_fds > 1)
- g_cancellable_release_fd (cancellable);
-
- if (result == 0)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
- _("Socket I/O timed out"));
- return FALSE;
- }
-
- return !g_cancellable_set_error_if_cancelled (cancellable, error);
-}
+#define END_GNUTLS_IO(gnutls, direction, ret, status, errmsg, err) \
+ status = end_gnutls_io (gnutls, direction, ret, err, errmsg); \
+ } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
static void
set_gnutls_error (GTlsConnectionGnutls *gnutls,
GError *error)
{
+ GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (gnutls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
/* We set EINTR rather than EAGAIN for G_IO_ERROR_WOULD_BLOCK so
{
/* Return EAGAIN while handshaking so that GnuTLS handles retries for us
* internally in its handshaking code. */
- if (priv->base_socket && priv->handshaking)
+ if (g_tls_connection_base_is_dtls (tls) && g_tls_connection_base_is_handshaking (tls))
gnutls_transport_set_errno (priv->session, EAGAIN);
else
gnutls_transport_set_errno (priv->session, EINTR);
void *buf,
size_t buflen)
{
+ GTlsConnectionBase *tls = transport_data;
GTlsConnectionGnutls *gnutls = transport_data;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
ssize_t ret;
- /* If priv->read_error is non-%NULL when we're called, it means
- * that an error previously occurred, but gnutls decided not to
+ /* If read_error is nonnull when we're called, it means
+ * that an error previously occurred, but GnuTLS decided not to
* propagate it. So it's correct for us to just clear it. (Usually
* this means it ignored an EAGAIN after a short read, and now
* we'll return EAGAIN again, which it will obey this time.)
*/
- g_clear_error (&priv->read_error);
+ g_clear_error (g_tls_connection_base_get_read_error (tls));
- if (g_tls_connection_gnutls_is_dtls (gnutls))
+ if (g_tls_connection_base_is_dtls (tls))
{
GInputVector vector = { buf, buflen };
GInputMessage message = { NULL, &vector, 1, 0, 0, NULL, NULL };
- ret = g_datagram_based_receive_messages (priv->base_socket,
+ ret = g_datagram_based_receive_messages (g_tls_connection_base_get_base_socket (tls),
&message, 1, 0,
- priv->handshaking ? 0 : priv->read_timeout,
- priv->read_cancellable,
- &priv->read_error);
+ g_tls_connection_base_is_handshaking (tls) ? 0 : g_tls_connection_base_get_read_timeout (tls),
+ g_tls_connection_base_get_read_cancellable (tls),
+ g_tls_connection_base_get_read_error (tls));
if (ret > 0)
ret = message.bytes_received;
}
else
{
- ret = g_pollable_stream_read (G_INPUT_STREAM (priv->base_istream),
+ ret = g_pollable_stream_read (G_INPUT_STREAM (g_tls_connection_base_get_base_istream (tls)),
buf, buflen,
- (priv->read_timeout != 0),
- priv->read_cancellable,
- &priv->read_error);
+ g_tls_connection_base_get_read_timeout (tls) != 0,
+ g_tls_connection_base_get_read_cancellable (tls),
+ g_tls_connection_base_get_read_error (tls));
}
if (ret < 0)
- set_gnutls_error (gnutls, priv->read_error);
+ set_gnutls_error (gnutls, *g_tls_connection_base_get_read_error (tls));
return ret;
}
const void *buf,
size_t buflen)
{
+ GTlsConnectionBase *tls = transport_data;
GTlsConnectionGnutls *gnutls = transport_data;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
ssize_t ret;
/* See comment in pull_func. */
- g_clear_error (&priv->write_error);
+ g_clear_error (g_tls_connection_base_get_write_error (tls));
- if (g_tls_connection_gnutls_is_dtls (gnutls))
+ if (g_tls_connection_base_is_dtls (tls))
{
GOutputVector vector = { buf, buflen };
GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 };
- ret = g_datagram_based_send_messages (priv->base_socket,
+ ret = g_datagram_based_send_messages (g_tls_connection_base_get_base_socket (tls),
&message, 1, 0,
- priv->write_timeout,
- priv->write_cancellable,
- &priv->write_error);
+ g_tls_connection_base_get_write_timeout (tls),
+ g_tls_connection_base_get_write_cancellable (tls),
+ g_tls_connection_base_get_write_error (tls));
if (ret > 0)
ret = message.bytes_sent;
}
else
{
- ret = g_pollable_stream_write (G_OUTPUT_STREAM (priv->base_ostream),
+ ret = g_pollable_stream_write (G_OUTPUT_STREAM (g_tls_connection_base_get_base_ostream (tls)),
buf, buflen,
- (priv->write_timeout != 0),
- priv->write_cancellable,
- &priv->write_error);
+ g_tls_connection_base_get_write_timeout (tls) != 0,
+ g_tls_connection_base_get_write_cancellable (tls),
+ g_tls_connection_base_get_write_error (tls));
}
if (ret < 0)
- set_gnutls_error (gnutls, priv->write_error);
+ set_gnutls_error (gnutls, *g_tls_connection_base_get_write_error (tls));
return ret;
}
const giovec_t *iov,
int iovcnt)
{
+ GTlsConnectionBase *tls = transport_data;
GTlsConnectionGnutls *gnutls = transport_data;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
ssize_t ret;
GOutputMessage message = { NULL, };
GOutputVector *vectors;
- /* This function should only be set if we’re using base_socket. */
- g_assert (priv->base_socket != NULL);
+ g_assert (g_tls_connection_base_is_dtls (tls));
/* See comment in pull_func. */
- g_clear_error (&priv->write_error);
+ g_clear_error (g_tls_connection_base_get_write_error (tls));
/* this entire expression will be evaluated at compile time */
if (sizeof *iov == sizeof *vectors &&
message.num_vectors = iovcnt;
}
- ret = g_datagram_based_send_messages (priv->base_socket,
+ ret = g_datagram_based_send_messages (g_tls_connection_base_get_base_socket (tls),
&message, 1, 0,
- priv->write_timeout,
- priv->write_cancellable,
- &priv->write_error);
+ g_tls_connection_base_get_write_timeout (tls),
+ g_tls_connection_base_get_write_cancellable (tls),
+ g_tls_connection_base_get_write_error (tls));
if (ret > 0)
ret = message.bytes_sent;
else if (ret < 0)
- set_gnutls_error (gnutls, priv->write_error);
+ set_gnutls_error (gnutls, *g_tls_connection_base_get_write_error (tls));
return ret;
}
read_pollable_cb (GPollableInputStream *istream,
gpointer user_data)
{
- gboolean *read_done = user_data;
+ gboolean *done = user_data;
- *read_done = TRUE;
+ *done = TRUE;
- return G_SOURCE_CONTINUE;
+ return G_SOURCE_REMOVE;
}
static gboolean
GIOCondition condition,
gpointer user_data)
{
- gboolean *read_done = user_data;
+ gboolean *done = user_data;
- *read_done = TRUE;
+ *done = TRUE;
- return G_SOURCE_CONTINUE;
+ return G_SOURCE_REMOVE;
}
static gboolean
read_timeout_cb (gpointer user_data)
{
- gboolean *timed_out = user_data;
+ gboolean *done = user_data;
+
+ *done = TRUE;
+
+ return G_SOURCE_REMOVE;
+}
+
+static gboolean
+read_cancelled_cb (GCancellable *cancellable,
+ gpointer user_data)
+{
+ gboolean *done = user_data;
- *timed_out = TRUE;
+ *done = TRUE;
return G_SOURCE_REMOVE;
}
g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data,
unsigned int ms)
{
- GTlsConnectionGnutls *gnutls = transport_data;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBase *tls = transport_data;
/* Fast path. */
- if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) ||
- g_cancellable_is_cancelled (priv->read_cancellable))
+ if (g_tls_connection_base_base_check (tls, G_IO_IN) ||
+ g_cancellable_is_cancelled (g_tls_connection_base_get_read_cancellable (tls)))
return 1;
/* If @ms is 0, GnuTLS wants an instant response, so there’s no need to
if (ms > 0)
{
GMainContext *ctx = NULL;
- GSource *read_source = NULL, *timeout_source = NULL;
- gboolean read_done = FALSE, timed_out = FALSE;
+ GSource *read_source = NULL;
+ GSource *timeout_source = NULL;
+ GSource *cancellable_source = NULL;
+ gboolean done = FALSE;
ctx = g_main_context_new ();
/* Create a timeout source. */
timeout_source = g_timeout_source_new (ms);
g_source_set_callback (timeout_source, (GSourceFunc)read_timeout_cb,
- &timed_out, NULL);
+ &done, NULL);
/* Create a read source. We cannot use g_source_set_ready_time() on this
* to combine it with the @timeout_source, as that could mess with the
* internals of the #GDatagramBased’s #GSource implementation. */
- if (g_tls_connection_gnutls_is_dtls (gnutls))
+ if (g_tls_connection_base_is_dtls (tls))
{
- read_source = g_datagram_based_create_source (priv->base_socket, G_IO_IN, NULL);
+ read_source = g_datagram_based_create_source (g_tls_connection_base_get_base_socket (tls),
+ G_IO_IN, NULL);
g_source_set_callback (read_source, (GSourceFunc)read_datagram_based_cb,
- &read_done, NULL);
+ &done, NULL);
}
else
{
- read_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
+ read_source = g_pollable_input_stream_create_source (g_tls_connection_base_get_base_istream (tls),
+ NULL);
g_source_set_callback (read_source, (GSourceFunc)read_pollable_cb,
- &read_done, NULL);
+ &done, NULL);
}
+ cancellable_source = g_cancellable_source_new (g_tls_connection_base_get_read_cancellable (tls));
+ g_source_set_callback (cancellable_source, (GSourceFunc)read_cancelled_cb,
+ &done, NULL);
+
g_source_attach (read_source, ctx);
g_source_attach (timeout_source, ctx);
+ g_source_attach (cancellable_source, ctx);
- while (!read_done && !timed_out)
+ while (!done)
g_main_context_iteration (ctx, TRUE);
g_source_destroy (read_source);
g_source_destroy (timeout_source);
+ g_source_destroy (cancellable_source);
g_main_context_unref (ctx);
g_source_unref (read_source);
g_source_unref (timeout_source);
+ g_source_unref (cancellable_source);
/* If @read_source was dispatched due to cancellation, the resulting error
* will be handled in g_tls_connection_gnutls_pull_func(). */
- if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) ||
- g_cancellable_is_cancelled (priv->read_cancellable))
+ if (g_tls_connection_base_base_check (tls, G_IO_IN) ||
+ g_cancellable_is_cancelled (g_tls_connection_base_get_read_cancellable (tls)))
return 1;
}
return 0;
}
+static GTlsSafeRenegotiationStatus
+g_tls_connection_gnutls_handshake_thread_safe_renegotiation_status (GTlsConnectionBase *tls)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
+ GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+ return gnutls_safe_renegotiation_status (priv->session) ? G_TLS_SAFE_RENEGOTIATION_SUPPORTED_BY_PEER
+ : G_TLS_SAFE_RENEGOTIATION_UNSUPPORTED;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_handshake_thread_request_rehandshake (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
+ GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBaseStatus status;
+ int ret;
+
+ /* On a client-side connection, gnutls_handshake() itself will start
+ * a rehandshake, so we only need to do something special here for
+ * server-side connections.
+ */
+ if (!G_IS_TLS_SERVER_CONNECTION (tls))
+ return G_TLS_CONNECTION_BASE_OK;
+
+ BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
+ ret = gnutls_rehandshake (priv->session);
+ END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret, status, _("Error performing TLS handshake: %s"), error);
+
+ return status;
+}
+
static GTlsCertificate *
-get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
+g_tls_connection_gnutls_retrieve_peer_certificate (GTlsConnectionBase *tls)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
const gnutls_datum_t *certs;
GTlsCertificateGnutls *chain;
unsigned int num_certs;
+ if (gnutls_certificate_type_get (priv->session) != GNUTLS_CRT_X509)
+ return NULL;
+
certs = gnutls_certificate_get_peers (priv->session, &num_certs);
if (!certs || !num_certs)
return NULL;
return G_TLS_CERTIFICATE (chain);
}
-static GTlsCertificateFlags
-verify_peer_certificate (GTlsConnectionGnutls *gnutls,
- GTlsCertificate *peer_certificate)
-{
- GTlsConnection *conn = G_TLS_CONNECTION (gnutls);
- GSocketConnectable *peer_identity;
- GTlsDatabase *database;
- GTlsCertificateFlags errors;
- gboolean is_client;
-
- is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
-
- if (!is_client)
- peer_identity = NULL;
- else if (!g_tls_connection_gnutls_is_dtls (gnutls))
- peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (gnutls));
- else
- peer_identity = g_dtls_client_connection_get_server_identity (G_DTLS_CLIENT_CONNECTION (gnutls));
-
- errors = 0;
-
- database = g_tls_connection_get_database (conn);
- if (database == NULL)
- {
- errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
- errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL);
- }
- else
- {
- GError *error = NULL;
-
- errors |= g_tls_database_verify_chain (database, peer_certificate,
- is_client ?
- G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
- G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
- peer_identity,
- g_tls_connection_get_interaction (conn),
- G_TLS_DATABASE_VERIFY_NONE,
- NULL, &error);
- if (error)
- {
- g_warning ("failure verifying certificate chain: %s",
- error->message);
- g_assert (errors != 0);
- g_clear_error (&error);
- }
- }
-
- return errors;
-}
-
-static void
-update_peer_certificate_and_compute_errors (GTlsConnectionGnutls *gnutls)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- /* This function must be called from the handshake context thread
- * (probably the main thread, NOT the handshake thread) because it
- * emits notifies that are application-visible.
- *
- * verify_certificate_mutex should be locked.
- */
- g_assert (priv->handshake_context);
- g_assert (g_main_context_is_owner (priv->handshake_context));
-
- g_clear_object (&priv->peer_certificate);
- priv->peer_certificate_errors = 0;
-
- if (gnutls_certificate_type_get (priv->session) == GNUTLS_CRT_X509)
- {
- priv->peer_certificate = get_peer_certificate_from_session (gnutls);
- if (priv->peer_certificate)
- priv->peer_certificate_errors = verify_peer_certificate (gnutls, priv->peer_certificate);
- }
-
- g_object_notify (G_OBJECT (gnutls), "peer-certificate");
- g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
-}
-
-static gboolean
-accept_or_reject_peer_certificate (gpointer user_data)
-{
- GTlsConnectionGnutls *gnutls = user_data;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gboolean accepted = FALSE;
-
- g_assert (g_main_context_is_owner (priv->handshake_context));
-
- g_mutex_lock (&priv->verify_certificate_mutex);
-
- update_peer_certificate_and_compute_errors (gnutls);
-
- if (G_IS_TLS_CLIENT_CONNECTION (gnutls) && priv->peer_certificate != NULL)
- {
- GTlsCertificateFlags validation_flags;
-
- if (!g_tls_connection_gnutls_is_dtls (gnutls))
- validation_flags =
- g_tls_client_connection_get_validation_flags (G_TLS_CLIENT_CONNECTION (gnutls));
- else
- validation_flags =
- g_dtls_client_connection_get_validation_flags (G_DTLS_CLIENT_CONNECTION (gnutls));
-
- if ((priv->peer_certificate_errors & validation_flags) == 0)
- accepted = TRUE;
- }
-
- if (!accepted)
- {
- g_main_context_pop_thread_default (priv->handshake_context);
- accepted = g_tls_connection_emit_accept_certificate (G_TLS_CONNECTION (gnutls),
- priv->peer_certificate,
- priv->peer_certificate_errors);
- g_main_context_push_thread_default (priv->handshake_context);
- }
-
- priv->peer_certificate_accepted = accepted;
-
- /* This has to be the very last statement before signaling the
- * condition variable because otherwise the code could spuriously
- * wakeup and continue before we are done here.
- */
- priv->peer_certificate_examined = TRUE;
-
- g_cond_signal (&priv->verify_certificate_condition);
- g_mutex_unlock (&priv->verify_certificate_mutex);
-
- g_object_notify (G_OBJECT (gnutls), "peer-certificate");
- g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
-
- return G_SOURCE_REMOVE;
-}
-
static int
verify_certificate_cb (gnutls_session_t session)
{
- GTlsConnectionGnutls *gnutls = gnutls_session_get_ptr (session);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gboolean accepted;
-
- g_mutex_lock (&priv->verify_certificate_mutex);
- priv->peer_certificate_examined = FALSE;
- priv->peer_certificate_accepted = FALSE;
- g_mutex_unlock (&priv->verify_certificate_mutex);
-
- /* Invoke the callback on the handshake context's thread. This is
- * necessary because we need to ensure the accept-certificate signal
- * is emitted on the original thread.
- */
- g_assert (priv->handshake_context);
- g_main_context_invoke (priv->handshake_context, accept_or_reject_peer_certificate, gnutls);
+ GTlsConnectionBase *tls = gnutls_session_get_ptr (session);
- /* We'll block the handshake thread until the original thread has
- * decided whether to accept the certificate.
- */
- g_mutex_lock (&priv->verify_certificate_mutex);
- while (!priv->peer_certificate_examined)
- g_cond_wait (&priv->verify_certificate_condition, &priv->verify_certificate_mutex);
- accepted = priv->peer_certificate_accepted;
- g_mutex_unlock (&priv->verify_certificate_mutex);
-
- /* Return 0 for the handshake to continue, non-zero to terminate. */
- return !accepted;
+ /* Return 0 for the handshake to continue, non-zero to terminate.
+ * Complete opposite of what OpenSSL does. */
+ return !g_tls_connection_base_handshake_thread_verify_certificate (tls);
}
static void
-handshake_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
+g_tls_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
+ gchar **advertised_protocols)
{
- GTlsConnectionGnutls *gnutls = object;
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GError *error = NULL;
- int ret;
- gint64 start_time;
- gint64 timeout;
- /* A timeout, in microseconds, must be provided as a gint64* task_data. */
- g_assert (task_data != NULL);
-
- timeout = *((gint64 *)task_data);
- start_time = g_get_monotonic_time ();
- priv->started_handshake = FALSE;
-
- if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE,
- timeout, cancellable, &error))
+ if (advertised_protocols)
{
- g_task_return_error (task, error);
- return;
- }
-
- g_clear_error (&priv->handshake_error);
-
- if (priv->ever_handshaked && !priv->implicit_handshake)
- {
- if (priv->rehandshake_mode != G_TLS_REHANDSHAKE_UNSAFELY &&
- !gnutls_safe_renegotiation_status (priv->session))
- {
- g_task_return_new_error (task, G_TLS_ERROR, G_TLS_ERROR_MISC,
- _("Peer does not support safe renegotiation"));
- return;
- }
+ gnutls_datum_t *protocols;
+ int n_protos, i;
- if (!G_IS_TLS_CLIENT_CONNECTION (gnutls))
+ n_protos = g_strv_length (advertised_protocols);
+ protocols = g_new (gnutls_datum_t, n_protos);
+ for (i = 0; advertised_protocols[i]; i++)
{
- /* Adjust the timeout for the next operation in the sequence. */
- if (timeout > 0)
- {
- unsigned int timeout_ms;
-
- timeout -= (g_get_monotonic_time () - start_time);
- if (timeout <= 0)
- timeout = 1;
-
- /* Convert from microseconds to milliseconds, but ensure the timeout
- * remains positive. */
- timeout_ms = (timeout + 999) / 1000;
-
- gnutls_handshake_set_timeout (priv->session, timeout_ms);
- gnutls_dtls_set_timeouts (priv->session, 1000 /* default */,
- timeout_ms);
- }
-
- BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
- ret = gnutls_rehandshake (priv->session);
- END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
- _("Error performing TLS handshake"), &error);
-
- if (error)
- {
- g_task_return_error (task, error);
- return;
- }
+ protocols[i].size = strlen (advertised_protocols[i]);
+ protocols[i].data = (guchar *)advertised_protocols[i];
}
+ gnutls_alpn_set_protocols (priv->session, protocols, n_protos, 0);
+ g_free (protocols);
}
+}
- priv->started_handshake = TRUE;
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_handshake_thread_handshake (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
+ GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBaseStatus status;
+ int ret;
- if (!priv->ever_handshaked)
+ if (!g_tls_connection_base_ever_handshaked (tls))
g_tls_connection_gnutls_set_handshake_priority (gnutls);
- /* Adjust the timeout for the next operation in the sequence. */
if (timeout > 0)
{
unsigned int timeout_ms;
- timeout -= (g_get_monotonic_time () - start_time);
- if (timeout <= 0)
- timeout = 1;
-
/* Convert from microseconds to milliseconds, but ensure the timeout
* remains positive. */
timeout_ms = (timeout + 999) / 1000;
gnutls_handshake_set_timeout (priv->session, timeout_ms);
- gnutls_dtls_set_timeouts (priv->session, 1000 /* default */,
- timeout_ms);
+ gnutls_dtls_set_timeouts (priv->session, 1000 /* default */, timeout_ms);
}
BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
ret = gnutls_record_recv (priv->session, buf, sizeof (buf));
if (ret > -1)
{
- if (!priv->app_data_buf)
- priv->app_data_buf = g_byte_array_new ();
- g_byte_array_append (priv->app_data_buf, buf, ret);
+ g_tls_connection_base_handshake_thread_buffer_application_data (tls, buf, ret);
ret = GNUTLS_E_AGAIN;
}
}
- END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
- _("Error performing TLS handshake"), &error);
-
- /* This calls the finish_handshake code of GTlsClientConnectionGnutls
- * or GTlsServerConnectionGnutls. It has nothing to do with
- * GTlsConnectionGnutls's own finish_handshake function, which still
- * needs to be called at this point.
- */
- G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, &error);
+ END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret, status,
+ _("Error performing TLS handshake"), error);
- if (error)
- {
- g_task_return_error (task, error);
- }
- else
- {
- priv->ever_handshaked = TRUE;
- g_task_return_boolean (task, TRUE);
- }
+ return status;
}
-static void
-begin_handshake (GTlsConnectionGnutls *gnutls)
-{
-#if GLIB_CHECK_VERSION(2, 60, 0)
+static GTlsCertificateFlags
+g_tls_connection_gnutls_verify_chain (GTlsConnectionBase *tls,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsCertificateFlags errors = 0;
+ const char *hostname = NULL;
+ char *free_hostname = NULL;
+ GTlsDatabase *database;
+ guint gnutls_result;
+ int ret;
- if (priv->advertised_protocols)
+ /* There are several different ways to perform certificate verification with
+ * GnuTLS, but they all fall into one of two categories:
+ *
+ * (a) outside the context of a TLS session
+ * (b) within the context of a TLS session
+ *
+ * (a) is done by g_tls_database_verify_chain() and implemented using one of
+ * several different functions of gnutls_x509_trust_list_t, e.g.
+ * gnutls_x509_trust_list_verify_crt2() or one of the related functions.
+ * This is the best we can do if we have to use a GTlsDatabase that is not a
+ * GTlsDatabaseGnutls.
+ */
+ database = g_tls_connection_get_database (G_TLS_CONNECTION (gnutls));
+ if (!G_IS_TLS_DATABASE_GNUTLS (database))
+ {
+ return g_tls_database_verify_chain (database,
+ chain,
+ G_IS_TLS_CLIENT_CONNECTION (tls) ? G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER : G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
+ identity,
+ g_tls_connection_get_interaction (G_TLS_CONNECTION (tls)),
+ G_TLS_DATABASE_VERIFY_NONE,
+ NULL,
+ error);
+ }
+
+ /* Now for (b). The recommended way is gnutls_session_set_verify_cert(), but
+ * we can't use that because that would leave no way to implement the
+ * GTlsConnection::accept-certificate signal. The other way is to use
+ * gnutls_certificate_verify_peers3() or one of the related functions. This
+ * adds additional smarts that are not possible when using GTlsDatabase
+ * directly. For example, it checks name constraints, key usage, and basic
+ * constraints. It also checks for stapled OCSP responses. Verification will
+ * fail if the OCSP response indicates the certificate has been revoked.
+ * Verification will also fail if the Must-Staple flag is set but the OCSP
+ * response is missing. Nice! This uses the gnutls_certificate_credentials_t
+ * set on the gnutls_session_t by gnutls_credentials_set().
+ */
+
+ if (G_IS_NETWORK_ADDRESS (identity))
+ hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
+ else if (G_IS_NETWORK_SERVICE (identity))
+ hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
+ else if (G_IS_INET_SOCKET_ADDRESS (identity))
{
- gnutls_datum_t *protocols;
- int n_protos, i;
+ GInetAddress *addr;
- n_protos = g_strv_length (priv->advertised_protocols);
- protocols = g_new (gnutls_datum_t, n_protos);
- for (i = 0; priv->advertised_protocols[i]; i++)
- {
- protocols[i].size = strlen (priv->advertised_protocols[i]);
- protocols[i].data = g_memdup (priv->advertised_protocols[i], protocols[i].size);
- }
- gnutls_alpn_set_protocols (priv->session, protocols, n_protos, 0);
- g_free (protocols);
+ addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
+ hostname = free_hostname = g_inet_address_to_string (addr);
+ }
+ else if (identity)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Cannot verify peer identity of unexpected type %s"), G_OBJECT_TYPE_NAME (identity));
+ errors |= G_TLS_CERTIFICATE_BAD_IDENTITY;
}
-#endif
-
- G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->begin_handshake (gnutls);
-}
-
-#if GLIB_CHECK_VERSION(2, 60, 0)
-static void
-update_negotiated_protocol (GTlsConnectionGnutls *gnutls)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gchar *orig_negotiated_protocol;
- gnutls_datum_t protocol;
-
- /*
- * Preserve the prior negotiated protocol before clearing it
- */
- orig_negotiated_protocol = g_steal_pointer (&priv->negotiated_protocol);
-
- if (gnutls_alpn_get_selected_protocol (priv->session, &protocol) == 0 && protocol.size > 0)
- priv->negotiated_protocol = g_strndup ((gchar *)protocol.data, protocol.size);
+ ret = gnutls_certificate_verify_peers3 (priv->session, hostname, &gnutls_result);
+ if (ret != 0)
+ errors |= G_TLS_CERTIFICATE_GENERIC_ERROR;
+ else
+ errors |= g_tls_certificate_gnutls_convert_flags (gnutls_result);
- /*
- * Notify only if the negotiated protocol changed
- */
- if (g_strcmp0 (orig_negotiated_protocol, priv->negotiated_protocol) != 0)
- g_object_notify (G_OBJECT (gnutls), "negotiated-protocol");
+ g_free (free_hostname);
+ return errors;
+}
- g_free (orig_negotiated_protocol);
+static GTlsProtocolVersion
+glib_protocol_version_from_gnutls (gnutls_protocol_t protocol_version)
+{
+ switch (protocol_version)
+ {
+ case GNUTLS_SSL3:
+ return G_TLS_PROTOCOL_VERSION_SSL_3_0;
+ case GNUTLS_TLS1_0:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_0;
+ case GNUTLS_TLS1_1:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_1;
+ case GNUTLS_TLS1_2:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_2;
+ case GNUTLS_TLS1_3:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_3;
+ case GNUTLS_DTLS0_9:
+ return G_TLS_PROTOCOL_VERSION_UNKNOWN;
+ case GNUTLS_DTLS1_0:
+ return G_TLS_PROTOCOL_VERSION_DTLS_1_0;
+ case GNUTLS_DTLS1_2:
+ return G_TLS_PROTOCOL_VERSION_DTLS_1_2;
+ default:
+ return G_TLS_PROTOCOL_VERSION_UNKNOWN;
+ }
}
-#endif
-static gboolean
-finish_handshake (GTlsConnectionGnutls *gnutls,
- GTask *task,
- GError **error)
+static gchar *
+get_ciphersuite_name (gnutls_session_t session)
{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- g_assert (error != NULL);
+ gnutls_protocol_t protocol_version = gnutls_protocol_get_version (session);
+ char *cipher_name;
+ char *result;
- if (gnutls_session_is_resumed (priv->session))
+ if (protocol_version <= GNUTLS_TLS1_2 ||
+ (protocol_version >= GNUTLS_DTLS0_9 && protocol_version <= GNUTLS_DTLS1_2))
{
- /* Because this session was resumed, we skipped certificate
- * verification on this handshake, so we missed our earlier
- * chance to set peer_certificate and peer_certificate_errors.
- * Do so here instead.
- *
- * The certificate has already been accepted, so we don't do
- * anything with the result here.
- */
- g_mutex_lock (&priv->verify_certificate_mutex);
- update_peer_certificate_and_compute_errors (gnutls);
- priv->peer_certificate_examined = TRUE;
- priv->peer_certificate_accepted = TRUE;
- g_mutex_unlock (&priv->verify_certificate_mutex);
+ return g_strdup (gnutls_cipher_suite_get_name (gnutls_kx_get (session),
+ gnutls_cipher_get (session),
+ gnutls_mac_get (session)));
}
- if (g_task_propagate_boolean (task, error) &&
- priv->peer_certificate && !priv->peer_certificate_accepted)
+ cipher_name = g_strdup (gnutls_cipher_get_name (gnutls_cipher_get (session)));
+ for (char *c = cipher_name; *c != '\0'; c++)
{
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Unacceptable TLS certificate"));
+ if (*c == '-')
+ *c = '_';
}
-#if GLIB_CHECK_VERSION(2, 60, 0)
- if (!*error && priv->advertised_protocols)
- update_negotiated_protocol (gnutls);
-#endif
-
- if (*error && priv->started_handshake)
- priv->handshake_error = g_error_copy (*error);
+ result = g_strdup_printf ("TLS_%s_%s",
+ cipher_name,
+ gnutls_digest_get_name (gnutls_prf_hash_get (session)));
+ g_free (cipher_name);
- return (*error == NULL);
+ return result;
}
static void
-sync_handshake_thread_completed (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+g_tls_connection_gnutls_complete_handshake (GTlsConnectionBase *tls,
+ gboolean handshake_succeeded,
+ gchar **negotiated_protocol,
+ GTlsProtocolVersion *protocol_version,
+ gchar **ciphersuite_name,
+ GError **error)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ gnutls_datum_t protocol;
- g_assert (g_main_context_is_owner (priv->handshake_context));
-
- g_mutex_lock (&priv->op_mutex);
- priv->sync_handshake_completed = TRUE;
- g_mutex_unlock (&priv->op_mutex);
-
- g_main_context_wakeup (priv->handshake_context);
-}
-
-static void
-crank_sync_handshake_context (GTlsConnectionGnutls *gnutls,
- GCancellable *cancellable)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ if (!handshake_succeeded)
+ return;
- /* need_finish_handshake will be set inside sync_handshake_thread_completed(),
- * which should only ever be invoked while iterating the handshake context
- * here. So need_finish_handshake should only change on this thread.
- */
- g_mutex_lock (&priv->op_mutex);
- priv->sync_handshake_completed = FALSE;
- while (!priv->sync_handshake_completed && !g_cancellable_is_cancelled (cancellable))
+ if (gnutls_alpn_get_selected_protocol (priv->session, &protocol) == 0 &&
+ protocol.size > 0)
{
- g_mutex_unlock (&priv->op_mutex);
- g_main_context_iteration (priv->handshake_context, TRUE);
- g_mutex_lock (&priv->op_mutex);
+ g_assert (!*negotiated_protocol);
+ *negotiated_protocol = g_strndup ((gchar *)protocol.data, protocol.size);
}
- g_mutex_unlock (&priv->op_mutex);
+
+ *protocol_version = glib_protocol_version_from_gnutls (gnutls_protocol_get_version (priv->session));
+ *ciphersuite_name = get_ciphersuite_name (priv->session);
}
static gboolean
-g_tls_connection_gnutls_handshake (GTlsConnection *conn,
- GCancellable *cancellable,
- GError **error)
+g_tls_connection_gnutls_is_session_resumed (GTlsConnectionBase *tls)
{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (conn);
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GTask *task;
- gboolean success;
- gint64 *timeout = NULL;
- GError *my_error = NULL;
-
- g_assert (priv->handshake_context == NULL);
- priv->handshake_context = g_main_context_new ();
-
- g_main_context_push_thread_default (priv->handshake_context);
-
- begin_handshake (gnutls);
-
- task = g_task_new (conn, cancellable, sync_handshake_thread_completed, NULL);
- g_task_set_source_tag (task, g_tls_connection_gnutls_handshake);
- g_task_set_return_on_cancel (task, TRUE);
- timeout = g_new0 (gint64, 1);
- *timeout = -1; /* blocking */
- g_task_set_task_data (task, timeout, g_free);
-
- g_task_run_in_thread (task, handshake_thread);
- crank_sync_handshake_context (gnutls, cancellable);
-
- success = finish_handshake (gnutls, task, &my_error);
-
- g_main_context_pop_thread_default (priv->handshake_context);
- g_clear_pointer (&priv->handshake_context, g_main_context_unref);
- g_object_unref (task);
-
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
-
- if (my_error)
- g_propagate_error (error, my_error);
- return success;
+ return gnutls_session_is_resumed (priv->session);
}
static gboolean
-g_tls_connection_gnutls_dtls_handshake (GDtlsConnection *conn,
- GCancellable *cancellable,
- GError **error)
+gnutls_get_binding (GTlsConnectionGnutls *gnutls,
+ GByteArray *data,
+ gnutls_channel_binding_t binding,
+ GError **error)
{
- return g_tls_connection_gnutls_handshake (G_TLS_CONNECTION (conn),
- cancellable, error);
-}
-
-/* In the async version we use two GTasks; one to run handshake_thread() and
- * then call handshake_thread_completed(), and a second to call the caller's
- * original callback after we call finish_handshake().
- */
-
-static void
-handshake_thread_completed (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
-{
- GTask *caller_task = user_data;
- GTlsConnectionGnutls *gnutls = g_task_get_source_object (caller_task);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GError *error = NULL;
- gboolean need_finish_handshake, success;
+ gnutls_datum_t cb;
+ int ret = gnutls_session_channel_binding (priv->session, binding, &cb);
- g_mutex_lock (&priv->op_mutex);
- if (priv->need_finish_handshake)
+ if (ret == GNUTLS_E_SUCCESS)
{
- need_finish_handshake = TRUE;
- priv->need_finish_handshake = FALSE;
+ /* Older GnuTLS versions are known to return SUCCESS and empty data for TLSv1.3 tls-unique binding.
+ * While it may look prudent to catch here that specific corner case, the empty binding data is
+ * definitely not a SUCCESS, regardless of the version and type. */
+ if (cb.size == 0)
+ {
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ _("Empty channel binding data indicates a bug in the TLS library implementation"));
+ return FALSE;
+ }
+
+ if (data != NULL)
+ {
+ g_tls_log_debug (gnutls, "binding size %d", cb.size);
+ g_free (g_byte_array_steal (data, NULL));
+ g_byte_array_append (data, cb.data, cb.size);
+ }
+ g_free (cb.data);
+ return TRUE;
}
- else
- need_finish_handshake = FALSE;
- g_mutex_unlock (&priv->op_mutex);
- if (need_finish_handshake)
+ switch (ret)
{
- success = finish_handshake (gnutls, G_TASK (result), &error);
- if (success)
- g_task_return_boolean (caller_task, TRUE);
- else
- g_task_return_error (caller_task, error);
+ case GNUTLS_E_UNIMPLEMENTED_FEATURE:
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
+ _("Channel binding type is not implemented in the TLS library"));
+ break;
+ case GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE:
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_AVAILABLE,
+ _("Channel binding data is not yet available"));
+ break;
+ default:
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ "%s", gnutls_strerror (ret));
}
- else if (priv->handshake_error)
- g_task_return_error (caller_task, g_error_copy (priv->handshake_error));
- else
- g_task_return_boolean (caller_task, TRUE);
-
- g_clear_pointer (&priv->handshake_context, g_main_context_unref);
- g_object_unref (caller_task);
-}
-
-static void
-async_handshake_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsConnectionGnutls *gnutls = object;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-
- handshake_thread (task, object, task_data, cancellable);
-
- g_mutex_lock (&priv->op_mutex);
- priv->need_finish_handshake = TRUE;
- /* yield_op will clear handshaking too, but we don't want the
- * connection to be briefly "handshaking && need_finish_handshake"
- * after we unlock the mutex.
- */
- priv->handshaking = FALSE;
- g_mutex_unlock (&priv->op_mutex);
-
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
-}
-
-static void
-g_tls_connection_gnutls_handshake_async (GTlsConnection *conn,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (G_TLS_CONNECTION_GNUTLS (conn));
- GTask *thread_task, *caller_task;
- gint64 *timeout = NULL;
-
- g_assert (!priv->handshake_context);
- priv->handshake_context = g_main_context_ref_thread_default ();
-
- caller_task = g_task_new (conn, cancellable, callback, user_data);
- g_task_set_source_tag (caller_task, g_tls_connection_gnutls_handshake_async);
- g_task_set_priority (caller_task, io_priority);
-
- begin_handshake (G_TLS_CONNECTION_GNUTLS (conn));
-
- thread_task = g_task_new (conn, cancellable,
- handshake_thread_completed, caller_task);
- g_task_set_source_tag (thread_task, g_tls_connection_gnutls_handshake_async);
- g_task_set_priority (thread_task, io_priority);
-
- timeout = g_new0 (gint64, 1);
- *timeout = -1; /* blocking */
- g_task_set_task_data (thread_task, timeout, g_free);
-
- g_task_run_in_thread (thread_task, async_handshake_thread);
- g_object_unref (thread_task);
-}
-
-static gboolean
-g_tls_connection_gnutls_handshake_finish (GTlsConnection *conn,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-static void
-g_tls_connection_gnutls_dtls_handshake_async (GDtlsConnection *conn,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- g_tls_connection_gnutls_handshake_async (G_TLS_CONNECTION (conn), io_priority,
- cancellable, callback, user_data);
+ return FALSE;
}
static gboolean
-g_tls_connection_gnutls_dtls_handshake_finish (GDtlsConnection *conn,
- GAsyncResult *result,
- GError **error)
+gnutls_get_binding_tls_unique (GTlsConnectionGnutls *gnutls,
+ GByteArray *data,
+ GError **error)
{
- return g_tls_connection_gnutls_handshake_finish (G_TLS_CONNECTION (conn),
- result, error);
+ return gnutls_get_binding (gnutls, data, GNUTLS_CB_TLS_UNIQUE, error);
}
static gboolean
-do_implicit_handshake (GTlsConnectionGnutls *gnutls,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+gnutls_get_binding_tls_server_end_point (GTlsConnectionGnutls *gnutls,
+ GByteArray *data,
+ GError **error)
{
+#if GTLS_GNUTLS_CHECK_VERSION(3, 7, 2)
+ return gnutls_get_binding (gnutls, data, GNUTLS_CB_TLS_SERVER_END_POINT, error);
+#else
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- gint64 *thread_timeout = NULL;
-
- /* We have op_mutex */
+ const gnutls_datum_t *ders;
+ unsigned int num_certs = 1;
+ int ret;
+ size_t rlen;
+ gnutls_x509_crt_t cert;
+ gnutls_digest_algorithm_t algo;
+ gboolean is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
- g_assert (priv->handshake_context == NULL);
- if (timeout != 0)
+ ret = gnutls_certificate_type_get (priv->session);
+ if (ret != GNUTLS_CRT_X509)
{
- priv->handshake_context = g_main_context_new ();
- g_main_context_push_thread_default (priv->handshake_context);
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_SUPPORTED,
+ _("X.509 certificate is not available on the connection"));
+ return FALSE;
}
+
+ if (is_client)
+ ders = gnutls_certificate_get_peers (priv->session, &num_certs);
else
+ ders = gnutls_certificate_get_ours (priv->session);
+
+ if (!ders || num_certs == 0)
{
- priv->handshake_context = g_main_context_ref_thread_default ();
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_AVAILABLE,
+ _("X.509 certificate is not available on the connection"));
+ return FALSE;
}
- g_assert (priv->implicit_handshake == NULL);
- priv->implicit_handshake = g_task_new (gnutls, cancellable,
- timeout ? sync_handshake_thread_completed : NULL,
- NULL);
- g_task_set_source_tag (priv->implicit_handshake,
- do_implicit_handshake);
+ /* This is a drill */
+ if (!data)
+ return TRUE;
- thread_timeout = g_new0 (gint64, 1);
- g_task_set_task_data (priv->implicit_handshake,
- thread_timeout, g_free);
+ /* for DER only first cert is imported, but cert will be pre-initialized */
+ ret = gnutls_x509_crt_list_import (&cert, &num_certs, ders, GNUTLS_X509_FMT_DER, 0);
+ if (ret < 0 || num_certs == 0)
+ {
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_AVAILABLE,
+ _("X.509 certificate is not available or is of unknown format: %s"),
+ gnutls_strerror (ret));
+ return FALSE;
+ }
- begin_handshake (gnutls);
+ /* obtain signature algorithm for the certificate - we need hashing algo from it */
+ ret = gnutls_x509_crt_get_signature_algorithm (cert);
+ if (ret < 0 || ret == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_x509_crt_deinit (cert);
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_SUPPORTED,
+ _("Unable to obtain certificate signature algorithm"));
+ return FALSE;
+ }
+ /* At this point we either use SHA256 as a fallback, or native algorithm */
+ algo = gnutls_sign_get_hash_algorithm (ret);
+ /* Cannot identify signing algorithm or weak security - let try fallback */
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ case GNUTLS_DIG_SHA1:
+ algo = GNUTLS_DIG_SHA256;
+ break;
+ case GNUTLS_DIG_UNKNOWN:
+ case GNUTLS_DIG_NULL:
+ case GNUTLS_DIG_MD5_SHA1:
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_SUPPORTED,
+ _("Current X.509 certificate uses unknown or unsupported signature algorithm"));
+ gnutls_x509_crt_deinit (cert);
+ return FALSE;
+ default:
+ /* no-op */
+ algo = algo;
+ }
+ /* preallocate 512 bits buffer as maximum supported digest size */
+ rlen = 64;
+ g_byte_array_set_size (data, rlen);
+ ret = gnutls_x509_crt_get_fingerprint (cert, algo, data->data, &rlen);
- if (timeout != 0)
+ /* in case the future is coming on */
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
- GError *my_error = NULL;
- gboolean success;
+ g_byte_array_set_size (data, rlen);
+ ret = gnutls_x509_crt_get_fingerprint (cert, algo, data->data, &rlen);
+ }
+
+ gnutls_x509_crt_deinit (cert);
+ g_byte_array_set_size (data, rlen);
- /* In the blocking case, run the handshake operation synchronously in
- * another thread, and delegate handling the timeout to that thread; it
- * should return G_IO_ERROR_TIMED_OUT iff (timeout > 0) and the operation
- * times out. If (timeout < 0) it should block indefinitely until the
- * operation is complete or errors. */
- *thread_timeout = timeout;
+ if (ret == 0)
+ return TRUE;
- g_mutex_unlock (&priv->op_mutex);
+ /* Still getting error? We cannot do much here to recover */
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ "%s", gnutls_strerror(ret));
+ return FALSE;
+#endif
+}
- g_task_set_return_on_cancel (priv->implicit_handshake, TRUE);
- g_task_run_in_thread (priv->implicit_handshake, handshake_thread);
+#if !GTLS_GNUTLS_CHECK_VERSION(3, 7, 2)
+#define RFC5705_LABEL_DATA "EXPORTER-Channel-Binding"
+#define RFC5705_LABEL_LEN 24
+#endif
- crank_sync_handshake_context (gnutls, cancellable);
+/* Experimental binding for TLS1.3, see
+ * https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13 */
+static gboolean
+gnutls_get_binding_tls_exporter (GTlsConnectionGnutls *gnutls,
+ GByteArray *data,
+ GError **error)
+{
+#if GTLS_GNUTLS_CHECK_VERSION(3, 7, 2)
+ return gnutls_get_binding (gnutls, data, GNUTLS_CB_TLS_EXPORTER, error);
+#else
+ GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ int ret;
+ gsize ctx_len = 0;
+ char *context = "";
- success = finish_handshake (gnutls,
- priv->implicit_handshake,
- &my_error);
+ /* This is a drill */
+ if (!data)
+ return TRUE;
- g_main_context_pop_thread_default (priv->handshake_context);
- g_clear_pointer (&priv->handshake_context, g_main_context_unref);
- g_clear_object (&priv->implicit_handshake);
+ g_byte_array_set_size (data, 32);
+ ret = gnutls_prf_rfc5705 (priv->session,
+ RFC5705_LABEL_LEN, RFC5705_LABEL_DATA,
+ ctx_len, context,
+ data->len, (char *)data->data);
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
+ if (ret == GNUTLS_E_SUCCESS)
+ return TRUE;
- g_mutex_lock (&priv->op_mutex);
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ "%s", gnutls_strerror (ret));
+ return FALSE;
+#endif
+}
- if (my_error)
- g_propagate_error (error, my_error);
- return success;
- }
- else
- {
- /* In the non-blocking case, start the asynchronous handshake operation
- * and return EWOULDBLOCK to the caller, who will handle polling for
- * completion of the handshake and whatever operation they actually cared
- * about. Run the actual operation as blocking in its thread. */
- *thread_timeout = -1; /* blocking */
-
- g_task_run_in_thread (priv->implicit_handshake,
- async_handshake_thread);
-
- /* Intentionally not translated because this is not a fatal error to be
- * presented to the user, and to avoid this showing up in profiling. */
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK, "Operation would block");
- return FALSE;
+static gboolean
+g_tls_connection_gnutls_get_channel_binding_data (GTlsConnectionBase *tls,
+ GTlsChannelBindingType type,
+ GByteArray *data,
+ GError **error)
+{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
+
+ /* XXX: remove the cast once public enum supports exporter */
+ switch ((int)type)
+ {
+ case G_TLS_CHANNEL_BINDING_TLS_UNIQUE:
+ return gnutls_get_binding_tls_unique (gnutls, data, error);
+ /* fall through */
+ case G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT:
+ return gnutls_get_binding_tls_server_end_point (gnutls, data, error);
+ /* fall through */
+ case 100500:
+ return gnutls_get_binding_tls_exporter (gnutls, data, error);
+ /* fall through */
+ default:
+ /* Anyone to implement tls-unique-for-telnet? */
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
+ _("Requested channel binding type is not implemented"));
}
+ return FALSE;
}
-gssize
-g_tls_connection_gnutls_read (GTlsConnectionGnutls *gnutls,
- void *buffer,
- gsize count,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_read (GTlsConnectionBase *tls,
+ void *buffer,
+ gsize count,
+ gint64 timeout,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBaseStatus status;
gssize ret;
- if (priv->app_data_buf && !priv->handshaking)
- {
- ret = MIN (count, priv->app_data_buf->len);
- memcpy (buffer, priv->app_data_buf->data, ret);
- if (ret == priv->app_data_buf->len)
- g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
- else
- g_byte_array_remove_range (priv->app_data_buf, 0, ret);
- return ret;
- }
-
- again:
- if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ,
- timeout, cancellable, error))
- return -1;
-
BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable);
ret = gnutls_record_recv (priv->session, buffer, count);
- END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error);
-
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ);
+ END_GNUTLS_IO (gnutls, G_IO_IN, ret, status, _("Error reading data from TLS socket"), error);
- if (ret >= 0)
- return ret;
- else if (ret == GNUTLS_E_REHANDSHAKE)
- goto again;
- else
- return -1;
+ *nread = MAX (ret, 0);
+ return status;
}
static gsize
-input_vectors_from_gnutls_datum_t (GInputVector *vectors,
- guint num_vectors,
- const gnutls_datum_t *datum)
+input_vectors_from_gnutls_datum_t (GInputVector *vectors,
+ guint num_vectors,
+ const gnutls_datum_t *datum)
{
guint i;
gsize total = 0;
return total;
}
-static gssize
-g_tls_connection_gnutls_read_message (GTlsConnectionGnutls *gnutls,
- GInputVector *vectors,
- guint num_vectors,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_read_message (GTlsConnectionBase *tls,
+ GInputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- guint i;
+ GTlsConnectionBaseStatus status;
gssize ret;
gnutls_packet_t packet = { 0, };
- /* Copy data out of the app data buffer first. */
- if (priv->app_data_buf && !priv->handshaking)
- {
- ret = 0;
-
- for (i = 0; i < num_vectors; i++)
- {
- gsize count;
- GInputVector *vec = &vectors[i];
-
- count = MIN (vec->size, priv->app_data_buf->len);
- ret += count;
-
- memcpy (vec->buffer, priv->app_data_buf->data, count);
- if (count == priv->app_data_buf->len)
- g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
- else
- g_byte_array_remove_range (priv->app_data_buf, 0, count);
- }
-
- return ret;
- }
-
- again:
- if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ,
- timeout, cancellable, error))
- return -1;
-
BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable);
/* Receive the entire datagram (zero-copy). */
gnutls_packet_deinit (packet);
}
- END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error);
-
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ);
-
- if (ret >= 0)
- return ret;
- else if (ret == GNUTLS_E_REHANDSHAKE)
- goto again;
- else
- return -1;
-}
-
-static gint
-g_tls_connection_gnutls_receive_messages (GDatagramBased *datagram_based,
- GInputMessage *messages,
- guint num_messages,
- gint flags,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsConnectionGnutls *gnutls;
- guint i;
- GError *child_error = NULL;
-
- gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
-
- if (flags != G_SOCKET_MSG_NONE)
- {
- g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
- _("Receive flags are not supported"));
- return -1;
- }
-
- for (i = 0; i < num_messages && child_error == NULL; i++)
- {
- GInputMessage *message = &messages[i];
- gssize n_bytes_read;
-
- n_bytes_read = g_tls_connection_gnutls_read_message (gnutls,
- message->vectors,
- message->num_vectors,
- timeout,
- cancellable,
- &child_error);
-
- if (message->address != NULL)
- *message->address = NULL;
- message->flags = G_SOCKET_MSG_NONE;
- if (message->control_messages != NULL)
- *message->control_messages = NULL;
- message->num_control_messages = 0;
-
- if (n_bytes_read > 0)
- {
- message->bytes_received = n_bytes_read;
- }
- else if (n_bytes_read == 0)
- {
- /* EOS. */
- break;
- }
- else if (i > 0 &&
- (g_error_matches (child_error,
- G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) ||
- g_error_matches (child_error,
- G_IO_ERROR, G_IO_ERROR_TIMED_OUT)))
- {
- /* Blocked or timed out after receiving some messages successfully. */
- g_clear_error (&child_error);
- break;
- }
- else
- {
- /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT on
- * the first message; or G_IO_ERROR_CANCELLED at any time. */
- break;
- }
- }
-
- if (child_error != NULL)
- {
- g_propagate_error (error, child_error);
- return -1;
- }
+ END_GNUTLS_IO (gnutls, G_IO_IN, ret, status, _("Error reading data from TLS socket"), error);
- return i;
+ *nread = MAX (ret, 0);
+ return status;
}
-gssize
-g_tls_connection_gnutls_write (GTlsConnectionGnutls *gnutls,
- const void *buffer,
- gsize count,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_write (GTlsConnectionBase *tls,
+ const void *buffer,
+ gsize count,
+ gint64 timeout,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBaseStatus status;
gssize ret;
- again:
- if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE,
- timeout, cancellable, error))
- return -1;
-
BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable);
ret = gnutls_record_send (priv->session, buffer, count);
- END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error);
+ END_GNUTLS_IO (gnutls, G_IO_OUT, ret, status, _("Error writing data to TLS socket"), error);
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE);
-
- if (ret >= 0)
- return ret;
- else if (ret == GNUTLS_E_REHANDSHAKE)
- goto again;
- else
- return -1;
+ *nwrote = MAX (ret, 0);
+ return status;
}
-static gssize
-g_tls_connection_gnutls_write_message (GTlsConnectionGnutls *gnutls,
- GOutputVector *vectors,
- guint num_vectors,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_write_message (GTlsConnectionBase *tls,
+ GOutputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error)
{
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBaseStatus status;
gssize ret;
guint i;
gsize total_message_size;
- again:
- if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE,
- timeout, cancellable, error))
- return -1;
-
/* Calculate the total message size and check it’s not too big. */
for (i = 0, total_message_size = 0; i < num_vectors; i++)
total_message_size += vectors[i].size;
- if (priv->base_socket != NULL &&
+ if (g_tls_connection_base_is_dtls (tls) &&
gnutls_dtls_get_data_mtu (priv->session) < total_message_size)
{
char *message;
guint mtu = gnutls_dtls_get_data_mtu (priv->session);
- ret = GNUTLS_E_LARGE_PACKET;
message = g_strdup_printf("%s %s",
ngettext ("Message of size %lu byte is too large for DTLS connection",
"Message of size %lu bytes is too large for DTLS connection", total_message_size),
mtu);
g_free (message);
- goto done;
+ return G_TLS_CONNECTION_BASE_ERROR;
}
/* Queue up the data from all the vectors. */
BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable);
ret = gnutls_record_uncork (priv->session, 0 /* flags */);
- END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error);
+ END_GNUTLS_IO (gnutls, G_IO_OUT, ret, status, _("Error writing data to TLS socket"), error);
- done:
- yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE);
-
- if (ret >= 0)
- return ret;
- else if (ret == GNUTLS_E_REHANDSHAKE)
- goto again;
- else
- return -1;
-}
-
-static gint
-g_tls_connection_gnutls_send_messages (GDatagramBased *datagram_based,
- GOutputMessage *messages,
- guint num_messages,
- gint flags,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsConnectionGnutls *gnutls;
- guint i;
- GError *child_error = NULL;
-
- gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
-
- if (flags != G_SOCKET_MSG_NONE)
- {
- g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
- _("Send flags are not supported"));
- return -1;
- }
-
- for (i = 0; i < num_messages && child_error == NULL; i++)
- {
- GOutputMessage *message = &messages[i];
- gssize n_bytes_sent;
-
- n_bytes_sent = g_tls_connection_gnutls_write_message (gnutls,
- message->vectors,
- message->num_vectors,
- timeout,
- cancellable,
- &child_error);
-
- if (n_bytes_sent >= 0)
- {
- message->bytes_sent = n_bytes_sent;
- }
- else if (i > 0 &&
- (g_error_matches (child_error,
- G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK) ||
- g_error_matches (child_error,
- G_IO_ERROR, G_IO_ERROR_TIMED_OUT)))
- {
- /* Blocked or timed out after sending some messages successfully. */
- g_clear_error (&child_error);
- break;
- }
- else
- {
- /* Error, including G_IO_ERROR_WOULD_BLOCK or G_IO_ERROR_TIMED_OUT
- * on the first message; or G_IO_ERROR_CANCELLED at any time. */
- break;
- }
- }
-
- if (child_error != NULL)
- {
- g_propagate_error (error, child_error);
- return -1;
- }
-
- return i;
+ *nwrote = MAX (ret, 0);
+ return status;
}
-static GInputStream *
-g_tls_connection_gnutls_get_input_stream (GIOStream *stream)
+static GTlsConnectionBaseStatus
+g_tls_connection_gnutls_close (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+ GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (tls);
GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ GTlsConnectionBaseStatus status;
+ int ret;
- return priv->tls_istream;
-}
-
-static GOutputStream *
-g_tls_connection_gnutls_get_output_stream (GIOStream *stream)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
+ ret = gnutls_bye (priv->session, GNUTLS_SHUT_WR);
+ END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret, status, _("Error performing TLS close: %s"), error);
- return priv->tls_ostream;
+ return status;
}
-gboolean
-g_tls_connection_gnutls_close_internal (GIOStream *stream,
- GTlsDirection direction,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error)
+static void
+initialize_gnutls_priority (void)
{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GTlsConnectionGnutlsOp op;
- gboolean success = TRUE;
- int ret = 0;
- GError *gnutls_error = NULL, *stream_error = NULL;
-
- /* This can be called from g_io_stream_close(), g_input_stream_close(),
- * g_output_stream_close() or g_tls_connection_close(). In all cases, we only
- * do the gnutls_bye() for writing. The difference is how we set the flags on
- * this class and how the underlying stream is closed.
- */
-
- g_return_val_if_fail (direction != G_TLS_DIRECTION_NONE, FALSE);
-
- if (direction == G_TLS_DIRECTION_BOTH)
- op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH;
- else if (direction == G_TLS_DIRECTION_READ)
- op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ;
- else
- op = G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE;
-
- if (!claim_op (gnutls, op, timeout, cancellable, error))
- return FALSE;
-
- if (priv->ever_handshaked && !priv->write_closed &&
- direction & G_TLS_DIRECTION_WRITE)
- {
- BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
- ret = gnutls_bye (priv->session, GNUTLS_SHUT_WR);
- END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
- _("Error performing TLS close"), &gnutls_error);
-
- priv->write_closed = TRUE;
- }
-
- if (!priv->read_closed && direction & G_TLS_DIRECTION_READ)
- priv->read_closed = TRUE;
-
- /* Close the underlying streams. Do this even if the gnutls_bye() call failed,
- * as the parent GIOStream will have set its internal closed flag and hence
- * this implementation will never be called again. */
- if (priv->base_io_stream != NULL)
- {
- if (direction == G_TLS_DIRECTION_BOTH)
- success = g_io_stream_close (priv->base_io_stream,
- cancellable, &stream_error);
- else if (direction & G_TLS_DIRECTION_READ)
- success = g_input_stream_close (g_io_stream_get_input_stream (priv->base_io_stream),
- cancellable, &stream_error);
- else if (direction & G_TLS_DIRECTION_WRITE)
- success = g_output_stream_close (g_io_stream_get_output_stream (priv->base_io_stream),
- cancellable, &stream_error);
- }
- else if (g_tls_connection_gnutls_is_dtls (gnutls))
- {
- /* We do not close underlying #GDatagramBaseds. There is no
- * g_datagram_based_close() method since different datagram-based
- * protocols vary wildly in how they close. */
- success = TRUE;
- }
- else
- {
- g_assert_not_reached ();
- }
+ const gchar *priority_override;
+ const gchar *error_pos = NULL;
+ int ret;
- yield_op (gnutls, op);
+ g_assert (!priority);
- /* Propagate errors. */
- if (ret != 0)
+ priority_override = g_getenv ("G_TLS_GNUTLS_PRIORITY");
+ if (priority_override)
{
- g_propagate_error (error, gnutls_error);
- g_clear_error (&stream_error);
- }
- else if (!success)
- {
- g_propagate_error (error, stream_error);
- g_clear_error (&gnutls_error);
+ ret = gnutls_priority_init2 (&priority, priority_override, &error_pos, 0);
+ if (ret != GNUTLS_E_SUCCESS)
+ g_warning ("Failed to set GnuTLS session priority with beginning at %s: %s", error_pos, gnutls_strerror (ret));
+ return;
}
- return success && (ret == 0);
+ ret = gnutls_priority_init2 (&priority, "%COMPAT", &error_pos, GNUTLS_PRIORITY_INIT_DEF_APPEND);
+ if (ret != GNUTLS_E_SUCCESS)
+ g_warning ("Failed to set GnuTLS session priority with error beginning at %s: %s", error_pos, gnutls_strerror (ret));
}
-static gboolean
-g_tls_connection_gnutls_close (GIOStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- return g_tls_connection_gnutls_close_internal (stream,
- G_TLS_DIRECTION_BOTH,
- -1, /* blocking */
- cancellable, error);
-}
-
-static gboolean
-g_tls_connection_gnutls_dtls_shutdown (GDtlsConnection *conn,
- gboolean shutdown_read,
- gboolean shutdown_write,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsDirection direction = G_TLS_DIRECTION_NONE;
-
- if (shutdown_read)
- direction |= G_TLS_DIRECTION_READ;
- if (shutdown_write)
- direction |= G_TLS_DIRECTION_WRITE;
-
- return g_tls_connection_gnutls_close_internal (G_IO_STREAM (conn),
- direction,
- -1, /* blocking */
- cancellable, error);
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GIOStream *stream = object;
- GTlsDirection direction;
- GError *error = NULL;
-
- direction = GPOINTER_TO_INT (g_task_get_task_data (task));
-
- if (!g_tls_connection_gnutls_close_internal (stream, direction,
- -1, /* blocking */
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-}
-
-static void
-g_tls_connection_gnutls_close_internal_async (GIOStream *stream,
- GTlsDirection direction,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_connection_gnutls_close_internal_async);
- g_task_set_priority (task, io_priority);
- g_task_set_task_data (task, GINT_TO_POINTER (direction), NULL);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static void
-g_tls_connection_gnutls_close_async (GIOStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- g_tls_connection_gnutls_close_internal_async (stream, G_TLS_DIRECTION_BOTH,
- io_priority, cancellable,
- callback, user_data);
-}
-
-static gboolean
-g_tls_connection_gnutls_close_finish (GIOStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-static void
-g_tls_connection_gnutls_dtls_shutdown_async (GDtlsConnection *conn,
- gboolean shutdown_read,
- gboolean shutdown_write,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTlsDirection direction = G_TLS_DIRECTION_NONE;
-
- if (shutdown_read)
- direction |= G_TLS_DIRECTION_READ;
- if (shutdown_write)
- direction |= G_TLS_DIRECTION_WRITE;
-
- g_tls_connection_gnutls_close_internal_async (G_IO_STREAM (conn), direction,
- io_priority, cancellable,
- callback, user_data);
-}
-
-static gboolean
-g_tls_connection_gnutls_dtls_shutdown_finish (GDtlsConnection *conn,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, conn), FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-#if GLIB_CHECK_VERSION(2, 60, 0)
-static void
-g_tls_connection_gnutls_dtls_set_advertised_protocols (GDtlsConnection *conn,
- const gchar * const *protocols)
+g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
{
- g_object_set (conn, "advertised-protocols", protocols, NULL);
-}
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
-const gchar *
-g_tls_connection_gnutls_dtls_get_negotiated_protocol (GDtlsConnection *conn)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (conn);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+ gobject_class->finalize = g_tls_connection_gnutls_finalize;
- return priv->negotiated_protocol;
-}
-#endif
+ base_class->prepare_handshake = g_tls_connection_gnutls_prepare_handshake;
+ base_class->handshake_thread_safe_renegotiation_status = g_tls_connection_gnutls_handshake_thread_safe_renegotiation_status;
+ base_class->handshake_thread_request_rehandshake = g_tls_connection_gnutls_handshake_thread_request_rehandshake;
+ base_class->handshake_thread_handshake = g_tls_connection_gnutls_handshake_thread_handshake;
+ base_class->retrieve_peer_certificate = g_tls_connection_gnutls_retrieve_peer_certificate;
+ base_class->verify_chain = g_tls_connection_gnutls_verify_chain;
+ base_class->complete_handshake = g_tls_connection_gnutls_complete_handshake;
+ base_class->is_session_resumed = g_tls_connection_gnutls_is_session_resumed;
+ base_class->get_channel_binding_data = g_tls_connection_gnutls_get_channel_binding_data;
+ base_class->read_fn = g_tls_connection_gnutls_read;
+ base_class->read_message_fn = g_tls_connection_gnutls_read_message;
+ base_class->write_fn = g_tls_connection_gnutls_write;
+ base_class->write_message_fn = g_tls_connection_gnutls_write_message;
+ base_class->close_fn = g_tls_connection_gnutls_close;
-static void
-g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GTlsConnectionClass *connection_class = G_TLS_CONNECTION_CLASS (klass);
- GIOStreamClass *iostream_class = G_IO_STREAM_CLASS (klass);
-
- gobject_class->get_property = g_tls_connection_gnutls_get_property;
- gobject_class->set_property = g_tls_connection_gnutls_set_property;
- gobject_class->finalize = g_tls_connection_gnutls_finalize;
-
- connection_class->handshake = g_tls_connection_gnutls_handshake;
- connection_class->handshake_async = g_tls_connection_gnutls_handshake_async;
- connection_class->handshake_finish = g_tls_connection_gnutls_handshake_finish;
-
- iostream_class->get_input_stream = g_tls_connection_gnutls_get_input_stream;
- iostream_class->get_output_stream = g_tls_connection_gnutls_get_output_stream;
- iostream_class->close_fn = g_tls_connection_gnutls_close;
- iostream_class->close_async = g_tls_connection_gnutls_close_async;
- iostream_class->close_finish = g_tls_connection_gnutls_close_finish;
-
- /* For GTlsConnection and GDtlsConnection: */
- g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
- g_object_class_override_property (gobject_class, PROP_BASE_SOCKET, "base-socket");
- g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
- g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
- g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
- g_object_class_override_property (gobject_class, PROP_DATABASE, "database");
- g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
- g_object_class_override_property (gobject_class, PROP_INTERACTION, "interaction");
- g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE, "peer-certificate");
- g_object_class_override_property (gobject_class, PROP_PEER_CERTIFICATE_ERRORS, "peer-certificate-errors");
-#if GLIB_CHECK_VERSION(2, 60, 0)
- g_object_class_override_property (gobject_class, PROP_ADVERTISED_PROTOCOLS, "advertised-protocols");
- g_object_class_override_property (gobject_class, PROP_NEGOTIATED_PROTOCOL, "negotiated-protocol");
-#endif
+ initialize_gnutls_priority ();
}
static void
{
iface->init = g_tls_connection_gnutls_initable_init;
}
-
-static void
-g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface)
-{
- iface->handshake = g_tls_connection_gnutls_dtls_handshake;
- iface->handshake_async = g_tls_connection_gnutls_dtls_handshake_async;
- iface->handshake_finish = g_tls_connection_gnutls_dtls_handshake_finish;
- iface->shutdown = g_tls_connection_gnutls_dtls_shutdown;
- iface->shutdown_async = g_tls_connection_gnutls_dtls_shutdown_async;
- iface->shutdown_finish = g_tls_connection_gnutls_dtls_shutdown_finish;
-#if GLIB_CHECK_VERSION(2, 60, 0)
- iface->set_advertised_protocols = g_tls_connection_gnutls_dtls_set_advertised_protocols;
- iface->get_negotiated_protocol = g_tls_connection_gnutls_dtls_get_negotiated_protocol;
-#endif
-}
-
-static void
-g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *iface)
-{
- iface->receive_messages = g_tls_connection_gnutls_receive_messages;
- iface->send_messages = g_tls_connection_gnutls_send_messages;
- iface->create_source = g_tls_connection_gnutls_dtls_create_source;
- iface->condition_check = g_tls_connection_gnutls_condition_check;
- iface->condition_wait = g_tls_connection_gnutls_condition_wait;
-}
-
-gboolean
-g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *gnutls,
- GError **error)
-{
- GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GTlsInteraction *interaction;
- GTlsConnection *conn;
-
- g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (gnutls), FALSE);
-
- conn = G_TLS_CONNECTION (gnutls);
-
- interaction = g_tls_connection_get_interaction (conn);
- if (!interaction)
- return FALSE;
-
- res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
- priv->read_cancellable, error);
- return res != G_TLS_INTERACTION_FAILED;
-}
-
-void
-GTLS_DEBUG (gpointer gnutls,
- const char *message,
- ...)
-{
- char *result = NULL;
- int ret;
-
- g_assert (G_IS_TLS_CONNECTION (gnutls));
-
- va_list args;
- va_start (args, message);
-
- ret = g_vasprintf (&result, message, args);
- g_assert (ret > 0);
-
- if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
- g_printf ("CLIENT %p: ", gnutls);
- else if (G_IS_TLS_SERVER_CONNECTION (gnutls))
- g_printf ("SERVER %p: ", gnutls);
- else
- g_assert_not_reached ();
-
- g_printf ("%s\n", result);
-
- fflush (stdout);
-
- g_free (result);
- va_end (args);
-}
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_CONNECTION_GNUTLS_H__
-#define __G_TLS_CONNECTION_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
#include <gnutls/abstract.h>
#include <gnutls/gnutls.h>
+#include "gtlsconnection-base.h"
+
G_BEGIN_DECLS
#define G_TYPE_TLS_CONNECTION_GNUTLS (g_tls_connection_gnutls_get_type ())
-G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_CONNECTION_GNUTLS, GTlsConnection)
+G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_CONNECTION_GNUTLS, GTlsConnectionBase)
struct _GTlsConnectionGnutlsClass
{
- GTlsConnectionClass parent_class;
-
- void (*failed) (GTlsConnectionGnutls *gnutls);
+ GTlsConnectionBaseClass parent_class;
- void (*begin_handshake) (GTlsConnectionGnutls *gnutls);
- void (*finish_handshake) (GTlsConnectionGnutls *gnutls,
- GError **inout_error);
+ void (*update_credentials) (GTlsConnectionGnutls *gnutls,
+ gnutls_certificate_credentials_t credentials);
};
gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
-gnutls_session_t g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *connection);
-
-void g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
- gnutls_pcert_st **pcert,
- unsigned int *pcert_length,
- gnutls_privkey_t *pkey);
-
-gboolean g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls *gnutls,
- GError **error);
-
-gssize g_tls_connection_gnutls_read (GTlsConnectionGnutls *gnutls,
- void *buffer,
- gsize size,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error);
-gssize g_tls_connection_gnutls_write (GTlsConnectionGnutls *gnutls,
- const void *buffer,
- gsize size,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error);
-gboolean g_tls_connection_gnutls_check (GTlsConnectionGnutls *gnutls,
- GIOCondition condition);
-GSource *g_tls_connection_gnutls_create_source (GTlsConnectionGnutls *gnutls,
- GIOCondition condition,
- GCancellable *cancellable);
-
-typedef enum {
- G_TLS_DIRECTION_NONE = 0,
- G_TLS_DIRECTION_READ = 1 << 0,
- G_TLS_DIRECTION_WRITE = 1 << 1,
-} GTlsDirection;
-
-#define G_TLS_DIRECTION_BOTH (G_TLS_DIRECTION_READ | G_TLS_DIRECTION_WRITE)
-
-gboolean g_tls_connection_gnutls_close_internal (GIOStream *stream,
- GTlsDirection direction,
- gint64 timeout,
- GCancellable *cancellable,
- GError **error);
+gnutls_session_t g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *connection);
-void GTLS_DEBUG (gpointer gnutls,
- const char *message,
- ...);
+void g_tls_connection_gnutls_handshake_thread_get_certificate (GTlsConnectionGnutls *gnutls,
+ gnutls_pcert_st **pcert,
+ unsigned int *pcert_length,
+ gnutls_privkey_t *pkey);
G_END_DECLS
-
-#endif /* __G_TLS_CONNECTION_GNUTLS_H___ */
#include <gnutls/x509.h>
#include "gtlscertificate-gnutls.h"
+#include "gtlshttp.h"
+#include "gtlsgnutls-version.h"
typedef struct
{
*/
GMutex mutex;
- /* read-only after construct */
+ /* Read-only after construct, but still has to be protected by the mutex. */
gnutls_x509_trust_list_t trust_list;
/*
GPtrArray *multi;
multi = g_hash_table_lookup (table, key);
- if (multi == NULL)
+ if (!multi)
{
multi = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
g_hash_table_insert (table, g_bytes_ref (key), multi);
GPtrArray *multi;
multi = g_hash_table_lookup (table, key);
- if (multi == NULL)
+ if (!multi)
return NULL;
g_assert (multi->len > 0);
guint i;
multi = g_hash_table_lookup (table, key);
- if (multi == NULL)
+ if (!multi)
return NULL;
for (i = 0; i < multi->len; i++)
{
g_assert (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->create_handle_for_certificate);
handle = G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->create_handle_for_certificate (self, der);
- if (handle != NULL)
+ if (handle)
g_hash_table_insert (handles, handle, g_bytes_ref (der));
}
GBytes *issuer = NULL;
gint gerr;
- while ((gerr = gnutls_x509_trust_list_iter_get_ca (trust_list, &iter, &cert)) == 0)
+ while (gnutls_x509_trust_list_iter_get_ca (trust_list, &iter, &cert) == 0)
{
gerr = gnutls_x509_crt_get_raw_dn (cert, &dn);
if (gerr < 0)
gchar *handle = NULL;
der = g_tls_certificate_gnutls_get_bytes (G_TLS_CERTIFICATE_GNUTLS (certificate));
- g_return_val_if_fail (der != NULL, FALSE);
+ g_return_val_if_fail (der, FALSE);
g_mutex_lock (&priv->mutex);
priv->handles = create_handles_array_unlocked (self, priv->complete);
der = g_hash_table_lookup (priv->handles, handle);
- if (der != NULL)
+ if (der)
g_bytes_ref (der);
g_mutex_unlock (&priv->mutex);
- if (der == NULL)
+ if (!der)
return NULL;
datum.data = (unsigned char *)g_bytes_get_data (der, &length);
{
issuer = NULL;
}
- else if (der != NULL)
+ else if (der)
{
datum.data = (unsigned char *)g_bytes_get_data (der, &length);
datum.size = length;
issuer = g_tls_certificate_gnutls_new (&datum, NULL);
}
- if (der != NULL)
+ if (der)
g_bytes_unref (der);
return issuer;
}
g_bytes_unref (issuer);
- for (l = ders; l != NULL; l = g_list_next (l))
+ for (l = ders; l; l = g_list_next (l))
{
if (g_cancellable_set_error_if_cancelled (cancellable, error))
{
return issued;
}
+typedef struct {
+ gnutls_x509_crt_t *chain;
+ guint length;
+} CertificateChain;
+
+static CertificateChain *
+certificate_chain_new (void)
+{
+ return g_new0 (CertificateChain, 1);
+}
+
static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
- gnutls_x509_crt_t **gnutls_chain,
- guint *gnutls_chain_length)
+certificate_chain_free (CertificateChain *chain)
+{
+ g_free (chain->chain);
+ g_free (chain);
+}
+
+static CertificateChain *
+convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain)
{
GTlsCertificate *cert;
- guint i;
+ CertificateChain *gnutls_chain;
+ guint i = 0;
+
+ gnutls_chain = certificate_chain_new ();
- g_assert (gnutls_chain);
- g_assert (gnutls_chain_length);
+ for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert))
+ gnutls_chain->length++;
- for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert))
- ++(*gnutls_chain_length);
+ gnutls_chain->chain = g_new (gnutls_x509_crt_t, gnutls_chain->length);
- *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
+ for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert), i++)
+ gnutls_chain->chain[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
- for (i = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert), ++i)
- (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
+ g_assert (i == gnutls_chain->length);
- g_assert (i == *gnutls_chain_length);
+ return gnutls_chain;
}
static GTlsCertificateFlags
GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
GTlsCertificateFlags result;
guint gnutls_result;
- gnutls_x509_crt_t *certs;
- guint certs_length;
- const char *hostname = NULL;
- char *free_hostname = NULL;
+ CertificateChain *gnutls_chain;
int gerr;
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (chain),
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
- &certs, &certs_length);
+ g_mutex_lock (&priv->mutex);
+ gnutls_chain = convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain));
gerr = gnutls_x509_trust_list_verify_crt (priv->trust_list,
- certs, certs_length,
+ gnutls_chain->chain, gnutls_chain->length,
0, &gnutls_result, NULL);
+ g_mutex_unlock (&priv->mutex);
if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
{
- g_free (certs);
+ certificate_chain_free (gnutls_chain);
return G_TLS_CERTIFICATE_GENERIC_ERROR;
}
result = g_tls_certificate_gnutls_convert_flags (gnutls_result);
- if (G_IS_NETWORK_ADDRESS (identity))
- hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
- else if (G_IS_NETWORK_SERVICE (identity))
- hostname = g_network_service_get_domain (G_NETWORK_SERVICE (identity));
- else if (G_IS_INET_SOCKET_ADDRESS (identity))
- {
- GInetAddress *addr;
+ if (identity)
+ result |= g_tls_certificate_gnutls_verify_identity (G_TLS_CERTIFICATE_GNUTLS (chain),
+ identity,
+ error);
- addr = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity));
- hostname = free_hostname = g_inet_address_to_string (addr);
- }
- if (hostname)
- {
- if (!gnutls_x509_crt_check_hostname (certs[0], hostname))
- result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
- g_free (free_hostname);
- }
-
- g_free (certs);
+ certificate_chain_free (gnutls_chain);
return result;
}
return gerr >= 0;
}
+static gnutls_x509_trust_list_t
+create_trust_list (GTlsDatabaseGnutls *self,
+ GError **error)
+{
+ GTlsDatabaseGnutlsClass *database_class = G_TLS_DATABASE_GNUTLS_GET_CLASS (self);
+ gnutls_x509_trust_list_t trust_list;
+ int ret;
+
+ ret = gnutls_x509_trust_list_init (&trust_list, 0);
+ if (ret != 0)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, "Failed to initialize trust list: %s", gnutls_strerror (ret));
+ return NULL;
+ }
+
+ g_assert (database_class->populate_trust_list);
+ if (!database_class->populate_trust_list (self, trust_list, error))
+ {
+ gnutls_x509_trust_list_deinit (trust_list, TRUE);
+ return NULL;
+ }
+
+ return trust_list;
+}
+
+gnutls_certificate_credentials_t
+g_tls_database_gnutls_get_credentials (GTlsDatabaseGnutls *self,
+ GError **error)
+{
+ gnutls_certificate_credentials_t credentials;
+ gnutls_x509_trust_list_t trust_list = NULL;
+ int ret;
+
+ ret = gnutls_certificate_allocate_credentials (&credentials);
+ if (ret != 0)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, "Failed to allocate credentials: %s", gnutls_strerror (ret));
+ return NULL;
+ }
+
+ trust_list = create_trust_list (self, error);
+ if (!trust_list)
+ {
+ gnutls_certificate_free_credentials (credentials);
+ return NULL;
+ }
+
+ gnutls_certificate_set_trust_list (credentials, trust_list, 0);
+ return credentials;
+}
+
static void
g_tls_database_gnutls_class_init (GTlsDatabaseGnutlsClass *klass)
{
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return FALSE;
- gnutls_x509_trust_list_init (&trust_list, 0);
-
- g_assert (G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->populate_trust_list);
- if (!G_TLS_DATABASE_GNUTLS_GET_CLASS (self)->populate_trust_list (self, trust_list, error))
- {
- result = FALSE;
- goto out;
- }
+ trust_list = create_trust_list (self, error);
+ if (!trust_list)
+ return FALSE;
subjects = bytes_multi_table_new ();
issuers = bytes_multi_table_new ();
g_mutex_unlock (&priv->mutex);
}
-out:
- if (trust_list != NULL)
+ if (trust_list)
gnutls_x509_trust_list_deinit (trust_list, 1);
- if (subjects != NULL)
+ if (subjects)
g_hash_table_unref (subjects);
- if (issuers != NULL)
+ if (issuers)
g_hash_table_unref (issuers);
- if (complete != NULL)
+ if (complete)
g_hash_table_unref (complete);
return result;
}
* Author: Stef Walter <stefw@collabora.co.uk>
*/
-#ifndef __G_TLS_DATABASE_GNUTLS_H__
-#define __G_TLS_DATABASE_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
#include <gnutls/x509.h>
{
GTlsDatabaseClass parent_class;
- gchar *(*create_handle_for_certificate) (GTlsDatabaseGnutls *self,
- GBytes *der);
- gboolean (*populate_trust_list) (GTlsDatabaseGnutls *self,
- gnutls_x509_trust_list_t trust_list,
- GError **error);
+ gchar *(*create_handle_for_certificate) (GTlsDatabaseGnutls *self,
+ GBytes *der);
+ gboolean (*populate_trust_list) (GTlsDatabaseGnutls *self,
+ gnutls_x509_trust_list_t trust_list,
+ GError **error);
};
GTlsDatabaseGnutls *g_tls_database_gnutls_new (GError **error);
-G_END_DECLS
+gnutls_certificate_credentials_t g_tls_database_gnutls_get_credentials (GTlsDatabaseGnutls *self,
+ GError **error);
-#endif /* __G_TLS_DATABASE_GNUTLS_H___ */
+G_END_DECLS
#include "gtlsfiledatabase-gnutls.h"
#include <gio/gio.h>
+#include <glib/gi18n-lib.h>
#include "gtlscertificate-gnutls.h"
gnutls_x509_trust_list_t trust_list,
GError **error)
{
- gnutls_x509_trust_list_add_trust_file (trust_list,
- G_TLS_FILE_DATABASE_GNUTLS (self)->anchor_filename,
- NULL, GNUTLS_X509_FMT_PEM, 0, 0);
+ int ret = gnutls_x509_trust_list_add_trust_file (trust_list,
+ G_TLS_FILE_DATABASE_GNUTLS (self)->anchor_filename,
+ NULL, GNUTLS_X509_FMT_PEM, 0, 0);
+
+ if (ret < 0)
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Failed to populate trust list from %s: %s"),
+ G_TLS_FILE_DATABASE_GNUTLS (self)->anchor_filename, gnutls_strerror (ret));
+ return FALSE;
+ }
+
return TRUE;
}
* Author: Stef Walter <stefw@collabora.co.uk>
*/
-#ifndef __G_TLS_FILE_DATABASE_GNUTLS_H__
-#define __G_TLS_FILE_DATABASE_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
GTlsDatabase* g_tls_file_database_gnutls_new (const gchar *anchor_file);
G_END_DECLS
-
-#endif /* __G_TLS_FILE_DATABASE_GNUTLS_H___ */
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * GIO - GLib Input, Output and Streaming Library
+ *
+ * Copyright 2021 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#pragma once
+
+#include <gnutls/gnutls.h>
+
+#define GTLS_GNUTLS_CHECK_VERSION(major,minor,micro) \
+ (GNUTLS_VERSION_MAJOR > (major) || \
+ (GNUTLS_VERSION_MAJOR == (major) && GNUTLS_VERSION_MINOR > (minor)) || \
+ (GNUTLS_VERSION_MAJOR == (major) && GNUTLS_VERSION_MINOR == (minor) && \
+ GNUTLS_VERSION_PATCH >= (micro)))
+++ /dev/null
-/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2010 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, see
- * <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#include "config.h"
-#include "gtlsinputstream-gnutls.h"
-
-#include <glib/gi18n.h>
-
-struct _GTlsInputStreamGnutls
-{
- GInputStream parent_instance;
-
- GWeakRef weak_conn;
-};
-
-static void g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G_TYPE_INPUT_STREAM,
- G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, g_tls_input_stream_gnutls_pollable_iface_init)
- )
-
-static void
-g_tls_input_stream_gnutls_dispose (GObject *object)
-{
- GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
-
- g_weak_ref_set (&stream->weak_conn, NULL);
-
- G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->dispose (object);
-}
-
-static void
-g_tls_input_stream_gnutls_finalize (GObject *object)
-{
- GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
-
- g_weak_ref_clear (&stream->weak_conn);
-
- G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->finalize (object);
-}
-
-static gssize
-g_tls_input_stream_gnutls_read (GInputStream *stream,
- void *buffer,
- gsize count,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
- GTlsConnectionGnutls *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- return -1;
- }
-
- ret = g_tls_connection_gnutls_read (conn,
- buffer, count, -1 /* blocking */,
- cancellable, error);
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable)
-{
- GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- return FALSE;
-
- ret = g_tls_connection_gnutls_check (conn, G_IO_IN);
-
- g_object_unref (conn);
- return ret;
-}
-
-static GSource *
-g_tls_input_stream_gnutls_pollable_create_source (GPollableInputStream *pollable,
- GCancellable *cancellable)
-{
- GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- GSource *ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- {
- ret = g_idle_source_new ();
- g_source_set_name (ret, "[glib-networking] g_tls_input_stream_gnutls_pollable_create_source dummy source");
- return ret;
- }
-
- ret = g_tls_connection_gnutls_create_source (conn, G_IO_IN, cancellable);
- g_object_unref (conn);
- return ret;
-}
-
-static gssize
-g_tls_input_stream_gnutls_pollable_read_nonblocking (GPollableInputStream *pollable,
- void *buffer,
- gsize size,
- GError **error)
-{
- GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- return -1;
- }
-
- ret = g_tls_connection_gnutls_read (conn, buffer, size,
- 0 /* non-blocking */, NULL, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_input_stream_gnutls_close (GInputStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsInputStreamGnutls *tls_stream = G_TLS_INPUT_STREAM_GNUTLS (stream);
- GIOStream *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
-
- if (conn == NULL)
- return TRUE;
-
- ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_READ,
- -1, /* blocking */
- cancellable, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
-static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsInputStreamGnutls *tls_stream = object;
- GError *error = NULL;
- GIOStream *conn;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
-
- if (conn && !g_tls_connection_gnutls_close_internal (conn,
- G_TLS_DIRECTION_READ,
- -1, /* blocking */
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-
- if (conn)
- g_object_unref (conn);
-}
-
-
-static void
-g_tls_input_stream_gnutls_close_async (GInputStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_input_stream_gnutls_close_async);
- g_task_set_priority (task, io_priority);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static gboolean
-g_tls_input_stream_gnutls_close_finish (GInputStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
- g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
- g_tls_input_stream_gnutls_close_async, FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-static void
-g_tls_input_stream_gnutls_class_init (GTlsInputStreamGnutlsClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
-
- gobject_class->dispose = g_tls_input_stream_gnutls_dispose;
- gobject_class->finalize = g_tls_input_stream_gnutls_finalize;
-
- input_stream_class->read_fn = g_tls_input_stream_gnutls_read;
- input_stream_class->close_fn = g_tls_input_stream_gnutls_close;
- input_stream_class->close_async = g_tls_input_stream_gnutls_close_async;
- input_stream_class->close_finish = g_tls_input_stream_gnutls_close_finish;
-}
-
-static void
-g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface)
-{
- iface->is_readable = g_tls_input_stream_gnutls_pollable_is_readable;
- iface->create_source = g_tls_input_stream_gnutls_pollable_create_source;
- iface->read_nonblocking = g_tls_input_stream_gnutls_pollable_read_nonblocking;
-}
-
-static void
-g_tls_input_stream_gnutls_init (GTlsInputStreamGnutls *stream)
-{
-}
-
-GInputStream *
-g_tls_input_stream_gnutls_new (GTlsConnectionGnutls *conn)
-{
- GTlsInputStreamGnutls *tls_stream;
-
- tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_GNUTLS, NULL);
- g_weak_ref_init (&tls_stream->weak_conn, conn);
-
- return G_INPUT_STREAM (tls_stream);
-}
+++ /dev/null
-/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/*
- * GIO - GLib Input, Output and Streaming Library
- *
- * Copyright 2010 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, see
- * <http://www.gnu.org/licenses/>.
