|  |  |  | Gcr Library Reference Manual |  | 
|---|---|---|---|---|
| Top | Description | ||||
| Trust Storage and LookupsTrust Storage and Lookups — Store and lookup bits of information used for verifying certificates. | 
#define GCR_PURPOSE_SERVER_AUTH #define GCR_PURPOSE_CLIENT_AUTH #define GCR_PURPOSE_EMAIL #define GCR_PURPOSE_CODE_SIGNING gboolean gcr_trust_is_certificate_anchored (GcrCertificate *certificate,const gchar *purpose,GCancellable *cancellable,GError **error); void gcr_trust_is_certificate_anchored_async (GcrCertificate *certificate,const gchar *purpose,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data); gboolean gcr_trust_is_certificate_anchored_finish (GAsyncResult *result,GError **error); gboolean gcr_trust_is_certificate_pinned (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GError **error); void gcr_trust_is_certificate_pinned_async (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data); gboolean gcr_trust_is_certificate_pinned_finish (GAsyncResult *result,GError **error); gboolean gcr_trust_add_pinned_certificate (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GError **error); void gcr_trust_add_pinned_certificate_async (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data); gboolean gcr_trust_add_pinned_certificate_finish (GAsyncResult *result,GError **error); gboolean gcr_trust_remove_pinned_certificate (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GError **error); void gcr_trust_remove_pinned_certificate_async (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data); gboolean gcr_trust_remove_pinned_certificate_finish (GAsyncResult *result,GError **error);
These functions provide access to stored information about which certificates the system and user trusts as certificate authority trust anchors, or overrides to the normal verification of certificates.
Trust anchors are used to verify the certificate authority in a certificate
chain. Trust anchors are always valid for a given purpose. The most common
purpose is the GCR_PURPOSE_SERVER_AUTH and is used for a client application
to verify that the certificate at the server side of a TLS connection is
authorized to act as such. To check if a certificate is a trust anchor use
gcr_trust_is_certificate_anchored().
Pinned certificates are used when a user overrides the default trust
decision for a given certificate. They're often used with self-signed
certificates. Pinned certificates are always only valid for a single peer
such as the remote host with which TLS is being performed. To lookup
pinned certificates use gcr_trust_is_certificate_pinned().
After the user has requested to override the trust decision
about a given certificate then a pinned certificates can be added by using
the gcr_trust_add_pinned_certificate() function.
These functions do not constitute a viable method for verifying certificates used in TLS or other locations. Instead they support such verification by providing some of the needed data for a trust decision.
The storage is provided by pluggable PKCS#11 modules.
#define GCR_PURPOSE_SERVER_AUTH "1.3.6.1.5.5.7.3.1"
The purpose used to verify the server certificate in a TLS connection. This is the most common purpose in use.
#define GCR_PURPOSE_CLIENT_AUTH "1.3.6.1.5.5.7.3.2"
The purpose used to verify the client certificate in a TLS connection.
#define GCR_PURPOSE_EMAIL "1.3.6.1.5.5.7.3.4"
The purpose used to verify certificates that are used in email communication such as S/MIME.
#define GCR_PURPOSE_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
The purpose used to verify certificate used for the signature on signed code.
gboolean gcr_trust_is_certificate_anchored (GcrCertificate *certificate,const gchar *purpose,GCancellable *cancellable,GError **error);
Check if the certificate is a trust anchor for the given purpose. A trust
anchor is used to verify the signatures on other certificates when verifying
a certificate chain. Also known as a trusted certificate authority.
This call may block, see gcr_trust_is_certificate_anchored_async() for the
non-blocking version.
In the case of an error, FALSE is also returned. Check error to detect
if an error occurred.
| 
 | a GcrCertificate to check | 
| 
 | the purpose string | 
| 
 | a GCancellable | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the certificate is a trust anchor | 
void gcr_trust_is_certificate_anchored_async (GcrCertificate *certificate,const gchar *purpose,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data);
Check if the certificate is a trust anchor for the given purpose. A trust
anchor is used to verify the signatures on other certificates when verifying
a certificate chain. Also known as a trusted certificate authority.
When the operation is finished, callback will be called. You can then call
gcr_trust_is_certificate_anchored_finish() to get the result of the operation.
| 
 | a GcrCertificate to check | 
| 
 | the purpose string | 
| 
 | a GCancellable | 
| 
 | a GAsyncReadyCallback to call when the operation completes | 
| 
 | the data to pass to callback function | 
gboolean gcr_trust_is_certificate_anchored_finish (GAsyncResult *result,GError **error);
Finishes an asynchronous operation started by
gcr_trust_is_certificate_anchored_async().
