1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
3
* The contents of this file are subject to the Mozilla Public
4
* License Version 1.1 (the "License"); you may not use this file
5
* except in compliance with the License. You may obtain a copy of
6
* the License at http://www.mozilla.org/MPL/
8
* Software distributed under the License is distributed on an "AS
9
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
10
* implied. See the License for the specific language governing
11
* rights and limitations under the License.
13
* The Original Code is mozilla.org code.
15
* The Initial Developer of the Original Code is Netscape
16
* Communications Corporation. Portions created by Netscape are
17
* Copyright (C) 1998 Netscape Communications Corporation. All
21
* Javier Delgadillo <javi@netscape.com>
23
* Alternatively, the contents of this file may be used under the
24
* terms of the GNU General Public License Version 2 or later (the
25
* "GPL"), in which case the provisions of the GPL are applicable
26
* instead of those above. If you wish to allow use of your
27
* version of this file only under the terms of the GPL and not to
28
* allow others to use your version of this file under the MPL,
29
* indicate your decision by deleting the provisions above and
30
* replace them with the notice and other provisions required by
31
* the GPL. If you do not delete the provisions above, a recipient
32
* may use your version of this file under either the MPL or the
36
#include "nsISupports.idl"
38
interface nsIX509Cert;
39
interface nsIInterfaceRequestor;
42
* Functions that display warnings for problems with web site trust.
46
[scriptable, uuid(86960956-edb0-11d4-998b-00b0d02354a0)]
47
interface nsIBadCertListener : nsISupports {
50
* No decision was made by the user, whether to trust a cert.
52
const short UNINIT_ADD_FLAG = -1;
55
* The user decided to add trust to a certificate temporarily
56
* for the current application session only.
58
const short ADD_TRUSTED_FOR_SESSION = 1;
61
* The user decided to add trust to a certificate permanently.
63
const short ADD_TRUSTED_PERMANENTLY = 2;
66
* Inform the user there are problems with the trust of a certificate,
67
* and request a decision from the user.
68
* The UI should offer the user a way to look at the certificate in detail.
69
* The following is a sample UI message to be shown to the user:
71
* Unable to verify the identity of %S as a trusted site.
72
* Possible reasons for this error:
73
* - Your browser does not recognize the Certificate Authority
74
* that issued the site's certificate.
75
* - The site's certificate is incomplete due to a
76
* server misconfiguration.
77
* - You are connected to a site pretending to be %S,
78
* possibly to obtain your confidential information.
79
* Please notify the site's webmaster about this problem.
80
* Before accepting this certificate, you should examine this site's
81
* certificate carefully. Are you willing to to accept this certificate
82
* for the purpose of identifying the Web site %S?
83
* o Accept this certificate permanently
84
* x Accept this certificate temporarily for this session
85
* o Do not accept this certificate and do not connect to this Web site
87
* @param socketInfo A network communication context that can be used to obtain more information
88
* about the active connection.
89
* @param cert The certificate that is not trusted and that is having the problem.
90
* @param certAddType The user's trust decision. See constants defined above.
92
* @return true if the user decided to connect anyway, false if the user decided to not connect
94
boolean confirmUnknownIssuer(in nsIInterfaceRequestor socketInfo,
96
out short certAddType);
99
* Inform the user there are problems with the trust of a certificate,
100
* and request a decision from the user.
101
* The hostname mentioned in the server's certificate is not the hostname
102
* that was used as a destination address for the current connection.
104
* @param socketInfo A network communication context that can be used to obtain more information
105
* about the active connection.
106
* @param targetURL The URL that was used to open the current connection.
107
* @param cert The certificate that was presented by the server.
109
* @return true if the user decided to connect anyway, false if the user decided to not connect
111
boolean confirmMismatchDomain(in nsIInterfaceRequestor socketInfo,
112
in AUTF8String targetURL,
113
in nsIX509Cert cert);
116
* Inform the user there are problems with the trust of a certificate,
117
* and request a decision from the user.
118
* The certificate presented by the server is no longer valid because
119
* the validity period has expired.
121
* @param socketInfo A network communication context that can be used to obtain more information
122
* about the active connection.
123
* @param cert The certificate that was presented by the server.
125
* @return true if the user decided to connect anyway, false if the user decided to not connect
127
boolean confirmCertExpired(in nsIInterfaceRequestor socketInfo,
128
in nsIX509Cert cert);
131
* Inform the user there are problems with the trust of a certificate,
132
* and request a decision from the user.
133
* The Certificate Authority (CA) that issued the server's certificate has issued a
134
* Certificate Revocation List (CRL).
135
* However, the application does not have a current version of the CA's CRL.
136
* Due to the application configuration, the application disallows the connection
137
* to the remote site.
139
* @param socketInfo A network communication context that can be used to obtain more information
140
* about the active connection.
141
* @param targetURL The URL that was used to open the current connection.
142
* @param cert The certificate that was presented by the server.
144
void notifyCrlNextupdate(in nsIInterfaceRequestor socketInfo,
145
in AUTF8String targetURL, in nsIX509Cert cert);
150
#define NS_BADCERTLISTENER_CONTRACTID "@mozilla.org/nsBadCertListener;1"