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- */
-
-#include "config.h"
-#include "gtlsoutputstream-gnutls.h"
-
-#include <glib/gi18n.h>
-
-struct _GTlsOutputStreamGnutls
-{
- GOutputStream parent_instance;
-
- GWeakRef weak_conn;
-};
-
-static void g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G_TYPE_OUTPUT_STREAM,
- G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, g_tls_output_stream_gnutls_pollable_iface_init)
- )
-
-static void
-g_tls_output_stream_gnutls_dispose (GObject *object)
-{
- GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
-
- g_weak_ref_set (&stream->weak_conn, NULL);
-
- G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->dispose (object);
-}
-
-static void
-g_tls_output_stream_gnutls_finalize (GObject *object)
-{
- GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
-
- g_weak_ref_clear (&stream->weak_conn);
-
- G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->finalize (object);
-}
-
-static gssize
-g_tls_output_stream_gnutls_write (GOutputStream *stream,
- const void *buffer,
- gsize count,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
- GTlsConnectionGnutls *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- return -1;
- }
-
- ret = g_tls_connection_gnutls_write (conn, buffer, count, -1 /* blocking */,
- cancellable, error);
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable)
-{
- GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- return FALSE;
-
- ret = g_tls_connection_gnutls_check (conn, G_IO_OUT);
-
- g_object_unref (conn);
-
- return ret;
-}
-
-static GSource *
-g_tls_output_stream_gnutls_pollable_create_source (GPollableOutputStream *pollable,
- GCancellable *cancellable)
-{
- GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- GSource *ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- {
- ret = g_idle_source_new ();
- g_source_set_name (ret, "[glib-networking] g_tls_output_stream_gnutls_pollable_create_source dummy source");
- return ret;
- }
-
- ret = g_tls_connection_gnutls_create_source (conn,
- G_IO_OUT,
- cancellable);
- g_object_unref (conn);
- return ret;
-}
-
-static gssize
-g_tls_output_stream_gnutls_pollable_write_nonblocking (GPollableOutputStream *pollable,
- const void *buffer,
- gsize size,
- GError **error)
-{
- GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (pollable);
- GTlsConnectionGnutls *conn;
- gssize ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
- _("Connection is closed"));
- return -1;
- }
-
- ret = g_tls_connection_gnutls_write (conn, buffer, size,
- 0 /* non-blocking */, NULL, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-static gboolean
-g_tls_output_stream_gnutls_close (GOutputStream *stream,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsOutputStreamGnutls *tls_stream = G_TLS_OUTPUT_STREAM_GNUTLS (stream);
- GIOStream *conn;
- gboolean ret;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
- if (conn == NULL)
- return TRUE;
-
- ret = g_tls_connection_gnutls_close_internal (conn, G_TLS_DIRECTION_WRITE,
- -1, /* blocking */
- cancellable, error);
-
- g_object_unref (conn);
- return ret;
-}
-
-/* We do async close as synchronous-in-a-thread so we don't need to
- * implement G_IO_IN/G_IO_OUT flip-flopping just for this one case
- * (since handshakes are also done synchronously now).
- */
-static void
-close_thread (GTask *task,
- gpointer object,
- gpointer task_data,
- GCancellable *cancellable)
-{
- GTlsOutputStreamGnutls *tls_stream = object;
- GError *error = NULL;
- GIOStream *conn;
-
- conn = g_weak_ref_get (&tls_stream->weak_conn);
-
- if (conn && !g_tls_connection_gnutls_close_internal (conn,
- G_TLS_DIRECTION_WRITE,
- -1, /* blocking */
- cancellable, &error))
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
-
- if (conn)
- g_object_unref (conn);
-}
-
-
-static void
-g_tls_output_stream_gnutls_close_async (GOutputStream *stream,
- int io_priority,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GTask *task;
-
- task = g_task_new (stream, cancellable, callback, user_data);
- g_task_set_source_tag (task, g_tls_output_stream_gnutls_close_async);
- g_task_set_priority (task, io_priority);
- g_task_run_in_thread (task, close_thread);
- g_object_unref (task);
-}
-
-static gboolean
-g_tls_output_stream_gnutls_close_finish (GOutputStream *stream,
- GAsyncResult *result,
- GError **error)
-{
- g_return_val_if_fail (g_task_is_valid (result, stream), FALSE);
- g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) ==
- g_tls_output_stream_gnutls_close_async, FALSE);
-
- return g_task_propagate_boolean (G_TASK (result), error);
-}
-
-static void
-g_tls_output_stream_gnutls_class_init (GTlsOutputStreamGnutlsClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
-
- gobject_class->dispose = g_tls_output_stream_gnutls_dispose;
- gobject_class->finalize = g_tls_output_stream_gnutls_finalize;
-
- output_stream_class->write_fn = g_tls_output_stream_gnutls_write;
- output_stream_class->close_fn = g_tls_output_stream_gnutls_close;
- output_stream_class->close_async = g_tls_output_stream_gnutls_close_async;
- output_stream_class->close_finish = g_tls_output_stream_gnutls_close_finish;
-}
-
-static void
-g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface)
-{
- iface->is_writable = g_tls_output_stream_gnutls_pollable_is_writable;
- iface->create_source = g_tls_output_stream_gnutls_pollable_create_source;
- iface->write_nonblocking = g_tls_output_stream_gnutls_pollable_write_nonblocking;
-}
-
-static void
-g_tls_output_stream_gnutls_init (GTlsOutputStreamGnutls *stream)
-{
-}
-
-GOutputStream *
-g_tls_output_stream_gnutls_new (GTlsConnectionGnutls *conn)
-{
- GTlsOutputStreamGnutls *tls_stream;
-
- tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, NULL);
- g_weak_ref_init (&tls_stream->weak_conn, conn);
-
- return G_OUTPUT_STREAM (tls_stream);
-}
static void g_tls_server_connection_gnutls_server_connection_interface_init (GTlsServerConnectionInterface *iface);
-static int g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t session,
- const gnutls_datum_t *req_ca_rdn,
- int nreqs,
- const gnutls_pk_algorithm_t *pk_algos,
- int pk_algos_length,
- gnutls_pcert_st **pcert,
- unsigned int *pcert_length,
- gnutls_privkey_t *pkey);
-
-static int g_tls_server_connection_gnutls_db_store (void *user_data,
- gnutls_datum_t key,
- gnutls_datum_t data);
-static int g_tls_server_connection_gnutls_db_remove (void *user_data,
- gnutls_datum_t key);
-static gnutls_datum_t g_tls_server_connection_gnutls_db_retrieve (void *user_data,
- gnutls_datum_t key);
+static int g_tls_server_connection_gnutls_handshake_thread_retrieve_function (gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn,
+ int nreqs,
+ const gnutls_pk_algorithm_t *pk_algos,
+ int pk_algos_length,
+ gnutls_pcert_st **pcert,
+ unsigned int *pcert_length,
+ gnutls_privkey_t *pkey);
static GInitableIface *g_tls_server_connection_gnutls_parent_initable_iface;
static void
g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls)
{
- gnutls_certificate_credentials_t creds;
-
- creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_certificate_set_retrieve_function2 (creds, g_tls_server_connection_gnutls_retrieve_function);
}
static void
{
GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
GTlsCertificate *cert;
- gnutls_session_t session;
+ gnutls_certificate_credentials_t creds;
- if (!g_tls_server_connection_gnutls_parent_initable_iface->
- init (initable, cancellable, error))
+ if (!g_tls_server_connection_gnutls_parent_initable_iface->init (initable, cancellable, error))
return FALSE;
- session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
- gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
- gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
- gnutls_db_set_remove_function (session, g_tls_server_connection_gnutls_db_remove);
+ creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
+ gnutls_certificate_set_retrieve_function2 (creds, g_tls_server_connection_gnutls_handshake_thread_retrieve_function);
+ /* Currently we don't know ahead of time if a PKCS #11 backed certificate has a private key. */
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
- if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert)))
+ if (cert && !g_tls_certificate_gnutls_has_key (G_TLS_CERTIFICATE_GNUTLS (cert)) &&
+ !g_tls_certificate_gnutls_is_pkcs11_backed (G_TLS_CERTIFICATE_GNUTLS (cert)))
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Certificate has no private key"));
}
static int
-g_tls_server_connection_gnutls_retrieve_function (gnutls_session_t session,
- const gnutls_datum_t *req_ca_rdn,
- int nreqs,
- const gnutls_pk_algorithm_t *pk_algos,
- int pk_algos_length,
- gnutls_pcert_st **pcert,
- unsigned int *pcert_length,
- gnutls_privkey_t *pkey)
+g_tls_server_connection_gnutls_handshake_thread_retrieve_function (gnutls_session_t session,
+ const gnutls_datum_t *req_ca_rdn,
+ int nreqs,
+ const gnutls_pk_algorithm_t *pk_algos,
+ int pk_algos_length,
+ gnutls_pcert_st **pcert,
+ unsigned int *pcert_length,
+ gnutls_privkey_t *pkey)
{
GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (gnutls_transport_get_ptr (session));
clear_gnutls_certificate_copy (gnutls);
- g_tls_connection_gnutls_get_certificate (G_TLS_CONNECTION_GNUTLS (gnutls),
- pcert, pcert_length, pkey);
+ g_tls_connection_gnutls_handshake_thread_get_certificate (G_TLS_CONNECTION_GNUTLS (gnutls),
+ pcert, pcert_length, pkey);
gnutls->pcert = *pcert;
gnutls->pcert_length = *pcert_length;
}
static void
-g_tls_server_connection_gnutls_failed (GTlsConnectionGnutls *conn)
-{
- gnutls_db_remove_session (g_tls_connection_gnutls_get_session (conn));
-}
-
-static void
-g_tls_server_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
+g_tls_server_connection_gnutls_prepare_handshake (GTlsConnectionBase *tls,
+ gchar **advertised_protocols)
{
- GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (conn);
+ GTlsServerConnectionGnutls *gnutls = G_TLS_SERVER_CONNECTION_GNUTLS (tls);
gnutls_session_t session;
gnutls_certificate_request_t req_mode;
break;
}
- session = g_tls_connection_gnutls_get_session (conn);
+ session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (tls));
gnutls_certificate_server_set_request (session, req_mode);
-}
-static void
-g_tls_server_connection_gnutls_finish_handshake (GTlsConnectionGnutls *gnutls,
- GError **inout_error)
-{
+ G_TLS_CONNECTION_BASE_CLASS (g_tls_server_connection_gnutls_parent_class)->prepare_handshake (tls, advertised_protocols);
}
-/* Session cache management */
-
-static int
-g_tls_server_connection_gnutls_db_store (void *user_data,
- gnutls_datum_t key,
- gnutls_datum_t data)
-{
- GBytes *session_id, *session_data;
-
- session_id = g_bytes_new (key.data, key.size);
- session_data = g_bytes_new (data.data, data.size);
- g_tls_backend_gnutls_store_session (GNUTLS_SERVER, session_id, session_data);
- g_bytes_unref (session_id);
- g_bytes_unref (session_data);
-
- return 0;
-}
-
-static int
-g_tls_server_connection_gnutls_db_remove (void *user_data,
- gnutls_datum_t key)
-{
- GBytes *session_id;
-
- session_id = g_bytes_new (key.data, key.size);
- g_tls_backend_gnutls_remove_session (GNUTLS_SERVER, session_id);
- g_bytes_unref (session_id);
-
- return 0;
-}
-
-static gnutls_datum_t
-g_tls_server_connection_gnutls_db_retrieve (void *user_data,
- gnutls_datum_t key)
+static void
+g_tls_server_connection_gnutls_update_credentials (GTlsConnectionGnutls *gnutls,
+ gnutls_certificate_credentials_t credentials)
{
- GBytes *session_id, *session_data;
- gnutls_datum_t data;
-
- session_id = g_bytes_new (key.data, key.size);
- session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_SERVER, session_id);
- g_bytes_unref (session_id);
-
- if (session_data)
- {
- data.size = g_bytes_get_size (session_data);
- data.data = gnutls_malloc (data.size);
- memcpy (data.data, g_bytes_get_data (session_data, NULL), data.size);
- g_bytes_unref (session_data);
- }
- else
- {
- data.size = 0;
- data.data = NULL;
- }
-
- return data;
+ gnutls_certificate_set_retrieve_function2 (credentials, g_tls_server_connection_gnutls_handshake_thread_retrieve_function);
}
static void
g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
+ GTlsConnectionGnutlsClass *gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
- gobject_class->finalize = g_tls_server_connection_gnutls_finalize;
+ gobject_class->finalize = g_tls_server_connection_gnutls_finalize;
gobject_class->get_property = g_tls_server_connection_gnutls_get_property;
gobject_class->set_property = g_tls_server_connection_gnutls_set_property;
- connection_gnutls_class->failed = g_tls_server_connection_gnutls_failed;
- connection_gnutls_class->begin_handshake = g_tls_server_connection_gnutls_begin_handshake;
- connection_gnutls_class->finish_handshake = g_tls_server_connection_gnutls_finish_handshake;
+ base_class->prepare_handshake = g_tls_server_connection_gnutls_prepare_handshake;
+
+ gnutls_class->update_credentials = g_tls_server_connection_gnutls_update_credentials;
g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
}
* exception applies. Refer to the LICENSE_EXCEPTION file for details.
*/
-#ifndef __G_TLS_SERVER_CONNECTION_GNUTLS_H__
-#define __G_TLS_SERVER_CONNECTION_GNUTLS_H__
+#pragma once
#include <gio/gio.h>
#include "gtlsconnection-gnutls.h"
G_DECLARE_FINAL_TYPE(GTlsServerConnectionGnutls, g_tls_server_connection_gnutls, G, TLS_SERVER_CONNECTION_GNUTLS, GTlsConnectionGnutls)
G_END_DECLS
-
-#endif /* __G_TLS_SERVER_CONNECTION_GNUTLS_H___ */
'gtlsconnection-gnutls.c',
'gtlsdatabase-gnutls.c',
'gtlsfiledatabase-gnutls.c',
- 'gtlsinputstream-gnutls.c',
- 'gtlsoutputstream-gnutls.c',
'gtlsserverconnection-gnutls.c'
)
glib_dep,
gmodule_dep,
gobject_dep,
- gnutls_dep
+ gnutls_dep,
+ tlsbase_dep
]
module = shared_module(
)
if get_option('static_modules')
+ # link_whole is a workaround for a meson bug
+ # https://github.com/mesonbuild/meson/pull/3939
static_library('giognutls',
objects: module.extract_all_objects(),
install: true,
- install_dir: gio_module_dir
+ install_dir: gio_module_dir,
+ link_whole: [tlsbase]
)
pkg.generate(module)
endif
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsbackend-openssl.c
*
#include "gtlsclientconnection-openssl.h"
#include "gtlsfiledatabase-openssl.h"
-typedef struct _GTlsBackendOpensslPrivate
+struct _GTlsBackendOpenssl
{
+ GObject parent_instance;
+
GMutex mutex;
GTlsDatabase *default_database;
-} GTlsBackendOpensslPrivate;
+};
static void g_tls_backend_openssl_interface_init (GTlsBackendInterface *iface);
G_DEFINE_DYNAMIC_TYPE_EXTENDED (GTlsBackendOpenssl, g_tls_backend_openssl, G_TYPE_OBJECT, 0,
- G_ADD_PRIVATE_DYNAMIC (GTlsBackendOpenssl)
G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND,
g_tls_backend_openssl_interface_init))
#pragma GCC diagnostic ignored "-Wunused-function"
#endif
-static unsigned long
+static size_t
id_cb (void)
{
- return (unsigned long) g_thread_self ();
+ return (size_t) g_thread_self ();
}
static void
/* Leak the module to keep it from being unloaded. */
plugin = g_type_get_plugin (G_TYPE_TLS_BACKEND_OPENSSL);
- if (plugin != NULL)
+ if (plugin)
g_type_plugin_use (plugin);
return NULL;
}
static void
g_tls_backend_openssl_init (GTlsBackendOpenssl *backend)
{
- GTlsBackendOpensslPrivate *priv;
-
- priv = g_tls_backend_openssl_get_instance_private (backend);
-
/* Once we call gtls_openssl_init(), we can't allow the module to be
* unloaded (since if openssl gets unloaded but gcrypt doesn't, then
* gcrypt will have dangling pointers to openssl's mutex functions).
*/
g_once (&openssl_inited, gtls_openssl_init, NULL);
- g_mutex_init (&priv->mutex);
+ g_mutex_init (&backend->mutex);
}
static void
int i;
GTlsBackendOpenssl *backend = G_TLS_BACKEND_OPENSSL (object);
- GTlsBackendOpensslPrivate *priv;
-
- priv = g_tls_backend_openssl_get_instance_private (backend);
- g_clear_object (&priv->default_database);
- g_mutex_clear (&priv->mutex);
+ g_clear_object (&backend->default_database);
+ g_mutex_clear (&backend->mutex);
CRYPTO_set_id_callback (NULL);
CRYPTO_set_locking_callback (NULL);
G_OBJECT_CLASS (g_tls_backend_openssl_parent_class)->finalize (object);
}
-static GTlsDatabase *
-g_tls_backend_openssl_real_create_database (GTlsBackendOpenssl *self,
- GError **error)
-{
- gchar *anchor_file = NULL;
- GTlsDatabase *database;
-
-#ifdef G_OS_WIN32
- if (g_getenv ("G_TLS_OPENSSL_HANDLE_CERT_RELOCATABLE") != NULL)
- {
- gchar *module_dir;
-
- module_dir = g_win32_get_package_installation_directory_of_module (NULL);
- anchor_file = g_build_filename (module_dir, "bin", "cert.pem", NULL);
- g_free (module_dir);
- }
-#endif
-
- if (anchor_file == NULL)
- {
- const gchar *openssl_cert_file;
-
- openssl_cert_file = g_getenv (X509_get_default_cert_file_env ());
- if (openssl_cert_file == NULL)
- openssl_cert_file = X509_get_default_cert_file ();
-
- anchor_file = g_strdup (openssl_cert_file);
- }
-
- database = g_tls_file_database_new (anchor_file, error);
- g_free (anchor_file);
-
- return database;
-}
-
static void
g_tls_backend_openssl_class_init (GTlsBackendOpensslClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
gobject_class->finalize = g_tls_backend_openssl_finalize;
-
- klass->create_database = g_tls_backend_openssl_real_create_database;
}
static void
{
}
-static GTlsDatabase*
+static GTlsDatabase *
g_tls_backend_openssl_get_default_database (GTlsBackend *backend)
{
GTlsBackendOpenssl *openssl_backend = G_TLS_BACKEND_OPENSSL (backend);
- GTlsBackendOpensslPrivate *priv;
GTlsDatabase *result;
GError *error = NULL;
- priv = g_tls_backend_openssl_get_instance_private (openssl_backend);
-
- g_mutex_lock (&priv->mutex);
+ g_mutex_lock (&openssl_backend->mutex);
- if (priv->default_database)
+ if (openssl_backend->default_database)
{
- result = g_object_ref (priv->default_database);
+ result = g_object_ref (openssl_backend->default_database);
}
else
{
- g_assert (G_TLS_BACKEND_OPENSSL_GET_CLASS (openssl_backend)->create_database);
- result = G_TLS_BACKEND_OPENSSL_GET_CLASS (openssl_backend)->create_database (openssl_backend, &error);
+ result = G_TLS_DATABASE (g_tls_database_openssl_new (&error));
if (error)
{
g_warning ("Couldn't load TLS file database: %s",
else
{
g_assert (result);
- priv->default_database = g_object_ref (result);
+ openssl_backend->default_database = g_object_ref (result);
}
}
- g_mutex_unlock (&priv->mutex);
+ g_mutex_unlock (&openssl_backend->mutex);
return result;
}
iface->get_server_connection_type = g_tls_server_connection_openssl_get_type;
iface->get_file_database_type = g_tls_file_database_openssl_get_type;
iface->get_default_database = g_tls_backend_openssl_get_default_database;
+ iface->get_dtls_client_connection_type = g_tls_client_connection_openssl_get_type;
+ iface->get_dtls_server_connection_type = g_tls_server_connection_openssl_get_type;
}
void
if (!module)
g_io_extension_point_register (G_TLS_BACKEND_EXTENSION_POINT_NAME);
g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
- g_tls_backend_openssl_get_type(),
+ g_tls_backend_openssl_get_type (),
"openssl",
-1);
}
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsbackend-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_BACKEND_OPENSSL_H__
-#define __G_TLS_BACKEND_OPENSSL_H__
+#pragma once
#include <gio/gio.h>
G_BEGIN_DECLS
#define G_TYPE_TLS_BACKEND_OPENSSL (g_tls_backend_openssl_get_type ())
-G_DECLARE_DERIVABLE_TYPE (GTlsBackendOpenssl, g_tls_backend_openssl,
- G, TLS_BACKEND_OPENSSL, GObject)
-struct _GTlsBackendOpensslClass
-{
- GObjectClass parent_class;
-
- GTlsDatabase* (*create_database) (GTlsBackendOpenssl *backend,
- GError **error);
-};
+G_DECLARE_FINAL_TYPE (GTlsBackendOpenssl, g_tls_backend_openssl, G, TLS_BACKEND_OPENSSL, GObject)
void g_tls_backend_openssl_register (GIOModule *module);
G_END_DECLS
-
-#endif /* __G_TLS_BACKEND_OPENSSL_H___ */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsbio.c
*
typedef struct {
GIOStream *io_stream;
+ GDatagramBased *socket;
GCancellable *read_cancellable;
GCancellable *write_cancellable;
- gboolean read_blocking;
- gboolean write_blocking;
GError **read_error;
GError **write_error;
} GTlsBio;
+typedef struct {
+ gboolean done;
+ gboolean timed_out;
+} WaitData;
+
static void
free_gbio (gpointer user_data)
{
GTlsBio *bio = (GTlsBio *)user_data;
- g_object_unref (bio->io_stream);
+ if (bio->io_stream)
+ g_object_unref (bio->io_stream);
+ else
+ g_object_unref (bio->socket);
g_free (bio);
}
static int
gtls_bio_destroy (BIO *bio)
{
- if (bio == NULL)
+ if (!bio)
return 0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
if (bio->shutdown)
{
- if (bio->ptr != NULL)
+ if (bio->ptr)
{
free_gbio (bio->ptr);
bio->ptr = NULL;
#else
if (BIO_get_shutdown (bio))
{
- if (BIO_get_data (bio) != NULL)
+ if (BIO_get_data (bio))
{
free_gbio (BIO_get_data (bio));
BIO_set_data (bio, NULL);
case BIO_CTRL_POP:
ret = 0;
break;
+ case BIO_CTRL_DGRAM_QUERY_MTU:
+ ret = 1400; /* Same as the GnuTLS backend */
+ break;
default:
g_debug ("Got unsupported command: %d", cmd);
ret = 0;
#else
!BIO_get_init (bio) ||
#endif
- in == NULL || inl == 0)
+ !in || inl == 0)
return 0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#endif
BIO_clear_retry_flags (bio);
- written = g_pollable_stream_write (g_io_stream_get_output_stream (gbio->io_stream),
- in, inl,
- gbio->write_blocking,
- gbio->write_cancellable,
- &error);
+ if (gbio->io_stream)
+ {
+ written = g_pollable_stream_write (g_io_stream_get_output_stream (gbio->io_stream),
+ in, inl,
+ FALSE,
+ gbio->write_cancellable,
+ &error);
+ }
+ else
+ {
+ GOutputVector vector = { in, inl };
+ GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 };
+
+ written = g_datagram_based_send_messages (gbio->socket,
+ &message, 1, 0,
+ 0,
+ gbio->write_cancellable,
+ &error);
+
+ if (written > 0)
+ written = message.bytes_sent;
+ }
if (written == -1)
{
if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
BIO_set_retry_write (bio);
+ g_clear_error (gbio->write_error);
g_propagate_error (gbio->write_error, error);
}
#else
!BIO_get_init (bio) ||
#endif
- out == NULL || outl == 0)
+ !out || outl == 0)
return 0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#endif
BIO_clear_retry_flags (bio);
- read = g_pollable_stream_read (g_io_stream_get_input_stream (gbio->io_stream),
- out, outl,
- gbio->read_blocking,
- gbio->read_cancellable,
- &error);
+ if (gbio->io_stream)
+ {
+ read = g_pollable_stream_read (g_io_stream_get_input_stream (gbio->io_stream),
+ out, outl,
+ FALSE,
+ gbio->read_cancellable,
+ &error);
+ }
+ else
+ {
+ GInputVector vector = { out, outl };
+ GInputMessage message = { NULL, &vector, 1, 0, 0, NULL, NULL };
+
+ read = g_datagram_based_receive_messages (gbio->socket,
+ &message, 1, 0,
+ 0,
+ gbio->read_cancellable,
+ &error);
+
+ if (read > 0)
+ read = message.bytes_received;
+ }
if (read == -1)
{
if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
BIO_set_retry_read (bio);
+ g_clear_error (gbio->read_error);
g_propagate_error (gbio->read_error, error);
}
static const BIO_METHOD *
BIO_s_gtls (void)
{
- if (methods_gtls == NULL)
+ if (!methods_gtls)
{
methods_gtls = BIO_meth_new (BIO_TYPE_SOURCE_SINK | BIO_get_new_index (), "gtls");
- if (methods_gtls == NULL ||
+ if (!methods_gtls ||
!BIO_meth_set_write (methods_gtls, gtls_bio_write) ||
!BIO_meth_set_read (methods_gtls, gtls_bio_read) ||
!BIO_meth_set_puts (methods_gtls, gtls_bio_puts) ||
}
#endif
-BIO *
-g_tls_bio_new (GIOStream *io_stream)
+static BIO *
+g_tls_bio_alloc (GTlsBio **out_gbio)
{
BIO *ret;
GTlsBio *gbio;
ret = BIO_new(BIO_s_gtls ());
- if (ret == NULL)
+ if (!ret)
return NULL;
gbio = g_new0 (GTlsBio, 1);
- gbio->io_stream = g_object_ref (io_stream);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
ret->ptr = gbio;
BIO_set_init (ret, 1);
#endif
+ *out_gbio = gbio;
return ret;
}
-void
-g_tls_bio_set_read_cancellable (BIO *bio,
- GCancellable *cancellable)
+BIO *
+g_tls_bio_new_from_iostream (GIOStream *io_stream)
{
+ BIO *ret;
GTlsBio *gbio;
- g_return_if_fail (bio != NULL);
+ ret = g_tls_bio_alloc (&gbio);
+ gbio->io_stream = g_object_ref (io_stream);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
- gbio = (GTlsBio *)bio->ptr;
-#else
- gbio = BIO_get_data (bio);
-#endif
- gbio->read_cancellable = cancellable;
+ return ret;
+}
+
+BIO *
+g_tls_bio_new_from_datagram_based (GDatagramBased *socket)
+{
+ BIO *ret;
+ GTlsBio *gbio;
+
+ ret = g_tls_bio_alloc (&gbio);
+ gbio->socket = g_object_ref (socket);
+
+ return ret;
}
void
-g_tls_bio_set_read_blocking (BIO *bio,
- gboolean blocking)
+g_tls_bio_set_read_cancellable (BIO *bio,
+ GCancellable *cancellable)
{
GTlsBio *gbio;
- g_return_if_fail (bio != NULL);
+ g_return_if_fail (bio);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
gbio = (GTlsBio *)bio->ptr;
#else
gbio = BIO_get_data (bio);
#endif
- gbio->read_blocking = blocking;
+ gbio->read_cancellable = cancellable;
}
void
{
GTlsBio *gbio;
- g_return_if_fail (bio != NULL);
+ g_return_if_fail (bio);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
gbio = (GTlsBio *)bio->ptr;
{
GTlsBio *gbio;
- g_return_if_fail (bio != NULL);
+ g_return_if_fail (bio);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
gbio = (GTlsBio *)bio->ptr;
}
void
-g_tls_bio_set_write_blocking (BIO *bio,
- gboolean blocking)
+g_tls_bio_set_write_error (BIO *bio,
+ GError **error)
{
GTlsBio *gbio;
- g_return_if_fail (bio != NULL);
+ g_return_if_fail (bio);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
gbio = (GTlsBio *)bio->ptr;
#else
gbio = BIO_get_data (bio);
#endif
- gbio->write_blocking = blocking;
+ gbio->write_error = error;
}
-void
-g_tls_bio_set_write_error (BIO *bio,
- GError **error)
+static gboolean
+on_pollable_source_ready (GObject *pollable_stream,
+ gpointer user_data)
+{
+ WaitData *wait_data = user_data;
+
+ wait_data->done = TRUE;
+
+ return G_SOURCE_REMOVE;
+}
+
+static gboolean
+on_datagram_source_ready (GDatagramBased *datagram_based,
+ GIOCondition condition,
+ gpointer user_data)
+{
+ WaitData *wait_data = user_data;
+
+ wait_data->done = TRUE;
+
+ return G_SOURCE_REMOVE;
+}
+
+static gboolean
+on_timeout_source_ready (gpointer user_data)
+{
+ WaitData *wait_data = user_data;
+
+ wait_data->done = TRUE;
+ wait_data->timed_out = TRUE;
+
+ return G_SOURCE_REMOVE;
+}
+
+gboolean
+g_tls_bio_wait_available (BIO *bio,
+ GIOCondition condition,
+ gint64 timeout,
+ GCancellable *cancellable)
{
GTlsBio *gbio;
+ WaitData wait_data;
+ GMainContext *ctx;
+ GSource *io_source, *timeout_source;
- g_return_if_fail (bio != NULL);
+ g_return_val_if_fail (bio, FALSE);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
gbio = (GTlsBio *)bio->ptr;
#else
gbio = BIO_get_data (bio);
#endif
- gbio->write_error = error;
+
+ wait_data.done = FALSE;
+ wait_data.timed_out = FALSE;
+
+ ctx = g_main_context_new ();
+ g_main_context_push_thread_default (ctx);
+
+ if (gbio->io_stream)
+ {
+ if (condition & G_IO_IN)
+ io_source = g_pollable_input_stream_create_source (G_POLLABLE_INPUT_STREAM (g_io_stream_get_input_stream (gbio->io_stream)),
+ cancellable);
+ else
+ io_source = g_pollable_output_stream_create_source (G_POLLABLE_OUTPUT_STREAM (g_io_stream_get_output_stream (gbio->io_stream)),
+ cancellable);
+ g_source_set_callback (io_source, (GSourceFunc)on_pollable_source_ready, &wait_data, NULL);
+ }
+ else
+ {
+ io_source = g_datagram_based_create_source (gbio->socket, condition, cancellable);
+ g_source_set_callback (io_source, (GSourceFunc)on_datagram_source_ready, &wait_data, NULL);
+ }
+ g_source_attach (io_source, ctx);
+
+ if (timeout >= 0)
+ {
+ timeout_source = g_timeout_source_new (timeout / 1000);
+ g_source_set_callback (timeout_source, (GSourceFunc)on_timeout_source_ready, &wait_data, NULL);
+ g_source_attach (timeout_source, ctx);
+ }
+ else
+ {
+ timeout_source = NULL;
+ }
+
+ while (!wait_data.done)
+ g_main_context_iteration (ctx, TRUE);
+
+ if (timeout_source)
+ {
+ g_source_destroy (timeout_source);
+ g_source_unref (timeout_source);
+ }
+
+ g_source_destroy (io_source);
+ g_source_unref (io_source);
+
+ g_main_context_pop_thread_default (ctx);
+ g_main_context_unref (ctx);
+
+ return !wait_data.timed_out;
}
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsbio.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_BIO_H__
-#define __G_TLS_BIO_H__
+#pragma once
#include <gio/gio.h>
#include "openssl-include.h"
G_BEGIN_DECLS
-BIO *g_tls_bio_new (GIOStream *io_stream);
+BIO *g_tls_bio_new_from_iostream (GIOStream *io_stream);
+
+BIO *g_tls_bio_new_from_datagram_based (GDatagramBased *socket);
void g_tls_bio_set_read_cancellable (BIO *bio,
GCancellable *cancellable);
-void g_tls_bio_set_read_blocking (BIO *bio,
- gboolean blocking);
-
void g_tls_bio_set_read_error (BIO *bio,
GError **error);
void g_tls_bio_set_write_cancellable (BIO *bio,
GCancellable *cancellable);
-void g_tls_bio_set_write_blocking (BIO *bio,
- gboolean blocking);
-
void g_tls_bio_set_write_error (BIO *bio,
GError **error);
-G_END_DECLS
+gboolean g_tls_bio_wait_available (BIO *bio,
+ GIOCondition condition,
+ gint64 timeout,
+ GCancellable *cancellable);
-#endif /* __G_TLS_BIO_H__ */
+G_END_DECLS
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlscertificate-openssl.c
*
#include "openssl-include.h"
#include "gtlscertificate-openssl.h"
-#include "openssl-util.h"
#include <glib/gi18n-lib.h>
-typedef struct _GTlsCertificateOpensslPrivate
+struct _GTlsCertificateOpenssl
{
+ GTlsCertificate parent_instance;
+
X509 *cert;
EVP_PKEY *key;
guint have_cert : 1;
guint have_key : 1;
-} GTlsCertificateOpensslPrivate;
+};
enum
{
PROP_CERTIFICATE_PEM,
PROP_PRIVATE_KEY,
PROP_PRIVATE_KEY_PEM,
- PROP_ISSUER
+ PROP_ISSUER,
+ PROP_NOT_VALID_BEFORE,
+ PROP_NOT_VALID_AFTER,
+ PROP_SUBJECT_NAME,
+ PROP_ISSUER_NAME,
+ PROP_DNS_NAMES,
+ PROP_IP_ADDRESSES,
};
static void g_tls_certificate_openssl_initable_iface_init (GInitableIface *iface);
G_DEFINE_TYPE_WITH_CODE (GTlsCertificateOpenssl, g_tls_certificate_openssl, G_TYPE_TLS_CERTIFICATE,
- G_ADD_PRIVATE (GTlsCertificateOpenssl)
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_tls_certificate_openssl_initable_iface_init))
g_tls_certificate_openssl_finalize (GObject *object)
{
GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
- GTlsCertificateOpensslPrivate *priv;
-
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
- if (priv->cert)
- X509_free (priv->cert);
- if (priv->key)
- EVP_PKEY_free (priv->key);
+ if (openssl->cert)
+ X509_free (openssl->cert);
+ if (openssl->key)
+ EVP_PKEY_free (openssl->key);
- g_clear_object (&priv->issuer);
+ g_clear_object (&openssl->issuer);
- g_clear_error (&priv->construct_error);
+ g_clear_error (&openssl->construct_error);
G_OBJECT_CLASS (g_tls_certificate_openssl_parent_class)->finalize (object);
}
+static GPtrArray *
+get_subject_alt_names (GTlsCertificateOpenssl *cert,
+ guint type)
+{
+ GPtrArray *data = NULL;
+ STACK_OF (GENERAL_NAME) *sans;
+ const guint8 *san = NULL;
+ size_t san_size;
+ guint alt_occurrences;
+ guint i;
+
+ if (type == GEN_IPADD)
+ data = g_ptr_array_new_with_free_func (g_object_unref);
+ else
+ data = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref);
+
+ sans = X509_get_ext_d2i (cert->cert, NID_subject_alt_name, NULL, NULL);
+ if (sans)
+ {
+ alt_occurrences = sk_GENERAL_NAME_num (sans);
+ for (i = 0; i < alt_occurrences; i++)
+ {
+ const GENERAL_NAME *value = sk_GENERAL_NAME_value (sans, i);
+ if (value->type != type)
+ continue;
+
+ if (type == GEN_IPADD)
+ {
+ g_assert (value->type == GEN_IPADD);
+ san = ASN1_STRING_get0_data (value->d.ip);
+ san_size = ASN1_STRING_length (value->d.ip);
+ if (san_size == 4)
+ g_ptr_array_add (data, g_inet_address_new_from_bytes (san, G_SOCKET_FAMILY_IPV4));
+ else if (san_size == 16)
+ g_ptr_array_add (data, g_inet_address_new_from_bytes (san, G_SOCKET_FAMILY_IPV6));
+ }
+ else
+ {
+ g_assert (value->type == GEN_DNS);
+ san = ASN1_STRING_get0_data (value->d.ia5);
+ san_size = ASN1_STRING_length (value->d.ia5);
+ g_ptr_array_add (data, g_bytes_new (san, san_size));
+ }
+ }
+
+ for (i = 0; i < alt_occurrences; i++)
+ GENERAL_NAME_free (sk_GENERAL_NAME_value (sans, i));
+ sk_GENERAL_NAME_free (sans);
+ }
+
+ return data;
+}
+
+static void
+export_privkey_to_der (GTlsCertificateOpenssl *openssl,
+ guint8 **output_data,
+ long *output_size)
+{
+ PKCS8_PRIV_KEY_INFO *pkcs8;
+ BIO *bio = NULL;
+ const guint8 *data;
+
+ if (!openssl->key)
+ goto err;
+
+ pkcs8 = EVP_PKEY2PKCS8 (openssl->key);
+ if (!pkcs8)
+ goto err;
+
+ bio = BIO_new (BIO_s_mem ());
+ if (i2d_PKCS8_PRIV_KEY_INFO_bio (bio, pkcs8) == 0)
+ goto err;
+
+ *output_size = BIO_get_mem_data (bio, (char **)&data);
+ if (*output_size <= 0)
+ goto err;
+
+ *output_data = g_malloc (*output_size);
+ memcpy (*output_data, data, *output_size);
+ goto out;
+
+err:
+ *output_data = NULL;
+ *output_size = 0;
+out:
+ if (bio)
+ BIO_free_all (bio);
+ if (pkcs8)
+ PKCS8_PRIV_KEY_INFO_free (pkcs8);
+}
+
+static char *
+export_privkey_to_pem (GTlsCertificateOpenssl *openssl)
+{
+ int ret;
+ BIO *bio = NULL;
+ const char *data = NULL;
+ char *result = NULL;
+
+ if (!openssl->key)
+ return NULL;
+
+ bio = BIO_new (BIO_s_mem ());
+ ret = PEM_write_bio_PKCS8PrivateKey (bio, openssl->key, NULL, NULL, 0, NULL, NULL);
+ if (ret == 0)
+ goto out;
+
+ ret = BIO_write (bio, "\0", 1);
+ if (ret != 1)
+ goto out;
+
+ BIO_get_mem_data (bio, (char **)&data);
+ result = g_strdup (data);
+
+out:
+ BIO_free_all (bio);
+ return result;
+}
+
static void
g_tls_certificate_openssl_get_property (GObject *object,
guint prop_id,
GParamSpec *pspec)
{
GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
- GTlsCertificateOpensslPrivate *priv;
GByteArray *certificate;
guint8 *data;
BIO *bio;
+ GByteArray *byte_array;
char *certificate_pem;
- int size;
+ long size;
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
+ const ASN1_TIME *time_asn1;
+ struct tm time_tm;
+ GDateTime *time;
+ GTimeZone *tz;
+ X509_NAME *name;
+ const char *name_string;
switch (prop_id)
{
case PROP_CERTIFICATE:
/* NOTE: we do the two calls to avoid openssl allocating the buffer for us */
- size = i2d_X509 (priv->cert, NULL);
+ size = i2d_X509 (openssl->cert, NULL);
if (size < 0)
certificate = NULL;
else
certificate = g_byte_array_sized_new (size);
certificate->len = size;
data = certificate->data;
- size = i2d_X509 (priv->cert, &data);
+ size = i2d_X509 (openssl->cert, &data);
if (size < 0)
{
g_byte_array_free (certificate, TRUE);
case PROP_CERTIFICATE_PEM:
bio = BIO_new (BIO_s_mem ());
- if (!PEM_write_bio_X509 (bio, priv->cert) || !BIO_write (bio, "\0", 1))
+ if (!PEM_write_bio_X509 (bio, openssl->cert) || !BIO_write (bio, "\0", 1))
certificate_pem = NULL;
else
{
}
break;
+ case PROP_PRIVATE_KEY:
+ export_privkey_to_der (openssl, &data, &size);
+ if (size > 0 && (gint64)size <= G_MAXUINT)
+ {
+ byte_array = g_byte_array_new_take (data, size);
+ g_value_take_boxed (value, byte_array);
+ }
+ break;
+
+ case PROP_PRIVATE_KEY_PEM:
+ g_value_take_string (value, export_privkey_to_pem (openssl));
+ break;
+
case PROP_ISSUER:
- g_value_set_object (value, priv->issuer);
+ g_value_set_object (value, openssl->issuer);
+ break;
+
+ case PROP_NOT_VALID_BEFORE:
+ time_asn1 = X509_get0_notBefore (openssl->cert);
+ ASN1_TIME_to_tm (time_asn1, &time_tm);
+ tz = g_time_zone_new_utc ();
+ time = g_date_time_new (tz, time_tm.tm_year + 1900, time_tm.tm_mon + 1, time_tm.tm_mday, time_tm.tm_hour, time_tm.tm_min, time_tm.tm_sec);
+ g_value_take_boxed (value, time);
+ g_time_zone_unref (tz);
+ break;
+
+ case PROP_NOT_VALID_AFTER:
+ time_asn1 = X509_get0_notAfter (openssl->cert);
+ ASN1_TIME_to_tm (time_asn1, &time_tm);
+ tz = g_time_zone_new_utc ();
+ time = g_date_time_new (tz, time_tm.tm_year + 1900, time_tm.tm_mon + 1, time_tm.tm_mday, time_tm.tm_hour, time_tm.tm_min, time_tm.tm_sec);
+ g_value_take_boxed (value, time);
+ g_time_zone_unref (tz);
+ break;
+
+ case PROP_SUBJECT_NAME:
+ bio = BIO_new (BIO_s_mem ());
+ name = X509_get_subject_name (openssl->cert);
+ X509_NAME_print_ex (bio, name, 0, XN_FLAG_SEP_COMMA_PLUS);
+ BIO_write (bio, "\0", 1);
+ BIO_get_mem_data (bio, (char **)&name_string);
+ g_value_set_string (value, name_string);
+ BIO_free_all (bio);
+ break;
+
+ case PROP_ISSUER_NAME:
+ bio = BIO_new (BIO_s_mem ());
+ name = X509_get_issuer_name (openssl->cert);
+ X509_NAME_print_ex (bio, name, 0, XN_FLAG_SEP_COMMA_PLUS);
+ BIO_write (bio, "\0", 1);
+ BIO_get_mem_data (bio, &name_string);
+ g_value_set_string (value, name_string);
+ BIO_free_all (bio);
+ break;
+
+ case PROP_DNS_NAMES:
+ g_value_take_boxed (value, get_subject_alt_names (openssl, GEN_DNS));
+ break;
+
+ case PROP_IP_ADDRESSES:
+ g_value_take_boxed (value, get_subject_alt_names (openssl, GEN_IPADD));
break;
default:
GParamSpec *pspec)
{
GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (object);
- GTlsCertificateOpensslPrivate *priv;
GByteArray *bytes;
guint8 *data;
BIO *bio;
const char *string;
-
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
+ char error_buffer[256];
switch (prop_id)
{
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (priv->have_cert == FALSE);
+ g_return_if_fail (openssl->have_cert == FALSE);
/* see that we cannot use bytes->data directly since it will move the pointer */
data = bytes->data;
- priv->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
- if (priv->cert != NULL)
- priv->have_cert = TRUE;
- else if (!priv->construct_error)
+ openssl->cert = d2i_X509 (NULL, (const unsigned char **)&data, bytes->len);
+ if (openssl->cert)
+ openssl->have_cert = TRUE;
+ else if (!openssl->construct_error)
{
- priv->construct_error =
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse DER certificate: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (priv->have_cert == FALSE);
+ g_return_if_fail (openssl->have_cert == FALSE);
bio = BIO_new_mem_buf ((gpointer)string, -1);
- priv->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
+ openssl->cert = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
BIO_free (bio);
- if (priv->cert != NULL)
- priv->have_cert = TRUE;
- else if (!priv->construct_error)
+ if (openssl->cert)
+ openssl->have_cert = TRUE;
+ else if (!openssl->construct_error)
{
- priv->construct_error =
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse PEM certificate: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
bytes = g_value_get_boxed (value);
if (!bytes)
break;
- g_return_if_fail (priv->have_key == FALSE);
+ g_return_if_fail (openssl->have_key == FALSE);
bio = BIO_new_mem_buf (bytes->data, bytes->len);
- priv->key = d2i_PrivateKey_bio (bio, NULL);
+ openssl->key = d2i_PrivateKey_bio (bio, NULL);
BIO_free (bio);
- if (priv->key != NULL)
- priv->have_key = TRUE;
- else if (!priv->construct_error)
+ if (openssl->key)
+ openssl->have_key = TRUE;
+ else if (!openssl->construct_error)
{
- priv->construct_error =
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse DER private key: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
string = g_value_get_string (value);
if (!string)
break;
- g_return_if_fail (priv->have_key == FALSE);
+ g_return_if_fail (openssl->have_key == FALSE);
bio = BIO_new_mem_buf ((gpointer)string, -1);
- priv->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
+ openssl->key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
BIO_free (bio);
- if (priv->key != NULL)
- priv->have_key = TRUE;
- else if (!priv->construct_error)
+ if (openssl->key)
+ openssl->have_key = TRUE;
+ else if (!openssl->construct_error)
{
- priv->construct_error =
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse PEM private key: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
case PROP_ISSUER:
- priv->issuer = g_value_dup_object (value);
+ openssl->issuer = g_value_dup_object (value);
break;
default:
GError **error)
{
GTlsCertificateOpenssl *openssl = G_TLS_CERTIFICATE_OPENSSL (initable);
- GTlsCertificateOpensslPrivate *priv;
-
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
- if (priv->construct_error)
+ if (openssl->construct_error)
{
- g_propagate_error (error, priv->construct_error);
- priv->construct_error = NULL;
+ g_propagate_error (error, openssl->construct_error);
+ openssl->construct_error = NULL;
return FALSE;
}
- else if (!priv->have_cert)
+ else if (!openssl->have_cert)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("No certificate data provided"));
GTlsCertificate *trusted_ca)
{
GTlsCertificateOpenssl *cert_openssl;
- GTlsCertificateOpensslPrivate *priv;
GTlsCertificateFlags gtls_flags;
X509 *x;
STACK_OF(X509) *untrusted;
- gint i;
cert_openssl = G_TLS_CERTIFICATE_OPENSSL (cert);
- priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
- x = priv->cert;
+ x = cert_openssl->cert;
untrusted = sk_X509_new_null ();
- for (; cert_openssl; cert_openssl = priv->issuer)
- {
- priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
- sk_X509_push (untrusted, priv->cert);
- }
+ for (; cert_openssl; cert_openssl = cert_openssl->issuer)
+ sk_X509_push (untrusted, cert_openssl->cert);
gtls_flags = 0;
trusted = sk_X509_new_null ();
cert_openssl = G_TLS_CERTIFICATE_OPENSSL (trusted_ca);
- for (; cert_openssl; cert_openssl = priv->issuer)
- {
- priv = g_tls_certificate_openssl_get_instance_private (cert_openssl);
- sk_X509_push (trusted, priv->cert);
- }
+ for (; cert_openssl; cert_openssl = cert_openssl->issuer)
+ sk_X509_push (trusted, cert_openssl->cert);
X509_STORE_CTX_trusted_stack (csc, trusted);
if (X509_verify_cert (csc) <= 0)
X509_STORE_free (store);
}
- /* We have to check these ourselves since openssl
- * does not give us flags and UNKNOWN_CA will take priority.
- */
- for (i = 0; i < sk_X509_num (untrusted); i++)
- {
- X509 *c = sk_X509_value (untrusted, i);
- ASN1_TIME *not_before = X509_get_notBefore (c);
- ASN1_TIME *not_after = X509_get_notAfter (c);
-
- if (X509_cmp_current_time (not_before) > 0)
- gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
-
- if (X509_cmp_current_time (not_after) < 0)
- gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
- }
-
sk_X509_free (untrusted);
if (identity)
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer");
+ g_object_class_override_property (gobject_class, PROP_NOT_VALID_BEFORE, "not-valid-before");
+ g_object_class_override_property (gobject_class, PROP_NOT_VALID_AFTER, "not-valid-after");
+ g_object_class_override_property (gobject_class, PROP_SUBJECT_NAME, "subject-name");
+ g_object_class_override_property (gobject_class, PROP_ISSUER_NAME, "issuer-name");
+ g_object_class_override_property (gobject_class, PROP_DNS_NAMES, "dns-names");
+ g_object_class_override_property (gobject_class, PROP_IP_ADDRESSES, "ip-addresses");
}
static void
GTlsCertificate *issuer)
{
GTlsCertificateOpenssl *openssl;
- GTlsCertificateOpensslPrivate *priv;
openssl = g_object_new (G_TYPE_TLS_CERTIFICATE_OPENSSL,
"issuer", issuer,
NULL);
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
- priv->cert = X509_dup (x);
- priv->have_cert = TRUE;
+ openssl->cert = X509_dup (x);
+ openssl->have_cert = TRUE;
return G_TLS_CERTIFICATE (openssl);
}
g_tls_certificate_openssl_set_data (GTlsCertificateOpenssl *openssl,
GBytes *bytes)
{
- GTlsCertificateOpensslPrivate *priv;
const unsigned char *data;
g_return_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl));
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
- g_return_if_fail (!priv->have_cert);
+ g_return_if_fail (!openssl->have_cert);
data = (const unsigned char *)g_bytes_get_data (bytes, NULL);
- priv->cert = d2i_X509 (NULL, &data, g_bytes_get_size (bytes));
+ openssl->cert = d2i_X509 (NULL, &data, g_bytes_get_size (bytes));
- if (priv->cert != NULL)
- priv->have_cert = TRUE;
+ if (openssl->cert)
+ openssl->have_cert = TRUE;
}
GBytes *
X509 *
g_tls_certificate_openssl_get_cert (GTlsCertificateOpenssl *openssl)
{
- GTlsCertificateOpensslPrivate *priv;
-
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), FALSE);
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
- return priv->cert;
+ return openssl->cert;
}
EVP_PKEY *
g_tls_certificate_openssl_get_key (GTlsCertificateOpenssl *openssl)
{
- GTlsCertificateOpensslPrivate *priv;
-
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl), FALSE);
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
- return priv->key;
+ return openssl->key;
}
void
g_tls_certificate_openssl_set_issuer (GTlsCertificateOpenssl *openssl,
GTlsCertificateOpenssl *issuer)
{
- GTlsCertificateOpensslPrivate *priv;
-
g_return_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (openssl));
g_return_if_fail (!issuer || G_IS_TLS_CERTIFICATE_OPENSSL (issuer));
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
- if (g_set_object (&priv->issuer, issuer))
+ if (g_set_object (&openssl->issuer, issuer))
g_object_notify (G_OBJECT (openssl), "issuer");
}
verify_identity_hostname (GTlsCertificateOpenssl *openssl,
GSocketConnectable *identity)
{
- GTlsCertificateOpensslPrivate *priv;
const char *hostname;
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
if (G_IS_NETWORK_ADDRESS (identity))
hostname = g_network_address_get_hostname (G_NETWORK_ADDRESS (identity));
else if (G_IS_NETWORK_SERVICE (identity))
else
return FALSE;
- return g_tls_X509_check_host (priv->cert, hostname, strlen (hostname), 0, NULL) == 1;
+ return X509_check_host (openssl->cert, hostname, strlen (hostname), 0, NULL) == 1;
}
static gboolean
verify_identity_ip (GTlsCertificateOpenssl *openssl,
GSocketConnectable *identity)
{
- GTlsCertificateOpensslPrivate *priv;
GInetAddress *addr;
gsize addr_size;
const guint8 *addr_bytes;
gboolean ret;
- priv = g_tls_certificate_openssl_get_instance_private (openssl);
-
if (G_IS_INET_SOCKET_ADDRESS (identity))
addr = g_object_ref (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (identity)));
else {
addr_bytes = g_inet_address_to_bytes (addr);
addr_size = g_inet_address_get_native_size (addr);
- ret = g_tls_X509_check_ip (priv->cert, addr_bytes, addr_size, 0) == 1;
+ ret = X509_check_ip (openssl->cert, addr_bytes, addr_size, 0) == 1;
g_object_unref (addr);
return ret;
gtls_flags = G_TLS_CERTIFICATE_UNKNOWN_CA;
break;
default:
- g_message ("certificate error: %s", X509_verify_cert_error_string (openssl_error));
gtls_flags = G_TLS_CERTIFICATE_GENERIC_ERROR;
}
GTlsCertificateOpenssl *result;
guint i, j;
- g_return_val_if_fail (x != NULL, NULL);
+ g_return_val_if_fail (x, NULL);
g_return_val_if_fail (chain, NULL);
glib_certs = g_ptr_array_new_full (sk_X509_num (chain), g_object_unref);
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlscertificate-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_CERTIFICATE_OPENSSL_H__
-#define __G_TLS_CERTIFICATE_OPENSSL_H__
+#pragma once
#include <gio/gio.h>
#include "openssl-include.h"
G_BEGIN_DECLS
#define G_TYPE_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_openssl_get_type ())
-G_DECLARE_DERIVABLE_TYPE (GTlsCertificateOpenssl, g_tls_certificate_openssl,
- G, TLS_CERTIFICATE_OPENSSL, GTlsCertificate)
-
-struct _GTlsCertificateOpensslClass
-{
- GTlsCertificateClass parent_class;
-};
+G_DECLARE_FINAL_TYPE (GTlsCertificateOpenssl, g_tls_certificate_openssl,
+ G, TLS_CERTIFICATE_OPENSSL, GTlsCertificate)
GTlsCertificate *g_tls_certificate_openssl_new (GBytes *bytes,
GTlsCertificate *issuer);
STACK_OF (X509) *chain);
G_END_DECLS
-
-#endif /* __G_TLS_CERTIFICATE_OPENSSL_H___ */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsclientconnection-openssl.c
*
#include "gtlsclientconnection-openssl.h"
#include "gtlsbackend-openssl.h"
#include "gtlscertificate-openssl.h"
+#include "gtlsdatabase-openssl.h"
#include <glib/gi18n-lib.h>
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
-
-typedef struct _GTlsClientConnectionOpensslPrivate
+struct _GTlsClientConnectionOpenssl
{
+ GTlsConnectionOpenssl parent_instance;
+
GTlsCertificateFlags validation_flags;
GSocketConnectable *server_identity;
gboolean use_ssl3;
- gboolean session_data_override;
-
- GBytes *session_id;
- GBytes *session_data;
STACK_OF (X509_NAME) *ca_list;
SSL_SESSION *session;
SSL *ssl;
SSL_CTX *ssl_ctx;
-} GTlsClientConnectionOpensslPrivate;
+};
enum
{
static GInitableIface *g_tls_client_connection_openssl_parent_initable_iface;
G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionOpenssl, g_tls_client_connection_openssl, G_TYPE_TLS_CONNECTION_OPENSSL,
- G_ADD_PRIVATE (GTlsClientConnectionOpenssl)
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_tls_client_connection_openssl_initable_interface_init)
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION,
- g_tls_client_connection_openssl_client_connection_interface_init))
+ g_tls_client_connection_openssl_client_connection_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CLIENT_CONNECTION,
+ NULL));
static void
g_tls_client_connection_openssl_finalize (GObject *object)
{
GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
- GTlsClientConnectionOpensslPrivate *priv;
-
- priv = g_tls_client_connection_openssl_get_instance_private (openssl);
- g_clear_object (&priv->server_identity);
- g_clear_pointer (&priv->session_id, g_bytes_unref);
- g_clear_pointer (&priv->session_data, g_bytes_unref);
+ g_clear_object (&openssl->server_identity);
- SSL_free (priv->ssl);
- SSL_CTX_free (priv->ssl_ctx);
- SSL_SESSION_free (priv->session);
+ SSL_free (openssl->ssl);
+ SSL_CTX_free (openssl->ssl_ctx);
+ SSL_SESSION_free (openssl->session);
G_OBJECT_CLASS (g_tls_client_connection_openssl_parent_class)->finalize (object);
}
static const gchar *
get_server_identity (GTlsClientConnectionOpenssl *openssl)
{
- GTlsClientConnectionOpensslPrivate *priv;
-
- priv = g_tls_client_connection_openssl_get_instance_private (openssl);
-
- if (G_IS_NETWORK_ADDRESS (priv->server_identity))
- return g_network_address_get_hostname (G_NETWORK_ADDRESS (priv->server_identity));
- else if (G_IS_NETWORK_SERVICE (priv->server_identity))
- return g_network_service_get_domain (G_NETWORK_SERVICE (priv->server_identity));
+ if (G_IS_NETWORK_ADDRESS (openssl->server_identity))
+ return g_network_address_get_hostname (G_NETWORK_ADDRESS (openssl->server_identity));
+ else if (G_IS_NETWORK_SERVICE (openssl->server_identity))
+ return g_network_service_get_domain (G_NETWORK_SERVICE (openssl->server_identity));
else
return NULL;
}
GParamSpec *pspec)
{
GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
- GTlsClientConnectionOpensslPrivate *priv;
GList *accepted_cas;
gint i;
- priv = g_tls_client_connection_openssl_get_instance_private (openssl);
-
switch (prop_id)
{
case PROP_VALIDATION_FLAGS:
- g_value_set_flags (value, priv->validation_flags);
+ g_value_set_flags (value, openssl->validation_flags);
break;
case PROP_SERVER_IDENTITY:
- g_value_set_object (value, priv->server_identity);
+ g_value_set_object (value, openssl->server_identity);
break;
case PROP_USE_SSL3:
- g_value_set_boolean (value, priv->use_ssl3);
+ g_value_set_boolean (value, openssl->use_ssl3);
break;
case PROP_ACCEPTED_CAS:
accepted_cas = NULL;
- if (priv->ca_list)
+ if (openssl->ca_list)
{
- for (i = 0; i < sk_X509_NAME_num (priv->ca_list); ++i)
+ for (i = 0; i < sk_X509_NAME_num (openssl->ca_list); ++i)
{
int size;
- size = i2d_X509_NAME (sk_X509_NAME_value (priv->ca_list, i), NULL);
+ size = i2d_X509_NAME (sk_X509_NAME_value (openssl->ca_list, i), NULL);
if (size > 0)
{
unsigned char *ca;
ca = g_malloc (size);
- size = i2d_X509_NAME (sk_X509_NAME_value (priv->ca_list, i), &ca);
+ size = i2d_X509_NAME (sk_X509_NAME_value (openssl->ca_list, i), &ca);
if (size > 0)
accepted_cas = g_list_prepend (accepted_cas, g_byte_array_new_take (
ca, size));
GParamSpec *pspec)
{
GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
- GTlsClientConnectionOpensslPrivate *priv;
-
- priv = g_tls_client_connection_openssl_get_instance_private (openssl);
switch (prop_id)
{
case PROP_VALIDATION_FLAGS:
- priv->validation_flags = g_value_get_flags (value);
+ openssl->validation_flags = g_value_get_flags (value);
break;
case PROP_SERVER_IDENTITY:
- if (priv->server_identity)
- g_object_unref (priv->server_identity);
- priv->server_identity = g_value_dup_object (value);
+ if (openssl->server_identity)
+ g_object_unref (openssl->server_identity);
+ openssl->server_identity = g_value_dup_object (value);
break;
case PROP_USE_SSL3:
- priv->use_ssl3 = g_value_get_boolean (value);
+ openssl->use_ssl3 = g_value_get_boolean (value);
break;
default:
}
static void
-g_tls_client_connection_openssl_constructed (GObject *object)
+g_tls_client_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
+ gboolean handshake_succeeded,
+ gchar **negotiated_protocol,
+ GTlsProtocolVersion *protocol_version,
+ gchar **ciphersuite_name,
+ GError **error)
{
- GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (object);
- GTlsClientConnectionOpensslPrivate *priv;
- GSocketConnection *base_conn;
- GSocketAddress *remote_addr;
- GInetAddress *iaddr;
- guint port;
-
- priv = g_tls_client_connection_openssl_get_instance_private (openssl);
-
- /* Create a TLS session ID. We base it on the IP address since
- * different hosts serving the same hostname/service will probably
- * not share the same session cache. We base it on the
- * server-identity because at least some servers will fail (rather
- * than just failing to resume the session) if we don't.
- * (https://bugs.launchpad.net/bugs/823325)
+ GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (tls);
+
+ if (G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->complete_handshake)
+ G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->complete_handshake (tls,
+ handshake_succeeded,
+ negotiated_protocol,
+ protocol_version,
+ ciphersuite_name,
+ error);
+
+ /* It may have changed during the handshake, but we have to wait until here
+ * because we can't emit notifies on the handshake thread.
*/
- g_object_get (G_OBJECT (openssl), "base-io-stream", &base_conn, NULL);
- if (G_IS_SOCKET_CONNECTION (base_conn))
+ g_object_notify (G_OBJECT (client), "accepted-cas");
+}
+
+static GTlsCertificateFlags
+verify_ocsp_response (GTlsClientConnectionOpenssl *openssl,
+ GTlsCertificate *peer_certificate)
+{
+ SSL *ssl = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ GTlsDatabase *database;
+ long len = 0;
+ unsigned char *p = NULL;
+
+ ssl = g_tls_connection_openssl_get_ssl (G_TLS_CONNECTION_OPENSSL (openssl));
+ len = SSL_get_tlsext_status_ocsp_resp (ssl, &p);
+ if (p)
{
- remote_addr = g_socket_connection_get_remote_address (base_conn, NULL);
- if (G_IS_INET_SOCKET_ADDRESS (remote_addr))
- {
- GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr);
- const gchar *server_hostname;
- gchar *addrstr, *session_id;
-
- iaddr = g_inet_socket_address_get_address (isaddr);
- port = g_inet_socket_address_get_port (isaddr);
-
- addrstr = g_inet_address_to_string (iaddr);
- server_hostname = get_server_identity (openssl);
- session_id = g_strdup_printf ("%s/%s/%d", addrstr,
- server_hostname ? server_hostname : "",
- port);
- priv->session_id = g_bytes_new_take (session_id, strlen (session_id));
- g_free (addrstr);
- }
- g_object_unref (remote_addr);
+ resp = d2i_OCSP_RESPONSE (NULL, (const unsigned char **)&p, len);
+ if (!resp)
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
}
- g_object_unref (base_conn);
- G_OBJECT_CLASS (g_tls_client_connection_openssl_parent_class)->constructed (object);
-}
+ database = g_tls_connection_get_database (G_TLS_CONNECTION (openssl));
-static GTlsConnectionBaseStatus
-g_tls_client_connection_openssl_handshake (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error)
-{
- return G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->
- handshake (tls, cancellable, error);
+ /* If there's no database, then G_TLS_CERTIFICATE_UNKNOWN_CA must be flagged,
+ * and this function is only called if there are no flags.
+ */
+ g_assert (database);
+
+ /* Note we have to call this even if resp is NULL, because it will check
+ * whether Must-Staple is set.
+ */
+ return g_tls_database_openssl_verify_ocsp_response (G_TLS_DATABASE_OPENSSL (database),
+ peer_certificate,
+ resp);
}
-static GTlsConnectionBaseStatus
-g_tls_client_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
- GError **error)
+static GTlsCertificateFlags
+g_tls_client_connection_openssl_verify_peer_certificate (GTlsConnectionBase *tls,
+ GTlsCertificate *certificate,
+ GTlsCertificateFlags flags)
{
- GTlsConnectionBaseStatus status;
+ GTlsClientConnectionOpenssl *openssl = G_TLS_CLIENT_CONNECTION_OPENSSL (tls);
- status = G_TLS_CONNECTION_BASE_CLASS (g_tls_client_connection_openssl_parent_class)->
- complete_handshake (tls, error);
+ if (flags == 0)
+ flags = verify_ocsp_response (openssl, certificate);
- return status;
+ return flags;
}
static SSL *
g_tls_client_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection)
{
- GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (connection);
- GTlsClientConnectionOpensslPrivate *priv;
-
- priv = g_tls_client_connection_openssl_get_instance_private (client);
-
- return priv->ssl;
+ return G_TLS_CLIENT_CONNECTION_OPENSSL (connection)->ssl;
}
static void
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
- GTlsConnectionOpensslClass *connection_class = G_TLS_CONNECTION_OPENSSL_CLASS (klass);
+ GTlsConnectionOpensslClass *openssl_class = G_TLS_CONNECTION_OPENSSL_CLASS (klass);
- gobject_class->finalize = g_tls_client_connection_openssl_finalize;
- gobject_class->get_property = g_tls_client_connection_openssl_get_property;
- gobject_class->set_property = g_tls_client_connection_openssl_set_property;
- gobject_class->constructed = g_tls_client_connection_openssl_constructed;
+ gobject_class->finalize = g_tls_client_connection_openssl_finalize;
+ gobject_class->get_property = g_tls_client_connection_openssl_get_property;
+ gobject_class->set_property = g_tls_client_connection_openssl_set_property;
- base_class->handshake = g_tls_client_connection_openssl_handshake;
- base_class->complete_handshake = g_tls_client_connection_openssl_complete_handshake;
+ base_class->complete_handshake = g_tls_client_connection_openssl_complete_handshake;
+ base_class->verify_peer_certificate = g_tls_client_connection_openssl_verify_peer_certificate;
- connection_class->get_ssl = g_tls_client_connection_openssl_get_ssl;
+ openssl_class->get_ssl = g_tls_client_connection_openssl_get_ssl;
g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
{
}
-
static void
g_tls_client_connection_openssl_copy_session_state (GTlsClientConnection *conn,
GTlsClientConnection *source)
static int data_index = -1;
static int
-retrieve_certificate (SSL *ssl,
- X509 **x509,
- EVP_PKEY **pkey)
+handshake_thread_retrieve_certificate (SSL *ssl,
+ X509 **x509,
+ EVP_PKEY **pkey)
{
GTlsClientConnectionOpenssl *client;
- GTlsClientConnectionOpensslPrivate *priv;
GTlsConnectionBase *tls;
- GTlsConnectionOpenssl *openssl;
GTlsCertificate *cert;
- gboolean set_certificate = FALSE;
client = SSL_get_ex_data (ssl, data_index);
tls = G_TLS_CONNECTION_BASE (client);
- openssl = G_TLS_CONNECTION_OPENSSL (client);
-
- priv = g_tls_client_connection_openssl_get_instance_private (client);
- tls->certificate_requested = TRUE;
-
- priv->ca_list = SSL_get_client_CA_list (priv->ssl);
- g_object_notify (G_OBJECT (client), "accepted-cas");
+ client->ca_list = SSL_get_client_CA_list (client->ssl);
cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
- if (cert != NULL)
- set_certificate = TRUE;
- else
+ if (!cert)
{
- g_clear_error (&tls->certificate_error);
- if (g_tls_connection_openssl_request_certificate (openssl, &tls->certificate_error))
- {
- cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
- set_certificate = (cert != NULL);
- }
+ if (g_tls_connection_base_handshake_thread_request_certificate (tls))
+ cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (client));
}
- if (set_certificate)
+ if (cert)
{
EVP_PKEY *key;
key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
- /* increase ref count */
+
+ if (key != NULL)
+ {
+ /* increase ref count */
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
- CRYPTO_add (&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_add (&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
#else
- EVP_PKEY_up_ref (key);
+ EVP_PKEY_up_ref (key);
#endif
- *pkey = key;
+ *pkey = key;
- *x509 = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
+ *x509 = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
- return 1;
+ return 1;
+ }
}
- return 0;
-}
-
-static int
-generate_session_id (SSL *ssl,
- unsigned char *id,
- unsigned int *id_len)
-{
- GTlsClientConnectionOpenssl *client;
- GTlsClientConnectionOpensslPrivate *priv;
- int len;
+ g_tls_connection_base_handshake_thread_set_missing_requested_client_certificate (tls);
- client = SSL_get_ex_data (ssl, data_index);
- priv = g_tls_client_connection_openssl_get_instance_private (client);
-
- len = MIN (*id_len, g_bytes_get_size (priv->session_id));
- memcpy (id, g_bytes_get_data (priv->session_id, NULL), len);
-
- return 1;
+ return 0;
}
static gboolean
set_cipher_list (GTlsClientConnectionOpenssl *client,
GError **error)
{
- GTlsClientConnectionOpensslPrivate *priv;
const gchar *cipher_list;
- priv = g_tls_client_connection_openssl_get_instance_private (client);
-
cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
- if (cipher_list == NULL)
- cipher_list = DEFAULT_CIPHER_LIST;
+ if (cipher_list)
+ {
+ if (!SSL_CTX_set_cipher_list (client->ssl_ctx, cipher_list))
+ {
+ char error_buffer[256];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not set TLS cipher list: %s"),
+ error_buffer);
+ return FALSE;
+ }
+ }
- if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+ return TRUE;
+}
+
+static gboolean
+set_max_protocol (GTlsClientConnectionOpenssl *client,
+ GError **error)
+{
+#ifdef SSL_CTX_set_max_proto_version
+ const gchar *proto;
+
+ proto = g_getenv ("G_TLS_OPENSSL_MAX_PROTO");
+ if (proto)
{
- g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
- _("Could not create TLS context: %s"),
- ERR_error_string (ERR_get_error (), NULL));
- return FALSE;
+ gint64 version = g_ascii_strtoll (proto, NULL, 0);
+
+ if (version > 0 && version < G_MAXINT)
+ {
+ if (!SSL_CTX_set_max_proto_version (client->ssl_ctx, (int)version))
+ {
+ char error_buffer[256];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not set MAX protocol to %d: %s"),
+ (int)version, error_buffer);
+ return FALSE;
+ }
+ }
}
+#endif
return TRUE;
}
static void
set_signature_algorithm_list (GTlsClientConnectionOpenssl *client)
{
- GTlsClientConnectionOpensslPrivate *priv;
const gchar *signature_algorithm_list;
- priv = g_tls_client_connection_openssl_get_instance_private (client);
-
signature_algorithm_list = g_getenv ("G_TLS_OPENSSL_SIGNATURE_ALGORITHM_LIST");
- if (signature_algorithm_list == NULL)
+ if (!signature_algorithm_list)
return;
- SSL_CTX_set1_sigalgs_list (priv->ssl_ctx, signature_algorithm_list);
+ SSL_CTX_set1_sigalgs_list (client->ssl_ctx, signature_algorithm_list);
}
#endif
static void
set_curve_list (GTlsClientConnectionOpenssl *client)
{
- GTlsClientConnectionOpensslPrivate *priv;
const gchar *curve_list;
- priv = g_tls_client_connection_openssl_get_instance_private (client);
-
curve_list = g_getenv ("G_TLS_OPENSSL_CURVE_LIST");
- if (curve_list == NULL)
+ if (!curve_list)
return;
- SSL_CTX_set1_curves_list (priv->ssl_ctx, curve_list);
+ SSL_CTX_set1_curves_list (client->ssl_ctx, curve_list);
}
#endif
static gboolean
-use_ocsp (void)
-{
- return g_getenv ("G_TLS_OPENSSL_OCSP_ENABLED") != NULL;
-}
-
-static gboolean
g_tls_client_connection_openssl_initable_init (GInitable *initable,
GCancellable *cancellable,
GError **error)
{
GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
- GTlsClientConnectionOpensslPrivate *priv;
long options;
const char *hostname;
+ char error_buffer[256];
- priv = g_tls_client_connection_openssl_get_instance_private (client);
-
- priv->session = SSL_SESSION_new ();
+ client->session = SSL_SESSION_new ();
- priv->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
- if (priv->ssl_ctx == NULL)
+ client->ssl_ctx = SSL_CTX_new (g_tls_connection_base_is_dtls (G_TLS_CONNECTION_BASE (client))
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+ ? DTLS_client_method ()
+ : TLS_client_method ());
+#else
+ ? DTLSv1_client_method ()
+ : SSLv23_client_method ());
+#endif
+ if (!client->ssl_ctx)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS context: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
if (!set_cipher_list (client, error))
return FALSE;
+ if (!set_max_protocol (client, error))
+ return FALSE;
+
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SSLv2 |
SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1;
- SSL_CTX_set_options (priv->ssl_ctx, options);
+ SSL_CTX_set_options (client->ssl_ctx, options);
- SSL_CTX_clear_options (priv->ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
+ SSL_CTX_clear_options (client->ssl_ctx, SSL_OP_LEGACY_SERVER_CONNECT);
hostname = get_server_identity (client);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined (LIBRESSL_VERSION_NUMBER)
if (hostname)
{
X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_new ();
X509_VERIFY_PARAM_set1_host (param, hostname, 0);
- SSL_CTX_set1_param (priv->ssl_ctx, param);
+ SSL_CTX_set1_param (client->ssl_ctx, param);
X509_VERIFY_PARAM_free (param);
}
-#endif
- SSL_CTX_set_generate_session_id (priv->ssl_ctx, (GEN_SESSION_CB)generate_session_id);
+ SSL_CTX_add_session (client->ssl_ctx, client->session);
- SSL_CTX_add_session (priv->ssl_ctx, priv->session);
-
- SSL_CTX_set_client_cert_cb (priv->ssl_ctx, retrieve_certificate);
+ SSL_CTX_set_client_cert_cb (client->ssl_ctx, handshake_thread_retrieve_certificate);
#ifdef SSL_CTX_set1_sigalgs_list
set_signature_algorithm_list (client);
set_curve_list (client);
#endif
- priv->ssl = SSL_new (priv->ssl_ctx);
- if (priv->ssl == NULL)
+ client->ssl = SSL_new (client->ssl_ctx);
+ if (!client->ssl)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS connection: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
if (data_index == -1) {
data_index = SSL_get_ex_new_index (0, (void *)"gtlsclientconnection", NULL, NULL, NULL);
}
- SSL_set_ex_data (priv->ssl, data_index, client);
+ SSL_set_ex_data (client->ssl, data_index, client);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- if (hostname)
- SSL_set_tlsext_host_name (priv->ssl, hostname);
+ if (hostname && !g_hostname_is_ip_address (hostname))
+ SSL_set_tlsext_host_name (client->ssl, hostname);
#endif
- SSL_set_connect_state (priv->ssl);
+ SSL_set_connect_state (client->ssl);
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
!defined(OPENSSL_NO_OCSP)
- if (use_ocsp())
- SSL_set_tlsext_status_type (priv->ssl, TLSEXT_STATUSTYPE_ocsp);
+ SSL_set_tlsext_status_type (client->ssl, TLSEXT_STATUSTYPE_ocsp);
#endif
if (!g_tls_client_connection_openssl_parent_initable_iface->
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsclientconnection-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_CLIENT_CONNECTION_OPENSSL_H__
-#define __G_TLS_CLIENT_CONNECTION_OPENSSL_H__
+#pragma once
#include "gtlsconnection-openssl.h"
G_BEGIN_DECLS
#define G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL (g_tls_client_connection_openssl_get_type ())
-#define G_TLS_CLIENT_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpenssl))
-#define G_TLS_CLIENT_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpensslClass))
-#define G_IS_TLS_CLIENT_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL))
-#define G_IS_TLS_CLIENT_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL))
-#define G_TLS_CLIENT_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CLIENT_CONNECTION_OPENSSL, GTlsClientConnectionOpensslClass))
-typedef struct _GTlsClientConnectionOpensslClass GTlsClientConnectionOpensslClass;
-typedef struct _GTlsClientConnectionOpenssl GTlsClientConnectionOpenssl;
-
-struct _GTlsClientConnectionOpensslClass
-{
- GTlsConnectionOpensslClass parent_class;
-};
-
-struct _GTlsClientConnectionOpenssl
-{
- GTlsConnectionOpenssl parent_instance;
-};
-
-GType g_tls_client_connection_openssl_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsClientConnectionOpenssl, g_tls_client_connection_openssl, G, TLS_CLIENT_CONNECTION_OPENSSL, GTlsConnectionOpenssl)
G_END_DECLS
-
-#endif /* __G_TLS_CLIENT_CONNECTION_OPENSSL_H___ */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsconnection-openssl.c
*
#include "gtlsconnection-openssl.h"
#include "gtlsbackend-openssl.h"
#include "gtlscertificate-openssl.h"
-#include "gtlsfiledatabase-openssl.h"
+#include "gtlsdatabase-openssl.h"
#include "gtlsbio.h"
+#include "gtlslog.h"
#include <glib/gi18n-lib.h>
+#define DTLS_MESSAGE_MAX_SIZE 65536
+
typedef struct _GTlsConnectionOpensslPrivate
{
BIO *bio;
-
- GTlsCertificate *peer_certificate_tmp;
- GTlsCertificateFlags peer_certificate_errors_tmp;
+ guint8 *dtls_rx;
+ guint8 *dtls_tx;
+ GMutex ssl_mutex;
gboolean shutting_down;
} GTlsConnectionOpensslPrivate;
+typedef int (*GTlsOpensslIOFunc) (SSL *ssl, gpointer user_data);
+
+typedef struct _ReadRequest
+{
+ void *buffer;
+ gsize count;
+} ReadRequest;
+
+typedef struct _WriteRequest
+{
+ const void *buffer;
+ gsize count;
+} WriteRequest;
+
static void g_tls_connection_openssl_initable_iface_init (GInitableIface *iface);
G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionOpenssl, g_tls_connection_openssl, G_TYPE_TLS_CONNECTION_BASE,
priv = g_tls_connection_openssl_get_instance_private (openssl);
- g_clear_object (&priv->peer_certificate_tmp);
+ g_free (priv->dtls_rx);
+ g_free (priv->dtls_tx);
+ g_mutex_clear (&priv->ssl_mutex);
G_OBJECT_CLASS (g_tls_connection_openssl_parent_class)->finalize (object);
}
-static GTlsConnectionBaseStatus
-end_openssl_io (GTlsConnectionOpenssl *openssl,
- GIOCondition direction,
- int ret,
- GError **error,
- const char *err_fmt,
- ...) G_GNUC_PRINTF(5, 6);
+static GTlsSafeRenegotiationStatus
+g_tls_connection_openssl_handshake_thread_safe_renegotiation_status (GTlsConnectionBase *tls)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ SSL *ssl;
+
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
+
+ return SSL_get_secure_renegotiation_support (ssl) ? G_TLS_SAFE_RENEGOTIATION_SUPPORTED_BY_PEER
+ : G_TLS_SAFE_RENEGOTIATION_UNSUPPORTED;
+}
static GTlsConnectionBaseStatus
end_openssl_io (GTlsConnectionOpenssl *openssl,
GIOCondition direction,
int ret,
+ gboolean blocking,
GError **error,
- const char *err_fmt,
- ...)
+ const char *err_prefix,
+ const char *err_str)
{
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (openssl);
GTlsConnectionOpensslPrivate *priv;
status = g_tls_connection_base_pop_io (tls, direction, ret > 0, &my_error);
- /* NOTE: this is tricky! The tls bio will set to retry if the operation
- * would block, and we would get an error code with WANT_READ or WANT_WRITE,
- * though if in that case we try again we would end up in an infinite loop
- * since we will not let the glib main loop to do its stuff and we would
- * be getting a would block forever. Instead we need to also check the error
- * we get from the socket operation to understand whether to try again. See
- * that we propagate the WOULD_BLOCK error a bit more down.
- */
if ((err_code == SSL_ERROR_WANT_READ ||
err_code == SSL_ERROR_WANT_WRITE) &&
- status != G_TLS_CONNECTION_BASE_WOULD_BLOCK)
+ blocking)
{
if (my_error)
g_error_free (my_error);
}
/* This case is documented that it may happen and that is perfectly fine */
- if (err_code == SSL_ERROR_SYSCALL && priv->shutting_down && !my_error)
- return G_TLS_CONNECTION_BASE_OK;
+ if (err_code == SSL_ERROR_SYSCALL &&
+ (priv->shutting_down && (!my_error || g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))))
+ {
+ g_clear_error (&my_error);
+ return G_TLS_CONNECTION_BASE_OK;
+ }
err = ERR_get_error ();
err_lib = ERR_GET_LIB (err);
reason = ERR_GET_REASON (err);
- if (tls->handshaking && !tls->ever_handshaked)
+ if (g_tls_connection_base_is_handshaking (tls) && !g_tls_connection_base_ever_handshaked (tls))
{
- if (reason == SSL_R_BAD_PACKET_LENGTH ||
- reason == SSL_R_UNKNOWN_ALERT_TYPE ||
- reason == SSL_R_DECRYPTION_FAILED ||
- reason == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ||
- reason == SSL_R_BAD_PROTOCOL_VERSION_NUMBER ||
- reason == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ||
- reason == SSL_R_UNKNOWN_PROTOCOL)
+ if (reason == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE && my_error)
+ {
+ g_propagate_error (error, my_error);
+ return G_TLS_CONNECTION_BASE_ERROR;
+ }
+ else if (reason == SSL_R_BAD_PACKET_LENGTH ||
+ reason == SSL_R_UNKNOWN_ALERT_TYPE ||
+ reason == SSL_R_DECRYPTION_FAILED ||
+ reason == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ||
+ reason == SSL_R_BAD_PROTOCOL_VERSION_NUMBER ||
+ reason == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ||
+ reason == SSL_R_UNKNOWN_PROTOCOL)
{
g_clear_error (&my_error);
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
- _("Peer failed to perform TLS handshake"));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
+ _("Peer failed to perform TLS handshake: %s"), ERR_reason_error_string (err));
return G_TLS_CONNECTION_BASE_ERROR;
}
}
return status;
}
+ if (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)
+ {
+ g_clear_error (&my_error);
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Unacceptable TLS certificate"));
+ return G_TLS_CONNECTION_BASE_ERROR;
+ }
+
+ if (reason == SSL_R_TLSV1_ALERT_UNKNOWN_CA)
+ {
+ g_clear_error (&my_error);
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Unacceptable TLS certificate authority"));
+ return G_TLS_CONNECTION_BASE_ERROR;
+ }
+
if (err_lib == ERR_LIB_RSA && reason == RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
{
g_clear_error (&my_error);
return G_TLS_CONNECTION_BASE_ERROR;
}
- if (my_error != NULL)
+#ifdef SSL_R_NO_RENEGOTIATION
+ if (reason == SSL_R_NO_RENEGOTIATION)
+ {
+ g_clear_error (&my_error);
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Secure renegotiation is disabled"));
+ return G_TLS_CONNECTION_BASE_REHANDSHAKE;
+ }
+#endif
+
+ if (my_error)
g_propagate_error (error, my_error);
- else
- /* FIXME: this is just for debug */
- g_message ("end_openssl_io %s: %d, %d, %d", G_IS_TLS_CLIENT_CONNECTION (openssl) ? "client" : "server", err_code, err_lib, reason);
- if (error && !*error)
+ if (ret == 0 && err == 0 && err_lib == 0 && err_code == SSL_ERROR_SYSCALL
+ && (direction == G_IO_IN || direction == G_IO_OUT))
{
- va_list ap;
-
- va_start (ap, err_fmt);
- *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
- va_end (ap);
+ /* SSL_ERROR_SYSCALL usually means we have no bloody idea what has happened
+ * but when ret for read or write is 0 and all others error codes as well
+ * - this is normally Early EOF condition
+ */
+ if (!g_tls_connection_get_require_close_notify (G_TLS_CONNECTION (openssl)))
+ return G_TLS_CONNECTION_BASE_OK;
+
+ if (error && !*error)
+ *error = g_error_new (G_TLS_ERROR, G_TLS_ERROR_EOF, _("%s: The connection is broken"), err_prefix);
}
+ else if (error && !*error)
+ *error = g_error_new (G_TLS_ERROR, G_TLS_ERROR_MISC, "%s: %s", err_prefix, err_str);
return G_TLS_CONNECTION_BASE_ERROR;
}
-#define BEGIN_OPENSSL_IO(openssl, direction, blocking, cancellable) \
- g_tls_connection_base_push_io (G_TLS_CONNECTION_BASE (openssl), \
- direction, blocking, cancellable); \
- do { \
- char error_str[256];
-
-#define END_OPENSSL_IO(openssl, direction, ret, status, errmsg, err) \
- ERR_error_string_n (SSL_get_error (ssl, ret), error_str, sizeof(error_str)); \
- status = end_openssl_io (openssl, direction, ret, err, errmsg, error_str); \
- } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
-
static GTlsConnectionBaseStatus
-g_tls_connection_openssl_request_rehandshake (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error)
+perform_openssl_io (GTlsConnectionOpenssl *openssl,
+ GIOCondition direction,
+ GTlsOpensslIOFunc perform_func,
+ gpointer perform_data,
+ gint64 timeout,
+ GCancellable *cancellable,
+ int *out_ret,
+ GError **error,
+ const char *err_prefix)
{
- GTlsConnectionOpenssl *openssl;
GTlsConnectionBaseStatus status;
+ GTlsConnectionBase *tls;
+ GTlsConnectionOpensslPrivate *priv;
SSL *ssl;
+ gint64 deadline;
int ret;
- /* On a client-side connection, SSL_renegotiate() itself will start
- * a rehandshake, so we only need to do something special here for
- * server-side connections.
