1 /* 2 * This file is part of gtkD. 3 * 4 * gtkD is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU Lesser General Public License 6 * as published by the Free Software Foundation; either version 3 7 * of the License, or (at your option) any later version, with 8 * some exceptions, please read the COPYING file. 9 * 10 * gtkD is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public License 16 * along with gtkD; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA 18 */ 19 20 // generated automatically - do not change 21 // find conversion definition on APILookup.txt 22 // implement new conversion functionalities on the wrap.utils pakage 23 24 25 module gio.DtlsConnectionT; 26 27 public import gio.AsyncResultIF; 28 public import gio.Cancellable; 29 public import gio.TlsCertificate; 30 public import gio.TlsDatabase; 31 public import gio.TlsInteraction; 32 public import gio.c.functions; 33 public import gio.c.types; 34 public import glib.ErrorG; 35 public import glib.GException; 36 public import glib.Str; 37 public import gobject.ObjectG; 38 public import gobject.Signals; 39 public import gtkc.giotypes; 40 public import std.algorithm; 41 42 43 /** 44 * #GDtlsConnection is the base DTLS connection class type, which wraps 45 * a #GDatagramBased and provides DTLS encryption on top of it. Its 46 * subclasses, #GDtlsClientConnection and #GDtlsServerConnection, 47 * implement client-side and server-side DTLS, respectively. 48 * 49 * For TLS support, see #GTlsConnection. 50 * 51 * As DTLS is datagram based, #GDtlsConnection implements #GDatagramBased, 52 * presenting a datagram-socket-like API for the encrypted connection. This 53 * operates over a base datagram connection, which is also a #GDatagramBased 54 * (#GDtlsConnection:base-socket). 55 * 56 * To close a DTLS connection, use g_dtls_connection_close(). 57 * 58 * Neither #GDtlsServerConnection or #GDtlsClientConnection set the peer address 59 * on their base #GDatagramBased if it is a #GSocket — it is up to the caller to 60 * do that if they wish. If they do not, and g_socket_close() is called on the 61 * base socket, the #GDtlsConnection will not raise a %G_IO_ERROR_NOT_CONNECTED 62 * error on further I/O. 63 * 64 * Since: 2.48 65 */ 66 public template DtlsConnectionT(TStruct) 67 { 68 /** Get the main Gtk struct */ 69 public GDtlsConnection* getDtlsConnectionStruct(bool transferOwnership = false) 70 { 71 if (transferOwnership) 72 ownedRef = false; 73 return cast(GDtlsConnection*)getStruct(); 74 } 75 76 77 /** 78 * Close the DTLS connection. This is equivalent to calling 79 * g_dtls_connection_shutdown() to shut down both sides of the connection. 80 * 81 * Closing a #GDtlsConnection waits for all buffered but untransmitted data to 82 * be sent before it completes. It then sends a `close_notify` DTLS alert to the 83 * peer and may wait for a `close_notify` to be received from the peer. It does 84 * not close the underlying #GDtlsConnection:base-socket; that must be closed 85 * separately. 86 * 87 * Once @conn is closed, all other operations will return %G_IO_ERROR_CLOSED. 88 * Closing a #GDtlsConnection multiple times will not return an error. 89 * 90 * #GDtlsConnections will be automatically closed when the last reference is 91 * dropped, but you might want to call this function to make sure resources are 92 * released as early as possible. 93 * 94 * If @cancellable is cancelled, the #GDtlsConnection may be left 95 * partially-closed and any pending untransmitted data may be lost. Call 96 * g_dtls_connection_close() again to complete closing the #GDtlsConnection. 97 * 98 * Params: 99 * cancellable = a #GCancellable, or %NULL 100 * 101 * Returns: %TRUE on success, %FALSE otherwise 102 * 103 * Since: 2.48 104 * 105 * Throws: GException on failure. 