Copyright © 2010 Collabora Limited This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. (draft 1) This object represents a TLS certificate.

The raw data contained in a TLS certificate.

For X.509 certificates (CertificateType = "x509"), this MUST be in DER format, as defined by the X.690 ITU standard.

For PGP certificates (CertificateType = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1 of RFC 4880.

The possible states for a TLSCertificate.DRAFT object. The certificate is currently waiting to be accepted or rejected. The certificate has been verified. The certificate has been rejected. Possible reasons to reject a TLS certificate. The certificate has been rejected for another reason not listed in this enumeration. The certificate is not trusted. The certificate is expired. The certificate is not active yet. The certificate provided does not have the expected fingerprint. The hostname certified does not match the provided one. The certificate is self-signed. The certificate has been revoked. The certificate uses an insecure cipher algorithm, or is cryptographically weak. The length in bytes of the certificate, or the depth of the certificate chain exceed the limits imposed by the crypto library. The current state of this certificate. State change notifications happen by means of the Accepted and Rejected signals.

If the State is Rejected, the reason why the certificate was rejected; this MAY correspond to the RejectReason, or MAY be a more specific D-Bus error name, perhaps implementation-specific.

If the State is not Rejected, this property is not meaningful, and SHOULD be set to an empty string.

If the State is Rejected, additional information about why the certificate was rejected.

If the State is not Rejected, this property is not meaningful and SHOULD be set to an empty map.

The additional information MAY also include one or more of the following well-known keys:

user-requested (b)

True if the error was due to an user-requested rejection of the certificate; False if there was an unrecoverable error in the verification process.

expected-hostname (s)

If the rejection reason is Hostname_Mismatch, the hostname that the server certificate was expected to have.

certificate-hostname (s)

If the rejection reason is Hostname_Mismatch, the hostname of the certificate that was presented.

For instance, if you try to connect to gmail.com but are presented with a TLS certificate issued to evil.example.org, the error details for Hostname_Mismatch MAY include:

              {
                'expected-hostname': 'gmail.com',
                'certificate-hostname': 'evil.example.org',
              }

debug-message (s)

Debugging information on the error, corresponding to the message part of a D-Bus error message, which SHOULD NOT be displayed to users under normal circumstances

If the State is Rejected, the reason why the certificate was rejected. Clients that do not understand the RejectError, which may be implementation-specific, can use this property to classify rejection reasons into common categories. Otherwise, this property is not meaningful, and SHOULD be set to Unknown. The type of this TLS certificate (e.g. 'x509' or 'pgp').

This property is immutable

One or more TLS certificates forming a trust chain, each encoded as specified by Certificate_Data.

The first certificate in the chain MUST be the server certificate, followed by the issuer's certificate, followed by the issuer's issuer and so on.

The State of this certificate has changed to Accepted. The State of this certificate has changed to Rejected. The new value of RejectReason. The new value of RejectError. The new value of RejectDetails Accepts this certificate, i.e. marks it as verified. Rejects this certificate. The new value of RejectReason. The new value of RejectError. The new value of RejectDetails.