aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/Authentication_TLS_Certificate.xml308
-rw-r--r--extensions/Channel_Type_Server_TLS_Connection.xml26
2 files changed, 173 insertions, 161 deletions
diff --git a/extensions/Authentication_TLS_Certificate.xml b/extensions/Authentication_TLS_Certificate.xml
index 56e378f4c..709ea282c 100644
--- a/extensions/Authentication_TLS_Certificate.xml
+++ b/extensions/Authentication_TLS_Certificate.xml
@@ -18,285 +18,287 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
</tp:license>
<interface name="org.freedesktop.Telepathy.Authentication.TLSCertificate.DRAFT"
- tp:causes-havoc="experimental">
+ tp:causes-havoc="experimental">
+ <tp:added version="0.19.11">(draft 1)</tp:added>
<tp:docstring>
This object represents a TLS certificate.
</tp:docstring>
<tp:simple-type name="Certificate_Data" array-name="Certificate_Data_List"
- type="ay">
+ type="ay">
<tp:docstring xmlns="http://www.w3.org/1999/xhtml">
- <p>The raw data contained in a TLS certificate.</p>
+ <p>The raw data contained in a TLS certificate.</p>
- <p>For X.509 certificates (<tp:member-ref>CertificateType</tp:member-ref>
- = "x509"), this MUST be in DER format, as defined by the
- <a href="http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf">X.690</a>
- ITU standard.</p>
+ <p>For X.509 certificates (<tp:member-ref>CertificateType</tp:member-ref>
+ = "x509"), this MUST be in DER format, as defined by the
+ <a href="http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf">X.690</a>
+ ITU standard.</p>
- <p>For PGP certificates (<tp:member-ref>CertificateType</tp:member-ref>
- = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1
- of <a href="http://www.rfc-editor.org/rfc/4880.txt">RFC 4880</a>.</p>
+ <p>For PGP certificates (<tp:member-ref>CertificateType</tp:member-ref>
+ = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1
+ of <a href="http://www.rfc-editor.org/rfc/4880.txt">RFC 4880</a>.</p>
</tp:docstring>
</tp:simple-type>
<tp:enum type="u" name="TLS_Certificate_State">
<tp:docstring>
- The possible states for a <tp:dbus-ref
- namespace="org.freedesktop.Telepathy.Authentication">TLSCertificate.DRAFT</tp:dbus-ref>
- object.
+ The possible states for a <tp:dbus-ref
+ namespace="org.freedesktop.Telepathy.Authentication">TLSCertificate.DRAFT</tp:dbus-ref>
+ object.
</tp:docstring>
<tp:enumvalue suffix="Pending" value="0">
- <tp:docstring>
- The certificate is currently waiting to be accepted or rejected.
- </tp:docstring>
+ <tp:docstring>
+ The certificate is currently waiting to be accepted or rejected.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Accepted" value="1">
- <tp:docstring>
- The certificate has been verified.
- </tp:docstring>
+ <tp:docstring>
+ The certificate has been verified.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Rejected" value="2">
- <tp:docstring>
- The certificate has been rejected.
- </tp:docstring>
+ <tp:docstring>
+ The certificate has been rejected.
+ </tp:docstring>
</tp:enumvalue>
</tp:enum>
<tp:enum type="u" name="TLS_Certificate_Reject_Reason">
<tp:docstring>
- Possible reasons to reject a TLS certificate.
+ Possible reasons to reject a TLS certificate.
</tp:docstring>
<tp:enumvalue suffix="Unknown" value="0">
- <tp:docstring>
- The certificate has been rejected for another reason
- not listed in this enumeration.
- </tp:docstring>
+ <tp:docstring>
+ The certificate has been rejected for another reason
+ not listed in this enumeration.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Untrusted" value="1">
- <tp:docstring>
- The certificate is not trusted.
- </tp:docstring>
+ <tp:docstring>
+ The certificate is not trusted.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Expired" value="2">
- <tp:docstring>
- The certificate is expired.
- </tp:docstring>
+ <tp:docstring>
+ The certificate is expired.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Not_Activated" value="3">
- <tp:docstring>
- The certificate is not active yet.
- </tp:docstring>
+ <tp:docstring>
+ The certificate is not active yet.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Fingerprint_Mismatch" value="4">
- <tp:docstring>
- The certificate provided does not have the expected
- fingerprint.
- </tp:docstring>
+ <tp:docstring>
+ The certificate provided does not have the expected
+ fingerprint.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Hostname_Mismatch" value="5">
- <tp:docstring>
- The hostname certified does not match the provided one.
- </tp:docstring>
+ <tp:docstring>
+ The hostname certified does not match the provided one.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Self_Signed" value="6">
- <tp:docstring>
- The certificate is self-signed.
