[Bug 29018] Allow interactive TLS certificate verification

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Sep 13 14:15:06 CEST 2010 

https://bugs.freedesktop.org/show_bug.cgi?id=29018

Simon McVittie <simon.mcvittie at collabora.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Status Whiteboard|draft 1 in 0.19.11          |undraft imminent

--- Comment #20 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2010-09-13 05:15:06 PDT ---
We'd like to undraft this today or tomorrow, for Empathy 2.32. I think the only
pending change is this one:

(In reply to comment #19)
> It might happen that the verification
> process for a certificate finds more than a reason why the certificate would
> not be valid (e.g. the certificate could be at the same time self-signed and
> not matching the right hostname).
> If you see e.g. Firefox, when you connect to a site whose certificate has more
> than one issue, it displays all of them at the same time in the UI; this isn't
> currently do-able with this specification, as the reject reason is a single
> enumeration value.

If we do this, the D-Bus error name and the details should also be repetitive.
Two straw-man APIs:

Repeated rejection
==================

Add struct TLS_Certificate_Rejection = ( u, s, a{sv} )

Change Reject so if it's called repeatedly, the second and subsequent calls are
secondary rejection reasons, which the CM MAY either use or ignore [1]

Allow Rejected to be emitted repeatedly, once per Reject call

Remove the Reject* properties and replace them with Rejections: a(us{asv}),
TLS_Certificate_Rejection[], defined such that the first rejection in the list
MAY be assumed to be "the most important"

Update Gabble with whichever semantics from [1] are easier

Update Empathy and make it just look at the first thing in Rejections
(defensive programming: if Rejections is empty, treat it as unknown error)

Multi-rejection
===============

The same, except change the signature of Reject to a(usa{sv}) -> nothing,
forbid calling Reject with an empty list, change the signature of Rejected to
a(usa{sv}), and keep the second and subsequent calls to Reject as ignored

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the telepathy-bugs mailing list