- */
- if (!G_IS_TLS_SERVER_CONNECTION (tls))
- return G_TLS_CONNECTION_BASE_OK;
+ tls = G_TLS_CONNECTION_BASE (openssl);
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+ ssl = g_tls_connection_openssl_get_ssl (openssl);
- openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ if (timeout >= 0)
+ deadline = g_get_monotonic_time () + timeout;
+ else
+ deadline = -1;
- if (tls->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
+ while (TRUE)
{
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
- _("Peer requested illegal TLS rehandshake"));
- return G_TLS_CONNECTION_BASE_ERROR;
+ GIOCondition io_needed;
+ char error_str[256];
+ struct timeval tv;
+ gint64 io_timeout;
+
+ g_tls_connection_base_push_io (tls, direction, 0, cancellable);
+
+ if (g_tls_connection_base_is_dtls (tls))
+ DTLSv1_handle_timeout (ssl);
+
+ ret = perform_func (ssl, perform_data);
+
+ switch (SSL_get_error (ssl, ret))
+ {
+ case SSL_ERROR_WANT_READ:
+ io_needed = G_IO_IN;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ io_needed = G_IO_OUT;
+ break;
+ default:
+ io_needed = 0;
+ break;
+ }
+
+ ERR_error_string_n (SSL_get_error (ssl, ret), error_str,
+ sizeof (error_str));
+ status = end_openssl_io (openssl, direction, ret, TRUE, error, err_prefix,
+ error_str);
+
+ if (status != G_TLS_CONNECTION_BASE_TRY_AGAIN)
+ break;
+
+ if (g_tls_connection_base_is_dtls (tls) && DTLSv1_get_timeout (ssl, &tv))
+ io_timeout = (tv.tv_sec * G_USEC_PER_SEC) + tv.tv_usec;
+ else
+ io_timeout = -1;
+
+ if (deadline != -1)
+ {
+ gint64 remaining = MAX (deadline - g_get_monotonic_time (), 0);
+
+ if (io_timeout != -1)
+ io_timeout = MIN (io_timeout, remaining);
+ else
+ io_timeout = remaining;
+ }
+
+ if (io_timeout == 0)
+ break;
+
+ g_tls_bio_wait_available (priv->bio, io_needed, io_timeout, cancellable);
}
- ssl = g_tls_connection_openssl_get_ssl (openssl);
+ if (status == G_TLS_CONNECTION_BASE_TRY_AGAIN)
+ {
+ if (timeout == 0)
+ {
+ status = G_TLS_CONNECTION_BASE_WOULD_BLOCK;
+ g_clear_error (error);
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
+ "Operation would block");
+ }
+ else if (timeout > 0)
+ {
+ status = G_TLS_CONNECTION_BASE_TIMED_OUT;
+ g_clear_error (error);
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT,
+ _("Socket I/O timed out"));
+ }
+ }
- BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
- ret = SSL_renegotiate (ssl);
- END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
- _("Error performing TLS handshake: %s"), error);
+ if (out_ret)
+ *out_ret = ret;
return status;
}
+static int
+_openssl_alpn_select_cb (SSL *ssl,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg)
+{
+ GTlsConnectionBase *tls = arg;
+ int ret = SSL_TLSEXT_ERR_NOACK;
+ gchar **advertised_protocols = NULL;
+ gchar *logbuf;
+
+ logbuf = g_strndup ((const gchar *)in, inlen);
+ g_tls_log_debug (tls, "ALPN their protocols: %s", logbuf);
+ g_free (logbuf);
+
+ g_object_get (G_OBJECT (tls),
+ "advertised-protocols", &advertised_protocols,
+ NULL);
+
+ if (!advertised_protocols)
+ return ret;
+
+ if (g_strv_length (advertised_protocols) > 0)
+ {
+ GByteArray *protocols = g_byte_array_new ();
+ int i;
+ guint8 slen = 0;
+ guint8 *spd = NULL;
+
+ for (i = 0; advertised_protocols[i]; i++)
+ {
+ guint8 len = strlen (advertised_protocols[i]);
+ g_byte_array_append (protocols, &len, 1);
+ g_byte_array_append (protocols,
+ (guint8 *)advertised_protocols[i],
+ len);
+ }
+ logbuf = g_strndup ((const gchar *)protocols->data, protocols->len);
+ g_tls_log_debug (tls, "ALPN our protocols: %s", logbuf);
+ g_free (logbuf);
+
+ /* pointer to memory inside in[0..inlen] is returned on success
+ * pointer to protocols->data is returned on failure */
+ ret = SSL_select_next_proto (&spd, &slen,
+ in, inlen,
+ protocols->data, protocols->len);
+ if (ret == OPENSSL_NPN_NEGOTIATED)
+ {
+ logbuf = g_strndup ((const gchar *)spd, slen);
+ g_tls_log_debug (tls, "ALPN selected protocol %s", logbuf);
+ g_free (logbuf);
+
+ ret = SSL_TLSEXT_ERR_OK;
+ *out = spd;
+ *outlen = slen;
+ }
+ else
+ {
+ g_tls_log_debug (tls, "ALPN no matching protocol");
+ ret = SSL_TLSEXT_ERR_NOACK;
+ }
+
+ g_byte_array_unref (protocols);
+ }
+
+ g_strfreev (advertised_protocols);
+ return ret;
+}
+
+static void
+g_tls_connection_openssl_prepare_handshake (GTlsConnectionBase *tls,
+ gchar **advertised_protocols)
+{
+ SSL *ssl;
+
+ if (!advertised_protocols)
+ return;
+
+ ssl = g_tls_connection_openssl_get_ssl (G_TLS_CONNECTION_OPENSSL (tls));
+
+ if (G_IS_TLS_SERVER_CONNECTION (tls))
+ {
+ SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
+
+ g_tls_log_debug (tls, "Setting ALPN Callback on %p", ctx);
+ SSL_CTX_set_alpn_select_cb (ctx, _openssl_alpn_select_cb, tls);
+
+ return;
+ }
+
+ if (g_strv_length (advertised_protocols) > 0)
+ {
+ GByteArray *protocols = g_byte_array_new ();
+ int ret, i;
+
+ for (i = 0; advertised_protocols[i]; i++)
+ {
+ guint8 len = strlen (advertised_protocols[i]);
+ g_byte_array_append (protocols, &len, 1);
+ g_byte_array_append (protocols, (guint8 *)advertised_protocols[i], len);
+ }
+ ret = SSL_set_alpn_protos (ssl, protocols->data, protocols->len);
+ if (ret)
+ g_tls_log_debug (tls, "Error setting ALPN protocols: %d", ret);
+ else
+ {
+ gchar *logbuf = g_strndup ((const gchar *)protocols->data, protocols->len);
+
+ g_tls_log_debug (tls, "Setting ALPN protocols to %s", logbuf);
+ g_free (logbuf);
+ }
+ g_byte_array_unref (protocols);
+ }
+}
+
+static GTlsCertificateFlags
+g_tls_connection_openssl_verify_chain (GTlsConnectionBase *tls,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDatabase *database;
+ GTlsCertificateFlags errors = 0;
+ gboolean is_client = G_IS_TLS_CLIENT_CONNECTION (tls);
+
+ database = g_tls_connection_get_database (G_TLS_CONNECTION (tls));
+ if (database)
+ {
+ errors |= g_tls_database_verify_chain (database,
+ chain,
+ is_client ? G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER : G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
+ identity,
+ g_tls_connection_get_interaction (G_TLS_CONNECTION (tls)),
+ G_TLS_DATABASE_VERIFY_NONE,
+ NULL,
+ error);
+ }
+ else
+ {
+ errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
+ errors |= g_tls_certificate_verify (chain, identity, NULL);
+ }
+
+ return errors;
+}
+
+static GTlsProtocolVersion
+glib_protocol_version_from_openssl (int protocol_version)
+{
+ switch (protocol_version)
+ {
+ case SSL3_VERSION:
+ return G_TLS_PROTOCOL_VERSION_SSL_3_0;
+ case TLS1_VERSION:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_0;
+ case TLS1_1_VERSION:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_1;
+ case TLS1_2_VERSION:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_2;
+ case TLS1_3_VERSION:
+ return G_TLS_PROTOCOL_VERSION_TLS_1_3;
+ case DTLS1_VERSION:
+ return G_TLS_PROTOCOL_VERSION_DTLS_1_0;
+ case DTLS1_2_VERSION:
+ return G_TLS_PROTOCOL_VERSION_DTLS_1_2;
+ default:
+ return G_TLS_PROTOCOL_VERSION_UNKNOWN;
+ }
+}
+
+static void
+g_tls_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
+ gboolean handshake_succeeded,
+ gchar **negotiated_protocol,
+ GTlsProtocolVersion *protocol_version,
+ gchar **ciphersuite_name,
+ GError **error)
+{
+ SSL *ssl;
+ SSL_SESSION *session;
+ unsigned int len = 0;
+ const unsigned char *data = NULL;
+
+ if (!handshake_succeeded)
+ return;
+
+ ssl = g_tls_connection_openssl_get_ssl (G_TLS_CONNECTION_OPENSSL (tls));
+ session = SSL_get_session (ssl);
+
+ SSL_get0_alpn_selected (ssl, &data, &len);
+
+ g_tls_log_debug (tls, "negotiated ALPN protocols: [%d]%p", len, data);
+
+ if (data && len > 0)
+ {
+ g_assert (!*negotiated_protocol);
+ *negotiated_protocol = g_strndup ((gchar *)data, len);
+ }
+
+ *protocol_version = glib_protocol_version_from_openssl (SSL_SESSION_get_protocol_version (session));
+ *ciphersuite_name = g_strdup (SSL_get_cipher_name (ssl));
+}
+
+static int
+perform_rehandshake (SSL *ssl,
+ gpointer user_data)
+{
+ GTlsConnectionBase *tls = user_data;
+ int ret = 1; /* always look on the bright side of life */
+
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ if (SSL_version(ssl) >= TLS1_3_VERSION)
+ ret = SSL_key_update (ssl, SSL_KEY_UPDATE_REQUESTED);
+ else if (SSL_get_secure_renegotiation_support (ssl) && !(SSL_get_options(ssl) & SSL_OP_NO_RENEGOTIATION))
+ /* remote and local peers both can rehandshake */
+ ret = SSL_renegotiate (ssl);
+ else
+ g_tls_log_debug (tls, "Secure renegotiation is not supported");
+#else
+ ret = SSL_renegotiate (ssl);
+#endif
+
+ return ret;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_handshake_thread_request_rehandshake (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ /* On a client-side connection, SSL_renegotiate() itself will start
+ * a rehandshake, so we only need to do something special here for
+ * server-side connections.
+ */
+ if (!G_IS_TLS_SERVER_CONNECTION (tls))
+ return G_TLS_CONNECTION_BASE_OK;
+
+ return perform_openssl_io (G_TLS_CONNECTION_OPENSSL (tls), G_IO_IN | G_IO_OUT,
+ perform_rehandshake, tls, timeout, cancellable,
+ NULL, error, _("Error performing TLS handshake"));
+}
+
static GTlsCertificate *
-get_peer_certificate (GTlsConnectionOpenssl *openssl)
+g_tls_connection_openssl_retrieve_peer_certificate (GTlsConnectionBase *tls)
{
X509 *peer;
STACK_OF (X509) *certs;
GTlsCertificateOpenssl *chain;
SSL *ssl;
- ssl = g_tls_connection_openssl_get_ssl (openssl);
+ ssl = g_tls_connection_openssl_get_ssl (G_TLS_CONNECTION_OPENSSL (tls));
peer = SSL_get_peer_certificate (ssl);
- if (peer == NULL)
+ if (!peer)
return NULL;
certs = SSL_get_peer_cert_chain (ssl);
- if (certs == NULL)
+ if (!certs)
{
X509_free (peer);
return NULL;
return G_TLS_CERTIFICATE (chain);
}
-static GTlsCertificateFlags
-verify_ocsp_response (GTlsConnectionOpenssl *openssl,
- GTlsDatabase *database,
- GTlsCertificate *peer_certificate)
+static gboolean
+openssl_get_binding_tls_unique (GTlsConnectionOpenssl *tls,
+ GByteArray *data,
+ GError **error)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
- !defined(OPENSSL_NO_OCSP)
- SSL *ssl = NULL;
- OCSP_RESPONSE *resp = NULL;
- long len = 0;
- unsigned char *p = NULL;
+ SSL *ssl = g_tls_connection_openssl_get_ssl (tls);
+ gboolean is_client = G_IS_TLS_CLIENT_CONNECTION (tls);
+ gboolean resumed = SSL_session_reused (ssl);
+ size_t len = 64;
- ssl = g_tls_connection_openssl_get_ssl (openssl);
- len = SSL_get_tlsext_status_ocsp_resp (ssl, &p);
- /* Soft fail in case of no response is the best we can do */
- if (p == NULL)
- return 0;
-
- resp = d2i_OCSP_RESPONSE (NULL, (const unsigned char **) &p, len);
- if (resp == NULL)
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- return g_tls_file_database_openssl_verify_ocsp_response (database,
- peer_certificate,
- resp);
-#else
- return 0;
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ if (SSL_version (ssl) >= TLS1_3_VERSION)
+ {
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ _("The request is invalid."));
+ return FALSE;
+ }
#endif
+
+ /* This is a drill */
+ if (!data)
+ return TRUE;
+
+ do {
+ g_byte_array_set_size (data, len);
+ if ((resumed && is_client) || (!resumed && !is_client))
+ len = SSL_get_peer_finished (ssl, data->data, data->len);
+ else
+ len = SSL_get_finished (ssl, data->data, data->len);
+ } while (len > data->len);
+
+ if (len > 0)
+ {
+ g_byte_array_set_size (data, len);
+ return TRUE;
+ }
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_AVAILABLE,
+ _("Channel binding data tls-unique is not available"));
+ return FALSE;
}
-static GTlsCertificateFlags
-verify_peer_certificate (GTlsConnectionOpenssl *openssl,
- GTlsCertificate *peer_certificate)
+static gboolean
+openssl_get_binding_tls_server_end_point (GTlsConnectionOpenssl *tls,
+ GByteArray *data,
+ GError **error)
{
- GTlsConnection *conn = G_TLS_CONNECTION (openssl);
- GSocketConnectable *peer_identity;
- GTlsDatabase *database;
- GTlsCertificateFlags errors;
- gboolean is_client;
+ SSL *ssl = g_tls_connection_openssl_get_ssl (tls);
+ gboolean is_client = G_IS_TLS_CLIENT_CONNECTION (tls);
+ int algo_nid;
+ const EVP_MD *algo = NULL;
+ X509 *crt;
- is_client = G_IS_TLS_CLIENT_CONNECTION (openssl);
if (is_client)
- peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (openssl));
+ crt = SSL_get_peer_certificate (ssl);
else
- peer_identity = NULL;
+ crt = SSL_get_certificate (ssl);
- errors = 0;
+ if (!crt)
+ {
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_AVAILABLE,
+ _("X.509 Certificate is not available on the connection"));
+ return FALSE;
+ }
- database = g_tls_connection_get_database (conn);
- if (database == NULL)
+ if (!OBJ_find_sigid_algs (X509_get_signature_nid (crt), &algo_nid, NULL))
{
- errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
- errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL);
+ X509_free (crt);
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ _("Unable to obtain certificate signature algorithm"));
+ return FALSE;
}
- else
+
+ /* This is a drill */
+ if (!data)
{
- GError *error = NULL;
+ if (is_client)
+ X509_free (crt);
+ return TRUE;
+ }
- errors |= g_tls_database_verify_chain (database, peer_certificate,
- is_client ?
- G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
- G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
- peer_identity,
- g_tls_connection_get_interaction (conn),
- G_TLS_DATABASE_VERIFY_NONE,
- NULL, &error);
- if (error)
- {
- g_warning ("failure verifying certificate chain: %s",
- error->message);
- g_assert (errors != 0);
- g_clear_error (&error);
- }
+ switch (algo_nid)
+ {
+ case NID_md5:
+ case NID_sha1:
+ algo_nid = NID_sha256;
+ break;
+ case NID_md5_sha1:
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_SUPPORTED,
+ _("Current X.509 certificate uses unknown or unsupported signature algorithm"));
+ if (is_client)
+ X509_free (crt);
+ return FALSE;
}
- if (is_client && (errors == 0))
- errors = verify_ocsp_response (openssl, database, peer_certificate);
+ g_byte_array_set_size (data, EVP_MAX_MD_SIZE);
+ algo = EVP_get_digestbynid (algo_nid);
+ if (X509_digest (crt, algo, data->data, &(data->len)))
+ {
+ if (is_client)
+ X509_free (crt);
+ return TRUE;
+ }
- return errors;
+ if (is_client)
+ X509_free (crt);
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ _("Failed to generate X.509 certificate digest"));
+ return FALSE;
}
-static GTlsConnectionBaseStatus
-g_tls_connection_openssl_handshake (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error)
+#define RFC5705_LABEL_DATA "EXPORTER-Channel-Binding"
+#define RFC5705_LABEL_LEN 24
+static gboolean
+openssl_get_binding_tls_exporter (GTlsConnectionOpenssl *tls,
+ GByteArray *data,
+ GError **error)
{
- GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
- GTlsConnectionOpensslPrivate *priv;
- GTlsConnectionBaseStatus status;
- SSL *ssl;
+ SSL *ssl = g_tls_connection_openssl_get_ssl (tls);
+ size_t ctx_len = 0;
+ guint8 *context = (guint8 *)"";
int ret;
- priv = g_tls_connection_openssl_get_instance_private (openssl);
-
- ssl = g_tls_connection_openssl_get_ssl (openssl);
+ if (!data)
+ return TRUE;
- BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
- ret = SSL_do_handshake (ssl);
- END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
- _("Error performing TLS handshake: %s"), error);
+ g_byte_array_set_size (data, 32);
+ ret = SSL_export_keying_material (ssl,
+ data->data, data->len,
+ RFC5705_LABEL_DATA, RFC5705_LABEL_LEN,
+ context, ctx_len,
+ 1 /* use context */);
if (ret > 0)
- {
- priv->peer_certificate_tmp = get_peer_certificate (openssl);
- if (priv->peer_certificate_tmp)
- priv->peer_certificate_errors_tmp = verify_peer_certificate (openssl, priv->peer_certificate_tmp);
- else if (G_IS_TLS_CLIENT_CONNECTION (openssl))
- {
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Server did not return a valid TLS certificate"));
- }
- }
+ return TRUE;
- return status;
+ if (ret < 0)
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_SUPPORTED,
+ _("TLS Connection does not support TLS-Exporter feature"));
+ else
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
+ _("Unexpected error while exporting keying data"));
+
+ return FALSE;
}
-static GTlsConnectionBaseStatus
-g_tls_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
- GError **error)
+static gboolean
+g_tls_connection_openssl_get_channel_binding_data (GTlsConnectionBase *tls,
+ GTlsChannelBindingType type,
+ GByteArray *data,
+ GError **error)
{
GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
- GTlsConnectionOpensslPrivate *priv;
- GTlsCertificate *peer_certificate;
- GTlsCertificateFlags peer_certificate_errors = 0;
- GTlsConnectionBaseStatus status = G_TLS_CONNECTION_BASE_OK;
- priv = g_tls_connection_openssl_get_instance_private (openssl);
+ /* XXX: remove the cast once public enum supports exporter */
+ switch ((int)type)
+ {
+ case G_TLS_CHANNEL_BINDING_TLS_UNIQUE:
+ return openssl_get_binding_tls_unique (openssl, data, error);
+ /* fall through */
+ case G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT:
+ return openssl_get_binding_tls_server_end_point (openssl, data, error);
+ /* fall through */
+ case 100500:
+ return openssl_get_binding_tls_exporter (openssl, data, error);
+ /* fall through */
+ default:
+ /* Anyone to implement tls-unique-for-telnet? */
+ g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
+ _("Requested channel binding type is not implemented"));
+ }
+ return FALSE;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_handshake_thread_handshake (GTlsConnectionBase *tls,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionBaseStatus status;
+ int ret;
- peer_certificate = priv->peer_certificate_tmp;
- priv->peer_certificate_tmp = NULL;
- peer_certificate_errors = priv->peer_certificate_errors_tmp;
- priv->peer_certificate_errors_tmp = 0;
+ status = perform_openssl_io (G_TLS_CONNECTION_OPENSSL (tls),
+ G_IO_IN | G_IO_OUT,
+ (GTlsOpensslIOFunc) SSL_do_handshake,
+ NULL, timeout, cancellable, &ret, error,
+ _("Error reading data from TLS socket"));
- if (peer_certificate)
+ if (ret > 0)
{
- if (!g_tls_connection_base_accept_peer_certificate (tls, peer_certificate,
- peer_certificate_errors))
+ if (!g_tls_connection_base_handshake_thread_verify_certificate (tls))
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Unacceptable TLS certificate"));
- status = G_TLS_CONNECTION_BASE_ERROR;
+ return G_TLS_CONNECTION_BASE_ERROR;
}
-
- g_tls_connection_base_set_peer_certificate (G_TLS_CONNECTION_BASE (openssl),
- peer_certificate,
- peer_certificate_errors);
- g_clear_object (&peer_certificate);
}
return status;
static void
g_tls_connection_openssl_push_io (GTlsConnectionBase *tls,
GIOCondition direction,
- gboolean blocking,
+ gint64 timeout,
GCancellable *cancellable)
{
GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
GTlsConnectionOpensslPrivate *priv;
+ GError **error;
priv = g_tls_connection_openssl_get_instance_private (openssl);
G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->push_io (tls, direction,
- blocking, cancellable);
+ timeout, cancellable);
if (direction & G_IO_IN)
{
+ error = g_tls_connection_base_get_read_error (tls);
g_tls_bio_set_read_cancellable (priv->bio, cancellable);
- g_tls_bio_set_read_blocking (priv->bio, blocking);
- g_clear_error (&tls->read_error);
- g_tls_bio_set_read_error (priv->bio, &tls->read_error);
+ g_clear_error (error);
+ g_tls_bio_set_read_error (priv->bio, error);
}
if (direction & G_IO_OUT)
{
+ error = g_tls_connection_base_get_write_error (tls);
g_tls_bio_set_write_cancellable (priv->bio, cancellable);
- g_tls_bio_set_write_blocking (priv->bio, blocking);
- g_clear_error (&tls->write_error);
- g_tls_bio_set_write_error (priv->bio, &tls->write_error);
+ g_clear_error (error);
+ g_tls_bio_set_write_error (priv->bio, error);
}
+
+ g_mutex_lock (&priv->ssl_mutex);
}
static GTlsConnectionBaseStatus
priv = g_tls_connection_openssl_get_instance_private (openssl);
+ g_mutex_unlock (&priv->ssl_mutex);
+
if (direction & G_IO_IN)
g_tls_bio_set_read_cancellable (priv->bio, NULL);
success, error);
}
+static int
+perform_read (SSL *ssl,
+ gpointer user_data)
+{
+ ReadRequest *req = user_data;
+
+ return SSL_read (ssl, req->buffer, req->count);
+}
+
static GTlsConnectionBaseStatus
g_tls_connection_openssl_read (GTlsConnectionBase *tls,
void *buffer,
gsize count,
- gboolean blocking,
+ gint64 timeout,
gssize *nread,
GCancellable *cancellable,
GError **error)
{
+ GTlsConnectionBaseStatus status;
+ ReadRequest req = { buffer, count };
+ int ret;
+
+ status = perform_openssl_io (G_TLS_CONNECTION_OPENSSL (tls), G_IO_IN,
+ perform_read, &req, timeout, cancellable, &ret,
+ error, _("Error reading data from TLS socket"));
+
+ *nread = MAX (ret, 0);
+ return status;
+}
+
+static GTlsConnectionBaseStatus
+g_tls_connection_openssl_read_message (GTlsConnectionBase *tls,
+ GInputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ gssize *nread,
+ GCancellable *cancellable,
+ GError **error)
+{
GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
GTlsConnectionBaseStatus status;
- SSL *ssl;
- gssize ret;
+ gssize bytes_read;
+ gsize bytes_copied, bytes_remaining;
+ guint i;
- ssl = g_tls_connection_openssl_get_ssl (openssl);
+ *nread = 0;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ if (!priv->dtls_rx)
+ priv->dtls_rx = g_malloc (DTLS_MESSAGE_MAX_SIZE);
+
+ status = g_tls_connection_openssl_read (tls, priv->dtls_rx,
+ DTLS_MESSAGE_MAX_SIZE, timeout,
+ &bytes_read, cancellable, error);
+ if (status != G_TLS_CONNECTION_BASE_OK)
+ return status;
- BEGIN_OPENSSL_IO (openssl, G_IO_IN, blocking, cancellable);
- ret = SSL_read (ssl, buffer, count);
- END_OPENSSL_IO (openssl, G_IO_IN, ret, status,
- _("Error reading data from TLS socket: %s"), error);
+ bytes_copied = 0;
+ bytes_remaining = bytes_read;
+ for (i = 0; i < num_vectors && bytes_remaining > 0; i++)
+ {
+ GInputVector *vector = &vectors[i];
+ gsize n;
+
+ n = MIN (bytes_remaining, vector->size);
+
+ memcpy (vector->buffer, priv->dtls_rx + bytes_copied, n);
+
+ bytes_copied += n;
+ bytes_remaining -= n;
+ }
+
+ *nread = bytes_copied;
- if (ret >= 0)
- *nread = ret;
return status;
}
+static int
+perform_write (SSL *ssl,
+ gpointer user_data)
+{
+ WriteRequest *req = user_data;
+
+ return SSL_write (ssl, req->buffer, req->count);
+}
+
static GTlsConnectionBaseStatus
g_tls_connection_openssl_write (GTlsConnectionBase *tls,
const void *buffer,
gsize count,
- gboolean blocking,
+ gint64 timeout,
gssize *nwrote,
GCancellable *cancellable,
GError **error)
{
- GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
GTlsConnectionBaseStatus status;
- SSL *ssl;
- gssize ret;
-
- ssl = g_tls_connection_openssl_get_ssl (openssl);
+ WriteRequest req = { buffer, count };
+ int ret;
- BEGIN_OPENSSL_IO (openssl, G_IO_OUT, blocking, cancellable);
- ret = SSL_write (ssl, buffer, count);
- END_OPENSSL_IO (openssl, G_IO_OUT, ret, status,
- _("Error writing data to TLS socket: %s"), error);
+ status = perform_openssl_io (G_TLS_CONNECTION_OPENSSL (tls), G_IO_OUT,
+ perform_write, &req, timeout, cancellable, &ret,
+ error, _("Error writing data to TLS socket"));
- if (ret >= 0)
- *nwrote = ret;
+ *nwrote = MAX (ret, 0);
return status;
}
static GTlsConnectionBaseStatus
+g_tls_connection_openssl_write_message (GTlsConnectionBase *tls,
+ GOutputVector *vectors,
+ guint num_vectors,
+ gint64 timeout,
+ gssize *nwrote,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
+ GTlsConnectionOpensslPrivate *priv;
+ gsize bytes_copied, bytes_available;
+ guint i;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ if (!priv->dtls_tx)
+ priv->dtls_tx = g_malloc (DTLS_MESSAGE_MAX_SIZE);
+
+ bytes_copied = 0;
+ bytes_available = DTLS_MESSAGE_MAX_SIZE;
+ for (i = 0; i < num_vectors && bytes_available > 0; i++)
+ {
+ GOutputVector *vector = &vectors[i];
+ gsize n;
+
+ n = MIN (vector->size, bytes_available);
+
+ memcpy (priv->dtls_tx + bytes_copied, vector->buffer, n);
+
+ bytes_copied += n;
+ bytes_available -= n;
+ }
+
+ return g_tls_connection_openssl_write (tls, priv->dtls_tx, bytes_copied,
+ timeout, nwrote, cancellable, error);
+}
+
+static GTlsConnectionBaseStatus
g_tls_connection_openssl_close (GTlsConnectionBase *tls,
+ gint64 timeout,
GCancellable *cancellable,
GError **error)
{
GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
GTlsConnectionOpensslPrivate *priv;
- GTlsConnectionBaseStatus status;
- SSL *ssl;
- int ret;
- ssl = g_tls_connection_openssl_get_ssl (openssl);
priv = g_tls_connection_openssl_get_instance_private (openssl);
priv->shutting_down = TRUE;
- BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
- ret = SSL_shutdown (ssl);
- END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
- _("Error performing TLS close: %s"), error);
-
- return status;
+ return perform_openssl_io (G_TLS_CONNECTION_OPENSSL (tls),
+ G_IO_IN | G_IO_OUT,
+ (GTlsOpensslIOFunc) SSL_shutdown,
+ NULL, timeout, cancellable, NULL, error,
+ _("Error performing TLS close"));
}
static void
g_tls_connection_openssl_class_init (GTlsConnectionOpensslClass *klass)
{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
- gobject_class->finalize = g_tls_connection_openssl_finalize;
-
- base_class->request_rehandshake = g_tls_connection_openssl_request_rehandshake;
- base_class->handshake = g_tls_connection_openssl_handshake;
- base_class->complete_handshake = g_tls_connection_openssl_complete_handshake;
- base_class->push_io = g_tls_connection_openssl_push_io;
- base_class->pop_io = g_tls_connection_openssl_pop_io;
- base_class->read_fn = g_tls_connection_openssl_read;
- base_class->write_fn = g_tls_connection_openssl_write;
- base_class->close_fn = g_tls_connection_openssl_close;
+ object_class->finalize = g_tls_connection_openssl_finalize;
+
+ base_class->prepare_handshake = g_tls_connection_openssl_prepare_handshake;
+ base_class->verify_chain = g_tls_connection_openssl_verify_chain;
+ base_class->complete_handshake = g_tls_connection_openssl_complete_handshake;
+ base_class->handshake_thread_safe_renegotiation_status = g_tls_connection_openssl_handshake_thread_safe_renegotiation_status;
+ base_class->handshake_thread_request_rehandshake = g_tls_connection_openssl_handshake_thread_request_rehandshake;
+ base_class->handshake_thread_handshake = g_tls_connection_openssl_handshake_thread_handshake;
+ base_class->retrieve_peer_certificate = g_tls_connection_openssl_retrieve_peer_certificate;
+ base_class->get_channel_binding_data = g_tls_connection_openssl_get_channel_binding_data;
+ base_class->push_io = g_tls_connection_openssl_push_io;
+ base_class->pop_io = g_tls_connection_openssl_pop_io;
+ base_class->read_fn = g_tls_connection_openssl_read;
+ base_class->read_message_fn = g_tls_connection_openssl_read_message;
+ base_class->write_fn = g_tls_connection_openssl_write;
+ base_class->write_message_fn = g_tls_connection_openssl_write_message;
+ base_class->close_fn = g_tls_connection_openssl_close;
}
+static int data_index = -1;
+
static gboolean
g_tls_connection_openssl_initable_init (GInitable *initable,
GCancellable *cancellable,
GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (initable);
GTlsConnectionOpensslPrivate *priv;
GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (initable);
+ GIOStream *base_io_stream;
+ GDatagramBased *base_socket;
SSL *ssl;
- g_return_val_if_fail (tls->base_istream != NULL &&
- tls->base_ostream != NULL, FALSE);
+ g_object_get (tls,
+ "base-io-stream", &base_io_stream,
+ "base-socket", &base_socket,
+ NULL);
+
+ /* Ensure we are in TLS mode or DTLS mode. */
+ g_return_val_if_fail (!!base_io_stream != !!base_socket, FALSE);
priv = g_tls_connection_openssl_get_instance_private (openssl);
ssl = g_tls_connection_openssl_get_ssl (openssl);
- g_assert (ssl != NULL);
+ g_assert (ssl);
- priv->bio = g_tls_bio_new (tls->base_io_stream);
+ if (data_index == -1) {
+ data_index = SSL_get_ex_new_index (0, (void *)"gtlsconnection", NULL, NULL, NULL);
+ }
+ SSL_set_ex_data (ssl, data_index, openssl);
+
+ if (base_io_stream)
+ priv->bio = g_tls_bio_new_from_iostream (base_io_stream);
+ else
+ priv->bio = g_tls_bio_new_from_datagram_based (base_socket);
SSL_set_bio (ssl, priv->bio, priv->bio);
+ g_clear_object (&base_io_stream);
+ g_clear_object (&base_socket);
+
return TRUE;
}
static void
g_tls_connection_openssl_init (GTlsConnectionOpenssl *openssl)
{
+ GTlsConnectionOpensslPrivate *priv;
+
+ priv = g_tls_connection_openssl_get_instance_private (openssl);
+
+ g_mutex_init (&priv->ssl_mutex);
}
SSL *
return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl (openssl);
}
-gboolean
-g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
- GError **error)
+GTlsConnectionOpenssl *
+g_tls_connection_openssl_get_connection_from_ssl (SSL *ssl)
{
- GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
- GTlsInteraction *interaction;
- GTlsConnection *conn;
- GTlsConnectionBase *tls;
-
- g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), FALSE);
-
- conn = G_TLS_CONNECTION (openssl);
- tls = G_TLS_CONNECTION_BASE (openssl);
-
- interaction = g_tls_connection_get_interaction (conn);
- if (!interaction)
- return FALSE;
+ g_return_val_if_fail (ssl, NULL);
- res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
- tls->read_cancellable, error);
- return res != G_TLS_INTERACTION_FAILED;
+ return SSL_get_ex_data (ssl, data_index);
}
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsconnection-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_CONNECTION_OPENSSL_H__
-#define __G_TLS_CONNECTION_OPENSSL_H__
+#pragma once
#include <gio/gio.h>
G_BEGIN_DECLS
#define G_TYPE_TLS_CONNECTION_OPENSSL (g_tls_connection_openssl_get_type ())
-#define G_TLS_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpenssl))
-#define G_TLS_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpensslClass))
-#define G_IS_TLS_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_CONNECTION_OPENSSL))
-#define G_IS_TLS_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_CONNECTION_OPENSSL))
-#define G_TLS_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_CONNECTION_OPENSSL, GTlsConnectionOpensslClass))
-typedef struct _GTlsConnectionOpensslClass GTlsConnectionOpensslClass;
-typedef struct _GTlsConnectionOpenssl GTlsConnectionOpenssl;
+G_DECLARE_DERIVABLE_TYPE (GTlsConnectionOpenssl, g_tls_connection_openssl, G, TLS_CONNECTION_OPENSSL, GTlsConnectionBase)
struct _GTlsConnectionOpensslClass
{
SSL *(*get_ssl) (GTlsConnectionOpenssl *connection);
};
-struct _GTlsConnectionOpenssl
-{
- GTlsConnectionBase parent_instance;
-};
-
-GType g_tls_connection_openssl_get_type (void) G_GNUC_CONST;
-
SSL *g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection);
-gboolean g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
- GError **error);
+GTlsConnectionOpenssl *g_tls_connection_openssl_get_connection_from_ssl (SSL *ssl);
G_END_DECLS
-
-#endif /* __G_TLS_CONNECTION_OPENSSL_H___ */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsdatabase-openssl.c
*
#include "gtlsdatabase-openssl.h"
-G_DEFINE_ABSTRACT_TYPE (GTlsDatabaseOpenssl, g_tls_database_openssl, G_TYPE_TLS_DATABASE)
+#include <gio/gio.h>
+#include <glib/gi18n-lib.h>
+#include "openssl-include.h"
+
+#ifdef __APPLE__
+#include <Security/Security.h>
+#endif
+
+#ifdef G_OS_WIN32
+#include <wincrypt.h>
+#endif
+
+typedef struct
+{
+ /*
+ * This class is protected by mutex because the default GTlsDatabase
+ * is a global singleton, accessible via the default GTlsBackend.
+ */
+ GMutex mutex;
+
+ /* read-only after construct */
+ X509_STORE *store;
+} GTlsDatabaseOpensslPrivate;
+
+static void g_tls_database_openssl_initable_interface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseOpenssl, g_tls_database_openssl, G_TYPE_TLS_DATABASE,
+ G_ADD_PRIVATE (GTlsDatabaseOpenssl)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ g_tls_database_openssl_initable_interface_init))
+
+static void
+g_tls_database_openssl_finalize (GObject *object)
+{
+ GTlsDatabaseOpenssl *self = G_TLS_DATABASE_OPENSSL (object);
+ GTlsDatabaseOpensslPrivate *priv;
+
+ priv = g_tls_database_openssl_get_instance_private (self);
+
+ if (priv->store)
+ X509_STORE_free (priv->store);
+
+ g_mutex_clear (&priv->mutex);
+
+ G_OBJECT_CLASS (g_tls_database_openssl_parent_class)->finalize (object);
+}
+
+static void
+g_tls_database_openssl_init (GTlsDatabaseOpenssl *self)
+{
+ GTlsDatabaseOpensslPrivate *priv;
+
+ priv = g_tls_database_openssl_get_instance_private (self);
+
+ g_mutex_init (&priv->mutex);
+}
+
+static STACK_OF(X509) *
+convert_certificate_chain_to_openssl (GTlsCertificateOpenssl *chain)
+{
+ GTlsCertificate *cert;
+ STACK_OF(X509) *openssl_chain;
+
+ openssl_chain = sk_X509_new_null ();
+
+ for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert))
+ sk_X509_push (openssl_chain, g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
+
+ return openssl_chain;
+}
+
+static GTlsCertificateFlags
+g_tls_database_openssl_verify_chain (GTlsDatabase *database,
+ GTlsCertificate *chain,
+ const gchar *purpose,
+ GSocketConnectable *identity,
+ GTlsInteraction *interaction,
+ GTlsDatabaseVerifyFlags flags,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDatabaseOpenssl *self = G_TLS_DATABASE_OPENSSL (database);
+ GTlsDatabaseOpensslPrivate *priv;
+ STACK_OF(X509) *certs;
+ X509_STORE_CTX *csc;
+ X509 *x;
+ GTlsCertificateFlags result = 0;
+
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (chain),
+ G_TLS_CERTIFICATE_GENERIC_ERROR);
+
+ priv = g_tls_database_openssl_get_instance_private (self);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
+
+ csc = X509_STORE_CTX_new ();
+
+ x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
+ if (!X509_STORE_CTX_init (csc, priv->store, x, certs))
+ {
+ X509_STORE_CTX_free (csc);
+ sk_X509_free (certs);
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ }
+
+ if (X509_verify_cert (csc) <= 0)
+ result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
+
+ X509_STORE_CTX_free (csc);
+ sk_X509_free (certs);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return G_TLS_CERTIFICATE_GENERIC_ERROR;
+
+ if (identity)
+ result |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (chain),
+ identity);
+
+ return result;
+}
+
+#ifdef __APPLE__
+static gboolean
+populate_store (X509_STORE *store,
+ GError **error)
+{
+ CFArrayRef anchors;
+ OSStatus ret;
+ CFIndex i;
+
+ ret = SecTrustCopyAnchorCertificates (&anchors);
+ if (ret != errSecSuccess)
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not get trusted anchors from Keychain"));
+ return FALSE;
+ }
+
+ for (i = 0; i < CFArrayGetCount (anchors); i++)
+ {
+ SecCertificateRef cert;
+ CFDataRef data;
+
+ cert = (SecCertificateRef)CFArrayGetValueAtIndex (anchors, i);
+ data = SecCertificateCopyData (cert);
+ if (data)
+ {
+ X509 *x;
+ const unsigned char *pdata;
+
+ pdata = (const unsigned char *)CFDataGetBytePtr (data);
+
+ x = d2i_X509 (NULL, &pdata, CFDataGetLength (data));
+ if (x)
+ X509_STORE_add_cert (store, x);
+
+ CFRelease (data);
+ }
+ }
+
+ CFRelease (anchors);
+ return TRUE;
+}
+
+#elif defined(G_OS_WIN32)
+static gboolean
+add_certs_from_store (const gunichar2 *source_cert_store_name,
+ X509_STORE *store)
+{
+ HANDLE store_handle;
+ PCCERT_CONTEXT cert_context = NULL;
+
+ store_handle = CertOpenSystemStoreW (0, source_cert_store_name);
+ if (store_handle == NULL)
+ return FALSE;
+
+ while (cert_context = CertEnumCertificatesInStore (store_handle, cert_context))
+ {
+ X509 *x;
+ const unsigned char *pdata;
+
+ pdata = (const unsigned char *)cert_context->pbCertEncoded;
+
+ x = d2i_X509 (NULL, &pdata, cert_context->cbCertEncoded);
+ if (x)
+ X509_STORE_add_cert (store, x);
+ }
+
+ CertCloseStore (store_handle, 0);
+ return TRUE;
+}
+
+static gboolean
+populate_store (X509_STORE *store,
+ GError **error)
+{
+ if (!add_certs_from_store (L"ROOT", store))
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not get root certificate store"));
+ return FALSE;
+ }
+
+ if (!add_certs_from_store (L"CA", store))
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not get CA certificate store"));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+#else
+static gboolean
+populate_store (X509_STORE *store,
+ GError **error)
+{
+ if (!X509_STORE_set_default_paths (store))
+ {
+ char error_buffer[256];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Failed to load system trust store: %s"),
+ error_buffer);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+#endif
+
+static gboolean
+g_tls_database_openssl_populate_trust_list (GTlsDatabaseOpenssl *self,
+ X509_STORE *store,
+ GError **error)
+{
+ return populate_store (store, error);
+}
static void
g_tls_database_openssl_class_init (GTlsDatabaseOpensslClass *klass)
{
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+
+ gobject_class->finalize = g_tls_database_openssl_finalize;
+
+ database_class->verify_chain = g_tls_database_openssl_verify_chain;
+
+ klass->populate_trust_list = g_tls_database_openssl_populate_trust_list;
+}
+
+static gboolean
+g_tls_database_openssl_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GTlsDatabaseOpenssl *self = G_TLS_DATABASE_OPENSSL (initable);
+ GTlsDatabaseOpensslPrivate *priv;
+ X509_STORE *store;
+ gboolean result = TRUE;
+
+ priv = g_tls_database_openssl_get_instance_private (self);
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ return FALSE;
+
+ store = X509_STORE_new ();
+ if (store == NULL)
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create CA store"));
+ result = FALSE;
+ goto out;
+ }
+
+ g_assert (G_TLS_DATABASE_OPENSSL_GET_CLASS (self)->populate_trust_list);
+ if (!G_TLS_DATABASE_OPENSSL_GET_CLASS (self)->populate_trust_list (self, store, error))
+ {
+ result = FALSE;
+ goto out;
+ }
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ result = FALSE;
+
+ if (result)
+ {
+ g_mutex_lock (&priv->mutex);
+ if (!priv->store)
+ {
+ priv->store = store;
+ store = NULL;
+ }
+ g_mutex_unlock (&priv->mutex);
+ }
+
+out:
+ if (store)
+ X509_STORE_free (store);
+
+ return result;
}
static void
-g_tls_database_openssl_init (GTlsDatabaseOpenssl *openssl)
+g_tls_database_openssl_initable_interface_init (GInitableIface *iface)
+{
+ iface->init = g_tls_database_openssl_initable_init;
+}
+
+GTlsDatabaseOpenssl *
+g_tls_database_openssl_new (GError **error)
+{
+ g_return_val_if_fail (!error || !*error, NULL);
+
+ return g_initable_new (G_TYPE_TLS_DATABASE_OPENSSL, NULL, error, NULL);
+}
+
+static gboolean
+check_for_ocsp_must_staple (X509 *cert)
+{
+ int idx = -1; /* We ignore the return of this as we only expect one extension. */
+ STACK_OF(ASN1_INTEGER) *features = X509_get_ext_d2i (cert, NID_tlsfeature, NULL, &idx);
+
+ if (!features)
+ return FALSE;
+
+ for (guint i = 0; i < sk_ASN1_INTEGER_num (features); i++)
+ {
+ const long feature_id = ASN1_INTEGER_get (sk_ASN1_INTEGER_value (features, i));
+ if (feature_id == 5 || feature_id == 17) /* status_request, status_request_v2 */
+ {
+ sk_ASN1_INTEGER_pop_free (features, ASN1_INTEGER_free);
+ return TRUE;
+ }
+ }
+
+ sk_ASN1_INTEGER_pop_free (features, ASN1_INTEGER_free);
+ return FALSE;
+}
+
+GTlsCertificateFlags
+g_tls_database_openssl_verify_ocsp_response (GTlsDatabaseOpenssl *self,
+ GTlsCertificate *chain,
+ OCSP_RESPONSE *resp)
{
+ GTlsCertificateFlags errors = 0;
+ GTlsDatabaseOpensslPrivate *priv;
+ STACK_OF(X509) *chain_openssl = NULL;
+ OCSP_BASICRESP *basic_resp = NULL;
+ int ocsp_status = 0;
+ int i;
+
+ chain_openssl = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
+ priv = g_tls_database_openssl_get_instance_private (self);
+ if ((chain_openssl == NULL) ||
+ (priv->store == NULL))
+ {
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+
+ /* OpenSSL doesn't provide an API to determine if the chain requires
+ * an OCSP response (known as Must-Staple) using the status_request
+ * X509v3 extension. We also seem to have no way of correctly knowing the
+ * final certificate path that OpenSSL will internally use, so can't do it
+ * ourselves. So for now we will check only the server certificate to see if
+ * it sets Must-Staple. This is inconsistent with GnuTLS's behavior, but it
+ * seems to be the best we can do. Checking *every* certificate for Must-
+ * Staple would be wrong because we don't want to check certificates that
+ * OpenSSL does not actually use as part of its final certification path.
+ */
+ if (resp == NULL)
+ {
+ if (check_for_ocsp_must_staple (sk_X509_value (chain_openssl, 0)))
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+
+ ocsp_status = OCSP_response_status (resp);
+ if (ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+ {
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+
+ basic_resp = OCSP_response_get1_basic (resp);
+ if (basic_resp == NULL)
+ {
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+
+ if (OCSP_basic_verify (basic_resp, chain_openssl, priv->store, 0) <= 0)
+ {
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+
+ for (i = 0; i < OCSP_resp_count (basic_resp); i++)
+ {
+ OCSP_SINGLERESP *single_resp = OCSP_resp_get0 (basic_resp, i);
+ ASN1_GENERALIZEDTIME *revocation_time = NULL;
+ ASN1_GENERALIZEDTIME *this_update_time = NULL;
+ ASN1_GENERALIZEDTIME *next_update_time = NULL;
+ int crl_reason = 0;
+ int cert_status = 0;
+
+ if (single_resp == NULL)
+ continue;
+
+ cert_status = OCSP_single_get0_status (single_resp,
+ &crl_reason,
+ &revocation_time,
+ &this_update_time,
+ &next_update_time);
+ if (!OCSP_check_validity (this_update_time,
+ next_update_time,
+ 300L,
+ -1L))
+ {
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+
+ switch (cert_status)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ errors = G_TLS_CERTIFICATE_REVOKED;
+ goto end;
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
+ goto end;
+ }
+ }
+
+end:
+ if (chain_openssl)
+ sk_X509_free (chain_openssl);
+
+ if (basic_resp)
+ OCSP_BASICRESP_free (basic_resp);
+
+ if (resp)
+ OCSP_RESPONSE_free (resp);
+
+ return errors;
}
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsdatabase-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_DATABASE_OPENSSL_H__
-#define __G_TLS_DATABASE_OPENSSL_H__
+#pragma once
#include <gio/gio.h>
G_BEGIN_DECLS
-typedef enum {
- G_TLS_DATABASE_OPENSSL_PINNED_CERTIFICATE = 1,
- G_TLS_DATABASE_OPENSSL_ANCHORED_CERTIFICATE = 2,
-} GTlsDatabaseOpensslAssertion;
-
#define G_TYPE_TLS_DATABASE_OPENSSL (g_tls_database_openssl_get_type ())
-#define G_TLS_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpenssl))
-#define G_TLS_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpensslClass))
-#define G_IS_TLS_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_DATABASE_OPENSSL))
-#define G_IS_TLS_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_DATABASE_OPENSSL))
-#define G_TLS_DATABASE_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_DATABASE_OPENSSL, GTlsDatabaseOpensslClass))
-typedef struct _GTlsDatabaseOpensslClass GTlsDatabaseOpensslClass;
-typedef struct _GTlsDatabaseOpenssl GTlsDatabaseOpenssl;
+G_DECLARE_DERIVABLE_TYPE (GTlsDatabaseOpenssl, g_tls_database_openssl, G, TLS_DATABASE_OPENSSL, GTlsDatabase)
struct _GTlsDatabaseOpensslClass
{
GTlsDatabaseClass parent_class;
-};
-struct _GTlsDatabaseOpenssl
-{
- GTlsDatabase parent_instance;
+ gboolean (*populate_trust_list) (GTlsDatabaseOpenssl *self,
+ X509_STORE *store,
+ GError **error);
};
-GType g_tls_database_openssl_get_type (void) G_GNUC_CONST;
+GTlsDatabaseOpenssl *g_tls_database_openssl_new (GError **error);
-G_END_DECLS
+GTlsCertificateFlags g_tls_database_openssl_verify_ocsp_response (GTlsDatabaseOpenssl *self,
+ GTlsCertificate *chain,
+ OCSP_RESPONSE *resp);
-#endif /* __G_TLS_DATABASE_OPENSSL_H___ */
+G_END_DECLS
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsfiledatabase-openssl.c
*
#include <glib/gi18n-lib.h>
#include "openssl-include.h"
-typedef struct _GTlsFileDatabaseOpensslPrivate
+struct _GTlsFileDatabaseOpenssl
{
+ GTlsDatabaseOpenssl parent_instance;
+
/* read-only after construct */
gchar *anchor_filename;
- STACK_OF(X509) *trusted;
/* protected by mutex */
GMutex mutex;
* This is a table of gchar * -> GTlsCertificate.
*/
GHashTable *certs_by_handle;
-} GTlsFileDatabaseOpensslPrivate;
+};
enum {
STATUS_FAILURE,
static void g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface);
-static void g_tls_file_database_openssl_initable_interface_init (GInitableIface *iface);
-
G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseOpenssl, g_tls_file_database_openssl, G_TYPE_TLS_DATABASE_OPENSSL,
- G_ADD_PRIVATE (GTlsFileDatabaseOpenssl)
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
g_tls_file_database_openssl_file_database_interface_init)
- G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
- g_tls_file_database_openssl_initable_interface_init))
+ )
static GHashTable *
bytes_multi_table_new (void)
GPtrArray *multi;
multi = g_hash_table_lookup (table, &key);
- if (multi == NULL)
+ if (!multi)
{
int *key_ptr;
GPtrArray *multi;
multi = g_hash_table_lookup (table, &key);
- if (multi == NULL)
+ if (!multi)
return NULL;
g_assert (multi->len > 0);
guint i;
multi = g_hash_table_lookup (table, &key);
- if (multi == NULL)
+ if (!multi)
return NULL;
for (i = 0; i < multi->len; i++)
GHashTable *certs_by_handle,
GError **error)
{
- GTlsFileDatabaseOpensslPrivate *priv;
GList *list;
GList *l;
GBytes *der;
gchar *handle;
GError *my_error = NULL;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
list = g_tls_certificate_list_new_from_file (filename, &my_error);
if (my_error)
{
issuer = X509_issuer_name_hash (x);
der = g_tls_certificate_openssl_get_bytes (l->data);
- g_return_val_if_fail (der != NULL, FALSE);
+ g_return_val_if_fail (der, FALSE);
g_hash_table_insert (complete, g_bytes_ref (der),
g_bytes_ref (der));
bytes_multi_table_insert (subjects, subject, der);
bytes_multi_table_insert (issuers, issuer, der);
- handle = create_handle_for_certificate (priv->anchor_filename, der);
+ handle = create_handle_for_certificate (file_database->anchor_filename, der);
g_hash_table_insert (certs_by_handle, handle, g_object_ref (l->data));
g_bytes_unref (der);
g_tls_file_database_openssl_finalize (GObject *object)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
- GTlsFileDatabaseOpensslPrivate *priv;
-
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
- g_clear_pointer (&priv->subjects, g_hash_table_destroy);
- g_clear_pointer (&priv->issuers, g_hash_table_destroy);
- g_clear_pointer (&priv->complete, g_hash_table_destroy);
- g_clear_pointer (&priv->certs_by_handle, g_hash_table_destroy);
+ g_clear_pointer (&file_database->subjects, g_hash_table_destroy);
+ g_clear_pointer (&file_database->issuers, g_hash_table_destroy);
+ g_clear_pointer (&file_database->complete, g_hash_table_destroy);
+ g_clear_pointer (&file_database->certs_by_handle, g_hash_table_destroy);
- g_free (priv->anchor_filename);
- priv->anchor_filename = NULL;
+ g_free (file_database->anchor_filename);
+ file_database->anchor_filename = NULL;
- if (priv->trusted != NULL)
- sk_X509_pop_free (priv->trusted, X509_free);
-
- g_mutex_clear (&priv->mutex);
+ g_mutex_clear (&file_database->mutex);
G_OBJECT_CLASS (g_tls_file_database_openssl_parent_class)->finalize (object);
}
GParamSpec *pspec)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
- GTlsFileDatabaseOpensslPrivate *priv;
-
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
switch (prop_id)
{
case PROP_ANCHORS:
- g_value_set_string (value, priv->anchor_filename);
+ g_value_set_string (value, file_database->anchor_filename);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
}
}
-static STACK_OF(X509) *
-load_certs (const gchar *file_name)
-{
- BIO *bio;
- STACK_OF(X509) *certs;
- STACK_OF(X509_INFO) *xis = NULL;
- gint i;
-
- if (file_name == NULL)
- return NULL;
-
- bio = BIO_new_file (file_name, "rb");
- if (bio == NULL)
- return NULL;
-
- xis = PEM_X509_INFO_read_bio (bio, NULL, NULL, NULL);
-
- BIO_free (bio);
-
- certs = sk_X509_new_null ();
- if (certs == NULL)
- goto end;
-
- for (i = 0; i < sk_X509_INFO_num (xis); i++)
- {
- X509_INFO *xi;
-
- xi = sk_X509_INFO_value (xis, i);
- if (xi->x509 != NULL)
- {
- if (!sk_X509_push (certs, xi->x509))
- goto end;
- xi->x509 = NULL;
- }
- }
-
-end:
- sk_X509_INFO_pop_free (xis, X509_INFO_free);
-
- if (sk_X509_num (certs) == 0)
- {
- sk_X509_pop_free (certs, X509_free);
- certs = NULL;
- }
-
- return certs;
-}
-
static void
g_tls_file_database_openssl_set_property (GObject *object,
guint prop_id,
GParamSpec *pspec)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (object);
- GTlsFileDatabaseOpensslPrivate *priv;
const gchar *anchor_path;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
switch (prop_id)
{
case PROP_ANCHORS:
return;
}
- if (priv->anchor_filename)
- {
- g_free (priv->anchor_filename);
- if (priv->trusted != NULL)
- sk_X509_pop_free (priv->trusted, X509_free);
- }
-
- priv->anchor_filename = g_strdup (anchor_path);
- priv->trusted = load_certs (anchor_path);
+ g_free (file_database->anchor_filename);
+ file_database->anchor_filename = g_strdup (anchor_path);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
static void
g_tls_file_database_openssl_init (GTlsFileDatabaseOpenssl *file_database)
{
- GTlsFileDatabaseOpensslPrivate *priv;
-
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
- g_mutex_init (&priv->mutex);
+ g_mutex_init (&file_database->mutex);
}
static gchar *
GTlsCertificate *certificate)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
- GTlsFileDatabaseOpensslPrivate *priv;
GBytes *der;
gboolean contains;
gchar *handle = NULL;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
der = g_tls_certificate_openssl_get_bytes (G_TLS_CERTIFICATE_OPENSSL (certificate));
- g_return_val_if_fail (der != NULL, FALSE);
+ g_return_val_if_fail (der, FALSE);
- g_mutex_lock (&priv->mutex);
+ g_mutex_lock (&file_database->mutex);
/* At the same time look up whether this certificate is in list */
- contains = g_hash_table_lookup (priv->complete, der) ? TRUE : FALSE;
+ contains = g_hash_table_lookup (file_database->complete, der) ? TRUE : FALSE;
- g_mutex_unlock (&priv->mutex);
+ g_mutex_unlock (&file_database->mutex);
/* Certificate is in the database */
if (contains)
- handle = create_handle_for_certificate (priv->anchor_filename, der);
+ handle = create_handle_for_certificate (file_database->anchor_filename, der);
g_bytes_unref (der);
return handle;
GError **error)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
- GTlsFileDatabaseOpensslPrivate *priv;
GTlsCertificate *cert;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return NULL;
if (!handle)
return NULL;
- g_mutex_lock (&priv->mutex);
+ g_mutex_lock (&file_database->mutex);
- cert = g_hash_table_lookup (priv->certs_by_handle, handle);
+ cert = g_hash_table_lookup (file_database->certs_by_handle, handle);
- g_mutex_unlock (&priv->mutex);
+ g_mutex_unlock (&file_database->mutex);
return cert ? g_object_ref (cert) : NULL;
}
GError **error)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
- GTlsFileDatabaseOpensslPrivate *priv;
X509 *x;
unsigned long issuer_hash;
GBytes *der;
GTlsCertificate *issuer = NULL;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (certificate), NULL);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (certificate));
issuer_hash = X509_issuer_name_hash (x);
- g_mutex_lock (&priv->mutex);
- der = bytes_multi_table_lookup_ref_one (priv->subjects, issuer_hash);
- g_mutex_unlock (&priv->mutex);
+ g_mutex_lock (&file_database->mutex);
+ der = bytes_multi_table_lookup_ref_one (file_database->subjects, issuer_hash);
+ g_mutex_unlock (&file_database->mutex);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
issuer = NULL;
- else if (der != NULL)
+ else if (der)
issuer = g_tls_certificate_openssl_new (der, NULL);
- if (der != NULL)
+ if (der)
g_bytes_unref (der);
return issuer;
GError **error)
{
GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
- GTlsFileDatabaseOpensslPrivate *priv;
X509_NAME *x_name;
const unsigned char *in;
GList *issued = NULL;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return NULL;
in = issuer_raw_dn->data;
x_name = d2i_X509_NAME (NULL, &in, issuer_raw_dn->len);
- if (x_name != NULL)
+ if (x_name)
{
unsigned long issuer_hash;
GList *ders, *l;
issuer_hash = X509_NAME_hash (x_name);
/* Find the full DER value of the certificate */
- g_mutex_lock (&priv->mutex);
- ders = bytes_multi_table_lookup_ref_all (priv->issuers, issuer_hash);
- g_mutex_unlock (&priv->mutex);
+ g_mutex_lock (&file_database->mutex);
+ ders = bytes_multi_table_lookup_ref_all (file_database->issuers, issuer_hash);
+ g_mutex_unlock (&file_database->mutex);
- for (l = ders; l != NULL; l = g_list_next (l))
+ for (l = ders; l; l = g_list_next (l))
{
if (g_cancellable_set_error_if_cancelled (cancellable, error))
{
return issued;
}
-static GTlsCertificateFlags
-double_check_before_after_dates (GTlsCertificateOpenssl *chain)
-{
- GTlsCertificateFlags gtls_flags = 0;
- X509 *cert;
-
- while (chain)
- {
- ASN1_TIME *not_before;
- ASN1_TIME *not_after;
-
- cert = g_tls_certificate_openssl_get_cert (chain);
- not_before = X509_get_notBefore (cert);
- not_after = X509_get_notAfter (cert);
-
- if (X509_cmp_current_time (not_before) > 0)
- gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;
-
- if (X509_cmp_current_time (not_after) < 0)
- gtls_flags |= G_TLS_CERTIFICATE_EXPIRED;
-
- chain = G_TLS_CERTIFICATE_OPENSSL (g_tls_certificate_get_issuer
- (G_TLS_CERTIFICATE (chain)));
- }
-
- return gtls_flags;
-}
-
-static STACK_OF(X509) *
-convert_certificate_chain_to_openssl (GTlsCertificateOpenssl *chain)
-{
- GTlsCertificate *cert;
- STACK_OF(X509) *openssl_chain;
-
- openssl_chain = sk_X509_new_null ();
-
- for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert))
- sk_X509_push (openssl_chain, g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert)));
-
- return openssl_chain;
-}
-
-static GTlsCertificateFlags
-g_tls_file_database_openssl_verify_chain (GTlsDatabase *database,
- GTlsCertificate *chain,
- const gchar *purpose,
- GSocketConnectable *identity,
- GTlsInteraction *interaction,
- GTlsDatabaseVerifyFlags flags,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsFileDatabaseOpenssl *file_database;
- GTlsFileDatabaseOpensslPrivate *priv;
- STACK_OF(X509) *certs;
- X509_STORE *store;
- X509_STORE_CTX *csc;
- X509 *x;
- GTlsCertificateFlags result = 0;
-
- g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (chain),
- G_TLS_CERTIFICATE_GENERIC_ERROR);
-
- file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
-
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
-
- store = X509_STORE_new ();
- csc = X509_STORE_CTX_new ();
-
- x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
- if (!X509_STORE_CTX_init (csc, store, x, certs))
- {
- X509_STORE_CTX_free (csc);
- X509_STORE_free (store);
- sk_X509_free (certs);
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
- }
-
- if (priv->trusted)
- {
- X509_STORE_CTX_trusted_stack (csc, priv->trusted);
- }
-
- if (X509_verify_cert (csc) <= 0)
- result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
-
- X509_STORE_CTX_free (csc);
- X509_STORE_free (store);
- sk_X509_free (certs);
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return G_TLS_CERTIFICATE_GENERIC_ERROR;
-
- /* We have to check these ourselves since openssl
- * does not give us flags and UNKNOWN_CA will take priority.
- */
- result |= double_check_before_after_dates (G_TLS_CERTIFICATE_OPENSSL (chain));
-
- if (identity)
- result |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (chain),
- identity);
-
- return result;
-}
-
-static void
-g_tls_file_database_openssl_class_init (GTlsFileDatabaseOpensslClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
-
- gobject_class->get_property = g_tls_file_database_openssl_get_property;
- gobject_class->set_property = g_tls_file_database_openssl_set_property;
- gobject_class->finalize = g_tls_file_database_openssl_finalize;
-
- database_class->create_certificate_handle = g_tls_file_database_openssl_create_certificate_handle;
- database_class->lookup_certificate_for_handle = g_tls_file_database_openssl_lookup_certificate_for_handle;
- database_class->lookup_certificate_issuer = g_tls_file_database_openssl_lookup_certificate_issuer;
- database_class->lookup_certificates_issued_by = g_tls_file_database_openssl_lookup_certificates_issued_by;
- database_class->verify_chain = g_tls_file_database_openssl_verify_chain;
-
- g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
-}
-
-static void
-g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface)
-{
-}
-
static gboolean
-g_tls_file_database_openssl_initable_init (GInitable *initable,
- GCancellable *cancellable,
- GError **error)
+g_tls_file_database_openssl_populate_trust_list (GTlsDatabaseOpenssl *self,
+ X509_STORE *store,
+ GError **error)
{
- GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (initable);
- GTlsFileDatabaseOpensslPrivate *priv;
+ GTlsFileDatabaseOpenssl *file_database = G_TLS_FILE_DATABASE_OPENSSL (self);
GHashTable *subjects, *issuers, *complete, *certs_by_handle;
gboolean result;
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
-
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- return FALSE;
+ if (!X509_STORE_load_locations (store, file_database->anchor_filename, NULL))
+ {
+ char error_buffer[256];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Failed to populate trust list from %s: %s"),
+ file_database->anchor_filename,
+ error_buffer);
+ return FALSE;
+ }
subjects = bytes_multi_table_new ();
issuers = bytes_multi_table_new ();
(GDestroyNotify)g_free,
(GDestroyNotify)g_object_unref);
- if (priv->anchor_filename)
+ if (file_database->anchor_filename)
result = load_anchor_file (file_database,
- priv->anchor_filename,
+ file_database->anchor_filename,
subjects, issuers, complete,
certs_by_handle,
error);
else
result = TRUE;
- if (g_cancellable_set_error_if_cancelled (cancellable, error))
- result = FALSE;
-
if (result)
{
- g_mutex_lock (&priv->mutex);
- if (!priv->subjects)
+ g_mutex_lock (&file_database->mutex);
+ if (!file_database->subjects)
{
- priv->subjects = subjects;
+ file_database->subjects = subjects;
subjects = NULL;
}
- if (!priv->issuers)
+ if (!file_database->issuers)
{
- priv->issuers = issuers;
+ file_database->issuers = issuers;
issuers = NULL;
}
- if (!priv->complete)
+ if (!file_database->complete)
{
- priv->complete = complete;
+ file_database->complete = complete;
complete = NULL;
}
- if (!priv->certs_by_handle)
+ if (!file_database->certs_by_handle)
{
- priv->certs_by_handle = certs_by_handle;
+ file_database->certs_by_handle = certs_by_handle;
certs_by_handle = NULL;
}
- g_mutex_unlock (&priv->mutex);
+ g_mutex_unlock (&file_database->mutex);
}
- if (subjects != NULL)
+ if (subjects)
g_hash_table_unref (subjects);
- if (issuers != NULL)
+ if (issuers)
g_hash_table_unref (issuers);
- if (complete != NULL)
+ if (complete)
g_hash_table_unref (complete);
- if (certs_by_handle != NULL)
+ if (certs_by_handle)
g_hash_table_unref (certs_by_handle);
return result;
}
static void
-g_tls_file_database_openssl_initable_interface_init (GInitableIface *iface)
-{
- iface->init = g_tls_file_database_openssl_initable_init;
-}
-
-GTlsCertificateFlags
-g_tls_file_database_openssl_verify_ocsp_response (GTlsDatabase *database,
- GTlsCertificate *chain,
- OCSP_RESPONSE *resp)
+g_tls_file_database_openssl_class_init (GTlsFileDatabaseOpensslClass *klass)
{
- GTlsCertificateFlags errors = 0;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
- !defined(OPENSSL_NO_OCSP)
- GTlsFileDatabaseOpenssl *file_database;
- GTlsFileDatabaseOpensslPrivate *priv;
- STACK_OF(X509) *chain_openssl = NULL;
- X509_STORE *store = NULL;
- OCSP_BASICRESP *basic_resp = NULL;
- int ocsp_status = 0;
- int i;
-
- ocsp_status = OCSP_response_status (resp);
- if (ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL)
- {
- errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
- goto end;
- }
-
- basic_resp = OCSP_response_get1_basic (resp);
- if (basic_resp == NULL)
- {
- errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
- goto end;
- }
-
- chain_openssl = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
- file_database = G_TLS_FILE_DATABASE_OPENSSL (database);
- priv = g_tls_file_database_openssl_get_instance_private (file_database);
- store = X509_STORE_new ();
- if ((chain_openssl == NULL) ||
- (file_database == NULL) ||
- (priv == NULL) ||
- (priv->trusted == NULL) ||
- (store == NULL))
- {
- errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
- goto end;
- }
-
- for (i = 0; i < sk_X509_num (priv->trusted); i++)
- {
- X509_STORE_add_cert (store, sk_X509_value (priv->trusted, i));
- }
-
- if (OCSP_basic_verify (basic_resp, chain_openssl, store, 0) <= 0)
- {
- errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
- goto end;
- }
-
- for (i = 0; i < OCSP_resp_count (basic_resp); i++)
- {
- OCSP_SINGLERESP *single_resp = OCSP_resp_get0 (basic_resp, i);
- ASN1_GENERALIZEDTIME *revocation_time = NULL;
- ASN1_GENERALIZEDTIME *this_update_time = NULL;
- ASN1_GENERALIZEDTIME *next_update_time = NULL;
- int crl_reason = 0;
- int cert_status = 0;
-
- if (single_resp == NULL)
- continue;
-
- cert_status = OCSP_single_get0_status (single_resp,
- &crl_reason,
- &revocation_time,
- &this_update_time,
- &next_update_time);
- if (!OCSP_check_validity (this_update_time,
- next_update_time,
- 300L,
- -1L))
- {
- errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
- goto end;
- }
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+ GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
+ GTlsDatabaseOpensslClass *openssl_database_class = G_TLS_DATABASE_OPENSSL_CLASS (klass);
- switch (cert_status)
- {
- case V_OCSP_CERTSTATUS_GOOD:
- break;
- case V_OCSP_CERTSTATUS_REVOKED:
- errors = G_TLS_CERTIFICATE_REVOKED;
- goto end;
- case V_OCSP_CERTSTATUS_UNKNOWN:
- errors = G_TLS_CERTIFICATE_GENERIC_ERROR;
- goto end;
- }
- }
+ gobject_class->get_property = g_tls_file_database_openssl_get_property;
+ gobject_class->set_property = g_tls_file_database_openssl_set_property;
+ gobject_class->finalize = g_tls_file_database_openssl_finalize;
-end:
- if (store != NULL)
- X509_STORE_free (store);
+ database_class->create_certificate_handle = g_tls_file_database_openssl_create_certificate_handle;
+ database_class->lookup_certificate_for_handle = g_tls_file_database_openssl_lookup_certificate_for_handle;
+ database_class->lookup_certificate_issuer = g_tls_file_database_openssl_lookup_certificate_issuer;
+ database_class->lookup_certificates_issued_by = g_tls_file_database_openssl_lookup_certificates_issued_by;
- if (basic_resp != NULL)
- OCSP_BASICRESP_free (basic_resp);
+ openssl_database_class->populate_trust_list = g_tls_file_database_openssl_populate_trust_list;
- if (resp != NULL)
- OCSP_RESPONSE_free (resp);
+ g_object_class_override_property (gobject_class, PROP_ANCHORS, "anchors");
+}
-#endif
- return errors;
+static void
+g_tls_file_database_openssl_file_database_interface_init (GTlsFileDatabaseInterface *iface)
+{
}
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsfiledatabase-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_FILE_DATABASE_OPENSSL_H__
-#define __G_TLS_FILE_DATABASE_OPENSSL_H__
+#pragma once
#include <gio/gio.h>
G_BEGIN_DECLS
#define G_TYPE_TLS_FILE_DATABASE_OPENSSL (g_tls_file_database_openssl_get_type ())
-#define G_TLS_FILE_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpenssl))
-#define G_TLS_FILE_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpensslClass))
-#define G_IS_TLS_FILE_DATABASE_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_FILE_DATABASE_OPENSSL))
-#define G_IS_TLS_FILE_DATABASE_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_FILE_DATABASE_OPENSSL))
-#define G_TLS_FILE_DATABASE_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_FILE_DATABASE_OPENSSL, GTlsFileDatabaseOpensslClass))
-typedef struct _GTlsFileDatabaseOpensslClass GTlsFileDatabaseOpensslClass;
-typedef struct _GTlsFileDatabaseOpenssl GTlsFileDatabaseOpenssl;
-
-struct _GTlsFileDatabaseOpensslClass
-{
- GTlsDatabaseOpensslClass parent_class;
-};
-
-struct _GTlsFileDatabaseOpenssl
-{
- GTlsDatabaseOpenssl parent_instance;
-};
-
-GType g_tls_file_database_openssl_get_type (void) G_GNUC_CONST;
-
-GTlsCertificateFlags g_tls_file_database_openssl_verify_ocsp_response (GTlsDatabase *database,
- GTlsCertificate *chain,
- OCSP_RESPONSE *resp);
+G_DECLARE_FINAL_TYPE (GTlsFileDatabaseOpenssl, g_tls_file_database_openssl, G, TLS_FILE_DATABASE_OPENSSL, GTlsDatabaseOpenssl)
G_END_DECLS
-
-#endif /* __G_TLS_FILE_DATABASE_OPENSSL_H___ */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsserverconnection-openssl.c
*
#include "openssl-include.h"
#include <glib/gi18n-lib.h>
-#define DEFAULT_CIPHER_LIST "HIGH:!DSS:!aNULL@STRENGTH"
-
-typedef struct _GTlsServerConnectionOpensslPrivate
+struct _GTlsServerConnectionOpenssl
{
+ GTlsConnectionOpenssl parent_instance;
+
GTlsAuthenticationMode authentication_mode;
SSL_SESSION *session;
SSL *ssl;
SSL_CTX *ssl_ctx;
-} GTlsServerConnectionOpensslPrivate;
+};
enum
{
static GInitableIface *g_tls_server_connection_openssl_parent_initable_iface;
G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionOpenssl, g_tls_server_connection_openssl, G_TYPE_TLS_CONNECTION_OPENSSL,
- G_ADD_PRIVATE (GTlsServerConnectionOpenssl)
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_tls_server_connection_openssl_initable_interface_init)
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION,
- g_tls_server_connection_openssl_server_connection_interface_init))
+ g_tls_server_connection_openssl_server_connection_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_SERVER_CONNECTION,
+ NULL));
static void
g_tls_server_connection_openssl_finalize (GObject *object)
{
GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
- GTlsServerConnectionOpensslPrivate *priv;
- priv = g_tls_server_connection_openssl_get_instance_private (openssl);
-
- SSL_free (priv->ssl);
- SSL_CTX_free (priv->ssl_ctx);
- SSL_SESSION_free (priv->session);
+ SSL_free (openssl->ssl);
+ SSL_CTX_free (openssl->ssl_ctx);
+ SSL_SESSION_free (openssl->session);
G_OBJECT_CLASS (g_tls_server_connection_openssl_parent_class)->finalize (object);
}
-static gboolean
-ssl_set_certificate (SSL *ssl,
- GTlsCertificate *cert,
- GError **error)
-{
- EVP_PKEY *key;
- X509 *x;
- GTlsCertificate *issuer;
-
- key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
-
- if (key == NULL)
- {
- g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("Certificate has no private key"));
- return FALSE;
- }
-
- /* Note, order is important. If a certificate has been set previously,
- * OpenSSL requires that the new certificate is set _before_ the new
- * private key is set. */
- x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert));
- if (SSL_use_certificate (ssl, x) <= 0)
- {
- g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("There is a problem with the certificate: %s"),
- ERR_error_string (ERR_get_error (), NULL));
- return FALSE;
- }
-
- if (SSL_use_PrivateKey (ssl, key) <= 0)
- {
- g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
- _("There is a problem with the certificate private key: %s"),
- ERR_error_string (ERR_get_error (), NULL));
- return FALSE;
- }
-
- if (SSL_clear_chain_certs (ssl) == 0)
- g_warning ("There was a problem clearing the chain certificates: %s",
- ERR_error_string (ERR_get_error (), NULL));
-
- /* Add all the issuers to create the full certificate chain */
- for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
- issuer != NULL;
- issuer = g_tls_certificate_get_issuer (issuer))
- {
- X509 *issuer_x;
-
- /* Be careful here and duplicate the certificate since the context
- * will take the ownership
- */
- issuer_x = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (issuer)));
- if (SSL_add0_chain_cert (ssl, issuer_x) == 0)
- g_warning ("There was a problem adding the chain certificate: %s",
- ERR_error_string (ERR_get_error (), NULL));
- }
-
- return TRUE;
-}
-
static void
g_tls_server_connection_openssl_get_property (GObject *object,
guint prop_id,
GParamSpec *pspec)
{
GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
- GTlsServerConnectionOpensslPrivate *priv;
-
- priv = g_tls_server_connection_openssl_get_instance_private (openssl);
switch (prop_id)
{
case PROP_AUTHENTICATION_MODE:
- g_value_set_enum (value, priv->authentication_mode);
+ g_value_set_enum (value, openssl->authentication_mode);
break;
default:
GParamSpec *pspec)
{
GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (object);
- GTlsServerConnectionOpensslPrivate *priv;
-
- priv = g_tls_server_connection_openssl_get_instance_private (openssl);
switch (prop_id)
{
case PROP_AUTHENTICATION_MODE:
- priv->authentication_mode = g_value_get_enum (value);
+ openssl->authentication_mode = g_value_get_enum (value);
break;
default:
return 1;
}
-static GTlsConnectionBaseStatus
-g_tls_server_connection_openssl_handshake (GTlsConnectionBase *tls,
- GCancellable *cancellable,
- GError **error)
+static void
+g_tls_server_connection_openssl_prepare_handshake (GTlsConnectionBase *tls,
+ gchar **advertised_protocols)
{
GTlsServerConnectionOpenssl *openssl = G_TLS_SERVER_CONNECTION_OPENSSL (tls);
- GTlsServerConnectionOpensslPrivate *priv;
+ GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (g_tls_server_connection_openssl_parent_class);
int req_mode = 0;
- priv = g_tls_server_connection_openssl_get_instance_private (openssl);
-
- switch (priv->authentication_mode)
+ switch (openssl->authentication_mode)
{
case G_TLS_AUTHENTICATION_REQUIRED:
- req_mode = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ req_mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ break;
case G_TLS_AUTHENTICATION_REQUESTED:
- req_mode |= SSL_VERIFY_PEER;
+ req_mode = SSL_VERIFY_PEER;
break;
case G_TLS_AUTHENTICATION_NONE:
default:
break;
}
- SSL_set_verify (priv->ssl, req_mode, verify_callback);
+ SSL_set_verify (openssl->ssl, req_mode, verify_callback);
/* FIXME: is this ok? */
- SSL_set_verify_depth (priv->ssl, 0);
+ SSL_set_verify_depth (openssl->ssl, 0);
- return G_TLS_CONNECTION_BASE_CLASS (g_tls_server_connection_openssl_parent_class)->
- handshake (tls, cancellable, error);
+ if (base_class->prepare_handshake)
+ base_class->prepare_handshake (tls, advertised_protocols);
}
static SSL *
g_tls_server_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection)
{
- GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (connection);
- GTlsServerConnectionOpensslPrivate *priv;
+ return G_TLS_SERVER_CONNECTION_OPENSSL (connection)->ssl;
+}
+
+static gboolean
+ssl_set_certificate (SSL *ssl,
+ GTlsCertificate *cert,
+ GError **error)
+{
+ EVP_PKEY *key;
+ X509 *x;
+ GTlsCertificate *issuer;
+ char error_buffer[256];
+
+ key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
+
+ if (!key)
+ {
+ g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("Certificate has no private key"));
+ return FALSE;
+ }
+
+ /* Note, order is important. If a certificate has been set previously,
+ * OpenSSL requires that the new certificate is set _before_ the new
+ * private key is set. */
+ x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert));
+ if (SSL_use_certificate (ssl, x) <= 0)
+ {
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("There is a problem with the certificate: %s"),
+ error_buffer);
+ return FALSE;
+ }
+
+ if (SSL_use_PrivateKey (ssl, key) <= 0)
+ {
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+ _("There is a problem with the certificate private key: %s"),
+ error_buffer);
+ return FALSE;
+ }
+
+ if (SSL_clear_chain_certs (ssl) == 0)
+ {
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_warning ("There was a problem clearing the chain certificates: %s",
+ error_buffer);
+ }
- priv = g_tls_server_connection_openssl_get_instance_private (server);
+ /* Add all the issuers to create the full certificate chain */
+ for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
+ issuer;
+ issuer = g_tls_certificate_get_issuer (issuer))
+ {
+ X509 *issuer_x;
- return priv->ssl;
+ issuer_x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (issuer));
+
+ /* Be careful here and duplicate the certificate since the ssl object
+ * will take the ownership
+ */
+ if (SSL_add1_chain_cert (ssl, issuer_x) == 0)
+ {
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_warning ("There was a problem adding the chain certificate: %s",
+ error_buffer);
+ }
+ }
+
+ return TRUE;
}
static void
gobject_class->get_property = g_tls_server_connection_openssl_get_property;
gobject_class->set_property = g_tls_server_connection_openssl_set_property;
- base_class->handshake = g_tls_server_connection_openssl_handshake;
+ base_class->prepare_handshake = g_tls_server_connection_openssl_prepare_handshake;
connection_class->get_ssl = g_tls_server_connection_openssl_get_ssl;
set_cipher_list (GTlsServerConnectionOpenssl *server,
GError **error)
{
- GTlsServerConnectionOpensslPrivate *priv;
const gchar *cipher_list;
- priv = g_tls_server_connection_openssl_get_instance_private (server);
-
cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
- if (cipher_list == NULL)
- cipher_list = DEFAULT_CIPHER_LIST;
+ if (cipher_list)
+ {
+ if (!SSL_CTX_set_cipher_list (server->ssl_ctx, cipher_list))
+ {
+ char error_buffer[256];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not set TLS cipher list: %s"),
+ error_buffer);
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
- if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+static gboolean
+set_max_protocol (GTlsServerConnectionOpenssl *server,
+ GError **error)
+{
+#ifdef SSL_CTX_set_max_proto_version
+ const gchar *proto;
+
+ proto = g_getenv ("G_TLS_OPENSSL_MAX_PROTO");
+ if (proto)
{
- g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
- _("Could not create TLS context: %s"),
- ERR_error_string (ERR_get_error (), NULL));
- return FALSE;
+ gint64 version = g_ascii_strtoll (proto, NULL, 0);
+
+ if (version > 0 && version < G_MAXINT)
+ {
+ if (!SSL_CTX_set_max_proto_version (server->ssl_ctx, (int)version))
+ {
+ char error_buffer[256];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not set MAX protocol to %d: %s"),
+ (int)version, error_buffer);
+ return FALSE;
+ }
+ }
}
+#endif
return TRUE;
}
static void
set_signature_algorithm_list (GTlsServerConnectionOpenssl *server)
{
- GTlsServerConnectionOpensslPrivate *priv;
const gchar *signature_algorithm_list;
- priv = g_tls_server_connection_openssl_get_instance_private (server);
-
signature_algorithm_list = g_getenv ("G_TLS_OPENSSL_SIGNATURE_ALGORITHM_LIST");
- if (signature_algorithm_list == NULL)
+ if (!signature_algorithm_list)
return;
- SSL_CTX_set1_sigalgs_list (priv->ssl_ctx, signature_algorithm_list);
+ SSL_CTX_set1_sigalgs_list (server->ssl_ctx, signature_algorithm_list);
}
#endif
static void
set_curve_list (GTlsServerConnectionOpenssl *server)
{
- GTlsServerConnectionOpensslPrivate *priv;
const gchar *curve_list;
- priv = g_tls_server_connection_openssl_get_instance_private (server);
-
curve_list = g_getenv ("G_TLS_OPENSSL_CURVE_LIST");
- if (curve_list == NULL)
+ if (!curve_list)
return;
- SSL_CTX_set1_curves_list (priv->ssl_ctx, curve_list);
+ SSL_CTX_set1_curves_list (server->ssl_ctx, curve_list);
}
#endif
GError **error)
{
GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (initable);
- GTlsServerConnectionOpensslPrivate *priv;
GTlsCertificate *cert;
long options;
+ char error_buffer[256];
- priv = g_tls_server_connection_openssl_get_instance_private (server);
-
- priv->session = SSL_SESSION_new ();
+ server->session = SSL_SESSION_new ();
- priv->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
- if (priv->ssl_ctx == NULL)
+ server->ssl_ctx = SSL_CTX_new (g_tls_connection_base_is_dtls (G_TLS_CONNECTION_BASE (server))
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+ ? DTLS_server_method ()
+ : TLS_server_method ());
+#else
+ ? DTLSv1_server_method ()
+ : SSLv23_server_method ());
+#endif
+ if (!server->ssl_ctx)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS context: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
if (!set_cipher_list (server, error))
return FALSE;
+ if (!set_max_protocol (server, error))
+ return FALSE;
+
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
SSL_OP_NO_COMPRESSION |
options |= SSL_OP_NO_RENEGOTIATION;
#endif
- SSL_CTX_set_options (priv->ssl_ctx, options);
+ SSL_CTX_set_options (server->ssl_ctx, options);
- SSL_CTX_add_session (priv->ssl_ctx, priv->session);
+ SSL_CTX_add_session (server->ssl_ctx, server->session);
#ifdef SSL_CTX_set1_sigalgs_list
set_signature_algorithm_list (server);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
# ifdef SSL_CTX_set_ecdh_auto
- SSL_CTX_set_ecdh_auto (priv->ssl_ctx, 1);
+ SSL_CTX_set_ecdh_auto (server->ssl_ctx, 1);
# else
{
EC_KEY *ecdh;
ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
- if (ecdh != NULL)
+ if (ecdh)
{
- SSL_CTX_set_tmp_ecdh (priv->ssl_ctx, ecdh);
+ SSL_CTX_set_tmp_ecdh (server->ssl_ctx, ecdh);
EC_KEY_free (ecdh);
}
}
# endif
- SSL_CTX_set_info_callback (priv->ssl_ctx, ssl_info_callback);
+ SSL_CTX_set_info_callback (server->ssl_ctx, ssl_info_callback);
#endif
- priv->ssl = SSL_new (priv->ssl_ctx);
- if (priv->ssl == NULL)
+ cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
+
+ server->ssl = SSL_new (server->ssl_ctx);
+ if (!server->ssl)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS connection: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
- cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (initable));
- if (cert != NULL && !ssl_set_certificate (priv->ssl, cert, error))
+ if (cert && !ssl_set_certificate (server->ssl, cert, error))
return FALSE;
- SSL_set_accept_state (priv->ssl);
+ SSL_set_accept_state (server->ssl);
if (!g_tls_server_connection_openssl_parent_initable_iface->
init (initable, cancellable, error))
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlsserverconnection-openssl.h
*
* Authors: Ignacio Casal Quinteiro
*/
-#ifndef __G_TLS_SERVER_CONNECTION_OPENSSL_H__
-#define __G_TLS_SERVER_CONNECTION_OPENSSL_H__
+#pragma once
#include <gio/gio.h>
#include "gtlsconnection-openssl.h"
G_BEGIN_DECLS
#define G_TYPE_TLS_SERVER_CONNECTION_OPENSSL (g_tls_server_connection_openssl_get_type ())
-#define G_TLS_SERVER_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpenssl))
-#define G_TLS_SERVER_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpensslClass))
-#define G_IS_TLS_SERVER_CONNECTION_OPENSSL(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL))
-#define G_IS_TLS_SERVER_CONNECTION_OPENSSL_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL))
-#define G_TLS_SERVER_CONNECTION_OPENSSL_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_SERVER_CONNECTION_OPENSSL, GTlsServerConnectionOpensslClass))
-typedef struct _GTlsServerConnectionOpensslClass GTlsServerConnectionOpensslClass;
-typedef struct _GTlsServerConnectionOpenssl GTlsServerConnectionOpenssl;
-
-struct _GTlsServerConnectionOpensslClass
-{
- GTlsConnectionOpensslClass parent_class;
-};
-
-struct _GTlsServerConnectionOpenssl
-{
- GTlsConnectionOpenssl parent_instance;
-};
-
-GType g_tls_server_connection_openssl_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsServerConnectionOpenssl, g_tls_server_connection_openssl, G, TLS_SERVER_CONNECTION_OPENSSL, GTlsConnectionOpenssl)
G_END_DECLS
-
-#endif /* __G_TLS_SERVER_CONNECTION_OPENSSL_H___ */
'gtlsdatabase-openssl.c',
'gtlsfiledatabase-openssl.c',
'gtlsbio.c',
- 'openssl-util.c',
)
incs = [top_inc]
+openssl_inc = include_directories('.')
+
deps = [
gio_dep,
glib_dep,
gmodule_dep,
gobject_dep,
- tlsbase_dep,
openssl_dep,
+ tlsbase_dep,
]
+if ['darwin', 'ios'].contains(host_system)
+ deps += [
+ security_dep,
+ ]
+elif ['windows'].contains(host_system)
+ deps += [
+ crypt32_dep,
+ ]
+endif
+
module = shared_module(
'gioopenssl',
sources: sources,
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
* gtlscertificate-openssl.h
*
* Christoph Reiter
*/
+#pragma once
+
/* Due to name clashes between Windows and openssl headers we have to
* make sure windows.h is included before openssl and that we undef the
- * clashing macros.
+ * clashing macros. We also need `struct timeval` for DTLSv1_get_timeout(),
+ * and the following header also covers it for Windows.
*/
-
-#ifndef __G_TLS_OPENSSL_INCLUDE_H__
-#define __G_TLS_OPENSSL_INCLUDE_H__
-
-#include "glib.h"
-
+#include <gio/gnetworking.h>
#ifdef G_OS_WIN32
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
/* These are defined by the Windows headers, but clash with openssl */
#undef X509_NAME
#undef X509_CERT_PAIR
#undef X509_EXTENSIONS
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
+#else
+/* Need `struct timeval` for DTLSv1_get_timeout() */
+#include <sys/time.h>
#endif
#include <openssl/ssl.h>
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>
#include <openssl/crypto.h>
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
#include <openssl/ocsp.h>
-#endif
-
-#endif /* __G_TLS_OPENSSL_INCLUDE_H__ */
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/*
- * gtlsbio.c
+ * openssl-module.c
*
* Copyright (C) 2015 NICE s.r.l.
*
+++ /dev/null
-/* v3_utl.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- */
-/* X509 v3 extension utilities */
-
-/* NOTE: this has been copied from openssl */
-
-#include "openssl-util.h"
-#include <string.h>
-#ifndef _MSC_VER
-#include <strings.h>
-#endif
-#include "openssl-include.h"
-
-#ifdef _MSC_VER
-#define strncasecmp _strnicmp
-#endif
-
-typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
- const unsigned char *subject, size_t subject_len,
- unsigned int flags);
-
-
-/* Skip pattern prefix to match "wildcard" subject */
-static void skip_prefix(const unsigned char **p, size_t *plen,
- const unsigned char *subject, size_t subject_len,
- unsigned int flags)
-{
- const unsigned char *pattern = *p;
- size_t pattern_len = *plen;
-
- /*
- * If subject starts with a leading '.' followed by more octets, and
- * pattern is longer, compare just an equal-length suffix with the
- * full subject (starting at the '.'), provided the prefix contains
- * no NULs.
- */
- if ((flags & _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
- return;
-
- while (pattern_len > subject_len && *pattern) {
- if ((flags & G_TLS_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
- *pattern == '.')
- break;
- ++pattern;
- --pattern_len;
- }
-
- /* Skip if entire prefix acceptable */
- if (pattern_len == subject_len) {
- *p = pattern;
- *plen = pattern_len;
- }
-}
-
-/* Compare while ASCII ignoring case. */
-static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
- const unsigned char *subject, size_t subject_len,
- unsigned int flags)
-{
- skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
- if (pattern_len != subject_len)
- return 0;
- while (pattern_len) {
- unsigned char l = *pattern;
- unsigned char r = *subject;
- /* The pattern must not contain NUL characters. */
- if (l == 0)
- return 0;
- if (l != r) {
- if ('A' <= l && l <= 'Z')
- l = (l - 'A') + 'a';
- if ('A' <= r && r <= 'Z')
- r = (r - 'A') + 'a';
- if (l != r)
- return 0;
- }
- ++pattern;
- ++subject;
- --pattern_len;
- }
- return 1;
-}
-
-/* Compare using memcmp. */
-static int equal_case(const unsigned char *pattern, size_t pattern_len,
- const unsigned char *subject, size_t subject_len,
- unsigned int flags)
-{
- skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
- if (pattern_len != subject_len)
- return 0;
- return !memcmp(pattern, subject, pattern_len);
-}
-
-/*
- * RFC 5280, section 7.5, requires that only the domain is compared in a
- * case-insensitive manner.