- </tp:docstring>
+ <tp:docstring>
+ The certificate is self-signed.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Revoked" value="7">
- <tp:docstring>
- The certificate has been revoked.
- </tp:docstring>
+ <tp:docstring>
+ The certificate has been revoked.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Insecure" value="8">
- <tp:docstring>
- The certificate uses an insecure cipher algorithm, or is
- cryptographically weak.
- </tp:docstring>
+ <tp:docstring>
+ The certificate uses an insecure cipher algorithm, or is
+ cryptographically weak.
+ </tp:docstring>
</tp:enumvalue>
<tp:enumvalue suffix="Limit_Exceeded" value="9">
- <tp:docstring>
- The length in bytes of the certificate, or the depth of the
- certificate chain exceed the limits imposed by the crypto
- library.
- </tp:docstring>
+ <tp:docstring>
+ The length in bytes of the certificate, or the depth of the
+ certificate chain exceed the limits imposed by the crypto
+ library.
+ </tp:docstring>
</tp:enumvalue>
</tp:enum>
<property name="State" type="u" access="read"
- tp:type="TLS_Certificate_State"
- tp:name-for-bindings="State">
+ tp:type="TLS_Certificate_State"
+ tp:name-for-bindings="State">
<tp:docstring>
- The current state of this certificate.
- State change notifications happen by means of the
- <tp:member-ref>Accepted</tp:member-ref> and
- <tp:member-ref>Rejected</tp:member-ref> signals.
+ The current state of this certificate.
+ State change notifications happen by means of the
+ <tp:member-ref>Accepted</tp:member-ref> and
+ <tp:member-ref>Rejected</tp:member-ref> signals.
</tp:docstring>
</property>
<property name="RejectError" type="s" access="read"
- tp:type="DBus_Error_Name"
- tp:name-for-bindings="Reject_Error">
+ tp:type="DBus_Error_Name"
+ tp:name-for-bindings="Reject_Error">
<tp:docstring xmlns="http://www.w3.org/1999/xhtml">
- <p>If the <tp:member-ref>State</tp:member-ref> is Rejected,
- the reason why the certificate was rejected; this MAY correspond to
- the <tp:member-ref>RejectReason</tp:member-ref>, or MAY be a more
- specific D-Bus error name, perhaps implementation-specific.</p>
- <p>If the <tp:member-ref>State</tp:member-ref> is not Rejected,
- this property is not meaningful, and SHOULD be set to an empty
- string.</p>
+ <p>If the <tp:member-ref>State</tp:member-ref> is Rejected,
+ the reason why the certificate was rejected; this MAY correspond to
+ the <tp:member-ref>RejectReason</tp:member-ref>, or MAY be a more
+ specific D-Bus error name, perhaps implementation-specific.</p>
+ <p>If the <tp:member-ref>State</tp:member-ref> is not Rejected,
+ this property is not meaningful, and SHOULD be set to an empty
+ string.</p>
</tp:docstring>
</property>
<property name="RejectDetails" type="a{sv}" access="read"
- tp:type="String_Variant_Map"
- tp:name-for-bindings="Reject_Details">
+ tp:type="String_Variant_Map"
+ tp:name-for-bindings="Reject_Details">
<tp:docstring xmlns="http://www.w3.org/1999/xhtml">
- <p>If the <tp:member-ref>State</tp:member-ref> is Rejected,
- additional information about why the certificate was rejected.</p>
- <p>If the <tp:member-ref>State</tp:member-ref> is not Rejected,
- this property is not meaningful and SHOULD be set to an empty
- map.</p>
- <p>The additional information MAY also include
- one or more of the following well-known keys:</p>
- <dl>
- <dt>user-requested (b)</dt>
- <dd>True if the error was due to an user-requested rejection of
- the certificate; False if there was an unrecoverable error in the
- verification process.</dd>
- <dt>expected-hostname (s)</dt>
- <dd>If the rejection reason is Hostname_Mismatch, the hostname that
- the server certificate was expected to have.</dd>
- <dt>certificate-hostname (s)</dt>
- <dd>If the rejection reason is Hostname_Mismatch, the hostname of
- the certificate that was presented.
