[Bug 23931] Added some more TLS/SSL conditions (revoked, insecure, limit exceeded)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Nov 10 21:24:34 CET 2009


http://bugs.freedesktop.org/show_bug.cgi?id=23931





--- Comment #6 from Simon McVittie <simon.mcvittie at collabora.co.uk>  2009-11-10 12:24:31 PST ---
(In reply to comment #5)
> Revoked is _very_ distinct from expired: it means that someone with the 
> authority to do so has quite deliberately taken active steps to make sure 
> the cert i sno longer considered valid: I think it would be very bad to 
> conflate expired and revoked: For one thing, we ourselves treat revoked
> as invalid even when in lenient mode, whereas we allow expired certs.

Would you prefer that Telepathy clients that don't understand the specific
error in the ConnectionError signal treat Revoked like None_Specified
("unspecified error"), or like Expired? This determines whether it needs its
own enum member or not.

> Similarly limit exceeded indicates that we have crossed a line which the
> user or packager has chosen as a probable DOS attack, and insecure means 
> the same people have decided a cert/crypto is not sufficiently secure, so
> we shouldn't really bury these inside the generic error.

Similarly, would you prefer Limit_Exceeded and Insecure to be treated like
None_Specified, or like Cert_Other_Error, by clients that don't understand the
specific reason given in the ConnectionError signal? If the former is OK, they
can have their own enum members.


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the telepathy-bugs mailing list