Copyright | Will Thompson and Iñaki García Etxebarria |
---|---|
License | LGPL-2.1 |
Maintainer | Iñaki García Etxebarria |
Safe Haskell | None |
Language | Haskell2010 |
A certificate used for TLS authentication and encryption.
This can represent either a certificate only (eg, the certificate
received by a client from a server), or the combination of
a certificate and a private key (which is needed when acting as a
TlsServerConnection
).
Since: 2.28
Synopsis
- newtype TlsCertificate = TlsCertificate (ManagedPtr TlsCertificate)
- class (GObject o, IsDescendantOf TlsCertificate o) => IsTlsCertificate o
- toTlsCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate
- tlsCertificateGetDnsNames :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe [Bytes])
- tlsCertificateGetIpAddresses :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe [InetAddress])
- tlsCertificateGetIssuer :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe TlsCertificate)
- tlsCertificateGetIssuerName :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe Text)
- tlsCertificateGetNotValidAfter :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe DateTime)
- tlsCertificateGetNotValidBefore :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe DateTime)
- tlsCertificateGetSubjectName :: (HasCallStack, MonadIO m, IsTlsCertificate a) => a -> m (Maybe Text)
- tlsCertificateIsSame :: (HasCallStack, MonadIO m, IsTlsCertificate a, IsTlsCertificate b) => a -> b -> m Bool
- tlsCertificateListNewFromFile :: (HasCallStack, MonadIO m) => [Char] -> m [TlsCertificate]
- tlsCertificateNewFromFile :: (HasCallStack, MonadIO m) => [Char] -> m TlsCertificate
- tlsCertificateNewFromFileWithPassword :: (HasCallStack, MonadIO m) => [Char] -> Text -> m TlsCertificate
- tlsCertificateNewFromFiles :: (HasCallStack, MonadIO m) => [Char] -> [Char] -> m TlsCertificate
- tlsCertificateNewFromPem :: (HasCallStack, MonadIO m) => Text -> Int64 -> m TlsCertificate
- tlsCertificateNewFromPkcs11Uris :: (HasCallStack, MonadIO m) => Text -> Maybe Text -> m TlsCertificate
- tlsCertificateNewFromPkcs12 :: (HasCallStack, MonadIO m) => ByteString -> Maybe Text -> m TlsCertificate
- tlsCertificateVerify :: (HasCallStack, MonadIO m, IsTlsCertificate a, IsSocketConnectable b, IsTlsCertificate c) => a -> Maybe b -> Maybe c -> m [TlsCertificateFlags]
- constructTlsCertificateCertificate :: (IsTlsCertificate o, MonadIO m) => ByteString -> m (GValueConstruct o)
- getTlsCertificateCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString)
- constructTlsCertificateCertificatePem :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o)
- getTlsCertificateCertificatePem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
- constructTlsCertificateIssuer :: (IsTlsCertificate o, MonadIO m, IsTlsCertificate a) => a -> m (GValueConstruct o)
- getTlsCertificateIssuer :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe TlsCertificate)
- getTlsCertificateIssuerName :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
- getTlsCertificateNotValidAfter :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe DateTime)
- getTlsCertificateNotValidBefore :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe DateTime)
- constructTlsCertificatePassword :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o)
- constructTlsCertificatePkcs11Uri :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o)
- getTlsCertificatePkcs11Uri :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
- constructTlsCertificatePkcs12Data :: (IsTlsCertificate o, MonadIO m) => ByteString -> m (GValueConstruct o)
- constructTlsCertificatePrivateKey :: (IsTlsCertificate o, MonadIO m) => ByteString -> m (GValueConstruct o)
- getTlsCertificatePrivateKey :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString)
- constructTlsCertificatePrivateKeyPem :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o)
- getTlsCertificatePrivateKeyPem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
- constructTlsCertificatePrivateKeyPkcs11Uri :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o)
- getTlsCertificatePrivateKeyPkcs11Uri :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
- getTlsCertificateSubjectName :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text)
Exported types
newtype TlsCertificate Source #
Memory-managed wrapper type.