- */
-static int equal_email(const unsigned char *a, size_t a_len,
- const unsigned char *b, size_t b_len,
- unsigned int unused_flags)
-{
- size_t i = a_len;
- if (a_len != b_len)
- return 0;
- /*
- * We search backwards for the '@' character, so that we do not have to
- * deal with quoted local-parts. The domain part is compared in a
- * case-insensitive manner.
- */
- while (i > 0) {
- --i;
- if (a[i] == '@' || b[i] == '@') {
- if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
- return 0;
- break;
- }
- }
- if (i == 0)
- i = a_len;
- return equal_case(a, i, b, i, 0);
-}
-
-/*
- * Compare an ASN1_STRING to a supplied string. If they match return 1. If
- * cmp_type > 0 only compare if string matches the type, otherwise convert it
- * to UTF8.
- */
-
-static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
- unsigned int flags, const char *b, size_t blen,
- char **peername)
-{
- int rv = 0;
-
- if (!a->data || !a->length)
- return 0;
- if (cmp_type > 0) {
- if (cmp_type != a->type)
- return 0;
- if (cmp_type == V_ASN1_IA5STRING)
- rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
- else if (a->length == (int)blen && !memcmp(a->data, b, blen))
- rv = 1;
- if (rv > 0 && peername)
- *peername = BUF_strndup((char *)a->data, a->length);
- } else {
- int astrlen;
- unsigned char *astr;
- astrlen = ASN1_STRING_to_UTF8(&astr, a);
- if (astrlen < 0) {
- /*
- * -1 could be an internal malloc failure or a decoding error from
- * malformed input; we can't distinguish.
- */
- return -1;
- }
- rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
- if (rv > 0 && peername)
- *peername = BUF_strndup((char *)astr, astrlen);
- OPENSSL_free(astr);
- }
- return rv;
-}
-
-/*
- * Compare the prefix and suffix with the subject, and check that the
- * characters in-between are valid.
- */
-static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
- const unsigned char *suffix, size_t suffix_len,
- const unsigned char *subject, size_t subject_len,
- unsigned int flags)
-{
- const unsigned char *wildcard_start;
- const unsigned char *wildcard_end;
- const unsigned char *p;
- int allow_multi = 0;
- int allow_idna = 0;
-
- if (subject_len < prefix_len + suffix_len)
- return 0;
- if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
- return 0;
- wildcard_start = subject + prefix_len;
- wildcard_end = subject + (subject_len - suffix_len);
- if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
- return 0;
- /*
- * If the wildcard makes up the entire first label, it must match at
- * least one character.
- */
- if (prefix_len == 0 && *suffix == '.') {
- if (wildcard_start == wildcard_end)
- return 0;
- allow_idna = 1;
- if (flags & G_TLS_X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
- allow_multi = 1;
- }
- /* IDNA labels cannot match partial wildcards */
- if (!allow_idna &&
- subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
- return 0;
- /* The wildcard may match a literal '*' */
- if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
- return 1;
- /*
- * Check that the part matched by the wildcard contains only
- * permitted characters and only matches a single label unless
- * allow_multi is set.
- */
- for (p = wildcard_start; p != wildcard_end; ++p)
- if (!(('0' <= *p && *p <= '9') ||
- ('A' <= *p && *p <= 'Z') ||
- ('a' <= *p && *p <= 'z') ||
- *p == '-' || (allow_multi && *p == '.')))
- return 0;
- return 1;
-}
-
-#define LABEL_START (1 << 0)
-#define LABEL_END (1 << 1)
-#define LABEL_HYPHEN (1 << 2)
-#define LABEL_IDNA (1 << 3)
-
-static const unsigned char *valid_star(const unsigned char *p, size_t len,
- unsigned int flags)
-{
- const unsigned char *star = 0;
- size_t i;
- int state = LABEL_START;
- int dots = 0;
- for (i = 0; i < len; ++i) {
- /*
- * Locate first and only legal wildcard, either at the start
- * or end of a non-IDNA first and not final label.
- */
- if (p[i] == '*') {
- int atstart = (state & LABEL_START);
- int atend = (i == len - 1 || p[i + 1] == '.');
- /*-
- * At most one wildcard per pattern.
- * No wildcards in IDNA labels.
- * No wildcards after the first label.
- */
- if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
- return NULL;
- /* Only full-label '*.example.com' wildcards? */
- if ((flags & G_TLS_X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
- && (!atstart || !atend))
- return NULL;
- /* No 'foo*bar' wildcards */
- if (!atstart && !atend)
- return NULL;
- star = &p[i];
- state &= ~LABEL_START;
- } else if (('a' <= p[i] && p[i] <= 'z')
- || ('A' <= p[i] && p[i] <= 'Z')
- || ('0' <= p[i] && p[i] <= '9')) {
- if ((state & LABEL_START) != 0
- && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
- state |= LABEL_IDNA;
- state &= ~(LABEL_HYPHEN | LABEL_START);
- } else if (p[i] == '.') {
- if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
- return NULL;
- state = LABEL_START;
- ++dots;
- } else if (p[i] == '-') {
- if ((state & LABEL_HYPHEN) != 0)
- return NULL;
- state |= LABEL_HYPHEN;
- } else
- return NULL;
- }
-
- /*
- * The final label must not end in a hyphen or ".", and
- * there must be at least two dots after the star.
- */
- if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
- return NULL;
- return star;
-}
-
-/* Compare using wildcards. */
-static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
- const unsigned char *subject, size_t subject_len,
- unsigned int flags)
-{
- const unsigned char *star = NULL;
-
- /*
- * Subject names starting with '.' can only match a wildcard pattern
- * via a subject sub-domain pattern suffix match.
- */
- if (!(subject_len > 1 && subject[0] == '.'))
- star = valid_star(pattern, pattern_len, flags);
- if (star == NULL)
- return equal_nocase(pattern, pattern_len,
- subject, subject_len, flags);
- return wildcard_match(pattern, star - pattern,
- star + 1, (pattern + pattern_len) - star - 1,
- subject, subject_len, flags);
-}
-
-static int do_x509_check(X509 *x, const char *chk, size_t chklen,
- unsigned int flags, int check_type, char **peername)
-{
- GENERAL_NAMES *gens = NULL;
- X509_NAME *name = NULL;
- int i;
- int cnid;
- int alt_type;
- int san_present = 0;
- int rv = 0;
- equal_fn equal;
-
- /* See below, this flag is internal-only */
- flags &= ~_G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS;
- if (check_type == GEN_EMAIL) {
- cnid = NID_pkcs9_emailAddress;
- alt_type = V_ASN1_IA5STRING;
- equal = equal_email;
- } else if (check_type == GEN_DNS) {
- cnid = NID_commonName;
- /* Implicit client-side DNS sub-domain pattern */
- if (chklen > 1 && chk[0] == '.')
- flags |= _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS;
- alt_type = V_ASN1_IA5STRING;
- if (flags & G_TLS_X509_CHECK_FLAG_NO_WILDCARDS)
- equal = equal_nocase;
- else
- equal = equal_wildcard;
- } else {
- cnid = 0;
- alt_type = V_ASN1_OCTET_STRING;
- equal = equal_case;
- }
-
- if (chklen == 0)
- chklen = strlen(chk);
-
- gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
- if (gens) {
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
- GENERAL_NAME *gen;
- ASN1_STRING *cstr;
- gen = sk_GENERAL_NAME_value(gens, i);
- if (gen->type != check_type)
- continue;
- san_present = 1;
- if (check_type == GEN_EMAIL)
- cstr = gen->d.rfc822Name;
- else if (check_type == GEN_DNS)
- cstr = gen->d.dNSName;
- else
- cstr = gen->d.iPAddress;
- /* Positive on success, negative on error! */
- if ((rv = do_check_string(cstr, alt_type, equal, flags,
- chk, chklen, peername)) != 0)
- break;
- }
- GENERAL_NAMES_free(gens);
- if (rv != 0)
- return rv;
- if (!cnid
- || (san_present
- && !(flags & G_TLS_X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
- return 0;
- }
- i = -1;
- name = X509_get_subject_name(x);
- while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
- X509_NAME_ENTRY *ne;
- ASN1_STRING *str;
- ne = X509_NAME_get_entry(name, i);
- str = X509_NAME_ENTRY_get_data(ne);
- /* Positive on success, negative on error! */
- if ((rv = do_check_string(str, -1, equal, flags,
- chk, chklen, peername)) != 0)
- return rv;
- }
- return 0;
-}
-
-int g_tls_X509_check_host(X509 *x, const char *chk, size_t chklen,
- unsigned int flags, char **peername)
-{
- if (chk == NULL)
- return -2;
- /*
- * Embedded NULs are disallowed, except as the last character of a
- * string of length 2 or more (tolerate caller including terminating
- * NUL in string length).
- */
- if (chklen == 0)
- chklen = strlen(chk);
- else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
- return -2;
- if (chklen > 1 && chk[chklen - 1] == '\0')
- --chklen;
- return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
-}
-
-int g_tls_X509_check_email(X509 *x, const char *chk, size_t chklen,
- unsigned int flags)
-{
- if (chk == NULL)
- return -2;
- /*
- * Embedded NULs are disallowed, except as the last character of a
- * string of length 2 or more (tolerate caller including terminating
- * NUL in string length).
- */
- if (chklen == 0)
- chklen = strlen((char *)chk);
- else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
- return -2;
- if (chklen > 1 && chk[chklen - 1] == '\0')
- --chklen;
- return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
-}
-
-int g_tls_X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags)
-{
- if (chk == NULL)
- return -2;
- return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
-}
+++ /dev/null
-/* v3_utl.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- * In addition, when the library is used with OpenSSL, a special
- * exception applies. Refer to the LICENSE_EXCEPTION file for details.
- *
- */
-/* X509 v3 extension utilities */
-
-#ifndef __G_TLS_OPENSSL_UTIL_H__
-#define __G_TLS_OPENSSL_UTIL_H__
-
-#include "openssl-include.h"
-
-/*
- * Always check subject name for host match even if subject alt names present
- */
-# define G_TLS_X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
-/* Disable wildcard matching for dnsName fields and common name. */
-# define G_TLS_X509_CHECK_FLAG_NO_WILDCARDS 0x2
-/* Wildcards must not match a partial label. */
-# define G_TLS_X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
-/* Allow (non-partial) wildcards to match multiple labels. */
-# define G_TLS_X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
-/* Constraint verifier subdomain patterns to match a single labels. */
-# define G_TLS_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
-/*
- * Match reference identifiers starting with "." to any sub-domain.
- * This is a non-public flag, turned on implicitly when the subject
- * reference identity is a DNS name.
- */
-# define _G_TLS_X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
-
-int g_tls_X509_check_host(X509 *x, const char *chk, size_t chklen,
- unsigned int flags, char **peername);
-
-int g_tls_X509_check_email(X509 *x, const char *chk, size_t chklen,
- unsigned int flags);
-
-int g_tls_X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags);
-
-#endif /* __G_TLS_OPENSSL_UTIL_H__ */
-
-
* Author: Stef Walter <stefw@collabora.co.uk>
*/
+#include "certificate.h"
+
#include <gio/gio.h>
+#ifdef BACKEND_IS_GNUTLS
+#include <gnutls/gnutls.h>
+#include <gnutls/pkcs11.h>
+#endif
+
#include <sys/types.h>
#include <string.h>
GByteArray *cert_der;
gchar *key_pem;
gsize key_pem_length;
+ gchar *key_pem_pkcs8;
+ gsize key_pem_pkcs8_length;
GByteArray *key_der;
+ GByteArray *key_der_pkcs8;
} TestCertificate;
static void
&test->key_pem_length, &error);
g_assert_no_error (error);
+ g_file_get_contents (tls_test_file_path ("server-key-pkcs8.pem"), &test->key_pem_pkcs8,
+ &test->key_pem_pkcs8_length, &error);
+ g_assert_no_error (error);
+
g_file_get_contents (tls_test_file_path ("server-key.der"),
&contents, &length, &error);
g_assert_no_error (error);
test->key_der = g_byte_array_new ();
g_byte_array_append (test->key_der, (guint8 *)contents, length);
g_free (contents);
+
+ g_file_get_contents (tls_test_file_path ("server-key-pkcs8.der"),
+ &contents, &length, &error);
+ g_assert_no_error (error);
+
+ test->key_der_pkcs8 = g_byte_array_new ();
+ g_byte_array_append (test->key_der_pkcs8, (guint8 *)contents, length);
+ g_free (contents);
}
static void
g_byte_array_free (test->cert_der, TRUE);
g_free (test->key_pem);
+ g_free (test->key_pem_pkcs8);
g_byte_array_free (test->key_der, TRUE);
+ g_byte_array_free (test->key_der_pkcs8, TRUE);
}
static void
}
static void
+test_create_certificate_pkcs11 (TestCertificate *test,
+ gconstpointer data)
+{
+#if !defined (BACKEND_IS_GNUTLS)
+ g_test_skip ("This backend does not support PKCS #11");
+#else
+ GTlsCertificate *cert;
+ GError *error = NULL;
+
+ cert = g_initable_new (test->cert_gtype, NULL, &error,
+ "pkcs11-uri", "pkcs11:model=mock;token=Mock%20Certificate;object=Mock%20Certificate",
+ NULL);
+
+ g_assert_no_error (error);
+ g_assert_nonnull (cert);
+#endif
+}
+
+static void
+test_private_key (TestCertificate *test,
+ gconstpointer data)
+{
+ GTlsCertificate *cert;
+ GByteArray *der;
+ char *pem;
+ GError *error = NULL;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_true (G_IS_TLS_CERTIFICATE (cert));
+
+ g_object_get (cert,
+ "private-key", &der,
+ "private-key-pem", &pem,
+ NULL);
+ g_assert_cmpmem (der->data, der->len, test->key_der_pkcs8->data, test->key_der_pkcs8->len);
+ g_assert_cmpstr (pem, ==, test->key_pem_pkcs8);
+
+ g_byte_array_unref (der);
+ g_free (pem);
+ g_object_unref (cert);
+}
+
+static void
+test_private_key_pkcs11 (TestCertificate *test,
+ gconstpointer data)
+{
+#if !defined (BACKEND_IS_GNUTLS)
+ g_test_skip ("This backend does not support PKCS #11");
+#else
+ GTlsCertificate *cert;
+ GByteArray *der;
+ char *pem;
+ GError *error = NULL;
+
+ cert = g_initable_new (test->cert_gtype, NULL, &error,
+ "pkcs11-uri", "pkcs11:model=mock;token=Mock%20Certificate;object=Mock%20Certificate",
+ NULL);
+ g_assert_no_error (error);
+ g_assert_true (G_IS_TLS_CERTIFICATE (cert));
+
+ /* Cannot access private key because the GTlsCertificate only knows its
+ * PKCS #11 handle. It doesn't actually have the private key in memory.
+ */
+ g_object_get (cert,
+ "private-key", &der,
+ "private-key-pem", &pem,
+ NULL);
+ g_assert_null (der);
+ g_assert_null (pem);
+
+ g_object_unref (cert);
+#endif
+}
+
+static void
test_create_certificate_chain (void)
{
GTlsCertificate *cert, *intermediate, *root;
* - Use unrelated cert as CA
* - Use wrong identity.
* - Use expired certificate.
+ *
+ * Once upon a time, we might have asserted to see that all of these errors
+ * are set. But this is impossible to do correctly, so nowadays we only
+ * guarantee that at least one error will be set. See glib-networking#179 and
+ * glib!2214 for rationale.
*/
identity = g_network_address_new ("other.example.com", 80);
errors = g_tls_certificate_verify (cert, identity, cacert);
- g_assert_cmpuint (errors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA |
- G_TLS_CERTIFICATE_BAD_IDENTITY | G_TLS_CERTIFICATE_EXPIRED);
+ g_assert_cmpuint (errors, !=, 0);
g_object_unref (cert);
g_object_unref (cacert);
g_object_unref (three);
}
+static void
+test_certificate_not_valid_before (void)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ GDateTime *actual;
+ gchar *actual_str;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+
+ actual = g_tls_certificate_get_not_valid_before (cert);
+ g_assert_nonnull (actual);
+ actual_str = g_date_time_format_iso8601 (actual);
+ g_assert_cmpstr (actual_str, ==, EXPECTED_NOT_VALID_BEFORE);
+ g_free (actual_str);
+ g_date_time_unref (actual);
+ g_object_unref (cert);
+}
+
+/* On 32-bit, GNUTLS caps expiry times at 2037-12-31 23:23:23 to avoid
+ * overflowing time_t. Hopefully by 2037, either 32-bit will finally have
+ * died out, or GNUTLS will rethink its approach to
+ * https://gitlab.com/gnutls/gnutls/-/issues/370 */
+#define GNUTLS_32_BIT_NOT_VALID_AFTER_MAX 2145914603
+
+static void
+test_certificate_not_valid_after (void)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ GDateTime *actual;
+ gchar *actual_str;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+
+ actual = g_tls_certificate_get_not_valid_after (cert);
+ g_assert_nonnull (actual);
+ actual_str = g_date_time_format_iso8601 (actual);
+
+#if SIZEOF_TIME_T <= 4
+ if (g_date_time_to_unix (actual) == GNUTLS_32_BIT_NOT_VALID_AFTER_MAX)
+ g_test_incomplete ("not-valid-after date not representable on 32-bit");
+ else
+ g_assert_cmpstr (actual_str, ==, EXPECTED_NOT_VALID_AFTER);
+#else
+ g_assert_cmpstr (actual_str, ==, EXPECTED_NOT_VALID_AFTER);
+#endif
+
+ g_free (actual_str);
+ g_date_time_unref (actual);
+ g_object_unref (cert);
+}
+
+static void
+test_certificate_subject_name (void)
+{
+ const char *EXPECTED_SUBJECT_NAME = "DC=COM,DC=EXAMPLE,CN=server.example.com";
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ gchar *actual;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+
+ actual = g_tls_certificate_get_subject_name (cert);
+ g_assert_nonnull (actual);
+ g_assert_cmpstr (actual, ==, EXPECTED_SUBJECT_NAME);
+ g_free (actual);
+ g_object_unref (cert);
+}
+
+static void
+test_certificate_issuer_name (void)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ gchar *actual;
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+
+ actual = g_tls_certificate_get_issuer_name (cert);
+ g_assert_nonnull (actual);
+ // For GnuTLS the full string includes ",EMAIL=ca@example.com" at the end while
+ // OpenSSL includes ",emailAddress=ca@example.com" at the end
+ g_assert (strstr (actual, "DC=COM,DC=EXAMPLE,OU=Certificate Authority,CN=ca.example.com"));
+ g_free (actual);
+ g_object_unref (cert);
+}
+
+static void
+test_certificate_dns_names (void)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ GPtrArray *actual;
+ const gchar *dns_name = "server.example.com";
+ GBytes *expected = g_bytes_new_static (dns_name, strlen (dns_name));
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (cert);
+
+ actual = g_tls_certificate_get_dns_names (cert);
+ g_assert_nonnull (actual);
+ g_assert_cmpuint (actual->len, ==, 1);
+ g_assert_true (g_ptr_array_find_with_equal_func (actual, expected, (GEqualFunc)g_bytes_equal, NULL));
+
+ g_ptr_array_free (actual, TRUE);
+ g_bytes_unref (expected);
+ g_object_unref (cert);
+}
+
+static void
+test_certificate_ip_addresses (void)
+{
+ GTlsCertificate *cert;
+ GError *error = NULL;
+ GPtrArray *actual;
+ GInetAddress *expected = g_inet_address_new_from_string ("192.168.1.10");
+
+ cert = g_tls_certificate_new_from_file (tls_test_file_path ("server.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (cert);
+
+ actual = g_tls_certificate_get_ip_addresses (cert);
+ g_assert_nonnull (actual);
+ g_assert_cmpuint (actual->len, ==, 1);
+ g_assert_true (g_ptr_array_find_with_equal_func (actual, expected, (GEqualFunc)g_inet_address_equal, NULL));
+
+ g_ptr_array_free (actual, TRUE);
+ g_object_unref (expected);
+ g_object_unref (cert);
+}
+
int
main (int argc,
char *argv[])
{
+#ifdef BACKEND_IS_GNUTLS
+ char *module_path;
+#endif
+
g_test_init (&argc, &argv, NULL);
g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
- g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+ g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
+
+#ifdef BACKEND_IS_GNUTLS
+ module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
+ g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
+
+ g_assert (gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL) == GNUTLS_E_SUCCESS);
+ g_assert (gnutls_pkcs11_add_provider (module_path, NULL) == GNUTLS_E_SUCCESS);
+ g_free (module_path);
+#endif
- g_test_add ("/tls/certificate/create-pem", TestCertificate, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/create-pem", TestCertificate, NULL,
setup_certificate, test_create_pem, teardown_certificate);
- g_test_add ("/tls/certificate/create-der", TestCertificate, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/create-der", TestCertificate, NULL,
setup_certificate, test_create_der, teardown_certificate);
- g_test_add ("/tls/certificate/create-with-key-pem", TestCertificate, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/create-with-key-pem", TestCertificate, NULL,
setup_certificate, test_create_with_key_pem, teardown_certificate);
- g_test_add ("/tls/certificate/create-with-key-der", TestCertificate, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/create-with-key-der", TestCertificate, NULL,
setup_certificate, test_create_with_key_der, teardown_certificate);
- g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/create-with-issuer", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
- g_test_add ("/tls/certificate/create-with-garbage-input", TestCertificate, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
-
- g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain);
- g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain);
- g_test_add_func ("/tls/certificate/create-list", test_create_list);
- g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad);
-
- g_test_add ("/tls/certificate/verify-good", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
+ setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
+ g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
+ setup_certificate, test_private_key, teardown_certificate);
+ g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
+ setup_certificate, test_private_key_pkcs11, teardown_certificate);
+
+ g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
+ g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
+ g_test_add_func ("/tls/" BACKEND "/certificate/create-list", test_create_list);
+ g_test_add_func ("/tls/" BACKEND "/certificate/create-list-bad", test_create_list_bad);
+
+ g_test_add ("/tls/" BACKEND "/certificate/verify-good", TestVerify, NULL,
setup_verify, test_verify_certificate_good, teardown_verify);
- g_test_add ("/tls/certificate/verify-bad-identity", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/verify-bad-identity", TestVerify, NULL,
setup_verify, test_verify_certificate_bad_identity, teardown_verify);
- g_test_add ("/tls/certificate/verify-bad-ca", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/verify-bad-ca", TestVerify, NULL,
setup_verify, test_verify_certificate_bad_ca, teardown_verify);
- g_test_add ("/tls/certificate/verify-bad-before", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/verify-bad-before", TestVerify, NULL,
setup_verify, test_verify_certificate_bad_before, teardown_verify);
- g_test_add ("/tls/certificate/verify-bad-expired", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/verify-bad-expired", TestVerify, NULL,
setup_verify, test_verify_certificate_bad_expired, teardown_verify);
- g_test_add ("/tls/certificate/verify-bad-combo", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/certificate/verify-bad-combo", TestVerify, NULL,
setup_verify, test_verify_certificate_bad_combo, teardown_verify);
- g_test_add_func ("/tls/certificate/is-same", test_certificate_is_same);
+ g_test_add_func ("/tls/" BACKEND "/certificate/is-same", test_certificate_is_same);
+
+ g_test_add_func ("/tls/" BACKEND "/certificate/not-valid-before", test_certificate_not_valid_before);
+ g_test_add_func ("/tls/" BACKEND "/certificate/not-valid-after", test_certificate_not_valid_after);
+ g_test_add_func ("/tls/" BACKEND "/certificate/subject-name", test_certificate_subject_name);
+ g_test_add_func ("/tls/" BACKEND "/certificate/issuer-name", test_certificate_issuer_name);
+ g_test_add_func ("/tls/" BACKEND "/certificate/dns-names", test_certificate_dns_names);
+ g_test_add_func ("/tls/" BACKEND "/certificate/ip-addresses", test_certificate_ip_addresses);
return g_test_run();
}
--- /dev/null
+/* This file is generated from update-certificate-test.py */
+
+#define EXPECTED_NOT_VALID_BEFORE "2021-12-15T23:20:04Z"
+#define EXPECTED_NOT_VALID_AFTER "2046-12-09T23:20:04Z"
#ifdef BACKEND_IS_GNUTLS
#include <gnutls/gnutls.h>
+#include <gnutls/pkcs11.h>
+#else
+#include "openssl-include.h"
#endif
static const gchar *
#define TEST_DATA "You win again, gravity!\n"
#define TEST_DATA_LENGTH 24
+typedef enum {
+ WRITE_THEN_CLOSE,
+ WRITE_THEN_WAIT,
+ HANDSHAKE_ONLY
+} ServerConnectionReceivedStrategy;
+
typedef struct {
GMainContext *context;
GMainLoop *loop;
GTlsAuthenticationMode auth_mode;
gboolean rehandshake;
GTlsCertificateFlags accept_flags;
- GError *expected_client_close_error;
GError *read_error;
- GError *expected_server_error;
GError *server_error;
- gboolean server_should_close;
+ gboolean ignore_client_close_error;
+ ServerConnectionReceivedStrategy connection_received_strategy;
gboolean server_running;
+ gboolean server_ever_handshaked;
GTlsCertificate *server_certificate;
-#if GLIB_CHECK_VERSION(2, 60, 0)
const gchar * const *server_protocols;
-#endif
+ gulong incoming_connection_delay;
char buf[128];
gssize nread, nwrote;
for (i = 0; i < 13 && (var); i++) \
{ \
g_usleep (1000 * (1 << i)); \
- g_main_context_iteration (NULL, FALSE); \
+ g_main_context_iteration (test->context, FALSE); \
} \
\
- g_assert (!(var)); \
+ g_assert_true (!(var)); \
+ }
+
+/* Waits about 10 seconds for @var's ref_count to drop to 1 */
+#define WAIT_UNTIL_UNREFFED(var) \
+ if (var) \
+ { \
+ int i; \
+ \
+ for (i = 0; i < 13 && G_OBJECT (var)->ref_count > 1; i++) \
+ { \
+ g_usleep (1000 * (1 << i)); \
+ g_main_context_iteration (NULL, FALSE); \
+ } \
+ \
+ g_assert_cmpuint (G_OBJECT (var)->ref_count, ==, 1); \
}
static void
+wait_until_server_finished (TestConnection *test)
+{
+ WAIT_UNTIL_UNSET (test->server_running);
+}
+
+static void
teardown_connection (TestConnection *test, gconstpointer data)
{
if (test->service)
/* The outstanding accept_async will hold a ref on test->service,
* which we want to wait for it to release if we're valgrinding.
*/
- g_object_add_weak_pointer (G_OBJECT (test->service), (gpointer *)&test->service);
+ g_socket_listener_close (G_SOCKET_LISTENER (test->service));
+ WAIT_UNTIL_UNREFFED (test->service);
g_object_unref (test->service);
- WAIT_UNTIL_UNSET (test->service);
+ test->service = NULL;
}
if (test->server_connection)
{
WAIT_UNTIL_UNSET (test->server_running);
- g_object_add_weak_pointer (G_OBJECT (test->server_connection),
- (gpointer *)&test->server_connection);
+ WAIT_UNTIL_UNREFFED (test->server_connection);
g_object_unref (test->server_connection);
- WAIT_UNTIL_UNSET (test->server_connection);
+ test->server_connection = NULL;
}
if (test->client_connection)
{
- g_object_add_weak_pointer (G_OBJECT (test->client_connection),
- (gpointer *)&test->client_connection);
+ WAIT_UNTIL_UNREFFED (test->client_connection);
g_object_unref (test->client_connection);
- WAIT_UNTIL_UNSET (test->client_connection);
+ test->client_connection = NULL;
}
if (test->database)
{
- g_object_add_weak_pointer (G_OBJECT (test->database),
- (gpointer *)&test->database);
+ WAIT_UNTIL_UNREFFED (test->database);
g_object_unref (test->database);
- WAIT_UNTIL_UNSET (test->database);
+ test->database = NULL;
}
g_clear_object (&test->address);
g_main_loop_unref (test->loop);
- g_clear_error (&test->expected_client_close_error);
g_clear_error (&test->read_error);
g_clear_error (&test->server_error);
- g_clear_error (&test->expected_server_error);
}
static void
gpointer user_data)
{
TestConnection *test = user_data;
+
+ g_assert_true (G_IS_TLS_CERTIFICATE (cert));
+
return errors == test->accept_flags;
}
gpointer user_data)
{
TestConnection *test = user_data;
- GError *expected_error = test->expected_server_error;
GError *error = NULL;
g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
- g_assert_no_error (error);
-
- if (expected_error)
- g_assert_error (test->server_error, expected_error->domain, expected_error->code);
- else
- g_assert_no_error (test->server_error);
+ // FIXME: https://gitlab.gnome.org/GNOME/glib-networking/issues/105
+ // g_assert_no_error (error);
test->server_running = FALSE;
}
return;
}
- if (test->server_should_close)
+ if (test->connection_received_strategy == WRITE_THEN_CLOSE)
close_server_connection (test);
}
+static void
+on_server_handshake_finish (GObject *object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ TestConnection *test = user_data;
+ g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), res, &test->server_error);
+ g_assert_no_error (test->server_error);
+ test->server_ever_handshaked = TRUE;
+}
+
static gboolean
on_incoming_connection (GSocketService *service,
GSocketConnection *connection,
GTlsCertificate *cert;
GError *error = NULL;
+ if (test->incoming_connection_delay != 0)
+ g_usleep (test->incoming_connection_delay);
+
g_assert_null (test->server_connection);
test->server_connection = g_tls_server_connection_new (G_IO_STREAM (connection),
test->server_certificate, &error);
{
cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
g_assert_no_error (error);
- g_tls_connection_set_certificate ((GTlsConnection *)test->server_connection, cert);
+ g_tls_connection_set_certificate (G_TLS_CONNECTION (test->server_connection), cert);
g_object_unref (cert);
}
if (test->database)
g_tls_connection_set_database (G_TLS_CONNECTION (test->server_connection), test->database);
-#if GLIB_CHECK_VERSION(2, 60, 0)
if (test->server_protocols)
{
g_tls_connection_set_advertised_protocols (G_TLS_CONNECTION (test->server_connection),
test->server_protocols);
}
-#endif
stream = g_io_stream_get_output_stream (test->server_connection);
- g_output_stream_write_async (stream, TEST_DATA,
- test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
- G_PRIORITY_DEFAULT, NULL,
- on_output_write_finish, test);
+ if (test->connection_received_strategy == WRITE_THEN_CLOSE ||
+ test->connection_received_strategy == WRITE_THEN_WAIT)
+ {
+ g_output_stream_write_async (stream, TEST_DATA,
+ test->rehandshake ? TEST_DATA_LENGTH / 2 : TEST_DATA_LENGTH,
+ G_PRIORITY_DEFAULT, NULL,
+ on_output_write_finish, test);
+ }
+ else
+ {
+ g_tls_connection_handshake_async (G_TLS_CONNECTION (test->server_connection),
+ G_PRIORITY_DEFAULT, NULL,
+ on_server_handshake_finish, test);
+ }
+
return FALSE;
}
static void
-start_async_server_service (TestConnection *test,
- GTlsAuthenticationMode auth_mode,
- gboolean should_close)
+start_async_server_service (TestConnection *test,
+ GTlsAuthenticationMode auth_mode,
+ ServerConnectionReceivedStrategy connection_received_strategy)
{
test->service = g_socket_service_new ();
start_server (test);
test->auth_mode = auth_mode;
g_signal_connect (test->service, "incoming", G_CALLBACK (on_incoming_connection), test);
- test->server_should_close = should_close;
+ test->connection_received_strategy = connection_received_strategy;
}
static GIOStream *
GError *error = NULL;
GSocketConnection *connection;
- start_async_server_service (test, auth_mode, TRUE);
+ start_async_server_service (test, auth_mode, WRITE_THEN_CLOSE);
client = g_socket_client_new ();
connection = g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
g_io_stream_close_finish (G_IO_STREAM (object), res, &error);
- if (test->expected_client_close_error)
- {
- /* Although very rare, it's OK for broken pipe errors to not occur here if
- * they have already occured earlier during a read. If so, there should be
- * no error here at all.
- */
- if (error || !g_error_matches (test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
- g_assert_error (error, test->expected_client_close_error->domain, test->expected_client_close_error->code);
- }
- else
- {
- g_assert_no_error (error);
- }
+ /* FIXME: When running test_client_auth_failure(), GnuTLS throws a
+ * G_TLS_CERTIFICATE_REQUIRED error here for TLS 1.3, but no error for TLS
+ * 1.2. What's up with this difference? Can we have consistent errors?
+ */
+ if (!test->ignore_client_close_error)
+ g_assert_no_error (error);
g_main_loop_quit (test->loop);
}
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_EXPIRED);
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
-
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+
+#ifdef BACKEND_IS_GNUTLS
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#elif defined(BACKEND_IS_OPENSSL)
+ /* FIXME: This is not OK. There should be a NOT_TLS errors. But some times
+ * we either get no error or BROKEN_PIPE
+ */
+#endif
}
static void
gpointer user_data)
{
gboolean *changed = user_data;
- g_assert_false (*changed);
*changed = TRUE;
}
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
cert = g_tls_certificate_new_from_file (tls_test_file_path ("client2-and-key.pem"), &error);
g_assert_no_error (error);
g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
- g_object_unref (cert);
g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
g_assert_nonnull (peer);
g_assert_true (g_tls_certificate_is_same (peer, cert));
+ g_object_unref (cert);
}
+#ifdef BACKEND_IS_GNUTLS
static void
-test_client_auth_rehandshake (TestConnection *test,
- gconstpointer data)
+run_until_object_is_destroyed (GMainContext *context,
+ GWeakRef *weak_ref)
{
-#ifdef BACKEND_IS_OPENSSL
- g_test_skip ("the server avoids rehandshake to avoid the security problem CVE-2009-3555");
- return;
-#endif
+ GObject *object;
- test->rehandshake = TRUE;
- test_client_auth_connection (test, data);
+ while ((object = g_weak_ref_get (weak_ref)))
+ {
+ g_object_unref (object);
+ g_main_context_iteration (context, FALSE);
+ }
}
+#endif
-/* In TLS 1.3 the client handshake succeeds before the client has sent
- * its certificate to the server, so the client doesn't realize the
- * server has rejected its certificate until it tries performing I/O.
- * This results in different errors bubbling up to the API level. The
- * differences are unfortunate but difficult to avoid.
- *
- * FIXME: This isn't good to have different API behavior depending on
- * the version of GnuTLS in use. And how is OpenSSL supposed to deal
- * with this?
- */
-static gboolean
-client_can_receive_certificate_required_errors (TestConnection *test)
+static void
+test_client_auth_pkcs11_connection (TestConnection *test,
+ gconstpointer data)
{
-#ifdef BACKEND_IS_GNUTLS
- gnutls_priority_t priority_cache;
- int ret;
- int i;
- int nprotos;
- static int max_proto = 0;
- const guint *protos;
-
- /* Determine whether GNUTLS_TLS1_3 is available at *runtime* (using
- * the default priority) so that these tests work in Fedora 28, which
- * has GnuTLS 3.6 (and therefore GNUTLS_TLS1_3) but with TLS 1.3
- * disabled.
+#ifndef BACKEND_IS_GNUTLS
+ g_test_skip ("This backend does not support PKCS #11");
+#else
+ GIOStream *connection;
+ GError *error = NULL;
+ GTlsCertificate *cert;
+ GTlsCertificate *peer;
+ gboolean cas_changed;
+ GSocketClient *client;
+ GTlsInteraction *interaction;
+ GWeakRef weak_ref;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ interaction = mock_interaction_new_static_password ("ABC123");
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUIRED);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_weak_ref_init (&weak_ref, test->client_connection);
+
+ g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=mock;manufacturer=GLib-Networking;serial=1;token=Mock%20Certificate;id=%4D%6F%63%6B%20%43%65%72%74%69%66%69%63%61%74%65;object=Mock%20Certificate;type=cert",
+ "pkcs11:model=mock;manufacturer=GLib-Networking;serial=1;token=Mock%20Certificate;id=%4D%6F%63%6B%20%50%72%69%76%61%74%65%20%4B%65%79;object=Mock%20Private%20Key;type=private",
+ &error);
+ g_assert_no_error (error);
+
+ g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ cas_changed = FALSE;
+ g_signal_connect (test->client_connection, "notify::accepted-cas",
+ G_CALLBACK (on_notify_accepted_cas), &cas_changed);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+ g_assert_nonnull (peer);
+ g_assert_true (g_tls_certificate_is_same (peer, cert));
+ g_assert_true (cas_changed);
+
+ g_object_unref (cert);
+ g_object_unref (test->client_connection);
+ g_clear_object (&test->server_connection);
+
+ /* The mock PKCS#11 module allows only a single PKCS#11 connection at a time.
+ * This means we have to ensure the original GTlsClientConnection is finalized
+ * before creating the next one.
*/
- if (max_proto == 0)
- {
- ret = gnutls_priority_init (&priority_cache, "NORMAL", NULL);
- g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS);
+ run_until_object_is_destroyed (test->context, &weak_ref);
+ g_weak_ref_clear (&weak_ref);
+
+ /* Now start a new connection to the same server with a different client cert.
+ * Also test using a single URI matching both the cert and private key.
+ */
+ client = g_socket_client_new ();
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
- nprotos = gnutls_priority_protocol_list (priority_cache, &protos);
+ g_tls_connection_set_interaction (G_TLS_CONNECTION (test->client_connection), interaction);
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+ cert = g_tls_certificate_new_from_pkcs11_uris ("pkcs11:model=mock;manufacturer=GLib-Networking;serial=1;token=Mock%20Certificate;id=%4D%6F%63%6B%20%50%72%69%76%61%74%65%20%4B%65%79%20%32",
+ NULL,
+ &error);
+ g_assert_no_error (error);
+ g_tls_connection_set_certificate (G_TLS_CONNECTION (test->client_connection), cert);
+ g_object_unref (cert);
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
- for (i = 0; i < nprotos && protos[i] <= GNUTLS_TLS_VERSION_MAX; i++)
- {
- if (protos[i] > max_proto)
- max_proto = protos[i];
- }
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
- gnutls_priority_deinit (priority_cache);
- }
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
- return max_proto <= GNUTLS_TLS1_2;
-#else
- return TRUE;
+ /* peer should see the second client cert */
+ peer = g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->server_connection));
+ g_assert_nonnull (peer);
+ g_assert_true (g_tls_certificate_is_same (peer, cert));
+
+ g_object_unref (interaction);
#endif
}
static void
+test_client_auth_rehandshake (TestConnection *test,
+ gconstpointer data)
+{
+ test->rehandshake = TRUE;
+ test_client_auth_connection (test, data);
+}
+
+static void
test_client_auth_failure (TestConnection *test,
gconstpointer data)
{
g_signal_connect (test->client_connection, "notify::accepted-cas",
G_CALLBACK (on_notify_accepted_cas), &accepted_changed);
- if (!client_can_receive_certificate_required_errors (test))
- g_set_error_literal (&test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE, "");
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, "");
+ test->ignore_client_close_error = TRUE;
read_test_data_async (test);
g_main_loop_run (test->loop);
-
- /* In TLS 1.2 we'll notice that a server cert was requested. For TLS 1.3 we
- * just get dropped, usually G_TLS_ERROR_MISC but possibly also broken pipe.
+ wait_until_server_finished (test);
+
+ /* FIXME: We should always receive G_TLS_ERROR_CERTIFICATE_REQUIRED here. But
+ * on our TLS 1.2 CI, sometimes we receive GNUTLS_E_PREMATURE_TERMINATION,
+ * which we translate to G_TLS_ERROR_NOT_TLS because we have never handshaked
+ * successfully. If the timing is different and it occurs after the handshake,
+ * then we get G_TLS_ERROR_EOF. Sadly, I can't reproduce the issue locally, so
+ * my odds of fixing it are slim to none. The connection is at least failing
+ * as we expect, just not with the desired error.
*/
- if (client_can_receive_certificate_required_errors (test))
- g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
- else if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
- g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_MISC);
+ if (!g_error_matches (test->read_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS) &&
+ !g_error_matches (test->read_error, G_TLS_ERROR, G_TLS_ERROR_EOF))
+ {
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+ }
g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
g_assert_true (accepted_changed);
g_object_unref (test->client_connection);
g_clear_object (&test->server_connection);
- g_clear_error (&test->expected_client_close_error);
g_clear_error (&test->read_error);
g_clear_error (&test->server_error);
- g_clear_error (&test->expected_server_error);
+
+ test->ignore_client_close_error = FALSE;
/* Now start a new connection to the same server with a valid client cert;
* this should succeed, and not use the cached failed session from above */
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
GIOStream *connection;
GError *error = NULL;
-#ifdef BACKEND_IS_OPENSSL
- g_test_skip("this new test does not work with openssl, more research needed");
- return;
-#endif
-
g_test_bug ("793712");
test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
/* All validation in this test */
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
G_TLS_CERTIFICATE_VALIDATE_ALL);
-
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
+#if BACKEND_IS_OPENSSL && defined(G_OS_WIN32)
+ test->ignore_client_close_error = TRUE;
+#endif
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+#if BACKEND_IS_OPENSSL && defined(G_OS_WIN32)
+ test->ignore_client_close_error = FALSE;
+#endif
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+#if BACKEND_IS_OPENSSL
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
+#else
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#endif
}
static void
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
G_TLS_CERTIFICATE_VALIDATE_ALL);
- if (!client_can_receive_certificate_required_errors (test))
- g_set_error_literal (&test->expected_client_close_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE, "");
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED, "");
+ test->ignore_client_close_error = TRUE;
read_test_data_async (test);
g_main_loop_run (test->loop);
-
- /* FIXME: G_FILE_ERROR_ACCES is not a very great error to get here. */
- if (client_can_receive_certificate_required_errors (test))
- g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
- else if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
- g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_MISC);
+ wait_until_server_finished (test);
+
+ /* FIXME: We should always receive G_TLS_ERROR_CERTIFICATE_REQUIRED here. But
+ * on our TLS 1.2 CI, sometimes we receive GNUTLS_E_PREMATURE_TERMINATION,
+ * which we translate to G_TLS_ERROR_NOT_TLS because we have never handshaked
+ * successfully. If the timing is different and it occurs after the handshake,
+ * then we get G_TLS_ERROR_EOF. Sadly, I can't reproduce the issue locally, so
+ * my odds of fixing it are slim to none. The connection is at least failing
+ * as we expect, just not with the desired error.
+ */
+ if (!g_error_matches (test->read_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS) &&
+ !g_error_matches (test->read_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED) &&
+ !g_error_matches (test->read_error, G_TLS_ERROR, G_TLS_ERROR_EOF))
+ {
+ /* G_FILE_ERROR_ACCES is the error returned by our mock interaction object
+ * when the GTlsInteraction's certificate request fails.
+ */
+ g_assert_error (test->read_error, G_FILE_ERROR, G_FILE_ERROR_ACCES);
+ }
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED);
g_io_stream_close (test->server_connection, NULL, NULL);
g_io_stream_close (test->client_connection, NULL, NULL);
}
static void
+test_client_auth_request_none (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ /* Request, but don't provide, a client certificate */
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ /* The connection should succeed and everything should work. We only REQUESTED
+ * authentication, in contrast to G_TLS_AUTHENTICATION_REQUIRED where this
+ * should fail.
+ */
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+
+static void
test_connection_no_database (TestConnection *test,
gconstpointer data)
{
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
g_assert_no_error (error);
g_object_unref (connection);
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
-
g_tls_connection_handshake_async (G_TLS_CONNECTION (test->client_connection),
G_PRIORITY_DEFAULT, NULL,
handshake_failed_cb, test);
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+
+#ifdef BACKEND_IS_GNUTLS
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#elif defined(BACKEND_IS_OPENSSL)
+ /* FIXME: This is not OK. There should be a NOT_TLS errors. But some times
+ * we either get no error or BROKEN_PIPE
+ */
+#endif
}
static void
GIOStream *base;
GError *error = NULL;
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_CLOSE);
client = g_socket_client_new ();
g_socket_client_set_tls (client, TRUE);
flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
NULL, socket_client_connected, test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
connection = (GSocketConnection *)test->client_connection;
test->client_connection = NULL;
{
GSocketClient *client;
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, TRUE);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_CLOSE);
client = g_socket_client_new ();
g_socket_client_set_tls (client, TRUE);
/* this time we don't adjust the validation flags */
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
-
g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
NULL, socket_client_failed, test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+#ifdef BACKEND_IS_GNUTLS
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#else
+ /* FIXME: This is not OK. There should be a NOT_TLS errors. But some times
+ * we either get no error or BROKEN_PIPE
+ */
+#endif
g_object_unref (client);
}
-static void
-socket_client_timed_out_write (GObject *source,
- GAsyncResult *result,
- gpointer user_data)
+static gboolean
+socket_client_timed_out_write (gpointer user_data)
{
TestConnection *test = user_data;
- GSocketConnection *connection;
GInputStream *input_stream;
GOutputStream *output_stream;
GError *error = NULL;
gchar buffer[TEST_DATA_LENGTH];
gssize size;
- connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
- result, &error);
- g_assert_no_error (error);
- test->client_connection = G_IO_STREAM (connection);
-
input_stream = g_io_stream_get_input_stream (test->client_connection);
output_stream = g_io_stream_get_output_stream (test->client_connection);
/* read TEST_DATA_LENGTH once */
size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
NULL, &error);
- g_assert_no_error (error);
- g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
+ if (error)
+ {
+ /* This should very rarely ever happen, but in practice it can take more
+ * than one second to read under heavy load, or when running many tests
+ * simultaneously, so don't fail if this happens.
+ */
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
+ g_assert_cmpint (size, ==, -1);
+ g_clear_error (&error);
+ }
+ else
+ {
+ g_assert_no_error (error);
+ g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
- /* read TEST_DATA_LENGTH again to cause the time out */
- size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
- NULL, &error);
- g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
- g_assert_cmpint (size, ==, -1);
- g_clear_error (&error);
+ /* read TEST_DATA_LENGTH again to cause the time out */
+ size = g_input_stream_read (input_stream, &buffer, TEST_DATA_LENGTH,
+ NULL, &error);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
+ g_assert_cmpint (size, ==, -1);
+ g_clear_error (&error);
+ }
/* write after a timeout, session should still be valid */
size = g_output_stream_write (output_stream, TEST_DATA, TEST_DATA_LENGTH,
g_assert_cmpint (size, ==, TEST_DATA_LENGTH);
g_main_loop_quit (test->loop);
+
+ return G_SOURCE_REMOVE;
}
static void
-test_connection_read_time_out_write (TestConnection *test,
- gconstpointer data)
+socket_client_timed_out_write_connected (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
{
- GSocketClient *client;
- GTlsCertificateFlags flags;
+ TestConnection *test = user_data;
GSocketConnection *connection;
- GIOStream *base;
GError *error = NULL;
- /* Don't close the server connection after writing TEST_DATA. */
- start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, FALSE);
- client = g_socket_client_new ();
- /* Set a 1 second time out on the socket */
- g_socket_client_set_timeout (client, 1);
+ connection = g_socket_client_connect_finish (G_SOCKET_CLIENT (source),
+ result, &error);
+ g_assert_no_error (error);
+ test->client_connection = G_IO_STREAM (connection);
+
+ /* We need to use an idle callback here to guarantee that the upcoming call
+ * to g_input_stream_read() executes on the next iteration of the main
+ * context. Otherwise, we could deadlock ourselves: the read would not be able
+ * to complete if GTask executes socket_client_timed_out_write_connected()
+ * using g_task_return_now() instead of posting the invocation to the next
+ * iteration of the main context, because the server will not progress until
+ * the main context is iterated, but iteration would be blocked waiting for
+ * client's read to complete.
+ */
+ g_idle_add (socket_client_timed_out_write, test);
+}
+
+static void
+test_connection_read_time_out_write (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GTlsCertificateFlags flags;
+ GSocketConnection *connection;
+ GIOStream *base;
+ GError *error = NULL;
+
+ /* Don't close the server connection after writing TEST_DATA. */
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_WAIT);
+ client = g_socket_client_new ();
+ /* Set a 1 second time out on the socket */
+ g_socket_client_set_timeout (client, 1);
g_socket_client_set_tls (client, TRUE);
flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
/* test->address doesn't match the server's cert */
g_socket_client_set_tls_validation_flags (client, flags);
g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
- NULL, socket_client_timed_out_write, test);
+ NULL, socket_client_timed_out_write_connected, test);
g_main_loop_run (test->loop);
if (test->nwrote < TEST_DATA_LENGTH)
{
g_output_stream_write_async (G_OUTPUT_STREAM (object),
- TEST_DATA + test->nwrote,
+ &TEST_DATA[test->nwrote],
TEST_DATA_LENGTH - test->nwrote,
G_PRIORITY_DEFAULT, NULL,
simul_async_write_complete, test);
simul_async_write_complete, test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_cmpint (test->nread, ==, TEST_DATA_LENGTH);
g_assert_cmpint (test->nwrote, ==, TEST_DATA_LENGTH);
g_assert_cmpstr (test->buf, ==, TEST_DATA);
}
-#ifdef BACKEND_IS_GNUTLS
-static gboolean
-check_gnutls_has_rehandshaking_bug (void)
-{
- const char *version = gnutls_check_version (NULL);
-
- return !strcmp (version, "3.6.1") ||
- !strcmp (version, "3.6.2");
-}
-#endif
-
static void
test_simultaneous_async_rehandshake (TestConnection *test,
gconstpointer data)
{
-#ifdef BACKEND_IS_OPENSSL
- g_test_skip ("this needs more research on openssl");
- return;
-#elif defined(BACKEND_IS_GNUTLS)
- if (check_gnutls_has_rehandshaking_bug ())
- {
- g_test_skip ("test would fail due to https://gitlab.com/gnutls/gnutls/issues/426");
- return;
- }
-#endif
-
test->rehandshake = TRUE;
test_simultaneous_async (test, data);
}
while (test->nwrote < TEST_DATA_LENGTH)
{
nwrote = g_output_stream_write (ostream,
- TEST_DATA + test->nwrote,
+ &TEST_DATA[test->nwrote],
MIN (TEST_DATA_LENGTH / 2, TEST_DATA_LENGTH - test->nwrote),
NULL, &error);
g_assert_no_error (error);
* receive the connection and spawn the server thread.
*/
while (!test->server_connection)
- g_main_context_iteration (NULL, FALSE);
+ g_main_context_iteration (test->context, FALSE);
g_thread_join (write_thread);
g_thread_join (read_thread);
test_simultaneous_sync_rehandshake (TestConnection *test,
gconstpointer data)
{
-#ifdef BACKEND_IS_OPENSSL
- g_test_skip ("this needs more research on openssl");
- return;
-#elif defined(BACKEND_IS_GNUTLS)
- if (check_gnutls_has_rehandshaking_bug ())
- {
- g_test_skip ("test would fail due to https://gitlab.com/gnutls/gnutls/issues/426");
- return;
- }
-#endif
-
test->rehandshake = TRUE;
test_simultaneous_sync (test, data);
}
g_assert_no_error (error);
}
+static void
+close_server_connection_uncleanly (TestConnection *test)
+{
+ GIOStream *base_iostream;
+ GError *error = NULL;
+
+ /* Instead of closing the GTlsConnection itself, we'll directly close its
+ * underlying output stream in order to ensure the TLS close notify is never
+ * sent.
+ */
+ g_object_get (test->server_connection,
+ "base-io-stream", &base_iostream,
+ NULL);
+
+ g_io_stream_close (base_iostream, NULL, &error);
+ g_assert_no_error (error);
+
+ test->server_running = FALSE;
+
+ g_object_unref (base_iostream);
+}
+
+static void
+test_unclean_close_by_server (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GTlsCertificateFlags flags;
+ GTlsConnection *client_connection;
+ gssize nread;
+
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, HANDSHAKE_ONLY);
+ client = g_socket_client_new ();
+ g_socket_client_set_tls (client, TRUE);
+ flags = G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_UNKNOWN_CA;
+ /* test->address doesn't match the server's cert */
+ flags = flags & ~G_TLS_CERTIFICATE_BAD_IDENTITY;
+ g_socket_client_set_tls_validation_flags (client, flags);
+
+ g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, socket_client_connected, test);
+ g_main_loop_run (test->loop);
+
+ /* The server might not have completed its handshake yet. We want to
+ * wait until the handshake has completed successfully before closing
+ * the connection.
+ */
+ while (!test->server_ever_handshaked)
+ g_main_context_iteration (test->context, TRUE);
+
+ close_server_connection_uncleanly (test);
+
+ /* Because the server closed its connection uncleanly, we should receive
+ * G_TLS_ERROR_EOF to warn that the close notify alert was not received,
+ * indicating a truncation attack. The only other acceptable error here
+ * is connection closed, which is an uncommon race.
+ */
+ nread = g_input_stream_read (g_io_stream_get_input_stream (test->client_connection),
+ test->buf, TEST_DATA_LENGTH,
+ NULL, &test->read_error);
+ if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_EOF);
+ g_assert_cmpint (nread, ==, -1);
+
+ /* Now do it again, except this time, we ignore truncation attacks by
+ * disabling require_close_notify.
+ */
+ g_clear_error (&test->read_error);
+ g_clear_object (&test->address);
+ g_clear_object (&test->identity);
+ g_socket_service_stop (test->service);
+ g_clear_object (&test->service);
+ g_clear_object (&test->server_connection);
+ g_clear_object (&test->client_connection);
+ test->server_ever_handshaked = FALSE;
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, HANDSHAKE_ONLY);
+
+ g_socket_client_set_tls (client, TRUE);
+ g_socket_client_connect_async (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, socket_client_connected, test);
+ g_main_loop_run (test->loop);
+
+ while (!test->server_ever_handshaked)
+ g_main_context_iteration (test->context, TRUE);
+
+ close_server_connection_uncleanly (test);
+
+ client_connection = G_TLS_CONNECTION (g_tcp_wrapper_connection_get_base_io_stream (G_TCP_WRAPPER_CONNECTION (test->client_connection)));
+ g_tls_connection_set_require_close_notify (client_connection, FALSE);
+
+ nread = g_input_stream_read (g_io_stream_get_input_stream (test->client_connection),
+ test->buf, TEST_DATA_LENGTH,
+ NULL, &test->read_error);
+ if (!g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE))
+ g_assert_no_error (test->read_error);
+ g_assert_cmpint (nread, ==, 0);
+
+ g_object_unref (client);
+}
+
static gboolean
async_implicit_handshake_dispatch (GPollableInputStream *stream,
gpointer user_data)
test, NULL);
g_source_attach (input_source, NULL);
+ g_source_unref (input_source);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_io_stream_close (G_IO_STREAM (test->client_connection), NULL, &error);
g_assert_no_error (error);
}
static void
-quit_on_handshake_complete (GObject *object,
- GAsyncResult *result,
- gpointer user_data)
-{
- TestConnection *test = user_data;
- GError *error = NULL;
-
- g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error);
- g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
- g_error_free (error);
-
- g_main_loop_quit (test->loop);
- return;
-}
-
-static void
-test_fallback (TestConnection *test,
- gconstpointer data)
-{
- GIOStream *connection;
- GTlsConnection *tlsconn;
- GError *error = NULL;
-
-#ifdef BACKEND_IS_OPENSSL
- g_test_skip ("this needs more research on openssl");
- return;
-#endif
-
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
- test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
- g_assert_no_error (error);
- tlsconn = G_TLS_CONNECTION (test->client_connection);
- g_object_unref (connection);
-
- g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
- 0);
-#if defined(__GNUC__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
- g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection),
- TRUE);
-#if defined(__GNUC__)
-#pragma GCC diagnostic pop
-#endif
-
-#if GLIB_CHECK_VERSION(2, 60, 0)
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_INAPPROPRIATE_FALLBACK, "");
-#else
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_MISC, "");
-#endif
-
- g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL,
- quit_on_handshake_complete, test);
- g_main_loop_run (test->loop);
-
- /* The server should detect a protocol downgrade attack and terminate the connection.
- */
-
- g_io_stream_close (test->client_connection, NULL, &error);
- g_assert_no_error (error);
-}
-
-static void
handshake_completed (GObject *object,
GAsyncResult *result,
gpointer user_data)
gboolean handshake_complete = FALSE;
gssize size;
+#ifdef BACKEND_IS_OPENSSL
+# if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ /* FIXME: This test fails most of the times with openssl 1.1.1, my guess is that
+ * there is still some threading issue and we endup calling input_stream_read
+ * from different threads and the same time.
+ */
+ g_test_skip ("this is not supported with openssl 1.1.1");
+ return;
+# endif
+#endif
+
connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
handshake_completed, &handshake_complete);
while (!handshake_complete)
- g_main_context_iteration (NULL, TRUE);
+ g_main_context_iteration (test->context, TRUE);
ret = g_output_stream_close (g_io_stream_get_output_stream (test->client_connection),
NULL, &error);
*/
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
GError *error = NULL;
test->database = g_tls_file_database_new (tls_test_file_path ("garbage.pem"), &error);
- g_assert_no_error (error);
- g_assert_nonnull (test->database);
+ g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC);
+ g_assert_null (test->database);
+ g_clear_error (&error);
connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
G_TLS_CERTIFICATE_VALIDATE_ALL);
- g_set_error_literal (&test->expected_server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS, "");
-
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
/* Should reject the server's certificate, because our TLS database contains
* no valid certificates.
*/
g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+#ifdef BACKEND_IS_GNUTLS
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#endif
}
static void
g_test_bug ("792219");
- connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_REQUESTED);
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
g_assert_no_error (error);
g_object_unref (connection);
const char * const *server_protocols,
const char *negotiated_protocol)
{
-#if GLIB_CHECK_VERSION(2, 60, 0)
GIOStream *connection;
GError *error = NULL;
test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
g_assert_no_error (error);
- g_assert (test->database);
+ g_assert_nonnull (test->database);
connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
g_assert_cmpstr (g_tls_connection_get_negotiated_protocol (G_TLS_CONNECTION (test->server_connection)), ==, negotiated_protocol);
g_assert_cmpstr (g_tls_connection_get_negotiated_protocol (G_TLS_CONNECTION (test->client_connection)), ==, negotiated_protocol);
-#else
- g_test_skip ("no support for ALPN in this GLib version");
-#endif
}
static void
read_test_data_async (test);
g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
g_assert_no_error (test->read_error);
g_assert_no_error (test->server_error);
}
-int
-main (int argc,
- char *argv[])
+static void
+test_socket_timeout (TestConnection *test,
+ gconstpointer data)
{
- int ret;
+ GIOStream *connection;
+ GSocketClient *client;
+ GError *error = NULL;
- g_test_init (&argc, &argv, NULL);
- g_test_bug_base ("http://bugzilla.gnome.org/");
+ test->incoming_connection_delay = (gulong)(1.5 * G_USEC_PER_SEC);
- g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
- g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
- g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_CLOSE);
+
+ client = g_socket_client_new ();
+ g_socket_client_set_timeout (client, 1);
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ /* No validation at all in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ g_assert_error (test->read_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
+#ifndef BACKEND_IS_OPENSSL
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#endif
+}
+
+static void
+test_connection_binding_match_tls_unique (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GIOStream *connection;
+ GByteArray *client_cb, *server_cb;
+ gchar *client_b64, *server_b64;
+ gboolean client_supports_tls_unique;
+ gboolean server_supports_tls_unique;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_WAIT);
+
+ client = g_socket_client_new ();
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ /* tls-unique is supported by the OpenSSL backend always. It's supported by
+ * the GnuTLS backend only with TLS 1.2 or older. Since the test needs to be
+ * independent of backend and TLS version, this is allowed to fail....
+ */
+ client_supports_tls_unique = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ G_TLS_CHANNEL_BINDING_TLS_UNIQUE, NULL, NULL);
+ server_supports_tls_unique = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ G_TLS_CHANNEL_BINDING_TLS_UNIQUE, NULL, NULL);
+ g_assert_cmpint (client_supports_tls_unique, ==, server_supports_tls_unique);
+
+ /* Real test: retrieve bindings and compare */
+ if (client_supports_tls_unique)
+ {
+ g_assert_false (g_tls_connection_get_protocol_version (
+ G_TLS_CONNECTION (test->client_connection)) == G_TLS_PROTOCOL_VERSION_TLS_1_3);
+ client_cb = g_byte_array_new ();
+ server_cb = g_byte_array_new ();
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ G_TLS_CHANNEL_BINDING_TLS_UNIQUE, client_cb, NULL));
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ G_TLS_CHANNEL_BINDING_TLS_UNIQUE, server_cb, NULL));
+ g_assert_cmpint (client_cb->len, >, 0);
+ g_assert_cmpint (server_cb->len, >, 0);
+
+ client_b64 = g_base64_encode (client_cb->data, client_cb->len);
+ server_b64 = g_base64_encode (server_cb->data, server_cb->len);
+ g_assert_cmpstr (client_b64, ==, server_b64);
+
+ g_free (client_b64);
+ g_free (server_b64);
+ g_byte_array_unref (client_cb);
+ g_byte_array_unref (server_cb);
+ }
+ else
+ {
+ g_assert_true (g_tls_connection_get_protocol_version (
+ G_TLS_CONNECTION (test->client_connection)) == G_TLS_PROTOCOL_VERSION_TLS_1_3);
+ g_test_skip ("tls-unique is not supported");
+ }
+
+ /* drop the mic */
+ close_server_connection (test);
+ wait_until_server_finished (test);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+/* create_files.sh should update this digest but if anything goes wrong
+ * please make sure the string below matches the output of
+ * openssl x509 -outform der -in files/server.pem | openssl sha256 -binary | base64
+ **/
+#define SERVER_CERT_DIGEST_B64 "sdRMUK4PwcHXUPAMwglrSy4Fi8Ybfim61hfucliJ19s="
+static void
+test_connection_binding_match_tls_server_end_point (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GIOStream *connection;
+ GByteArray *client_cb, *server_cb;
+ gchar *client_b64, *server_b64;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_WAIT);
+
+ client = g_socket_client_new ();
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ /* Smoke test: ensure both sides support tls-server-end-point */
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT, NULL, NULL));
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT, NULL, NULL));
+
+ /* Real test: retrieve bindings and compare */
+ client_cb = g_byte_array_new ();
+ server_cb = g_byte_array_new ();
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT, client_cb, NULL));
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ G_TLS_CHANNEL_BINDING_TLS_SERVER_END_POINT, server_cb, NULL));
+
+ client_b64 = g_base64_encode (client_cb->data, client_cb->len);
+ server_b64 = g_base64_encode (server_cb->data, server_cb->len);
+ g_assert_cmpstr (client_b64, ==, server_b64);
+ g_assert_cmpstr (client_b64, ==, SERVER_CERT_DIGEST_B64);
+ g_assert_cmpstr (server_b64, ==, SERVER_CERT_DIGEST_B64);
+
+ g_free (client_b64);
+ g_free (server_b64);
+ g_byte_array_unref (client_cb);
+ g_byte_array_unref (server_cb);
+
+ /* drop the mic */
+ close_server_connection (test);
+ wait_until_server_finished (test);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+test_connection_binding_match_tls_exporter (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GIOStream *connection;
+ GByteArray *client_cb, *server_cb;
+ gchar *client_b64, *server_b64;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_WAIT);
+
+ client = g_socket_client_new ();
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ /* Smoke test: ensure both sides support tls-exporter */
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ (GTlsChannelBindingType)100500, NULL, NULL));
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ (GTlsChannelBindingType)100500, NULL, NULL));
+
+ /* Real test: retrieve bindings and compare */
+ client_cb = g_byte_array_new ();
+ server_cb = g_byte_array_new ();
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ (GTlsChannelBindingType)100500, client_cb, NULL));
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ (GTlsChannelBindingType)100500, server_cb, NULL));
+
+ client_b64 = g_base64_encode (client_cb->data, client_cb->len);
+ server_b64 = g_base64_encode (server_cb->data, server_cb->len);
+ g_assert_cmpstr (client_b64, ==, server_b64);
+
+ g_free (client_b64);
+ g_free (server_b64);
+ g_byte_array_unref (client_cb);
+ g_byte_array_unref (server_cb);
+
+ /* drop the mic */
+ close_server_connection (test);
+ wait_until_server_finished (test);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+static void
+test_connection_missing_server_identity (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ /* We pass NULL instead of test->identity when creating the client
+ * connection. This means verification must fail with
+ * G_TLS_CERTIFICATE_BAD_IDENTITY.
+ */
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ /* All validation in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+
+#ifdef BACKEND_IS_GNUTLS
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#elif defined(BACKEND_IS_OPENSSL)
+ /* FIXME: This is not OK. There should be a NOT_TLS errors. But some times
+ * we either get no error or BROKEN_PIPE
+ */
+#endif
+
+ g_clear_error (&test->read_error);
+ g_clear_error (&test->server_error);
+
+ g_clear_object (&test->address);
+ g_clear_object (&test->identity);
+
+ g_clear_object (&test->client_connection);
+ g_clear_object (&test->server_connection);
+
+ g_socket_service_stop (test->service);
+ g_clear_object (&test->service);
+
+ /* Now do the same thing again, this time ignoring bad identity. */
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ test->client_connection = g_tls_client_connection_new (connection, NULL, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL & ~G_TLS_CERTIFICATE_BAD_IDENTITY);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+}
+
+typedef struct {
+ TestConnection *test;
+ gboolean peer_certificate_notified;
+ gboolean peer_certificate_errors_notified;
+} NotifyTestData;
+
+static gboolean
+on_accept_certificate_peer_certificate_notify (GTlsConnection *conn,
+ GTlsCertificate *cert,
+ GTlsCertificateFlags errors,
+ NotifyTestData *data)
+{
+ TestConnection *test = data->test;
+
+ g_assert_true (G_IS_TLS_CERTIFICATE (cert));
+
+ /* We guarantee these props are not set until after the handshake. */
+ g_assert_null (g_tls_connection_get_peer_certificate (conn));
+ g_assert_cmpint (g_tls_connection_get_peer_certificate_errors (conn), ==, 0);
+
+ g_assert_false (data->peer_certificate_notified);
+ g_assert_false (data->peer_certificate_errors_notified);
+
+ return errors == test->accept_flags;
+}
+
+static void
+on_peer_certificate_notify (GTlsConnection *conn,
+ GParamSpec *pspec,
+ gboolean *notified)
+{
+ *notified = TRUE;
+}
+
+static void
+on_peer_certificate_errors_notify (GTlsConnection *conn,
+ GParamSpec *pspec,
+ gboolean *notified)
+{
+ *notified = TRUE;
+}
+
+static void
+test_peer_certificate_notify (TestConnection *test,
+ gconstpointer data)
+{
+ NotifyTestData notify_data = { test, FALSE, FALSE };
+ GIOStream *connection;
+ GError *error = NULL;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ /* For this test, we need validation to fail to ensure that the
+ * accept-certificate signal gets emitted.
+ */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ g_signal_connect (test->client_connection, "accept-certificate",
+ G_CALLBACK (on_accept_certificate_peer_certificate_notify), ¬ify_data);
+ g_signal_connect (test->client_connection, "notify::peer-certificate",
+ G_CALLBACK (on_peer_certificate_notify), ¬ify_data.peer_certificate_notified);
+ g_signal_connect (test->client_connection, "notify::peer-certificate-errors",
+ G_CALLBACK (on_peer_certificate_errors_notify), ¬ify_data.peer_certificate_errors_notified);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ g_assert_true (notify_data.peer_certificate_notified);
+ g_assert_true (notify_data.peer_certificate_errors_notified);
+
+ g_assert_true (G_IS_TLS_CERTIFICATE (g_tls_connection_get_peer_certificate (G_TLS_CONNECTION (test->client_connection))));
+ g_assert_cmpint (g_tls_connection_get_peer_certificate_errors (G_TLS_CONNECTION (test->client_connection)), !=, 0);
+
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+#ifdef BACKEND_IS_GNUTLS
+ g_assert_error (test->server_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS);
+#elif defined(BACKEND_IS_OPENSSL)
+ /* FIXME: This is not OK. There should be a NOT_TLS errors. But some times
+ * we either get no error or BROKEN_PIPE
+ */
+#endif
+}
+
+static void
+test_tls_info (TestConnection *test,
+ gconstpointer data)
+{
+ GIOStream *connection;
+ char *ciphersuite_name;
+ GError *error = NULL;
+
+ connection = start_async_server_and_connect_to_it (test, G_TLS_AUTHENTICATION_NONE);
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_object_unref (connection);
+
+ g_assert_cmpint (g_tls_connection_get_protocol_version (G_TLS_CONNECTION (test->client_connection)), ==, G_TLS_PROTOCOL_VERSION_UNKNOWN);
+ g_assert_null (g_tls_connection_get_ciphersuite_name (G_TLS_CONNECTION (test->client_connection)));
+
+ /* No validation at all in this test */
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ 0);
+
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+ wait_until_server_finished (test);
+
+ g_assert_no_error (test->read_error);
+ g_assert_no_error (test->server_error);
+
+ g_assert_cmpint (g_tls_connection_get_protocol_version (G_TLS_CONNECTION (test->client_connection)), !=, G_TLS_PROTOCOL_VERSION_UNKNOWN);
+ ciphersuite_name = g_tls_connection_get_ciphersuite_name (G_TLS_CONNECTION (test->client_connection));
+ g_assert_nonnull (ciphersuite_name);
+ g_free (ciphersuite_name);
+}
+
+static void
+test_connection_oscp_must_staple (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GIOStream *connection;
+ GError *error = NULL;
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ test->server_certificate = g_tls_certificate_new_from_file (tls_test_file_path ("server-ocsp-required-by-server-and-key.pem"), &error);
+ g_assert_no_error (error);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_WAIT);
+
+ client = g_socket_client_new ();
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ close_server_connection (test);
+ wait_until_server_finished (test);
+
+ /* The server certificate states it supports status_request but our server does not
+ * actually set or support that.
+ * To be secure this must error as a bad certificate. */
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+
+ g_clear_error (&test->read_error);
+ g_clear_error (&test->server_error);
+}
+
+static void
+test_connection_oscp_must_staple_intermediate_certificate (TestConnection *test,
+ gconstpointer data)
+{
+ GSocketClient *client;
+ GIOStream *connection;
+ GError *error = NULL;
+
+#ifdef BACKEND_IS_OPENSSL
+ g_test_skip ("OCSP Must-Staple on intermediate certificates is not supported with the OpenSSL backend");
+ return;
+#endif
+
+ test->database = g_tls_file_database_new (tls_test_file_path ("ca-ocsp.pem"), &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->database);
+
+ test->server_certificate = g_tls_certificate_new_from_file (tls_test_file_path ("server-ocsp-required-by-ca-and-key.pem"), &error);
+ g_assert_no_error (error);
+ start_async_server_service (test, G_TLS_AUTHENTICATION_NONE, WRITE_THEN_WAIT);
+
+ client = g_socket_client_new ();
+ connection = G_IO_STREAM (g_socket_client_connect (client, G_SOCKET_CONNECTABLE (test->address),
+ NULL, &error));
+ g_assert_no_error (error);
+ g_object_unref (client);
+
+ test->client_connection = g_tls_client_connection_new (connection, test->identity, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (test->client_connection);
+ g_object_unref (connection);
+
+ g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
+
+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection),
+ G_TLS_CERTIFICATE_VALIDATE_ALL);
+
+ read_test_data_async (test);
+ g_main_loop_run (test->loop);
+
+ close_server_connection (test);
+ wait_until_server_finished (test);
+
+ /* The CA certificate states it supports status_request but our server does not
+ * actually set or support that.
+ * To be secure this must error as a bad certificate. */
+ g_assert_error (test->read_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+
+ g_clear_error (&test->read_error);
+ g_clear_error (&test->server_error);
+}
+
+int
+main (int argc,
+ char *argv[])
+{
+ int ret;
+#ifdef BACKEND_IS_GNUTLS
+ char *module_path;
+ const char *spy_path;
+#endif
+
+ g_test_init (&argc, &argv, NULL);
+ g_test_bug_base ("http://bugzilla.gnome.org/");
+
+ g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
+ g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+
+ g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+
+#ifdef BACKEND_IS_GNUTLS
+ module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
+ g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
+
+ /* This just adds extra logging which is useful for debugging */
+ spy_path = g_getenv ("PKCS11SPY_PATH");
+ if (!spy_path)
+ {
+ spy_path = "/usr/lib64/pkcs11-spy.so"; /* Fedora's path */
+ if (!g_file_test (spy_path, G_FILE_TEST_EXISTS))
+ spy_path = "/usr/lib/x86_64-linux-gnu/pkcs11-spy.so"; /* Debian/Ubuntu's path */
+ }
+
+ if (g_file_test (spy_path, G_FILE_TEST_EXISTS))
+ {
+ g_debug ("Using PKCS #11 Spy");
+ g_setenv ("PKCS11SPY", module_path, TRUE);
+ g_free (module_path);
+ module_path = g_strdup (spy_path);
+ }
+
+ ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS);
+ ret = gnutls_pkcs11_add_provider (module_path, NULL);
+ g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS);
+ g_free (module_path);
+#endif
- g_test_add ("/tls/connection/basic", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/basic", TestConnection, NULL,
setup_connection, test_basic_connection, teardown_connection);
- g_test_add ("/tls/connection/verified", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/verified", TestConnection, NULL,
setup_connection, test_verified_connection, teardown_connection);
- g_test_add ("/tls/connection/verified-chain", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/verified-chain", TestConnection, NULL,
setup_connection, test_verified_chain, teardown_connection);
- g_test_add ("/tls/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/verified-chain-with-redundant-root-cert", TestConnection, NULL,
setup_connection, test_verified_chain_with_redundant_root_cert, teardown_connection);
- g_test_add ("/tls/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/verified-chain-with-duplicate-server-cert", TestConnection, NULL,
setup_connection, test_verified_chain_with_duplicate_server_cert, teardown_connection);
- g_test_add ("/tls/connection/verified-unordered-chain", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/verified-unordered-chain", TestConnection, NULL,
setup_connection, test_verified_unordered_chain, teardown_connection);
- g_test_add ("/tls/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/verified-chain-with-alternative-ca-cert", TestConnection, NULL,
setup_connection, test_verified_chain_with_alternative_ca_cert, teardown_connection);
- g_test_add ("/tls/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/invalid-chain-with-alternative-ca-cert", TestConnection, NULL,
setup_connection, test_invalid_chain_with_alternative_ca_cert, teardown_connection);
- g_test_add ("/tls/connection/client-auth", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth", TestConnection, NULL,
setup_connection, test_client_auth_connection, teardown_connection);
- g_test_add ("/tls/connection/client-auth-rehandshake", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-rehandshake", TestConnection, NULL,
setup_connection, test_client_auth_rehandshake, teardown_connection);
- g_test_add ("/tls/connection/client-auth-failure", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-failure", TestConnection, NULL,
setup_connection, test_client_auth_failure, teardown_connection);
- g_test_add ("/tls/connection/client-auth-fail-missing-client-private-key", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-fail-missing-client-private-key", TestConnection, NULL,
setup_connection, test_client_auth_fail_missing_client_private_key, teardown_connection);
- g_test_add ("/tls/connection/client-auth-request-cert", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-request-cert", TestConnection, NULL,
setup_connection, test_client_auth_request_cert, teardown_connection);
- g_test_add ("/tls/connection/client-auth-request-fail", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-request-fail", TestConnection, NULL,
setup_connection, test_client_auth_request_fail, teardown_connection);
- g_test_add ("/tls/connection/no-database", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
+ setup_connection, test_client_auth_request_none, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
+ setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
setup_connection, test_connection_no_database, teardown_connection);
- g_test_add ("/tls/connection/failed", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
setup_connection, test_failed_connection, teardown_connection);
- g_test_add ("/tls/connection/socket-client", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/socket-client", TestConnection, NULL,
setup_connection, test_connection_socket_client, teardown_connection);
- g_test_add ("/tls/connection/socket-client-failed", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/socket-client-failed", TestConnection, NULL,
setup_connection, test_connection_socket_client_failed, teardown_connection);
- g_test_add ("/tls/connection/read-time-out-then-write", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/read-time-out-then-write", TestConnection, NULL,
setup_connection, test_connection_read_time_out_write, teardown_connection);
- g_test_add ("/tls/connection/simultaneous-async", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/simultaneous-async", TestConnection, NULL,
setup_connection, test_simultaneous_async, teardown_connection);
- g_test_add ("/tls/connection/simultaneous-sync", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/simultaneous-sync", TestConnection, NULL,
setup_connection, test_simultaneous_sync, teardown_connection);
- g_test_add ("/tls/connection/simultaneous-async-rehandshake", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/simultaneous-async-rehandshake", TestConnection, NULL,
setup_connection, test_simultaneous_async_rehandshake, teardown_connection);
- g_test_add ("/tls/connection/simultaneous-sync-rehandshake", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/simultaneous-sync-rehandshake", TestConnection, NULL,
setup_connection, test_simultaneous_sync_rehandshake, teardown_connection);
- g_test_add ("/tls/connection/close-immediately", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/close-immediately", TestConnection, NULL,
setup_connection, test_close_immediately, teardown_connection);
- g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/unclean-close-by-server", TestConnection, NULL,
+ setup_connection, test_unclean_close_by_server, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/async-implicit-handshake", TestConnection, NULL,
setup_connection, test_async_implicit_handshake, teardown_connection);
- g_test_add ("/tls/connection/output-stream-close", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/output-stream-close", TestConnection, NULL,
setup_connection, test_output_stream_close, teardown_connection);
- g_test_add ("/tls/connection/fallback", TestConnection, NULL,
- setup_connection, test_fallback, teardown_connection);
- g_test_add ("/tls/connection/garbage-database", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/garbage-database", TestConnection, NULL,
setup_connection, test_garbage_database, teardown_connection);
- g_test_add ("/tls/connection/readwrite-after-connection-destroyed", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/readwrite-after-connection-destroyed", TestConnection, NULL,
setup_connection, test_readwrite_after_connection_destroyed, teardown_connection);
- g_test_add ("/tls/connection/alpn/match", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/alpn/match", TestConnection, NULL,
setup_connection, test_alpn_match, teardown_connection);
- g_test_add ("/tls/connection/alpn/no-match", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/alpn/no-match", TestConnection, NULL,
setup_connection, test_alpn_no_match, teardown_connection);
- g_test_add ("/tls/connection/alpn/client-only", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/alpn/client-only", TestConnection, NULL,
setup_connection, test_alpn_client_only, teardown_connection);
- g_test_add ("/tls/connection/alpn/server-only", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/alpn/server-only", TestConnection, NULL,
setup_connection, test_alpn_server_only, teardown_connection);
- g_test_add ("/tls/connection/sync-op-during-handshake", TestConnection, NULL,
+ g_test_add ("/tls/" BACKEND "/connection/sync-op-during-handshake", TestConnection, NULL,
setup_connection, test_sync_op_during_handshake, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/socket-timeout", TestConnection, NULL,
+ setup_connection, test_socket_timeout, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/missing-server-identity", TestConnection, NULL,
+ setup_connection, test_connection_missing_server_identity, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/peer-certificate-notify", TestConnection, NULL,
+ setup_connection, test_peer_certificate_notify, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/binding/match-tls-unique", TestConnection, NULL,
+ setup_connection, test_connection_binding_match_tls_unique, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/binding/match-tls-server-end-point", TestConnection, NULL,
+ setup_connection, test_connection_binding_match_tls_server_end_point, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/binding/match-tls-exporter", TestConnection, NULL,
+ setup_connection, test_connection_binding_match_tls_exporter, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/tls-info", TestConnection, NULL,
+ setup_connection, test_tls_info, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/oscp/must-staple", TestConnection, NULL,
+ setup_connection, test_connection_oscp_must_staple, teardown_connection);
+ g_test_add ("/tls/" BACKEND "/connection/oscp/must-staple-intermediate-certificate", TestConnection, NULL,
+ setup_connection, test_connection_oscp_must_staple_intermediate_certificate, teardown_connection);
ret = g_test_run ();
#include "config.h"
+#include "lossy-socket.h"
#include "mock-interaction.h"
#include <gio/gio.h>
+#ifdef BACKEND_IS_GNUTLS
#include <gnutls/gnutls.h>
+#endif
#include <sys/types.h>
#include <string.h>
gboolean server_should_disappear; /* whether the server should stop responding before sending a message */
gboolean server_should_close; /* whether the server should close gracefully once it’s sent a message */
GTlsAuthenticationMode auth_mode;
+ IOPredicateFunc client_loss_inducer;
+ IOPredicateFunc server_loss_inducer;
} TestData;
typedef struct {
GMainContext *server_context;
gboolean loop_finished;
GSocket *server_socket;
+ GDatagramBased *server_transport;
GSource *server_source;
GTlsDatabase *database;
GDatagramBased *server_connection;
gboolean expect_server_error;
GError *server_error;
gboolean server_running;
-#if GLIB_CHECK_VERSION(2, 60, 0)
const gchar * const *server_protocols;
-#endif
char buf[128];
gssize nread, nwrote;
}
/* Waits about 10 seconds for @var to be NULL/FALSE */
-#define WAIT_UNTIL_UNSET(var) \
- if (var) \
- { \
- int i; \
- \
- for (i = 0; i < 13 && (var); i++) \
- { \
- g_usleep (1000 * (1 << i)); \
- g_main_context_iteration (NULL, FALSE); \
- } \
- \
- g_assert (!(var)); \
+#define WAIT_UNTIL_UNSET(var) \
+ if (var) \
+ { \
+ int i; \
+ \
+ for (i = 0; i < 13 && (var); i++) \
+ { \
+ g_usleep (1000 * (1 << i)); \
+ g_main_context_iteration (test->client_context, FALSE); \
+ } \
+ \
+ g_assert_true (!(var)); \
+ }
+
+/* Waits about 10 seconds for @var's ref_count to drop to 1 */
+#define WAIT_UNTIL_UNREFFED(var) \
+ if (var) \
+ { \
+ int i; \
+ \
+ for (i = 0; i < 13 && G_OBJECT (var)->ref_count > 1; i++) \
+ { \
+ g_usleep (1000 * (1 << i)); \
+ g_main_context_iteration (test->client_context, FALSE); \
+ } \
+ \
+ g_assert_cmpuint (G_OBJECT (var)->ref_count, ==, 1); \
}
static void
{
WAIT_UNTIL_UNSET (test->server_running);
- g_object_add_weak_pointer (G_OBJECT (test->server_connection),
- (gpointer *)&test->server_connection);
+ WAIT_UNTIL_UNREFFED (test->server_connection);
g_object_unref (test->server_connection);
- WAIT_UNTIL_UNSET (test->server_connection);
+ test->server_connection = NULL;
}
+ g_clear_object (&test->server_transport);
+
if (test->server_socket)
{
g_socket_close (test->server_socket, &error);
/* The outstanding accept_async will hold a ref on test->server_socket,
* which we want to wait for it to release if we're valgrinding.