- <tp:rationale>
- <p>For instance, if you try to connect to gmail.com but are presented
- with a TLS certificate issued to evil.example.org, the error details
- for Hostname_Mismatch MAY include:</p>
- <pre>
- {
- 'expected-hostname': 'gmail.com',
- 'certificate-hostname': 'evil.example.org',
- }
- </pre>
- </tp:rationale>
- </dd>
+ <p>If the <tp:member-ref>State</tp:member-ref> is Rejected,
+ additional information about why the certificate was rejected.</p>
+ <p>If the <tp:member-ref>State</tp:member-ref> is not Rejected,
+ this property is not meaningful and SHOULD be set to an empty
+ map.</p>
+ <p>The additional information MAY also include
+ one or more of the following well-known keys:</p>
+ <dl>
+ <dt>user-requested (b)</dt>
+ <dd>True if the error was due to an user-requested rejection of
+ the certificate; False if there was an unrecoverable error in the
+ verification process.</dd>
+ <dt>expected-hostname (s)</dt>
+ <dd>If the rejection reason is Hostname_Mismatch, the hostname that
+ the server certificate was expected to have.</dd>
+ <dt>certificate-hostname (s)</dt>
+ <dd>If the rejection reason is Hostname_Mismatch, the hostname of
+ the certificate that was presented.
+ <tp:rationale>
+ <p>For instance, if you try to connect to gmail.com but are presented
+ with a TLS certificate issued to evil.example.org, the error details
+ for Hostname_Mismatch MAY include:</p>
+ <pre>
+ {
+ 'expected-hostname': 'gmail.com',
+ 'certificate-hostname': 'evil.example.org',
+ }
+ </pre>
+ </tp:rationale>
+ </dd>
<dt>debug-message (s)</dt>
<dd>Debugging information on the error, corresponding to the
message part of a D-Bus error message, which SHOULD NOT be
displayed to users under normal circumstances</dd>
- </dl>
+ </dl>
</tp:docstring>
</property>
<property name="RejectReason" type="u" access="read"
- tp:type="TLS_Certificate_Reject_Reason"
- tp:name-for-bindings="Reject_Reason">
+ tp:type="TLS_Certificate_Reject_Reason"
+ tp:name-for-bindings="Reject_Reason">
<tp:docstring>
- If the <tp:member-ref>State</tp:member-ref> is Rejected, the
- reason why the certificate was rejected.
- <tp:rationale>
- Clients that do not understand the <tp:member-ref>RejectError</tp:member-ref>,
- which may be implementation-specific, can use this property to
- classify rejection reasons into common categories.
- </tp:rationale>
- Otherwise, this property is not meaningful, and SHOULD be set to
- Unknown.
+ If the <tp:member-ref>State</tp:member-ref> is Rejected, the
+ reason why the certificate was rejected.
+ <tp:rationale>
+ Clients that do not understand the <tp:member-ref>RejectError</tp:member-ref>,
+ which may be implementation-specific, can use this property to
+ classify rejection reasons into common categories.
+ </tp:rationale>
+ Otherwise, this property is not meaningful, and SHOULD be set to
+ Unknown.
</tp:docstring>
</property>
<property name="CertificateType" type="s" access="read"
- tp:name-for-bindings="Certificate_Type">
+ tp:name-for-bindings="Certificate_Type">
<tp:docstring>
- The type of this TLS certificate (e.g. 'x509' or 'pgp').
- <p>This property is immutable</p>
+ The type of this TLS certificate (e.g. 'x509' or 'pgp').
+ <p>This property is immutable</p>
</tp:docstring>
</property>
<property name="CertificateChainData" type="aay" access="read"
- tp:type="Certificate_Data[]" tp:name-for-bindings="Certificate_Chain_Data">
+ tp:type="Certificate_Data[]" tp:name-for-bindings="Certificate_Chain_Data">
<tp:docstring xmlns="http://www.w3.org/1999/xhtml">
- <p>One or more TLS certificates forming a trust chain, each encoded as
- specified by <tp:type>Certificate_Data</tp:type>.</p>
- <p>The first certificate in the chain MUST be the server certificate,
- followed by the issuer's certificate, followed by the issuer's issuer
- and so on.</p>
+ <p>One or more TLS certificates forming a trust chain, each encoded as
+ specified by <tp:type>Certificate_Data</tp:type>.</p>
+ <p>The first certificate in the chain MUST be the server certificate,
+ followed by the issuer's certificate, followed by the issuer's issuer
+ and so on.</p>
</tp:docstring>
</property>
<signal name="Accepted"
- tp:name-for-bindings="Accepted">
+ tp:name-for-bindings="Accepted">
<tp:docstring>
- The <tp:member-ref>State</tp:member-ref> of this certificate has changed to Accepted.
+ The <tp:member-ref>State</tp:member-ref> of this certificate has changed to Accepted.
</tp:docstring>
</signal>
<signal name="Rejected"
- tp:name-for-bindings="Rejected">
+ tp:name-for-bindings="Rejected">
<tp:docstring>
- The <tp:member-ref>State</tp:member-ref> of this certificate has changed to Rejected.
+ The <tp:member-ref>State</tp:member-ref> of this certificate has changed to Rejected.
</tp:docstring>
<arg name="Reason" type="u" tp:type="TLS_Certificate_Reject_Reason">
- <tp:docstring>
- The new value of <tp:member-ref>RejectReason</tp:member-ref>.