Instances
Eq TlsCertificate Source # | |
Defined in GI.Gio.Objects.TlsCertificate (==) :: TlsCertificate -> TlsCertificate -> Bool # (/=) :: TlsCertificate -> TlsCertificate -> Bool # | |
GObject TlsCertificate Source # | |
Defined in GI.Gio.Objects.TlsCertificate | |
ManagedPtrNewtype TlsCertificate Source # | |
Defined in GI.Gio.Objects.TlsCertificate | |
TypedObject TlsCertificate Source # | |
Defined in GI.Gio.Objects.TlsCertificate | |
HasParentTypes TlsCertificate Source # | |
Defined in GI.Gio.Objects.TlsCertificate | |
IsGValue (Maybe TlsCertificate) Source # | Convert |
Defined in GI.Gio.Objects.TlsCertificate gvalueGType_ :: IO GType # gvalueSet_ :: Ptr GValue -> Maybe TlsCertificate -> IO () # gvalueGet_ :: Ptr GValue -> IO (Maybe TlsCertificate) # | |
type ParentTypes TlsCertificate Source # | |
Defined in GI.Gio.Objects.TlsCertificate type ParentTypes TlsCertificate = '[Object] |
class (GObject o, IsDescendantOf TlsCertificate o) => IsTlsCertificate o Source #
Type class for types which can be safely cast to TlsCertificate
, for instance with toTlsCertificate
.
Instances
(GObject o, IsDescendantOf TlsCertificate o) => IsTlsCertificate o Source # | |
Defined in GI.Gio.Objects.TlsCertificate |
toTlsCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m TlsCertificate Source #
Cast to TlsCertificate
, for types for which this is known to be safe. For general casts, use castTo
.
Methods
Click to display all available methods, including inherited ones
Methods
bindProperty, bindPropertyFull, forceFloating, freezeNotify, getv, isFloating, isSame, notify, notifyByPspec, ref, refSink, runDispose, stealData, stealQdata, thawNotify, unref, verify, watchClosure.
Getters
getData, getDnsNames, getIpAddresses, getIssuer, getIssuerName, getNotValidAfter, getNotValidBefore, getProperty, getQdata, getSubjectName.
Setters
getDnsNames
tlsCertificateGetDnsNames Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe [Bytes]) | Returns: A |
Gets the value of TlsCertificate:dnsNames.
Since: 2.70
getIpAddresses
tlsCertificateGetIpAddresses Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe [InetAddress]) | Returns: A |
Gets the value of TlsCertificate:ipAddresses.
Since: 2.70
getIssuer
tlsCertificateGetIssuer Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe TlsCertificate) | Returns: The certificate of |
Gets the TlsCertificate
representing cert
's issuer, if known
Since: 2.28
getIssuerName
tlsCertificateGetIssuerName Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe Text) | Returns: The issuer name, or |
Returns the issuer name from the certificate.
Since: 2.70
getNotValidAfter
tlsCertificateGetNotValidAfter Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe DateTime) | Returns: The not-valid-after date, or |
Returns the time at which the certificate became or will become invalid.
Since: 2.70
getNotValidBefore
tlsCertificateGetNotValidBefore Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe DateTime) | Returns: The not-valid-before date, or |
Returns the time at which the certificate became or will become valid.
Since: 2.70
getSubjectName
tlsCertificateGetSubjectName Source #
:: (HasCallStack, MonadIO m, IsTlsCertificate a) | |
=> a |
|
-> m (Maybe Text) | Returns: The subject name, or |
Returns the subject name from the certificate.
Since: 2.70
isSame
:: (HasCallStack, MonadIO m, IsTlsCertificate a, IsTlsCertificate b) | |
=> a |
|
-> b |
|
-> m Bool | Returns: whether the same or not |
Check if two TlsCertificate
objects represent the same certificate.
The raw DER byte data of the two certificates are checked for equality.
This has the effect that two certificates may compare equal even if
their TlsCertificate:issuer, TlsCertificate:privateKey, or
TlsCertificate:privateKeyPem properties differ.