*/
- g_object_add_weak_pointer (G_OBJECT (test->server_socket), (gpointer *)&test->server_socket);
+ WAIT_UNTIL_UNREFFED (test->server_socket);
g_object_unref (test->server_socket);
- WAIT_UNTIL_UNSET (test->server_socket);
+ test->server_socket = NULL;
}
if (test->client_connection)
{
- g_object_add_weak_pointer (G_OBJECT (test->client_connection),
- (gpointer *)&test->client_connection);
+ WAIT_UNTIL_UNREFFED (test->client_connection);
g_object_unref (test->client_connection);
- WAIT_UNTIL_UNSET (test->client_connection);
+ test->client_connection = NULL;
}
if (test->database)
{
- g_object_add_weak_pointer (G_OBJECT (test->database),
- (gpointer *)&test->database);
+ WAIT_UNTIL_UNREFFED (test->database);
g_object_unref (test->database);
- WAIT_UNTIL_UNSET (test->database);
+ test->database = NULL;
}
g_clear_object (&test->address);
g_inet_socket_address_get_port (iaddr));
test->server_socket = socket;
+ if (test->test_data->server_loss_inducer)
+ {
+ test->server_transport = lossy_socket_new (G_DATAGRAM_BASED (socket),
+ test->test_data->server_loss_inducer,
+ test);
+ }
+ else
+ {
+ test->server_transport = G_DATAGRAM_BASED (g_object_ref (socket));
+ }
test->server_running = TRUE;
}
&message, 1,
G_SOCKET_MSG_NONE, 0, NULL,
&test->server_error);
- g_main_context_iteration (NULL, FALSE);
+ g_main_context_iteration (test->server_context, FALSE);
}
while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
&message, 1,
G_SOCKET_MSG_NONE, 0, NULL,
&test->server_error);
- g_main_context_iteration (NULL, FALSE);
+ g_main_context_iteration (test->server_context, FALSE);
}
while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
g_assert_no_error (error);
- test->server_connection = g_dtls_server_connection_new (G_DATAGRAM_BASED (socket),
+ test->server_connection = g_dtls_server_connection_new (test->server_transport,
cert, &error);
g_debug ("%s: Server connection %p on socket %p", G_STRFUNC, test->server_connection, socket);
g_assert_no_error (error);
if (test->database)
g_dtls_connection_set_database (G_DTLS_CONNECTION (test->server_connection), test->database);
-#if GLIB_CHECK_VERSION(2, 60, 0)
if (test->server_protocols)
{
g_dtls_connection_set_advertised_protocols (G_DTLS_CONNECTION (test->server_connection),
test->server_protocols);
}
-#endif
if (test->test_data->server_should_disappear)
{
&message, 1,
G_SOCKET_MSG_NONE, 0, NULL,
&test->server_error);
- g_main_context_iteration (NULL, FALSE);
+ g_main_context_iteration (test->server_context, FALSE);
}
while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
cert = g_tls_certificate_new_from_file (tls_test_file_path ("server-and-key.pem"), &error);
g_assert_no_error (error);
- test->server_connection = g_dtls_server_connection_new (G_DATAGRAM_BASED (socket),
+ test->server_connection = g_dtls_server_connection_new (test->server_transport,
cert, &error);
g_debug ("%s: Server connection %p on socket %p", G_STRFUNC, test->server_connection, socket);
g_assert_no_error (error);
G_SOCKET_MSG_NONE,
test->test_data->server_timeout, NULL,
&test->server_error);
- g_main_context_iteration (NULL, FALSE);
+ g_main_context_iteration (test->server_context, FALSE);
}
while (g_error_matches (test->server_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
{
GError *error = NULL;
GSocket *socket;
+ GDatagramBased *transport;
start_server_service (test, threaded);
g_socket_connect (socket, test->address, NULL, &error);
g_assert_no_error (error);
- return G_DATAGRAM_BASED (socket);
+ if (test->test_data->client_loss_inducer)
+ {
+ transport = lossy_socket_new (G_DATAGRAM_BASED (socket),
+ test->test_data->client_loss_inducer,
+ test);
+ g_object_unref (socket);
+ }
+ else
+ {
+ transport = G_DATAGRAM_BASED (socket);
+ }
+
+ return transport;
}
static void
G_SOCKET_MSG_NONE,
test->test_data->client_timeout,
NULL, &test->read_error);
- g_main_context_iteration (NULL, FALSE);
+ g_main_context_iteration (test->client_context, FALSE);
}
while (g_error_matches (test->read_error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK));
g_assert_error (test->read_error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT);
}
-static void
-test_alpn (TestConnection *test,
- const char * const *client_protocols,
- const char * const *server_protocols,
- const char *negotiated_protocol)
-{
-#if GLIB_CHECK_VERSION(2, 60, 0)
- GDatagramBased *connection;
- GError *error = NULL;
-
- test->server_protocols = server_protocols;
-
- test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
- g_assert_no_error (error);
- g_assert (test->database);
-
- connection = start_server_and_connect_to_it (test, FALSE);
- test->client_connection = g_dtls_client_connection_new (connection, test->identity, &error);
- g_assert_no_error (error);
- g_object_unref (connection);
-
- if (client_protocols)
- {
- g_dtls_connection_set_advertised_protocols (G_DTLS_CONNECTION (test->client_connection),
- client_protocols);
- }
-
- g_tls_connection_set_database (G_TLS_CONNECTION (test->client_connection), test->database);
-
- read_test_data_async (test);
- while (!test->loop_finished)
- g_main_context_iteration (test->client_context, TRUE);
-
- g_assert_no_error (test->server_error);
- g_assert_no_error (test->read_error);
-
- g_assert_cmpstr (g_dtls_connection_get_negotiated_protocol (G_DTLS_CONNECTION (test->server_connection)), ==, negotiated_protocol);
- g_assert_cmpstr (g_dtls_connection_get_negotiated_protocol (G_DTLS_CONNECTION (test->client_connection)), ==, negotiated_protocol);
-#else
- g_test_skip ("no support for ALPN in this GLib version");
-#endif
-}
-
-static void
-test_alpn_match (TestConnection *test, gconstpointer data)
-{
- const char * const client_protocols[] = { "one", "two", "three", NULL };
- const char * const server_protocols[] = { "four", "seven", "nine", "two", NULL };
-
- test_alpn (test, client_protocols, server_protocols, "two");
-}
-
-static void
-test_alpn_no_match (TestConnection *test, gconstpointer data)
-{
- const char * const client_protocols[] = { "one", "two", "three", NULL };
- const char * const server_protocols[] = { "four", "seven", "nine", NULL };
-
- test_alpn (test, client_protocols, server_protocols, NULL);
-}
-
-static void
-test_alpn_client_only (TestConnection *test, gconstpointer data)
-{
- const char * const client_protocols[] = { "one", "two", "three", NULL };
-
- test_alpn (test, client_protocols, NULL, NULL);
-}
-
-static void
-test_alpn_server_only (TestConnection *test, gconstpointer data)
+static IODecision
+drop_first_outgoing (const IODetails *io,
+ gpointer user_data)
{
- const char * const server_protocols[] = { "four", "seven", "nine", "two", NULL };
+ if (io->direction == IO_OUT && io->serial == 1)
+ return IO_DROP;
- test_alpn (test, NULL, server_protocols, NULL);
+ return IO_KEEP;
}
int
FALSE, /* server_should_disappear */
TRUE, /* server_should_close */
G_TLS_AUTHENTICATION_NONE, /* auth_mode */
+ NULL, NULL, /* loss inducers */
};
const TestData server_timeout = {
1000 * G_USEC_PER_SEC, /* server_timeout */
FALSE, /* server_should_disappear */
TRUE, /* server_should_close */
G_TLS_AUTHENTICATION_NONE, /* auth_mode */
+ NULL, NULL, /* loss inducers */
};
const TestData nonblocking = {
0, /* server_timeout */
FALSE, /* server_should_disappear */
TRUE, /* server_should_close */
G_TLS_AUTHENTICATION_NONE, /* auth_mode */
+ NULL, NULL, /* loss inducers */
};
const TestData client_timeout = {
0, /* server_timeout */
TRUE, /* server_should_disappear */
TRUE, /* server_should_close */
G_TLS_AUTHENTICATION_NONE, /* auth_mode */
+ NULL, NULL, /* loss inducers */
+ };
+ const TestData client_loss = {
+ -1, /* server_timeout */
+ 0, /* client_timeout */
+ FALSE, /* server_should_disappear */
+ TRUE, /* server_should_close */
+ G_TLS_AUTHENTICATION_NONE, /* auth_mode */
+ drop_first_outgoing, NULL, /* loss inducers */
+ };
+ const TestData server_loss = {
+ -1, /* server_timeout */
+ 0, /* client_timeout */
+ FALSE, /* server_should_disappear */
+ TRUE, /* server_should_close */
+ G_TLS_AUTHENTICATION_NONE, /* auth_mode */
+ NULL, drop_first_outgoing, /* loss inducers */
};
int ret;
int i;
g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
- g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+ g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
- g_test_add ("/dtls/connection/basic/blocking", TestConnection, &blocking,
+ g_test_add ("/dtls/" BACKEND "/connection/basic/blocking", TestConnection, &blocking,
setup_connection, test_basic_connection, teardown_connection);
- g_test_add ("/dtls/connection/basic/timeout", TestConnection, &server_timeout,
+ g_test_add ("/dtls/" BACKEND "/connection/basic/timeout", TestConnection, &server_timeout,
setup_connection, test_basic_connection, teardown_connection);
- g_test_add ("/dtls/connection/basic/nonblocking",
+ g_test_add ("/dtls/" BACKEND "/connection/basic/nonblocking",
TestConnection, &nonblocking,
setup_connection, test_basic_connection, teardown_connection);
- g_test_add ("/dtls/connection/threaded/blocking", TestConnection, &blocking,
+ g_test_add ("/dtls/" BACKEND "/connection/threaded/blocking", TestConnection, &blocking,
setup_connection, test_threaded_connection, teardown_connection);
- g_test_add ("/dtls/connection/threaded/timeout",
+ g_test_add ("/dtls/" BACKEND "/connection/threaded/timeout",
TestConnection, &server_timeout,
setup_connection, test_threaded_connection, teardown_connection);
- g_test_add ("/dtls/connection/threaded/nonblocking",
+ g_test_add ("/dtls/" BACKEND "/connection/threaded/nonblocking",
TestConnection, &nonblocking,
setup_connection, test_threaded_connection, teardown_connection);
- g_test_add ("/dtls/connection/timeouts/read", TestConnection, &client_timeout,
+ g_test_add ("/dtls/" BACKEND "/connection/timeouts/read", TestConnection, &client_timeout,
setup_connection, test_connection_timeouts_read,
teardown_connection);
- g_test_add ("/dtls/connection/alpn/match", TestConnection, &blocking,
- setup_connection, test_alpn_match,
- teardown_connection);
- g_test_add ("/dtls/connection/alpn/no-match", TestConnection, &blocking,
- setup_connection, test_alpn_no_match,
- teardown_connection);
- g_test_add ("/dtls/connection/alpn/client-only", TestConnection, &blocking,
- setup_connection, test_alpn_client_only,
- teardown_connection);
- g_test_add ("/dtls/connection/alpn/server-only", TestConnection, &blocking,
- setup_connection, test_alpn_server_only,
- teardown_connection);
+ g_test_add ("/dtls/" BACKEND "/connection/lossy/client", TestConnection, &client_loss,
+ setup_connection, test_basic_connection, teardown_connection);
+ g_test_add ("/dtls/" BACKEND "/connection/lossy/server", TestConnection, &server_loss,
+ setup_connection, test_basic_connection, teardown_connection);
ret = g_test_run ();
#include "config.h"
+#include "file-database.h"
+
#include <gio/gio.h>
#include <sys/types.h>
GList *l;
certificates = g_tls_certificate_list_new_from_file (filename, error);
- if (certificates == NULL)
+ if (!certificates)
return NULL;
backend = g_tls_backend_get_default ();
certificates = g_list_reverse (certificates);
- for (l = certificates; l != NULL; l = g_list_next (l))
+ for (l = certificates; l; l = g_list_next (l))
{
prev_chain = chain;
g_object_get (l->data, "certificate", &der, NULL);
is_certificate_in_chain (GTlsCertificate *chain,
GTlsCertificate *cert)
{
- while (chain != NULL)
+ while (chain)
{
if (g_tls_certificate_is_same (chain, cert))
return TRUE;
cert = g_tls_certificate_new_from_file (filename, &error);
g_assert_no_error (error);
- for (l = certificates; l != NULL; l = g_list_next (l))
+ for (l = certificates; l; l = g_list_next (l))
{
if (g_tls_certificate_is_same (l->data, cert))
break;
static void
test_lookup_certificates_issued_by (void)
{
- /* This data is generated from the frob-certificate test tool in gcr library.
- * To regenerate (from e.g. a directory containing gcr and glib-networking):
- *
- * $ gcr/frob-certificate glib-networking/tls/tests/files/ca.pem
- *
- * Then copy the hex that is printed after "subject" (not "issuer"!) and add
- * the missing 'x's.
- */
- const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2"
- "\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A"
- "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41"
- "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15"
- "\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74"
- "\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03"
- "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
- "\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09"
- "\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63"
- "\x6F\x6D";
+ /* This data is generated from the update-test-database.py script */
+ const guchar ISSUER[] = ISSUER_DATA;
GList *certificates;
GByteArray *issuer_dn;
g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
- g_assert (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+ g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
- g_test_add_func ("/tls/backend/default-database-is-singleton",
+ g_test_add_func ("/tls/" BACKEND "/backend/default-database-is-singleton",
test_default_database_is_singleton);
- g_test_add ("/tls/database/verify-good", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/database/verify-good", TestVerify, NULL,
setup_verify, test_verify_database_good, teardown_verify);
- g_test_add ("/tls/database/verify-bad-identity", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/database/verify-bad-identity", TestVerify, NULL,
setup_verify, test_verify_database_bad_identity, teardown_verify);
- g_test_add ("/tls/database/verify-bad-ca", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/database/verify-bad-ca", TestVerify, NULL,
setup_verify, test_verify_database_bad_ca, teardown_verify);
- g_test_add ("/tls/database/verify-bad-before", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/database/verify-bad-before", TestVerify, NULL,
setup_verify, test_verify_database_bad_before, teardown_verify);
- g_test_add ("/tls/database/verify-bad-expired", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/database/verify-bad-expired", TestVerify, NULL,
setup_verify, test_verify_database_bad_expired, teardown_verify);
- g_test_add ("/tls/database/verify-bad-combo", TestVerify, NULL,
+ g_test_add ("/tls/" BACKEND "/database/verify-bad-combo", TestVerify, NULL,
setup_verify, test_verify_database_bad_combo, teardown_verify);
- g_test_add_func ("/tls/database/verify-with-incorrect-root-in-chain",
+ g_test_add_func ("/tls/" BACKEND "/database/verify-with-incorrect-root-in-chain",
test_verify_with_incorrect_root_in_chain);
- g_test_add_func ("/tls/file-database/anchors-property",
+ g_test_add_func ("/tls/" BACKEND "/file-database/anchors-property",
test_anchors_property);
- g_test_add_func ("/tls/file-database/lookup-certificates-issued-by",
+ g_test_add_func ("/tls/" BACKEND "/file-database/lookup-certificates-issued-by",
test_lookup_certificates_issued_by);
- g_test_add ("/tls/file-database/test-handle", TestFileDatabase, NULL,
+ g_test_add ("/tls/" BACKEND "/file-database/test-handle", TestFileDatabase, NULL,
setup_file_database, test_file_database_handle, teardown_file_database);
- g_test_add ("/tls/file-database/test-handle-invalid", TestFileDatabase, NULL,
+ g_test_add ("/tls/" BACKEND "/file-database/test-handle-invalid", TestFileDatabase, NULL,
setup_file_database, test_file_database_handle_invalid, teardown_file_database);
return g_test_run();
--- /dev/null
+/* This file is generated from update-test-database.py */
+
+#define ISSUER_DATA "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F\x6D"
-----BEGIN CERTIFICATE-----
-MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzETMBEGCgmSJomT8ixk
+MIIFAjCCA+qgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBV
bnRydXN0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndh
cy5hLmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNv
-bTAeFw0xODA5MTAxNTI4MzJaFw00ODA5MDIxNTI4MzJaMIGGMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsG
-CSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAMSfoB1yH62ZHjebrIGf05R9NEmN66395f7hAm5vRfyd0PBYvs8dVnwA
-caE/9mPGSVSePunIMwdTadbB8c8Um9YDmw5j3HWrR81YDt/Jmvr3N+tcqEnHLyG2
-bY/HbkhcZFyHlxXQzOTgZxZJJHDb1myCw6asXuWulNd6DKG9wy17AgMBAAGjggFR
-MIIBTTAdBgNVHQ4EFgQUdW0S6PvoW0vcssGVI0BEspCij3UwgdQGA1UdIwSBzDCB
-yYAUpB+h4wjjUruJVMGfZCqWMDl0UoihgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZ
-FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50
-cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMu
-YS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22C
-CQDYFKygp++FMjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNV
-HREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNv
-bTANBgkqhkiG9w0BAQsFAAOBgQCDoGn5OWNDG4IpR5dlJapoVcS2r5NOmk5cpVyG
-YfsuH6NW8GenpXuG9Xt7YJBkdGqLGWw/NWoECjcruafJrQvIGQsQ2imVXqnu2v36
-iUvMH+4aZC96aoncBqoC77tYuKVHFnbsqzk6vu36Wg1dkENN74iDHH7Z58NYbHK7
-g3YHLQ==
+bTAgFw0yMTEyMTUyMzIwMDRaGA8yMDUxMTIwODIzMjAwNFowgYYxEzARBgoJkiaJ
+k/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVD
+ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0w
+GwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAOv1mSZzV8MgD68upS8LiIMw8Xb+F3hUTzLarMB+Axy22R2t
+lL8rFqxnnF0eUi/FX8cMDxIL2PMr4dG8kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D5
+9DsoRc93r+Cqxo0mMFTTu5whlzDLVIgxm+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ
+2X7p6kj5lO6ShER6iSOd3dKdJIkIq0NLB2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXx
+IEeCEvAb61nJiCeVc38GSE5R0Bma2hPVemQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VW
+V5x9vpyZYkshCD7MfW91mLlSuMziLrM9ceeu2Q0CAwEAAaOCAVwwggFYMB0GA1Ud
+DgQWBBT6FH3OnCOvKyXsfc72EJ4xxG0S+jCB3wYDVR0jBIHXMIHUgBQPbuCFuCI1
+4jSFOMAVBE86MzMGvKGBpaSBojCBnzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUG
+CgmSJomT8ixkARkWB0VYQU1QTEUxLDAqBgNVBAsMI09sZCBVbnRydXN0ZWQgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MSIwIAYDVQQDDBlvbmNlLndhcy5hLmNhLmV4YW1w
+bGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbYIUDC99Qdqjkm3R
+eQ5gR30oDqs3mhIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwGQYD
+VR0RBBIwEIEOY2FAZXhhbXBsZS5jb20wGQYDVR0SBBIwEIEOY2FAZXhhbXBsZS5j
+b20wDQYJKoZIhvcNAQELBQADggEBAC52UDX1nf8rFjWcVL5gc6r5LEEIz+X2/2hg
+44WWkg1LxDCT/rcpIboTu9mamPZAh9PaWegbWJK4hLccAIcV1McfTEDE0X93CpS5
+AJO+iJ8SnHqn1auFKAtGnJF9OubQGTj13ch8zsSLNkBsQNTu4Ckp4XE5EiN+aRh+
+K7mv6QUNplKt6byEke/SnNd1Ro3qxnZMRBWdKfJjUAjdsFKZ2zDH7z600Dq0eiMt
+hfJbIH8m07W8z2KvYLB4/kJBRj0qVcrch/AsuDk4Go3YrM5g6+ozxb5Tdrm4h54x
+U10iLsrdOKHyV0G2OLHlBHQulek+SRgce9NEMtvtSWLGITUZsM0=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDEn6Adch+tmR43m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7P
-HVZ8AHGhP/ZjxklUnj7pyDMHU2nWwfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJ
-xy8htm2Px25IXGRch5cV0Mzk4GcWSSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQAB
-AoGBAJdSFgKzYufSUGwRdbiozUeY+BWnkHruTQRUHO/q2RzqQ/PFCMwS0w1JtimY
-NUJiRutFgjufZI49xtWNm1B4ltjJsvLY/A+w8seQmUHxY5jDY3cfPBAMZoSjJ3u6
-9SmRkbxzb80hkFNe/gfUlN/IOgYwFZLxdDTRPNKb8QvPQBMBAkEA+li6ASpu2Yej
-1Ab3ZgBnGtyLU7Qcy/J3dVsO/cSFkqifGN6OCjiqSVGL8HKKCoPQvRaEgt3WpFmz
-sYsQpz5hgQJBAMkQUlhwIZp6x9kvj5zlF56OBwUbBKSXyvp+sivlyGCuapOvd6yG
-AI8MIEHm2AGmGcOjGUjhh7DTUYAuFXq7lPsCQEFqj+ggE2kqJWgRDfKMZmTBfnK3
-3NJ6IDb9PVSYVqL1BuWzuf/3wJ95/IwvEd0fhpryWFvt5dl6Sxc4lHhvN4ECQBEG
-7tJKfK4GY9JCstjIld15jaKjDRubNzdLb29EQFnfq2riWzIjDv0OO9UY5YYOOPRW
-ZZfEcadJ3gcK4ArKw+0CQCZNMY+qYRLAAhxgZvA1VOBMAOqLWM+nTpkO6rDYeSD7
-BLwy2pPXQoVfdg5JEIF2zEbnNDXjqwA6H3/jCsHYcN0=
+MIIEpgIBAAKCAQEA6/WZJnNXwyAPry6lLwuIgzDxdv4XeFRPMtqswH4DHLbZHa2U
+vysWrGecXR5SL8VfxwwPEgvY8yvh0bySD89oJJqiR7eNtEax3HUXEIWPphaf8Pn0
+OyhFz3ev4KrGjSYwVNO7nCGXMMtUiDGb5ZqqTA/PJwJzgIH6p9NNH4QxUQoupJDZ
+funqSPmU7pKERHqJI53d0p0kiQirQ0sHaxmuX5T2VehURnA41HYeO//CchfglfEg
+R4IS8BvrWcmIJ5VzfwZITlHQGZraE9V6ZBCrqJxypvRTRlRn6kssfx0Ifh8fxVZX
+nH2+nJliSyEIPsx9b3WYuVK4zOIusz1x567ZDQIDAQABAoIBAQCQjWwebykDw993
+7baKZKFj5Zb309/i+ptuRyLv5gLYE3hdQxrOJoKEahETxuCInXz4fv24i4OELYzx
+JXnBr8lYK1dhYiSwnWKW8TCJEZmYIWIoiahCmYBzAhrAIz7x98RCI1ha5QUvglEu
+Al5EQgU0BbddaZYC0x4QtFUaCqz/vHUECc1e/ovrRR/g5CknLOMoG7eaVy3kMbRh
+sVPZzMO6S/EyAtWfHPDhu9VivEDp7gTVewOeCJZdkzQvzrxIjdSZLhqKO0240kEJ
+msi9a6aWVkJ6k9JlTbSVtrJ6SKMIIGO3KDtXb68ZGndFEOHYZJnyJafFu4B0Wd63
+ZzoAz6WtAoGBAPdj0IM2yUfM1LQhroWDRcJdaBjJJZyxpdCZ7tCGz2LeiIFalMXW
+15SShamh3YNf8jgBC6A2sPoHxCk+4CyGCeK7uhJXn7xwZEpjblJzhnmwICcwum1Z
+x/t7qYogOGCXtRDz6sUV1mlGGVtpEuLY5BEkdRyRwkVEXb95oHdpzwibAoGBAPQr
+8L4vG4wJC85G+fRkI1+h0LH6Xo2qt3t/+U12fmEP0kOhP7qFiirmh/x7kX65S2UI
+62+YdRkmGxvesDnmGhR9XwxK8InwibpDobT32dP/YRUFv0oYFbyd/60j6YM2bvs6
+CsI0DJdVWuvOW6mnCDTaZL0/SDuThUnYgnnodJt3AoGBAIlzxv2wqgMftqri7/G0
+r0S/2z+yOxilx6hwbrUjwgR/+j5M0s5dgWhGRMesbMQ6wf0F76yz1n8FY6M7ERkL
+3GBCx667SsBLfh2qwzhCgdwI1MSRmXN6Z9e9rMRXBJv+jpb9v1qDuJ7DWQFmDx1F
+PuqbZApcniEYTDI/5L2UZ3izAoGBALM10PN1lc1ZEl4q/+gc202kcY0/isiFpTey
+vOLa9nT87MGQhzq6KqfEHcj1VNti2nBkdJCqoD9+FWWGM2e7eCbTwcA+/H7xmdSp
+MPWm+Cy+Ap4wYq7aMJIIkRCeDBSvDhO8DQtuslMcZagvBF3nZ4GLTWcNHFIFu01w
+6IrbT0KPAoGBALP7cQfuZpvCMNP6/deGYmAvrSJyPZjBQaG5koaEMCYtnKltq+Uz
+A1Sx6CnKWql/phxsXnh+ObLqqTgg+Va6GVstXaCNaTDiZNrS8pqMwJec2im7H3Lb
+2dqDevdCszsknFLxN3IN/Q5KbF0YHtfSxorjozyOPZctNBVUxOuo98Bo
-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE9jCCA96gAwIBAgIUG5sl4eOrOocnk3CY8lz2MH3DSw4wDQYJKoZIhvcNAQEL
+BQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNh
+LmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAgFw0y
+MTEyMTUyMzIwMDRaGA8yMDUxMTIwODIzMjAwNFowgYYxEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZI
+hvcNAQkBFg5jYUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOv1mSZzV8MgD68upS8LiIMw8Xb+F3hUTzLarMB+Axy22R2tlL8rFqxn
+nF0eUi/FX8cMDxIL2PMr4dG8kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D59DsoRc93
+r+Cqxo0mMFTTu5whlzDLVIgxm+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ2X7p6kj5
+lO6ShER6iSOd3dKdJIkIq0NLB2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXxIEeCEvAb
+61nJiCeVc38GSE5R0Bma2hPVemQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VWV5x9vpyZ
+YkshCD7MfW91mLlSuMziLrM9ceeu2Q0CAwEAAaOCAVYwggFSMB0GA1UdDgQWBBT6
+FH3OnCOvKyXsfc72EJ4xxG0S+jCBxgYDVR0jBIG+MIG7gBT6FH3OnCOvKyXsfc72
+EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT
+8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEX
+MBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1w
+bGUuY29tghQbmyXh46s6hyeTcJjyXPYwfcNLDjAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIE
+EjAQgQ5jYUBleGFtcGxlLmNvbTARBggrBgEFBQcBGAQFMAMCAQUwDQYJKoZIhvcN
+AQELBQADggEBALjc1+vMMWdASPpLaSd24sAGccD/6c47Lcmj0UpYNIo+lnTG1ATO
+FduqpkXXppGuF6oXZmlwlp88dV8XlT4iTvI1MA3WkkY2PudnyeDEH7I2sn0sOMXB
+RA+Zo8RVG1ZjCDPs9gBGm2meZz5ZoEsvBvpFm+uPTnQuYJV6DJFY+Qegmn0v8vc1
+jXmYh4q2m9PlDOG+kfUWnQzaW6h4zscpYcqdrh1RdnxE6zYmj/ElyHrI0eb0eNhW
+YzJ7WPhbwGWx0LYVK8x/oBFNk42fT3hjkEVddKK88uPabo62NgxY4v9ROaxYdLP+
+vsjgkBWLEjWMzdkqbafWudnoVg/kxfOA2Ig=
+-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
-WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
-m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
-wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
-SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
-Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
-RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
-Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
-0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
-FJW+6MauX6dEeQ==
+MIIE4zCCA8ugAwIBAgIUMMlTpxMo883UF2roJtqGgZLPoJkwDQYJKoZIhvcNAQEL
+BQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNh
+LmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAgFw0y
+MTEyMTUyMzIwMDRaGA8yMDUxMTIwODIzMjAwNFowgYYxEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZI
+hvcNAQkBFg5jYUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOv1mSZzV8MgD68upS8LiIMw8Xb+F3hUTzLarMB+Axy22R2tlL8rFqxn
+nF0eUi/FX8cMDxIL2PMr4dG8kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D59DsoRc93
+r+Cqxo0mMFTTu5whlzDLVIgxm+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ2X7p6kj5
+lO6ShER6iSOd3dKdJIkIq0NLB2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXxIEeCEvAb
+61nJiCeVc38GSE5R0Bma2hPVemQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VWV5x9vpyZ
+YkshCD7MfW91mLlSuMziLrM9ceeu2Q0CAwEAAaOCAUMwggE/MB0GA1UdDgQWBBT6
+FH3OnCOvKyXsfc72EJ4xxG0S+jCBxgYDVR0jBIG+MIG7gBT6FH3OnCOvKyXsfc72
+EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT
+8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEX
+MBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1w
+bGUuY29tghQwyVOnEyjzzdQXaugm2oaBks+gmTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIE
+EjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAT+qReYaoLH6l
+nOtZvP2a7N1yCPb894UnixhHAQ0ZAJ6gmNCZpPuUj0c00Zj4LVor7xtDhaeegJ/F
+HiyslURfA/2MURJb2h+dVmrfjytDGr4t8NPMEfa9kBmkfP3n1zOzDReRFqt0X9dL
+nnUPYpcOj0f4tWgjiMkgZaL78Ba3797zCJDMKfxt28u2xRQzi1OxR393btPAat0k
+8RPRo0Lza1K+Buj3rk6z2HvsIKJUJKw8tKVXKfp9yhh9mkJq8BFa8yIH4IIxo/ID
+ai07ooXGfo9CWrgeqhOxlqjpo2QcmXD947B6Oso2oENNwX52/fRVb45qGd8iM21q
+IuV9437xPQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
These are some CA certificates
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
-WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
-m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
-wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
-SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
-Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
-RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
-Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
-0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
-FJW+6MauX6dEeQ==
+MIIE4zCCA8ugAwIBAgIUMMlTpxMo883UF2roJtqGgZLPoJkwDQYJKoZIhvcNAQEL
+BQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNh
+LmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAgFw0y
+MTEyMTUyMzIwMDRaGA8yMDUxMTIwODIzMjAwNFowgYYxEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZI
+hvcNAQkBFg5jYUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOv1mSZzV8MgD68upS8LiIMw8Xb+F3hUTzLarMB+Axy22R2tlL8rFqxn
+nF0eUi/FX8cMDxIL2PMr4dG8kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D59DsoRc93
+r+Cqxo0mMFTTu5whlzDLVIgxm+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ2X7p6kj5
+lO6ShER6iSOd3dKdJIkIq0NLB2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXxIEeCEvAb
+61nJiCeVc38GSE5R0Bma2hPVemQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VWV5x9vpyZ
+YkshCD7MfW91mLlSuMziLrM9ceeu2Q0CAwEAAaOCAUMwggE/MB0GA1UdDgQWBBT6
+FH3OnCOvKyXsfc72EJ4xxG0S+jCBxgYDVR0jBIG+MIG7gBT6FH3OnCOvKyXsfc72
+EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT
+8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEX
+MBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1w
+bGUuY29tghQwyVOnEyjzzdQXaugm2oaBks+gmTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIE
+EjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAT+qReYaoLH6l
+nOtZvP2a7N1yCPb894UnixhHAQ0ZAJ6gmNCZpPuUj0c00Zj4LVor7xtDhaeegJ/F
+HiyslURfA/2MURJb2h+dVmrfjytDGr4t8NPMEfa9kBmkfP3n1zOzDReRFqt0X9dL
+nnUPYpcOj0f4tWgjiMkgZaL78Ba3797zCJDMKfxt28u2xRQzi1OxR393btPAat0k
+8RPRo0Lza1K+Buj3rk6z2HvsIKJUJKw8tKVXKfp9yhh9mkJq8BFa8yIH4IIxo/ID
+ai07ooXGfo9CWrgeqhOxlqjpo2QcmXD947B6Oso2oENNwX52/fRVb45qGd8iM21q
+IuV9437xPQ==
-----END CERTIFICATE-----
GLib shouldn't care about this comment
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
-WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
-m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
-wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
-SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
-Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
-RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
-Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
-0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
-FJW+6MauX6dEeQ==
+MIIE4zCCA8ugAwIBAgIUMMlTpxMo883UF2roJtqGgZLPoJkwDQYJKoZIhvcNAQEL
+BQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNh
+LmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAgFw0y
+MTEyMTUyMzIwMDRaGA8yMDUxMTIwODIzMjAwNFowgYYxEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZI
+hvcNAQkBFg5jYUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOv1mSZzV8MgD68upS8LiIMw8Xb+F3hUTzLarMB+Axy22R2tlL8rFqxn
+nF0eUi/FX8cMDxIL2PMr4dG8kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D59DsoRc93
+r+Cqxo0mMFTTu5whlzDLVIgxm+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ2X7p6kj5
+lO6ShER6iSOd3dKdJIkIq0NLB2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXxIEeCEvAb
+61nJiCeVc38GSE5R0Bma2hPVemQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VWV5x9vpyZ
+YkshCD7MfW91mLlSuMziLrM9ceeu2Q0CAwEAAaOCAUMwggE/MB0GA1UdDgQWBBT6
+FH3OnCOvKyXsfc72EJ4xxG0S+jCBxgYDVR0jBIG+MIG7gBT6FH3OnCOvKyXsfc72
+EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT
+8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEX
+MBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1w
+bGUuY29tghQwyVOnEyjzzdQXaugm2oaBks+gmTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIE
+EjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAT+qReYaoLH6l
+nOtZvP2a7N1yCPb894UnixhHAQ0ZAJ6gmNCZpPuUj0c00Zj4LVor7xtDhaeegJ/F
+HiyslURfA/2MURJb2h+dVmrfjytDGr4t8NPMEfa9kBmkfP3n1zOzDReRFqt0X9dL
+nnUPYpcOj0f4tWgjiMkgZaL78Ba3797zCJDMKfxt28u2xRQzi1OxR393btPAat0k
+8RPRo0Lza1K+Buj3rk6z2HvsIKJUJKw8tKVXKfp9yhh9mkJq8BFa8yIH4IIxo/ID
+ai07ooXGfo9CWrgeqhOxlqjpo2QcmXD947B6Oso2oENNwX52/fRVb45qGd8iM21q
+IuV9437xPQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICtjCCAh+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk
+MIIDuzCCAqOgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
-LWNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkwNDE1Mjg0OVow
+LWNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNVoXDTQ2MTIwOTIzMjAwNVow
SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAl0zF3tH3V9QquvMVFgAGREcxj59CGM9X7TCWWNycgbhITJxR8Wqb
-AlHmpjGVFWtmZPvheg4pEUppzPGiaIfX/cdTXuAB/cQ/iGyabvsQA9d75VjQL3ca
-ZjJvspO2s/lOuP3XZX9QpngKGTbQ0DEzNeadG1ckFuXOWOj5DkgIUV0CAwEAAaNH
-MEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTA
-qAEWghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEACXgdI2AC
-f2QByzeXmmMgFm7jLsYw28S6Jvj6vFM9Rzg5Zta64B3kvT2+yk/gaKMBYCBtvRud
-6vjXKrCYlfdJa2yH4HtN1GDL6KYvx0/qJamT71pVvCuLIDzYMf0CcvoYtHZ5HDp3
-RFmQfU4QUk5+0YwwkpBFNQ4oiKjVPTBd5J4=
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAO9xlq1UYoCohgHoTqJnelmNo5UlVhnChFwGZupCakXpq3ry
+KBPVW2oANk2oOZf9vsJEnXs2LXB6kMaCFUUDgw+bR6+OCk2rcmQOsJkXCjzxWBWW
+UNd8YEbiptn1RGohS/6vlw2OPTyS4gLX1VV8YMos4u3PikdmtZZuLHniYFGDDNyn
+zZAHzcrsuKZzkpkGWqpXjDkZ6eH4gd5WGFivJKMmbNB/e7K+ShZ+wDfnbDCxlBmf
+r/6zdoZt2Zc2K6T4bVdR2u40DTcfRCZqer9GCnKvqzeBAJoC3WQbUIGwFjq0kiZG
+tdthOKZVQ59aWlBMXT5+GuWRqPY7zBZIig2skw8CAwEAAaNHMEUwCQYDVR0TBAIw
+ADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEWghJzZXJ2ZXIu
+ZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAEtYVbiVHhRswFlaiG6dM1XD
+9XgtbTRutcdyLy1moxvfLiJpiRk0Uy8wXYTpjXe/iVtoNchT6g4ZOz1/shLjJ8tX
+30vpUcjULqV+eIcBPqmq9NgPNswH5BGqX0BWtMJAa3dR8FBWkikd3/WuSLd3uvSz
+8f/hJjqq7ovIAKxeSjGwqRqk6/8lbrdLYRDNKV7qAbtsRUfN7PlOxgGIAsqeZAsi
+SGOSW8uAwTLqHTwnovaN4ec4efUc6mpsvW+Na4YhR/U2RZAvoQtRBEHRwQNDOByD
+Xe29ZXe3jdQhUcKnJ0iaj/z32Y1/2dU3bTsDLDROBnJKICnS9wDBVbNXycvnekY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIID8jCCA1ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+MIIFAjCCA+qgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkw
-NDE1Mjg0OVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNVoXDTQ2MTIw
+OTIzMjAwNVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
-BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAu0V6zuw2zphIOaer4FRF3CCkD7I5MiLRMQvC
-Ttxm9TW+MjNX9/AgnZyrhz53TMzXZpeRzHbBd/alcIsNYeuZA9Sz7OGbNVrlsdv+
-UqGxtpz+QyNABbNVHOMQwEUoWZGOhH3LJFGGs29wZJ0t/YnE87zWYNrwP1JJJzqC
-n2A6sPECAwEAAaOCAUUwggFBMB0GA1UdDgQWBBQcld7s7kDEF1aDLm+aLf0rdSZy
-tDCBuwYDVR0jBIGzMIGwgBR1bRLo++hbS9yywZUjQESykKKPdaGBjKSBiTCBhjET
-MBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAc
-BgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBs
-ZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggkAkoKtudZgg7cw
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwJgYDVR0RBB8wHYEbaW50
-ZXJtZWRpYXRlLWNhQGV4YW1wbGUuY29tMBkGA1UdEgQSMBCBDmNhQGV4YW1wbGUu
-Y29tMA0GCSqGSIb3DQEBCwUAA4GBAKW00RiG2BO+ni+mtOP/svum1pC0mxU6oSoO
-uSptJ9NUf88yySwtlXRN34/0SEqznh/ebQzOICtc5su1sQ4+mm9c0VmK1+kEHztW
-Kvsl+3NHy8zvXwZY6EFHUtZ6lB3DNOd+uoSpbfACDctCXMPwdJB/xerulcvRVGUR
-KpspdWQy
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM38HyX7bWXgx0vo3FouVlOL2zu26NWk
+fBOlayVaNSwz0vQBqzH00V1DfldicevLLUjcxKeezlYRwI3cGHuFqWoZOjiJ/Nq9
+SsmpW/y7JCUqSA3CXrVVXSrulmXiaozYoQA1fWOpiwcr3Jhz/8VCSYGbZYJYqwN8
+PyyZWUfOMklkgeJrhKDX2JWzjMSBSqcj25hEPRvqB/Fmqpx/qnMl1/ssosnRKCcx
+zHv94uBapF3XyjBAmvw29OwjWDN4F50pAkgOHB04CW5b14WWc6APUS6jpc4H4ZTT
+buX2cR07G4I2IVFmtgwxXlEHL+XCtyWojwg9edN9ML7ir3oHJkRR4mECAwEAAaOC
+AVAwggFMMB0GA1UdDgQWBBSvkF5c8hOL+tkT2zVlslNkMpbAijCBxgYDVR0jBIG+
+MIG7gBT6FH3OnCOvKyXsfc72EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tghQwyVOnEyjzzdQXaugm2oaBks+gmTAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAmBgNVHREEHzAdgRtpbnRl
+cm1lZGlhdGUtY2FAZXhhbXBsZS5jb20wGQYDVR0SBBIwEIEOY2FAZXhhbXBsZS5j
+b20wDQYJKoZIhvcNAQELBQADggEBAK8ukSalZ6OrwTAtgm7HLFwhC+NENJb0lnOk
+wpgv4Z3Bhb4S1drgrwsZfFGNsq3jLO2gURtNchC9eTAdHPZpNWoW+s1Ja+ZmbAS6
+PmPMdOclPnemljNuoR79I4sbCMxiyArkVw1EbJZSmpGocVFzB9bVoj5G5/In4CYT
+yiF2GxsqBUps7ID6lmAdJYWdzJ7PYbnlerqyWdql2Z2OwkFZCXyFSuQprwCV6SsX
+0un1xUqdgS1+iffl2Oi/9S+pK1Y3NGtn25sDT5bPMpoc8jwRf8n4rtS8pHyEJyoz
+ZnwhqAHALcxUFoWVqjrqHZmNXbNtjuGBGuRU755FyE5pVcRMoH0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDxjCCAy+gAwIBAgIJAJKCrbnWYIO3MA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE
-CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMTgwOTEwMTUyODMy
-WhcNNDgwOTAyMTUyODMyWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS
-JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
-eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEn6Adch+tmR43
-m6yBn9OUfTRJjeut/eX+4QJub0X8ndDwWL7PHVZ8AHGhP/ZjxklUnj7pyDMHU2nW
-wfHPFJvWA5sOY9x1q0fNWA7fyZr69zfrXKhJxy8htm2Px25IXGRch5cV0Mzk4GcW
-SSRw29ZsgsOmrF7lrpTXegyhvcMtewIDAQABo4IBODCCATQwHQYDVR0OBBYEFHVt
-Euj76FtL3LLBlSNARLKQoo91MIG7BgNVHSMEgbMwgbCAFHVtEuj76FtL3LLBlSNA
-RLKQoo91oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy
-LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs
-ZS5jb22CCQCSgq251mCDtzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt
-cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCOmEBg99b83DeqeTzquZi5/RCxtecp
-Z0ip5kVZXapqJRa7OjIv6XYU4GWDuboIioLIfCyjKUYRziXL+gdwKItetqRE5A6w
-0Odr9jxecEtCA+J0XH6CbG/t1m6PzEITuKFxZ97FXjv3d33FYnugfZVIVrgzYTbt
-FJW+6MauX6dEeQ==
+MIIE4zCCA8ugAwIBAgIUMMlTpxMo883UF2roJtqGgZLPoJkwDQYJKoZIhvcNAQEL
+BQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNh
+LmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAgFw0y
+MTEyMTUyMzIwMDRaGA8yMDUxMTIwODIzMjAwNFowgYYxEzARBgoJkiaJk/IsZAEZ
+FgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZI
+hvcNAQkBFg5jYUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOv1mSZzV8MgD68upS8LiIMw8Xb+F3hUTzLarMB+Axy22R2tlL8rFqxn
+nF0eUi/FX8cMDxIL2PMr4dG8kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D59DsoRc93
+r+Cqxo0mMFTTu5whlzDLVIgxm+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ2X7p6kj5
+lO6ShER6iSOd3dKdJIkIq0NLB2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXxIEeCEvAb
+61nJiCeVc38GSE5R0Bma2hPVemQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VWV5x9vpyZ
+YkshCD7MfW91mLlSuMziLrM9ceeu2Q0CAwEAAaOCAUMwggE/MB0GA1UdDgQWBBT6
+FH3OnCOvKyXsfc72EJ4xxG0S+jCBxgYDVR0jBIG+MIG7gBT6FH3OnCOvKyXsfc72
+EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT
+8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEX
+MBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1w
+bGUuY29tghQwyVOnEyjzzdQXaugm2oaBks+gmTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIE
+EjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAT+qReYaoLH6l
+nOtZvP2a7N1yCPb894UnixhHAQ0ZAJ6gmNCZpPuUj0c00Zj4LVor7xtDhaeegJ/F
+HiyslURfA/2MURJb2h+dVmrfjytDGr4t8NPMEfa9kBmkfP3n1zOzDReRFqt0X9dL
+nnUPYpcOj0f4tWgjiMkgZaL78Ba3797zCJDMKfxt28u2xRQzi1OxR393btPAat0k
+8RPRo0Lza1K+Buj3rk6z2HvsIKJUJKw8tKVXKfp9yhh9mkJq8BFa8yIH4IIxo/ID
+ai07ooXGfo9CWrgeqhOxlqjpo2QcmXD947B6Oso2oENNwX52/fRVb45qGd8iM21q
+IuV9437xPQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4MzJaFw00MzA5MDQxNTI4
-MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMTEyMTUyMzIwMDVaFw00NjEyMDkyMzIw
+MDVaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
-NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
-7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
-vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
-ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
-w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
-sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCrCl/LnuXiUQvdKmDYYpVq
-7HDaVkMMm0hIn342kiGK0ZTt2PpWN33xTGCOVP7hCA8ikZCXbJ32P60LFoivIHk2
-hNPx9memYT1wBwz+aFuo0jSDC3lZwffb/lr+smEl8LTBH2yP2IgRc/ppqX387m9h
-EYAdq5BPvzzFcEvXhbQ7/g==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIW1UfdO4nP
+dGKo9YjM/EGVtzWyoNCz0+y5uqRvr2NagBfGrwkC2Z5t6kwrjgaGyhz3tQ1cCozO
+/DqIGERSdJgsNQXrayaZjoOBBmRUerkRlVU1nX+tUOcV5JyE6vMPspJI56RSlxVM
+oFE/k/9+jK/CnKZss9dfBY67VjX4avs+EJKbX4bpgNv7EpsaMTJWrvdYLXTDHY6e
+gpjyLxuyzpagXEXi0fnSM0jimvvOkFVqZt/bdGbk/nxUbOaANkdWPzIK71PCT30l
+7t4F+3UaV2Nl8jrGaKGgLKdiqGxEQhJO9XjJtG7R3S+9CMvzcVeVtle8s2cIEvR4
+ATILn+xegCUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAErxcL62i04myJ5L1M7zR
+Q5E9ctb78R+0A3GDAUo8qx2eO9pwmNH0DTrDPKUu0iAIyZlS5grS3fq5I3yy/wl8
+P6ClIxV/BryDXlgM0m/pjr79qtlILOpO4/Fxgp5tSNKomOOGjzP7jgcNqTuor+Z+
+d0Q8m60fwgCbThtF7ivsLcdGPwDknN3uuYvkyvsTMWOedbW2LA1LwtuF3qZiAcIe
+5yVqkV2zJtr+N122Wbnl/26UOBabtYXki0xsPtAvzP3f9Fp6zo+lmp5mTZRoVJOd
+GrDLnf+1YhlfoB05+nefI4M46WAkXRs6hCrORyOKza0l3SXhP/Kgt9uR3DvLz/B2
+7Q==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAssNcMAOHrlw2sioRax+XErJv/KLImjEMo//WPdZ4EH2k82va
-CT4vP13DLpct3XxcY3npQLEMcEjs6X5RT6alRsibG5sdk7Tvj/UrZF//+praZoCd
-XxwngS8HEG16FP449Pe+iGR9Mei9I1NwvaQwh6E7rT2xn6fzgferRmygiorO35xl
-RZPm91e29in7nItAjJzp9YjIVe9yHd9wV+IEUDxpIx+bY+kmUo8I+3ptfd8EG2Vl
-ABk9m1kbS4ERT2Jdjft8P252uFHDovoi/S1BwKXzfEV6hxcsFbo0p1zA6n5RvBLI
-z0m9S4DIczEo6hW5taZVY7TLWYew6hj/28WK3QIDAQABAoIBAEwieDjayAayr3ji
-Adkl8ym7ZYarrdQ936xZYd2kYi5j1MT3wjz9hxHt1RsauCYEuTSEz5sFzM5lwMER
-U4Ag8XNcLPNs9QPbo8wkFv8BA/yvxySw0lWXoBuc891DQyN9wrRSb4uXgNqozSUm
-fHXIYALj4I7AH85nsYZA/WlZCmb2UQwVAh/tgTlsdPrbcS3UXOYmFFk1IJvgvYam
-Qlt3wwLonFA5DOMRTIN9rIRi+nErd7+/co+jy7l8NKcDLm0e2XqxVqwnJEpZTUlF
-Y5NmqefyN1YGWqB8l6ELu38ZFKxNuZinvt4IzCF98kT2AaE/7rrhKabHWjbMg0r1
-MSRebOECgYEA3+g4gndL4YVFYAhQ5/OkkAYF2wmXh9Ej0a//KfLd1uHsH+P4sbo1
-D0MrvLsam2xq17gb+I817s4KasPKvBWpO93ZhViV1zpDwfROXq+SGzHaDyyKMtmb
-o6Kza/F64ByzWo6LpCiLpW+DTb1UxaultJa/XVx7jlfeLX23a7HCF8sCgYEAzGKu
-FT3P+MMGGdC2/pcFQuH8cABToRGo+0VpnvDF+IEQYo2J/lEC+GtgzZcIcYtF3cZ+
-vrNz5WOmdhhn/lk5sdpL6+sx/OIVttFaIY22w4QxX7kwvrM2fM36j/eCdUMrGqHQ
-AeSGrSdAlODIJkcCCIshCgFYMVto2ifYjYvTAvcCgYEAtYaDKeKltjRhxjV3wlUY
-+VqorKfeHdJEg993sv6fM3L+B+y+1vfrxG/kqaHXNGJ1TGaK5rzUMMMCVwRc/Jdj
-GJIHo7/p2w/1lu0GDGWywjFsZBjsAcXCFKv3Ym/n+oHKNoSSWYg1ju4VOZVhgNBk
-C0Cb7Ijp8sDx81eUuM7oWHkCgYA7eBcJDTQ/QJe82TL1vwGD5XdrK10qB5ZwjlDe
-M1aXKQ6YbnCRdAb2O2AuUdzeFNUeY4wrdtGpFCayRAW2R0X3Tvo6SfQAjdQdnqqo
-CrD8ELHBFYRuaHzZMaHPVAg8kG+xTxXUByd8qGgtKX5zTMP1sm3JmHyN1/gZSfDD
-tsSOHwKBgQDOS2vFATYVd2sVG0DYh3Ym+Je+FWiebVrADcDxbIbQ5l1XvtlxPMhJ
-iQAV5x/8GSjaurOnv4BunJYnHVV7ldvzN1SmJnRLragthKCWGpMy9XzKTbv2q3te
-sRDygr94UFgd4BH403J46FXQ0ancPPacAMncQztl1uB23PO25gqqHQ==
+MIIEowIBAAKCAQEAwhbVR907ic90Yqj1iMz8QZW3NbKg0LPT7Lm6pG+vY1qAF8av
+CQLZnm3qTCuOBobKHPe1DVwKjM78OogYRFJ0mCw1BetrJpmOg4EGZFR6uRGVVTWd
+f61Q5xXknITq8w+ykkjnpFKXFUygUT+T/36Mr8Kcpmyz118FjrtWNfhq+z4Qkptf
+humA2/sSmxoxMlau91gtdMMdjp6CmPIvG7LOlqBcReLR+dIzSOKa+86QVWpm39t0
+ZuT+fFRs5oA2R1Y/MgrvU8JPfSXu3gX7dRpXY2XyOsZooaAsp2KobERCEk71eMm0
+btHdL70Iy/NxV5W2V7yzZwgS9HgBMguf7F6AJQIDAQABAoIBABTE5rvS870SgwzP
+sb6a2N+XyswnOkg7BhGN6mgQP39tPsnMjAx1zp3Ce1D9VCxknhotc6VjVQmuWJVW
+3OnqvOlPybjBcWzm/7YYx3tTAvLs68L7gsgX3tFrqVQKcS3jXyOCQ6902w//bCRl
+nku32gww0hyJA1GnrGuSpm4OEDykPpPkiIpkw8c1hLQ8uhkg4RLoE7s1povO2I31
+Ir6R/fYiABRdm+HBm9KBteDuGnBQjnxESqTKRqtk2bVYl8UOiJiJeeigA47dP6gB
+LQwIaBw07Q+n4/YIryiMmuRdDhi4e/NGDDzsFrXzNaBm6MN2Tli0wzvoVsOaaold
+5/mN2H0CgYEA+cHQkj1eoIkPRiOMyObwKmGirtKSaqwGSDMt1db7UaGg9ItlflZd
+3QJtz0O0sBtyGLU4WgnrUtrE+goVe8ATUScfKlbnkDFk/1RAAeSWUff9t3ryOht8
+z36SnfcmHPBb8iMq7hSn7a3g3NxD7NRUr370iGptGsRFvhtfFv4PDDsCgYEAxvDN
+RLF+YsCai3aDuMD6wHVl0gitsjYZxCtfWqE6AXXuDubaVDWPgteJ6tVXVaS07UrX
+anxVt0BVCgPweUXMol44OnPlSkULRkxOrdktifEeX3NkWTxp6x0RLwkITJCSEkX1
+0Ts7uesjspzELDJlWtdashlGuygDUDOIPOCEvx8CgYA5y+42SVlikRUlyAhGXZrq
+U9nP1w7m/JQflShgOfXCuEKFFNUR3W6vPGao9iQUNOW8bgNyYqVAcTvwGPFLx/Ew
+cHs30xCXP7b9l0OQrJNUuKzQDvWLGN1TLxlC0PTS8ZR1fknq+oC58ej9c0OMxL4s
+NpbkEqzY6t6w1ai1q2lUDQKBgD/eLwhOs3SgwPzlH4TA77+58OZtQtZj6AHCquo9
+uJGfer3t/0npqBkpeW2a8F7ecfd8f4wAPsSGMsb0XM+SSRAXj5W0f3hIkkYPWXMW
+tjgC4O1j7mN3scl5m3quO6vY/gw/yZtSmOonQ16kVZaa109CtCtZUgvj3Kxy3tos
+enGhAoGBAKzsLnc7isZZ8Cfh0KlrEBE2RMyGkMHS91gecb2ZEc1gpvK3wq+fWy5d
+UXgHgPxHbn3ZGfzGvxAzSLzv5dCbEmj+dxYfwkDf2aBaxQpzbf6BLzAjKgfjVgY2
+rO3aMRnZU51yKK2JYHQzuULIr+Q67eRfnWHUaccEgT9V1+4+dUMG
-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpzCCAY8CAQAwYjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxDzANBgNVBAMMBkNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xp
+ZW50QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+whbVR907ic90Yqj1iMz8QZW3NbKg0LPT7Lm6pG+vY1qAF8avCQLZnm3qTCuOBobK
+HPe1DVwKjM78OogYRFJ0mCw1BetrJpmOg4EGZFR6uRGVVTWdf61Q5xXknITq8w+y
+kkjnpFKXFUygUT+T/36Mr8Kcpmyz118FjrtWNfhq+z4QkptfhumA2/sSmxoxMlau
+91gtdMMdjp6CmPIvG7LOlqBcReLR+dIzSOKa+86QVWpm39t0ZuT+fFRs5oA2R1Y/
+MgrvU8JPfSXu3gX7dRpXY2XyOsZooaAsp2KobERCEk71eMm0btHdL70Iy/NxV5W2
+V7yzZwgS9HgBMguf7F6AJQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBALlJL9a0
+pgMeRu2hAoqnUvFuBndsQMfD24NROBftNjet6BH02iM8s6ZvTsIDw7LG+uHpkoUm
+f0n+6MkJhk5WB+20dmWCpOD7F1a6Gx2kPFeZ2vEGZnbGGqcQpCY8sX80c9Q7bSyz
+5Y38MobpmHnfhjcfXkD6x7m5HKgkesqyfKQNfkDtxDTetE8XTj50g8FmoluOrOAZ
+oTI/G72AXi+oVbPc/l/97C1ndpJ04OjyIFGBPJJtjwFsx9s9UkmMghTNGyqsLReg
+oWxHO20VCS7wCV+NCqkXGkrr/ZykwH3JUx8FSasMUlvU6wzMDKtsHD7tI50/HjJ1
+lcmD6eEHQv3M2lw=
+-----END CERTIFICATE REQUEST-----
+notBefore=Jul 17 23:00:00 2060 GMT
+notAfter=Jul 17 23:00:00 2061 GMT
-----BEGIN CERTIFICATE-----
-MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDYTCCAkkCAQcwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzE2MDAwMFoYDzIwNjEwNzE3
-MTYwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
+MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
-ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyw1ww
-A4euXDayKhFrH5cSsm/8osiaMQyj/9Y91ngQfaTza9oJPi8/XcMuly3dfFxjeelA
-sQxwSOzpflFPpqVGyJsbmx2TtO+P9StkX//6mtpmgJ1fHCeBLwcQbXoU/jj0976I
-ZH0x6L0jU3C9pDCHoTutPbGfp/OB96tGbKCKis7fnGVFk+b3V7b2Kfuci0CMnOn1
-iMhV73Id33BX4gRQPGkjH5tj6SZSjwj7em193wQbZWUAGT2bWRtLgRFPYl2N+3w/
-bna4UcOi+iL9LUHApfN8RXqHFywVujSnXMDqflG8EsjPSb1LgMhzMSjqFbm1plVj
-tMtZh7DqGP/bxYrdAgMBAAEwDQYJKoZIhvcNAQELBQADgYEABzPPPH3DCjosUii6
-h5Fe+/9re6Ka/8JBZ5V9G1H+uBky7L07BQ5JhV7OIBuej0JQQXrDvicv0n7ImmHP
-O3iHxSLOe5sp7kNeQYpgm4DYbJUddcUBwltI5Lvux6IbR6rZybhVRnxjNd1jUBvj
-p42OS5M0tNYKC3jFDcuNwRIhiCw=
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCFtVH
+3TuJz3RiqPWIzPxBlbc1sqDQs9Psubqkb69jWoAXxq8JAtmebepMK44Ghsoc97UN
+XAqMzvw6iBhEUnSYLDUF62smmY6DgQZkVHq5EZVVNZ1/rVDnFeSchOrzD7KSSOek
+UpcVTKBRP5P/foyvwpymbLPXXwWOu1Y1+Gr7PhCSm1+G6YDb+xKbGjEyVq73WC10
+wx2OnoKY8i8bss6WoFxF4tH50jNI4pr7zpBVambf23Rm5P58VGzmgDZHVj8yCu9T
+wk99Je7eBft1GldjZfI6xmihoCynYqhsREISTvV4ybRu0d0vvQjL83FXlbZXvLNn
+CBL0eAEyC5/sXoAlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADwQYLzW/dqcc8qF
+VPJfQCffJlIEYFxYnUxPDZFRaSV4zUoS6BiUGU9fYsi7cV/Sqc9YGYJzgF/z2Kug
+2nN0O1q/U/9AzzagLC2tfh7Yl/M2SudxhFLxLfy8iI/cxswUgcxS4xbp2fItsPYs
+WpG3ZVlMpDc4tZ76wyXYZMLm+pMIOQlxXOQ4S+ckNyVAVU+6IrocAwl2FEw0tVyD
+oJTJa6/739bmy/GbKV9BGaIkLg2uhozkame8yltXfb7i2Mo4Wfj0hQ6NedYUiYCg
+ZhWyCh9pAXPbeFj6VdYZzwLhCJjJ2EpVQ7hCQYCoEMzGcidinbZPKPaa4H+LjVII
+AJTeE9Y=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAssNcMAOHrlw2sioRax+XErJv/KLImjEMo//WPdZ4EH2k82va
-CT4vP13DLpct3XxcY3npQLEMcEjs6X5RT6alRsibG5sdk7Tvj/UrZF//+praZoCd
-XxwngS8HEG16FP449Pe+iGR9Mei9I1NwvaQwh6E7rT2xn6fzgferRmygiorO35xl
-RZPm91e29in7nItAjJzp9YjIVe9yHd9wV+IEUDxpIx+bY+kmUo8I+3ptfd8EG2Vl
-ABk9m1kbS4ERT2Jdjft8P252uFHDovoi/S1BwKXzfEV6hxcsFbo0p1zA6n5RvBLI
-z0m9S4DIczEo6hW5taZVY7TLWYew6hj/28WK3QIDAQABAoIBAEwieDjayAayr3ji
-Adkl8ym7ZYarrdQ936xZYd2kYi5j1MT3wjz9hxHt1RsauCYEuTSEz5sFzM5lwMER
-U4Ag8XNcLPNs9QPbo8wkFv8BA/yvxySw0lWXoBuc891DQyN9wrRSb4uXgNqozSUm
-fHXIYALj4I7AH85nsYZA/WlZCmb2UQwVAh/tgTlsdPrbcS3UXOYmFFk1IJvgvYam
-Qlt3wwLonFA5DOMRTIN9rIRi+nErd7+/co+jy7l8NKcDLm0e2XqxVqwnJEpZTUlF
-Y5NmqefyN1YGWqB8l6ELu38ZFKxNuZinvt4IzCF98kT2AaE/7rrhKabHWjbMg0r1
-MSRebOECgYEA3+g4gndL4YVFYAhQ5/OkkAYF2wmXh9Ej0a//KfLd1uHsH+P4sbo1
-D0MrvLsam2xq17gb+I817s4KasPKvBWpO93ZhViV1zpDwfROXq+SGzHaDyyKMtmb
-o6Kza/F64ByzWo6LpCiLpW+DTb1UxaultJa/XVx7jlfeLX23a7HCF8sCgYEAzGKu
-FT3P+MMGGdC2/pcFQuH8cABToRGo+0VpnvDF+IEQYo2J/lEC+GtgzZcIcYtF3cZ+
-vrNz5WOmdhhn/lk5sdpL6+sx/OIVttFaIY22w4QxX7kwvrM2fM36j/eCdUMrGqHQ
-AeSGrSdAlODIJkcCCIshCgFYMVto2ifYjYvTAvcCgYEAtYaDKeKltjRhxjV3wlUY
-+VqorKfeHdJEg993sv6fM3L+B+y+1vfrxG/kqaHXNGJ1TGaK5rzUMMMCVwRc/Jdj
-GJIHo7/p2w/1lu0GDGWywjFsZBjsAcXCFKv3Ym/n+oHKNoSSWYg1ju4VOZVhgNBk
-C0Cb7Ijp8sDx81eUuM7oWHkCgYA7eBcJDTQ/QJe82TL1vwGD5XdrK10qB5ZwjlDe
-M1aXKQ6YbnCRdAb2O2AuUdzeFNUeY4wrdtGpFCayRAW2R0X3Tvo6SfQAjdQdnqqo
-CrD8ELHBFYRuaHzZMaHPVAg8kG+xTxXUByd8qGgtKX5zTMP1sm3JmHyN1/gZSfDD
-tsSOHwKBgQDOS2vFATYVd2sVG0DYh3Ym+Je+FWiebVrADcDxbIbQ5l1XvtlxPMhJ
-iQAV5x/8GSjaurOnv4BunJYnHVV7ldvzN1SmJnRLragthKCWGpMy9XzKTbv2q3te
-sRDygr94UFgd4BH403J46FXQ0ancPPacAMncQztl1uB23PO25gqqHQ==
+MIIEowIBAAKCAQEAwhbVR907ic90Yqj1iMz8QZW3NbKg0LPT7Lm6pG+vY1qAF8av
+CQLZnm3qTCuOBobKHPe1DVwKjM78OogYRFJ0mCw1BetrJpmOg4EGZFR6uRGVVTWd
+f61Q5xXknITq8w+ykkjnpFKXFUygUT+T/36Mr8Kcpmyz118FjrtWNfhq+z4Qkptf
+humA2/sSmxoxMlau91gtdMMdjp6CmPIvG7LOlqBcReLR+dIzSOKa+86QVWpm39t0
+ZuT+fFRs5oA2R1Y/MgrvU8JPfSXu3gX7dRpXY2XyOsZooaAsp2KobERCEk71eMm0
+btHdL70Iy/NxV5W2V7yzZwgS9HgBMguf7F6AJQIDAQABAoIBABTE5rvS870SgwzP
+sb6a2N+XyswnOkg7BhGN6mgQP39tPsnMjAx1zp3Ce1D9VCxknhotc6VjVQmuWJVW
+3OnqvOlPybjBcWzm/7YYx3tTAvLs68L7gsgX3tFrqVQKcS3jXyOCQ6902w//bCRl
+nku32gww0hyJA1GnrGuSpm4OEDykPpPkiIpkw8c1hLQ8uhkg4RLoE7s1povO2I31
+Ir6R/fYiABRdm+HBm9KBteDuGnBQjnxESqTKRqtk2bVYl8UOiJiJeeigA47dP6gB
+LQwIaBw07Q+n4/YIryiMmuRdDhi4e/NGDDzsFrXzNaBm6MN2Tli0wzvoVsOaaold
+5/mN2H0CgYEA+cHQkj1eoIkPRiOMyObwKmGirtKSaqwGSDMt1db7UaGg9ItlflZd
+3QJtz0O0sBtyGLU4WgnrUtrE+goVe8ATUScfKlbnkDFk/1RAAeSWUff9t3ryOht8
+z36SnfcmHPBb8iMq7hSn7a3g3NxD7NRUr370iGptGsRFvhtfFv4PDDsCgYEAxvDN
+RLF+YsCai3aDuMD6wHVl0gitsjYZxCtfWqE6AXXuDubaVDWPgteJ6tVXVaS07UrX
+anxVt0BVCgPweUXMol44OnPlSkULRkxOrdktifEeX3NkWTxp6x0RLwkITJCSEkX1
+0Ts7uesjspzELDJlWtdashlGuygDUDOIPOCEvx8CgYA5y+42SVlikRUlyAhGXZrq
+U9nP1w7m/JQflShgOfXCuEKFFNUR3W6vPGao9iQUNOW8bgNyYqVAcTvwGPFLx/Ew
+cHs30xCXP7b9l0OQrJNUuKzQDvWLGN1TLxlC0PTS8ZR1fknq+oC58ej9c0OMxL4s
+NpbkEqzY6t6w1ai1q2lUDQKBgD/eLwhOs3SgwPzlH4TA77+58OZtQtZj6AHCquo9
+uJGfer3t/0npqBkpeW2a8F7ecfd8f4wAPsSGMsb0XM+SSRAXj5W0f3hIkkYPWXMW
+tjgC4O1j7mN3scl5m3quO6vY/gw/yZtSmOonQ16kVZaa109CtCtZUgvj3Kxy3tos
+enGhAoGBAKzsLnc7isZZ8Cfh0KlrEBE2RMyGkMHS91gecb2ZEc1gpvK3wq+fWy5d
+UXgHgPxHbn3ZGfzGvxAzSLzv5dCbEmj+dxYfwkDf2aBaxQpzbf6BLzAjKgfjVgY2
+rO3aMRnZU51yKK2JYHQzuULIr+Q67eRfnWHUaccEgT9V1+4+dUMG
-----END RSA PRIVATE KEY-----
+notBefore=Jul 17 23:00:00 2000 GMT
+notAfter=Jul 17 23:00:00 2001 GMT
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcxNjAwMDBaFw0wMTA3MTcxNjAw
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
-NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
-7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
-vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
-ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
-w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
-sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCXBZanjJI96eWgPGv2LIgu
-9ZtEAd2C01lMc2UQHUMicPDFW1oQeptIruRGPVv+2ct9OhnC4JzBi18EAzxklsuF
-PsQZ+Lq/38hvdlX5bHGoRSJtFdB+ZkyFETr9AZNIYnxdSKrmUEwLPz/4rzB5KAoc
-wYNLbNWS2XqATA1rJ+cxmg==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIW1UfdO4nP
+dGKo9YjM/EGVtzWyoNCz0+y5uqRvr2NagBfGrwkC2Z5t6kwrjgaGyhz3tQ1cCozO
+/DqIGERSdJgsNQXrayaZjoOBBmRUerkRlVU1nX+tUOcV5JyE6vMPspJI56RSlxVM
+oFE/k/9+jK/CnKZss9dfBY67VjX4avs+EJKbX4bpgNv7EpsaMTJWrvdYLXTDHY6e
+gpjyLxuyzpagXEXi0fnSM0jimvvOkFVqZt/bdGbk/nxUbOaANkdWPzIK71PCT30l
+7t4F+3UaV2Nl8jrGaKGgLKdiqGxEQhJO9XjJtG7R3S+9CMvzcVeVtle8s2cIEvR4
+ATILn+xegCUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAwn9yUJMw0ymJQsT5snJm
+77AaMtOe7L1OFFl97DxO+5kAgPccTQOrjAbalj/Ip15jAdOyt65oGpzQzfPA3tE5
+8v+1Oz778LkfSoBV9jCsDrCR8Uidb0dtjDlGPzQwZt/33ogkHDObg+IsGkgYeg7Z
+yOgAPHOT70OkdVdUY++sAkMfYxjcFYpp5Y5qUl6hAZwHHO+nCYVax55HbEqYfaLn
+60RKhJrNVumczxxRf+/iw7cN4Mka7fUES7KkL+0tfpmjfDM5hakDzJJGRh4l4pRI
+R87tWJHrHoew1kSU00Ul0PYbYmLpI2Np19eq74Z/WEkaDyMym7KSBPaH2A/jZPm0
+oQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4MzJaFw00MzA5MDQxNTI4
-MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMTEyMTUyMzIwMDVaFw00NjEyMDkyMzIw
+MDVaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
-NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
-7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
-vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
-ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
-w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
-sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCrCl/LnuXiUQvdKmDYYpVq
-7HDaVkMMm0hIn342kiGK0ZTt2PpWN33xTGCOVP7hCA8ikZCXbJ32P60LFoivIHk2
-hNPx9memYT1wBwz+aFuo0jSDC3lZwffb/lr+smEl8LTBH2yP2IgRc/ppqX387m9h
-EYAdq5BPvzzFcEvXhbQ7/g==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIW1UfdO4nP
+dGKo9YjM/EGVtzWyoNCz0+y5uqRvr2NagBfGrwkC2Z5t6kwrjgaGyhz3tQ1cCozO
+/DqIGERSdJgsNQXrayaZjoOBBmRUerkRlVU1nX+tUOcV5JyE6vMPspJI56RSlxVM
+oFE/k/9+jK/CnKZss9dfBY67VjX4avs+EJKbX4bpgNv7EpsaMTJWrvdYLXTDHY6e
+gpjyLxuyzpagXEXi0fnSM0jimvvOkFVqZt/bdGbk/nxUbOaANkdWPzIK71PCT30l
+7t4F+3UaV2Nl8jrGaKGgLKdiqGxEQhJO9XjJtG7R3S+9CMvzcVeVtle8s2cIEvR4
+ATILn+xegCUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAErxcL62i04myJ5L1M7zR
+Q5E9ctb78R+0A3GDAUo8qx2eO9pwmNH0DTrDPKUu0iAIyZlS5grS3fq5I3yy/wl8
+P6ClIxV/BryDXlgM0m/pjr79qtlILOpO4/Fxgp5tSNKomOOGjzP7jgcNqTuor+Z+
+d0Q8m60fwgCbThtF7ivsLcdGPwDknN3uuYvkyvsTMWOedbW2LA1LwtuF3qZiAcIe
+5yVqkV2zJtr+N122Wbnl/26UOBabtYXki0xsPtAvzP3f9Fp6zo+lmp5mTZRoVJOd
+GrDLnf+1YhlfoB05+nefI4M46WAkXRs6hCrORyOKza0l3SXhP/Kgt9uR3DvLz/B2
+7Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQgwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4NDlaFw00MzA5MDQxNTI4
-NDlaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMTEyMTUyMzIwMDVaFw00NjEyMDkyMzIw
+MDVaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoflA8RApzA
-4xDqTXTB9S95EREe5XgJM5AX+euLl77pxnwJNhjIsSAbkLgnQ9tVRs2dKQdhzN1I
-XlzEjz+WHqxSQqh/CEp5Dlp5SvZrYezHJHuQVVj1uuPWU3yB7CjoCkKT+VPrOLQo
-zITCu9Xl/SI79GOOUb0TUKm3z7Y0H6ooqXzW77DGEEFWpf72+lnEWSYjleJPtY0b
-TJB3vlFHE456gBKlJwit+fywmEMu03Wjci5IpTmPFnp1LhIi9P4tbEOw3l+qazgh
-bY30eDVvVBHx8wK3OF5w1VSdt6TXM664G0xyCDihunt50BOVw2JxTlXyRP+kr3tY
-hSZRNr2J2c0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQA/0rpbeNv1JlT8nBjhYnNr
-72DkVhu5cj06zolC87Zk/fvqC8I4OtrfCbDZ1TIzJPFTdIxRdd8eGJlKtGWW2EJ+
-2z/Jmkx3Dh5QbHpAenYHI59kBF+BPnrk64o0f304jRZZQznEMqQBb+/q9iW1iT/9
-lw0YLQ1pI3OlOCLGaUKj1A==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOCHBNIrDecV
+4afipmhQa6ASF0PX8Fy4dzjjZOImHKF+uXx3Ti5VvD/XMEIG5quohxmTp0OQBZTb
+jMdsYZ6RpIL4riLQ/Gkzk88OhR+9mcCQluRLncFhpkz7Gb/6/h8gv20+gys0j9CI
+Io3aPlcst5BFxEDTpmP2st/VJfDw7D5G/CMgnYghr/b4O1d9hKKccXR/WNDGkaD5
+i1jpxUagy3LaJop0ZwE43W1m7ZNyqiJUZFBkzC5F+BftADfc1WvwKrx8IdG4U9gN
+Dbeg3SystiY27TePw7bsQlJQ6c4WSk1CeN52/qNtC57G7uXuOqbv8VwJtH0WdlV7
+Snyj1sHd2GECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAoMCKngqBz/PQtuOQITty
+DTH596wUz/uCkGvyXBt5jL9C2Alx4uLqsBHvkeK1jve1P7dsBHY9FQ6ed4Vqxthb
+6sg4Ob5pvXldUMoq6W61fHKpIK75C+uJxlpbKq6lJfnB45RbXJa13RxTaMfOsGml
+rhYsUdui2sgCAnbnlxp+OvUNHLa0P5sdJYhvbOTGsSZCH2fcs4E2oepzkeI2Lbwj
+PM9J4K1XaoW4IDbDHr27HPNkyk2Gpc8BGfqf+nFRp3dSiRbYu8NPQZo4RvasfOjF
+n4AoE9d5KMTSUWn7NURgikgPCtlsh+xF+IEdn/h67U0HzhI6zt5M42Wr6kIPhCxC
+jg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAqh+UDxECnMDjEOpNdMH1L3kRER7leAkzkBf564uXvunGfAk2
-GMixIBuQuCdD21VGzZ0pB2HM3UheXMSPP5YerFJCqH8ISnkOWnlK9mth7Mcke5BV
-WPW649ZTfIHsKOgKQpP5U+s4tCjMhMK71eX9Ijv0Y45RvRNQqbfPtjQfqiipfNbv
-sMYQQVal/vb6WcRZJiOV4k+1jRtMkHe+UUcTjnqAEqUnCK35/LCYQy7TdaNyLkil
-OY8WenUuEiL0/i1sQ7DeX6prOCFtjfR4NW9UEfHzArc4XnDVVJ23pNczrrgbTHII
-OKG6e3nQE5XDYnFOVfJE/6Sve1iFJlE2vYnZzQIDAQABAoIBAC13+y57sWML+qRO
-uxz1qf5iMTmONG58pxdgER/vU0NnX/FO1PKS0SRvuaI+fFhm1mGmG40pioOqD+5j
-apXoHZKY+c/nA+RDrp5nxK1PzgBmyU1tKiJ4qtayNeYVI3Vbb0KUIhNXzvP345Go
-KmPk8F7x/0OMijQqsWhrBE0CaWQkwm5wBdWlNb82kz6KyJCzcMmS9SwfqRclz8Qp
-JDiyllxiYj+OjYFg1ntcR3vMkVbK88NVSZWwPOZdMmYd4PC0pIcHg/j/kTN/mrs4
-w3MzSd5+Lvg234bofH3XRPbxdu0MOUEEMwbyLHjXXa4g3je0cABwCvo6b9sShKYi
-ktLpzoECgYEA1rQVY+O6Hlf9n8msTRMGsiEu9IKuadPs+Ixnhxerh4WBem1ivx58
-vXOhkeblKYLrDP9alm++nprlBAP3xRK3iX6r388a+e5UPbsHCk8KaZKkCTezpTS2
-1TqQFcc6Kc8BKJui7UhsALeKAFgcgmagXd2qMRm1lLgNY3Xc4KNBlRUCgYEAythj
-Pqqvhvr/ixLFKlTjZXhNc2DYdw9tP3egjMjpmyIKo4UYH4qTGhlbrxPLqgQUMyp4
-tqT1FdrbCp0K/TJKuURnsNzbwp73mMc+H+nrmBmU6/q/4Yhu1BrvBCoaaOT9ET9f
-raEJTc133xXvDCBuq8P82ODEzpD7gxNStRRtT9kCgYBLb0Y8rFxOIPg5VfA1vEOT
-/lizC98fy5fs09fj/QsFOID/dMNHBv0oyyGvU4KcjSTskiNPy78blqx0NritAyB9
-LIZSwj9mJLhwX+/fTVoJMb50hp+VoenDDSpmnHLxEYwEqnoaCGH59oKEEHEj187s
-a99KFRBZSjlaAqUyP+ng6QKBgQCpoaftQiQjx0do8Dt+GRtJQf/TGwwrFPWRe+MB
-mQryttcaxDTWO7akvswTb4SEG4EhAMWOSAjFTA6do5MLBsHCiVgFac1FxlbcptJn
-MeHZgpstdLZ+TvAP5K45V1RaoBSaFdtXgjIbpFY4c0lDZOPoNLAAVod/D3Olu8UQ
-tZJskQKBgFxFnovacjyccFHI0SjjbqedOQn7mUlvYv/uPkMe8O4wu7wael7iMb8w
-/MK6ZRK5Ec9c1lotoEhaZbGoTvUIX2eA+gdGYWDhxFbce7/1bPNvhRLoEsFLvXuU
-53H2rvqRiFX8scM3Pc/toWylzRLLVowcRAZ+joprIMfrrtFkekD9
+MIIEpAIBAAKCAQEA4IcE0isN5xXhp+KmaFBroBIXQ9fwXLh3OONk4iYcoX65fHdO
+LlW8P9cwQgbmq6iHGZOnQ5AFlNuMx2xhnpGkgviuItD8aTOTzw6FH72ZwJCW5Eud
+wWGmTPsZv/r+HyC/bT6DKzSP0Igijdo+Vyy3kEXEQNOmY/ay39Ul8PDsPkb8IyCd
+iCGv9vg7V32EopxxdH9Y0MaRoPmLWOnFRqDLctominRnATjdbWbtk3KqIlRkUGTM
+LkX4F+0AN9zVa/AqvHwh0bhT2A0Nt6DdLKy2JjbtN4/DtuxCUlDpzhZKTUJ43nb+
+o20Lnsbu5e46pu/xXAm0fRZ2VXtKfKPWwd3YYQIDAQABAoIBABnj1814Q3kjD8sx
+Gmkq5M4nZ+Fd1AyNBMpdhjOBm4mPuEm+5Bf5sORXpuvmKdEfdLyhRwdGYy5gBqK0
+P6luN98WV9YR7RkgZmnYzcb0MPeAdLXMdltnLCryRWzav1TNjOVG8Q8ZV3//QqTC
+xq98q4oKUW/8N9KNDuE6jc5zqXogtAOpyKuTErSipviL9cCuWYGCogId1MjeV366
+yxjE51jC6qJBQAmJKHJZwlrmEciNRSmP5F2KmL3C4HcKFRDtrHMQMw4DZ14MvtwW
++zrWjJGtWarrtrGBQI8v0cGU+A9MDNPj5H9F2bVoNR1jLC/PDs8I9L7M1jg6PXeV
+iLq2khUCgYEA8+7CILINFWr+2I+3NBjOflnlm6pRtXPypTskp69ZB644sWjhtIfT
+QVTxI7FHdC+cbMsDuDY1uQnFSr/crz9ufZUxETAvErJve+yk9BKpShRcIaJTeAtU
+9B6PqRmgHY9smkcBpVrNizV2KlOH8E5kRS16UMLkMCFGCOtQ/ohvfucCgYEA66KB
+o7avrY+e4gLsnjpUBiWbAjKflLU80SULJJWNejN2sVtNLIlHMJcUxy9bh0wDfGNM
+WTJUzS+0hfGYsEkSnlMj99xLlmWrxD1at+LWSSLUR4aN6me9T+GPJvrDbIVTpXqb
+ChwzM3h1+tIk7KVVe/CB6hZaWUYc4Dbf/qpC7XcCgYEAsUFzUZzwwvqQG8A7SaEp
+FEmw/rACVg/eZ9EVbsCNunYQfmKPeMcmbRgTbnNZUAV07t2LY2YJHeAKvKm07Kf0
+W095a1sPKc/+ERhCOZYB7HHlDQ/PBbF+VzKKBEA5yKE7MtScTpMwP5NmvZUbeDUO
+yfIlKuCkPpE/OiX9Iij0lEsCgYAPCUGohsHTG3USCwm6VxKBiejITR6tyJrm5aw+
+W2S5xYrvaloUW3Y1fY6P30/B5HHcgCGhF3sd1Mt6OJ57sU4E2F1VNbOFF1vMm/Ws
+AkeWRyiwn79yk8gaztPpstrBlAhwaNB35rDFugwdQ0ej6jD4RbKkk2SUicrR6+6D
+O64lpQKBgQDmlfRxfP1PTWhBm81OjX0eX3N3w9Vz5MR1JpPTZZSedU5tgid1nkRb
+tWjE6ElJINXxlTcTKEbdI8iCccy+pjOqDPEVZPfbCxjLCrXjQlH1ZGEw1m1Z9Coe
+7tn8kz4gkwacEgyAXg7KDQk2Wdg0tgRO6xbzk37vOwd4f0tjfeGd5A==
-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpzCCAY8CAQAwYjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxDzANBgNVBAMMBkNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xp
+ZW50QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+4IcE0isN5xXhp+KmaFBroBIXQ9fwXLh3OONk4iYcoX65fHdOLlW8P9cwQgbmq6iH
+GZOnQ5AFlNuMx2xhnpGkgviuItD8aTOTzw6FH72ZwJCW5EudwWGmTPsZv/r+HyC/
+bT6DKzSP0Igijdo+Vyy3kEXEQNOmY/ay39Ul8PDsPkb8IyCdiCGv9vg7V32Eopxx
+dH9Y0MaRoPmLWOnFRqDLctominRnATjdbWbtk3KqIlRkUGTMLkX4F+0AN9zVa/Aq
+vHwh0bhT2A0Nt6DdLKy2JjbtN4/DtuxCUlDpzhZKTUJ43nb+o20Lnsbu5e46pu/x
+XAm0fRZ2VXtKfKPWwd3YYQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBALuctJyW
+s64nFW4jGDij7hUm18dsBxeoezKSUiHQNXgITk6Cko/ECLE34w8GpoYCNPW3EI7I
+Q9GxZ1+46tqV86LAVm++YRSTXz/4jgLXSyVqlqSwwzUxgAeWTUMbaeAFKc46vO+7
+tYUjAsZJ6usJcqNO44fP5E18gMc8lQNC3zTor5/7/jMrFMJLrsdC2h00XxVsJfpz
+doucwYrsv0KJAGxOlV+Q4uu85XfjVOZ6x8EsTnWgqg9w6eF2iHo+sp7P7ijff/wU
+aQ98ivXgK953i7cy2ZCgYiblS7tRYndG5msXUBX9VlxP/Pk8w0qexZGTqTlW/rat
+yWUIk/91HJJO/7M=
+-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAqh+UDxECnMDjEOpNdMH1L3kRER7leAkzkBf564uXvunGfAk2
-GMixIBuQuCdD21VGzZ0pB2HM3UheXMSPP5YerFJCqH8ISnkOWnlK9mth7Mcke5BV
-WPW649ZTfIHsKOgKQpP5U+s4tCjMhMK71eX9Ijv0Y45RvRNQqbfPtjQfqiipfNbv
-sMYQQVal/vb6WcRZJiOV4k+1jRtMkHe+UUcTjnqAEqUnCK35/LCYQy7TdaNyLkil
-OY8WenUuEiL0/i1sQ7DeX6prOCFtjfR4NW9UEfHzArc4XnDVVJ23pNczrrgbTHII
-OKG6e3nQE5XDYnFOVfJE/6Sve1iFJlE2vYnZzQIDAQABAoIBAC13+y57sWML+qRO
-uxz1qf5iMTmONG58pxdgER/vU0NnX/FO1PKS0SRvuaI+fFhm1mGmG40pioOqD+5j
-apXoHZKY+c/nA+RDrp5nxK1PzgBmyU1tKiJ4qtayNeYVI3Vbb0KUIhNXzvP345Go
-KmPk8F7x/0OMijQqsWhrBE0CaWQkwm5wBdWlNb82kz6KyJCzcMmS9SwfqRclz8Qp
-JDiyllxiYj+OjYFg1ntcR3vMkVbK88NVSZWwPOZdMmYd4PC0pIcHg/j/kTN/mrs4
-w3MzSd5+Lvg234bofH3XRPbxdu0MOUEEMwbyLHjXXa4g3je0cABwCvo6b9sShKYi
-ktLpzoECgYEA1rQVY+O6Hlf9n8msTRMGsiEu9IKuadPs+Ixnhxerh4WBem1ivx58
-vXOhkeblKYLrDP9alm++nprlBAP3xRK3iX6r388a+e5UPbsHCk8KaZKkCTezpTS2
-1TqQFcc6Kc8BKJui7UhsALeKAFgcgmagXd2qMRm1lLgNY3Xc4KNBlRUCgYEAythj
-Pqqvhvr/ixLFKlTjZXhNc2DYdw9tP3egjMjpmyIKo4UYH4qTGhlbrxPLqgQUMyp4
-tqT1FdrbCp0K/TJKuURnsNzbwp73mMc+H+nrmBmU6/q/4Yhu1BrvBCoaaOT9ET9f
-raEJTc133xXvDCBuq8P82ODEzpD7gxNStRRtT9kCgYBLb0Y8rFxOIPg5VfA1vEOT
-/lizC98fy5fs09fj/QsFOID/dMNHBv0oyyGvU4KcjSTskiNPy78blqx0NritAyB9
-LIZSwj9mJLhwX+/fTVoJMb50hp+VoenDDSpmnHLxEYwEqnoaCGH59oKEEHEj187s
-a99KFRBZSjlaAqUyP+ng6QKBgQCpoaftQiQjx0do8Dt+GRtJQf/TGwwrFPWRe+MB
-mQryttcaxDTWO7akvswTb4SEG4EhAMWOSAjFTA6do5MLBsHCiVgFac1FxlbcptJn
-MeHZgpstdLZ+TvAP5K45V1RaoBSaFdtXgjIbpFY4c0lDZOPoNLAAVod/D3Olu8UQ
-tZJskQKBgFxFnovacjyccFHI0SjjbqedOQn7mUlvYv/uPkMe8O4wu7wael7iMb8w
-/MK6ZRK5Ec9c1lotoEhaZbGoTvUIX2eA+gdGYWDhxFbce7/1bPNvhRLoEsFLvXuU
-53H2rvqRiFX8scM3Pc/toWylzRLLVowcRAZ+joprIMfrrtFkekD9
+MIIEpAIBAAKCAQEA4IcE0isN5xXhp+KmaFBroBIXQ9fwXLh3OONk4iYcoX65fHdO
+LlW8P9cwQgbmq6iHGZOnQ5AFlNuMx2xhnpGkgviuItD8aTOTzw6FH72ZwJCW5Eud
+wWGmTPsZv/r+HyC/bT6DKzSP0Igijdo+Vyy3kEXEQNOmY/ay39Ul8PDsPkb8IyCd
+iCGv9vg7V32EopxxdH9Y0MaRoPmLWOnFRqDLctominRnATjdbWbtk3KqIlRkUGTM
+LkX4F+0AN9zVa/AqvHwh0bhT2A0Nt6DdLKy2JjbtN4/DtuxCUlDpzhZKTUJ43nb+
+o20Lnsbu5e46pu/xXAm0fRZ2VXtKfKPWwd3YYQIDAQABAoIBABnj1814Q3kjD8sx
+Gmkq5M4nZ+Fd1AyNBMpdhjOBm4mPuEm+5Bf5sORXpuvmKdEfdLyhRwdGYy5gBqK0
+P6luN98WV9YR7RkgZmnYzcb0MPeAdLXMdltnLCryRWzav1TNjOVG8Q8ZV3//QqTC
+xq98q4oKUW/8N9KNDuE6jc5zqXogtAOpyKuTErSipviL9cCuWYGCogId1MjeV366
+yxjE51jC6qJBQAmJKHJZwlrmEciNRSmP5F2KmL3C4HcKFRDtrHMQMw4DZ14MvtwW
++zrWjJGtWarrtrGBQI8v0cGU+A9MDNPj5H9F2bVoNR1jLC/PDs8I9L7M1jg6PXeV
+iLq2khUCgYEA8+7CILINFWr+2I+3NBjOflnlm6pRtXPypTskp69ZB644sWjhtIfT
+QVTxI7FHdC+cbMsDuDY1uQnFSr/crz9ufZUxETAvErJve+yk9BKpShRcIaJTeAtU
+9B6PqRmgHY9smkcBpVrNizV2KlOH8E5kRS16UMLkMCFGCOtQ/ohvfucCgYEA66KB
+o7avrY+e4gLsnjpUBiWbAjKflLU80SULJJWNejN2sVtNLIlHMJcUxy9bh0wDfGNM
+WTJUzS+0hfGYsEkSnlMj99xLlmWrxD1at+LWSSLUR4aN6me9T+GPJvrDbIVTpXqb
+ChwzM3h1+tIk7KVVe/CB6hZaWUYc4Dbf/qpC7XcCgYEAsUFzUZzwwvqQG8A7SaEp
+FEmw/rACVg/eZ9EVbsCNunYQfmKPeMcmbRgTbnNZUAV07t2LY2YJHeAKvKm07Kf0
+W095a1sPKc/+ERhCOZYB7HHlDQ/PBbF+VzKKBEA5yKE7MtScTpMwP5NmvZUbeDUO
+yfIlKuCkPpE/OiX9Iij0lEsCgYAPCUGohsHTG3USCwm6VxKBiejITR6tyJrm5aw+
+W2S5xYrvaloUW3Y1fY6P30/B5HHcgCGhF3sd1Mt6OJ57sU4E2F1VNbOFF1vMm/Ws
+AkeWRyiwn79yk8gaztPpstrBlAhwaNB35rDFugwdQ0ej6jD4RbKkk2SUicrR6+6D
+O64lpQKBgQDmlfRxfP1PTWhBm81OjX0eX3N3w9Vz5MR1JpPTZZSedU5tgid1nkRb
+tWjE6ElJINXxlTcTKEbdI8iCccy+pjOqDPEVZPfbCxjLCrXjQlH1ZGEw1m1Z9Coe
+7tn8kz4gkwacEgyAXg7KDQk2Wdg0tgRO6xbzk37vOwd4f0tjfeGd5A==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQgwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4NDlaFw00MzA5MDQxNTI4
-NDlaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMTEyMTUyMzIwMDVaFw00NjEyMDkyMzIw
+MDVaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoflA8RApzA
-4xDqTXTB9S95EREe5XgJM5AX+euLl77pxnwJNhjIsSAbkLgnQ9tVRs2dKQdhzN1I
-XlzEjz+WHqxSQqh/CEp5Dlp5SvZrYezHJHuQVVj1uuPWU3yB7CjoCkKT+VPrOLQo
-zITCu9Xl/SI79GOOUb0TUKm3z7Y0H6ooqXzW77DGEEFWpf72+lnEWSYjleJPtY0b
-TJB3vlFHE456gBKlJwit+fywmEMu03Wjci5IpTmPFnp1LhIi9P4tbEOw3l+qazgh
-bY30eDVvVBHx8wK3OF5w1VSdt6TXM664G0xyCDihunt50BOVw2JxTlXyRP+kr3tY
-hSZRNr2J2c0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQA/0rpbeNv1JlT8nBjhYnNr
-72DkVhu5cj06zolC87Zk/fvqC8I4OtrfCbDZ1TIzJPFTdIxRdd8eGJlKtGWW2EJ+
-2z/Jmkx3Dh5QbHpAenYHI59kBF+BPnrk64o0f304jRZZQznEMqQBb+/q9iW1iT/9
-lw0YLQ1pI3OlOCLGaUKj1A==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOCHBNIrDecV
+4afipmhQa6ASF0PX8Fy4dzjjZOImHKF+uXx3Ti5VvD/XMEIG5quohxmTp0OQBZTb
+jMdsYZ6RpIL4riLQ/Gkzk88OhR+9mcCQluRLncFhpkz7Gb/6/h8gv20+gys0j9CI
+Io3aPlcst5BFxEDTpmP2st/VJfDw7D5G/CMgnYghr/b4O1d9hKKccXR/WNDGkaD5
+i1jpxUagy3LaJop0ZwE43W1m7ZNyqiJUZFBkzC5F+BftADfc1WvwKrx8IdG4U9gN
+Dbeg3SystiY27TePw7bsQlJQ6c4WSk1CeN52/qNtC57G7uXuOqbv8VwJtH0WdlV7
+Snyj1sHd2GECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAoMCKngqBz/PQtuOQITty
+DTH596wUz/uCkGvyXBt5jL9C2Alx4uLqsBHvkeK1jve1P7dsBHY9FQ6ed4Vqxthb
+6sg4Ob5pvXldUMoq6W61fHKpIK75C+uJxlpbKq6lJfnB45RbXJa13RxTaMfOsGml
+rhYsUdui2sgCAnbnlxp+OvUNHLa0P5sdJYhvbOTGsSZCH2fcs4E2oepzkeI2Lbwj
+PM9J4K1XaoW4IDbDHr27HPNkyk2Gpc8BGfqf+nFRp3dSiRbYu8NPQZo4RvasfOjF
+n4AoE9d5KMTSUWn7NURgikgPCtlsh+xF+IEdn/h67U0HzhI6zt5M42Wr6kIPhCxC
+jg==
-----END CERTIFICATE-----
-#!/bin/sh
+#!/bin/bash
+
+set -e
msg() {
echo
cd `dirname $0`
echo
-echo "This script re-generates all private keys and certificates"
-echo "needed to run the Unit Test."