106 */ 107 public bool close(Cancellable cancellable) 108 { 109 GError* err = null; 110 111 auto p = g_dtls_connection_close(getDtlsConnectionStruct(), (cancellable is null) ? null : cancellable.getCancellableStruct(), &err) != 0; 112 113 if (err !is null) 114 { 115 throw new GException( new ErrorG(err) ); 116 } 117 118 return p; 119 } 120 121 /** 122 * Asynchronously close the DTLS connection. See g_dtls_connection_close() for 123 * more information. 124 * 125 * Params: 126 * ioPriority = the [I/O priority][io-priority] of the request 127 * cancellable = a #GCancellable, or %NULL 128 * callback = callback to call when the close operation is complete 129 * userData = the data to pass to the callback function 130 * 131 * Since: 2.48 132 */ 133 public void closeAsync(int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData) 134 { 135 g_dtls_connection_close_async(getDtlsConnectionStruct(), ioPriority, (cancellable is null) ? null : cancellable.getCancellableStruct(), callback, userData); 136 } 137 138 /** 139 * Finish an asynchronous TLS close operation. See g_dtls_connection_close() 140 * for more information. 141 * 142 * Params: 143 * result = a #GAsyncResult 144 * 145 * Returns: %TRUE on success, %FALSE on failure, in which 146 * case @error will be set 147 * 148 * Since: 2.48 149 * 150 * Throws: GException on failure. 151 */ 152 public bool closeFinish(AsyncResultIF result) 153 { 154 GError* err = null; 155 156 auto p = g_dtls_connection_close_finish(getDtlsConnectionStruct(), (result is null) ? null : result.getAsyncResultStruct(), &err) != 0; 157 158 if (err !is null) 159 { 160 throw new GException( new ErrorG(err) ); 161 } 162 163 return p; 164 } 165 166 /** 167 * Used by #GDtlsConnection implementations to emit the 168 * #GDtlsConnection::accept-certificate signal. 169 * 170 * Params: 171 * peerCert = the peer's #GTlsCertificate 172 * errors = the problems with @peer_cert 173 * 174 * Returns: %TRUE if one of the signal handlers has returned 175 * %TRUE to accept @peer_cert 176 * 177 * Since: 2.48 178 */ 179 public bool emitAcceptCertificate(TlsCertificate peerCert, GTlsCertificateFlags errors) 180 { 181 return g_dtls_connection_emit_accept_certificate(getDtlsConnectionStruct(), (peerCert is null) ? null : peerCert.getTlsCertificateStruct(), errors) != 0; 182 } 183 184 /** 185 * Gets @conn's certificate, as set by 186 * g_dtls_connection_set_certificate(). 187 * 188 * Returns: @conn's certificate, or %NULL 189 * 190 * Since: 2.48 191 */ 192 public TlsCertificate getCertificate() 193 { 194 auto p = g_dtls_connection_get_certificate(getDtlsConnectionStruct()); 195 196 if(p is null) 197 { 198 return null; 199 } 200 201 return ObjectG.getDObject!(TlsCertificate)(cast(GTlsCertificate*) p); 202 } 203 204 /** 205 * Gets the certificate database that @conn uses to verify 206 * peer certificates. See g_dtls_connection_set_database(). 207 * 208 * Returns: the certificate database that @conn uses or %NULL 209 * 210 * Since: 2.48 211 */ 212 public TlsDatabase getDatabase() 213 { 214 auto p = g_dtls_connection_get_database(getDtlsConnectionStruct()); 215 216 if(p is null) 217 { 218 return null; 219 } 220 221 return ObjectG.getDObject!(TlsDatabase)(cast(GTlsDatabase*) p); 222 } 223 224 /** 225 * Get the object that will be used to interact with the user. It will be used 226 * for things like prompting the user for passwords. If %NULL is returned, then 227 * no user interaction will occur for this connection. 228 * 229 * Returns: The interaction object. 230 * 231 * Since: 2.48 232 */ 233 public TlsInteraction getInteraction() 234 { 235 auto p = g_dtls_connection_get_interaction(getDtlsConnectionStruct()); 236 237 if(p is null) 238 { 239 return null; 240 } 241 242 return ObjectG.getDObject!