Class

GioTlsCertificate

Description [src]

abstract class Gio.TlsCertificate : GObject.Object {
  parent_instance: GObject,
  priv: GTlsCertificatePrivate*
}

A certificate used for TLS authentication and encryption. This can represent either a certificate only (eg, the certificate received by a client from a server), or the combination of a certificate and a private key (which is needed when acting as a GTlsServerConnection).

Available since:2.28

Hierarchy

hierarchy this GTlsCertificate ancestor_0 GObject ancestor_0--this

Ancestors

Constructors

g_tls_certificate_new_from_file

Creates a GTlsCertificate from the PEM-encoded data in file. The returned certificate will be the first certificate found in file. As of GLib 2.44, if file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTlsCertificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

Available since: 2.28

g_tls_certificate_new_from_files

Creates a GTlsCertificate from the PEM-encoded data in cert_file and key_file. The returned certificate will be the first certificate found in cert_file. As of GLib 2.44, if cert_file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTlsCertificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

Available since: 2.28

g_tls_certificate_new_from_pem

Creates a GTlsCertificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the GTlsCertificate:private-key-pem property for information about supported formats.)

Available since: 2.28

g_tls_certificate_new_from_pkcs11_uris

Creates a GTlsCertificate from a PKCS #11 URI.

Available since: 2.68

Functions

g_tls_certificate_list_new_from_file

Creates one or more GTlsCertificates from the PEM-encoded data in file. If file cannot be read or parsed, the function will return NULL and set error. If file does not contain any PEM-encoded certificates, this will return an empty list and not set error.

Available since: 2.28

Instance methods

g_tls_certificate_get_dns_names

Gets the value of GTlsCertificate:dns-names.

Available since: 2.70

g_tls_certificate_get_ip_addresses

Gets the value of GTlsCertificate:ip-addresses.

Available since: 2.70

g_tls_certificate_get_issuer

Gets the GTlsCertificate representing certs issuer, if known.

Available since: 2.28

g_tls_certificate_get_issuer_name

Returns the issuer name from the certificate.

Available since: 2.70

g_tls_certificate_get_not_valid_after

Returns the time at which the certificate became or will become invalid.

Available since: 2.70

g_tls_certificate_get_not_valid_before

Returns the time at which the certificate became or will become valid.

Available since: 2.70

g_tls_certificate_get_subject_name

Returns the subject name from the certificate.

Available since: 2.70

g_tls_certificate_is_same

Check if two GTlsCertificate objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their GTlsCertificate:issuer, GTlsCertificate:private-key, or GTlsCertificate:private-key-pem properties differ.

Available since: 2.34

g_tls_certificate_verify

This verifies cert and returns a set of GTlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

Available since: 2.28

Methods inherited from GObject (43)

Properties

Gio.TlsCertificate:certificate

The DER (binary) encoded representation of the certificate. This property and the GTlsCertificate:certificate-pem property represent the same data, just in different forms.

Available since: 2.28

Gio.TlsCertificate:certificate-pem

The PEM (ASCII) encoded representation of the certificate. This property and the GTlsCertificate:certificate property represent the same data, just in different forms.

Available since: 2.28

Gio.TlsCertificate:dns-names

The DNS names from the certificate’s Subject Alternative Names (SANs), NULL if unavailable.

Available since: 2.70

Gio.TlsCertificate:ip-addresses

The IP addresses from the certificate’s Subject Alternative Names (SANs), NULL if unavailable.

Available since: 2.70

Gio.TlsCertificate:issuer

A GTlsCertificate representing the entity that issued this certificate. If NULL, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

Available since: 2.28

Gio.TlsCertificate:issuer-name

The issuer from the certificate, NULL if unavailable.

Available since: 2.70

Gio.TlsCertificate:not-valid-after

The time at which this cert is no longer valid, NULL if unavailable.

Available since: 2.70

Gio.TlsCertificate:not-valid-before

The time at which this cert is considered to be valid, NULL if unavailable.

Available since: 2.70

Gio.TlsCertificate:pkcs11-uri

A URI referencing the PKCS #11 objects containing an X.509 certificate and optionally a private key.

Available since: 2.68

Gio.TlsCertificate:private-key

The DER (binary) encoded representation of the certificate’s private key, in either PKCS #1 format or unencrypted PKCS #8 format. PKCS #8 format is supported since 2.32; earlier releases only support PKCS #1. You can use the openssl rsa tool to convert PKCS #8 keys to PKCS #1.

Available since: 2.28

Gio.TlsCertificate:private-key-pem

The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS #1 format (“BEGIN RSA PRIVATE KEY) or unencrypted PKCS #8 format (“BEGIN PRIVATE KEY). PKCS #8 format is supported since 2.32; earlier releases only support PKCS #1. You can use the openssl rsa tool to convert PKCS #8 keys to PKCS #1.

Available since: 2.28

Gio.TlsCertificate:private-key-pkcs11-uri

A URI referencing a PKCS #11 object containing a private key.

Available since: 2.68

Gio.TlsCertificate:subject-name

The subject from the cert, NULL if unavailable.

Available since: 2.70

Signals

Signals inherited from GObject (1)

Class structure

struct GioTlsCertificateClass {
  GObjectClass parent_class;
  GTlsCertificateFlags (* verify) (
    GTlsCertificate* cert,
    GSocketConnectable* identity,
    GTlsCertificate* trusted_ca
  );
  
}
Class members
parent_class
GObjectClass
  No description available.
verify
GTlsCertificateFlags (* verify) (
    GTlsCertificate* cert,
    GSocketConnectable* identity,
    GTlsCertificate* trusted_ca
  )
  No description available.

Virtual methods

Gio.TlsCertificateClass.verify

This verifies cert and returns a set of GTlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

Available since: 2.28