The raw data contained in a TLS certificate.
For X.509 certificates (
For PGP certificates (
Struct representing one reason why a TLS certificate was rejected.
Since there can be multiple things wrong with a TLS certificate, arrays of this type are used to represent lists of reasons for rejection. In that case, the most important reason SHOULD be placed first in the list.
The value of the TLS_Certificate_Reject_Reason enumeration for
this certificate rejection.
Error
member,
which may be implementation-specific, can use this property to
classify rejection reasons into common categories.
The DBus error name for this certificate rejection.
This MAY correspond to the value of the Reason
member,
or MAY be a more specific D-Bus error name, perhaps implementation-specific.
Additional information about why the certificate was rejected. This MAY also include one or more of the following well-known keys:
For instance, if you try to connect to gmail.com but are presented with a TLS certificate issued to evil.example.org, the error details for Hostname_Mismatch MAY include:
{ 'expected-hostname': 'gmail.com', 'certificate-hostname': 'evil.example.org', }
If the
If the
The first rejection in the list MAY be assumed to be the most important; if the array contains more than one element, the CM MAY either use the values after the first, or ignore them.
This property is immutable
One or more TLS certificates forming a trust chain, each encoded as
specified by
The first certificate in the chain MUST be the server certificate, followed by the issuer's certificate, followed by the issuer's issuer and so on.