(TlsInteraction)(cast(GTlsInteraction*) p); 243 } 244 245 /** 246 * Gets the name of the application-layer protocol negotiated during 247 * the handshake. 248 * 249 * If the peer did not use the ALPN extension, or did not advertise a 250 * protocol that matched one of @conn's protocols, or the TLS backend 251 * does not support ALPN, then this will be %NULL. See 252 * g_dtls_connection_set_advertised_protocols(). 253 * 254 * Returns: the negotiated protocol, or %NULL 255 * 256 * Since: 2.60 257 */ 258 public string getNegotiatedProtocol() 259 { 260 return Str.toString(g_dtls_connection_get_negotiated_protocol(getDtlsConnectionStruct())); 261 } 262 263 /** 264 * Gets @conn's peer's certificate after the handshake has completed. 265 * (It is not set during the emission of 266 * #GDtlsConnection::accept-certificate.) 267 * 268 * Returns: @conn's peer's certificate, or %NULL 269 * 270 * Since: 2.48 271 */ 272 public TlsCertificate getPeerCertificate() 273 { 274 auto p = g_dtls_connection_get_peer_certificate(getDtlsConnectionStruct()); 275 276 if(p is null) 277 { 278 return null; 279 } 280 281 return ObjectG.getDObject!(TlsCertificate)(cast(GTlsCertificate*) p); 282 } 283 284 /** 285 * Gets the errors associated with validating @conn's peer's 286 * certificate, after the handshake has completed. (It is not set 287 * during the emission of #GDtlsConnection::accept-certificate.) 288 * 289 * Returns: @conn's peer's certificate errors 290 * 291 * Since: 2.48 292 */ 293 public GTlsCertificateFlags getPeerCertificateErrors() 294 { 295 return g_dtls_connection_get_peer_certificate_errors(getDtlsConnectionStruct()); 296 } 297 298 /** 299 * Gets @conn rehandshaking mode. See 300 * g_dtls_connection_set_rehandshake_mode() for details. 301 * 302 * Returns: @conn's rehandshaking mode 303 * 304 * Since: 2.48 305 */ 306 public GTlsRehandshakeMode getRehandshakeMode() 307 { 308 return g_dtls_connection_get_rehandshake_mode(getDtlsConnectionStruct()); 309 } 310 311 /** 312 * Tests whether or not @conn expects a proper TLS close notification 313 * when the connection is closed. See 314 * g_dtls_connection_set_require_close_notify() for details. 315 * 316 * Returns: %TRUE if @conn requires a proper TLS close notification. 317 * 318 * Since: 2.48 319 */ 320 public bool getRequireCloseNotify() 321 { 322 return g_dtls_connection_get_require_close_notify(getDtlsConnectionStruct()) != 0; 323 } 324 325 /** 326 * Attempts a TLS handshake on @conn. 327 * 328 * On the client side, it is never necessary to call this method; 329 * although the connection needs to perform a handshake after 330 * connecting (or after sending a "STARTTLS"-type command) and may 331 * need to rehandshake later if the server requests it, 332 * #GDtlsConnection will handle this for you automatically when you try 333 * to send or receive data on the connection. However, you can call 334 * g_dtls_connection_handshake() manually if you want to know for sure 335 * whether the initial handshake succeeded or failed (as opposed to 336 * just immediately trying to write to @conn, in which 337 * case if it fails, it may not be possible to tell if it failed 338 * before or after completing the handshake). 339 * 340 * Likewise, on the server side, although a handshake is necessary at 341 * the beginning of the communication, you do not need to call this 342 * function explicitly unless you want clearer error reporting. 343 * 344 * If TLS 1.2 or older is in use, you may call 345 * g_dtls_connection_handshake() after the initial handshake to 346 * rehandshake; however, this usage is deprecated because rehandshaking 347 * is no longer part of the TLS protocol in TLS 1.3. Accordingly, the 348 * behavior of calling this function after the initial handshake is now 349 * undefined, except it is guaranteed to be reasonable and 350 * nondestructive so as to preserve compatibility with code written for 351 * older versions of GLib. 352 * 353 * #GDtlsConnection::accept_certificate may be emitted during the 354 * handshake. 