Class

GioTlsCertificate

since: 2.28

Description

abstract class Gio.TlsCertificate : GObject.Object {
  parent_instance: GObject,
  priv: GTlsCertificatePrivate*
}

A certificate used for TLS authentication and encryption. This can represent either a certificate only (eg, the certificate received by a client from a server), or the combination of a certificate and a private key (which is needed when acting as a GTlsServerConnection).

Available since: 2.28

Ancestors

GObject

Constructors

g_tls_certificate_new_from_file

Creates a GTlsCertificate from the data in file.

since: 2.28

g_tls_certificate_new_from_file_with_password

Creates a GTlsCertificate from the data in file.

since: 2.72

g_tls_certificate_new_from_files

Creates a GTlsCertificate from the PEM-encoded data in cert_file and key_file. The returned certificate will be the first certificate found in cert_file. As of GLib 2.44, if cert_file contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTlsCertificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

since: 2.28

g_tls_certificate_new_from_pem

Creates a GTlsCertificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the GTlsCertificate:private-key-pem property for information about supported formats.)

since: 2.28

g_tls_certificate_new_from_pkcs11_uris

Creates a GTlsCertificate from a PKCS #11 URI.

since: 2.68

g_tls_certificate_new_from_pkcs12

Creates a GTlsCertificate from the data in data. It must contain a certificate and matching private key.

since: 2.72

Functions

g_tls_certificate_list_new_from_file

Creates one or more GTlsCertificates from the PEM-encoded data in file. If file cannot be read or parsed, the function will return NULL and set error. If file does not contain any PEM-encoded certificates, this will return an empty list and not set error.

since: 2.28

Instance methods

g_tls_certificate_get_dns_names

Gets the value of GTlsCertificate:dns-names.

since: 2.70

g_tls_certificate_get_ip_addresses

Gets the value of GTlsCertificate:ip-addresses.

since: 2.70

g_tls_certificate_get_issuer

Gets the GTlsCertificate representing cert‘s issuer, if known.

since: 2.28

g_tls_certificate_get_issuer_name

Returns the issuer name from the certificate.

since: 2.70

g_tls_certificate_get_not_valid_after

Returns the time at which the certificate became or will become invalid.

since: 2.70

g_tls_certificate_get_not_valid_before

Returns the time at which the certificate became or will become valid.

since: 2.70

g_tls_certificate_get_subject_name

Returns the subject name from the certificate.

since: 2.70

g_tls_certificate_is_same

Check if two GTlsCertificate objects represent the same certificate. The raw DER byte data of the two certificates are checked for equality. This has the effect that two certificates may compare equal even if their GTlsCertificate:issuer, GTlsCertificate:private-key, or GTlsCertificate:private-key-pem properties differ.

since: 2.34

g_tls_certificate_verify

This verifies cert and returns a set of GTlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

since: 2.28

Methods inherited from GObject (43)

Please see GObject for a full list of methods.

Properties

Gio.TlsCertificate:certificate

The DER (binary) encoded representation of the certificate. This property and the GTlsCertificate:certificate-pem property represent the same data, just in different forms.

since: 2.28

Gio.TlsCertificate:certificate-pem

The PEM (ASCII) encoded representation of the certificate. This property and the GTlsCertificate:certificate property represent the same data, just in different forms.

since: 2.28

Gio.TlsCertificate:dns-names

The DNS names from the certificate’s Subject Alternative Names (SANs), NULL if unavailable.

since: 2.70

Gio.TlsCertificate:ip-addresses

The IP addresses from the certificate’s Subject Alternative Names (SANs), NULL if unavailable.

since: 2.70

Gio.TlsCertificate:issuer

A GTlsCertificate representing the entity that issued this certificate. If NULL, this means that the certificate is either self-signed, or else the certificate of the issuer is not available.

since: 2.28

Gio.TlsCertificate:issuer-name

The issuer from the certificate, NULL if unavailable.

since: 2.70

Gio.TlsCertificate:not-valid-after

The time at which this cert is no longer valid, NULL if unavailable.

since: 2.70

Gio.TlsCertificate:not-valid-before

The time at which this cert is considered to be valid, NULL if unavailable.

since: 2.70

Gio.TlsCertificate:password

An optional password used when constructed with GTlsCertificate:pkcs12-data.

since: 2.72

Gio.TlsCertificate:pkcs11-uri

A URI referencing the PKCS #11 objects containing an X.509 certificate and optionally a private key.

since: 2.68

Gio.TlsCertificate:pkcs12-data

The PKCS #12 formatted data used to construct the object.

since: 2.72

Gio.TlsCertificate:private-key

The DER (binary) encoded representation of the certificate’s private key, in either PKCS #1 format or unencrypted PKCS #8 format. PKCS #8 format is supported since 2.32; earlier releases only support PKCS #1. You can use the openssl rsa tool to convert PKCS #8 keys to PKCS #1.

since: 2.28

Gio.TlsCertificate:private-key-pem

The PEM (ASCII) encoded representation of the certificate’s private key in either PKCS #1 format (“BEGIN RSA PRIVATE KEY“) or unencrypted PKCS #8 format (“BEGIN PRIVATE KEY“). PKCS #8 format is supported since 2.32; earlier releases only support PKCS #1. You can use the openssl rsa tool to convert PKCS #8 keys to PKCS #1.

since: 2.28

Gio.TlsCertificate:private-key-pkcs11-uri

A URI referencing a PKCS #11 object containing a private key.

since: 2.68

Gio.TlsCertificate:subject-name

The subject from the cert, NULL if unavailable.

since: 2.70

Signals

Signals inherited from GObject (1)

GObject::notify

The notify signal is emitted on an object when one of its properties has its value set through g_object_set_property(), g_object_set(), et al.

Class structure

struct GioTlsCertificateClass {
  GObjectClass parent_class;
  GTlsCertificateFlags (* verify) (
    GTlsCertificate* cert,
    GSocketConnectable* identity,
    GTlsCertificate* trusted_ca
  );
  
}

No description available.

Class members

parent_class: GObjectClass: No description available.
verify: GTlsCertificateFlags (* verify) ( GTlsCertificate* cert, GSocketConnectable* identity, GTlsCertificate* trusted_ca ): No description available.

Virtual methods

Gio.TlsCertificateClass.verify

This verifies cert and returns a set of GTlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

since: 2.28