Since: 2.34
listNewFromFile
tlsCertificateListNewFromFile Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> m [TlsCertificate] | Returns: a
|
Creates one or more GTlsCertificates
from the PEM-encoded
data in file
. If file
cannot be read or parsed, the function will
return Nothing
and set error
. If file
does not contain any
PEM-encoded certificates, this will return an empty list and not
set error
.
Since: 2.28
newFromFile
tlsCertificateNewFromFile Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the data in file
.
As of 2.72, if the filename ends in .p12
or .pfx
the data is loaded by
tlsCertificateNewFromPkcs12
otherwise it is loaded by
tlsCertificateNewFromPem
. See those functions for
exact details.
If file
cannot be read or parsed, the function will return Nothing
and
set error
.
Since: 2.28
newFromFileWithPassword
tlsCertificateNewFromFileWithPassword Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> Text |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the data in file
.
If file
cannot be read or parsed, the function will return Nothing
and
set error
.
Any unknown file types will error with IOErrorEnumNotSupported
.
Currently only .p12
and .pfx
files are supported.
See tlsCertificateNewFromPkcs12
for more details.
Since: 2.72
newFromFiles
tlsCertificateNewFromFiles Source #
:: (HasCallStack, MonadIO m) | |
=> [Char] |
|
-> [Char] |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the PEM-encoded data in certFile
and keyFile
. The returned certificate will be the first certificate
found in certFile
. As of GLib 2.44, if certFile
contains more
certificates it will try to load a certificate chain. All
certificates will be verified in the order found (top-level
certificate should be the last one in the file) and the
TlsCertificate:issuer property of each certificate will be set
accordingly if the verification succeeds. If any certificate in the
chain cannot be verified, the first certificate in the file will
still be returned.
If either file cannot be read or parsed, the function will return
Nothing
and set error
. Otherwise, this behaves like
tlsCertificateNewFromPem
.
Since: 2.28
newFromPem
tlsCertificateNewFromPem Source #
:: (HasCallStack, MonadIO m) | |
=> Text |
|
-> Int64 |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the PEM-encoded data in data
. If
data
includes both a certificate and a private key, then the
returned certificate will include the private key data as well. (See
the TlsCertificate:privateKeyPem property for information about
supported formats.)
The returned certificate will be the first certificate found in
data
. As of GLib 2.44, if data
contains more certificates it will
try to load a certificate chain. All certificates will be verified in
the order found (top-level certificate should be the last one in the
file) and the TlsCertificate:issuer property of each certificate
will be set accordingly if the verification succeeds. If any
certificate in the chain cannot be verified, the first certificate in
the file will still be returned.
Since: 2.28
newFromPkcs11Uris
tlsCertificateNewFromPkcs11Uris Source #
:: (HasCallStack, MonadIO m) | |
=> Text |
|
-> Maybe Text |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from a
PKCS #11 URI.
An example pkcs11Uri
would be pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01
Where the token’s layout is:
Object 0: URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=private%20key;type=private Type: Private key (RSA-2048) ID: 01 Object 1: URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=Certificate%20for%20Authentication;type=cert Type: X.509 Certificate (RSA-2048) ID: 01
In this case the certificate and private key would both be detected and used as expected.
pkcsUri
may also just reference an X.509 certificate object and then optionally
privateKeyPkcs11Uri
allows using a private key exposed under a different URI.
Note that the private key is not accessed until usage and may fail or require a PIN later.
Since: 2.68
newFromPkcs12
tlsCertificateNewFromPkcs12 Source #
:: (HasCallStack, MonadIO m) | |
=> ByteString |
|
-> Maybe Text |
|
-> m TlsCertificate | Returns: the new certificate, or |
Creates a TlsCertificate
from the data in data
. It must contain
a certificate and matching private key.
If extra certificates are included they will be verified as a chain and the TlsCertificate:issuer property will be set. All other data will be ignored.
You can pass as single password for all of the data which will be
used both for the PKCS 12
container as well as encrypted
private keys. If decryption fails it will error with
TlsErrorBadCertificatePassword
.
This constructor requires support in the current TlsBackend
.