355 * 356 * Params: 357 * cancellable = a #GCancellable, or %NULL 358 * 359 * Returns: success or failure 360 * 361 * Since: 2.48 362 * 363 * Throws: GException on failure. 364 */ 365 public bool handshake(Cancellable cancellable) 366 { 367 GError* err = null; 368 369 auto p = g_dtls_connection_handshake(getDtlsConnectionStruct(), (cancellable is null) ? null : cancellable.getCancellableStruct(), &err) != 0; 370 371 if (err !is null) 372 { 373 throw new GException( new ErrorG(err) ); 374 } 375 376 return p; 377 } 378 379 /** 380 * Asynchronously performs a TLS handshake on @conn. See 381 * g_dtls_connection_handshake() for more information. 382 * 383 * Params: 384 * ioPriority = the [I/O priority][io-priority] of the request 385 * cancellable = a #GCancellable, or %NULL 386 * callback = callback to call when the handshake is complete 387 * userData = the data to pass to the callback function 388 * 389 * Since: 2.48 390 */ 391 public void handshakeAsync(int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData) 392 { 393 g_dtls_connection_handshake_async(getDtlsConnectionStruct(), ioPriority, (cancellable is null) ? null : cancellable.getCancellableStruct(), callback, userData); 394 } 395 396 /** 397 * Finish an asynchronous TLS handshake operation. See 398 * g_dtls_connection_handshake() for more information. 399 * 400 * Params: 401 * result = a #GAsyncResult. 402 * 403 * Returns: %TRUE on success, %FALSE on failure, in which 404 * case @error will be set. 405 * 406 * Since: 2.48 407 * 408 * Throws: GException on failure. 409 */ 410 public bool handshakeFinish(AsyncResultIF result) 411 { 412 GError* err = null; 413 414 auto p = g_dtls_connection_handshake_finish(getDtlsConnectionStruct(), (result is null) ? null : result.getAsyncResultStruct(), &err) != 0; 415 416 if (err !is null) 417 { 418 throw new GException( new ErrorG(err) ); 419 } 420 421 return p; 422 } 423 424 /** 425 * Sets the list of application-layer protocols to advertise that the 426 * caller is willing to speak on this connection. The 427 * Application-Layer Protocol Negotiation (ALPN) extension will be 428 * used to negotiate a compatible protocol with the peer; use 429 * g_dtls_connection_get_negotiated_protocol() to find the negotiated 430 * protocol after the handshake. Specifying %NULL for the the value 431 * of @protocols will disable ALPN negotiation. 432 * 433 * See [IANA TLS ALPN Protocol IDs](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids) 434 * for a list of registered protocol IDs. 435 * 436 * Params: 437 * protocols = a %NULL-terminated 438 * array of ALPN protocol names (eg, "http/1.1", "h2"), or %NULL 439 * 440 * Since: 2.60 441 */ 442 public void setAdvertisedProtocols(string[] protocols) 443 { 444 g_dtls_connection_set_advertised_protocols(getDtlsConnectionStruct(), Str.toStringzArray(protocols)); 445 } 446 447 /** 448 * This sets the certificate that @conn will present to its peer 449 * during the TLS handshake. For a #GDtlsServerConnection, it is 450 * mandatory to set this, and that will normally be done at construct 451 * time. 452 * 453 * For a #GDtlsClientConnection, this is optional. If a handshake fails 454 * with %G_TLS_ERROR_CERTIFICATE_REQUIRED, that means that the server 455 * requires a certificate, and if you try connecting again, you should 456 * call this method first. You can call 457 * g_dtls_client_connection_get_accepted_cas() on the failed connection 458 * to get a list