nsIBadCertListener

IID:86960956-edb0-11d4-998b-00b0d02354a0
Inherits From:nsISupports
Status:FROZEN

Functions that display warnings for problems with web site trust.

This interface is implemented by the following components:


Constants

No decision was made by the user, whether to trust a cert.
PRInt16 UNINIT_ADD_FLAG = -1
The user decided to add trust to a certificate temporarily for the current application session only.
PRInt16 ADD_TRUSTED_FOR_SESSION = 1
The user decided to add trust to a certificate permanently.
PRInt16 ADD_TRUSTED_PERMANENTLY = 2

Methods

PRBool confirmCertExpired ( nsIInterfaceRequestor socketInfo , nsIX509Cert cert ) PRBool confirmMismatchDomain ( nsIInterfaceRequestor socketInfo , AUTF8String targetURL , nsIX509Cert cert ) PRBool confirmUnknownIssuer ( nsIInterfaceRequestor socketInfo , nsIX509Cert cert , out PRInt16 certAddType ) void notifyCrlNextupdate ( nsIInterfaceRequestor socketInfo , AUTF8String targetURL , nsIX509Cert cert )

PRBool confirmCertExpired ( nsIInterfaceRequestor socketInfo , nsIX509Cert cert )

Inform the user there are problems with the trust of a certificate, and request a decision from the user. The certificate presented by the server is no longer valid because the validity period has expired.

Arguments:
socketInfo: A network communication context that can be used to obtain more information about the active connection.
cert: The certificate that was presented by the server.
Returns:
true if the user decided to connect anyway, false if the user decided to not connect

PRBool confirmMismatchDomain ( nsIInterfaceRequestor socketInfo , AUTF8String targetURL , nsIX509Cert cert )

Inform the user there are problems with the trust of a certificate, and request a decision from the user. The hostname mentioned in the server's certificate is not the hostname that was used as a destination address for the current connection.

Arguments:
socketInfo: A network communication context that can be used to obtain more information about the active connection.
targetURL: The URL that was used to open the current connection.
cert: The certificate that was presented by the server.
Returns:
true if the user decided to connect anyway, false if the user decided to not connect

PRBool confirmUnknownIssuer ( nsIInterfaceRequestor socketInfo , nsIX509Cert cert , out PRInt16 certAddType )

Inform the user there are problems with the trust of a certificate, and request a decision from the user. The UI should offer the user a way to look at the certificate in detail. The following is a sample UI message to be shown to the user:

Unable to verify the identity of %S as a trusted site. Possible reasons for this error: - Your browser does not recognize the Certificate Authority that issued the site's certificate. - The site's certificate is incomplete due to a server misconfiguration. - You are connected to a site pretending to be %S, possibly to obtain your confidential information. Please notify the site's webmaster about this problem. Before accepting this certificate, you should examine this site's certificate carefully. Are you willing to to accept this certificate for the purpose of identifying the Web site %S? o Accept this certificate permanently x Accept this certificate temporarily for this session o Do not accept this certificate and do not connect to this Web site

Arguments:
socketInfo: A network communication context that can be used to obtain more information about the active connection.
cert: The certificate that is not trusted and that is having the problem.
certAddType: The user's trust decision. See constants defined above.
Returns:
true if the user decided to connect anyway, false if the user decided to not connect

void notifyCrlNextupdate ( nsIInterfaceRequestor socketInfo , AUTF8String targetURL , nsIX509Cert cert )

Inform the user there are problems with the trust of a certificate, and request a decision from the user. The Certificate Authority (CA) that issued the server's certificate has issued a Certificate Revocation List (CRL). However, the application does not have a current version of the CA's CRL. Due to the application configuration, the application disallows the connection to the remote site.

Arguments:
socketInfo: A network communication context that can be used to obtain more information about the active connection.
targetURL: The URL that was used to open the current connection.
cert: The certificate that was presented by the server.

Reference documentation is generated from Mozilla's source.

Add a note User Contributed Notes
No comments available

Copyright © 1999 - 2005 XULPlanet.com