Interface Channel.Type.ServerTLSConnection

Interface Index (Compact) | Summary | Description | Properties

Properties

ServerCertificate o Read only Immutable
Hostname s Read only Immutable
ReferenceIdentities as Read only Immutable
Added in 0.19.13. (as stable API)
Objects implementing this interface must also implement:

Description

A channel type that carries a TLS certificate between a server and a client connecting to it.

Channels of this kind always have Requested = False, TargetHandleType = None and TargetHandle = 0, and cannot be requested with methods such as CreateChannel. Also, they SHOULD be dispatched while the Connection owning them is in the CONNECTING state.

In this case, handlers SHOULD accept or reject the certificate, using the relevant methods on the provided object, or MAY just Close the channel before doing so, to fall back to a non-interactive verification process done inside the CM.

For example, channels of this kind can pop up while a client is connecting to an XMPP server.

Properties

Accessed using the org.freedesktop.DBus.Properties interface.
(Permalink)

ServerCertificate — o

Read only
This property is immutable which means that it can never change once the channel has been created. Immutable properties SHOULD appear in the channel detail list of NewChannel signals.

A TLSCertificate containing the certificate chain as sent by the server, and other relevant information.

(Permalink)

Hostname — s

Read only
This property is immutable which means that it can never change once the channel has been created. Immutable properties SHOULD appear in the channel detail list of NewChannel signals.
Added in 0.19.12.

The hostname or domain that the user expects to connect to. Clients SHOULD use the ReferenceIdentities property to verify the identity of the certificate. Clients MAY display this hostname to the user as the expected identity. Clients SHOULD use this property to lookup pinned certificates or other user preferences for the connection.

(Permalink)

ReferenceIdentities — as

Read only
This property is immutable which means that it can never change once the channel has been created. Immutable properties SHOULD appear in the channel detail list of NewChannel signals.
Added in 0.21.10. If this property is not present, clients SHOULD use the Hostname property as the reference identity to validate server certificates against.

The identities of the server we expect ServerCertificate to certify; clients SHOULD verify that ServerCertificate matches one of these identities when checking its validity.

This property MUST NOT be the empty list; it MUST contain the value of the Hostname property. All other identities included in this property MUST be derived from explicit user input or choices, such as Parameters passed to RequestConnection.

Rationale:

The primary use for this property is for XMPP services hosted by Google Apps. When connecting to Google Talk using an @gmail.com JID, the server correctly presents a certificate for gmail.com; however, for domains hosted via Google Apps, a certificate for talk.google.com is offered, due to unresolved technical limitations.

If the user has explicitly chosen to create a Google Talk account, then trusting a certificate for talk.google.com is reasonable. To handle this case, the connection manager may add the values of any or all of the server, fallback-server and extra-identities parameters; the Google Talk account creation user interface may set these parameters appropriately, or the user may set them for accounts with other services.