of Certificate Authorities that the server will 459 * accept certificates from. 460 * 461 * (It is also possible that a server will allow the connection with 462 * or without a certificate; in that case, if you don't provide a 463 * certificate, you can tell that the server requested one by the fact 464 * that g_dtls_client_connection_get_accepted_cas() will return 465 * non-%NULL.) 466 * 467 * Params: 468 * certificate = the certificate to use for @conn 469 * 470 * Since: 2.48 471 */ 472 public void setCertificate(TlsCertificate certificate) 473 { 474 g_dtls_connection_set_certificate(getDtlsConnectionStruct(), (certificate is null) ? null : certificate.getTlsCertificateStruct()); 475 } 476 477 /** 478 * Sets the certificate database that is used to verify peer certificates. 479 * This is set to the default database by default. See 480 * g_tls_backend_get_default_database(). If set to %NULL, then 481 * peer certificate validation will always set the 482 * %G_TLS_CERTIFICATE_UNKNOWN_CA error (meaning 483 * #GDtlsConnection::accept-certificate will always be emitted on 484 * client-side connections, unless that bit is not set in 485 * #GDtlsClientConnection:validation-flags). 486 * 487 * Params: 488 * database = a #GTlsDatabase 489 * 490 * Since: 2.48 491 */ 492 public void setDatabase(TlsDatabase database) 493 { 494 g_dtls_connection_set_database(getDtlsConnectionStruct(), (database is null) ? null : database.getTlsDatabaseStruct()); 495 } 496 497 /** 498 * Set the object that will be used to interact with the user. It will be used 499 * for things like prompting the user for passwords. 500 * 501 * The @interaction argument will normally be a derived subclass of 502 * #GTlsInteraction. %NULL can also be provided if no user interaction 503 * should occur for this connection. 504 * 505 * Params: 506 * interaction = an interaction object, or %NULL 507 * 508 * Since: 2.48 509 */ 510 public void setInteraction(TlsInteraction interaction) 511 { 512 g_dtls_connection_set_interaction(getDtlsConnectionStruct(), (interaction is null) ? null : interaction.getTlsInteractionStruct()); 513 } 514 515 /** 516 * Sets how @conn behaves with respect to rehandshaking requests. 517 * 518 * %G_TLS_REHANDSHAKE_NEVER means that it will never agree to 519 * rehandshake after the initial handshake is complete. (For a client, 520 * this means it will refuse rehandshake requests from the server, and 521 * for a server, this means it will close the connection with an error 522 * if the client attempts to rehandshake.) 523 * 524 * %G_TLS_REHANDSHAKE_SAFELY means that the connection will allow a 525 * rehandshake only if the other end of the connection supports the 526 * TLS `renegotiation_info` extension. This is the default behavior, 527 * but means that rehandshaking will not work against older 528 * implementations that do not support that extension. 529 * 530 * %G_TLS_REHANDSHAKE_UNSAFELY means that the connection will allow 531 * rehandshaking even without the `renegotiation_info` extension. On 532 * the server side in particular, this is not recommended, since it 533 * leaves the server open to certain attacks. However, this mode is 534 * necessary if you need to allow renegotiation with older client 535 * software. 536 * 537 * Deprecated: Changing the rehandshake mode is no longer 538 * required for compatibility. Also, rehandshaking has been removed 539 * from the TLS protocol in TLS 1.3. 