-echo
-echo " *** IMPORTANT ***"
-echo
-echo "This script will change the system date momentarily to generate"
-echo "a couple of certificates (sudo password will be requested). This"
-echo "is because it uses the OpenSSL x509 utility instead of the ca"
-echo "utility which allows to set a starting date for the certificates."
-echo
-echo "A few manual changes need to be made. The first certificate"
-echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by"
-echo "the contents of ca.pem."
-echo
-echo "Also, file-database.c:test_lookup_certificates_issued_by has"
-echo "an ISSUER variable that needs to be changed by the CA identifier"
-echo "(read the comment in that function) if you modify this script."
-echo
-echo " *** IMPORTANT ***"
+echo "This script regenerates all private keys and certificates"
+echo "needed to run glib-networking tests. Please note this script"
+echo "depends on datefudge, openssl, and python3's cryptography module."
echo
-read -p "Press [Enter] key to continue..." key
+read -p "Press [Enter] key to continue..."
#######################################################################
### Obsolete/Untrusted Root CA
echo "00" > serial
msg "Creating CA private key for obsolete/untrusted CA"
-openssl genrsa -out old-ca-key.pem 1024
+openssl genrsa -out old-ca-key.pem 2048
msg "Creating CA certificate for obsolete/untrusted CA"
openssl req -x509 -new -config ssl/old-ca.conf -days 10950 -key old-ca-key.pem -out old-ca.pem
#######################################################################
msg "Creating CA private key"
-openssl genrsa -out ca-key.pem 1024
+openssl genrsa -out ca-key.pem 2048
msg "Creating CA certificate"
openssl req -x509 -new -config ssl/ca.conf -days 10950 -key ca-key.pem -out ca.pem
#######################################################################
+### New Root CA with OCSP MustStaple
+#######################################################################
+
+msg "Creating CA (OCSP) certificate"
+openssl req -x509 -new -config ssl/ca.conf -addext tlsfeature=status_request -days 10950 -key ca-key.pem -out ca-ocsp.pem
+
+#######################################################################
### New Root CA, issued by Obsolete/Untrusted Root CA
#######################################################################
#######################################################################
msg "Creating server private key"
-openssl genrsa -out server-key.pem 1024
+openssl genrsa -out server-key.pem 2048
msg "Creating server certificate request"
openssl req -config ssl/server.conf -key server-key.pem -new -out server-csr.pem
cat server.pem > server-and-key.pem
cat server-key.pem >> server-and-key.pem
+msg "Updating digest of the new certificate in connections.c"
+DIGEST=$( openssl x509 -outform der -in server.pem | openssl sha256 -binary | base64 | sed 's/\//\\\//g' )
+sed -i "/define SERVER_CERT_DIGEST_B64/s/\"\([^\"]\+\)\"/\"$DIGEST\"/" ../connection.c
+
msg "Converting server certificate from PEM to DER"
openssl x509 -in server.pem -outform DER -out server.der
msg "Converting server private key from PEM to DER"
openssl rsa -in server-key.pem -outform DER -out server-key.der
+msg "Converting server private key to PKCS #8"
+openssl pkcs8 -topk8 -in server-key.pem -outform PEM -nocrypt -out server-key-pkcs8.pem
+openssl pkcs8 -topk8 -in server-key.pem -outform DER -nocrypt -out server-key-pkcs8.der
+
+#######################################################################
+### Server (OCSP required by CA)
+#######################################################################
+
+msg "Creating server (OCSP required by CA) certificate"
+openssl x509 -req -in server-csr.pem -days 9125 -CA ca-ocsp.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/server.conf -extensions v3_req_ext -out server-ocsp-required-by-ca.pem
+
+msg "Concatenating server (OCSP required by CA) certificate and private key into a single file"
+cat server-ocsp-required-by-ca.pem > server-ocsp-required-by-ca-and-key.pem
+cat server-key.pem >> server-ocsp-required-by-ca-and-key.pem
+
+#######################################################################
+### Server (OCSP required by server)
+#######################################################################
+
+msg "Creating server (OCSP required by server) certificate"
+openssl x509 -req -in server-csr.pem -days 9125 -CA ca.pem -CAkey ca-key.pem -CAserial serial -extfile ssl/server-muststaple.conf -extensions v3_req_ext -out server-ocsp-required-by-server.pem
+
+msg "Concatenating server (OCSP required by server) certificate and private key into a single file"
+cat server-ocsp-required-by-server.pem > server-ocsp-required-by-server-and-key.pem
+cat server-key.pem >> server-ocsp-required-by-server-and-key.pem
+
#######################################################################
### Server (self-signed)
#######################################################################
# It is not possible to specify the start and end date using the "x509" tool.
# It would be better to use the "ca" tool. Sorry!
msg "Creating client certificate (past)"
-sudo date -s "17 JUL 2000 18:00:00"
-openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-past.pem
-sudo hwclock -s
+datefudge "17 JUL 2000 18:00:00" openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-past.pem
touch client-past.pem
msg "Creating client certificate (future)"
-sudo date -s "17 JUL 2060 18:00:00"
-openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-future.pem
-sudo hwclock -s
+datefudge "17 JUL 2060 18:00:00" openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial serial -out client-future.pem
touch client-future.pem
msg "Creating second client key pair"
echo "00" > intermediate-serial
msg "Creating intermediate CA private key"
-openssl genrsa -out intermediate-ca-key.pem 1024
+openssl genrsa -out intermediate-ca-key.pem 2048
msg "Creating intermediate CA certificate request"
openssl req -config ssl/intermediate-ca.conf -key intermediate-ca-key.pem -new -out intermediate-ca-csr.pem
#######################################################################
msg "Creating server (intermediate CA) private key"
-openssl genrsa -out server-intermediate-key.pem 1024
+openssl genrsa -out server-intermediate-key.pem 2048
msg "Creating server (intermediate CA) certificate request"
openssl req -config ssl/server-intermediate.conf -key server-intermediate-key.pem -new -out server-intermediate-csr.pem
cat ca.pem >> chain.pem
#######################################################################
+### Updating CA Root files
+#######################################################################
+
+msg "Updating CA Root files"
+./update-chain-with-new-root.py ca-roots.pem ca.pem
+./update-chain-with-new-root.py ca-roots-bad.pem ca.pem
+
+#######################################################################
+### Update test expectations
+#######################################################################
+
+msg "Updating test expectations"
+./update-test-database.py ca.pem ../file-database.h
+./update-certificate-test.py server.pem ../certificate.h
+
+#######################################################################
### Cleanup
#######################################################################
-----BEGIN CERTIFICATE REQUEST-----
-MIICPzCCAagCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+MIIDRDCCAiwCAQAwga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
ZAEZFgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20x
-KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu0V6zuw2zphIOaer4FRF3CCkD7I5MiLR
-MQvCTtxm9TW+MjNX9/AgnZyrhz53TMzXZpeRzHbBd/alcIsNYeuZA9Sz7OGbNVrl
-sdv+UqGxtpz+QyNABbNVHOMQwEUoWZGOhH3LJFGGs29wZJ0t/YnE87zWYNrwP1JJ
-JzqCn2A6sPECAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0OBBYEFByV3uzu
-QMQXVoMub5ot/St1JnK0MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBCwUAA4GBAG7IynHI8OVb/MJbcbLOYg0OaRDMGTbT6IqPxp70
-sVgTN9nlJe9QDs2hJpNFkwMtJqLcS5Qq9/fU02LpsFzABSz0s3Ie6yC0iSxa+tF/
-Zy/dQfgPYclXIvt7Cy1KRYPcb8c825QOE7dc4ZhBUStFK8YddSCLhXjlGTpbDm3u
-QP5a
+KjAoBgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM38HyX7bWXgx0vo3FouVlOL2zu2
+6NWkfBOlayVaNSwz0vQBqzH00V1DfldicevLLUjcxKeezlYRwI3cGHuFqWoZOjiJ
+/Nq9SsmpW/y7JCUqSA3CXrVVXSrulmXiaozYoQA1fWOpiwcr3Jhz/8VCSYGbZYJY
+qwN8PyyZWUfOMklkgeJrhKDX2JWzjMSBSqcj25hEPRvqB/Fmqpx/qnMl1/ssosnR
+KCcxzHv94uBapF3XyjBAmvw29OwjWDN4F50pAkgOHB04CW5b14WWc6APUS6jpc4H
+4ZTTbuX2cR07G4I2IVFmtgwxXlEHL+XCtyWojwg9edN9ML7ir3oHJkRR4mECAwEA
+AaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0OBBYEFK+QXlzyE4v62RPbNWWyU2Qy
+lsCKMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+CwUAA4IBAQCylR6/62q5T6C0lZmwq2gKFNOECceE+IwfC0jBLko6OnnVac0CFEe+
+HiVIqxeIcBBQ3/L20ilagVrFWhQfb7/vtaa5+m2pRrq1SluW8jdq1Ap8qLWUE5bp
+YxhBvgeW8TxqWjACCkxEnz3vfG5LchFvrSGtpkUqky6VGg4H8NXShAt5qmDHZAha
+wDK6APNinMxiIXDCmOCXcXjS1708UVQRRUS5YWtUUFrOlpqsTFQ2ATAHoeerv+cw
+yon1qd9XbH/mXFH9Yg7005fDWwGlB8o66TC/U5jg9AYf6SvCQ24/Ikdfhnyr9qjA
+KAsKP8O1G5EjITP+wpc5VjYRzsERDF+Z
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQC7RXrO7DbOmEg5p6vgVEXcIKQPsjkyItExC8JO3Gb1Nb4yM1f3
-8CCdnKuHPndMzNdml5HMdsF39qVwiw1h65kD1LPs4Zs1WuWx2/5SobG2nP5DI0AF
-s1Uc4xDARShZkY6EfcskUYazb3BknS39icTzvNZg2vA/UkknOoKfYDqw8QIDAQAB
-AoGBAJ53DJRMDZSEB5nB6A7LQNIkTK97gCqMi7eU27cfiX+1GlwgVi/XYcH88Khg
-k1LJgvutBhKd6tg4PYYeJBTX54GDuQzghfqweIqJgItchJDr1c6pw2qbNnMFqP4N
-rfbDyFVrhoMf3QSDtoV6TXZZNXZXAC1nVbmhE0GiGUGFts6BAkEA33gFibdxqHBG
-HNu6ry6oNhpiUMm9X2wNLVi3oxJLYBYQx0OSrs6wlNJvoUpMVuEjriCmT26GtdxI
-DjWz4ffLbwJBANaIfn3EUnB8iNaSUmJpJKHMtiIAAw2XKIt9OUa9QTkCKLoX+Nzr
-i6PV5pPOfcLc8h+YBDkQaja7480xIbYimZ8CQH9k27tb0baVctLmzLErpwdY2S13
-JLcuUQDF78JOHpxDWANQ2WFAQVhF8w9+3LA2nvGYeVcVCkTItGctZEPw0I8CQQDN
-hkwwLqGP9C6f6eQVNYeLnnOqVPqXzYVhROFXXL4cYG4mAgs/kkTf+27/kSY4RbWM
-APWiuZAXyZ7umDAkrjcfAkEAtCGn5fY0AyOEnej7b0ZsTHlLTSHb6drAPDT5b3Ad
-O96DYKvWhlBsGEmDOsBOo/1PCfHWygBJvTDBoRKBdAh4uA==
+MIIEowIBAAKCAQEAzfwfJfttZeDHS+jcWi5WU4vbO7bo1aR8E6VrJVo1LDPS9AGr
+MfTRXUN+V2Jx68stSNzEp57OVhHAjdwYe4Wpahk6OIn82r1Kyalb/LskJSpIDcJe
+tVVdKu6WZeJqjNihADV9Y6mLByvcmHP/xUJJgZtlglirA3w/LJlZR84ySWSB4muE
+oNfYlbOMxIFKpyPbmEQ9G+oH8WaqnH+qcyXX+yyiydEoJzHMe/3i4FqkXdfKMECa
+/Db07CNYM3gXnSkCSA4cHTgJblvXhZZzoA9RLqOlzgfhlNNu5fZxHTsbgjYhUWa2
+DDFeUQcv5cK3JaiPCD15030wvuKvegcmRFHiYQIDAQABAoIBAGJge2/keQcjJ4v1
+lufrIYedUANhBCqk+C1Z36ZjQunthl7LPTwKtMNaLMkHV2lKDEK0TafQjLNGnzQh
+XgAAgj0N92RxYrYFmeZeYHR/3G9zlh4cKqdoMasDcAkQ7dp+y8YRxeUHYEL4i86z
+9//5/KlN0llCh8qOWI2wX5ePvyyVXGn1xfaUyU7aQMJ9x+41R/qfgthvd19V4P6E
+vbJ5Ogpp/jv5RVhZXZwCpZbsOvQJBRrmi3+1tkNvruRolYW/TpW8EQF/MddAMplM
+NCTDedorVWVVN3bnW2vp/Rqduq9p5GL6J9qvTNoJibelY7PWgkqnjxS2N8NO1rWV
+UVzNc1ECgYEA8OHLmWEqY9hdSgF16Ah9frimbZXbQ2fVB0mVM95npz86NeK2vxhZ
+vYH5FyFK4B2y1TVHDHdR3pmOdAS4d0x0HM+SvEiZbKU2FmhO/F5lsN7mB1JKGaxr
+oOz4czJu9StBLvgBjRo0bfGd4Asc2GlXitFm0d7w6/gzUc3QqoVd7AMCgYEA2umj
+8Y9ZtHCfUWmUP2ry/2fZPjN/R0doWR8c4FMPBsuu1F3EUyAQHftbpJKmzKgETCKx
+yqouSefhQ2rJOpVN+F8ryZZkjC3MAAwMPRzksHWmAH531Ata/mXTWuPfDHwmWVS6
+jq8fyPB8Wr0c7Xr3GK9IS8sFaS0YsZ4ctkoilMsCgYBXhIIXmQDww9SpJbyz8BnA
+Z9A38oF2jQwOGML31G9uiX9ZwqRI68z3GHjq2XK92Kx34GKO+e8p5Dqolmp7FbD+
+IsCaXfo4ShJLs9w2vwlNaL7EnDZF+6ojDtX57LH5q5yENyFBJes0otuMYh0515Qx
+4IDt8YUxBr2GlDOjMM9+BwKBgQCS1ETe/6xGR4fEflEt3BkST+A5RScocu+9Xw3q
+NCuO/kzMKfxFWOsWgQJttuNjv4nqWxbu/QhBD+NaaaSAw6XhYkwnUNUt5IXAvlPz
+JY8KAE8QY8MRmXA106xYeSCg6iB6qEbc7v8dspdl8RQXAPP9PYv7Mjf13IaEk61k
+YwMg0wKBgCgjKfsR1eCQArwnWhxw5S3OvougLysiA269QS1JspEq/Jy54VF6syhF
+xFCVubFPyuqaSrsWkE9Cjlfo40Uvb/3xfj4XJK9MfVb4UnSIbUcKJtrJLlsu8yYr
+7FgqzKJVJvFjnWh5UiAUNXNVHh0fEpmWG0ngdQv49HIDNL8CpWOo
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIID8jCCA1ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+MIIFAjCCA+qgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkw
-NDE1Mjg0OVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNVoXDTQ2MTIw
+OTIzMjAwNVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ
FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0
aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo
-BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAu0V6zuw2zphIOaer4FRF3CCkD7I5MiLRMQvC
-Ttxm9TW+MjNX9/AgnZyrhz53TMzXZpeRzHbBd/alcIsNYeuZA9Sz7OGbNVrlsdv+
-UqGxtpz+QyNABbNVHOMQwEUoWZGOhH3LJFGGs29wZJ0t/YnE87zWYNrwP1JJJzqC
-n2A6sPECAwEAAaOCAUUwggFBMB0GA1UdDgQWBBQcld7s7kDEF1aDLm+aLf0rdSZy
-tDCBuwYDVR0jBIGzMIGwgBR1bRLo++hbS9yywZUjQESykKKPdaGBjKSBiTCBhjET
-MBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAc
-BgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBs
-ZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggkAkoKtudZgg7cw
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwJgYDVR0RBB8wHYEbaW50
-ZXJtZWRpYXRlLWNhQGV4YW1wbGUuY29tMBkGA1UdEgQSMBCBDmNhQGV4YW1wbGUu
-Y29tMA0GCSqGSIb3DQEBCwUAA4GBAKW00RiG2BO+ni+mtOP/svum1pC0mxU6oSoO
-uSptJ9NUf88yySwtlXRN34/0SEqznh/ebQzOICtc5su1sQ4+mm9c0VmK1+kEHztW
-Kvsl+3NHy8zvXwZY6EFHUtZ6lB3DNOd+uoSpbfACDctCXMPwdJB/xerulcvRVGUR
-KpspdWQy
+BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM38HyX7bWXgx0vo3FouVlOL2zu26NWk
+fBOlayVaNSwz0vQBqzH00V1DfldicevLLUjcxKeezlYRwI3cGHuFqWoZOjiJ/Nq9
+SsmpW/y7JCUqSA3CXrVVXSrulmXiaozYoQA1fWOpiwcr3Jhz/8VCSYGbZYJYqwN8
+PyyZWUfOMklkgeJrhKDX2JWzjMSBSqcj25hEPRvqB/Fmqpx/qnMl1/ssosnRKCcx
+zHv94uBapF3XyjBAmvw29OwjWDN4F50pAkgOHB04CW5b14WWc6APUS6jpc4H4ZTT
+buX2cR07G4I2IVFmtgwxXlEHL+XCtyWojwg9edN9ML7ir3oHJkRR4mECAwEAAaOC
+AVAwggFMMB0GA1UdDgQWBBSvkF5c8hOL+tkT2zVlslNkMpbAijCBxgYDVR0jBIG+
+MIG7gBT6FH3OnCOvKyXsfc72EJ4xxG0S+qGBjKSBiTCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tghQwyVOnEyjzzdQXaugm2oaBks+gmTAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAmBgNVHREEHzAdgRtpbnRl
+cm1lZGlhdGUtY2FAZXhhbXBsZS5jb20wGQYDVR0SBBIwEIEOY2FAZXhhbXBsZS5j
+b20wDQYJKoZIhvcNAQELBQADggEBAK8ukSalZ6OrwTAtgm7HLFwhC+NENJb0lnOk
+wpgv4Z3Bhb4S1drgrwsZfFGNsq3jLO2gURtNchC9eTAdHPZpNWoW+s1Ja+ZmbAS6
+PmPMdOclPnemljNuoR79I4sbCMxiyArkVw1EbJZSmpGocVFzB9bVoj5G5/In4CYT
+yiF2GxsqBUps7ID6lmAdJYWdzJ7PYbnlerqyWdql2Z2OwkFZCXyFSuQprwCV6SsX
+0un1xUqdgS1+iffl2Oi/9S+pK1Y3NGtn25sDT5bPMpoc8jwRf8n4rtS8pHyEJyoz
+ZnwhqAHALcxUFoWVqjrqHZmNXbNtjuGBGuRU755FyE5pVcRMoH0=
-----END CERTIFICATE-----
client.pem:
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQMwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0xODA5MTAxNTI4MzJaFw00MzA5MDQxNTI4
-MzJaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMTEyMTUyMzIwMDVaFw00NjEyMDkyMzIw
+MDVaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
-NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
-7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
-vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
-ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
-w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
-sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCrCl/LnuXiUQvdKmDYYpVq
-7HDaVkMMm0hIn342kiGK0ZTt2PpWN33xTGCOVP7hCA8ikZCXbJ32P60LFoivIHk2
-hNPx9memYT1wBwz+aFuo0jSDC3lZwffb/lr+smEl8LTBH2yP2IgRc/ppqX387m9h
-EYAdq5BPvzzFcEvXhbQ7/g==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIW1UfdO4nP
+dGKo9YjM/EGVtzWyoNCz0+y5uqRvr2NagBfGrwkC2Z5t6kwrjgaGyhz3tQ1cCozO
+/DqIGERSdJgsNQXrayaZjoOBBmRUerkRlVU1nX+tUOcV5JyE6vMPspJI56RSlxVM
+oFE/k/9+jK/CnKZss9dfBY67VjX4avs+EJKbX4bpgNv7EpsaMTJWrvdYLXTDHY6e
+gpjyLxuyzpagXEXi0fnSM0jimvvOkFVqZt/bdGbk/nxUbOaANkdWPzIK71PCT30l
+7t4F+3UaV2Nl8jrGaKGgLKdiqGxEQhJO9XjJtG7R3S+9CMvzcVeVtle8s2cIEvR4
+ATILn+xegCUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAErxcL62i04myJ5L1M7zR
+Q5E9ctb78R+0A3GDAUo8qx2eO9pwmNH0DTrDPKUu0iAIyZlS5grS3fq5I3yy/wl8
+P6ClIxV/BryDXlgM0m/pjr79qtlILOpO4/Fxgp5tSNKomOOGjzP7jgcNqTuor+Z+
+d0Q8m60fwgCbThtF7ivsLcdGPwDknN3uuYvkyvsTMWOedbW2LA1LwtuF3qZiAcIe
+5yVqkV2zJtr+N122Wbnl/26UOBabtYXki0xsPtAvzP3f9Fp6zo+lmp5mTZRoVJOd
+GrDLnf+1YhlfoB05+nefI4M46WAkXRs6hCrORyOKza0l3SXhP/Kgt9uR3DvLz/B2
+7Q==
-----END CERTIFICATE-----
client-future.pem:
+notBefore=Jul 17 23:00:00 2060 GMT
+notAfter=Jul 17 23:00:00 2061 GMT
-----BEGIN CERTIFICATE-----
-MIIC4DCCAkkCAQUwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDYTCCAkkCAQcwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzE2MDAwMFoYDzIwNjEwNzE3
-MTYwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+AQkBFg5jYUBleGFtcGxlLmNvbTAiGA8yMDYwMDcxNzIzMDAwMFoYDzIwNjEwNzE3
+MjMwMDAwWjBiMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
RVhBTVBMRTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRA
-ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyw1ww
-A4euXDayKhFrH5cSsm/8osiaMQyj/9Y91ngQfaTza9oJPi8/XcMuly3dfFxjeelA
-sQxwSOzpflFPpqVGyJsbmx2TtO+P9StkX//6mtpmgJ1fHCeBLwcQbXoU/jj0976I
-ZH0x6L0jU3C9pDCHoTutPbGfp/OB96tGbKCKis7fnGVFk+b3V7b2Kfuci0CMnOn1
-iMhV73Id33BX4gRQPGkjH5tj6SZSjwj7em193wQbZWUAGT2bWRtLgRFPYl2N+3w/
-bna4UcOi+iL9LUHApfN8RXqHFywVujSnXMDqflG8EsjPSb1LgMhzMSjqFbm1plVj
-tMtZh7DqGP/bxYrdAgMBAAEwDQYJKoZIhvcNAQELBQADgYEABzPPPH3DCjosUii6
-h5Fe+/9re6Ka/8JBZ5V9G1H+uBky7L07BQ5JhV7OIBuej0JQQXrDvicv0n7ImmHP
-O3iHxSLOe5sp7kNeQYpgm4DYbJUddcUBwltI5Lvux6IbR6rZybhVRnxjNd1jUBvj
-p42OS5M0tNYKC3jFDcuNwRIhiCw=
+ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCFtVH
+3TuJz3RiqPWIzPxBlbc1sqDQs9Psubqkb69jWoAXxq8JAtmebepMK44Ghsoc97UN
+XAqMzvw6iBhEUnSYLDUF62smmY6DgQZkVHq5EZVVNZ1/rVDnFeSchOrzD7KSSOek
+UpcVTKBRP5P/foyvwpymbLPXXwWOu1Y1+Gr7PhCSm1+G6YDb+xKbGjEyVq73WC10
+wx2OnoKY8i8bss6WoFxF4tH50jNI4pr7zpBVambf23Rm5P58VGzmgDZHVj8yCu9T
+wk99Je7eBft1GldjZfI6xmihoCynYqhsREISTvV4ybRu0d0vvQjL83FXlbZXvLNn
+CBL0eAEyC5/sXoAlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADwQYLzW/dqcc8qF
+VPJfQCffJlIEYFxYnUxPDZFRaSV4zUoS6BiUGU9fYsi7cV/Sqc9YGYJzgF/z2Kug
+2nN0O1q/U/9AzzagLC2tfh7Yl/M2SudxhFLxLfy8iI/cxswUgcxS4xbp2fItsPYs
+WpG3ZVlMpDc4tZ76wyXYZMLm+pMIOQlxXOQ4S+ckNyVAVU+6IrocAwl2FEw0tVyD
+oJTJa6/739bmy/GbKV9BGaIkLg2uhozkame8yltXfb7i2Mo4Wfj0hQ6NedYUiYCg
+ZhWyCh9pAXPbeFj6VdYZzwLhCJjJ2EpVQ7hCQYCoEMzGcidinbZPKPaa4H+LjVII
+AJTeE9Y=
-----END CERTIFICATE-----
client-past.pem:
+notBefore=Jul 17 23:00:00 2000 GMT
+notAfter=Jul 17 23:00:00 2001 GMT
-----BEGIN CERTIFICATE-----
-MIIC3DCCAkUCAQQwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
+MIIDXTCCAkUCAQYwDQYJKoZIhvcNAQELBQAwgYYxEzARBgoJkiaJk/IsZAEZFgND
T00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcN
-AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcxNjAwMDBaFw0wMTA3MTcxNjAw
+AQkBFg5jYUBleGFtcGxlLmNvbTAeFw0wMDA3MTcyMzAwMDBaFw0wMTA3MTcyMzAw
MDBaMGIxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
UExFMQ8wDQYDVQQDDAZDbGllbnQxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFt
-cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLDXDADh65c
-NrIqEWsflxKyb/yiyJoxDKP/1j3WeBB9pPNr2gk+Lz9dwy6XLd18XGN56UCxDHBI
-7Ol+UU+mpUbImxubHZO074/1K2Rf//qa2maAnV8cJ4EvBxBtehT+OPT3vohkfTHo
-vSNTcL2kMIehO609sZ+n84H3q0ZsoIqKzt+cZUWT5vdXtvYp+5yLQIyc6fWIyFXv
-ch3fcFfiBFA8aSMfm2PpJlKPCPt6bX3fBBtlZQAZPZtZG0uBEU9iXY37fD9udrhR
-w6L6Iv0tQcCl83xFeocXLBW6NKdcwOp+UbwSyM9JvUuAyHMxKOoVubWmVWO0y1mH
-sOoY/9vFit0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQCXBZanjJI96eWgPGv2LIgu
-9ZtEAd2C01lMc2UQHUMicPDFW1oQeptIruRGPVv+2ct9OhnC4JzBi18EAzxklsuF
-PsQZ+Lq/38hvdlX5bHGoRSJtFdB+ZkyFETr9AZNIYnxdSKrmUEwLPz/4rzB5KAoc
-wYNLbNWS2XqATA1rJ+cxmg==
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIW1UfdO4nP
+dGKo9YjM/EGVtzWyoNCz0+y5uqRvr2NagBfGrwkC2Z5t6kwrjgaGyhz3tQ1cCozO
+/DqIGERSdJgsNQXrayaZjoOBBmRUerkRlVU1nX+tUOcV5JyE6vMPspJI56RSlxVM
+oFE/k/9+jK/CnKZss9dfBY67VjX4avs+EJKbX4bpgNv7EpsaMTJWrvdYLXTDHY6e
+gpjyLxuyzpagXEXi0fnSM0jimvvOkFVqZt/bdGbk/nxUbOaANkdWPzIK71PCT30l
+7t4F+3UaV2Nl8jrGaKGgLKdiqGxEQhJO9XjJtG7R3S+9CMvzcVeVtle8s2cIEvR4
+ATILn+xegCUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAwn9yUJMw0ymJQsT5snJm
+77AaMtOe7L1OFFl97DxO+5kAgPccTQOrjAbalj/Ip15jAdOyt65oGpzQzfPA3tE5
+8v+1Oz778LkfSoBV9jCsDrCR8Uidb0dtjDlGPzQwZt/33ogkHDObg+IsGkgYeg7Z
+yOgAPHOT70OkdVdUY++sAkMfYxjcFYpp5Y5qUl6hAZwHHO+nCYVax55HbEqYfaLn
+60RKhJrNVumczxxRf+/iw7cN4Mka7fUES7KkL+0tfpmjfDM5hakDzJJGRh4l4pRI
+R87tWJHrHoew1kSU00Ul0PYbYmLpI2Np19eq74Z/WEkaDyMym7KSBPaH2A/jZPm0
+oQ==
-----END CERTIFICATE-----
server.pem:
-----BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkw
-NDE1MjgzMlowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCd
-GnMWRIYF2JB6lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT
-7jwX433CEH8PgKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtL
-zeMCAwEAAaNHMEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNV
-HREEHDAahwTAqAEKghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
-gYEAc8/9nm5UksO7kuhco3BbqjzkY4YSU9w55XznhYsnKI50qAcNpjnrH5qoIzW7
-8XXCfv9JQYiE7xpNyqjcf+BrZniwsYfmDvbADcodnZMgstOdbFL9PniCZyJYEGK9
-0C5iusx4Pwc1cqvwewy5oX7HW7T4uF9s3ZJALotCTVtJSqA=
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAApNqCn6XQjg
+N2/HN8H+6JaWePIg0WiXoMTVB+wGxGO2FNMxHJNkpRHdqGxyl79dGMpSiwEdt2T+
+TfLyEYixxHxH0Wf74lVZ1/NEy/WNHHV+/kylo9b5P1odvvzwyipgi/+wYGHl1LrI
+X2V3sIFjF3WKoVNpdSpPux4IWO4ssUp/dQTE7qHkAJKR5rz6eJheoJDKarhHDodo
+Q4snW8JO9oHAz4l02TuEsHUtttdH9L5fbwaQQkxpBO1UXKTD/0H/H+Ta21y8Uxh4
+8no49oumb2FPcPvJUHDSYXybgq16p0H/mNXBXWyrgxIA4MFNqJfW+3qryTxYnHRZ
+GF6jub4BTMc=
-----END CERTIFICATE-----
server-self.pem:
-----BEGIN CERTIFICATE-----
-MIICDTCCAXYCCQDyTgBiXvBOyDANBgkqhkiG9w0BAQsFADBLMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkwNDE1MjgzMlow
-SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCdGnMWRIYF2JB6
-lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT7jwX433CEH8P
-gKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtLzeMCAwEAATAN
-BgkqhkiG9w0BAQsFAAOBgQAbZGd5kU53gt31RWnnqurK6UgbM3tjJuy6sfy2bSYm
-vAkOeUqXmwwE10f4q6zboBalXHiyPymhq8Ybq0EKko4KdIboe8oVbadwgS6NtR4w
-SqRDpJvb1AboHq/IERnYX9IPAg7v4HTxpIsAt6KWhecUoXWUhbfxfVRcLmcRl3qs
-wA==
+MIIDHTCCAgUCFFViuPb6dp+P8kf3xQDDaE00qxuAMA0GCSqGSIb3DQEBCwUAMEsx
+EzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMRsw
+GQYDVQQDDBJzZXJ2ZXIuZXhhbXBsZS5jb20wHhcNMjExMjE1MjMyMDA1WhcNNDYx
+MjA5MjMyMDA1WjBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
+GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsemD9OXnZ1Wh+qrAS1CG4Wr34l379dbd
+K91G+pk1WueMvtTOpnav9tDel6hXF6jV4pu/TsS4ewvow1HV6WGGV+zvQSBoaMBM
+6JeUjOuo5oZX6dV6G9ZUacoOhuPWLy9noge5/hl/ul8tM5mnAoDBrGudtEznTWDt
+Y3Mkq62Sga9dGbTLWO9VZ+cQ7oJDQ5LGsVBzgwBpKUF8BJQdl8LZfBZ9mdRP+r09
+WnfU6N5KUU8a+TIrF3vh9o7KEVAVE8rywY0TLgxG4AVo+fw/IVV1TUWsN0mF7EuZ
+f34nM76dRi2xirX4MMtm6ApZhozAfcq7h8AzA/OS4vxagkBxatBARQIDAQABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCUhQgoRh2Z3S7dr1KhfaM2SU66it9EiE6xjvqcF6na
+NdkR8U9JYLQc+ug0hOUxL33YZ9BU6K1+jQczRUIKUFtcxOBoQjkkrO/a74cbD9Vo
+VqQ4aM0vuqTCUKJi4j1AHBxeB6YhmGUQtduTTgpVJ0sXNmtmKPOGtDrrVJ8vVG3a
+UGfB1IYvb9NfmW5rW7A9gMhNvhybPhDjiwlX3WaZrKBualpJS6FXBk/BfMSoUyvI
+zim9Go4mehMF5xtSH/WspUzNGqs122S7m44oUGZCWvdCWO/90mfWOPo4U3GhnIdt
+kEeBNSc0G3XpzDZ3jSuXfqLI5ADBXOXQQWgMTwIpJzle
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDM8Bujfr5CYLJxcsNrsIvzJ1vjIjtFbyFuZ60d8fRZ9gUTg05/
-wOsvIRTiJEEmYiL8OWZiZVU2d2zObIqvShf3QD/NNY2B8F1wldhP2qutqLtL5J/h
-ruWvl3PVmMxBpTAHmRbxFK063yXc5ilyy7G5+3FrUVweTVEjAG1Uslxh/wIDAQAB
-AoGAToRrwm8ry9iqZWbX0mmYpPdecB5MYSTbxSX5oLBzswfcGAbFy5KJSMw+6QmE
-4ITW7JW9UVOLm0uUJ15UoCYeGdAwllQLmPfattyfUZgvCrbUfUIcm1+HfubgqKeU
-lfmMqXNtZ77wPyILo/ZR2Pneaj4tLufE05yNuLCDcAgWbwECQQDrxyeFEkcKGy1P
-4mksCcYFqlWH2aajQCHHcoSfuDZCq2/TZ2NFkD9ceABG7V8w+ibpM8xR1OItqmWp
-CAsLn2aBAkEA3oPQ9oklmKnsftws7z7OHmuMhCva2/vddNIVyQ4InDp7PoEkXPlg
-/nSVSL9u2OKzVYmEEnwJSOYsgESv3dSIfwJAJBWQuM75TFSodKdkDTdZtRhCis4G
-sMlp4gpmvcMFmuJ99M7H5KeU6uP6tuAxR1+hgONKi+OW0gJYGKyAdEDrAQJBAMR7
-xTNNW2N4+Jn0tcD0xnFaKpQzXWjO+HhFYnNM7xF1GorQ4lku5BUMwR2h3LGrTQwF
-CBiCanhyt2z0Og85suUCQQDoc87wE76FzY1ARs06lKnppkQyDdxFVV01tBGOEsjH
-PWBmpHQ/wR78K6ibOKJSk+5b+eEBmv6HXKN0aVKmH2r0
+MIIEowIBAAKCAQEA13j8Qz0nNLwdkmslszXjA94VglvHcuuG3gA6HzxLj4Hm6Rbt
+tdFCFKvuNh0XtGz4FMebqHwo8w9ACV0LGklytxqR1HWMFJlDq/UGZE7HATGCcHxL
+8Gtg/T7VAyIlObNwNOwlKYJvxLA8cYGQ4DaClBxfdD/UhGVGPvfGSZmAonum0pEZ
+Wt5MKqs9V88/dOk5nEX0heMoACaEjtbsjVq7cmNEyRlclzdfKagozD6jTcnBehLH
+/2YYxl3A0w+1QMUiSMy/WzOYP+iuNHr2tBhGk6hWVV5JAD1jU6ap70aLhxB9wZOS
+QjUcHTPRmw89J6l4Yj2kUnsrxy00VrNVLLDG6QIDAQABAoIBAD5umsEsvehkvTjI
+fPLxISbkuVy9FQwyPDCk5jJYuRgKropJD3VH/ZqZunrJcS3hCPyUXYCzAPZ0K7zK
+zcW/FFMDis+Bg6YQRnBTnZeAz96DpuTKzwIJSt/1zaiLwzd1y4Q6DAZ7+cCGw+yr
+evvML4eUtP+s4vm9kl36UuTOalwpaZ6RfQsOu95oDTgn0l4zOt7R47c/1NnfhPab
+7P0xa1MIExuLCH9e4pB9byOn7rH9lMwrrgP1ST1O31BdsWxoHgGa1QfKpGBE8DZM
+BQAek7E0qKXntwRur9uAULCvA5LcjHRCrW3IyKyS4JnhW5XDQRbRd1BtdV95ID+x
+ePPmajUCgYEA8rU3PR0LvgCMFuhzGrP6sWGvU3a+pS5aObjrxDrdm/mFOHC3tNAo
+rnQwb7aPIodQJwgH05Mg9SATO8Ck8nxGfWkmfNXbl1gN4JPULJQFO4YX0r4Pe+M6
+f5xz7X0WDpjhwEYbFQCSRA+GRzoGIRiwVwROK17UpYrNS5UfFQUH76sCgYEA40Xt
+yNIfMtbLLdHvn762djCg+cdp6ZDhMNrlDkmxfdYj8qeYx9g201Z2sJ37gcYiXhCz
+M4VsJurlmjwTIkvJotCQ2y1GCz9HJcC7/e7KsMirW46RIZYbI4jRzTeP+VNmYzMI
+aIrntvcMa8CbPh/lBJixmqgrsnumaFxkC6qdH7sCgYEAjlx/ByjHX25gvXshMPOK
+w4rh1RocnzT+FUeDezlwDXIhk0aCatuCUTmzw4MYmA84k3xhYte1CDMFNRI9bkI4
+8oy/1491W2N52FW9qVw1aYGw7Zsv5+ITyRBS62Voj61bFXXJotsP8D4O7C57s+QQ
+YyoSU9wu7N7qpj/U2HZ3/jsCgYB2qcpPcjZL6w5GrDg65e6KozVJdS79fmG1inTS
+EvQTSb2XMp54qZFmotxxturchUDocDvAiMdBQqAC+Z7b50ouMkuPxIGv2agiNBFz
+sjwuNXgS48svCBq/YO56AaqweTUaUkjvnKcDRtY7ZGMp+qkuzzLcFzZJiHoIP0UV
+Ok2zhQKBgChfqej++G+h9zYypzFOtAXVeoMbG/dJCuv9jO9Ja3SUgfpG9qAMenJf
+OA0Fl8uK9+nf98paX0J+Vz2nJN2x9c90wBpQlvVgCKK0GDez/r30r6Btv07HTyem
+uRBK8mTJZ+A16THIj232JGqFdzW8Xq7qSu8X80aTshnbGL4o9jj5
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIIEETCCA3qgAwIBAgIJANgUrKCn74UyMA0GCSqGSIb3DQEBBQUAMIGfMRMwEQYK
-CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UE
-CwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMM
-GW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4
-YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQ4MDkwMjE1MjgzMlowgZ8xEzAR
-BgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMSwwKgYD
-VQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGA1UE
-AwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA
-ZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzwG6N+vkJg
-snFyw2uwi/MnW+MiO0VvIW5nrR3x9Fn2BRODTn/A6y8hFOIkQSZiIvw5ZmJlVTZ3
-bM5siq9KF/dAP801jYHwXXCV2E/aq62ou0vkn+Gu5a+Xc9WYzEGlMAeZFvEUrTrf
-JdzmKXLLsbn7cWtRXB5NUSMAbVSyXGH/AgMBAAGjggFRMIIBTTAdBgNVHQ4EFgQU
-pB+h4wjjUruJVMGfZCqWMDl0UogwgdQGA1UdIwSBzDCByYAUpB+h4wjjUruJVMGf
-ZCqWMDl0UoihgaWkgaIwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJ
-k/IsZAEZFgdFWEFNUExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmlj
-YXRlIEF1dGhvcml0eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNv
-bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb22CCQDYFKygp++FMjAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREEEjAQgQ5jYUBleGFt
-cGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUF
-AAOBgQA9/ayjyidZN9pCQUrEZv0SU+lcb+zm2X4hg+HNfJrwTpjjB2h3/KE2NaVu
-x5KIkNTEbZoE8t4CctxSBWC0BFXLrDFrGiJsDG+cQQ2krKmdH0pX9SmLano51QVd
-jz+6LlQu/AxWOJbN7aMt7LKsURNTIqyJ1JBOIjeEJan8PwKAyA==
+MIIFLjCCBBagAwIBAgIUDC99Qdqjkm3ReQ5gR30oDqs3mhIwDQYJKoZIhvcNAQEL
+BQAwgZ8xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFN
+UExFMSwwKgYDVQQLDCNPbGQgVW50cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0
+eTEiMCAGA1UEAwwZb25jZS53YXMuYS5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3
+DQEJARYOY2FAZXhhbXBsZS5jb20wIBcNMjExMjE1MjMyMDA0WhgPMjA1MTEyMDgy
+MzIwMDRaMIGfMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYH
+RVhBTVBMRTEsMCoGA1UECwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZpY2F0ZSBBdXRo
+b3JpdHkxIjAgBgNVBAMMGW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA13j8Qz0nNLwdkmslszXjA94VglvHcuuG3gA6HzxLj4Hm6RbttdFC
+FKvuNh0XtGz4FMebqHwo8w9ACV0LGklytxqR1HWMFJlDq/UGZE7HATGCcHxL8Gtg
+/T7VAyIlObNwNOwlKYJvxLA8cYGQ4DaClBxfdD/UhGVGPvfGSZmAonum0pEZWt5M
+Kqs9V88/dOk5nEX0heMoACaEjtbsjVq7cmNEyRlclzdfKagozD6jTcnBehLH/2YY
+xl3A0w+1QMUiSMy/WzOYP+iuNHr2tBhGk6hWVV5JAD1jU6ap70aLhxB9wZOSQjUc
+HTPRmw89J6l4Yj2kUnsrxy00VrNVLLDG6QIDAQABo4IBXDCCAVgwHQYDVR0OBBYE
+FA9u4IW4IjXiNIU4wBUETzozMwa8MIHfBgNVHSMEgdcwgdSAFA9u4IW4IjXiNIU4
+wBUETzozMwa8oYGlpIGiMIGfMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZIm
+iZPyLGQBGRYHRVhBTVBMRTEsMCoGA1UECwwjT2xkIFVudHJ1c3RlZCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMMGW9uY2Uud2FzLmEuY2EuZXhhbXBsZS5j
+b20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tghQML31B2qOSbdF5DmBH
+fSgOqzeaEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAZBgNVHREE
+EjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTAN
+BgkqhkiG9w0BAQsFAAOCAQEAFYEIYBdnPsPe4xKRH9a8Qc9dtYegotdW5xW5sRAr
+fajrP1OislE72cNMElFh6dsc1ncHorXNkTOCQv8KpVdRtcMvk7PM9V9tvjfp14CD
+g6J2zoDun0jnX0Q7Z6aO4NK71EmBvU0AkDKkFmr0AMF+FFE0tk9VI7lZQcSKLTHB
+JNqMOgN0xo55JmecRpNfiHOhKxhDnQcZS7PbnQo20ruAk7oyRkZromPrVRuJz/kC
+QYH3ATmwKm+1x1mUXqTXqKNKQRKSnmqv4v0Tmm4/oTdKFOCrIi0Eyd4eWSjgCyA8
+CPCrdxIWJi1l962NVZQTc+kuShTVgsbOogIAOuyOhYQffg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE REQUEST-----
-MIICGDCCAYECAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+MIIDHTCCAgUCAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV
BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl
-LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJ+gHXIfrZkeN5usgZ/T
-lH00SY3rrf3l/uECbm9F/J3Q8Fi+zx1WfABxoT/2Y8ZJVJ4+6cgzB1Np1sHxzxSb
-1gObDmPcdatHzVgO38ma+vc361yoSccvIbZtj8duSFxkXIeXFdDM5OBnFkkkcNvW
-bILDpqxe5a6U13oMob3DLXsCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0O
-BBYEFHVtEuj76FtL3LLBlSNARLKQoo91MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
-AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAGidrp63DbPcV6NuKmG/gjTlWw54
-Oj7wSgz2ie1TEOB87JeGJGo9bjbiZF9deHfeXdm0Ot59RsuIfVxhn5oOUn+2++Fd
-Gv+DqCbbRn2KSznKi+w7u99hz+pMmq0TAZXhCtQFXFwLjj6AlKyzNnP7eVTO28U5
-xHVq6H4QGmnfPnVO
+LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOv1mSZzV8MgD68u
+pS8LiIMw8Xb+F3hUTzLarMB+Axy22R2tlL8rFqxnnF0eUi/FX8cMDxIL2PMr4dG8
+kg/PaCSaoke3jbRGsdx1FxCFj6YWn/D59DsoRc93r+Cqxo0mMFTTu5whlzDLVIgx
+m+WaqkwPzycCc4CB+qfTTR+EMVEKLqSQ2X7p6kj5lO6ShER6iSOd3dKdJIkIq0NL
+B2sZrl+U9lXoVEZwONR2Hjv/wnIX4JXxIEeCEvAb61nJiCeVc38GSE5R0Bma2hPV
+emQQq6iccqb0U0ZUZ+pLLH8dCH4fH8VWV5x9vpyZYkshCD7MfW91mLlSuMziLrM9
+ceeu2Q0CAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0OBBYEFPoUfc6cI68r
+Jex9zvYQnjHEbRL6MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0G
+CSqGSIb3DQEBCwUAA4IBAQCdT1msB0cGqXLBT7rO2d2k/UyyWVdVf1WQv3zFrrbd
+L6zHJGBXsEutdqqE9dbHq19QymxSzW1gRQhHg+QUVbKirO7Yo9JugH4Gogpt9omo
+as3PcxHYJJ2Skq5+whA+0niCCkVFbEblNVpJX5O8PWMhkyGziCGmkVhVhyfqbIXG
+44Wi1++qcFt/A6v9TiUDIcaYWv4ziyFec1YXYESjsKjYZhLwsjtBTzh7O+I8t/ek
+jMBIudyx3nfHmkrpeERXXb+PJVk1EsEIi+4ofxeucl2jJCaw8OatQDxzyC7Lth94
+RYdwZuC4t9ZGp5ZR3u0tKDEfsGXJjgOsAyZl4u4MhPdT
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkw
-NDE1MjgzMlowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCd
-GnMWRIYF2JB6lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT
-7jwX433CEH8PgKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtL
-zeMCAwEAAaNHMEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNV
-HREEHDAahwTAqAEKghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
-gYEAc8/9nm5UksO7kuhco3BbqjzkY4YSU9w55XznhYsnKI50qAcNpjnrH5qoIzW7
-8XXCfv9JQYiE7xpNyqjcf+BrZniwsYfmDvbADcodnZMgstOdbFL9PniCZyJYEGK9
-0C5iusx4Pwc1cqvwewy5oX7HW7T4uF9s3ZJALotCTVtJSqA=
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAApNqCn6XQjg
+N2/HN8H+6JaWePIg0WiXoMTVB+wGxGO2FNMxHJNkpRHdqGxyl79dGMpSiwEdt2T+
+TfLyEYixxHxH0Wf74lVZ1/NEy/WNHHV+/kylo9b5P1odvvzwyipgi/+wYGHl1LrI
+X2V3sIFjF3WKoVNpdSpPux4IWO4ssUp/dQTE7qHkAJKR5rz6eJheoJDKarhHDodo
+Q4snW8JO9oHAz4l02TuEsHUtttdH9L5fbwaQQkxpBO1UXKTD/0H/H+Ta21y8Uxh4
+8no49oumb2FPcPvJUHDSYXybgq16p0H/mNXBXWyrgxIA4MFNqJfW+3qryTxYnHRZ
+GF6jub4BTMc=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDi54q85mpdHj2wXZ7GwTEultUrfasw+1nA3bw1gJ0acxZEhgXY
-kHqU9aJPNY9R0TLgCaJ8SyJYTZOGyYF5fhw/PxigRi3ZoJ6esC4UeJPuPBfjfcIQ
-fw+ApDm1tYofHDPk+KS2RFRZc/j0oDbtEQm9BkymHC9Ene4FmvHJ20vN4wIDAQAB
-AoGARrZx/jywmSR7hSMoADjk4ugOtucLGtC6P+jaZrIWQ8/p+KDr4XnlOdbzJkxC
-xfS0Li3SfXnM0kga2b6iowIyOs1sAbvjOBQMiQAzueDB/weOlQOHM1WoREuaYkCT
-YtMWfNpG0NKVcpM/izs6eGonJCk89uE3e0RqiTHsd3Mh6gECQQDzsjyMAquDHWGS
-0owHFvhzHrrEi0uJs7ZGFxTIAs1kFeqN3ZCR50ox0qsyChfp9kKu5ph8Jlc5phPl
-Lf8rS9sDAkEA7lxFvx7L9LxWUwuWoESCJkIZ9OyuVfpMrPejTB3jb82PHThRZiOY
-H7qchd5fX2+M/NZCMQ1IffqP/LAe7D9boQJBAJc/gSqYoaBfxOZePMBNtmeko+BG
-X9yYKEG6I5C7hIRgwdHIuOiFN1xS1yPYdd0klWB+CBfNqAdEl0Z/VManbscCQA0x
-9np6DfhiZLT8Mz50DHBpwF4arBv+WzhIDTYtgWWzD3UipP7ugYFgJ0IR6V2zIy7r
-/YYRoi23LTlj1pJlf4ECQQDkV3fhhqtq18OK4hOh4Q9Nlw5XwYckGJkRs30FAv53
-BIf/RaEn14H+itjWsK30f7qdZukUi+tQbDn6nQRlcI1+
+MIIEpQIBAAKCAQEAsemD9OXnZ1Wh+qrAS1CG4Wr34l379dbdK91G+pk1WueMvtTO
+pnav9tDel6hXF6jV4pu/TsS4ewvow1HV6WGGV+zvQSBoaMBM6JeUjOuo5oZX6dV6
+G9ZUacoOhuPWLy9noge5/hl/ul8tM5mnAoDBrGudtEznTWDtY3Mkq62Sga9dGbTL
+WO9VZ+cQ7oJDQ5LGsVBzgwBpKUF8BJQdl8LZfBZ9mdRP+r09WnfU6N5KUU8a+TIr
+F3vh9o7KEVAVE8rywY0TLgxG4AVo+fw/IVV1TUWsN0mF7EuZf34nM76dRi2xirX4
+MMtm6ApZhozAfcq7h8AzA/OS4vxagkBxatBARQIDAQABAoIBAQCHz2Y30DhxHWFk
+5GueEn6kHO/VEUGBTN/Q2D2Sltmv5wn9sp19XSS+GHuS8aJqISwErDfBfVIGO/UX
+BKVyXkwbWnbZFFAfhowvEWcIm+x27R63FYr9LQOLLf8g4VNi+aD2g0drvTNPpc/v
+j995fahaYlwkgoAfBVqxi/f2Ra2M6HaeRzH+56scycBRGpyUdNqueaBHh2R3dayu
+VZdwidl5oJDJRVEO8jxAs1rzYnkPvKeIVhvYVzdUEnYJ+4FWGwvbk00WG+K1OOju
+FkRH3jzT5sfiLQ440zeHcYNlT81YaZrdoNbR9H328zal5VTEcESHeXVcCBdh4fMa
+ghtKgLKBAoGBAOIfryjVa7AM5gf4UwQzStI7wIAg61FAT416pKQTH8vdShIjmcqE
+isMzyTNc3MY+ToVgeH0J3Epswt6tYbPjKF5Y2kDjUDDfsDClMxtS0c+6civv4UBn
+x3K2yjuaYJscmlw8LviqXuAIui4hBaLHysD9S3LgPnaAB0lF91PO3sQdAoGBAMlr
+JHBF77WgKa4L2IM1R+XeXBHAphJzYh5/Hc5uYYsoEg/V04176Vjf7KcJ9kbCeGP0
+jypyzd99I0nz5iJiXyV0wkBYE0HcFcbrj6Gyn4q1Nx9gQFXcxOmCD4Ci81qQnpg4
+6gCOADUva8X9YkzMy+wXZGmSBoRrA9xsoEguO2RJAoGBANIkUdrn5AkbI5eajkPk
+Cw+vmek5Lpc25fd8V49nenAx+ck7rovHe1GHSd9i2IWfl8dZ7P9+72t3Ae6BQMA1
+RenQNxyAY6DX8Nx0Wjd1Uyjyg3ITnskE6RTRjMWxZUAhZ85528kaQ8t+MM/3vk4V
+0HZjrv9WKJZlyt+slvoa0Wl9AoGAby279Fk2QswAlbimL26mnCTML2RmhwK3o1vJ
+SRw2rYhVx/Xgi1VdbZhU2bMvBMntiEcDC4xJRVaetwBxBIPGPzeezcOQBaeFQcLf
+CoM9e2Qh5CjN+lcdPkNzaS8JIvF3CVFJITtAtBrT43rE2t2kplIXNArNnCQyAmbX
+ZmBWmjkCgYEA1B72Ec7Kip7kEHSlS/Np2vr2UrWBUdYA8Nh0/y9II1KNpc7oCRUI
+eI/81eFipGMLS0cZnpxg9ip56awoZsYI/Dy6zw8b3lyqwicYDAgGabRhonk+/wDF
+nuZFSlg2i0I2oiI3uiqd2k7SVEZ4v+cAtkEv49ZLdQr0wo7WgyxTKcE=
-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICwTCCAakCAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW
+3SvdRvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjA
+TOiXlIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g
+7WNzJKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9
+PVp31OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexL
+mX9+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaAx
+MC8GCSqGSIb3DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+ATANBgkqhkiG9w0BAQsFAAOCAQEAhSx0p/Yo4YshMf40aDv3dOI7kLUyYNTAlzpo
+EswG2HVjU1eF82BDJ4nis4PdBv3+faK2jVQNV87ikLMxP5kUiDZVP3QVUMJLA8TT
+JYpMWyMXA+HjneOUNpPLbEVYOu/ruQJ08FPUHJrPyu5Hd8F7GcAhsHLMAVfmbSvs
+yrlArU1Rjm9q36OH9dvRb3bhe6MVVxk9Dkv6dD5I4USkBmNzsFE+CbrFoPPVc9o8
+O/jTY6Hwg/S6iVtVj1S8VfOviF9T23wHtgsjkpMMr+FMwciva96LlepCS54wXGiX
+eyShajp/6dbcQeSrMEz0Do9dDCjPTst8O2eoaF3/dl05+qp5ww==
+-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST-----
-MIIBvDCCASUCAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
-ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAl0zF3tH3V9QquvMVFgAGREcxj59CGM9X7TCW
-WNycgbhITJxR8WqbAlHmpjGVFWtmZPvheg4pEUppzPGiaIfX/cdTXuAB/cQ/iGya
-bvsQA9d75VjQL3caZjJvspO2s/lOuP3XZX9QpngKGTbQ0DEzNeadG1ckFuXOWOj5
-DkgIUV0CAwEAAaAxMC8GCSqGSIb3DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUE
-DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOBgQA0ftvjH1S90rK5/wahpUPL
-K9ml0Wumf2+g+Ce2EExxHKdiYRmpnHgUG0pV7jOmZlv37Dm77pFUyu5I8V4UHgVB
-WcSdLhMVqZpF6TCekKSy5bUDqCgoYp/XsJX+Ka/NUKVrmNz9ymb4pA13hC+DYi0C
-KHSaH8M/EP0XSUW5Lez1nw==
+MIICwTCCAakCAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9xlq1UYoCohgHoTqJnelmNo5UlVhnC
+hFwGZupCakXpq3ryKBPVW2oANk2oOZf9vsJEnXs2LXB6kMaCFUUDgw+bR6+OCk2r
+cmQOsJkXCjzxWBWWUNd8YEbiptn1RGohS/6vlw2OPTyS4gLX1VV8YMos4u3Pikdm
+tZZuLHniYFGDDNynzZAHzcrsuKZzkpkGWqpXjDkZ6eH4gd5WGFivJKMmbNB/e7K+
+ShZ+wDfnbDCxlBmfr/6zdoZt2Zc2K6T4bVdR2u40DTcfRCZqer9GCnKvqzeBAJoC
+3WQbUIGwFjq0kiZGtdthOKZVQ59aWlBMXT5+GuWRqPY7zBZIig2skw8CAwEAAaAx
+MC8GCSqGSIb3DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+ATANBgkqhkiG9w0BAQsFAAOCAQEA4s7IpiFADBVCuK6GFT24IT/cLpl+KGUSuX1R
+nSP+UidKfBYBE1yaBQp8ncsFX1YwBiqzf4ytMEJUUpcO8cL6FSPkodjSLCMptXfk
+RC9hkFsx7AviBaIHbdJJpogjsWBOjp21o8KGhlQeQPTLavoa+ZEVYOVJUTgb2hCo
+f3upUZ0vad5AGBmOGZY03xjmAAou+JOdT3TaKlTXEQgot39vnbSElvEpDY5WEtK4
+L32WAptTq84z+MY5G2QYUfdvo6QkBx9HxZI9KDA4/DOKKEqPeBXlyhlqilyfsM3m
+PCw5yuU4bO3W2qTiFYqwNw5eHT3B0q9jkxcwvcngehKv24c5rg==
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCXTMXe0fdX1Cq68xUWAAZERzGPn0IYz1ftMJZY3JyBuEhMnFHx
-apsCUeamMZUVa2Zk++F6DikRSmnM8aJoh9f9x1Ne4AH9xD+IbJpu+xAD13vlWNAv
-dxpmMm+yk7az+U64/ddlf1CmeAoZNtDQMTM15p0bVyQW5c5Y6PkOSAhRXQIDAQAB
-AoGAYic4JrloEN5fajDQeRlC94CIMnhK1PWOQR3IK5XTIoR+wtSWhFt4fCTN0PtR
-kDfAkbqmKByPn9v6jy4jAlU+VTFgZzf4qGwVdyc7Xurvi1JgHogWL287Vdi4RAPN
-/e09jG7v5NmhHs8UM1imjLTl28s4BT8ouk6nek7NFxoKxjECQQDG3jcAu/+3o99v
-IZMcbRXtvL1saTvQv+BuY3pINxayy3vb5+zpnwheyOBaG03InmIX3UWWBr0NOglv
-Y4rWjyx3AkEAwsQmsJK/wsaoEhkJHJGAlFgv2J+/R8dtuoV71DedHIkbAElhvjFp
-A5WNqRVV7UAdt9h4n1Xk0gqibyipYecpywJAMEcmBzGcpNJNnccC1bXNywc03Sq2
-8LiEHYhc2Uc2ZXVsvjgRla2b9JbDkFxsh7WbjruS9xbvslRSkg4SWIAthQJBAIRN
-BhMPvF8s3uJcS0oytGsQdH/sE91IZQs8vV7s4DaQE91f+5tcqP8cSfw/V/0vfoBx
-9Y4WpLbhLnHf5x9wDX0CQAGK5bDGqpQNwp5s527LGAMycVJyu8jQ15nnlCL15/Qi
-x/gOnrDq9BJyd8V5ZfWlHfnyFHl7dvr+ypm6omIhOBw=
+MIIEpAIBAAKCAQEA73GWrVRigKiGAehOomd6WY2jlSVWGcKEXAZm6kJqRemrevIo
+E9VbagA2Tag5l/2+wkSdezYtcHqQxoIVRQODD5tHr44KTatyZA6wmRcKPPFYFZZQ
+13xgRuKm2fVEaiFL/q+XDY49PJLiAtfVVXxgyizi7c+KR2a1lm4seeJgUYMM3KfN
+kAfNyuy4pnOSmQZaqleMORnp4fiB3lYYWK8koyZs0H97sr5KFn7AN+dsMLGUGZ+v
+/rN2hm3ZlzYrpPhtV1Ha7jQNNx9EJmp6v0YKcq+rN4EAmgLdZBtQgbAWOrSSJka1
+22E4plVDn1paUExdPn4a5ZGo9jvMFkiKDayTDwIDAQABAoIBAQDA55NL+0MMgjjM
+SpsnbhR9F4Zlv1m5kSPPe/zn2DAEOThE6djt+aMXKCqXr+MOl4havKrfPAuppaUD
+uINoQWcSaLh9MAMPBgQ3pjoSbCR8arfbVGm24WYzVaC00kuW8VJnUpFwg1rEdVWO
+ktI1d+oGl9kPXHf8BDxhgEtmusF8iHgWpOg9y3EImHqxsFWb3od8SP8zCCmGhmDX
+YwXFPxOu94LWXg4c2skXqFVYF4ElE8wdpjcavf60kiMLzPmrrjeDx6J1RJc7vf8r
+wvx61fiKqF8cpgun3IIko/tjJt0OxHDfnfeyM9GLoBmen5UH9aKcm8/0MnmPB3e5
+wQePiV6BAoGBAPt21x5bsmZaRSHWqGL8fPwCnciq7DlcVON+WmUJkFWtTjS4Z9C2
+rwiglXgEp3VBJv7MhLG41yYNesAsax59rkeiBVV3sa/O9mM3/YnXe+mrWIEcvYnX
+U8VlXU6M4PPq4nlMGzOQS4UBmtAYie85JiDfJ0Q3bf34ZQWwwjOv42BPAoGBAPPD
+Pg8jyrOgJNsEC/JtIaM4ROG6WiN6e6en//Ex6wkiIqpE3CFBod9AIjWLsEpZCXW3
+JGfRIXF0X5GTLAkBOBrT+GR8/JhVuWpF90FVoIVEaPIAZqudglYktzW1l5eyl+4x
+tPlqyr50IfyRcPTUvXIUNB/54vXDjJuFAL413jFBAoGAXzT+e4sCP4hb9lTciiXI
+eG3RKYG1UH5p0XwsY2a8lAO6wXE0NSyFlsGd9cPlVxqk1gG/F77BDrI50HrAz9mL
+26k3VcWsq8CzPpubTc4dJzptluy3wnGZUPpw2mWyYgeDWaN8BQjT3vbdk35G8yDz
+E60Jo+VMqsSaEw56aLFmaDcCgYEA1KvxBxB5F0KPJS5gpf+kq1y6bB5D6lRAckPW
+vz6ICw3nJJqzW6iBa9/ueL0I77TC1hsU/iatgOjBQKcgcjLIGk/5lOKfFuEjxZ6J
+XE0yoVLQJONIsE3ZmwKpfYiTW9yLRVvEwx7zCDsWM99Ip7K8Hj2WRJel9jnIAR+H
+SGyDEIECgYAZzwE/7DmwSM4oeolUrLl2iKuRE37iT+aA5o1F26vXizoO5y6BNee7
+5JqBSnMPz28JmkYuk6W6nG+OM9WcTMcLcLFWJOuPs0uE9rbRoOROV/H7L20aJeY8
+4t8AVs8/EFCyRFd0w2iGb6nqZQHp5F7XC7z8MX1W/wVxAx1xYsdsvw==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIICtjCCAh+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk
+MIIDuzCCAqOgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy
bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk
aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl
-LWNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1Mjg0OVoXDTQzMDkwNDE1Mjg0OVow
+LWNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNVoXDTQ2MTIwOTIzMjAwNVow
SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAl0zF3tH3V9QquvMVFgAGREcxj59CGM9X7TCWWNycgbhITJxR8Wqb
-AlHmpjGVFWtmZPvheg4pEUppzPGiaIfX/cdTXuAB/cQ/iGyabvsQA9d75VjQL3ca
-ZjJvspO2s/lOuP3XZX9QpngKGTbQ0DEzNeadG1ckFuXOWOj5DkgIUV0CAwEAAaNH
-MEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTA
-qAEWghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEACXgdI2AC
-f2QByzeXmmMgFm7jLsYw28S6Jvj6vFM9Rzg5Zta64B3kvT2+yk/gaKMBYCBtvRud
-6vjXKrCYlfdJa2yH4HtN1GDL6KYvx0/qJamT71pVvCuLIDzYMf0CcvoYtHZ5HDp3
-RFmQfU4QUk5+0YwwkpBFNQ4oiKjVPTBd5J4=
+GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAO9xlq1UYoCohgHoTqJnelmNo5UlVhnChFwGZupCakXpq3ry
+KBPVW2oANk2oOZf9vsJEnXs2LXB6kMaCFUUDgw+bR6+OCk2rcmQOsJkXCjzxWBWW
+UNd8YEbiptn1RGohS/6vlw2OPTyS4gLX1VV8YMos4u3PikdmtZZuLHniYFGDDNyn
+zZAHzcrsuKZzkpkGWqpXjDkZ6eH4gd5WGFivJKMmbNB/e7K+ShZ+wDfnbDCxlBmf
+r/6zdoZt2Zc2K6T4bVdR2u40DTcfRCZqer9GCnKvqzeBAJoC3WQbUIGwFjq0kiZG
+tdthOKZVQ59aWlBMXT5+GuWRqPY7zBZIig2skw8CAwEAAaNHMEUwCQYDVR0TBAIw
+ADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEWghJzZXJ2ZXIu
+ZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAEtYVbiVHhRswFlaiG6dM1XD
+9XgtbTRutcdyLy1moxvfLiJpiRk0Uy8wXYTpjXe/iVtoNchT6g4ZOz1/shLjJ8tX
+30vpUcjULqV+eIcBPqmq9NgPNswH5BGqX0BWtMJAa3dR8FBWkikd3/WuSLd3uvSz
+8f/hJjqq7ovIAKxeSjGwqRqk6/8lbrdLYRDNKV7qAbtsRUfN7PlOxgGIAsqeZAsi
+SGOSW8uAwTLqHTwnovaN4ec4efUc6mpsvW+Na4YhR/U2RZAvoQtRBEHRwQNDOByD
+Xe29ZXe3jdQhUcKnJ0iaj/z32Y1/2dU3bTsDLDROBnJKICnS9wDBVbNXycvnekY=
-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCx6YP05ednVaH6
+qsBLUIbhavfiXfv11t0r3Ub6mTVa54y+1M6mdq/20N6XqFcXqNXim79OxLh7C+jD
+UdXpYYZX7O9BIGhowEzol5SM66jmhlfp1Xob1lRpyg6G49YvL2eiB7n+GX+6Xy0z
+macCgMGsa520TOdNYO1jcySrrZKBr10ZtMtY71Vn5xDugkNDksaxUHODAGkpQXwE
+lB2Xwtl8Fn2Z1E/6vT1ad9To3kpRTxr5MisXe+H2jsoRUBUTyvLBjRMuDEbgBWj5
+/D8hVXVNRaw3SYXsS5l/ficzvp1GLbGKtfgwy2boClmGjMB9yruHwDMD85Li/FqC
+QHFq0EBFAgMBAAECggEBAIfPZjfQOHEdYWTka54SfqQc79URQYFM39DYPZKW2a/n
+Cf2ynX1dJL4Ye5LxomohLASsN8F9UgY79RcEpXJeTBtadtkUUB+GjC8RZwib7Hbt
+HrcViv0tA4st/yDhU2L5oPaDR2u9M0+lz++P33l9qFpiXCSCgB8FWrGL9/ZFrYzo
+dp5HMf7nqxzJwFEanJR02q55oEeHZHd1rK5Vl3CJ2XmgkMlFUQ7yPECzWvNieQ+8
+p4hWG9hXN1QSdgn7gVYbC9uTTRYb4rU46O4WREfePNPmx+ItDjjTN4dxg2VPzVhp
+mt2g1tH0ffbzNqXlVMRwRId5dVwIF2Hh8xqCG0qAsoECgYEA4h+vKNVrsAzmB/hT
+BDNK0jvAgCDrUUBPjXqkpBMfy91KEiOZyoSKwzPJM1zcxj5OhWB4fQncSmzC3q1h
+s+MoXljaQONQMN+wMKUzG1LRz7pyK+/hQGfHcrbKO5pgmxyaXDwu+Kpe4Ai6LiEF
+osfKwP1LcuA+doAHSUX3U87exB0CgYEAyWskcEXvtaAprgvYgzVH5d5cEcCmEnNi
+Hn8dzm5hiygSD9XTjXvpWN/spwn2RsJ4Y/SPKnLN330jSfPmImJfJXTCQFgTQdwV
+xuuPobKfirU3H2BAVdzE6YIPgKLzWpCemDjqAI4ANS9rxf1iTMzL7BdkaZIGhGsD
+3GygSC47ZEkCgYEA0iRR2ufkCRsjl5qOQ+QLD6+Z6Tkulzbl93xXj2d6cDH5yTuu
+i8d7UYdJ32LYhZ+Xx1ns/37va3cB7oFAwDVF6dA3HIBjoNfw3HRaN3VTKPKDchOe
+yQTpFNGMxbFlQCFnznnbyRpDy34wz/e+ThXQdmOu/1YolmXK36yW+hrRaX0CgYBv
+Lbv0WTZCzACVuKYvbqacJMwvZGaHArejW8lJHDatiFXH9eCLVV1tmFTZsy8Eye2I
+RwMLjElFVp63AHEEg8Y/N57Nw5AFp4VBwt8Kgz17ZCHkKM36Vx0+Q3NpLwki8XcJ
+UUkhO0C0GtPjesTa3aSmUhc0Cs2cJDICZtdmYFaaOQKBgQDUHvYRzsqKnuQQdKVL
+82na+vZStYFR1gDw2HT/L0gjUo2lzugJFQh4j/zV4WKkYwtLRxmenGD2KnnprChm
+xgj8PLrPDxveXKrCJxgMCAZptGGieT7/AMWe5kVKWDaLQjaiIje6Kp3aTtJURni/
+5wC2QS/j1kt1CvTCjtaDLFMpwQ==
+-----END PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDi54q85mpdHj2wXZ7GwTEultUrfasw+1nA3bw1gJ0acxZEhgXY
-kHqU9aJPNY9R0TLgCaJ8SyJYTZOGyYF5fhw/PxigRi3ZoJ6esC4UeJPuPBfjfcIQ
-fw+ApDm1tYofHDPk+KS2RFRZc/j0oDbtEQm9BkymHC9Ene4FmvHJ20vN4wIDAQAB
-AoGARrZx/jywmSR7hSMoADjk4ugOtucLGtC6P+jaZrIWQ8/p+KDr4XnlOdbzJkxC
-xfS0Li3SfXnM0kga2b6iowIyOs1sAbvjOBQMiQAzueDB/weOlQOHM1WoREuaYkCT
-YtMWfNpG0NKVcpM/izs6eGonJCk89uE3e0RqiTHsd3Mh6gECQQDzsjyMAquDHWGS
-0owHFvhzHrrEi0uJs7ZGFxTIAs1kFeqN3ZCR50ox0qsyChfp9kKu5ph8Jlc5phPl
-Lf8rS9sDAkEA7lxFvx7L9LxWUwuWoESCJkIZ9OyuVfpMrPejTB3jb82PHThRZiOY
-H7qchd5fX2+M/NZCMQ1IffqP/LAe7D9boQJBAJc/gSqYoaBfxOZePMBNtmeko+BG
-X9yYKEG6I5C7hIRgwdHIuOiFN1xS1yPYdd0klWB+CBfNqAdEl0Z/VManbscCQA0x
-9np6DfhiZLT8Mz50DHBpwF4arBv+WzhIDTYtgWWzD3UipP7ugYFgJ0IR6V2zIy7r
-/YYRoi23LTlj1pJlf4ECQQDkV3fhhqtq18OK4hOh4Q9Nlw5XwYckGJkRs30FAv53
-BIf/RaEn14H+itjWsK30f7qdZukUi+tQbDn6nQRlcI1+
+MIIEpQIBAAKCAQEAsemD9OXnZ1Wh+qrAS1CG4Wr34l379dbdK91G+pk1WueMvtTO
+pnav9tDel6hXF6jV4pu/TsS4ewvow1HV6WGGV+zvQSBoaMBM6JeUjOuo5oZX6dV6
+G9ZUacoOhuPWLy9noge5/hl/ul8tM5mnAoDBrGudtEznTWDtY3Mkq62Sga9dGbTL
+WO9VZ+cQ7oJDQ5LGsVBzgwBpKUF8BJQdl8LZfBZ9mdRP+r09WnfU6N5KUU8a+TIr
+F3vh9o7KEVAVE8rywY0TLgxG4AVo+fw/IVV1TUWsN0mF7EuZf34nM76dRi2xirX4
+MMtm6ApZhozAfcq7h8AzA/OS4vxagkBxatBARQIDAQABAoIBAQCHz2Y30DhxHWFk
+5GueEn6kHO/VEUGBTN/Q2D2Sltmv5wn9sp19XSS+GHuS8aJqISwErDfBfVIGO/UX
+BKVyXkwbWnbZFFAfhowvEWcIm+x27R63FYr9LQOLLf8g4VNi+aD2g0drvTNPpc/v
+j995fahaYlwkgoAfBVqxi/f2Ra2M6HaeRzH+56scycBRGpyUdNqueaBHh2R3dayu
+VZdwidl5oJDJRVEO8jxAs1rzYnkPvKeIVhvYVzdUEnYJ+4FWGwvbk00WG+K1OOju
+FkRH3jzT5sfiLQ440zeHcYNlT81YaZrdoNbR9H328zal5VTEcESHeXVcCBdh4fMa
+ghtKgLKBAoGBAOIfryjVa7AM5gf4UwQzStI7wIAg61FAT416pKQTH8vdShIjmcqE
+isMzyTNc3MY+ToVgeH0J3Epswt6tYbPjKF5Y2kDjUDDfsDClMxtS0c+6civv4UBn
+x3K2yjuaYJscmlw8LviqXuAIui4hBaLHysD9S3LgPnaAB0lF91PO3sQdAoGBAMlr
+JHBF77WgKa4L2IM1R+XeXBHAphJzYh5/Hc5uYYsoEg/V04176Vjf7KcJ9kbCeGP0
+jypyzd99I0nz5iJiXyV0wkBYE0HcFcbrj6Gyn4q1Nx9gQFXcxOmCD4Ci81qQnpg4
+6gCOADUva8X9YkzMy+wXZGmSBoRrA9xsoEguO2RJAoGBANIkUdrn5AkbI5eajkPk
+Cw+vmek5Lpc25fd8V49nenAx+ck7rovHe1GHSd9i2IWfl8dZ7P9+72t3Ae6BQMA1
+RenQNxyAY6DX8Nx0Wjd1Uyjyg3ITnskE6RTRjMWxZUAhZ85528kaQ8t+MM/3vk4V
+0HZjrv9WKJZlyt+slvoa0Wl9AoGAby279Fk2QswAlbimL26mnCTML2RmhwK3o1vJ
+SRw2rYhVx/Xgi1VdbZhU2bMvBMntiEcDC4xJRVaetwBxBIPGPzeezcOQBaeFQcLf
+CoM9e2Qh5CjN+lcdPkNzaS8JIvF3CVFJITtAtBrT43rE2t2kplIXNArNnCQyAmbX
+ZmBWmjkCgYEA1B72Ec7Kip7kEHSlS/Np2vr2UrWBUdYA8Nh0/y9II1KNpc7oCRUI
+eI/81eFipGMLS0cZnpxg9ip56awoZsYI/Dy6zw8b3lyqwicYDAgGabRhonk+/wDF
+nuZFSlg2i0I2oiI3uiqd2k7SVEZ4v+cAtkEv49ZLdQr0wo7WgyxTKcE=
-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIyMjYwN1oXDTQ2MTIw
+OTIyMjYwN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMiRO33lgOzllkjcrqfh60qxIgrziw07tVWW
+soq0tm5IyCod/4E5jRXuTINkU3ycsMK7QRRZNikmqg+Y14wuGIxLkUB2XUxhlRwg
+Y1Y6BOPRs3Vag8RVzmlDPHNNLZ4sppW2rrLDv0XJ+gnoJaGTASO06NtRxotR5taU
+uRjp0RJxEpzj8MgwzM176mC+6jJNvP9k2Eab/t0Ayp8kWtcxVgp58FCH91PeGU1n
+kxsZA0AZovkOUukyAZiu/AgdXEQ9wsOT90U+LWsLYgAPvFVh73iTyrFTt7nBqqRT
+QlCDmd4EtD1yTh0Qk6vc+3W2NRDI/c0mjz3yvpLdfmnVGrSV81ECAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAJeeywig8VEp
+wDENKYXS0pbMfiVVueTxYM9XM8Gb4rabVSslQ5SdWEIosMHtaQGZZxrzLsSDttJD
+aTZODiPErLMCoqS9J59VVtEfukxs/kC7vOJxC9O4eyZornSFX9oIjpXgluytMtH+
+G8m3SBPaGXMx5Hupye9SG6LNvcCsHkPc6rZjauqeAbJEuTyZAI8t88gOXky7y4ki
+qpUL+puth/8CZAmpg6OMC9dfvUxt1Z0vzvwGDrrvk2i5sM/3TyaRhuptgL/b9lOs
+JMYfJ4ijJfGYoapcYL08wi76IIIDSQxwNd6+zk9P/NJZCc24GRxaibQxM9/Rbqln
+t26WrvD/niE=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAyJE7feWA7OWWSNyup+HrSrEiCvOLDTu1VZayirS2bkjIKh3/
+gTmNFe5Mg2RTfJywwrtBFFk2KSaqD5jXjC4YjEuRQHZdTGGVHCBjVjoE49GzdVqD
+xFXOaUM8c00tniymlbaussO/Rcn6CegloZMBI7To21HGi1Hm1pS5GOnREnESnOPw
+yDDMzXvqYL7qMk28/2TYRpv+3QDKnyRa1zFWCnnwUIf3U94ZTWeTGxkDQBmi+Q5S
+6TIBmK78CB1cRD3Cw5P3RT4tawtiAA+8VWHveJPKsVO3ucGqpFNCUIOZ3gS0PXJO
+HRCTq9z7dbY1EMj9zSaPPfK+kt1+adUatJXzUQIDAQABAoIBAQCHD2WkbbvXyvLc
+td7XJocvkQB/p2jnzGFb9VLdnLuMoG5KDlFUT9D2B7Z2dETUER/mwfodHcYfB+5U
++nOL7i6RqwFxC0Pgf4XNnvHFyuQoFbpnOECrIa0RrTkz27DwZtj20EHsF2ziLhS2
+PyG4ICoQRW7Y4cR1ZP2xWg0a/bjQVSlyIwGFNDcnb2jiDca9fIWe+RbhvH6oLG41
+2i+HP0lazcWsnrBx0/Tjdi/bkntesS11468Cda9MQtEREAveIcnpNbCSmW4YIN1a
+AThmiEaN40myQaD/5K5dNgsgX7/YZ0yHc7N250Y6zUUx0hqRUe7APOkPzwPdIWZo
+ESPeZt8RAoGBAPvx/6O5niDmGUzXldsQ4d2VbBln1C91yi5s0j7eOoVoPWzNnyEY
+oFbzNZbWYn2JszBNjSnsrFOO6bbmKq3NXZA7l3DBP+JEgZyRwYQDZQHvvnvC4Q9Q
+/hkqtIM1sUFk+dGzUBRVT/3wMCi1+XouVZHPvQPDaMvAY9pOOUhsZzFXAoGBAMvL
+jyXF2CO6Df3jzK7RlW9Gtd0KhaHxw7HJEbB8w8O+buh6OrzYHX24i2QXl7EGoiYP
+BB0ATN5QBHHGrwQMS1NwZCPmkl8wYeBgUoWWjJ5UaB3q4OZyDwL/OKaciJrVNdQX
+XqclCUAf8ExE24qgHDlfDY9lVK0Sn9v48iMrsk+XAoGBANc/Vm/TqoRi8aST3yTM
+1JtSCIvgCAkQMk7di/ZIOGk3uJrXRaep+XqvyM34lSa52UxgRUVXPZcZ1xT6qeXZ
+OaF7OBQOFn1CmBVi9ZjKqaYw5GWqBkvmn2By+svKuIitMz30W2szw+apKQvvBJhd
+M6AiglLPxR2mXejpwcjdTIB7AoGBAKL9n/RG4pHYWR5o1agvyUNhG0y5AJ2/3ZLQ
+TEyJzIw+PzfBoj6s3hFRynH4CIM12fN0aQbE2bWn65YPoKQtLQWDyyOHYiOtb2pj
+vzxGZxquSUM8Ojk0mdr8wpNGeF7VDSMeub4WeeqGYMqu+6NIYKpl4lOAaJOvZJkq
+5oXIiejrAoGAZ6WZcchtTEQ/CYkdLTO44AMN8PVuRYvx+QQ3y2PiNNF0jzKVX4Wc
+9GBkhyGnWPTAMLxAiyckb7ssSAVWv0bopu3Da+uKbXOY+kbIf8fJiTz/0Vr6Fdsc
+5d6JSDOKkYQ51fn6WfBdpQBCuUShJMFD/gXq5ssxVCL/Ou4OuKiRnXc=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC5TCCAc0CAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiRO33lgOzllkjcrqfh60qxIgrziw07
+tVWWsoq0tm5IyCod/4E5jRXuTINkU3ycsMK7QRRZNikmqg+Y14wuGIxLkUB2XUxh
+lRwgY1Y6BOPRs3Vag8RVzmlDPHNNLZ4sppW2rrLDv0XJ+gnoJaGTASO06NtRxotR
+5taUuRjp0RJxEpzj8MgwzM176mC+6jJNvP9k2Eab/t0Ayp8kWtcxVgp58FCH91Pe
+GU1nkxsZA0AZovkOUukyAZiu/AgdXEQ9wsOT90U+LWsLYgAPvFVh73iTyrFTt7nB
+qqRTQlCDmd4EtD1yTh0Qk6vc+3W2NRDI/c0mjz3yvpLdfmnVGrSV81ECAwEAAaBV
+MCIGCSqGSIb3DQEJDjEVMBMwEQYIKwYBBQUHARgEBTADAgEFMC8GCSqGSIb3DQEJ
+DjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAsbXmSMa/hEIKE5jwv3+LIuvvrYxTM76+GczRzC/zybIPraR8kWCZ
+Lqp1H7ALbNaaFqF8nbhyFwa+Irn4cYAhXJ34Bk2+p4HkThuAw9FWlZhSV64n6wV5
+l12a1qQqpWSaW6q/Kg/wCb3hvAliokHCz9OBe85PR1HOtEwLjoiRpBOvZ3WCINwf
+j+c+SwgOuAg291FvsaSW9CUY1N107O7ZFsxuiyUgdw8ik0aVORQKfrbosuvM5OnT
+/3lWTxDYEqPG7brqZQhmDw0yFCb+heWwCOLyInlusj7a3IOGHXJjMGftNPZr49bu
+dOPMeJMIT83/8PXVCKBn87xNuE/PdCEkFQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIyMzMxN1oXDTQ2MTIw
+OTIyMzMxN1owSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMcR6lVfGGSVyTULQsXXhX4NNqNHlGSis/DT
+ShfyJn8A7dLybdfZD2hR7DzHrO0O79ZwduIrP4toJvErVRZuOHOdOd2ahI4qcHah
+qS7W9AKX3/YLSFkdRXbxH7xA9gczLKODSdiSwQDAP+O8a0RSxZNRqHMbay2yroG5
+fuDeG1KRN/QT9HTR3s6gkAMLUNfnzsxzEI2EN0E2QxYIUqQalPZDExNGR17hk84L
+DXon0aTTv/ubb9mwSyngX841Lj/XE5hamTrvMUd4Ho1qs60l/wCQOLmFRd8iT6dn
+HGpckdspd0FTR5TkEISDMO67JJgaVT0NKivSig1fR60qjbx/KrsCAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAFNB+a7Ntqo2
+y3qvguwnDP1CwK0qsSq6HzrtKwlmY7a/h5p8hIUYUZCirRq2eZfiC9sScjxzihG0
+g6M8gVT1DXPqkkKx/9fxeqyvBRuArETWN2DpFz8tGo81yPGXHCBYbpbcd5m8adNv
+zDr3yhelrnNKFYb0Pje/nd1IhikYGeTdWPC0K0mM6EHKd5Pol/BkFyThJURzBobm
+lhO3blOyTdzmMuEWKHvjy0GBptnW2UTHMErG0il3BIGvKtLt/si8J1mBh95C9oM2
+DZ4NUosxQRvGGqSey0j+uRMJkrrQASe6564g1tLRcifMkVJNWcbSXdQncJAm+TQj
+BbvMM6ujcUk=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAMXwbKySl6t0
+XTugRa186C97v8SmX8Zq8zk5IrulMENqluCyCw33HWgFEMrjYfXA+EAxLc/VwxPO
+jI5vdlDMOt3tr9be2Bz2adfC0cSfJdgOpRWaxDjXpKio7HTVDEkMGFrOODph1k+n
+PwQwQV73FsnqsBUJYwq1VKcy+Eoh5t6nrj1+RnjV2HeCHoKqi/ZT0m8bWLix0FTR
+s+IrNaeI9t95umEtmzSqexdH1cPJGIHxZi7v8P/6XreTi9MpatE9GNAUEcpkSICt
+bkycUqD3Jn5PDfuKbHGUaeEueazLg9zIhlGIQSl8vk3Zzn88fwbn8i96/ZTDOyfm
+wjjxwSl+uSU=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsemD9OXnZ1Wh+qrAS1CG4Wr34l379dbdK91G+pk1WueMvtTO
+pnav9tDel6hXF6jV4pu/TsS4ewvow1HV6WGGV+zvQSBoaMBM6JeUjOuo5oZX6dV6
+G9ZUacoOhuPWLy9noge5/hl/ul8tM5mnAoDBrGudtEznTWDtY3Mkq62Sga9dGbTL
+WO9VZ+cQ7oJDQ5LGsVBzgwBpKUF8BJQdl8LZfBZ9mdRP+r09WnfU6N5KUU8a+TIr
+F3vh9o7KEVAVE8rywY0TLgxG4AVo+fw/IVV1TUWsN0mF7EuZf34nM76dRi2xirX4
+MMtm6ApZhozAfcq7h8AzA/OS4vxagkBxatBARQIDAQABAoIBAQCHz2Y30DhxHWFk
+5GueEn6kHO/VEUGBTN/Q2D2Sltmv5wn9sp19XSS+GHuS8aJqISwErDfBfVIGO/UX
+BKVyXkwbWnbZFFAfhowvEWcIm+x27R63FYr9LQOLLf8g4VNi+aD2g0drvTNPpc/v
+j995fahaYlwkgoAfBVqxi/f2Ra2M6HaeRzH+56scycBRGpyUdNqueaBHh2R3dayu
+VZdwidl5oJDJRVEO8jxAs1rzYnkPvKeIVhvYVzdUEnYJ+4FWGwvbk00WG+K1OOju
+FkRH3jzT5sfiLQ440zeHcYNlT81YaZrdoNbR9H328zal5VTEcESHeXVcCBdh4fMa
+ghtKgLKBAoGBAOIfryjVa7AM5gf4UwQzStI7wIAg61FAT416pKQTH8vdShIjmcqE
+isMzyTNc3MY+ToVgeH0J3Epswt6tYbPjKF5Y2kDjUDDfsDClMxtS0c+6civv4UBn
+x3K2yjuaYJscmlw8LviqXuAIui4hBaLHysD9S3LgPnaAB0lF91PO3sQdAoGBAMlr
+JHBF77WgKa4L2IM1R+XeXBHAphJzYh5/Hc5uYYsoEg/V04176Vjf7KcJ9kbCeGP0
+jypyzd99I0nz5iJiXyV0wkBYE0HcFcbrj6Gyn4q1Nx9gQFXcxOmCD4Ci81qQnpg4
+6gCOADUva8X9YkzMy+wXZGmSBoRrA9xsoEguO2RJAoGBANIkUdrn5AkbI5eajkPk
+Cw+vmek5Lpc25fd8V49nenAx+ck7rovHe1GHSd9i2IWfl8dZ7P9+72t3Ae6BQMA1
+RenQNxyAY6DX8Nx0Wjd1Uyjyg3ITnskE6RTRjMWxZUAhZ85528kaQ8t+MM/3vk4V
+0HZjrv9WKJZlyt+slvoa0Wl9AoGAby279Fk2QswAlbimL26mnCTML2RmhwK3o1vJ
+SRw2rYhVx/Xgi1VdbZhU2bMvBMntiEcDC4xJRVaetwBxBIPGPzeezcOQBaeFQcLf
+CoM9e2Qh5CjN+lcdPkNzaS8JIvF3CVFJITtAtBrT43rE2t2kplIXNArNnCQyAmbX
+ZmBWmjkCgYEA1B72Ec7Kip7kEHSlS/Np2vr2UrWBUdYA8Nh0/y9II1KNpc7oCRUI
+eI/81eFipGMLS0cZnpxg9ip56awoZsYI/Dy6zw8b3lyqwicYDAgGabRhonk+/wDF
+nuZFSlg2i0I2oiI3uiqd2k7SVEZ4v+cAtkEv49ZLdQr0wo7WgyxTKcE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICwTCCAakCAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxFeXansIVcMJs4tFkJ/05XA3bipZRg
+VRPrpK8+XAh+EJLxFQRxJUPXDGuwNKrO2ZX336BHJ+NHq9eIozEI4g+Ec/l2HEZz
+jae3qd0ZsE96pCCpI5bMx/tg8QVpNCcTXTviXVzAhxZt+PRqylqGMuWUgrWQpl0B
+7FOCnluXjU2qlkHHNmWurBdJzEbCmE11KKew2R9j4GsxXJu4XcNzN06v9xbvZIC2
+I/6KI+wR6KWTXOjmJtLX5SD6h0Qoj3F5tWH0mJSKMPwhOJCn4ojLnM/TQ0OVNHm3
+an6XbaFOBVlhs/x6EPJRYX1TThxrn/Tgh81RabiadF3+ptQ+sQVT9uMCAwEAAaAx
+MC8GCSqGSIb3DQEJDjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+ATANBgkqhkiG9w0BAQsFAAOCAQEAL86Y+uN1xGiFLdWp9taWVLKo/0mDeljfSHGw
+DAgZvUsGcT85cmlcnOQg878HZ/YgDbNzNXhv63tnOUSAJXDmGe7eN9vU6TXuPqPM
+3kVNQFjYlxCbgcItIhyxV4P8gQzwgAwPSVS6uywdQ4Ipc8mp5YHDdxpSU2KVUlb8
+SNy4NDD3FEX6kiFtd2iVcgfTz38sIQPNiAOXb4kskS9iJApxJUwE3DPLSmZy+xLe
+G3sh9aQRobZlRmwa/UrRIx2o02HrtNplO+DFiDk6wIEje+TMeT4nfN/JlE0kTHVA
+fhDWl+zYOxxAwIElUuXUpobU/+8QyKIvjT2GOfDpTL6FYRiEcQ==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAMXwbKySl6t0
+XTugRa186C97v8SmX8Zq8zk5IrulMENqluCyCw33HWgFEMrjYfXA+EAxLc/VwxPO
+jI5vdlDMOt3tr9be2Bz2adfC0cSfJdgOpRWaxDjXpKio7HTVDEkMGFrOODph1k+n
+PwQwQV73FsnqsBUJYwq1VKcy+Eoh5t6nrj1+RnjV2HeCHoKqi/ZT0m8bWLix0FTR
+s+IrNaeI9t95umEtmzSqexdH1cPJGIHxZi7v8P/6XreTi9MpatE9GNAUEcpkSICt
+bkycUqD3Jn5PDfuKbHGUaeEueazLg9zIhlGIQSl8vk3Zzn88fwbn8i96/ZTDOyfm
+wjjxwSl+uSU=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNaMFgw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wEQYIKwYBBQUHARgEBTADAgEFMA0GCSqGSIb3
+DQEBCwUAA4IBAQBcyWjPOKa1VdahekAxzRxvEayWUXr6ZIgkYUvOHQgRVJE2aV4k
+2f4AP+/2d5G6BOxAoszY4ILCwKoirzU6XSvW2eJEVWS5bcPmrGNkQudsPlDeVrjU
+4d2iJVMziD1/DM774y4b3V1NpRnqo4hwrAoiqxsodyBrGt0TlK3T3Va8BnRyIpcu
+zQcGGlgjP9gyDdbPpUHdMi0nQmI04wKURJysIQBgGehxirIWqqlFGlIe6f4Gx2pt
+ft2gjcvY+1OSX/ImAgxgljrSrgLOSpRpWcFp2foYh7jD6739qLlmWNmgEpsF7Kaf
+QjYphycCx4IAXXDmTbxQ+YjALK14WCyN65Yk
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsemD9OXnZ1Wh+qrAS1CG4Wr34l379dbdK91G+pk1WueMvtTO
+pnav9tDel6hXF6jV4pu/TsS4ewvow1HV6WGGV+zvQSBoaMBM6JeUjOuo5oZX6dV6
+G9ZUacoOhuPWLy9noge5/hl/ul8tM5mnAoDBrGudtEznTWDtY3Mkq62Sga9dGbTL
+WO9VZ+cQ7oJDQ5LGsVBzgwBpKUF8BJQdl8LZfBZ9mdRP+r09WnfU6N5KUU8a+TIr
+F3vh9o7KEVAVE8rywY0TLgxG4AVo+fw/IVV1TUWsN0mF7EuZf34nM76dRi2xirX4
+MMtm6ApZhozAfcq7h8AzA/OS4vxagkBxatBARQIDAQABAoIBAQCHz2Y30DhxHWFk
+5GueEn6kHO/VEUGBTN/Q2D2Sltmv5wn9sp19XSS+GHuS8aJqISwErDfBfVIGO/UX
+BKVyXkwbWnbZFFAfhowvEWcIm+x27R63FYr9LQOLLf8g4VNi+aD2g0drvTNPpc/v
+j995fahaYlwkgoAfBVqxi/f2Ra2M6HaeRzH+56scycBRGpyUdNqueaBHh2R3dayu
+VZdwidl5oJDJRVEO8jxAs1rzYnkPvKeIVhvYVzdUEnYJ+4FWGwvbk00WG+K1OOju
+FkRH3jzT5sfiLQ440zeHcYNlT81YaZrdoNbR9H328zal5VTEcESHeXVcCBdh4fMa
+ghtKgLKBAoGBAOIfryjVa7AM5gf4UwQzStI7wIAg61FAT416pKQTH8vdShIjmcqE
+isMzyTNc3MY+ToVgeH0J3Epswt6tYbPjKF5Y2kDjUDDfsDClMxtS0c+6civv4UBn
+x3K2yjuaYJscmlw8LviqXuAIui4hBaLHysD9S3LgPnaAB0lF91PO3sQdAoGBAMlr
+JHBF77WgKa4L2IM1R+XeXBHAphJzYh5/Hc5uYYsoEg/V04176Vjf7KcJ9kbCeGP0
+jypyzd99I0nz5iJiXyV0wkBYE0HcFcbrj6Gyn4q1Nx9gQFXcxOmCD4Ci81qQnpg4
+6gCOADUva8X9YkzMy+wXZGmSBoRrA9xsoEguO2RJAoGBANIkUdrn5AkbI5eajkPk
+Cw+vmek5Lpc25fd8V49nenAx+ck7rovHe1GHSd9i2IWfl8dZ7P9+72t3Ae6BQMA1
+RenQNxyAY6DX8Nx0Wjd1Uyjyg3ITnskE6RTRjMWxZUAhZ85528kaQ8t+MM/3vk4V
+0HZjrv9WKJZlyt+slvoa0Wl9AoGAby279Fk2QswAlbimL26mnCTML2RmhwK3o1vJ
+SRw2rYhVx/Xgi1VdbZhU2bMvBMntiEcDC4xJRVaetwBxBIPGPzeezcOQBaeFQcLf
+CoM9e2Qh5CjN+lcdPkNzaS8JIvF3CVFJITtAtBrT43rE2t2kplIXNArNnCQyAmbX
+ZmBWmjkCgYEA1B72Ec7Kip7kEHSlS/Np2vr2UrWBUdYA8Nh0/y9II1KNpc7oCRUI
+eI/81eFipGMLS0cZnpxg9ip56awoZsYI/Dy6zw8b3lyqwicYDAgGabRhonk+/wDF
+nuZFSlg2i0I2oiI3uiqd2k7SVEZ4v+cAtkEv49ZLdQr0wo7WgyxTKcE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC5TCCAc0CAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxFeXansIVcMJs4tFkJ/05XA3bipZRg
+VRPrpK8+XAh+EJLxFQRxJUPXDGuwNKrO2ZX336BHJ+NHq9eIozEI4g+Ec/l2HEZz
+jae3qd0ZsE96pCCpI5bMx/tg8QVpNCcTXTviXVzAhxZt+PRqylqGMuWUgrWQpl0B
+7FOCnluXjU2qlkHHNmWurBdJzEbCmE11KKew2R9j4GsxXJu4XcNzN06v9xbvZIC2
+I/6KI+wR6KWTXOjmJtLX5SD6h0Qoj3F5tWH0mJSKMPwhOJCn4ojLnM/TQ0OVNHm3
+an6XbaFOBVlhs/x6EPJRYX1TThxrn/Tgh81RabiadF3+ptQ+sQVT9uMCAwEAAaBV
+MCIGCSqGSIb3DQEJDjEVMBMwEQYIKwYBBQUHARgEBTADAgEFMC8GCSqGSIb3DQEJ
+DjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAWoNGUhOcglk7ry1mIpaDpTDXIN6EQZF8PwZYDp84/M23yucJW5xW
+X8f2xLXUwlDQieQgd1YV/PCe0R4VS9BF+8u5oM9Y4Odm97RqyQ+hvBRGEJZeMZL6
++c2JJ7nRPlL4dkVDlzZcf/GK4Tvsi9IEB8NjzDfyotpqj4tB9U4xgVgKCviAN3ne
+dXPbPOEkNAhv/ZMBc/Vlrfy81OvEVoRai2ET0lkTnba67bGaB6cTgc393x52CNqH
+3sJfswWGJnU35ZXtXwb4kgvgBx+jb1/2QFkEXeJmFjboWCqNMEBjB3PtN8JhU/Rk
+xxkl+oJHgMs8CnnsEWunSi//dbjqqzygvg==
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
+ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNaMFgw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wEQYIKwYBBQUHARgEBTADAgEFMA0GCSqGSIb3
+DQEBCwUAA4IBAQBcyWjPOKa1VdahekAxzRxvEayWUXr6ZIgkYUvOHQgRVJE2aV4k
+2f4AP+/2d5G6BOxAoszY4ILCwKoirzU6XSvW2eJEVWS5bcPmrGNkQudsPlDeVrjU
+4d2iJVMziD1/DM774y4b3V1NpRnqo4hwrAoiqxsodyBrGt0TlK3T3Va8BnRyIpcu
+zQcGGlgjP9gyDdbPpUHdMi0nQmI04wKURJysIQBgGehxirIWqqlFGlIe6f4Gx2pt
+ft2gjcvY+1OSX/ImAgxgljrSrgLOSpRpWcFp2foYh7jD6739qLlmWNmgEpsF7Kaf
+QjYphycCx4IAXXDmTbxQ+YjALK14WCyN65Yk
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC5TCCAc0CAQAwSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixk
+ARkWB0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKldmDSUw+D/RExMhsgjlKJqQNdN/Ccx
+5NOhKVNpAdBEEr08cvGRzLwpAGSEDrLIuvLtCHtiFg6lQlZUUlpBNn4Ij71ggmkD
+wkWLhRX8mDqxlt7S2/xy9aMKQ1Ok547qeF97WG4Zq8ZTOzQGI4bzI/U7jA+siNGv
+I+UexsBH8fWsFpx2lA24nH3gnFXW3DU7rYDQ9/z8gBNyt7b8RuHajHrJilEy5vfz
+hCYJJhOMJ4rSozoC7HeaXUq692W/EEcq5XZGfUHHHYHjFB4fxXKerccl2waGxWk8
+MooGjuIrg0QeHENvLFR8dW6YUf6xdOgQwXmclD1lpfXrY5Y+LDAatDsCAwEAAaBV
+MCIGCSqGSIb3DQEJDjEVMBMwEQYIKwYBBQUHARgEBTADAgEFMC8GCSqGSIb3DQEJ
+DjEiMCAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEAb0zyclEwo2AvcEvlCdAatvSptlqUYzqs7M8CTgr19N+i1vLM/sBv
+3sXIgjaqY0vaAbOP4swHOT1hn43feco3RK13wXxih1wuQH8S9c8DPwSy19F8GIvL
+lX63/uej4IVMofWW9hhadtX1JxhCwwWgj0ponv3inssrmIc+dZnRClQQjWlljIMU
+mcxoUvZLNBMh9pXc7F7V5XIJhs07SGmw+uHgQkxs2K6fvWNJupm8ndN/eSAcFUp6
+V53WxLrxi0oy0qVtvc+mMPWX3/ooe64gfio1JnxogZaBAWag/RlnnOV5p6YE3ZMY
+ECiMZjYl4FsNjFF5g2/krZg8gf5v2bhN8g==
+-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
-MIICDTCCAXYCCQDyTgBiXvBOyDANBgkqhkiG9w0BAQsFADBLMRMwEQYKCZImiZPy
-LGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEbMBkGA1UEAwwSc2Vy
-dmVyLmV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkwNDE1MjgzMlow
-SzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx
-GzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCdGnMWRIYF2JB6
-lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT7jwX433CEH8P
-gKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtLzeMCAwEAATAN
-BgkqhkiG9w0BAQsFAAOBgQAbZGd5kU53gt31RWnnqurK6UgbM3tjJuy6sfy2bSYm
-vAkOeUqXmwwE10f4q6zboBalXHiyPymhq8Ybq0EKko4KdIboe8oVbadwgS6NtR4w
-SqRDpJvb1AboHq/IERnYX9IPAg7v4HTxpIsAt6KWhecUoXWUhbfxfVRcLmcRl3qs
-wA==
+MIIDHTCCAgUCFFViuPb6dp+P8kf3xQDDaE00qxuAMA0GCSqGSIb3DQEBCwUAMEsx
+EzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMRsw
+GQYDVQQDDBJzZXJ2ZXIuZXhhbXBsZS5jb20wHhcNMjExMjE1MjMyMDA1WhcNNDYx
+MjA5MjMyMDA1WjBLMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQB
+GRYHRVhBTVBMRTEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUuY29tMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsemD9OXnZ1Wh+qrAS1CG4Wr34l379dbd
+K91G+pk1WueMvtTOpnav9tDel6hXF6jV4pu/TsS4ewvow1HV6WGGV+zvQSBoaMBM
+6JeUjOuo5oZX6dV6G9ZUacoOhuPWLy9noge5/hl/ul8tM5mnAoDBrGudtEznTWDt
+Y3Mkq62Sga9dGbTLWO9VZ+cQ7oJDQ5LGsVBzgwBpKUF8BJQdl8LZfBZ9mdRP+r09
+WnfU6N5KUU8a+TIrF3vh9o7KEVAVE8rywY0TLgxG4AVo+fw/IVV1TUWsN0mF7EuZ
+f34nM76dRi2xirX4MMtm6ApZhozAfcq7h8AzA/OS4vxagkBxatBARQIDAQABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCUhQgoRh2Z3S7dr1KhfaM2SU66it9EiE6xjvqcF6na
+NdkR8U9JYLQc+ug0hOUxL33YZ9BU6K1+jQczRUIKUFtcxOBoQjkkrO/a74cbD9Vo
+VqQ4aM0vuqTCUKJi4j1AHBxeB6YhmGUQtduTTgpVJ0sXNmtmKPOGtDrrVJ8vVG3a
+UGfB1IYvb9NfmW5rW7A9gMhNvhybPhDjiwlX3WaZrKBualpJS6FXBk/BfMSoUyvI
+zim9Go4mehMF5xtSH/WspUzNGqs122S7m44oUGZCWvdCWO/90mfWOPo4U3GhnIdt
+kEeBNSc0G3XpzDZ3jSuXfqLI5ADBXOXQQWgMTwIpJzle
-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDHTCCAgUCAQAwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/Is
+ZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAV
+BgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxl
+LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDI1oGcdnQkf3rb
+6tSABVeqsuZzVpoA7NmcbGWZPOC5x7XTdBeSeU/Q+Fl6B048CwVlIxXgL3z44CFc
+Dee5Q3oIk3AiQenl4VIofbm8i43wXaPe9cf4m3lF88RQZsF6e8oTnuLnaqFOJyOo
+17cuzY+m9RayaOzS5/04gEZj19J+EbIAJh1uUnWYKtc+pAUKzvTtCMYygwHFq/5I
+lQ7Ns4O9j/wKaKnMNbC7PL90QUpgjZtWfyO5v1beEjAHigt00GUqOEhiVIEN9spF
+GqOf7sY0MOrluqC6fBnaKC4zKkEYLrib4X1ncCMffZ3pB1HoEp+RLq9NgF/PjWNL
+fVDr3gkCAwEAAaBRME8GCSqGSIb3DQEJDjFCMEAwHQYDVR0OBBYEFCV0vQnn8otx
+VrqLFvH/9w2raijeMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0G
+CSqGSIb3DQEBCwUAA4IBAQC2YkXnf6l6w8EjDK3aWEoaYv821GTenBFL5Ae7TylZ
+b2YpxHu+aQU9MPvYXT8Qh1TL/EKasXy2xV9s2vVbdIHnjp11U1wM7Z26QAdLDfT4
+Xn1oEswj0v8hEwm0YEsfxTSytHHLXtKBmrYdMBBL597MSjWjW1pZg6OUuf8q42yA
++m9lU8oLkZVR+KtkiE5+336Y2k/Zaza+mw3dBTSmeJyiG0NR09bc7RUJUhnZp+2U
+nQ3ObREyYs3GpMatXHWiAwpAQt3tar6BDQo7zN9Bx3ViJcrNI2GbuBlUioX+I0xx
+fI4HWDpvVsv5RDpYdm5SNaVd2nlwbFA1v3gusD7/S93q
+-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
+MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhjETMBEGCgmSJomT8ixk
ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq
-hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE4MDkxMDE1MjgzMloXDTQzMDkw
-NDE1MjgzMlowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
-B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4ueKvOZqXR49sF2exsExLpbVK32rMPtZwN28NYCd
-GnMWRIYF2JB6lPWiTzWPUdEy4AmifEsiWE2ThsmBeX4cPz8YoEYt2aCenrAuFHiT
-7jwX433CEH8PgKQ5tbWKHxwz5PiktkRUWXP49KA27REJvQZMphwvRJ3uBZrxydtL
-zeMCAwEAAaNHMEUwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNV
-HREEHDAahwTAqAEKghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
-gYEAc8/9nm5UksO7kuhco3BbqjzkY4YSU9w55XznhYsnKI50qAcNpjnrH5qoIzW7
-8XXCfv9JQYiE7xpNyqjcf+BrZniwsYfmDvbADcodnZMgstOdbFL9PniCZyJYEGK9
-0C5iusx4Pwc1cqvwewy5oX7HW7T4uF9s3ZJALotCTVtJSqA=
+hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIxMTIxNTIzMjAwNFoXDTQ2MTIw
+OTIzMjAwNFowSzETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkW
+B0VYQU1QTEUxGzAZBgNVBAMMEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALHpg/Tl52dVofqqwEtQhuFq9+Jd+/XW3Svd
+RvqZNVrnjL7UzqZ2r/bQ3peoVxeo1eKbv07EuHsL6MNR1elhhlfs70EgaGjATOiX
+lIzrqOaGV+nVehvWVGnKDobj1i8vZ6IHuf4Zf7pfLTOZpwKAwaxrnbRM501g7WNz
+JKutkoGvXRm0y1jvVWfnEO6CQ0OSxrFQc4MAaSlBfASUHZfC2XwWfZnUT/q9PVp3
+1OjeSlFPGvkyKxd74faOyhFQFRPK8sGNEy4MRuAFaPn8PyFVdU1FrDdJhexLmX9+
+JzO+nUYtsYq1+DDLZugKWYaMwH3Ku4fAMwPzkuL8WoJAcWrQQEUCAwEAAaNHMEUw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAjBgNVHREEHDAahwTAqAEK
+ghJzZXJ2ZXIuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAApNqCn6XQjg
+N2/HN8H+6JaWePIg0WiXoMTVB+wGxGO2FNMxHJNkpRHdqGxyl79dGMpSiwEdt2T+
+TfLyEYixxHxH0Wf74lVZ1/NEy/WNHHV+/kylo9b5P1odvvzwyipgi/+wYGHl1LrI
+X2V3sIFjF3WKoVNpdSpPux4IWO4ssUp/dQTE7qHkAJKR5rz6eJheoJDKarhHDodo
+Q4snW8JO9oHAz4l02TuEsHUtttdH9L5fbwaQQkxpBO1UXKTD/0H/H+Ta21y8Uxh4
+8no49oumb2FPcPvJUHDSYXybgq16p0H/mNXBXWyrgxIA4MFNqJfW+3qryTxYnHRZ
+GF6jub4BTMc=
-----END CERTIFICATE-----
# Root CA
[ req ]
-# Use SHA-1 to verify that it does not affect the trust of root certificates.