- </tp:docstring>
+ <tp:docstring>
+ The new value of <tp:member-ref>RejectReason</tp:member-ref>.
+ </tp:docstring>
</arg>
<arg name="Error" type="s" tp:type="DBus_Error_Name">
- <tp:docstring>
- The new value of <tp:member-ref>RejectError</tp:member-ref>.
- </tp:docstring>
+ <tp:docstring>
+ The new value of <tp:member-ref>RejectError</tp:member-ref>.
+ </tp:docstring>
</arg>
<arg name="Details" type="a{sv}" tp:type="String_Variant_Map">
- <tp:docstring>
- The new value of <tp:member-ref>RejectDetails</tp:member-ref>
- </tp:docstring>
+ <tp:docstring>
+ The new value of <tp:member-ref>RejectDetails</tp:member-ref>
+ </tp:docstring>
</arg>
</signal>
<method name="Accept" tp:name-for-bindings="Accept">
<tp:docstring>
- Accepts this certificate, i.e. marks it as verified.
+ Accepts this certificate, i.e. marks it as verified.
</tp:docstring>
</method>
<method name="Reject" tp:name-for-bindings="Reject">
<tp:docstring>
- Rejects this certificate.
+ Rejects this certificate.
</tp:docstring>
<arg direction="in" type="u" name="Reason"
- tp:type="TLS_Certificate_Reject_Reason">
- <tp:docstring>
- The new value of <tp:member-ref>RejectReason</tp:member-ref>.
- </tp:docstring>
+ tp:type="TLS_Certificate_Reject_Reason">
+ <tp:docstring>
+ The new value of <tp:member-ref>RejectReason</tp:member-ref>.
+ </tp:docstring>
</arg>
<arg direction="in" type="s" name="Error"
- tp:type="DBus_Error_Name">
- <tp:docstring>
- The new value of <tp:member-ref>RejectError</tp:member-ref>.
- </tp:docstring>
+ tp:type="DBus_Error_Name">
+ <tp:docstring>
+ The new value of <tp:member-ref>RejectError</tp:member-ref>.
+ </tp:docstring>
</arg>
<arg direction="in" type="a{sv}" name="Details"
- tp:type="String_Variant_Map">
- <tp:docstring>
- The new value of <tp:member-ref>RejectDetails</tp:member-ref>.
- </tp:docstring>
+ tp:type="String_Variant_Map">
+ <tp:docstring>
+ The new value of <tp:member-ref>RejectDetails</tp:member-ref>.
+ </tp:docstring>
</arg>
</method>
</interface>
</node>
+<!-- vim:set sw=2 sts=2 et ft=xml: -->
diff --git a/extensions/Channel_Type_Server_TLS_Connection.xml b/extensions/Channel_Type_Server_TLS_Connection.xml
index af11218a9..977002f95 100644
--- a/extensions/Channel_Type_Server_TLS_Connection.xml
+++ b/extensions/Channel_Type_Server_TLS_Connection.xml
@@ -19,7 +19,8 @@
</tp:license>
<interface name="org.freedesktop.Telepathy.Channel.Type.ServerTLSConnection.DRAFT"
- tp:causes-havoc="experimental">
+ tp:causes-havoc="experimental">
+ <tp:added version="0.19.11">(draft 1)</tp:added>
<tp:requires interface="org.freedesktop.Telepathy.Channel"/>
@@ -44,16 +45,25 @@
</tp:docstring>
<property name="ServerCertificate" type="o" access="read"
- tp:name-for-bindings="ServerCertificate">
+ tp:name-for-bindings="ServerCertificate">
<tp:docstring>
- <p>A <tp:dbus-ref
- namespace="org.freedesktop.Telepathy.Authentication">TLSCertificate.DRAFT</tp:dbus-ref>
- containing the certificate chain as sent by the server,
- and other relevant information.</p>
- <p>This property is immutable.</p>
+ <p>A <tp:dbus-ref
+ namespace="org.freedesktop.Telepathy.Authentication">TLSCertificate.DRAFT</tp:dbus-ref>
+ containing the certificate chain as sent by the server,
+ and other relevant information.</p>
+ <p>This property is immutable.</p>
+ </tp:docstring>
+ </property>
+
+ <property name="Hostname" type="s" access="read"
+ tp:name-for-bindings="Hostname">
+ <tp:docstring>
+ The hostname of the server we expect <tp:member-ref>ServerCertificate</tp:member-ref>
+ to certify; clients SHOULD verify <tp:member-ref>ServerCertificate</tp:member-ref> against
+ this hostname when checking its validity.
</tp:docstring>
</property>
</interface>
</node>
-
+<!-- vim:set sw=2 sts=2 et ft=xml: -->