[Bug 29018] Allow interactive TLS certificate verification

Mon Sep 6 10:55:30 CEST 2010

https://bugs.freedesktop.org/show_bug.cgi?id=29018

Cosimo Cecchi <cosimoc at gnome.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |29458

--- Comment #19 from Cosimo Cecchi <cosimoc at gnome.org> 2010-09-06 01:55:29 PDT ---
(In reply to comment #18)
> Draft 1 was in spec 0.19.11.
> 
> Do we have CM implementations of the draft? Please reference them as bugs that
> block this one.

Yes, we have an implementation in Gabble, that was bug 29458 (now FIXED).

> Do we have a client implementation of the draft? I believe we do, in Empathy?

Yes, see https://bugzilla.gnome.org/show_bug.cgi?id=626848

> Any feedback from the implementation process?

Yes; thanks for reminding me this. It might happen that the verification
process for a certificate finds more than a reason why the certificate would
not be valid (e.g. the certificate could be at the same time self-signed and
not matching the right hostname).
If you see e.g. Firefox, when you connect to a site whose certificate has more
than one issue, it displays all of them at the same time in the UI; this isn't
currently do-able with this specification, as the reject reason is a single
enumeration value.

So, I think it'd be good to change Reject() on Auth.TLSCertificate to take an
array of (u: Reason) instead of a single one; this would also imply that the
RejectReason property becomes RejectReasons (au).
If you think it's a good idea too, I will provide a tp-spec branch for this,
and fix Gabble/Empathy accordingly.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.