-default_md = sha1
+default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
# Root CA
[ req ]
-default_md = sha1
+default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
--- /dev/null
+# Server
+
+[ req ]
+default_md = sha256
+utf8 = yes
+string_mask = utf8only
+prompt = no
+distinguished_name = req_dn
+req_extensions = req_ext
+x509_extensions = v3_req_ext
+
+[ req_dn ]
+0.domainComponent = "COM"
+1.domainComponent = "EXAMPLE"
+commonName = "server.example.com"
+
+[ req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+
+[ v3_req_ext ]
+basicConstraints = CA:false
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+tlsfeature = status_request
+
+[ alt_names ]
+IP.0 = 192.168.1.10
+DNS.0 = "server.example.com"
--- /dev/null
+#!/usr/bin/env python3
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import sys
+import cryptography.x509
+
+try:
+ in_path = sys.argv[1]
+ out_path = sys.argv[2]
+except IndexError:
+ sys.exit('USAGE: update-test-database.py server.pem output_header.h')
+
+with open(in_path, 'rb') as in_file:
+ cert_data = in_file.read()
+
+cert = cryptography.x509.load_pem_x509_certificate(cert_data)
+
+header = '''/* This file is generated from update-certificate-test.py */
+
+#define EXPECTED_NOT_VALID_BEFORE "{}Z"
+#define EXPECTED_NOT_VALID_AFTER "{}Z"
+'''.format(cert.not_valid_before.isoformat(), cert.not_valid_after.isoformat())
+
+with open(out_path, 'w') as out_file:
+ out_file.write(header)
--- /dev/null
+#!/usr/bin/env python3
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import sys
+
+try:
+ chain_path = sys.argv[1]
+ new_root_path = sys.argv[2]
+except IndexError:
+ sys.exit('USAGE: update-chain-with-new-root.py ca-file.pem new-ca.pem')
+
+with open(new_root_path, 'rb') as new_file:
+ new_cert_lines = new_file.readlines()
+
+with open(chain_path, 'rb+') as chain_file:
+ chain_file_lines = chain_file.readlines()
+ new_chain_file_lines = []
+
+ # Replace the lines of the old root with the new cert
+ for i, line in enumerate(chain_file_lines):
+ if b'BEGIN CERTIFICATE' in line:
+ new_chain_file_lines += chain_file_lines[:i]
+ new_chain_file_lines += new_cert_lines
+ continue
+ if b'END CERTIFICATE' in line:
+ new_chain_file_lines += chain_file_lines[i + 1:]
+ break
+
+ # Write over old file
+ chain_file.seek(0)
+ chain_file.writelines(new_chain_file_lines)
--- /dev/null
+#!/usr/bin/env python3
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import sys
+import cryptography.x509
+
+try:
+ in_path = sys.argv[1]
+ out_path = sys.argv[2]
+except IndexError:
+ sys.exit('USAGE: update-test-database.py ca.pem output_header.h')
+
+with open(in_path, 'rb') as in_file:
+ cert_data = in_file.read()
+
+cert = cryptography.x509.load_pem_x509_certificate(cert_data)
+subject_data = cert.subject.public_bytes()
+hex_subject = ''.join('\\x%02X' % b for b in subject_data)
+
+header = '''/* This file is generated from update-test-database.py */
+
+#define ISSUER_DATA "{}"
+'''.format(hex_subject)
+
+with open(out_path, 'w') as out_file:
+ out_file.write(header)
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * Copyright (C) 2021 Ole André Vadla Ravnås <oleavr@frida.re>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * In addition, when the library is used with OpenSSL, a special
+ * exception applies. Refer to the LICENSE_EXCEPTION file for details.
+ */
+
+#include "config.h"
+
+#include "lossy-socket.h"
+
+struct _LossySocket
+{
+ GObject parent_instance;
+
+ GDatagramBased *base_socket;
+
+ IOPredicateFunc predicate_func;
+ gpointer predicate_data;
+
+ gint next_rx_serial;
+ gint next_tx_serial;
+};
+
+static void lossy_socket_datagram_based_iface_init (GDatagramBasedInterface *iface);
+
+G_DEFINE_TYPE_EXTENDED (LossySocket,
+ lossy_socket,
+ G_TYPE_OBJECT, 0,
+ G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED,
+ lossy_socket_datagram_based_iface_init))
+
+static gint
+lossy_socket_receive_messages (GDatagramBased *datagram_based,
+ GInputMessage *messages,
+ guint num_messages,
+ gint flags,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ LossySocket *self = LOSSY_SOCKET (datagram_based);
+ gint ret;
+ gboolean skip;
+
+ do
+ {
+ IODetails d;
+
+ skip = FALSE;
+
+ ret = g_datagram_based_receive_messages (self->base_socket, messages,
+ num_messages, flags, timeout,
+ cancellable, error);
+ if (ret <= 0)
+ break;
+
+ d.direction = IO_IN;
+ d.serial = self->next_rx_serial++;
+
+ if (self->predicate_func (&d, self->predicate_data) == IO_DROP)
+ {
+ messages->bytes_received = 0;
+ messages->flags = 0;
+
+ if (timeout == 0)
+ {
+ ret = -1;
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
+ "Operation would block");
+ }
+ else
+ {
+ skip = TRUE;
+ }
+ }
+ }
+ while (skip);
+
+ return ret;
+}
+
+static gint
+lossy_socket_send_messages (GDatagramBased *datagram_based,
+ GOutputMessage *messages,
+ guint num_messages,
+ gint flags,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ LossySocket *self = LOSSY_SOCKET (datagram_based);
+ IODetails d;
+
+ d.direction = IO_OUT;
+ d.serial = self->next_tx_serial++;
+
+ if (self->predicate_func (&d, self->predicate_data) == IO_DROP)
+ {
+ guint i, j;
+
+ for (i = 0; i < num_messages; i++)
+ {
+ GOutputMessage *m = &messages[i];
+
+ for (j = 0; j < m->num_vectors; j++)
+ m->bytes_sent += m->vectors[j].size;
+ }
+
+ return num_messages;
+ }
+
+ return g_datagram_based_send_messages (self->base_socket, messages,
+ num_messages, flags, timeout,
+ cancellable, error);
+}
+
+static GSource *
+lossy_socket_create_source (GDatagramBased *datagram_based,
+ GIOCondition condition,
+ GCancellable *cancellable)
+{
+ LossySocket *self = LOSSY_SOCKET (datagram_based);
+
+ return g_datagram_based_create_source (self->base_socket, condition,
+ cancellable);
+}
+
+static GIOCondition
+lossy_socket_condition_check (GDatagramBased *datagram_based,
+ GIOCondition condition)
+{
+ LossySocket *self = LOSSY_SOCKET (datagram_based);
+
+ return g_datagram_based_condition_check (self->base_socket, condition);
+}
+
+static gboolean
+lossy_socket_condition_wait (GDatagramBased *datagram_based,
+ GIOCondition condition,
+ gint64 timeout,
+ GCancellable *cancellable,
+ GError **error)
+{
+ LossySocket *self = LOSSY_SOCKET (datagram_based);
+
+ return g_datagram_based_condition_wait (self->base_socket, condition, timeout,
+ cancellable, error);
+}
+
+static void
+lossy_socket_init (LossySocket *self)
+{
+ self->next_rx_serial = 1;
+ self->next_tx_serial = 1;
+}
+
+static void
+lossy_socket_dispose (GObject *object)
+{
+ LossySocket *self = LOSSY_SOCKET (object);
+
+ g_clear_object (&self->base_socket);
+
+ G_OBJECT_CLASS (lossy_socket_parent_class)->dispose (object);
+}
+
+static void
+lossy_socket_class_init (LossySocketClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+
+ object_class->dispose = lossy_socket_dispose;
+}
+
+static void
+lossy_socket_datagram_based_iface_init (GDatagramBasedInterface *iface)
+{
+ iface->receive_messages = lossy_socket_receive_messages;
+ iface->send_messages = lossy_socket_send_messages;
+ iface->create_source = lossy_socket_create_source;
+ iface->condition_check = lossy_socket_condition_check;
+ iface->condition_wait = lossy_socket_condition_wait;
+}
+
+GDatagramBased *
+lossy_socket_new (GDatagramBased *base_socket,
+ IOPredicateFunc predicate_func,
+ gpointer predicate_data)
+{
+ LossySocket *s;
+
+ s = g_object_new (LOSSY_TYPE_SOCKET, NULL);
+ s->base_socket = g_object_ref (base_socket);
+ s->predicate_func = predicate_func;
+ s->predicate_data = predicate_data;
+
+ return G_DATAGRAM_BASED (s);
+}
--- /dev/null
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * Copyright (C) 2021 Ole André Vadla Ravnås <oleavr@frida.re>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <gio/gio.h>
+
+#pragma once
+
+G_BEGIN_DECLS
+
+typedef enum {
+ IO_KEEP,
+ IO_DROP
+} IODecision;
+
+typedef enum {
+ IO_IN,
+ IO_OUT
+} IODirection;
+
+typedef struct _IODetails IODetails;
+
+typedef IODecision (*IOPredicateFunc) (const IODetails *io,
+ gpointer user_data);
+
+struct _IODetails
+{
+ IODirection direction;
+ guint serial;
+};
+
+#define LOSSY_TYPE_SOCKET (lossy_socket_get_type ())
+
+G_DECLARE_FINAL_TYPE (LossySocket, lossy_socket, LOSSY, SOCKET, GObject)
+
+GDatagramBased *lossy_socket_new (GDatagramBased *base_socket,
+ IOPredicateFunc predicate_func,
+ gpointer predicate_data);
+
+G_END_DECLS
'G_TEST_BUILDDIR=' + meson.current_build_dir(),
]
+if backends.contains('gnutls')
+ mock_pkcs11_module = shared_module('mock-pkcs11',
+ sources: 'mock-pkcs11.c',
+ name_prefix: '',
+ gnu_symbol_visibility: 'hidden',
+ dependencies: [
+ gio_dep,
+ gnutls_dep,
+ ],
+ install: enable_installed_tests,
+ install_dir: installed_tests_execdir
+ )
+else
+ mock_pkcs11_module = []
+endif
+
+if enable_installed_tests
+ install_subdir('files', install_dir: installed_tests_execdir)
+endif
+
test_programs = [
- ['certificate', [], deps, []],
- ['file-database', [], deps, []],
- ['connection', ['mock-interaction.c'], deps, []],
+ ['certificate', [], deps, [], [mock_pkcs11_module]],
+ ['file-database', [], deps, [], []],
+ ['connection', ['mock-interaction.c'], deps, [], [mock_pkcs11_module]],
# DTLS tests are disabled until we fix https://gitlab.gnome.org/GNOME/glib-networking/issues/49
-# ['dtls-connection', ['mock-interaction.c'], deps, ['openssl']],
+# ['dtls-connection', ['mock-interaction.c', 'lossy-socket.c'], deps, [], [mock_pkcs11_module]],
]
foreach backend: backends
foreach program: test_programs
- if not program[3].contains(backend)
- program_name = program[0] + '-' + backend
-
- test_conf = configuration_data()
- test_conf.set('installed_tests_dir', installed_tests_execdir)
- test_conf.set('program', program_name)
-
- if enable_installed_tests
- configure_file(
- input: test_template,
- output: program_name + '.test',
- install_dir: installed_tests_metadir,
- configuration: test_conf
- )
- endif
+ program_name = program[0] + '-' + backend
- test_cflags = cflags + [
- '-DBACKEND="@0@"'.format(backend),
- '-DBACKEND_IS_' + backend.to_upper(),
- ]
-
- exe = executable(
- program_name,
- [program[0] + '.c'] + program[1],
- include_directories: incs,
- dependencies: program[2],
- c_args: test_cflags,
- install: enable_installed_tests,
- install_dir: installed_tests_execdir
+ test_conf = configuration_data()
+ test_conf.set('installed_tests_dir', installed_tests_execdir)
+ test_conf.set('program', program_name)
+
+ if enable_installed_tests
+ configure_file(
+ input: test_template,
+ output: program_name + '.test',
+ install_dir: installed_tests_metadir,
+ configuration: test_conf
)
+ endif
+
+ test_cflags = cflags + [
+ '-DBACKEND="@0@"'.format(backend),
+ '-DBACKEND_IS_' + backend.to_upper(),
+ '-DSIZEOF_TIME_T=@0@'.format(cc.sizeof('time_t', prefix: '#include <time.h>')),
+ ]
+
+ if backend == 'openssl'
+ incs += openssl_inc
+ endif
+
+ exe = executable(
+ program_name,
+ [program[0] + '.c'] + program[1],
+ include_directories: incs,
+ dependencies: program[2],
+ c_args: test_cflags,
+ install: enable_installed_tests,
+ install_dir: installed_tests_execdir
+ )
+
+ test_envs = envs + [
+ 'GIO_MODULE_DIR=' + join_paths(meson.build_root(), 'tls', backend),
+ 'G_TEST_SRCDIR=@0@'.format(meson.current_source_dir()),
+ 'G_TEST_BUILDDIR=@0@'.format(meson.current_build_dir())
+ ]
- test_envs = envs + [
- 'GIO_MODULE_DIR=' + join_paths(meson.build_root(), 'tls', backend)
- ]
+ test(program_name, exe, env: test_envs, depends: program[4])
- # OpenSSL tests are disabled until we fix https://gitlab.gnome.org/GNOME/glib-networking/issues/54
- if backend != 'openssl'
- test(program_name, exe, env: test_envs)
+ if program[0] == 'connection'
+ # Run the tests again, this time with TLS 1.3 disabled so we can test TLS 1.2.
+ if backend == 'gnutls'
+ test(program_name + '-tls1.2', exe, env: test_envs + ['G_TLS_GNUTLS_PRIORITY=NORMAL:%COMPAT:!VERS-TLS1.3'])
+ elif backend == 'openssl'
+ test(program_name + '-tls1.2', exe, env: test_envs + ['G_TLS_OPENSSL_MAX_PROTO=0x0303'])
endif
endif
endforeach
GTask *task;
task = g_task_new (interaction, cancellable, callback, user_data);
+ g_task_set_source_tag (task, mock_interaction_ask_password_async);
+ g_task_set_name (task, "[glib-networking] mock_interaction_ask_password_async");
if (self->static_error)
g_task_return_error (task, g_error_copy (self->static_error));
{
g_return_val_if_fail (g_task_is_valid (result, interaction),
G_TLS_INTERACTION_UNHANDLED);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == mock_interaction_ask_password_async,
+ G_TLS_INTERACTION_UNHANDLED);
if (g_task_had_error (G_TASK (result)))
{
GTask *task;
task = g_task_new (interaction, cancellable, callback, user_data);
+ g_task_set_source_tag (task, mock_interaction_request_certificate_async);
+ g_task_set_name (task, "[glib-networking] mock_interaction_request_certificate_async");
if (self->static_error)
g_task_return_error (task, g_error_copy (self->static_error));
{
g_return_val_if_fail (g_task_is_valid (result, interaction),
G_TLS_INTERACTION_UNHANDLED);
+ g_return_val_if_fail (g_task_get_source_tag (G_TASK (result)) == mock_interaction_request_certificate_async,
+ G_TLS_INTERACTION_UNHANDLED);
if (!g_task_propagate_boolean (G_TASK (result), error))
return G_TLS_INTERACTION_FAILED;
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, see
+ * <http://www.gnu.org/licenses/>.
*
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include <gio/gio.h>
-#ifndef __MOCK_INTERACTION_H__
-#define __MOCK_INTERACTION_H__
+#pragma once
G_BEGIN_DECLS
const gchar *message);
G_END_DECLS
-
-#endif /* __MOCK_INTERACTION_H__ */
--- /dev/null
+/*
+ * Copyright 2011-2016 The Pkcs11Interop Project
+ * Copyright 2019 Igalia S.L.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Originally written for the Pkcs11Interop project by: Jaroslav IMRICH <jimrich@jimrich.sk>
+ */
+
+/*
+ * This file implements a PKCS #11 module to be loaded that returns a mock slot and objects.
+ *
+ * It is based on this project originally: https://github.com/Pkcs11Interop/pkcs11-mock
+ *
+ * Quite a few things have been changed since then though:
+ * - The CK defines just below use glib macros just out of convenience.
+ * - Logging was added just for ease of debugging.
+ * - Instead of hardcoded defines for objects this now has an array
+ * of mock_objects that is easier to read and extend. The search behavior
+ * of C_FindObjects was also updated to actually search through this.
+ * - The certificates/keys are real certificates/keys backed by gnutls
+ * loading them in C_Initialize from glib-networkings normal test data.
+ * This changes the behavior of many functions most notably including C_GetAttributeValue
+ * and C_Sign to use them. Any function not used in a TLS handshake was largely
+ * ignored and won't work.
+ */
+
+/* LCOV_EXCL_START */
+
+#undef G_LOG_DOMAIN
+#define G_LOG_DOMAIN "MockPKCS11"
+
+#include <gio/gio.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+
+/* See http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html */
+#define CK_PTR *
+#define CK_DEFINE_FUNCTION(returnType, name) returnType G_MODULE_EXPORT name
+#define CK_DECLARE_FUNCTION(returnType, name) returnType G_MODULE_EXPORT name
+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
+#define NULL_PTR NULL
+
+#include "pkcs11/pkcs11.h"
+
+
+#define IGNORE(P) (void)(P)
+
+#define MOCK_MANUFACTURER_ID "GLib-Networking"
+#define MOCK_MODEL "mock"
+#define PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN 256
+#define PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN 4
+
+static CK_INFO mock_info = {
+ .cryptokiVersion = { 2, 40 },
+ .manufacturerID = MOCK_MANUFACTURER_ID,
+ .libraryDescription = "Mock Module",
+};
+
+typedef struct {
+ CK_OBJECT_CLASS object_class;
+ CK_TOKEN_INFO info;
+ union {
+ gnutls_x509_crt_t cert;
+ gnutls_privkey_t key;
+ };
+} MockObject;
+
+static MockObject mock_objects[] = {
+ {
+ .object_class = CKO_CERTIFICATE,
+ .info = {
+ .model = MOCK_MODEL,
+ .label = "Mock Certificate",
+ .serialNumber = "1",
+ .manufacturerID = MOCK_MANUFACTURER_ID,
+ .flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED,
+ .ulMaxSessionCount = 1,
+ },
+ },
+ {
+ .object_class = CKO_PRIVATE_KEY,
+ .info = {
+ .model = MOCK_MODEL,
+ .label = "Mock Private Key",
+ .serialNumber = "2",
+ .manufacturerID = MOCK_MANUFACTURER_ID,
+ .flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED,
+ .ulMaxSessionCount = 1,
+ .ulMaxPinLen = PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN,
+ .ulMinPinLen = PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN,
+ },
+ },
+ {
+ .object_class = CKO_PRIVATE_KEY,
+ .info = {
+ .model = MOCK_MODEL,
+ .label = "Mock Private Key 2",
+ .serialNumber = "3",
+ .manufacturerID = MOCK_MANUFACTURER_ID,
+ .flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED,
+ .ulMaxSessionCount = 1,
+ .ulMaxPinLen = PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN,
+ .ulMinPinLen = PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN,
+ },
+ },
+ {
+ .object_class = CKO_CERTIFICATE,
+ .info = {
+ .model = MOCK_MODEL,
+ .label = "Mock Certificate 2",
+ .serialNumber = "4",
+ .manufacturerID = MOCK_MANUFACTURER_ID,
+ .flags = CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED,
+ .ulMaxSessionCount = 1,
+ },
+ },
+};
+
+typedef struct {
+ CK_SLOT_INFO info;
+ //CK_TOKEN_INFO_PTR tokens[2];
+} MockSlot;
+
+static const MockSlot mock_slots[] = {
+ {
+ .info = {
+ .slotDescription = "Mock Slot",
+ .manufacturerID = MOCK_MANUFACTURER_ID,
+ .flags = CKF_TOKEN_PRESENT,
+ },
+ }
+};
+
+
+// FIXME: These are left overs that are unused
+#define PKCS11_MOCK_CK_OBJECT_HANDLE_DATA 1
+#define PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY 2
+#define PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY 3
+#define PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY 4
+#define PKCS11_MOCK_CK_SLOT_ID 0
+
+#define PKCS11_MOCK_CK_SESSION_ID 1
+
+typedef enum
+{
+ PKCS11_MOCK_CK_OPERATION_NONE,
+ PKCS11_MOCK_CK_OPERATION_FIND,
+ PKCS11_MOCK_CK_OPERATION_ENCRYPT,
+ PKCS11_MOCK_CK_OPERATION_DECRYPT,
+ PKCS11_MOCK_CK_OPERATION_DIGEST,
+ PKCS11_MOCK_CK_OPERATION_SIGN,
+ PKCS11_MOCK_CK_OPERATION_SIGN_RECOVER,
+ PKCS11_MOCK_CK_OPERATION_VERIFY,
+ PKCS11_MOCK_CK_OPERATION_VERIFY_RECOVER,
+ PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT,
+ PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST,
+ PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT,
+ PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY
+} PKCS11_MOCK_CK_OPERATION;
+
+#define PKCS11_MOCK_CKO_ANYTHING -1 // We'll use -1 as a magic match all
+
+static CK_BBOOL pkcs11_mock_initialized = CK_FALSE;
+static CK_BBOOL pkcs11_mock_session_opened = CK_FALSE;
+static CK_ULONG pkcs11_mock_session_state = CKS_RO_PUBLIC_SESSION;
+static PKCS11_MOCK_CK_OPERATION pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+static CK_ULONG pkcs11_mock_sign_key = 0;
+static CK_LONG mock_search_template_class = PKCS11_MOCK_CKO_ANYTHING;
+static char *mock_search_template_label;
+static CK_ULONG mock_search_iterator = 0;
+static gboolean mock_logged_in_state = FALSE;
+static size_t mock_login_attempts = 0;
+static CK_ULONG mock_sign_algo = 0;
+
+static CK_FUNCTION_LIST pkcs11_mock_functions =
+{
+ {2, 20},
+ &C_Initialize,
+ &C_Finalize,
+ &C_GetInfo,
+ &C_GetFunctionList,
+ &C_GetSlotList,
+ &C_GetSlotInfo,
+ &C_GetTokenInfo,
+ &C_GetMechanismList,
+ &C_GetMechanismInfo,
+ &C_InitToken,
+ &C_InitPIN,
+ &C_SetPIN,
+ &C_OpenSession,
+ &C_CloseSession,
+ &C_CloseAllSessions,
+ &C_GetSessionInfo,
+ &C_GetOperationState,
+ &C_SetOperationState,
+ &C_Login,
+ &C_Logout,
+ &C_CreateObject,
+ &C_CopyObject,
+ &C_DestroyObject,
+ &C_GetObjectSize,
+ &C_GetAttributeValue,
+ &C_SetAttributeValue,
+ &C_FindObjectsInit,
+ &C_FindObjects,
+ &C_FindObjectsFinal,
+ &C_EncryptInit,
+ &C_Encrypt,
+ &C_EncryptUpdate,
+ &C_EncryptFinal,
+ &C_DecryptInit,
+ &C_Decrypt,
+ &C_DecryptUpdate,
+ &C_DecryptFinal,
+ &C_DigestInit,
+ &C_Digest,
+ &C_DigestUpdate,
+ &C_DigestKey,
+ &C_DigestFinal,
+ &C_SignInit,
+ &C_Sign,
+ &C_SignUpdate,
+ &C_SignFinal,
+ &C_SignRecoverInit,
+ &C_SignRecover,
+ &C_VerifyInit,
+ &C_Verify,
+ &C_VerifyUpdate,
+ &C_VerifyFinal,
+ &C_VerifyRecoverInit,
+ &C_VerifyRecover,
+ &C_DigestEncryptUpdate,
+ &C_DecryptDigestUpdate,
+ &C_SignEncryptUpdate,
+ &C_DecryptVerifyUpdate,
+ &C_GenerateKey,
+ &C_GenerateKeyPair,
+ &C_WrapKey,
+ &C_UnwrapKey,
+ &C_DeriveKey,
+ &C_SeedRandom,
+ &C_GenerateRandom,
+ &C_GetFunctionStatus,
+ &C_CancelFunction,
+ &C_WaitForSlotEvent
+};
+
+
+/* Copy a string into a buffer without NUL termination and padded with ' ' */
+static void
+copy_padded_string(CK_UTF8CHAR_PTR dest, const CK_UTF8CHAR_PTR src, size_t dest_size)
+{
+ const size_t len = strlen((char*)src);
+
+ g_assert (len < dest_size);
+
+ memset(dest, ' ', dest_size);
+ memcpy(dest, src, len);
+}
+
+CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs)
+{
+ int status;
+ gnutls_datum_t data;
+ char *path;
+
+ if (CK_TRUE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_ALREADY_INITIALIZED;
+
+ IGNORE(pInitArgs);
+
+ // client.pem
+ path = g_test_build_filename(G_TEST_DIST, "files", "client.pem", NULL);
+ status = gnutls_load_file(path, &data);
+ g_debug("Loading %s - %s", path, gnutls_strerror(status));
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_x509_crt_init(&mock_objects[0].cert);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_x509_crt_import(mock_objects[0].cert, &data, GNUTLS_X509_FMT_PEM);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ gnutls_free(data.data);
+ g_free(path);
+
+ // client-key.pem
+ path = g_test_build_filename(G_TEST_DIST, "files", "client-key.pem", NULL);
+ status = gnutls_load_file(path, &data);
+ g_debug("Loading %s - %s", path, gnutls_strerror(status));
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_privkey_init(&mock_objects[1].key);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_privkey_import_x509_raw(mock_objects[1].key, &data, GNUTLS_X509_FMT_PEM, NULL, 0);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ gnutls_free(data.data);
+ g_free(path);
+
+ // client2-key.pem
+ path = g_test_build_filename(G_TEST_DIST, "files", "client2-key.pem", NULL);
+ status = gnutls_load_file(path, &data);
+ g_debug("Loading %s - %s", path, gnutls_strerror(status));
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_privkey_init(&mock_objects[2].key);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_privkey_import_x509_raw(mock_objects[2].key, &data, GNUTLS_X509_FMT_PEM, NULL, 0);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ gnutls_free(data.data);
+ g_free(path);
+
+ // client2.pem
+ path = g_test_build_filename(G_TEST_DIST, "files", "client2.pem", NULL);
+ status = gnutls_load_file(path, &data);
+ g_debug("Loading %s - %s", path, gnutls_strerror(status));
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_x509_crt_init(&mock_objects[3].cert);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ status = gnutls_x509_crt_import(mock_objects[3].cert, &data, GNUTLS_X509_FMT_PEM);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ gnutls_free(data.data);
+ g_free(path);
+
+ pkcs11_mock_initialized = CK_TRUE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(CK_VOID_PTR pReserved)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ IGNORE(pReserved);
+
+ gnutls_x509_crt_deinit(mock_objects[0].cert);
+ gnutls_privkey_deinit(mock_objects[1].key);
+
+ pkcs11_mock_initialized = CK_FALSE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(CK_INFO_PTR pInfo)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (NULL == pInfo)
+ return CKR_ARGUMENTS_BAD;
+
+ pInfo->cryptokiVersion = mock_info.cryptokiVersion;
+ copy_padded_string(pInfo->manufacturerID, mock_info.manufacturerID, sizeof(pInfo->manufacturerID));
+ pInfo->flags = 0;
+ copy_padded_string(pInfo->libraryDescription, mock_info.libraryDescription, sizeof(pInfo->libraryDescription));
+ pInfo->libraryVersion = mock_info.libraryVersion;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+{
+ if (NULL == ppFunctionList)
+ return CKR_ARGUMENTS_BAD;
+
+ *ppFunctionList = &pkcs11_mock_functions;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ IGNORE(tokenPresent);
+
+ if (NULL == pulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pSlotList)
+ {
+ *pulCount = 1;
+ }
+ else
+ {
+ if (0 == *pulCount)
+ return CKR_BUFFER_TOO_SMALL;
+
+ pSlotList[0] = PKCS11_MOCK_CK_SLOT_ID;
+ *pulCount = 1;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
+ MockSlot mock_slot;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (slotID >= G_N_ELEMENTS (mock_slots))
+ return CKR_SLOT_ID_INVALID;
+
+ if (NULL == pInfo)
+ return CKR_ARGUMENTS_BAD;
+
+ mock_slot = mock_slots[slotID];
+
+ copy_padded_string(pInfo->slotDescription, mock_slot.info.slotDescription, sizeof(pInfo->slotDescription));
+ copy_padded_string(pInfo->manufacturerID, mock_slot.info.manufacturerID, sizeof(pInfo->manufacturerID));
+ pInfo->flags = mock_slot.info.flags;
+ pInfo->hardwareVersion = mock_slot.info.hardwareVersion;
+ pInfo->firmwareVersion = mock_slot.info.firmwareVersion;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
+ CK_TOKEN_INFO token;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (slotID > G_N_ELEMENTS (mock_slots))
+ return CKR_SLOT_ID_INVALID;
+
+ if (NULL == pInfo)
+ return CKR_ARGUMENTS_BAD;
+
+ token = mock_objects[slotID].info;
+
+ copy_padded_string(pInfo->label, token.label, sizeof(pInfo->label));
+ copy_padded_string(pInfo->manufacturerID, token.manufacturerID, sizeof(pInfo->manufacturerID));
+ copy_padded_string(pInfo->serialNumber, token.serialNumber, sizeof(pInfo->serialNumber));
+ copy_padded_string(pInfo->model, token.model, sizeof(pInfo->model));
+ pInfo->flags = token.flags;
+ pInfo->ulMaxSessionCount = token.ulMaxSessionCount;
+ pInfo->ulSessionCount = (CK_TRUE == pkcs11_mock_session_opened) ? 1 : 0;
+ pInfo->ulMaxRwSessionCount = token.ulMaxRwSessionCount;
+ pInfo->ulRwSessionCount = (CK_TRUE == pkcs11_mock_session_opened) ? 1 : 0;
+ pInfo->ulMaxPinLen = token.ulMaxPinLen;
+ pInfo->ulMinPinLen = token.ulMinPinLen;
+ pInfo->ulTotalPublicMemory = token.ulTotalPublicMemory;
+ pInfo->ulFreePublicMemory = token.ulFreePublicMemory;
+ pInfo->ulTotalPrivateMemory = token.ulTotalPrivateMemory;
+ pInfo->ulFreePrivateMemory = token.ulFreePrivateMemory;
+ pInfo->hardwareVersion = token.hardwareVersion;
+ pInfo->firmwareVersion = token.firmwareVersion;
+ memset(pInfo->utcTime, ' ', sizeof(pInfo->utcTime));
+
+ // FIXME: Not picked up by gnutls
+ if (mock_login_attempts > 2)
+ {
+ pInfo->flags |= CKF_USER_PIN_COUNT_LOW;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (slotID > G_N_ELEMENTS(mock_slots))
+ return CKR_SLOT_ID_INVALID;
+
+ if (NULL == pulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pMechanismList)
+ {
+ *pulCount = 9;
+ }
+ else
+ {
+ if (9 > *pulCount)
+ return CKR_BUFFER_TOO_SMALL;
+
+ pMechanismList[0] = CKM_RSA_PKCS_KEY_PAIR_GEN;
+ pMechanismList[1] = CKM_RSA_PKCS;
+ pMechanismList[2] = CKM_SHA1_RSA_PKCS;
+ pMechanismList[3] = CKM_RSA_PKCS_OAEP;
+ pMechanismList[4] = CKM_DES3_CBC;
+ pMechanismList[5] = CKM_DES3_KEY_GEN;
+ pMechanismList[6] = CKM_SHA_1;
+ pMechanismList[7] = CKM_XOR_BASE_AND_DATA;
+ pMechanismList[8] = CKM_AES_CBC;
+
+ *pulCount = 9;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_SLOT_ID != slotID)
+ return CKR_SLOT_ID_INVALID;
+
+ if (NULL == pInfo)
+ return CKR_ARGUMENTS_BAD;
+
+ switch (type)
+ {
+ case CKM_RSA_PKCS_KEY_PAIR_GEN:
+ pInfo->ulMinKeySize = 1024;
+ pInfo->ulMaxKeySize = 1024;
+ pInfo->flags = CKF_GENERATE_KEY_PAIR;
+ break;
+
+ case CKM_RSA_PKCS:
+ pInfo->ulMinKeySize = 1024;
+ pInfo->ulMaxKeySize = 1024;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_SIGN_RECOVER | CKF_VERIFY | CKF_VERIFY_RECOVER | CKF_WRAP | CKF_UNWRAP;
+ break;
+
+ case CKM_SHA1_RSA_PKCS:
+ pInfo->ulMinKeySize = 1024;
+ pInfo->ulMaxKeySize = 1024;
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+
+ case CKM_RSA_PKCS_OAEP:
+ pInfo->ulMinKeySize = 1024;
+ pInfo->ulMaxKeySize = 1024;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
+ break;
+
+ case CKM_DES3_CBC:
+ pInfo->ulMinKeySize = 192;
+ pInfo->ulMaxKeySize = 192;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
+ break;
+
+ case CKM_DES3_KEY_GEN:
+ pInfo->ulMinKeySize = 192;
+ pInfo->ulMaxKeySize = 192;
+ pInfo->flags = CKF_GENERATE;
+ break;
+
+ case CKM_SHA_1:
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_DIGEST;
+ break;
+
+ case CKM_XOR_BASE_AND_DATA:
+ pInfo->ulMinKeySize = 128;
+ pInfo->ulMaxKeySize = 256;
+ pInfo->flags = CKF_DERIVE;
+ break;
+
+ case CKM_AES_CBC:
+ pInfo->ulMinKeySize = 128;
+ pInfo->ulMaxKeySize = 256;
+ pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT;
+ break;
+
+ case CKM_RSA_PKCS_PSS:
+ // FIXME: Made up key sizes
+ pInfo->ulMinKeySize = 256;
+ pInfo->ulMaxKeySize = 256;
+ // Flags based on table here: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/csd01/pkcs11-curr-v2.40-csd01.html
+ pInfo->flags = CKF_SIGN | CKF_VERIFY;
+ break;
+
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_SLOT_ID != slotID)
+ return CKR_SLOT_ID_INVALID;
+
+ if (NULL == pPin)
+ return CKR_ARGUMENTS_BAD;
+
+ if ((ulPinLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulPinLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN))
+ return CKR_PIN_LEN_RANGE;
+
+ if (NULL == pLabel)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CK_TRUE == pkcs11_mock_session_opened)
+ return CKR_SESSION_EXISTS;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (CKS_RW_SO_FUNCTIONS != pkcs11_mock_session_state)
+ return CKR_USER_NOT_LOGGED_IN;
+
+ if (NULL == pPin)
+ return CKR_ARGUMENTS_BAD;
+
+ if ((ulPinLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulPinLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN))
+ return CKR_PIN_LEN_RANGE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if ((CKS_RO_PUBLIC_SESSION == pkcs11_mock_session_state) || (CKS_RO_USER_FUNCTIONS == pkcs11_mock_session_state))
+ return CKR_SESSION_READ_ONLY;
+
+ if (NULL == pOldPin)
+ return CKR_ARGUMENTS_BAD;
+
+ if ((ulOldLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulOldLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN))
+ return CKR_PIN_LEN_RANGE;
+
+ if (NULL == pNewPin)
+ return CKR_ARGUMENTS_BAD;
+
+ if ((ulNewLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulNewLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN))
+ return CKR_PIN_LEN_RANGE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (CK_TRUE == pkcs11_mock_session_opened)
+ return CKR_SESSION_COUNT;
+
+ if (PKCS11_MOCK_CK_SLOT_ID != slotID)
+ return CKR_SLOT_ID_INVALID;
+
+ if (!(flags & CKF_SERIAL_SESSION))
+ return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
+
+ IGNORE(pApplication);
+
+ IGNORE(Notify);
+
+ if (NULL == phSession)
+ return CKR_ARGUMENTS_BAD;
+
+ pkcs11_mock_session_opened = CK_TRUE;
+ pkcs11_mock_session_state = (flags & CKF_RW_SESSION) ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION;
+ *phSession = PKCS11_MOCK_CK_SESSION_ID;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_CloseSession)(CK_SESSION_HANDLE hSession)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ pkcs11_mock_session_opened = CK_FALSE;
+ pkcs11_mock_session_state = CKS_RO_PUBLIC_SESSION;
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(CK_SLOT_ID slotID)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_SLOT_ID != slotID)
+ return CKR_SLOT_ID_INVALID;
+
+ pkcs11_mock_session_opened = CK_FALSE;
+ pkcs11_mock_session_state = CKS_RO_PUBLIC_SESSION;
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pInfo)
+ return CKR_ARGUMENTS_BAD;
+
+ pInfo->slotID = PKCS11_MOCK_CK_SLOT_ID;
+ pInfo->state = pkcs11_mock_session_state;
+ pInfo->flags = CKF_SERIAL_SESSION;
+ if ((pkcs11_mock_session_state != CKS_RO_PUBLIC_SESSION) && (pkcs11_mock_session_state != CKS_RO_USER_FUNCTIONS))
+ pInfo->flags = pInfo->flags | CKF_RW_SESSION;
+ pInfo->ulDeviceError = 0;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetOperationState)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pulOperationStateLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pOperationState)
+ {
+ *pulOperationStateLen = 256;
+ }
+ else
+ {
+ if (256 > *pulOperationStateLen)
+ return CKR_BUFFER_TOO_SMALL;
+
+ memset(pOperationState, 1, 256);
+ *pulOperationStateLen = 256;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SetOperationState)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pOperationState)
+ return CKR_ARGUMENTS_BAD;
+
+ if (256 != ulOperationStateLen)
+ return CKR_ARGUMENTS_BAD;
+
+ IGNORE(hEncryptionKey);
+
+ IGNORE(hAuthenticationKey);
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+ // More hardcoding
+ const char *password = "ABC123";
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if ((CKU_SO != userType) && (CKU_USER != userType) && (CKU_CONTEXT_SPECIFIC != userType))
+ return CKR_USER_TYPE_INVALID;
+
+ if (NULL == pPin)
+ return CKR_ARGUMENTS_BAD;
+
+ if ((ulPinLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulPinLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN))
+ return CKR_PIN_LEN_RANGE;
+
+ // FIXME: gnutls bug? It calls this before an operation
+ // if (pkcs11_mock_active_operation == PKCS11_MOCK_CK_OPERATION_NONE && CKU_CONTEXT_SPECIFIC != userType)
+ // return CKR_OPERATION_NOT_INITIALIZED;
+
+ if (mock_logged_in_state == TRUE)
+ return CKR_USER_ALREADY_LOGGED_IN;
+
+ if (ulPinLen == strlen (password) && strncmp ((char*)pPin, password, ulPinLen) == 0)
+ {
+ mock_logged_in_state = TRUE;
+ mock_login_attempts = 0;
+ return CKR_OK;
+ }
+ else
+ {
+ mock_login_attempts += 1;
+ return CKR_PIN_INCORRECT;
+ }
+
+ // TODO: We don't test any of these states atm
+ // switch (pkcs11_mock_session_state)
+ // {
+ // case CKS_RO_PUBLIC_SESSION:
+
+ // if (CKU_SO == userType)
+ // rv = CKR_SESSION_READ_ONLY_EXISTS;
+ // else
+ // pkcs11_mock_session_state = CKS_RO_USER_FUNCTIONS;
+
+ // break;
+
+ // case CKS_RO_USER_FUNCTIONS:
+ // case CKS_RW_USER_FUNCTIONS:
+
+ // rv = (CKU_SO == userType) ? CKR_USER_ANOTHER_ALREADY_LOGGED_IN : CKR_USER_ALREADY_LOGGED_IN;
+
+ // break;
+
+ // case CKS_RW_PUBLIC_SESSION:
+
+ // pkcs11_mock_session_state = (CKU_SO == userType) ? CKS_RW_SO_FUNCTIONS : CKS_RW_USER_FUNCTIONS;
+
+ // break;
+
+ // case CKS_RW_SO_FUNCTIONS:
+
+ // rv = (CKU_SO == userType) ? CKR_USER_ALREADY_LOGGED_IN : CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+
+ // break;
+ // }
+
+ // return rv;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Logout)(CK_SESSION_HANDLE hSession)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (mock_logged_in_state == FALSE)
+ return CKR_USER_NOT_LOGGED_IN;
+
+ // if ((pkcs11_mock_session_state == CKS_RO_PUBLIC_SESSION) || (pkcs11_mock_session_state == CKS_RW_PUBLIC_SESSION))
+ // return CKR_USER_NOT_LOGGED_IN;
+
+ mock_logged_in_state = FALSE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == phObject)
+ return CKR_ARGUMENTS_BAD;
+
+ for (i = 0; i < ulCount; i++)
+ {
+ if (NULL == pTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ *phObject = PKCS11_MOCK_CK_OBJECT_HANDLE_DATA;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject)
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ if (NULL == phNewObject)
+ return CKR_ARGUMENTS_BAD;
+
+ *phNewObject = PKCS11_MOCK_CK_OBJECT_HANDLE_DATA;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DestroyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if ((PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) &&
+ (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hObject) &&
+ (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hObject) &&
+ (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hObject))
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetObjectSize)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (hObject > G_N_ELEMENTS (mock_objects))
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ if (NULL == pulSize)
+ return CKR_ARGUMENTS_BAD;
+
+ *pulSize = 0; // FIXME: mock_objects[hObject].size;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+ CK_ULONG i = 0;
+ MockObject obj;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (hObject >= G_N_ELEMENTS (mock_objects))
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ if (NULL == pTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ obj = mock_objects[hObject];
+
+ for (i = 0; i < ulCount; i++)
+ {
+ if (CKA_LABEL == pTemplate[i].type || CKA_ID == pTemplate[i].type)
+ {
+ if (NULL != pTemplate[i].pValue)
+ {
+ if (pTemplate[i].ulValueLen < strlen((char*)obj.info.label))
+ return CKR_BUFFER_TOO_SMALL;
+ else
+ memcpy(pTemplate[i].pValue, obj.info.label, strlen((char*)obj.info.label));
+ }
+
+ pTemplate[i].ulValueLen = strlen((char*)obj.info.label);
+ }
+ else if (CKA_EXTRACTABLE == pTemplate[i].type)
+ {
+ *((CK_BBOOL *) pTemplate[i].pValue) = obj.object_class == CKO_CERTIFICATE ? CK_TRUE : CK_FALSE;
+ pTemplate[i].ulValueLen = sizeof(CK_BBOOL);
+ }
+ else if (CKA_NEVER_EXTRACTABLE == pTemplate[i].type || CKA_SENSITIVE == pTemplate[i].type)
+ {
+ *((CK_BBOOL *) pTemplate[i].pValue) = obj.object_class == CKO_PRIVATE_KEY ? CK_TRUE : CK_FALSE;
+ pTemplate[i].ulValueLen = sizeof(CK_BBOOL);
+ }
+ else if (CKA_CERTIFICATE_CATEGORY == pTemplate[i].type)
+ {
+ CK_ULONG t;
+ if (pTemplate[i].ulValueLen < sizeof(CK_ULONG))
+ return CKR_BUFFER_TOO_SMALL;
+
+ if (obj.object_class == CKO_CERTIFICATE)
+ t = CK_CERTIFICATE_CATEGORY_AUTHORITY;
+ else
+ t = CK_CERTIFICATE_CATEGORY_UNSPECIFIED;
+
+ memcpy(pTemplate[i].pValue, &t, sizeof(CK_ULONG));
+ }
+ else if (CKA_SUBJECT == pTemplate[i].type)
+ {
+ int status;
+ gnutls_datum_t data;
+ gnutls_x509_dn_t dn; /* Owned by cert */
+
+ g_assert (obj.object_class == CKO_CERTIFICATE);
+
+ status = gnutls_x509_crt_get_subject(obj.cert, &dn);
+ g_assert(status == GNUTLS_E_SUCCESS);
+ status = gnutls_x509_dn_get_str(dn, &data);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ if (data.size > pTemplate[i].ulValueLen)
+ {
+ gnutls_free(data.data);
+ pTemplate[i].ulValueLen = data.size;
+ if (pTemplate[i].pValue != NULL) /* If NULL return OK */
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ memcpy(pTemplate[i].pValue, data.data, data.size);
+ pTemplate[i].ulValueLen = data.size;
+ gnutls_free(data.data);
+ }
+ }
+ else if (CKA_VALUE == pTemplate[i].type)
+ {
+ if (obj.object_class == CKO_CERTIFICATE)
+ {
+ int status;
+ gnutls_datum_t data;
+
+ status = gnutls_x509_crt_export2(obj.cert, GNUTLS_X509_FMT_DER, &data);
+ g_assert(status == GNUTLS_E_SUCCESS);
+
+ if (data.size > pTemplate[i].ulValueLen)
+ {
+ gnutls_free(data.data);
+ pTemplate[i].ulValueLen = data.size;
+ if (pTemplate[i].pValue != NULL) /* If NULL return OK */
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ memcpy(pTemplate[i].pValue, data.data, data.size);
+ gnutls_free(data.data);
+ pTemplate[i].ulValueLen = data.size;
+ }
+ }
+ else
+ {
+ pTemplate[i].ulValueLen = CK_UNAVAILABLE_INFORMATION;
+ }
+ }
+ else if (CKA_CLASS == pTemplate[i].type)
+ {
+ if (NULL != pTemplate[i].pValue)
+ *((CK_ULONG *) pTemplate[i].pValue) = obj.object_class;
+ pTemplate[i].ulValueLen = sizeof (obj.object_class);
+ }
+ else if (CKA_CERTIFICATE_TYPE == pTemplate[i].type)
+ {
+ CK_CERTIFICATE_TYPE ret = CKC_X_509;
+
+ if (pTemplate[i].ulValueLen != sizeof(CK_CERTIFICATE_TYPE))
+ return CKR_ARGUMENTS_BAD;
+
+ /* TODO: Test both TRUE and FALSE */
+ memcpy(pTemplate[i].pValue, &ret, sizeof(CK_CERTIFICATE_TYPE));
+ }
+ else if (CKA_KEY_TYPE == pTemplate[i].type)
+ {
+ CK_KEY_TYPE t;
+ if (pTemplate[i].ulValueLen != sizeof(CK_KEY_TYPE))
+ return CKR_ARGUMENTS_BAD;
+
+ if (obj.object_class != CKO_PRIVATE_KEY)
+ return CKR_ARGUMENTS_BAD;
+
+ switch (gnutls_privkey_get_pk_algorithm (obj.key, NULL))
+ {
+ case GNUTLS_PK_RSA:
+ t = CKK_RSA;
+ break;
+ case GNUTLS_PK_DSA:
+ t = CKK_DSA;
+ break;
+ case GNUTLS_PK_DH:
+ t = CKK_DH;
+ break;
+ case GNUTLS_PK_EC:
+ t = CKK_EC;
+ break;
+ default:
+ pTemplate[i].ulValueLen = CK_UNAVAILABLE_INFORMATION;
+ return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
+
+ memcpy(pTemplate[i].pValue, &t, sizeof(CK_KEY_TYPE));
+ }
+ else if (CKA_ALWAYS_AUTHENTICATE == pTemplate[i].type)
+ {
+ CK_BBOOL ret = CK_TRUE;
+
+ if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL))
+ return CKR_ARGUMENTS_BAD;
+
+ /* TODO: Test both TRUE and FALSE */
+ memcpy(pTemplate[i].pValue, &ret, sizeof(CK_BBOOL));
+ }
+ else if (CKA_MODULUS == pTemplate[i].type && obj.object_class == CKO_PRIVATE_KEY)
+ {
+ /* Hardcode RSA for now */
+ gnutls_datum_t modulus;
+ int status = gnutls_privkey_export_rsa_raw (obj.key, &modulus, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+ g_assert (status == GNUTLS_E_SUCCESS);
+
+ if (modulus.size > pTemplate[i].ulValueLen)
+ {
+ gnutls_free(modulus.data);
+ pTemplate[i].ulValueLen = modulus.size;
+ if (pTemplate[i].pValue != NULL) /* If NULL return OK */
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ memcpy(pTemplate[i].pValue, modulus.data, modulus.size);
+ gnutls_free(modulus.data);
+ pTemplate[i].ulValueLen = modulus.size;
+ }
+ }
+ else if (CKA_SIGN == pTemplate[i].type && obj.object_class == CKO_PRIVATE_KEY) /* Any key type in future */
+ {
+ CK_BBOOL ret = CK_TRUE;
+
+ if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL))
+ return CKR_ARGUMENTS_BAD;
+
+ memcpy(pTemplate[i].pValue, &ret, sizeof(CK_BBOOL));
+ }
+ else
+ {
+ return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SetAttributeValue)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (hObject > G_N_ELEMENTS (mock_objects))
+ if ((PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) &&
+ (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hObject) &&
+ (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hObject) &&
+ (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hObject))
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ if (NULL == pTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ for (i = 0; i < ulCount; i++)
+ {
+ if ((CKA_LABEL == pTemplate[i].type) || (CKA_VALUE == pTemplate[i].type))
+ {
+ if (NULL == pTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ else
+ {
+ return CKR_ATTRIBUTE_TYPE_INVALID;
+ }
+ }
+
+ return CKR_OK;
+}
+
+CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+ CK_ULONG i = 0;
+ CK_ULONG_PTR cka_class_value = NULL;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation)
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pTemplate && ulCount != 0)
+ return CKR_ARGUMENTS_BAD;
+
+ mock_search_template_class = PKCS11_MOCK_CKO_ANYTHING;
+ g_clear_pointer (&mock_search_template_label, g_free);
+
+ for (i = 0; i < ulCount; i++)
+ {
+ if (NULL == pTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (CKA_CLASS == pTemplate[i].type)
+ {
+ if (sizeof(CK_ULONG) != pTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ cka_class_value = (CK_ULONG_PTR) pTemplate[i].pValue;
+ mock_search_template_class = *cka_class_value;
+ }
+ else if (CKA_LABEL == pTemplate[i].type)
+ {
+ const char *cka_label_value = (char*)pTemplate[i].pValue;
+ g_clear_pointer (&mock_search_template_label, g_free);
+ mock_search_template_label = g_strndup (cka_label_value, pTemplate[i].ulValueLen);
+ }
+ else
+ {
+ g_info ("Ignoring search template for %lu", pTemplate[i].type);
+ }
+ }
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_FIND;
+ mock_search_iterator = 0;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_FIND != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if ((NULL == phObject) && (0 < ulMaxObjectCount))
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulObjectCount)
+ return CKR_ARGUMENTS_BAD;
+
+ *pulObjectCount = 0;
+ for (; mock_search_iterator < G_N_ELEMENTS (mock_objects) && *pulObjectCount < ulMaxObjectCount; mock_search_iterator++)
+ {
+ if ((mock_search_template_class == PKCS11_MOCK_CKO_ANYTHING || mock_objects[mock_search_iterator].object_class == mock_search_template_class) &&
+ (mock_search_template_label == NULL || g_strcmp0 ((char*)mock_objects[mock_search_iterator].info.label, mock_search_template_label) == 0))
+ {
+ phObject[*pulObjectCount] = mock_search_iterator;
+ *pulObjectCount = *pulObjectCount + 1;
+ }
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsFinal)(CK_SESSION_HANDLE hSession)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_FIND != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_EncryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DIGEST != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_SIGN != pkcs11_mock_active_operation))
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ switch (pMechanism->mechanism)
+ {
+ case CKM_RSA_PKCS:
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ case CKM_RSA_PKCS_OAEP:
+
+ if ((NULL == pMechanism->pParameter) || (sizeof(CK_RSA_PKCS_OAEP_PARAMS) != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ case CKM_DES3_CBC:
+
+ if ((NULL == pMechanism->pParameter) || (8 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ case CKM_AES_CBC:
+
+ if ((NULL == pMechanism->pParameter) || (16 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ default:
+
+ return CKR_MECHANISM_INVALID;
+ }
+
+ switch (pkcs11_mock_active_operation)
+ {
+ case PKCS11_MOCK_CK_OPERATION_NONE:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_ENCRYPT;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DIGEST:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_SIGN:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT;
+ break;
+ default:
+ return CKR_FUNCTION_FAILED;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
+{
+ CK_ULONG i = 0;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_ENCRYPT != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulEncryptedDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pEncryptedData)
+ {
+ if (ulDataLen > *pulEncryptedDataLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulDataLen; i++)
+ pEncryptedData[i] = pData[i] ^ 0xAB;
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ }
+ }
+
+ *pulEncryptedDataLen = ulDataLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_ENCRYPT != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pEncryptedPart)
+ {
+ if (ulPartLen > *pulEncryptedPartLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulPartLen; i++)
+ pEncryptedPart[i] = pPart[i] ^ 0xAB;
+ }
+ }
+
+ *pulEncryptedPartLen = ulPartLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_EncryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_ENCRYPT != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != pkcs11_mock_active_operation))
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pulLastEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pLastEncryptedPart)
+ {
+ switch (pkcs11_mock_active_operation)
+ {
+ case PKCS11_MOCK_CK_OPERATION_ENCRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_SIGN;
+ break;
+ default:
+ return CKR_FUNCTION_FAILED;
+ }
+ }
+
+ *pulLastEncryptedPartLen = 0;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DIGEST != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_VERIFY != pkcs11_mock_active_operation))
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ switch (pMechanism->mechanism)
+ {
+ case CKM_RSA_PKCS:
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ case CKM_RSA_PKCS_OAEP:
+
+ if ((NULL == pMechanism->pParameter) || (sizeof(CK_RSA_PKCS_OAEP_PARAMS) != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ case CKM_DES3_CBC:
+
+ if ((NULL == pMechanism->pParameter) || (8 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ case CKM_AES_CBC:
+
+ if ((NULL == pMechanism->pParameter) || (16 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+
+ break;
+
+ default:
+
+ return CKR_MECHANISM_INVALID;
+ }
+
+ switch (pkcs11_mock_active_operation)
+ {
+ case PKCS11_MOCK_CK_OPERATION_NONE:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DIGEST:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_VERIFY:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY;
+ break;
+ default:
+ return CKR_FUNCTION_FAILED;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DECRYPT != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pEncryptedData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulEncryptedDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pData)
+ {
+ if (ulEncryptedDataLen > *pulDataLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulEncryptedDataLen; i++)
+ pData[i] = pEncryptedData[i] ^ 0xAB;
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ }
+ }
+
+ *pulDataLen = ulEncryptedDataLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DECRYPT != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pEncryptedPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pPart)
+ {
+ if (ulEncryptedPartLen > *pulPartLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulEncryptedPartLen; i++)
+ pPart[i] = pEncryptedPart[i] ^ 0xAB;
+ }
+ }
+
+ *pulPartLen = ulEncryptedPartLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_DECRYPT != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != pkcs11_mock_active_operation))
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pulLastPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pLastPart)
+ {
+ switch (pkcs11_mock_active_operation)
+ {
+ case PKCS11_MOCK_CK_OPERATION_DECRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_VERIFY;
+ break;
+ default:
+ return CKR_FUNCTION_FAILED;
+ }
+ }
+
+ *pulLastPartLen = 0;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DigestInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_ENCRYPT != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DECRYPT != pkcs11_mock_active_operation))
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_SHA_1 != pMechanism->mechanism)
+ return CKR_MECHANISM_INVALID;
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ switch (pkcs11_mock_active_operation)
+ {
+ case PKCS11_MOCK_CK_OPERATION_NONE:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_ENCRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DECRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST;
+ break;
+ default:
+ return CKR_FUNCTION_FAILED;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
+{
+ CK_BYTE hash[20] = { 0x7B, 0x50, 0x2C, 0x3A, 0x1F, 0x48, 0xC8, 0x60, 0x9A, 0xE2, 0x12, 0xCD, 0xFB, 0x63, 0x9D, 0xEE, 0x39, 0x67, 0x3F, 0x5E };
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DIGEST != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulDigestLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pDigest)
+ {
+ if (sizeof(hash) > *pulDigestLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ memcpy(pDigest, hash, sizeof(hash));
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ }
+ }
+
+ *pulDigestLen = sizeof(hash);
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DIGEST != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DIGEST != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey)
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
+{
+ CK_BYTE hash[20] = { 0x7B, 0x50, 0x2C, 0x3A, 0x1F, 0x48, 0xC8, 0x60, 0x9A, 0xE2, 0x12, 0xCD, 0xFB, 0x63, 0x9D, 0xEE, 0x39, 0x67, 0x3F, 0x5E };
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_DIGEST != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != pkcs11_mock_active_operation))
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pulDigestLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pDigest)
+ {
+ if (sizeof(hash) > *pulDigestLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ memcpy(pDigest, hash, sizeof(hash));
+
+ switch (pkcs11_mock_active_operation)
+ {
+ case PKCS11_MOCK_CK_OPERATION_DIGEST:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_ENCRYPT;
+ break;
+ case PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST:
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT;
+ break;
+ default:
+ return CKR_FUNCTION_FAILED;
+ }
+ }
+ }
+
+ *pulDigestLen = sizeof(hash);
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_ENCRYPT != pkcs11_mock_active_operation))
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (hKey >= G_N_ELEMENTS(mock_objects) || mock_objects[hKey].object_class != CKO_PRIVATE_KEY)
+ return CKR_KEY_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ mock_sign_algo = pMechanism->mechanism;
+
+ // TODO: Hardcoded list
+ if (CKM_RSA_PKCS_PSS == pMechanism->mechanism)
+ {
+ CK_RSA_PKCS_PSS_PARAMS *params;
+
+ if ((NULL == pMechanism->pParameter) || (0 == pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ params = pMechanism->pParameter;
+
+ g_assert (params->hashAlg == CKM_SHA256);
+ g_assert (params->mgf == CKG_MGF1_SHA256);
+ // if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey)
+ // return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ else if (CKM_RSA_PKCS == pMechanism->mechanism)
+ {
+ // FIXME: Also assert SHA256?
+ }
+ else
+ {
+ g_assert_not_reached ();
+ return CKR_MECHANISM_INVALID;
+ }
+
+ if (PKCS11_MOCK_CK_OPERATION_NONE == pkcs11_mock_active_operation)
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_SIGN;
+ else
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT;
+
+ pkcs11_mock_sign_key = hKey;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ const gnutls_datum_t data = {
+ .data = pData,
+ .size = ulDataLen,
+ };
+ gnutls_datum_t signature;
+ int status;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_SIGN != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulSignatureLen)
+ return CKR_ARGUMENTS_BAD;
+
+ // TODO: Handle user not logged in
+
+ // TODO: Hardcoded algo list
+ if (mock_sign_algo == CKM_RSA_PKCS_PSS)
+ status = gnutls_privkey_sign_hash2 (mock_objects[pkcs11_mock_sign_key].key, GNUTLS_SIGN_RSA_PSS_SHA256,
+ GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, &data, &signature);
+ else if (mock_sign_algo == CKM_RSA_PKCS)
+ status = gnutls_privkey_sign_hash2 (mock_objects[pkcs11_mock_sign_key].key, GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &data, &signature);
+ else
+ g_assert_not_reached ();
+
+ // g_assert (status == GNUTLS_E_SUCCESS);
+ if (status != GNUTLS_E_SUCCESS)
+ return CKR_FUNCTION_FAILED; // TODO: Best return code?