540 * 541 * Params: 542 * mode = the rehandshaking mode 543 * 544 * Since: 2.48 545 */ 546 public void setRehandshakeMode(GTlsRehandshakeMode mode) 547 { 548 g_dtls_connection_set_rehandshake_mode(getDtlsConnectionStruct(), mode); 549 } 550 551 /** 552 * Sets whether or not @conn expects a proper TLS close notification 553 * before the connection is closed. If this is %TRUE (the default), 554 * then @conn will expect to receive a TLS close notification from its 555 * peer before the connection is closed, and will return a 556 * %G_TLS_ERROR_EOF error if the connection is closed without proper 557 * notification (since this may indicate a network error, or 558 * man-in-the-middle attack). 559 * 560 * In some protocols, the application will know whether or not the 561 * connection was closed cleanly based on application-level data 562 * (because the application-level data includes a length field, or is 563 * somehow self-delimiting); in this case, the close notify is 564 * redundant and may be omitted. You 565 * can use g_dtls_connection_set_require_close_notify() to tell @conn 566 * to allow an "unannounced" connection close, in which case the close 567 * will show up as a 0-length read, as in a non-TLS 568 * #GDatagramBased, and it is up to the application to check that 569 * the data has been fully received. 570 * 571 * Note that this only affects the behavior when the peer closes the 572 * connection; when the application calls g_dtls_connection_close_async() on 573 * @conn itself, this will send a close notification regardless of the 574 * setting of this property. If you explicitly want to do an unclean 575 * close, you can close @conn's #GDtlsConnection:base-socket rather 576 * than closing @conn itself. 577 * 578 * Params: 579 * requireCloseNotify = whether or not to require close notification 580 * 581 * Since: 2.48 582 */ 583 public void setRequireCloseNotify(bool requireCloseNotify) 584 { 585 g_dtls_connection_set_require_close_notify(getDtlsConnectionStruct(), requireCloseNotify); 586 } 587 588 /** 589 * Shut down part or all of a DTLS connection. 590 * 591 * If @shutdown_read is %TRUE then the receiving side of the connection is shut 592 * down, and further reading is disallowed. Subsequent calls to 593 * g_datagram_based_receive_messages() will return %G_IO_ERROR_CLOSED. 594 * 595 * If @shutdown_write is %TRUE then the sending side of the connection is shut 596 * down, and further writing is disallowed. Subsequent calls to 597 * g_datagram_based_send_messages() will return %G_IO_ERROR_CLOSED. 598 * 599 * It is allowed for both @shutdown_read and @shutdown_write to be TRUE — this 600 * is equivalent to calling g_dtls_connection_close(). 601 * 602 * If @cancellable is cancelled, the #GDtlsConnection may be left 603 * partially-closed and any pending untransmitted data may be lost. Call 604 * g_dtls_connection_shutdown() again to complete closing the #GDtlsConnection. 605 * 606 * Params: 607 * shutdownRead = %TRUE to stop reception of incoming datagrams 608 * shutdownWrite = %TRUE to stop sending outgoing datagrams 609 * cancellable = a #GCancellable, or %NULL 610 * 611 * Returns: %TRUE on success, %FALSE otherwise 612 * 613 * Since: 2.48 614 * 615 * Throws: GException on failure. 616 */ 617 public bool shutdown(bool shutdownRead, bool shutdownWrite, Cancellable cancellable) 618 { 619 GError* err = null; 620 621 auto p = g_dtls_connection_shutdown(getDtlsConnectionStruct(), shutdownRead, shutdownWrite, (cancellable is null) ? null : cancellable.getCancellableStruct(), &err) != 0; 622 623 if (err !is null) 624 { 625 throw new GException( new ErrorG(err) ); 626 } 627 628 return p; 629 } 630 631 /** 632 * Asynchronously shut down part or all of the DTLS connection. See 633 * g_dtls_connection_shutdown() for more information. 