In the case of an error, FALSE is also returned. Check error to detect
if an error occurred.
| 
 | the GAsyncResult passed to the callback | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the certificate is a trust anchor | 
gboolean gcr_trust_is_certificate_pinned (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GError **error);
Check if certificate is pinned for purpose to communicate with peer.
A pinned certificate overrides all other certificate verification.
This call may block, see gcr_trust_is_certificate_pinned_async() for the
non-blocking version.
In the case of an error, FALSE is also returned. Check error to detect
if an error occurred.
| 
 | a GcrCertificate to check | 
| 
 | the purpose string | 
| 
 | the peer for this pinned | 
| 
 | a GCancellable | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the certificate is pinned for the host and purpose | 
void gcr_trust_is_certificate_pinned_async (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data);
Check if certificate is pinned for purpose to communicate with peer. A
pinned certificate overrides all other certificate verification.
When the operation is finished, callback will be called. You can then call
gcr_trust_is_certificate_pinned_finish() to get the result of the
operation.
| 
 | a GcrCertificate to check | 
| 
 | the purpose string | 
| 
 | the peer for this pinned | 
| 
 | a GCancellable | 
| 
 | a GAsyncReadyCallback to call when the operation completes | 
| 
 | the data to pass to callback function | 
gboolean gcr_trust_is_certificate_pinned_finish (GAsyncResult *result,GError **error);
Finishes an asynchronous operation started by
gcr_trust_is_certificate_pinned_async().
In the case of an error, FALSE is also returned. Check error to detect
if an error occurred.
| 
 | the GAsyncResult passed to the callback | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the certificate is pinned. | 
gboolean gcr_trust_add_pinned_certificate (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GError **error);
Add a pinned certificate for connections to peer for purpose. A pinned
certificate overrides all other certificate verification and should be
used with care.
If the same pinned certificate already exists, then this operation does not add another, and succeeds without error.
This call may block, see gcr_trust_add_pinned_certificate_async() for the
non-blocking version.
| 
 | a GcrCertificate | 
| 
 | the purpose string | 
| 
 | the peer for this pinned certificate | 
| 
 | a GCancellable | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the pinned certificate is recorded successfully | 
void gcr_trust_add_pinned_certificate_async (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data);
Add a pinned certificate for communication with peer for purpose. A pinned
certificate overrides all other certificate verification and should be used
with care.
If the same pinned certificate already exists, then this operation does not add another, and succeeds without error.
When the operation is finished, callback will be called. You can then call
gcr_trust_add_pinned_certificate_finish() to get the result of the
operation.
| 
 | a GcrCertificate | 
| 
 | the purpose string | 
| 
 | the peer for this pinned certificate | 
| 
 | a GCancellable | 
| 
 | a GAsyncReadyCallback to call when the operation completes | 
| 
 | the data to pass to callback function | 
gboolean gcr_trust_add_pinned_certificate_finish (GAsyncResult *result,GError **error);
Finishes an asynchronous operation started by
gcr_trust_add_pinned_certificate_async().
| 
 | the GAsyncResult passed to the callback | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the pinned certificate is recorded successfully | 
gboolean gcr_trust_remove_pinned_certificate (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GError **error);
Remove a pinned certificate for communication with peer for purpose.
If the same pinned certificate does not exist, or was already removed, then this operation succeeds without error.
This call may block, see gcr_trust_remove_pinned_certificate_async() for the
non-blocking version.
| 
 | a GcrCertificate | 
| 
 | the purpose string | 
| 
 | the peer for this pinned certificate | 
| 
 | a GCancellable | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the pinned certificate no longer exists | 
void gcr_trust_remove_pinned_certificate_async (GcrCertificate *certificate,const gchar *purpose,const gchar *peer,GCancellable *cancellable,GAsyncReadyCallback callback,gpointer user_data);
Remove a pinned certificate for communication with peer for purpose.
If the same pinned certificate does not exist, or was already removed, then this operation succeeds without error.
When the operation is finished, callback will be called. You can then call
gcr_trust_remove_pinned_certificate_finish() to get the result of the
operation.
| 
 | a GcrCertificate | 
| 
 | the purpose string | 
| 
 | the peer for this pinned certificate | 
| 
 | a GCancellable | 
| 
 | a GAsyncReadyCallback to call when the operation completes | 
| 
 | the data to pass to callback function | 
gboolean gcr_trust_remove_pinned_certificate_finish (GAsyncResult *result,GError **error);
Finishes an asynchronous operation started by
gcr_trust_remove_pinned_certificate_async().
| 
 | the GAsyncResult passed to the callback | 
| 
 | a GError, or NULL | 
| Returns : | TRUEif the pinned certificate no longer exists |