If support is missing it will error with
IOErrorEnumNotSupported
.
Other parsing failures will error with TlsErrorBadCertificate
.
Since: 2.72
verify
:: (HasCallStack, MonadIO m, IsTlsCertificate a, IsSocketConnectable b, IsTlsCertificate c) | |
=> a |
|
-> Maybe b |
|
-> Maybe c |
|
-> m [TlsCertificateFlags] | Returns: the appropriate |
This verifies cert
and returns a set of TlsCertificateFlags
indicating any problems found with it. This can be used to verify a
certificate outside the context of making a connection, or to
check a certificate against a CA that is not part of the system
CA database.
If cert
is valid, TlsCertificateFlagsNoFlags
is returned.
If identity
is not Nothing
, cert
's name(s) will be compared against
it, and TlsCertificateFlagsBadIdentity
will be set in the return
value if it does not match. If identity
is Nothing
, that bit will
never be set in the return value.
If trustedCa
is not Nothing
, then cert
(or one of the certificates
in its chain) must be signed by it, or else
TlsCertificateFlagsUnknownCa
will be set in the return value. If
trustedCa
is Nothing
, that bit will never be set in the return
value.
GLib guarantees that if certificate verification fails, at least one
error will be set in the return value, but it does not guarantee
that all possible errors will be set. Accordingly, you may not safely
decide to ignore any particular type of error. For example, it would
be incorrect to mask TlsCertificateFlagsExpired
if you want to allow
expired certificates, because this could potentially be the only
error flag set even if other problems exist with the certificate.
Because TLS session context is not used, TlsCertificate
may not
perform as many checks on the certificates as TlsConnection
would.
For example, certificate constraints may not be honored, and
revocation checks may not be performed. The best way to verify TLS
certificates used by a TLS connection is to let TlsConnection
handle the verification.
Since: 2.28
Properties
certificate
The DER (binary) encoded representation of the certificate. This property and the TlsCertificate:certificatePem property represent the same data, just in different forms.
Since: 2.28
constructTlsCertificateCertificate :: (IsTlsCertificate o, MonadIO m) => ByteString -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “certificate
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificateCertificate :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString) Source #
Get the value of the “certificate
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #certificate
certificatePem
The PEM (ASCII) encoded representation of the certificate. This property and the TlsCertificate:certificate property represent the same data, just in different forms.
Since: 2.28
constructTlsCertificateCertificatePem :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “certificate-pem
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificateCertificatePem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
Get the value of the “certificate-pem
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #certificatePem
dnsNames
ipAddresses
issuer
A TlsCertificate
representing the entity that issued this
certificate. If Nothing
, this means that the certificate is either
self-signed, or else the certificate of the issuer is not
available.
Beware the issuer certificate may not be the same as the certificate that would actually be used to construct a valid certification path during certificate verification. RFC 4158 explains why an issuer certificate cannot be naively assumed to be part of the the certification path (though GLib's TLS backends may not follow the path building strategies outlined in this RFC). Due to the complexity of certification path building, GLib does not provide any way to know which certification path will actually be used. Accordingly, this property cannot be used to make security-related decisions. Only GLib itself should make security decisions about TLS certificates.
Since: 2.28
constructTlsCertificateIssuer :: (IsTlsCertificate o, MonadIO m, IsTlsCertificate a) => a -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “issuer
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificateIssuer :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe TlsCertificate) Source #
Get the value of the “issuer
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #issuer
issuerName
The issuer from the certificate,
Nothing
if unavailable.
Since: 2.70
getTlsCertificateIssuerName :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
Get the value of the “issuer-name
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #issuerName
notValidAfter
The time at which this cert is no longer valid,
Nothing
if unavailable.
Since: 2.70
getTlsCertificateNotValidAfter :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe DateTime) Source #
Get the value of the “not-valid-after
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #notValidAfter
notValidBefore
The time at which this cert is considered to be valid,
Nothing
if unavailable.