634 * 635 * Params: 636 * shutdownRead = %TRUE to stop reception of incoming datagrams 637 * shutdownWrite = %TRUE to stop sending outgoing datagrams 638 * ioPriority = the [I/O priority][io-priority] of the request 639 * cancellable = a #GCancellable, or %NULL 640 * callback = callback to call when the shutdown operation is complete 641 * userData = the data to pass to the callback function 642 * 643 * Since: 2.48 644 */ 645 public void shutdownAsync(bool shutdownRead, bool shutdownWrite, int ioPriority, Cancellable cancellable, GAsyncReadyCallback callback, void* userData) 646 { 647 g_dtls_connection_shutdown_async(getDtlsConnectionStruct(), shutdownRead, shutdownWrite, ioPriority, (cancellable is null) ? null : cancellable.getCancellableStruct(), callback, userData); 648 } 649 650 /** 651 * Finish an asynchronous TLS shutdown operation. See 652 * g_dtls_connection_shutdown() for more information. 653 * 654 * Params: 655 * result = a #GAsyncResult 656 * 657 * Returns: %TRUE on success, %FALSE on failure, in which 658 * case @error will be set 659 * 660 * Since: 2.48 661 * 662 * Throws: GException on failure. 663 */ 664 public bool shutdownFinish(AsyncResultIF result) 665 { 666 GError* err = null; 667 668 auto p = g_dtls_connection_shutdown_finish(getDtlsConnectionStruct(), (result is null) ? null : result.getAsyncResultStruct(), &err) != 0; 669 670 if (err !is null) 671 { 672 throw new GException( new ErrorG(err) ); 673 } 674 675 return p; 676 } 677 678 /** 679 * Emitted during the TLS handshake after the peer certificate has 680 * been received. You can examine @peer_cert's certification path by 681 * calling g_tls_certificate_get_issuer() on it. 682 * 683 * For a client-side connection, @peer_cert is the server's 684 * certificate, and the signal will only be emitted if the 685 * certificate was not acceptable according to @conn's 686 * #GDtlsClientConnection:validation_flags. If you would like the 687 * certificate to be accepted despite @errors, return %TRUE from the 688 * signal handler. Otherwise, if no handler accepts the certificate, 689 * the handshake will fail with %G_TLS_ERROR_BAD_CERTIFICATE. 690 * 691 * For a server-side connection, @peer_cert is the certificate 692 * presented by the client, if this was requested via the server's 693 * #GDtlsServerConnection:authentication_mode. On the server side, 694 * the signal is always emitted when the client presents a 695 * certificate, and the certificate will only be accepted if a 696 * handler returns %TRUE. 697 * 698 * Note that if this signal is emitted as part of asynchronous I/O 699 * in the main thread, then you should not attempt to interact with 700 * the user before returning from the signal handler. If you want to 701 * let the user decide whether or not to accept the certificate, you 702 * would have to return %FALSE from the signal handler on the first 703 * attempt, and then after the connection attempt returns a 704 * %G_TLS_ERROR_BAD_CERTIFICATE, you can interact with the user, and 705 * if the user decides to accept the certificate, remember that fact, 706 * create a new connection, and return %TRUE from the signal handler 707 * the next time. 708 * 709 * If you are doing I/O in another thread, you do not 710 * need to worry about this, and can simply block in the signal 711 * handler until the UI thread returns an answer. 712 * 713 * Params: 714 * peerCert = the peer's #GTlsCertificate 715 * errors = the problems with @peer_cert. 716 * 717 * Returns: %TRUE to accept @peer_cert (which will also 718 * immediately end the signal emission). %FALSE to allow the signal 719 * emission to continue, which will cause the handshake to fail if 720 * no one else overrides it. 721 * 722 * Since: 2.48 723 */ 724 gulong addOnAcceptCertificate(bool delegate(TlsCertificate, GTlsCertificateFlags, DtlsConnectionIF) dlg, ConnectFlags connectFlags=cast(ConnectFlags)0) 725 { 726 return Signals.connect(this, "accept-certificate", dlg, connectFlags ^ ConnectFlags.SWAPPED); 727 } 728 }