From ce6b6bc1f8662ff24ec44fb76e869394b3f64328 Mon Sep 17 00:00:00 2001
From: Cosimo Cecchi
Date: Mon, 9 Aug 2010 12:27:09 +0200
Subject: Update to the merged spec.
---
extensions/Authentication_TLS_Certificate.xml | 175 ++++++++++++++++++----
extensions/Channel_Type_Server_TLS_Connection.xml | 27 ++--
2 files changed, 159 insertions(+), 43 deletions(-)
diff --git a/extensions/Authentication_TLS_Certificate.xml b/extensions/Authentication_TLS_Certificate.xml
index 1063d085f..56e378f4c 100644
--- a/extensions/Authentication_TLS_Certificate.xml
+++ b/extensions/Authentication_TLS_Certificate.xml
@@ -26,8 +26,17 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
- The raw data contained in a TLS certificate.
+
+ The raw data contained in a TLS certificate.
+
+ For X.509 certificates (CertificateType
+ = "x509"), this MUST be in DER format, as defined by the
+ X.690
+ ITU standard.
+
+ For PGP certificates (CertificateType
+ = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1
+ of RFC 4880.
@@ -38,13 +47,13 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
object.
-
+
- The certificate has no state associated with it.
+ The certificate is currently waiting to be accepted or rejected.
-
+
The certificate has been verified.
@@ -62,37 +71,38 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Possible reasons to reject a TLS certificate.
-
-
- No reason specified.
-
-
-
-
+
The certificate has been rejected for another reason
not listed in this enumeration.
-
+
The certificate is not trusted.
-
+
The certificate is expired.
-
+
The certificate is not active yet.
+
+
+ The certificate provided does not have the expected
+ fingerprint.
+
+
+
The hostname certified does not match the provided one.
@@ -111,9 +121,18 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
+
+
+ The certificate uses an insecure cipher algorithm, or is
+ cryptographically weak.
+
+
+
+
- The certificate uses an insecure cipher algorithm.
+ The length in bytes of the certificate, or the depth of the
+ certificate chain exceed the limits imposed by the crypto
+ library.
@@ -124,7 +143,64 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
The current state of this certificate.
State change notifications happen by means of the
- StateChanged signal.
+ Accepted and
+ Rejected signals.
+
+
+
+
+
+ If the State is Rejected,
+ the reason why the certificate was rejected; this MAY correspond to
+ the RejectReason, or MAY be a more
+ specific D-Bus error name, perhaps implementation-specific.
+ If the State is not Rejected,
+ this property is not meaningful, and SHOULD be set to an empty
+ string.
+
+
+
+
+
+ If the State is Rejected,
+ additional information about why the certificate was rejected.
+ If the State is not Rejected,
+ this property is not meaningful and SHOULD be set to an empty
+ map.
+ The additional information MAY also include
+ one or more of the following well-known keys:
+
+ - user-requested (b)
+ - True if the error was due to an user-requested rejection of
+ the certificate; False if there was an unrecoverable error in the
+ verification process.
+ - expected-hostname (s)
+ - If the rejection reason is Hostname_Mismatch, the hostname that
+ the server certificate was expected to have.
+ - certificate-hostname (s)
+ - If the rejection reason is Hostname_Mismatch, the hostname of
+ the certificate that was presented.
+
+
For instance, if you try to connect to gmail.com but are presented
+ with a TLS certificate issued to evil.example.org, the error details
+ for Hostname_Mismatch MAY include:
+
+ {
+ 'expected-hostname': 'gmail.com',
+ 'certificate-hostname': 'evil.example.org',
+ }
+
+
+
+ - debug-message (s)
+ - Debugging information on the error, corresponding to the
+ message part of a D-Bus error message, which SHOULD NOT be
+ displayed to users under normal circumstances
+
@@ -132,7 +208,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
tp:type="TLS_Certificate_Reject_Reason"
tp:name-for-bindings="Reject_Reason">
- The reason why this certificate has been rejected.
+ If the State is Rejected, the
+ reason why the certificate was rejected.
+
+ Clients that do not understand the RejectError,
+ which may be implementation-specific, can use this property to
+ classify rejection reasons into common categories.
+
+ Otherwise, this property is not meaningful, and SHOULD be set to
+ Unknown.
@@ -140,29 +224,46 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
tp:name-for-bindings="Certificate_Type">
The type of this TLS certificate (e.g. 'x509' or 'pgp').
+ This property is immutable
-
- The RAW PEM-encoded trust chain of this TLS certificate.
+
+ One or more TLS certificates forming a trust chain, each encoded as
+ specified by Certificate_Data.
+ The first certificate in the chain MUST be the server certificate,
+ followed by the issuer's certificate, followed by the issuer's issuer
+ and so on.
-
+
- The state of this TLS certificate has changed.
+ The State of this certificate has changed to Accepted.
-
+
+
+
+
+ The State of this certificate has changed to Rejected.
+
+
- The new state of the TLS certificate.
+ The new value of RejectReason.
-
+
- The reason why the state of the TLS certificate changed.
+ The new value of RejectError.
+
+
+
+
+ The new value of RejectDetails
@@ -170,19 +271,29 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Accepts this certificate, i.e. marks it as verified.
- This method doesn't do anything on local certificates.
- Rejects this certificate. This method doesn't do anything
- on local certificates.
+ Rejects this certificate.
- The reason why this certificate is being rejected.
+ The new value of RejectReason.
+
+
+
+
+ The new value of RejectError.
+
+
+
+
+ The new value of RejectDetails.
diff --git a/extensions/Channel_Type_Server_TLS_Connection.xml b/extensions/Channel_Type_Server_TLS_Connection.xml
index 47042731f..af11218a9 100644
--- a/extensions/Channel_Type_Server_TLS_Connection.xml
+++ b/extensions/Channel_Type_Server_TLS_Connection.xml
@@ -24,16 +24,20 @@
-
- A channel type that carries a TLS certificate between a server
- and a client connecting to it.
- Channels of this kind are never requested, are anonymous, and SHOULD be
- dispatched while the
- Connection
- owning it is in the CONNECTING state.
+ A channel type that carries a TLS certificate between a server
+ and a client connecting to it.
+ Channels of this kind always have Requested = False,
+ TargetHandleType
+ = None and TargetHandle
+ = 0, and cannot be requested with methods such as CreateChannel.
+ Also, they SHOULD be dispatched while the
+ Connection
+ owning them is in the CONNECTING state.
In this case, handlers SHOULD accept or reject the certificate, using
- the relevant methods on the provided object, or MAY just close the channel before doing so, to fall
+ the relevant methods on the provided object, or MAY just Close the channel before doing so, to fall
back to a non-interactive verification process done inside the CM.
For example, channels of this kind can pop up while a client is
connecting to an XMPP server.
@@ -42,10 +46,11 @@
- A A TLSCertificate.DRAFT
containing the certificate chain as sent by the server,
- and other relevant information.
+ and other relevant information.
+ This property is immutable.
--
cgit v1.2.3