Since: 2.70
getTlsCertificateNotValidBefore :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe DateTime) Source #
Get the value of the “not-valid-before
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #notValidBefore
password
An optional password used when constructed with GTlsCertificate:pkcs12-data.
Since: 2.72
constructTlsCertificatePassword :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “password
” property. This is rarely needed directly, but it is used by new
.
pkcs11Uri
A URI referencing the PKCS #11 objects containing an X.509 certificate and optionally a private key.
If Nothing
, the certificate is either not backed by PKCS #11 or the
TlsBackend
does not support PKCS #11.
Since: 2.68
constructTlsCertificatePkcs11Uri :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “pkcs11-uri
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificatePkcs11Uri :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
Get the value of the “pkcs11-uri
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #pkcs11Uri
pkcs12Data
The PKCS 12
formatted data used to construct the object.
See also: tlsCertificateNewFromPkcs12
Since: 2.72
constructTlsCertificatePkcs12Data :: (IsTlsCertificate o, MonadIO m) => ByteString -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “pkcs12-data
” property. This is rarely needed directly, but it is used by new
.
privateKey
The DER (binary) encoded representation of the certificate's
private key, in either PKCS #1 format
or unencrypted PKCS #8 format.
PKCS #8 format is supported since 2.32; earlier releases only
support PKCS #1. You can use the openssl rsa
tool to convert
PKCS #8 keys to PKCS #1.
This property (or the TlsCertificate:privateKeyPem property)
can be set when constructing a key (for example, from a file).
Since GLib 2.70, it is now also readable; however, be aware that if
the private key is backed by a PKCS #11 URI – for example, if it
is stored on a smartcard – then this property will be Nothing
. If so,
the private key must be referenced via its PKCS #11 URI,
TlsCertificate:privateKeyPkcs11Uri. You must check both
properties to see if the certificate really has a private key.
When this property is read, the output format will be unencrypted
PKCS #8.
Since: 2.28
constructTlsCertificatePrivateKey :: (IsTlsCertificate o, MonadIO m) => ByteString -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “private-key
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificatePrivateKey :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe ByteString) Source #
Get the value of the “private-key
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #privateKey
privateKeyPem
The PEM (ASCII) encoded representation of the certificate's
private key in either PKCS #1 format
("BEGIN RSA PRIVATE KEY
") or unencrypted
PKCS #8 format
("BEGIN PRIVATE KEY
"). PKCS #8 format is supported since 2.32;
earlier releases only support PKCS #1. You can use the openssl rsa
tool to convert PKCS #8 keys to PKCS #1.
This property (or the TlsCertificate:privateKey property)
can be set when constructing a key (for example, from a file).
Since GLib 2.70, it is now also readable; however, be aware that if
the private key is backed by a PKCS #11 URI - for example, if it
is stored on a smartcard - then this property will be Nothing
. If so,
the private key must be referenced via its PKCS #11 URI,
TlsCertificate:privateKeyPkcs11Uri. You must check both
properties to see if the certificate really has a private key.
When this property is read, the output format will be unencrypted
PKCS #8.
Since: 2.28
constructTlsCertificatePrivateKeyPem :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “private-key-pem
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificatePrivateKeyPem :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
Get the value of the “private-key-pem
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #privateKeyPem
privateKeyPkcs11Uri
A URI referencing a PKCS #11 object containing a private key.
Since: 2.68
constructTlsCertificatePrivateKeyPkcs11Uri :: (IsTlsCertificate o, MonadIO m) => Text -> m (GValueConstruct o) Source #
Construct a GValueConstruct
with valid value for the “private-key-pkcs11-uri
” property. This is rarely needed directly, but it is used by new
.
getTlsCertificatePrivateKeyPkcs11Uri :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
Get the value of the “private-key-pkcs11-uri
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #privateKeyPkcs11Uri
subjectName
The subject from the cert,
Nothing
if unavailable.
Since: 2.70
getTlsCertificateSubjectName :: (MonadIO m, IsTlsCertificate o) => o -> m (Maybe Text) Source #
Get the value of the “subject-name
” property.
When overloading is enabled, this is equivalent to
get
tlsCertificate #subjectName