+
+ if (signature.size > *pulSignatureLen)
+ {
+ gnutls_free (signature.data);
+ *pulSignatureLen = signature.size;
+ if (pSignature != NULL)
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ // This is called twice, once with NULL to just query size
+ if (pSignature != NULL)
+ {
+ memcpy (pSignature, signature.data, signature.size);
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ }
+ *pulSignatureLen = signature.size;
+ gnutls_free (signature.data);
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_SIGN != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 };
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_SIGN != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != pkcs11_mock_active_operation))
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pulSignatureLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pSignature)
+ {
+ if (sizeof(signature) > *pulSignatureLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ memcpy(pSignature, signature, sizeof(signature));
+
+ if (PKCS11_MOCK_CK_OPERATION_SIGN == pkcs11_mock_active_operation)
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ else
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_ENCRYPT;
+ }
+ }
+
+ *pulSignatureLen = sizeof(signature);
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SignRecoverInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation)
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_RSA_PKCS == pMechanism->mechanism)
+ {
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ else
+ {
+ return CKR_MECHANISM_INVALID;
+ }
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_SIGN_RECOVER;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_SIGN_RECOVER != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulSignatureLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pSignature)
+ {
+ if (ulDataLen > *pulSignatureLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulDataLen; i++)
+ pSignature[i] = pData[i] ^ 0xAB;
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ }
+ }
+
+ *pulSignatureLen = ulDataLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_VerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DECRYPT != pkcs11_mock_active_operation))
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if ((CKM_RSA_PKCS == pMechanism->mechanism) || (CKM_SHA1_RSA_PKCS == pMechanism->mechanism))
+ {
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ else
+ {
+ return CKR_MECHANISM_INVALID;
+ }
+
+ if (PKCS11_MOCK_CK_OPERATION_NONE == pkcs11_mock_active_operation)
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_VERIFY;
+ else
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 };
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_VERIFY != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pSignature)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulSignatureLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (sizeof(signature) != ulSignatureLen)
+ return CKR_SIGNATURE_LEN_RANGE;
+
+ if (0 != memcmp(pSignature, signature, sizeof(signature)))
+ return CKR_SIGNATURE_INVALID;
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_VERIFY != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_VerifyFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+ CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 };
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((PKCS11_MOCK_CK_OPERATION_VERIFY != pkcs11_mock_active_operation) &&
+ (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != pkcs11_mock_active_operation))
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pSignature)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulSignatureLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (sizeof(signature) != ulSignatureLen)
+ return CKR_SIGNATURE_LEN_RANGE;
+
+ if (0 != memcmp(pSignature, signature, sizeof(signature)))
+ return CKR_SIGNATURE_INVALID;
+
+ if (PKCS11_MOCK_CK_OPERATION_VERIFY == pkcs11_mock_active_operation)
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ else
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_NONE != pkcs11_mock_active_operation)
+ return CKR_OPERATION_ACTIVE;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_RSA_PKCS == pMechanism->mechanism)
+ {
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey)
+ return CKR_KEY_TYPE_INCONSISTENT;
+ }
+ else
+ {
+ return CKR_MECHANISM_INVALID;
+ }
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_VERIFY_RECOVER;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_VERIFY_RECOVER != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pSignature)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulSignatureLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulDataLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pData)
+ {
+ if (ulSignatureLen > *pulDataLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulSignatureLen; i++)
+ pData[i] = pSignature[i] ^ 0xAB;
+
+ pkcs11_mock_active_operation = PKCS11_MOCK_CK_OPERATION_NONE;
+ }
+ }
+
+ *pulDataLen = ulSignatureLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)
+{
+ CK_ULONG i = 0;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pEncryptedPart)
+ {
+ if (ulPartLen > *pulEncryptedPartLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulPartLen; i++)
+ pEncryptedPart[i] = pPart[i] ^ 0xAB;
+ }
+ }
+
+ *pulEncryptedPartLen = ulPartLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pEncryptedPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pPart)
+ {
+ if (ulEncryptedPartLen > *pulPartLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulEncryptedPartLen; i++)
+ pPart[i] = pEncryptedPart[i] ^ 0xAB;
+ }
+ }
+
+ *pulPartLen = ulEncryptedPartLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)
+{
+ CK_ULONG i = 0;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pEncryptedPart)
+ {
+ if (ulPartLen > *pulEncryptedPartLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulPartLen; i++)
+ pEncryptedPart[i] = pPart[i] ^ 0xAB;
+ }
+ }
+
+ *pulEncryptedPartLen = ulPartLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
+ CK_ULONG i = 0;
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != pkcs11_mock_active_operation)
+ return CKR_OPERATION_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pEncryptedPart)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulEncryptedPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pulPartLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pPart)
+ {
+ if (ulEncryptedPartLen > *pulPartLen)
+ {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ for (i = 0; i < ulEncryptedPartLen; i++)
+ pPart[i] = pEncryptedPart[i] ^ 0xAB;
+ }
+ }
+
+ *pulPartLen = ulEncryptedPartLen;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GenerateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
+{
+ CK_ULONG i = 0;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_DES3_KEY_GEN != pMechanism->mechanism)
+ return CKR_MECHANISM_INVALID;
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (NULL == pTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == phKey)
+ return CKR_ARGUMENTS_BAD;
+
+ for (i = 0; i < ulCount; i++)
+ {
+ if (NULL == pTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ *phKey = PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
+ CK_ULONG i = 0;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_RSA_PKCS_KEY_PAIR_GEN != pMechanism->mechanism)
+ return CKR_MECHANISM_INVALID;
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (NULL == pPublicKeyTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPublicKeyAttributeCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pPrivateKeyTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulPrivateKeyAttributeCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == phPublicKey)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == phPrivateKey)
+ return CKR_ARGUMENTS_BAD;
+
+ for (i = 0; i < ulPublicKeyAttributeCount; i++)
+ {
+ if (NULL == pPublicKeyTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pPublicKeyTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ for (i = 0; i < ulPrivateKeyAttributeCount; i++)
+ {
+ if (NULL == pPrivateKeyTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pPrivateKeyTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ *phPublicKey = PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY;
+ *phPrivateKey = PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_WrapKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
+{
+ CK_BYTE wrappedKey[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 };
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_RSA_PKCS != pMechanism->mechanism)
+ return CKR_MECHANISM_INVALID;
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hWrappingKey)
+ return CKR_KEY_HANDLE_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey)
+ return CKR_KEY_HANDLE_INVALID;
+
+ if (NULL != pWrappedKey)
+ {
+ if (sizeof(wrappedKey) > *pulWrappedKeyLen)
+ return CKR_BUFFER_TOO_SMALL;
+ else
+ memcpy(pWrappedKey, wrappedKey, sizeof(wrappedKey));
+ }
+
+ *pulWrappedKeyLen = sizeof(wrappedKey);
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_UnwrapKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
+{
+ CK_ULONG i = 0;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_RSA_PKCS != pMechanism->mechanism)
+ return CKR_MECHANISM_INVALID;
+
+ if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hUnwrappingKey)
+ return CKR_KEY_HANDLE_INVALID;
+
+ if (NULL == pWrappedKey)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulWrappedKeyLen)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pTemplate)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulAttributeCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == phKey)
+ return CKR_ARGUMENTS_BAD;
+
+ for (i = 0; i < ulAttributeCount; i++)
+ {
+ if (NULL == pTemplate[i].pValue)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ if (0 >= pTemplate[i].ulValueLen)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+
+ *phKey = PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_DeriveKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pMechanism)
+ return CKR_ARGUMENTS_BAD;
+
+ if (CKM_XOR_BASE_AND_DATA != pMechanism->mechanism)
+ return CKR_MECHANISM_INVALID;
+
+ if ((NULL == pMechanism->pParameter) || (sizeof(CK_KEY_DERIVATION_STRING_DATA) != pMechanism->ulParameterLen))
+ return CKR_MECHANISM_PARAM_INVALID;
+
+ if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hBaseKey)
+ return CKR_OBJECT_HANDLE_INVALID;
+
+ if (NULL == phKey)
+ return CKR_ARGUMENTS_BAD;
+
+ *phKey = PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == pSeed)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulSeedLen)
+ return CKR_ARGUMENTS_BAD;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GenerateRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen)
+{
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ if (NULL == RandomData)
+ return CKR_ARGUMENTS_BAD;
+
+ if (0 >= ulRandomLen)
+ return CKR_ARGUMENTS_BAD;
+
+ memset(RandomData, 1, ulRandomLen);
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionStatus)(CK_SESSION_HANDLE hSession)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_CancelFunction)(CK_SESSION_HANDLE hSession)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((0 != flags) && (CKF_DONT_BLOCK != flags))
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pSlot)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL != pReserved)
+ return CKR_ARGUMENTS_BAD;
+
+ return CKR_NO_EVENT;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_GetUnmanagedStructSizeList)(CK_ULONG_PTR pSizeList, CK_ULONG_PTR pulCount)
+{
+ CK_ULONG sizes[] = {
+ sizeof(CK_ATTRIBUTE),
+ sizeof(CK_C_INITIALIZE_ARGS),
+ sizeof(CK_FUNCTION_LIST),
+ sizeof(CK_INFO),
+ sizeof(CK_MECHANISM),
+ sizeof(CK_MECHANISM_INFO),
+ sizeof(CK_SESSION_INFO),
+ sizeof(CK_SLOT_INFO),
+ sizeof(CK_TOKEN_INFO),
+ sizeof(CK_VERSION),
+ sizeof(CK_AES_CBC_ENCRYPT_DATA_PARAMS),
+ sizeof(CK_AES_CTR_PARAMS),
+ sizeof(CK_CMS_SIG_PARAMS),
+ sizeof(CK_DES_CBC_ENCRYPT_DATA_PARAMS),
+ sizeof(CK_ECDH1_DERIVE_PARAMS),
+ sizeof(CK_ECDH2_DERIVE_PARAMS),
+ sizeof(CK_ECMQV_DERIVE_PARAMS),
+ sizeof(CK_EXTRACT_PARAMS),
+ sizeof(CK_KEA_DERIVE_PARAMS),
+ sizeof(CK_KEY_DERIVATION_STRING_DATA),
+ sizeof(CK_KEY_WRAP_SET_OAEP_PARAMS),
+ sizeof(CK_MAC_GENERAL_PARAMS),
+ sizeof(CK_PBE_PARAMS),
+ sizeof(CK_PKCS5_PBKD2_PARAMS),
+ sizeof(CK_RC2_CBC_PARAMS),
+ sizeof(CK_RC2_MAC_GENERAL_PARAMS),
+ sizeof(CK_RC2_PARAMS),
+ sizeof(CK_RC5_CBC_PARAMS),
+ sizeof(CK_RC5_MAC_GENERAL_PARAMS),
+ sizeof(CK_RC5_PARAMS),
+ sizeof(CK_RSA_PKCS_OAEP_PARAMS),
+ sizeof(CK_RSA_PKCS_PSS_PARAMS),
+ sizeof(CK_SKIPJACK_PRIVATE_WRAP_PARAMS),
+ sizeof(CK_SKIPJACK_RELAYX_PARAMS),
+ sizeof(CK_SSL3_KEY_MAT_OUT),
+ sizeof(CK_SSL3_KEY_MAT_PARAMS),
+ sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS),
+ sizeof(CK_SSL3_RANDOM_DATA),
+ sizeof(CK_TLS_PRF_PARAMS),
+ sizeof(CK_WTLS_KEY_MAT_OUT),
+ sizeof(CK_WTLS_KEY_MAT_PARAMS),
+ sizeof(CK_WTLS_MASTER_KEY_DERIVE_PARAMS),
+ sizeof(CK_WTLS_PRF_PARAMS),
+ sizeof(CK_WTLS_RANDOM_DATA),
+ sizeof(CK_X9_42_DH1_DERIVE_PARAMS),
+ sizeof(CK_X9_42_DH2_DERIVE_PARAMS),
+ sizeof(CK_X9_42_MQV_DERIVE_PARAMS),
+ };
+
+ CK_ULONG sizes_count = sizeof(sizes) / sizeof(CK_ULONG);
+
+ if (NULL == pulCount)
+ return CKR_ARGUMENTS_BAD;
+
+ if (NULL == pSizeList)
+ {
+ *pulCount = sizes_count;
+ }
+ else
+ {
+ if (sizes_count > *pulCount)
+ return CKR_BUFFER_TOO_SMALL;
+
+ memcpy(pSizeList, sizes, sizeof(sizes));
+ *pulCount = sizes_count;
+ }
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_EjectToken)(CK_SLOT_ID slotID)
+{
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if (PKCS11_MOCK_CK_SLOT_ID != slotID)
+ return CKR_SLOT_ID_INVALID;
+
+ return CKR_OK;
+}
+
+
+CK_DEFINE_FUNCTION(CK_RV, C_InteractiveLogin)(CK_SESSION_HANDLE hSession)
+{
+ CK_RV rv = CKR_OK;
+
+
+ if (CK_FALSE == pkcs11_mock_initialized)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+
+ if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession))
+ return CKR_SESSION_HANDLE_INVALID;
+
+ switch (pkcs11_mock_session_state)
+ {
+ case CKS_RO_PUBLIC_SESSION:
+
+ pkcs11_mock_session_state = CKS_RO_USER_FUNCTIONS;
+
+ break;
+
+ case CKS_RO_USER_FUNCTIONS:
+ case CKS_RW_USER_FUNCTIONS:
+
+ rv = CKR_USER_ALREADY_LOGGED_IN;
+
+ break;
+
+ case CKS_RW_PUBLIC_SESSION:
+
+ pkcs11_mock_session_state = CKS_RW_USER_FUNCTIONS;
+
+ break;
+
+ case CKS_RW_SO_FUNCTIONS:
+
+ rv = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+
+ break;
+ }
+
+ return rv;
+}
+
+/* LCOV_EXCL_STOP */
--- /dev/null
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security In.c Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ *
+ * The latest version of this header can be found at:
+ * http://www.rsalabs.com/pkcs/pkcs-11/index.html
+ */
+#ifndef _PKCS11_H_
+#define _PKCS11_H_ 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Before including this file (pkcs11.h) (or pkcs11t.h by
+ * itself), 6 platform-specific macros must be defined. These
+ * macros are described below, and typical definitions for them
+ * are also given. Be advised that these definitions can depend
+ * on both the platform and the compiler used (and possibly also
+ * on whether a PKCS #11 library is linked statically or
+ * dynamically).
+ *
+ * In addition to defining these 6 macros, the packing convention
+ * for PKCS #11 structures should be set. The PKCS #11
+ * convention on packing is that structures should be 1-byte
+ * aligned.
+ *
+ * In a Win32 environment, this might be done by using the
+ * following preprocessor directive before including pkcs11.h
+ * or pkcs11t.h:
+ *
+ * #pragma pack(push, cryptoki, 1)
+ *
+ * and using the following preprocessor directive after including
+ * pkcs11.h or pkcs11t.h:
+ *
+ * #pragma pack(pop, cryptoki)
+ *
+ * In a UNIX environment, you're on your own here. You might
+ * not need to do anything.
+ *
+ *
+ * Now for the macros:
+ *
+ *
+ * 1. CK_PTR: The indirection string for making a pointer to an
+ * object. It can be used like this:
+ *
+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
+ *
+ * In a Win32 environment, it might be defined by
+ *
+ * #define CK_PTR *
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_PTR *
+ *
+ *
+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
+ * an exportable PKCS #11 library function definition out of a
+ * return type and a function name. It should be used in the
+ * following fashion to define the exposed PKCS #11 functions in
+ * a PKCS #11 library:
+ *
+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
+ * CK_VOID_PTR pReserved
+ * )
+ * {
+ * ...
+ * }
+ *
+ * For defining a function in a Win32 PKCS #11 .dll, it might be
+ * defined by
+ *
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
+ * returnType __declspec(dllexport) name
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
+ * returnType name
+ *
+ *
+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
+ * an importable PKCS #11 library function declaration out of a
+ * return type and a function name. It should be used in the
+ * following fashion:
+ *
+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
+ * CK_VOID_PTR pReserved
+ * );
+ *
+ * For declaring a function in a Win32 PKCS #11 .dll, it might
+ * be defined by
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ * returnType __declspec(dllimport) name
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ * returnType name
+ *
+ *
+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
+ * which makes a PKCS #11 API function pointer declaration or
+ * function pointer type declaration out of a return type and a
+ * function name. It should be used in the following fashion:
+ *
+ * // Define funcPtr to be a pointer to a PKCS #11 API function
+ * // taking arguments args and returning CK_RV.
+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
+ *
+ * or
+ *
+ * // Define funcPtrType to be the type of a pointer to a
+ * // PKCS #11 API function taking arguments args and returning
+ * // CK_RV, and then define funcPtr to be a variable of type
+ * // funcPtrType.
+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
+ * funcPtrType funcPtr;
+ *
+ * For accessing functions in a Win32 PKCS #11 .dll, in might be
+ * defined by
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ * returnType __declspec(dllimport) (* name)
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ * returnType (* name)
+ *
+ *
+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
+ * a function pointer type for an application callback out of
+ * a return type for the callback and a name for the callback.
+ * It should be used in the following fashion:
+ *
+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
+ *
+ * to declare a function pointer, myCallback, to a callback
+ * which takes arguments args and returns a CK_RV. It can also
+ * be used like this:
+ *
+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
+ * myCallbackType myCallback;
+ *
+ * In a Win32 environment, it might be defined by
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ * returnType (* name)
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ * returnType (* name)
+ *
+ *
+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
+ *
+ * In any ANSI/ISO C environment (and in many others as well),
+ * this should be defined by
+ *
+ * #ifndef NULL_PTR
+ * #define NULL_PTR 0
+ * #endif
+ */
+
+/* All the various PKCS #11 types and #define'd values are in the
+ * file pkcs11t.h. */
+#include "pkcs11t.h"
+
+#define __PASTE(x, y) x##y
+
+/* packing defines */
+#include "pkcs11p.h"
+/* ==============================================================
+ * Define the "extern" form of all the entry points.
+ * ==============================================================
+ */
+
+#define CK_NEED_ARG_LIST 1
+#define CK_PKCS11_FUNCTION_INFO(name) \
+ CK_DECLARE_FUNCTION(CK_RV, name)
+
+/* pkcs11f.h has all the information about the PKCS #11
+ * function prototypes. */
+#include "pkcs11f.h"
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+/* ==============================================================
+ * Define the typedef form of all the entry points. That is, for
+ * each PKCS #11 function C_XXX, define a type CK_C_XXX which is
+ * a pointer to that kind of function.
+ * ==============================================================
+ */
+
+#define CK_NEED_ARG_LIST 1
+#define CK_PKCS11_FUNCTION_INFO(name) \
+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_, name))
+
+/* pkcs11f.h has all the information about the PKCS #11
+ * function prototypes. */
+#include "pkcs11f.h"
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+/* ==============================================================
+ * Define structed vector of entry points. A CK_FUNCTION_LIST
+ * contains a CK_VERSION indicating a library's PKCS #11 version
+ * and then a whole slew of function pointers to the routines in
+ * the library. This type was declared, but not defined, in
+ * pkcs11t.h.
+ * ==============================================================
+ */
+
+#define CK_PKCS11_FUNCTION_INFO(name) \
+ __PASTE(CK_, name) \
+ name;
+
+struct CK_FUNCTION_LIST {
+
+ CK_VERSION version; /* PKCS #11 version */
+
+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
+/* pkcs11f.h has all the information about the PKCS #11
+ * function prototypes. */
+#include "pkcs11f.h"
+};
+
+#undef CK_PKCS11_FUNCTION_INFO
+
+#undef __PASTE
+
+/* unpack */
+#include "pkcs11u.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
\ No newline at end of file
--- /dev/null
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security In.c Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ */
+/* This function contains pretty much everything about all the */
+/* PKCS #11 function prototypes. Because this information is */
+/* used for more than just declaring function prototypes, the */
+/* order of the functions appearing herein is important, and */
+/* should not be altered. */
+
+/* General-purpose */
+
+/* C_Initialize initializes the PKCS #11 library. */
+CK_PKCS11_FUNCTION_INFO(C_Initialize)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
+ * cast to CK_C_INITIALIZE_ARGS_PTR
+ * and dereferenced */
+ );
+#endif
+
+/* C_Finalize indicates that an application is done with the
+ * PKCS #11 library. */
+CK_PKCS11_FUNCTION_INFO(C_Finalize)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
+ );
+#endif
+
+/* C_GetInfo returns general information about PKCS #11. */
+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_INFO_PTR pInfo /* location that receives information */
+ );
+#endif
+
+/* C_GetFunctionList returns the function list. */
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
+ * function list */
+ );
+#endif
+
+/* Slot and token management */
+
+/* C_GetSlotList obtains a list of slots in the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_BBOOL tokenPresent, /* only slots with tokens? */
+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
+ CK_ULONG_PTR pulCount /* receives number of slots */
+ );
+#endif
+
+/* C_GetSlotInfo obtains information about a particular slot in
+ * the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SLOT_ID slotID, /* the ID of the slot */
+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
+ );
+#endif
+
+/* C_GetTokenInfo obtains information about a particular token
+ * in the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SLOT_ID slotID, /* ID of the token's slot */
+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
+ );
+#endif
+
+/* C_GetMechanismList obtains a list of mechanism types
+ * supported by a token. */
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SLOT_ID slotID, /* ID of token's slot */
+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
+ CK_ULONG_PTR pulCount /* gets # of mechs. */
+ );
+#endif
+
+/* C_GetMechanismInfo obtains information about a particular
+ * mechanism possibly supported by a token. */
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SLOT_ID slotID, /* ID of the token's slot */
+ CK_MECHANISM_TYPE type, /* type of mechanism */
+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
+ );
+#endif
+
+/* C_InitToken initializes a token. */
+CK_PKCS11_FUNCTION_INFO(C_InitToken)
+#ifdef CK_NEED_ARG_LIST
+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
+(
+ CK_SLOT_ID slotID, /* ID of the token's slot */
+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
+ );
+#endif
+
+/* C_InitPIN initializes the normal user's PIN. */
+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
+ CK_ULONG ulPinLen /* length in bytes of the PIN */
+ );
+#endif
+
+/* C_SetPIN modifies the PIN of the user who is logged in. */
+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
+ CK_ULONG ulOldLen, /* length of the old PIN */
+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
+ CK_ULONG ulNewLen /* length of the new PIN */
+ );
+#endif
+
+/* Session management */
+
+/* C_OpenSession opens a session between an application and a
+ * token. */
+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SLOT_ID slotID, /* the slot's ID */
+ CK_FLAGS flags, /* from CK_SESSION_INFO */
+ CK_VOID_PTR pApplication, /* passed to callback */
+ CK_NOTIFY Notify, /* callback function */
+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
+ );
+#endif
+
+/* C_CloseSession closes a session between an application and a
+ * token. */
+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession /* the session's handle */
+ );
+#endif
+
+/* C_CloseAllSessions closes all sessions with a token. */
+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SLOT_ID slotID /* the token's slot */
+ );
+#endif
+
+/* C_GetSessionInfo obtains information about the session. */
+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_SESSION_INFO_PTR pInfo /* receives session info */
+ );
+#endif
+
+/* C_GetOperationState obtains the state of the cryptographic operation
+ * in a session. */
+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pOperationState, /* gets state */
+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
+ );
+#endif
+
+/* C_SetOperationState restores the state of the cryptographic
+ * operation in a session. */
+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pOperationState, /* holds state */
+ CK_ULONG ulOperationStateLen, /* holds state length */
+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
+ );
+#endif
+
+/* C_Login logs a user into a token. */
+CK_PKCS11_FUNCTION_INFO(C_Login)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_USER_TYPE userType, /* the user type */
+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
+ CK_ULONG ulPinLen /* the length of the PIN */
+ );
+#endif
+
+/* C_Logout logs a user out from a token. */
+CK_PKCS11_FUNCTION_INFO(C_Logout)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession /* the session's handle */
+ );
+#endif
+
+/* Object management */
+
+/* C_CreateObject creates a new object. */
+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
+ CK_ULONG ulCount, /* attributes in template */
+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
+ );
+#endif
+
+/* C_CopyObject copies an object, creating a new object for the
+ * copy. */
+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
+ CK_ULONG ulCount, /* attributes in template */
+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
+ );
+#endif
+
+/* C_DestroyObject destroys an object. */
+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_OBJECT_HANDLE hObject /* the object's handle */
+ );
+#endif
+
+/* C_GetObjectSize gets the size of an object in bytes. */
+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
+ CK_ULONG_PTR pulSize /* receives size of object */
+ );
+#endif
+
+/* C_GetAttributeValue obtains the value of one or more object
+ * attributes. */
+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
+ CK_ULONG ulCount /* attributes in template */
+ );
+#endif
+
+/* C_SetAttributeValue modifies the value of one or more object
+ * attributes */
+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
+ CK_ULONG ulCount /* attributes in template */
+ );
+#endif
+
+/* C_FindObjectsInit initializes a search for token and session
+ * objects that match a template. */
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
+ CK_ULONG ulCount /* attrs in search template */
+ );
+#endif
+
+/* C_FindObjects continues a search for token and session
+ * objects that match a template, obtaining additional object
+ * handles. */
+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
+ CK_ULONG ulMaxObjectCount, /* max handles to get */
+ CK_ULONG_PTR pulObjectCount /* actual # returned */
+ );
+#endif
+
+/* C_FindObjectsFinal finishes a search for token and session
+ * objects. */
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession /* the session's handle */
+ );
+#endif
+
+/* Encryption and decryption */
+
+/* C_EncryptInit initializes an encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
+ );
+#endif
+
+/* C_Encrypt encrypts single-part data. */
+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pData, /* the plaintext data */
+ CK_ULONG ulDataLen, /* bytes of plaintext */
+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
+ );
+#endif
+
+/* C_EncryptUpdate continues a multiple-part encryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pPart, /* the plaintext data */
+ CK_ULONG ulPartLen, /* plaintext data len */
+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
+ );
+#endif
+
+/* C_EncryptFinal finishes a multiple-part encryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session handle */
+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
+ );
+#endif
+
+/* C_DecryptInit initializes a decryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
+ );
+#endif
+
+/* C_Decrypt decrypts encrypted data in a single part. */
+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
+ CK_BYTE_PTR pData, /* gets plaintext */
+ CK_ULONG_PTR pulDataLen /* gets p-text size */
+ );
+#endif
+
+/* C_DecryptUpdate continues a multiple-part decryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
+ CK_ULONG ulEncryptedPartLen, /* input length */
+ CK_BYTE_PTR pPart, /* gets plaintext */
+ CK_ULONG_PTR pulPartLen /* p-text size */
+ );
+#endif
+
+/* C_DecryptFinal finishes a multiple-part decryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pLastPart, /* gets plaintext */
+ CK_ULONG_PTR pulLastPartLen /* p-text size */
+ );
+#endif
+
+/* Message digesting */
+
+/* C_DigestInit initializes a message-digesting operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
+ );
+#endif
+
+/* C_Digest digests data in a single part. */
+CK_PKCS11_FUNCTION_INFO(C_Digest)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pData, /* data to be digested */
+ CK_ULONG ulDataLen, /* bytes of data to digest */
+ CK_BYTE_PTR pDigest, /* gets the message digest */
+ CK_ULONG_PTR pulDigestLen /* gets digest length */
+ );
+#endif
+
+/* C_DigestUpdate continues a multiple-part message-digesting
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pPart, /* data to be digested */
+ CK_ULONG ulPartLen /* bytes of data to be digested */
+ );
+#endif
+
+/* C_DigestKey continues a multi-part message-digesting
+ * operation, by digesting the value of a secret key as part of
+ * the data already digested. */
+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_OBJECT_HANDLE hKey /* secret key to digest */
+ );
+#endif
+
+/* C_DigestFinal finishes a multiple-part message-digesting
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pDigest, /* gets the message digest */
+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
+ );
+#endif
+
+/* Signing and MACing */
+
+/* C_SignInit initializes a signature (private key encryption)
+ * operation, where the signature is (will be) an appendix to
+ * the data, and plaintext cannot be recovered from the
+ *signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
+ CK_OBJECT_HANDLE hKey /* handle of signature key */
+ );
+#endif
+
+/* C_Sign signs (encrypts with private key) data in a single
+ * part, where the signature is (will be) an appendix to the
+ * data, and plaintext cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_Sign)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pData, /* the data to sign */
+ CK_ULONG ulDataLen, /* count of bytes to sign */
+ CK_BYTE_PTR pSignature, /* gets the signature */
+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
+ );
+#endif
+
+/* C_SignUpdate continues a multiple-part signature operation,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pPart, /* the data to sign */
+ CK_ULONG ulPartLen /* count of bytes to sign */
+ );
+#endif
+
+/* C_SignFinal finishes a multiple-part signature operation,
+ * returning the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pSignature, /* gets the signature */
+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
+ );
+#endif
+
+/* C_SignRecoverInit initializes a signature operation, where
+ * the data can be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
+ );
+#endif
+
+/* C_SignRecover signs data in a single operation, where the
+ * data can be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pData, /* the data to sign */
+ CK_ULONG ulDataLen, /* count of bytes to sign */
+ CK_BYTE_PTR pSignature, /* gets the signature */
+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
+ );
+#endif
+
+/* Verifying signatures and MACs */
+
+/* C_VerifyInit initializes a verification operation, where the
+ * signature is an appendix to the data, and plaintext cannot
+ * cannot be recovered from the signature (e.g. DSA). */
+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
+ CK_OBJECT_HANDLE hKey /* verification key */
+ );
+#endif
+
+/* C_Verify verifies a signature in a single-part operation,
+ * where the signature is an appendix to the data, and plaintext
+ * cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_Verify)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pData, /* signed data */
+ CK_ULONG ulDataLen, /* length of signed data */
+ CK_BYTE_PTR pSignature, /* signature */
+ CK_ULONG ulSignatureLen /* signature length*/
+ );
+#endif
+
+/* C_VerifyUpdate continues a multiple-part verification
+ * operation, where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pPart, /* signed data */
+ CK_ULONG ulPartLen /* length of signed data */
+ );
+#endif
+
+/* C_VerifyFinal finishes a multiple-part verification
+ * operation, checking the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pSignature, /* signature to verify */
+ CK_ULONG ulSignatureLen /* signature length */
+ );
+#endif
+
+/* C_VerifyRecoverInit initializes a signature verification
+ * operation, where the data is recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
+ CK_OBJECT_HANDLE hKey /* verification key */
+ );
+#endif
+
+/* C_VerifyRecover verifies a signature in a single-part
+ * operation, where the data is recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pSignature, /* signature to verify */
+ CK_ULONG ulSignatureLen, /* signature length */
+ CK_BYTE_PTR pData, /* gets signed data */
+ CK_ULONG_PTR pulDataLen /* gets signed data len */
+ );
+#endif
+
+/* Dual-function cryptographic operations */
+
+/* C_DigestEncryptUpdate continues a multiple-part digesting
+ * and encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pPart, /* the plaintext data */
+ CK_ULONG ulPartLen, /* plaintext length */
+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
+ );
+#endif
+
+/* C_DecryptDigestUpdate continues a multiple-part decryption and
+ * digesting operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
+ CK_BYTE_PTR pPart, /* gets plaintext */
+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
+ );
+#endif
+
+/* C_SignEncryptUpdate continues a multiple-part signing and
+ * encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pPart, /* the plaintext data */
+ CK_ULONG ulPartLen, /* plaintext length */
+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
+ );
+#endif
+
+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
+ * verify operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
+ CK_BYTE_PTR pPart, /* gets plaintext */
+ CK_ULONG_PTR pulPartLen /* gets p-text length */
+ );
+#endif
+
+/* Key management */
+
+/* C_GenerateKey generates a secret key, creating a new key
+ * object. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
+ CK_ULONG ulCount, /* # of attrs in template */
+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
+ );
+#endif
+
+/* C_GenerateKeyPair generates a public-key/private-key pair,
+ * creating new key objects. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session handle */
+ CK_MECHANISM_PTR pMechanism, /* key-gen mech. */
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */
+ CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */
+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */
+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */
+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */
+ );
+#endif
+
+/* C_WrapKey wraps (i.e., encrypts) a key. */
+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
+ );
+#endif
+
+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
+ * key object. */
+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
+ CK_ULONG ulAttributeCount, /* template length */
+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
+ );
+#endif
+
+/* C_DeriveKey derives a key from a base key, creating a new key
+ * object. */
+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* session's handle */
+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
+ CK_OBJECT_HANDLE hBaseKey, /* base key */
+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
+ CK_ULONG ulAttributeCount, /* template length */
+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
+ );
+#endif
+
+/* Random number generation */
+
+/* C_SeedRandom mixes additional seed material into the token's
+ * random number generator. */
+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR pSeed, /* the seed material */
+ CK_ULONG ulSeedLen /* length of seed material */
+ );
+#endif
+
+/* C_GenerateRandom generates random data. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_BYTE_PTR RandomData, /* receives the random data */
+ CK_ULONG ulRandomLen /* # of bytes to generate */
+ );
+#endif
+
+/* Parallel function management */
+
+/* C_GetFunctionStatus is a legacy function; it obtains an
+ * updated status of a function running in parallel with an
+ * application. */
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession /* the session's handle */
+ );
+#endif
+
+/* C_CancelFunction is a legacy function; it cancels a function
+ * running in parallel. */
+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE hSession /* the session's handle */
+ );
+#endif
+
+/* Functions added in for PKCS #11 Version 2.01 or later */
+
+/* C_WaitForSlotEvent waits for a slot event (token insertion,
+ * removal, etc.) to occur. */
+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_FLAGS flags, /* blocking/nonblocking flag */
+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
+ );
+#endif
\ No newline at end of file
--- /dev/null
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security Inc. Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ */
+/* these data types are platform/implementation dependent. */
+/*
+ * Packing was removed from the shipped RSA header files, even
+ * though it's still needed. put in a central file to help merging..
+ */
+
+#if defined(_WIN32) || defined(_WINDOWS)
+#ifdef __clang__
+#pragma clang diagnostic ignored "-Wpragma-pack"
+#endif
+#ifdef _MSC_VER
+#pragma warning(disable : 4103)
+#endif
+#pragma pack(push, cryptoki, 1)
+#endif
--- /dev/null
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+ * (Cryptoki)" in all material mentioning or referencing this software.
+
+ * License is also granted to make and use derivative works provided that
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+ * referencing the derived work.
+
+ * RSA Security Inc. makes no representations concerning either the
+ * merchantability of this software or the suitability of this software for
+ * any particular purpose. It is provided "as is" without express or implied
+ * warranty of any kind.
+ */
+
+#ifndef _PKCS11T_H_
+#define _PKCS11T_H_ 1
+
+#define CK_TRUE 1
+#define CK_FALSE 0
+
+#define CK_INVALID_SESSION 0
+
+/* an unsigned 8-bit value */
+typedef unsigned char CK_BYTE;
+
+/* an unsigned 8-bit character */
+typedef CK_BYTE CK_CHAR;
+
+/* an 8-bit UTF-8 character */
+typedef CK_BYTE CK_UTF8CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef CK_BYTE CK_BBOOL;
+
+/* an unsigned value, at least 32 bits long */
+typedef unsigned long int CK_ULONG;
+
+/* a signed value, the same size as a CK_ULONG */
+/* CK_LONG is new for v2.0 */
+typedef long int CK_LONG;
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef CK_ULONG CK_FLAGS;
+
+/* some special values for certain CK_ULONG variables */
+#define CK_UNAVAILABLE_INFORMATION (~0UL)
+#define CK_EFFECTIVELY_INFINITE 0
+
+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
+typedef void CK_PTR CK_VOID_PTR;
+
+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
+
+/* The following value is always invalid if used as a session */
+/* handle or object handle */
+#define CK_INVALID_HANDLE 0
+
+/* pack */
+#include "pkcs11p.h"
+
+typedef struct CK_VERSION {
+ CK_BYTE major; /* integer portion of version number */
+ CK_BYTE minor; /* 1/100ths portion of version number */
+} CK_VERSION;
+
+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
+
+typedef struct CK_INFO {
+ /* manufacturerID and libraryDecription have been changed from
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
+ CK_VERSION cryptokiVersion; /* PKCS #11 interface ver */
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
+ CK_FLAGS flags; /* must be zero */
+
+ /* libraryDescription and libraryVersion are new for v2.0 */
+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
+ CK_VERSION libraryVersion; /* version of library */
+} CK_INFO;
+
+typedef CK_INFO CK_PTR CK_INFO_PTR;
+
+/* CK_NOTIFICATION enumerates the types of notifications that
+ * PKCS #11 provides to an application */
+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
+ * for v2.0 */
+typedef CK_ULONG CK_NOTIFICATION;
+#define CKN_SURRENDER 0
+
+typedef CK_ULONG CK_SLOT_ID;
+
+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
+
+/* CK_SLOT_INFO provides information about a slot */
+typedef struct CK_SLOT_INFO {
+ /* slotDescription and manufacturerID have been changed from
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
+ CK_FLAGS flags;
+
+ /* hardwareVersion and firmwareVersion are new for v2.0 */
+ CK_VERSION hardwareVersion; /* version of hardware */
+ CK_VERSION firmwareVersion; /* version of firmware */
+} CK_SLOT_INFO;
+
+/* flags: bit flags that provide capabilities of the slot
+ * Bit Flag Mask Meaning
+ */
+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
+
+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
+
+/* CK_TOKEN_INFO provides information about a token */
+typedef struct CK_TOKEN_INFO {
+ /* label, manufacturerID, and model have been changed from
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
+ CK_UTF8CHAR label[32]; /* blank padded */
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
+ CK_UTF8CHAR model[16]; /* blank padded */
+ CK_CHAR serialNumber[16]; /* blank padded */
+ CK_FLAGS flags; /* see below */
+
+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
+ * changed from CK_USHORT to CK_ULONG for v2.0 */
+ CK_ULONG ulMaxSessionCount; /* max open sessions */
+ CK_ULONG ulSessionCount; /* sess. now open */
+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
+ CK_ULONG ulMaxPinLen; /* in bytes */
+ CK_ULONG ulMinPinLen; /* in bytes */
+ CK_ULONG ulTotalPublicMemory; /* in bytes */
+ CK_ULONG ulFreePublicMemory; /* in bytes */
+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
+ CK_ULONG ulFreePrivateMemory; /* in bytes */
+
+ /* hardwareVersion, firmwareVersion, and time are new for
+ * v2.0 */
+ CK_VERSION hardwareVersion; /* version of hardware */
+ CK_VERSION firmwareVersion; /* version of firmware */
+ CK_CHAR utcTime[16]; /* time */
+} CK_TOKEN_INFO;
+
+/* The flags parameter is defined as follows:
+ * Bit Flag Mask Meaning
+ */
+#define CKF_RNG 0x00000001 /* has random # \
+ * generator */
+#define CKF_WRITE_PROTECTED 0x00000002 /* token is \
+ * write- \
+ * protected */
+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must \
+ * login */
+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's \
+ * PIN is set */
+
+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
+ * that means that *every* time the state of cryptographic
+ * operations of a session is successfully saved, all keys
+ * needed to continue those operations are stored in the state */
+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
+
+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
+ * that the token has some sort of clock. The time on that
+ * clock is returned in the token info structure */
+#define CKF_CLOCK_ON_TOKEN 0x00000040
+
+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
+ * set, that means that there is some way for the user to login
+ * without sending a PIN through the PKCS #11 library itself */
+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
+
+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
+ * that means that a single session with the token can perform
+ * dual simultaneous cryptographic operations (digest and
+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
+ * and sign) */
+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
+
+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
+ * token has been initialized using C_InitializeToken or an
+ * equivalent mechanism outside the scope of PKCS #11.
+ * Calling C_InitializeToken when this flag is set will cause
+ * the token to be reinitialized. */
+#define CKF_TOKEN_INITIALIZED 0x00000400
+
+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
+ * true, the token supports secondary authentication for
+ * private key objects. This flag is deprecated in v2.11 and
+ onwards. */
+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
+
+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
+ * incorrect user login PIN has been entered at least once
+ * since the last successful authentication. */
+#define CKF_USER_PIN_COUNT_LOW 0x00010000
+
+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
+ * supplying an incorrect user PIN will it to become locked. */
+#define CKF_USER_PIN_FINAL_TRY 0x00020000
+
+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
+ * user PIN has been locked. User login to the token is not
+ * possible. */
+#define CKF_USER_PIN_LOCKED 0x00040000
+
+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
+ * the user PIN value is the default value set by token
+ * initialization or manufacturing, or the PIN has been
+ * expired by the card. */
+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
+
+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
+ * incorrect SO login PIN has been entered at least once since
+ * the last successful authentication. */
+#define CKF_SO_PIN_COUNT_LOW 0x00100000
+
+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
+ * supplying an incorrect SO PIN will it to become locked. */
+#define CKF_SO_PIN_FINAL_TRY 0x00200000
+
+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
+ * PIN has been locked. SO login to the token is not possible.
+ */
+#define CKF_SO_PIN_LOCKED 0x00400000
+
+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
+ * the SO PIN value is the default value set by token
+ * initialization or manufacturing, or the PIN has been
+ * expired by the card. */
+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
+
+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
+
+/* CK_SESSION_HANDLE is a PKCS #11-assigned value that
+ * identifies a session */
+typedef CK_ULONG CK_SESSION_HANDLE;
+
+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
+
+/* CK_USER_TYPE enumerates the types of PKCS #11 users */
+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_USER_TYPE;
+/* Security Officer */
+#define CKU_SO 0
+/* Normal user */
+#define CKU_USER 1
+/* Context specific (added in v2.20) */
+#define CKU_CONTEXT_SPECIFIC 2
+
+/* CK_STATE enumerates the session states */
+/* CK_STATE has been changed from an enum to a CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_STATE;
+#define CKS_RO_PUBLIC_SESSION 0
+#define CKS_RO_USER_FUNCTIONS 1
+#define CKS_RW_PUBLIC_SESSION 2
+#define CKS_RW_USER_FUNCTIONS 3
+#define CKS_RW_SO_FUNCTIONS 4
+
+/* CK_SESSION_INFO provides information about a session */
+typedef struct CK_SESSION_INFO {
+ CK_SLOT_ID slotID;
+ CK_STATE state;
+ CK_FLAGS flags; /* see below */
+
+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+ CK_ULONG ulDeviceError; /* device-dependent error code */
+} CK_SESSION_INFO;
+
+/* The flags are defined in the following table:
+ * Bit Flag Mask Meaning
+ */
+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
+
+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
+
+/* CK_OBJECT_HANDLE is a token-specific identifier for an
+ * object */
+typedef CK_ULONG CK_OBJECT_HANDLE;
+
+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
+
+/* CK_OBJECT_CLASS is a value that identifies the classes (or
+ * types) of objects that PKCS #11 recognizes. It is defined
+ * as follows: */
+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_OBJECT_CLASS;
+
+/* The following classes of objects are defined: */
+/* CKO_HW_FEATURE is new for v2.10 */
+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
+/* CKO_MECHANISM is new for v2.20 */
+#define CKO_DATA 0x00000000
+#define CKO_CERTIFICATE 0x00000001
+#define CKO_PUBLIC_KEY 0x00000002
+#define CKO_PRIVATE_KEY 0x00000003
+#define CKO_SECRET_KEY 0x00000004
+#define CKO_HW_FEATURE 0x00000005
+#define CKO_DOMAIN_PARAMETERS 0x00000006
+#define CKO_MECHANISM 0x00000007
+#define CKO_VENDOR_DEFINED 0x80000000
+
+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
+
+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
+ * value that identifies the hardware feature type of an object
+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
+typedef CK_ULONG CK_HW_FEATURE_TYPE;
+
+/* The following hardware feature types are defined */
+/* CKH_USER_INTERFACE is new for v2.20 */
+#define CKH_MONOTONIC_COUNTER 0x00000001
+#define CKH_CLOCK 0x00000002
+#define CKH_USER_INTERFACE 0x00000003
+#define CKH_VENDOR_DEFINED 0x80000000
+
+/* CK_KEY_TYPE is a value that identifies a key type */
+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
+typedef CK_ULONG CK_KEY_TYPE;
+
+/* the following key types are defined: */
+#define CKK_RSA 0x00000000
+#define CKK_DSA 0x00000001
+#define CKK_DH 0x00000002
+
+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
+#define CKK_ECDSA 0x00000003
+#define CKK_EC 0x00000003
+#define CKK_X9_42_DH 0x00000004
+#define CKK_KEA 0x00000005
+
+#define CKK_GENERIC_SECRET 0x00000010
+#define CKK_RC2 0x00000011
+#define CKK_RC4 0x00000012
+#define CKK_DES 0x00000013
+#define CKK_DES2 0x00000014
+#define CKK_DES3 0x00000015
+
+/* all these key types are new for v2.0 */
+#define CKK_CAST 0x00000016
+#define CKK_CAST3 0x00000017
+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
+#define CKK_CAST5 0x00000018
+#define CKK_CAST128 0x00000018
+#define CKK_RC5 0x00000019
+#define CKK_IDEA 0x0000001A
+#define CKK_SKIPJACK 0x0000001B
+#define CKK_BATON 0x0000001C
+#define CKK_JUNIPER 0x0000001D
+#define CKK_CDMF 0x0000001E
+#define CKK_AES 0x0000001F
+
+/* BlowFish and TwoFish are new for v2.20 */
+#define CKK_BLOWFISH 0x00000020
+#define CKK_TWOFISH 0x00000021
+
+/* Camellia is proposed for v2.20 Amendment 3 */
+#define CKK_CAMELLIA 0x00000025
+
+#define CKK_SEED 0x00000026
+
+#define CKK_VENDOR_DEFINED 0x80000000
+
+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
+ * type */
+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
+ * for v2.0 */
+typedef CK_ULONG CK_CERTIFICATE_TYPE;
+
+#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL
+#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL
+#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL
+#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL
+
+/* The following certificate types are defined: */
+/* CKC_X_509_ATTR_CERT is new for v2.10 */
+/* CKC_WTLS is new for v2.20 */
+#define CKC_X_509 0x00000000
+#define CKC_X_509_ATTR_CERT 0x00000001
+#define CKC_WTLS 0x00000002
+#define CKC_VENDOR_DEFINED 0x80000000
+
+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
+ * type */
+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
+
+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
+ consists of an array of values. */
+#define CKF_ARRAY_ATTRIBUTE 0x40000000
+
+/* The following attribute types are defined: */
+#define CKA_CLASS 0x00000000
+#define CKA_TOKEN 0x00000001
+#define CKA_PRIVATE 0x00000002
+#define CKA_LABEL 0x00000003
+#define CKA_APPLICATION 0x00000010
+#define CKA_VALUE 0x00000011
+
+/* CKA_OBJECT_ID is new for v2.10 */
+#define CKA_OBJECT_ID 0x00000012
+
+#define CKA_CERTIFICATE_TYPE 0x00000080
+#define CKA_ISSUER 0x00000081
+#define CKA_SERIAL_NUMBER 0x00000082
+
+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
+ * for v2.10 */
+#define CKA_AC_ISSUER 0x00000083
+#define CKA_OWNER 0x00000084
+#define CKA_ATTR_TYPES 0x00000085
+
+/* CKA_TRUSTED is new for v2.11 */
+#define CKA_TRUSTED 0x00000086
+
+/* CKA_CERTIFICATE_CATEGORY ...
+ * CKA_CHECK_VALUE are new for v2.20 */
+#define CKA_CERTIFICATE_CATEGORY 0x00000087
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
+#define CKA_URL 0x00000089
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
+#define CKA_CHECK_VALUE 0x00000090
+
+#define CKA_KEY_TYPE 0x00000100
+#define CKA_SUBJECT 0x00000101
+#define CKA_ID 0x00000102
+#define CKA_SENSITIVE 0x00000103
+#define CKA_ENCRYPT 0x00000104
+#define CKA_DECRYPT 0x00000105
+#define CKA_WRAP 0x00000106
+#define CKA_UNWRAP 0x00000107
+#define CKA_SIGN 0x00000108
+#define CKA_SIGN_RECOVER 0x00000109
+#define CKA_VERIFY 0x0000010A
+#define CKA_VERIFY_RECOVER 0x0000010B
+#define CKA_DERIVE 0x0000010C
+#define CKA_START_DATE 0x00000110
+#define CKA_END_DATE 0x00000111
+#define CKA_MODULUS 0x00000120
+#define CKA_MODULUS_BITS 0x00000121
+#define CKA_PUBLIC_EXPONENT 0x00000122
+#define CKA_PRIVATE_EXPONENT 0x00000123
+#define CKA_PRIME_1 0x00000124
+#define CKA_PRIME_2 0x00000125
+#define CKA_EXPONENT_1 0x00000126
+#define CKA_EXPONENT_2 0x00000127
+#define CKA_COEFFICIENT 0x00000128
+/* CKA_PUBLIC_KEY_INFO is new for v2.40 */
+#define CKA_PUBLIC_KEY_INFO 0x00000129
+#define CKA_PRIME 0x00000130
+#define CKA_SUBPRIME 0x00000131
+#define CKA_BASE 0x00000132
+
+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
+#define CKA_PRIME_BITS 0x00000133
+#define CKA_SUBPRIME_BITS 0x00000134
+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
+/* (To retain backwards-compatibility) */
+
+#define CKA_VALUE_BITS 0x00000160
+#define CKA_VALUE_LEN 0x00000161
+
+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
+ * and CKA_EC_POINT are new for v2.0 */
+#define CKA_EXTRACTABLE 0x00000162
+#define CKA_LOCAL 0x00000163
+#define CKA_NEVER_EXTRACTABLE 0x00000164
+#define CKA_ALWAYS_SENSITIVE 0x00000165
+
+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
+#define CKA_KEY_GEN_MECHANISM 0x00000166
+
+#define CKA_MODIFIABLE 0x00000170
+
+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
+ * CKA_EC_PARAMS is preferred. */
+#define CKA_ECDSA_PARAMS 0x00000180
+#define CKA_EC_PARAMS 0x00000180
+
+#define CKA_EC_POINT 0x00000181
+
+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
+ * are new for v2.10. Deprecated in v2.11 and onwards. */
+#define CKA_SECONDARY_AUTH 0x00000200
+#define CKA_AUTH_PIN_FLAGS 0x00000201
+
+/* CKA_ALWAYS_AUTHENTICATE ...
+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
+
+#define CKA_WRAP_WITH_TRUSTED 0x00000210
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000211)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000212)
+
+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
+ * are new for v2.10 */
+#define CKA_HW_FEATURE_TYPE 0x00000300
+#define CKA_RESET_ON_INIT 0x00000301
+#define CKA_HAS_RESET 0x00000302
+
+/* The following attributes are new for v2.20 */
+#define CKA_PIXEL_X 0x00000400
+#define CKA_PIXEL_Y 0x00000401
+#define CKA_RESOLUTION 0x00000402
+#define CKA_CHAR_ROWS 0x00000403
+#define CKA_CHAR_COLUMNS 0x00000404
+#define CKA_COLOR 0x00000405
+#define CKA_BITS_PER_PIXEL 0x00000406
+#define CKA_CHAR_SETS 0x00000480
+#define CKA_ENCODING_METHODS 0x00000481
+#define CKA_MIME_TYPES 0x00000482
+#define CKA_MECHANISM_TYPE 0x00000500
+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x00000600)
+
+#define CKA_VENDOR_DEFINED 0x80000000
+
+/* CK_ATTRIBUTE is a structure that includes the type, length
+ * and value of an attribute */
+typedef struct CK_ATTRIBUTE {
+ CK_ATTRIBUTE_TYPE type;
+ CK_VOID_PTR pValue;
+
+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
+ CK_ULONG ulValueLen; /* in bytes */
+} CK_ATTRIBUTE;
+
+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
+
+/* CK_DATE is a structure that defines a date */
+typedef struct CK_DATE {
+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
+ CK_CHAR month[2]; /* the month ("01" - "12") */
+ CK_CHAR day[2]; /* the day ("01" - "31") */
+} CK_DATE;
+
+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
+ * type */
+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_MECHANISM_TYPE;
+
+/* the following mechanism types are defined: */
+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
+#define CKM_RSA_PKCS 0x00000001
+#define CKM_RSA_9796 0x00000002
+#define CKM_RSA_X_509 0x00000003
+
+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
+ * are new for v2.0. They are mechanisms which hash and sign */
+#define CKM_MD2_RSA_PKCS 0x00000004
+#define CKM_MD5_RSA_PKCS 0x00000005
+#define CKM_SHA1_RSA_PKCS 0x00000006
+
+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
+#define CKM_RSA_PKCS_OAEP 0x00000009
+
+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
+#define CKM_RSA_X9_31 0x0000000B
+#define CKM_SHA1_RSA_X9_31 0x0000000C
+#define CKM_RSA_PKCS_PSS 0x0000000D
+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
+
+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
+#define CKM_DSA 0x00000011
+#define CKM_DSA_SHA1 0x00000012
+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
+#define CKM_DH_PKCS_DERIVE 0x00000021
+
+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
+ * v2.11 */
+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
+#define CKM_X9_42_DH_DERIVE 0x00000031
+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
+#define CKM_X9_42_MQV_DERIVE 0x00000033
+
+/* CKM_SHA256/384/512 are new for v2.20 */
+#define CKM_SHA256_RSA_PKCS 0x00000040
+#define CKM_SHA384_RSA_PKCS 0x00000041
+#define CKM_SHA512_RSA_PKCS 0x00000042
+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
+
+/* CKM_SHA224 new for v2.20 amendment 3 */
+#define CKM_SHA224_RSA_PKCS 0x00000046
+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
+
+#define CKM_RC2_KEY_GEN 0x00000100
+#define CKM_RC2_ECB 0x00000101
+#define CKM_RC2_CBC 0x00000102
+#define CKM_RC2_MAC 0x00000103
+
+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
+#define CKM_RC2_MAC_GENERAL 0x00000104
+#define CKM_RC2_CBC_PAD 0x00000105
+
+#define CKM_RC4_KEY_GEN 0x00000110
+#define CKM_RC4 0x00000111
+#define CKM_DES_KEY_GEN 0x00000120
+#define CKM_DES_ECB 0x00000121
+#define CKM_DES_CBC 0x00000122
+#define CKM_DES_MAC 0x00000123
+
+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
+#define CKM_DES_MAC_GENERAL 0x00000124
+#define CKM_DES_CBC_PAD 0x00000125
+
+#define CKM_DES2_KEY_GEN 0x00000130
+#define CKM_DES3_KEY_GEN 0x00000131
+#define CKM_DES3_ECB 0x00000132
+#define CKM_DES3_CBC 0x00000133
+#define CKM_DES3_MAC 0x00000134
+
+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
+#define CKM_DES3_MAC_GENERAL 0x00000135
+#define CKM_DES3_CBC_PAD 0x00000136
+#define CKM_CDMF_KEY_GEN 0x00000140
+#define CKM_CDMF_ECB 0x00000141
+#define CKM_CDMF_CBC 0x00000142
+#define CKM_CDMF_MAC 0x00000143
+#define CKM_CDMF_MAC_GENERAL 0x00000144
+#define CKM_CDMF_CBC_PAD 0x00000145
+
+/* the following four DES mechanisms are new for v2.20 */
+#define CKM_DES_OFB64 0x00000150
+#define CKM_DES_OFB8 0x00000151
+#define CKM_DES_CFB64 0x00000152
+#define CKM_DES_CFB8 0x00000153
+
+#define CKM_MD2 0x00000200
+
+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
+#define CKM_MD2_HMAC 0x00000201
+#define CKM_MD2_HMAC_GENERAL 0x00000202
+
+#define CKM_MD5 0x00000210
+
+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
+#define CKM_MD5_HMAC 0x00000211
+#define CKM_MD5_HMAC_GENERAL 0x00000212
+
+#define CKM_SHA_1 0x00000220
+
+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
+#define CKM_SHA_1_HMAC 0x00000221
+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
+
+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
+#define CKM_RIPEMD128 0x00000230
+#define CKM_RIPEMD128_HMAC 0x00000231
+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
+#define CKM_RIPEMD160 0x00000240
+#define CKM_RIPEMD160_HMAC 0x00000241
+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
+
+/* CKM_SHA256/384/512 are new for v2.20 */
+#define CKM_SHA256 0x00000250
+#define CKM_SHA256_HMAC 0x00000251
+#define CKM_SHA256_HMAC_GENERAL 0x00000252
+#define CKM_SHA384 0x00000260
+#define CKM_SHA384_HMAC 0x00000261
+#define CKM_SHA384_HMAC_GENERAL 0x00000262
+#define CKM_SHA512 0x00000270
+#define CKM_SHA512_HMAC 0x00000271
+#define CKM_SHA512_HMAC_GENERAL 0x00000272
+
+/* CKM_SHA224 new for v2.20 amendment 3 */
+#define CKM_SHA224 0x00000255
+#define CKM_SHA224_HMAC 0x00000256
+#define CKM_SHA224_HMAC_GENERAL 0x00000257
+
+/* All of the following mechanisms are new for v2.0 */
+/* Note that CAST128 and CAST5 are the same algorithm */
+#define CKM_CAST_KEY_GEN 0x00000300
+#define CKM_CAST_ECB 0x00000301
+#define CKM_CAST_CBC 0x00000302
+#define CKM_CAST_MAC 0x00000303
+#define CKM_CAST_MAC_GENERAL 0x00000304
+#define CKM_CAST_CBC_PAD 0x00000305
+#define CKM_CAST3_KEY_GEN 0x00000310
+#define CKM_CAST3_ECB 0x00000311
+#define CKM_CAST3_CBC 0x00000312
+#define CKM_CAST3_MAC 0x00000313
+#define CKM_CAST3_MAC_GENERAL 0x00000314
+#define CKM_CAST3_CBC_PAD 0x00000315
+#define CKM_CAST5_KEY_GEN 0x00000320
+#define CKM_CAST128_KEY_GEN 0x00000320
+#define CKM_CAST5_ECB 0x00000321
+#define CKM_CAST128_ECB 0x00000321
+#define CKM_CAST5_CBC 0x00000322
+#define CKM_CAST128_CBC 0x00000322
+#define CKM_CAST5_MAC 0x00000323
+#define CKM_CAST128_MAC 0x00000323
+#define CKM_CAST5_MAC_GENERAL 0x00000324
+#define CKM_CAST128_MAC_GENERAL 0x00000324
+#define CKM_CAST5_CBC_PAD 0x00000325
+#define CKM_CAST128_CBC_PAD 0x00000325
+#define CKM_RC5_KEY_GEN 0x00000330
+#define CKM_RC5_ECB 0x00000331
+#define CKM_RC5_CBC 0x00000332
+#define CKM_RC5_MAC 0x00000333
+#define CKM_RC5_MAC_GENERAL 0x00000334
+#define CKM_RC5_CBC_PAD 0x00000335
+#define CKM_IDEA_KEY_GEN 0x00000340
+#define CKM_IDEA_ECB 0x00000341
+#define CKM_IDEA_CBC 0x00000342
+#define CKM_IDEA_MAC 0x00000343
+#define CKM_IDEA_MAC_GENERAL 0x00000344
+#define CKM_IDEA_CBC_PAD 0x00000345
+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
+#define CKM_XOR_BASE_AND_DATA 0x00000364
+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
+
+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
+
+/* CKM_TLS_PRF is new for v2.20 */
+#define CKM_TLS_PRF 0x00000378
+
+#define CKM_SSL3_MD5_MAC 0x00000380
+#define CKM_SSL3_SHA1_MAC 0x00000381
+#define CKM_MD5_KEY_DERIVATION 0x00000390
+#define CKM_MD2_KEY_DERIVATION 0x00000391
+#define CKM_SHA1_KEY_DERIVATION 0x00000392
+
+/* CKM_SHA256/384/512 are new for v2.20 */
+#define CKM_SHA256_KEY_DERIVATION 0x00000393
+#define CKM_SHA384_KEY_DERIVATION 0x00000394
+#define CKM_SHA512_KEY_DERIVATION 0x00000395
+
+/* CKM_SHA224 new for v2.20 amendment 3 */
+#define CKM_SHA224_KEY_DERIVATION 0x00000396
+
+#define CKM_PBE_MD2_DES_CBC 0x000003A0
+#define CKM_PBE_MD5_DES_CBC 0x000003A1
+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
+#define CKM_PBE_SHA1_RC4_128 0x000003A6
+#define CKM_PBE_SHA1_RC4_40 0x000003A7
+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
+
+/* CKM_PKCS5_PBKD2 is new for v2.10 */
+#define CKM_PKCS5_PBKD2 0x000003B0
+
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
+
+/* WTLS mechanisms are new for v2.20 */
+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
+#define CKM_WTLS_PRF 0x000003D3
+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
+
+/* TLS 1.2 mechanisms are new for v2.40 */
+#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0
+#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1
+#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2
+#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3
+#define CKM_TLS12_MAC 0x000003E4
+#define CKM_TLS_MAC 0x000003E4
+#define CKM_TLS_KDF 0x000003E5
+
+#define CKM_KEY_WRAP_LYNKS 0x00000400
+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
+
+/* CKM_CMS_SIG is new for v2.20 */
+#define CKM_CMS_SIG 0x00000500
+
+/* Fortezza mechanisms */
+#define CKM_SKIPJACK_KEY_GEN 0x00001000
+#define CKM_SKIPJACK_ECB64 0x00001001
+#define CKM_SKIPJACK_CBC64 0x00001002
+#define CKM_SKIPJACK_OFB64 0x00001003
+#define CKM_SKIPJACK_CFB64 0x00001004
+#define CKM_SKIPJACK_CFB32 0x00001005
+#define CKM_SKIPJACK_CFB16 0x00001006
+#define CKM_SKIPJACK_CFB8 0x00001007
+#define CKM_SKIPJACK_WRAP 0x00001008
+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
+#define CKM_SKIPJACK_RELAYX 0x0000100a
+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
+#define CKM_KEA_KEY_DERIVE 0x00001011
+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
+#define CKM_BATON_KEY_GEN 0x00001030
+#define CKM_BATON_ECB128 0x00001031
+#define CKM_BATON_ECB96 0x00001032
+#define CKM_BATON_CBC128 0x00001033
+#define CKM_BATON_COUNTER 0x00001034
+#define CKM_BATON_SHUFFLE 0x00001035
+#define CKM_BATON_WRAP 0x00001036
+
+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
+ * CKM_EC_KEY_PAIR_GEN is preferred */
+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
+#define CKM_EC_KEY_PAIR_GEN 0x00001040
+
+#define CKM_ECDSA 0x00001041
+#define CKM_ECDSA_SHA1 0x00001042
+
+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
+ * are new for v2.11 */
+#define CKM_ECDH1_DERIVE 0x00001050
+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
+#define CKM_ECMQV_DERIVE 0x00001052
+
+#define CKM_JUNIPER_KEY_GEN 0x00001060
+#define CKM_JUNIPER_ECB128 0x00001061
+#define CKM_JUNIPER_CBC128 0x00001062
+#define CKM_JUNIPER_COUNTER 0x00001063
+#define CKM_JUNIPER_SHUFFLE 0x00001064
+#define CKM_JUNIPER_WRAP 0x00001065
+#define CKM_FASTHASH 0x00001070
+
+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
+ * new for v2.11 */
+#define CKM_AES_KEY_GEN 0x00001080
+#define CKM_AES_ECB 0x00001081
+#define CKM_AES_CBC 0x00001082
+#define CKM_AES_MAC 0x00001083
+#define CKM_AES_MAC_GENERAL 0x00001084
+#define CKM_AES_CBC_PAD 0x00001085
+/* new for v2.20 amendment 3 */
+#define CKM_AES_CTR 0x00001086
+/* new for v2.30 */
+#define CKM_AES_GCM 0x00001087
+#define CKM_AES_CCM 0x00001088
+#define CKM_AES_CTS 0x00001089
+#define CKM_AES_XCBC_MAC 0x0000108C
+#define CKM_AES_XCBC_MAC_96 0x0000108D
+
+/* BlowFish and TwoFish are new for v2.20 */
+#define CKM_BLOWFISH_KEY_GEN 0x00001090
+#define CKM_BLOWFISH_CBC 0x00001091
+#define CKM_TWOFISH_KEY_GEN 0x00001092
+#define CKM_TWOFISH_CBC 0x00001093
+
+/* Camellia is proposed for v2.20 Amendment 3 */
+#define CKM_CAMELLIA_KEY_GEN 0x00000550
+#define CKM_CAMELLIA_ECB 0x00000551
+#define CKM_CAMELLIA_CBC 0x00000552
+#define CKM_CAMELLIA_MAC 0x00000553
+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
+#define CKM_CAMELLIA_CBC_PAD 0x00000555
+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
+
+#define CKM_SEED_KEY_GEN 0x00000650
+#define CKM_SEED_ECB 0x00000651
+#define CKM_SEED_CBC 0x00000652
+#define CKM_SEED_MAC 0x00000653
+#define CKM_SEED_MAC_GENERAL 0x00000654
+#define CKM_SEED_CBC_PAD 0x00000655
+#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656
+#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657
+
+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
+
+#define CKM_DSA_PARAMETER_GEN 0x00002000
+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
+
+#define CKM_VENDOR_DEFINED 0x80000000
+
+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
+
+/* CK_MECHANISM is a structure that specifies a particular
+ * mechanism */
+typedef struct CK_MECHANISM {
+ CK_MECHANISM_TYPE mechanism;
+ CK_VOID_PTR pParameter;
+
+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+ CK_ULONG ulParameterLen; /* in bytes */
+} CK_MECHANISM;
+
+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
+
+/* CK_MECHANISM_INFO provides information about a particular
+ * mechanism */
+typedef struct CK_MECHANISM_INFO {
+ CK_ULONG ulMinKeySize;
+ CK_ULONG ulMaxKeySize;
+ CK_FLAGS flags;
+} CK_MECHANISM_INFO;
+
+/* The flags are defined as follows:
+ * Bit Flag Mask Meaning */
+#define CKF_HW 0x00000001 /* performed by HW */
+
+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
+ * and CKF_DERIVE are new for v2.0. They specify whether or not
+ * a mechanism can be used for a particular task */
+#define CKF_ENCRYPT 0x00000100
+#define CKF_DECRYPT 0x00000200
+#define CKF_DIGEST 0x00000400
+#define CKF_SIGN 0x00000800
+#define CKF_SIGN_RECOVER 0x00001000
+#define CKF_VERIFY 0x00002000
+#define CKF_VERIFY_RECOVER 0x00004000
+#define CKF_GENERATE 0x00008000
+#define CKF_GENERATE_KEY_PAIR 0x00010000
+#define CKF_WRAP 0x00020000
+#define CKF_UNWRAP 0x00040000
+#define CKF_DERIVE 0x00080000
+
+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
+ * describe a token's EC capabilities not available in mechanism
+ * information. */
+#define CKF_EC_F_P 0x00100000
+#define CKF_EC_F_2M 0x00200000
+#define CKF_EC_ECPARAMETERS 0x00400000
+#define CKF_EC_NAMEDCURVE 0x00800000
+#define CKF_EC_UNCOMPRESS 0x01000000
+#define CKF_EC_COMPRESS 0x02000000
+
+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
+
+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
+
+/* CK_RV is a value that identifies the return value of a
+ * PKCS #11 function */
+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
+typedef CK_ULONG CK_RV;
+
+#define CKR_OK 0x00000000
+#define CKR_CANCEL 0x00000001
+#define CKR_HOST_MEMORY 0x00000002
+#define CKR_SLOT_ID_INVALID 0x00000003
+
+/* CKR_FLAGS_INVALID was removed for v2.0 */
+
+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
+#define CKR_GENERAL_ERROR 0x00000005
+#define CKR_FUNCTION_FAILED 0x00000006
+
+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
+ * and CKR_CANT_LOCK are new for v2.01 */
+#define CKR_ARGUMENTS_BAD 0x00000007
+#define CKR_NO_EVENT 0x00000008
+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
+#define CKR_CANT_LOCK 0x0000000A
+
+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
+#define CKR_DATA_INVALID 0x00000020
+#define CKR_DATA_LEN_RANGE 0x00000021
+#define CKR_DEVICE_ERROR 0x00000030
+#define CKR_DEVICE_MEMORY 0x00000031
+#define CKR_DEVICE_REMOVED 0x00000032
+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
+#define CKR_FUNCTION_CANCELED 0x00000050
+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
+
+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
+
+#define CKR_KEY_HANDLE_INVALID 0x00000060
+
+/* CKR_KEY_SENSITIVE was removed for v2.0 */
+
+#define CKR_KEY_SIZE_RANGE 0x00000062
+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
+
+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
+ * v2.0 */
+#define CKR_KEY_NOT_NEEDED 0x00000064
+#define CKR_KEY_CHANGED 0x00000065
+#define CKR_KEY_NEEDED 0x00000066
+#define CKR_KEY_INDIGESTIBLE 0x00000067
+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
+
+#define CKR_MECHANISM_INVALID 0x00000070
+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
+
+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
+ * were removed for v2.0 */
+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
+#define CKR_OPERATION_ACTIVE 0x00000090
+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
+#define CKR_PIN_INCORRECT 0x000000A0
+#define CKR_PIN_INVALID 0x000000A1
+#define CKR_PIN_LEN_RANGE 0x000000A2
+
+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
+#define CKR_PIN_EXPIRED 0x000000A3
+#define CKR_PIN_LOCKED 0x000000A4
+
+#define CKR_SESSION_CLOSED 0x000000B0
+#define CKR_SESSION_COUNT 0x000000B1
+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
+#define CKR_SESSION_READ_ONLY 0x000000B5
+#define CKR_SESSION_EXISTS 0x000000B6
+
+/* CKR_SESSION_READ_ONLY_EXISTS and
+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
+
+#define CKR_SIGNATURE_INVALID 0x000000C0
+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
+#define CKR_USER_NOT_LOGGED_IN 0x00000101
+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
+#define CKR_USER_TYPE_INVALID 0x00000103
+
+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
+ * are new to v2.01 */
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
+#define CKR_USER_TOO_MANY_TYPES 0x00000105
+
+#define CKR_WRAPPED_KEY_INVALID 0x00000110
+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
+
+/* These are new to v2.0 */
+#define CKR_RANDOM_NO_RNG 0x00000121
+
+/* These are new to v2.11 */
+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
+
+/* These are new to v2.0 */
+#define CKR_BUFFER_TOO_SMALL 0x00000150
+#define CKR_SAVED_STATE_INVALID 0x00000160
+#define CKR_INFORMATION_SENSITIVE 0x00000170
+#define CKR_STATE_UNSAVEABLE 0x00000180
+
+/* These are new to v2.01 */
+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
+#define CKR_MUTEX_BAD 0x000001A0
+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
+
+/* This is new to v2.20 */
+#define CKR_FUNCTION_REJECTED 0x00000200
+
+#define CKR_VENDOR_DEFINED 0x80000000
+
+/* CK_NOTIFY is an application callback that processes events */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
+ CK_SESSION_HANDLE hSession, /* the session's handle */
+ CK_NOTIFICATION event,
+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
+ );
+
+/* CK_FUNCTION_LIST is a structure holding a PKCS #11 spec
+ * version and pointers of appropriate types to all the
+ * PKCS #11 functions */
+/* CK_FUNCTION_LIST is new for v2.0 */
+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
+
+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
+
+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
+
+/* CK_CREATEMUTEX is an application callback for creating a
+ * mutex object */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
+ );
+
+/* CK_DESTROYMUTEX is an application callback for destroying a
+ * mutex object */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
+ CK_VOID_PTR pMutex /* pointer to mutex */
+ );
+
+/* CK_LOCKMUTEX is an application callback for locking a mutex */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
+ CK_VOID_PTR pMutex /* pointer to mutex */
+ );
+
+/* CK_UNLOCKMUTEX is an application callback for unlocking a
+ * mutex */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
+ CK_VOID_PTR pMutex /* pointer to mutex */
+ );
+
+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
+ * C_Initialize */
+typedef struct CK_C_INITIALIZE_ARGS {
+ CK_CREATEMUTEX CreateMutex;
+ CK_DESTROYMUTEX DestroyMutex;
+ CK_LOCKMUTEX LockMutex;
+ CK_UNLOCKMUTEX UnlockMutex;
+ CK_FLAGS flags;
+ /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
+ * a reserved field. NSS needs a way to pass instance-specific information
+ * to the library (like where to find its config files, etc). This
+ * information is usually provided by the installer and passed uninterpreted
+ * by NSS to the library, though NSS does know the specifics of the softoken
+ * version of this parameter. Most compliant PKCS#11 modules expect this
+ * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
+ * C_Initialize if Library parameters is supplied. */
+ CK_CHAR_PTR *LibraryParameters;
+ /* This field is only present if the LibraryParameters is not NULL. It must
+ * be NULL in all cases */
+ CK_VOID_PTR pReserved;
+} CK_C_INITIALIZE_ARGS;
+
+/* flags: bit flags that provide capabilities of the slot
+ * Bit Flag Mask Meaning
+ */
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
+#define CKF_OS_LOCKING_OK 0x00000002
+
+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
+
+/* additional flags for parameters to functions */
+
+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
+#define CKF_DONT_BLOCK 1
+
+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
+ * Generation Function (MGF) applied to a message block when
+ * formatting a message block for the PKCS #1 OAEP encryption
+ * scheme. */
+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
+
+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
+
+/* The following MGFs are defined */
+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
+ * are new for v2.20 */
+#define CKG_MGF1_SHA1 0x00000001
+#define CKG_MGF1_SHA256 0x00000002
+#define CKG_MGF1_SHA384 0x00000003
+#define CKG_MGF1_SHA512 0x00000004
+
+/* v2.20 amendment 3 */
+#define CKG_MGF1_SHA224 0x00000005
+
+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
+ * of the encoding parameter when formatting a message block
+ * for the PKCS #1 OAEP encryption scheme. */
+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
+
+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
+
+/* The following encoding parameter sources are defined */
+#define CKZ_DATA_SPECIFIED 0x00000001
+
+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
+ * CKM_RSA_PKCS_OAEP mechanism. */
+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
+ CK_MECHANISM_TYPE hashAlg;
+ CK_RSA_PKCS_MGF_TYPE mgf;
+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
+ CK_VOID_PTR pSourceData;
+ CK_ULONG ulSourceDataLen;
+} CK_RSA_PKCS_OAEP_PARAMS;
+
+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
+
+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
+ * CKM_RSA_PKCS_PSS mechanism(s). */
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+ CK_MECHANISM_TYPE hashAlg;
+ CK_RSA_PKCS_MGF_TYPE mgf;
+ CK_ULONG sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+
+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
+
+/* CK_EC_KDF_TYPE is new for v2.11. */
+typedef CK_ULONG CK_EC_KDF_TYPE;
+
+/* The following EC Key Derivation Functions are defined */
+#define CKD_NULL 0x00000001
+#define CKD_SHA1_KDF 0x00000002
+#define CKD_SHA224_KDF 0x00000005
+#define CKD_SHA256_KDF 0x00000006
+#define CKD_SHA384_KDF 0x00000007
+#define CKD_SHA512_KDF 0x00000008
+
+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
+ * where each party contributes one key pair.
+ */
+typedef struct CK_ECDH1_DERIVE_PARAMS {
+ CK_EC_KDF_TYPE kdf;
+ CK_ULONG ulSharedDataLen;
+ CK_BYTE_PTR pSharedData;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+} CK_ECDH1_DERIVE_PARAMS;
+
+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
+
+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
+typedef struct CK_ECDH2_DERIVE_PARAMS {
+ CK_EC_KDF_TYPE kdf;
+ CK_ULONG ulSharedDataLen;
+ CK_BYTE_PTR pSharedData;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+ CK_ULONG ulPrivateDataLen;
+ CK_OBJECT_HANDLE hPrivateData;
+ CK_ULONG ulPublicDataLen2;
+ CK_BYTE_PTR pPublicData2;
+} CK_ECDH2_DERIVE_PARAMS;
+
+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
+
+typedef struct CK_ECMQV_DERIVE_PARAMS {
+ CK_EC_KDF_TYPE kdf;
+ CK_ULONG ulSharedDataLen;
+ CK_BYTE_PTR pSharedData;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+ CK_ULONG ulPrivateDataLen;
+ CK_OBJECT_HANDLE hPrivateData;
+ CK_ULONG ulPublicDataLen2;
+ CK_BYTE_PTR pPublicData2;
+ CK_OBJECT_HANDLE publicKey;
+} CK_ECMQV_DERIVE_PARAMS;
+
+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
+
+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
+
+/* The following X9.42 DH key derivation functions are defined
+ (besides CKD_NULL already defined : */
+#define CKD_SHA1_KDF_ASN1 0x00000003
+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
+
+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
+ * contributes one key pair */
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
+ CK_X9_42_DH_KDF_TYPE kdf;
+ CK_ULONG ulOtherInfoLen;
+ CK_BYTE_PTR pOtherInfo;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+} CK_X9_42_DH1_DERIVE_PARAMS;
+
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
+
+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
+ * mechanisms, where each party contributes two key pairs */
+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
+ CK_X9_42_DH_KDF_TYPE kdf;
+ CK_ULONG ulOtherInfoLen;
+ CK_BYTE_PTR pOtherInfo;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+ CK_ULONG ulPrivateDataLen;
+ CK_OBJECT_HANDLE hPrivateData;
+ CK_ULONG ulPublicDataLen2;
+ CK_BYTE_PTR pPublicData2;
+} CK_X9_42_DH2_DERIVE_PARAMS;
+
+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
+
+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
+ CK_X9_42_DH_KDF_TYPE kdf;
+ CK_ULONG ulOtherInfoLen;
+ CK_BYTE_PTR pOtherInfo;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+ CK_ULONG ulPrivateDataLen;
+ CK_OBJECT_HANDLE hPrivateData;
+ CK_ULONG ulPublicDataLen2;
+ CK_BYTE_PTR pPublicData2;
+ CK_OBJECT_HANDLE publicKey;
+} CK_X9_42_MQV_DERIVE_PARAMS;
+
+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
+
+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
+ * CKM_KEA_DERIVE mechanism */
+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
+typedef struct CK_KEA_DERIVE_PARAMS {
+ CK_BBOOL isSender;
+ CK_ULONG ulRandomLen;
+ CK_BYTE_PTR pRandomA;
+ CK_BYTE_PTR pRandomB;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+} CK_KEA_DERIVE_PARAMS;
+
+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
+
+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
+ * holds the effective keysize */
+typedef CK_ULONG CK_RC2_PARAMS;
+
+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
+
+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
+ * mechanism */
+typedef struct CK_RC2_CBC_PARAMS {
+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
+
+ CK_BYTE iv[8]; /* IV for CBC mode */
+} CK_RC2_CBC_PARAMS;
+
+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
+
+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
+ * CKM_RC2_MAC_GENERAL mechanism */
+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
+} CK_RC2_MAC_GENERAL_PARAMS;
+
+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR
+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
+ * CKM_RC5_MAC mechanisms */
+/* CK_RC5_PARAMS is new for v2.0 */
+typedef struct CK_RC5_PARAMS {
+ CK_ULONG ulWordsize; /* wordsize in bits */
+ CK_ULONG ulRounds; /* number of rounds */
+} CK_RC5_PARAMS;
+
+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
+
+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
+ * mechanism */
+/* CK_RC5_CBC_PARAMS is new for v2.0 */
+typedef struct CK_RC5_CBC_PARAMS {
+ CK_ULONG ulWordsize; /* wordsize in bits */
+ CK_ULONG ulRounds; /* number of rounds */
+ CK_BYTE_PTR pIv; /* pointer to IV */
+ CK_ULONG ulIvLen; /* length of IV in bytes */
+} CK_RC5_CBC_PARAMS;
+
+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
+
+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
+ * CKM_RC5_MAC_GENERAL mechanism */
+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
+ CK_ULONG ulWordsize; /* wordsize in bits */
+ CK_ULONG ulRounds; /* number of rounds */
+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
+} CK_RC5_MAC_GENERAL_PARAMS;
+
+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR
+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
+ * the MAC */
+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
+
+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
+ CK_BYTE iv[8];
+ CK_BYTE_PTR pData;
+ CK_ULONG length;
+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
+ CK_BYTE iv[16];
+ CK_BYTE_PTR pData;
+ CK_ULONG length;
+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
+typedef struct CK_AES_CTR_PARAMS {
+ CK_ULONG ulCounterBits;
+ CK_BYTE cb[16];
+} CK_AES_CTR_PARAMS;
+
+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
+
+/* CK_GCM_PARAMS is new for version 2.30 */
+typedef struct CK_GCM_PARAMS {
+ CK_BYTE_PTR pIv;
+ CK_ULONG ulIvLen;
+ CK_BYTE_PTR pAAD;
+ CK_ULONG ulAADLen;
+ CK_ULONG ulTagBits;
+} CK_GCM_PARAMS;
+
+typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
+
+/* CK_CCM_PARAMS is new for version 2.30 */
+typedef struct CK_CCM_PARAMS {
+ CK_ULONG ulDataLen;
+ CK_BYTE_PTR pNonce;
+ CK_ULONG ulNonceLen;
+ CK_BYTE_PTR pAAD;
+ CK_ULONG ulAADLen;
+ CK_ULONG ulMACLen;
+} CK_CCM_PARAMS;
+
+typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
+
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
+ CK_ULONG ulPasswordLen;
+ CK_BYTE_PTR pPassword;
+ CK_ULONG ulPublicDataLen;
+ CK_BYTE_PTR pPublicData;
+ CK_ULONG ulPAndGLen;
+ CK_ULONG ulQLen;
+ CK_ULONG ulRandomLen;
+ CK_BYTE_PTR pRandomA;
+ CK_BYTE_PTR pPrimeP;
+ CK_BYTE_PTR pBaseG;
+ CK_BYTE_PTR pSubprimeQ;
+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
+
+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR
+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
+
+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
+ * CKM_SKIPJACK_RELAYX mechanism */
+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
+ CK_ULONG ulOldWrappedXLen;
+ CK_BYTE_PTR pOldWrappedX;
+ CK_ULONG ulOldPasswordLen;
+ CK_BYTE_PTR pOldPassword;
+ CK_ULONG ulOldPublicDataLen;
+ CK_BYTE_PTR pOldPublicData;
+ CK_ULONG ulOldRandomLen;
+ CK_BYTE_PTR pOldRandomA;
+ CK_ULONG ulNewPasswordLen;
+ CK_BYTE_PTR pNewPassword;
+ CK_ULONG ulNewPublicDataLen;
+ CK_BYTE_PTR pNewPublicData;
+ CK_ULONG ulNewRandomLen;
+ CK_BYTE_PTR pNewRandomA;
+} CK_SKIPJACK_RELAYX_PARAMS;
+
+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR
+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
+
+typedef struct CK_PBE_PARAMS {
+ CK_BYTE_PTR pInitVector;
+ CK_UTF8CHAR_PTR pPassword;
+ CK_ULONG ulPasswordLen;
+ CK_BYTE_PTR pSalt;
+ CK_ULONG ulSaltLen;
+ CK_ULONG ulIteration;
+} CK_PBE_PARAMS;
+
+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
+
+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
+ * CKM_KEY_WRAP_SET_OAEP mechanism */
+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
+ CK_BYTE bBC; /* block contents byte */
+ CK_BYTE_PTR pX; /* extra data */
+ CK_ULONG ulXLen; /* length of extra data in bytes */
+} CK_KEY_WRAP_SET_OAEP_PARAMS;
+
+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR
+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
+
+typedef struct CK_SSL3_RANDOM_DATA {
+ CK_BYTE_PTR pClientRandom;
+ CK_ULONG ulClientRandomLen;
+ CK_BYTE_PTR pServerRandom;
+ CK_ULONG ulServerRandomLen;
+} CK_SSL3_RANDOM_DATA;
+
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
+ CK_SSL3_RANDOM_DATA RandomInfo;
+ CK_VERSION_PTR pVersion;
+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
+
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR
+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_SSL3_KEY_MAT_OUT {
+ CK_OBJECT_HANDLE hClientMacSecret;
+ CK_OBJECT_HANDLE hServerMacSecret;
+ CK_OBJECT_HANDLE hClientKey;
+ CK_OBJECT_HANDLE hServerKey;
+ CK_BYTE_PTR pIVClient;
+ CK_BYTE_PTR pIVServer;
+} CK_SSL3_KEY_MAT_OUT;
+
+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
+
+typedef struct CK_SSL3_KEY_MAT_PARAMS {
+ CK_ULONG ulMacSizeInBits;
+ CK_ULONG ulKeySizeInBits;
+ CK_ULONG ulIVSizeInBits;
+ CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
+ CK_SSL3_RANDOM_DATA RandomInfo;
+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+} CK_SSL3_KEY_MAT_PARAMS;
+
+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
+
+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
+typedef struct CK_TLS_PRF_PARAMS {
+ CK_BYTE_PTR pSeed;
+ CK_ULONG ulSeedLen;
+ CK_BYTE_PTR pLabel;
+ CK_ULONG ulLabelLen;
+ CK_BYTE_PTR pOutput;
+ CK_ULONG_PTR pulOutputLen;
+} CK_TLS_PRF_PARAMS;
+
+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
+
+/* TLS 1.2 is new for version 2.40 */
+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+ CK_SSL3_RANDOM_DATA RandomInfo;
+ CK_VERSION_PTR pVersion;
+ CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_TLS12_KEY_MAT_PARAMS {
+ CK_ULONG ulMacSizeInBits;
+ CK_ULONG ulKeySizeInBits;
+ CK_ULONG ulIVSizeInBits;
+ CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
+ CK_SSL3_RANDOM_DATA RandomInfo;
+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+ CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_KEY_MAT_PARAMS;
+
+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_KDF_PARAMS {
+ CK_MECHANISM_TYPE prfMechanism;
+ CK_BYTE_PTR pLabel;
+ CK_ULONG ulLabelLength;
+ CK_SSL3_RANDOM_DATA RandomInfo;
+ CK_BYTE_PTR pContextData;
+ CK_ULONG ulContextDataLength;
+} CK_TLS_KDF_PARAMS;
+
+typedef struct CK_TLS_MAC_PARAMS {
+ CK_MECHANISM_TYPE prfMechanism;
+ CK_ULONG ulMacLength;
+ CK_ULONG ulServerOrClient;
+} CK_TLS_MAC_PARAMS;
+
+typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
+
+/* WTLS is new for version 2.20 */
+typedef struct CK_WTLS_RANDOM_DATA {
+ CK_BYTE_PTR pClientRandom;
+ CK_ULONG ulClientRandomLen;
+ CK_BYTE_PTR pServerRandom;
+ CK_ULONG ulServerRandomLen;
+} CK_WTLS_RANDOM_DATA;
+
+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
+
+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
+ CK_MECHANISM_TYPE DigestMechanism;
+ CK_WTLS_RANDOM_DATA RandomInfo;
+ CK_BYTE_PTR pVersion;
+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR
+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_WTLS_PRF_PARAMS {
+ CK_MECHANISM_TYPE DigestMechanism;
+ CK_BYTE_PTR pSeed;
+ CK_ULONG ulSeedLen;
+ CK_BYTE_PTR pLabel;
+ CK_ULONG ulLabelLen;
+ CK_BYTE_PTR pOutput;
+ CK_ULONG_PTR pulOutputLen;
+} CK_WTLS_PRF_PARAMS;
+
+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
+
+typedef struct CK_WTLS_KEY_MAT_OUT {
+ CK_OBJECT_HANDLE hMacSecret;
+ CK_OBJECT_HANDLE hKey;
+ CK_BYTE_PTR pIV;
+} CK_WTLS_KEY_MAT_OUT;
+
+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
+
+typedef struct CK_WTLS_KEY_MAT_PARAMS {
+ CK_MECHANISM_TYPE DigestMechanism;
+ CK_ULONG ulMacSizeInBits;
+ CK_ULONG ulKeySizeInBits;
+ CK_ULONG ulIVSizeInBits;
+ CK_ULONG ulSequenceNumber;
+ CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
+ CK_WTLS_RANDOM_DATA RandomInfo;
+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+} CK_WTLS_KEY_MAT_PARAMS;
+
+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
+
+/* CMS is new for version 2.20 */
+typedef struct CK_CMS_SIG_PARAMS {
+ CK_OBJECT_HANDLE certificateHandle;
+ CK_MECHANISM_PTR pSigningMechanism;
+ CK_MECHANISM_PTR pDigestMechanism;
+ CK_UTF8CHAR_PTR pContentType;
+ CK_BYTE_PTR pRequestedAttributes;
+ CK_ULONG ulRequestedAttributesLen;
+ CK_BYTE_PTR pRequiredAttributes;
+ CK_ULONG ulRequiredAttributesLen;
+} CK_CMS_SIG_PARAMS;
+
+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
+
+typedef struct CK_KEY_DERIVATION_STRING_DATA {
+ CK_BYTE_PTR pData;
+ CK_ULONG ulLen;
+} CK_KEY_DERIVATION_STRING_DATA;
+
+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR
+ CK_KEY_DERIVATION_STRING_DATA_PTR;
+
+/* The CK_EXTRACT_PARAMS is used for the
+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
+ * of the base key should be used as the first bit of the
+ * derived key */
+/* CK_EXTRACT_PARAMS is new for v2.0 */
+typedef CK_ULONG CK_EXTRACT_PARAMS;
+
+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
+
+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
+ * indicate the Pseudo-Random Function (PRF) used to generate
+ * key bits using PKCS #5 PBKDF2. */
+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
+
+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
+
+/* The following PRFs are defined in PKCS #5 v2.1. */
+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
+#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002
+#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003
+#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004
+#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005
+#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006
+#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007
+#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008
+
+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
+ * source of the salt value when deriving a key using PKCS #5
+ * PBKDF2. */
+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
+
+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
+
+/* The following salt value sources are defined in PKCS #5 v2.0. */
+#define CKZ_SALT_SPECIFIED 0x00000001
+
+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
+typedef struct CK_PKCS5_PBKD2_PARAMS {
+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
+ CK_VOID_PTR pSaltSourceData;
+ CK_ULONG ulSaltSourceDataLen;
+ CK_ULONG iterations;
+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
+ CK_VOID_PTR pPrfData;
+ CK_ULONG ulPrfDataLen;
+ CK_UTF8CHAR_PTR pPassword;
+ CK_ULONG_PTR ulPasswordLen;
+} CK_PKCS5_PBKD2_PARAMS;
+
+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
+
+/* NSS Specific defines */
+
+/* defines that have been deprecated in 2.20, but maintained in our
+ * header file for backward compatibility */
+#define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS
+#define CKF_EC_FP CKF_EC_F_P
+/* new in v2.11 deprecated by 2.20 */
+#define CKR_KEY_PARAMS_INVALID 0x0000006B
+
+/* stuff that for historic reasons is in this header file but should have
+ * been in pkcs11n.h */
+#define CKK_INVALID_KEY_TYPE 0xffffffff
+
+/* undo packing */
+#include "pkcs11u.h"
+
+#endif
\ No newline at end of file
--- /dev/null
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security Inc. Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ */
+/*
+ * reset any packing set by pkcs11p.h
+ */
+
+#if defined(_WIN32) || defined(_WINDOWS)
+#ifdef __clang__
+#pragma clang diagnostic ignored "-Wpragma-pack"
+#endif
+#ifdef _MSC_VER
+#pragma warning(disable : 4103)
+#endif
+#pragma pack(pop, cryptoki)
+#endif
\ No newline at end of file