| Value | Meaning |
|---|---|
| NoFlags0 | No flags set. Since: 2.74 |
| UnknownCa1 | The signing certificate authority is not known. |
| BadIdentity2 | The certificate does not match the expected identity of the site that it was retrieved from. |
| NotActivated4 | The certificate's activation time is still in the future |
| Expired8 | The certificate has expired |
| Revoked16 | The certificate has been revoked according to the #GTlsConnection's certificate revocation list. |
| Insecure32 | The certificate's algorithm is considered insecure. |
| GenericError64 | Some other error occurred validating the certificate |
| ValidateAll127 | the combination of all of the above flags |
A set of flags describing TLS certification validation. This can be used to describe why a particular certificate was rejected (for example, in #GTlsConnection::accept-certificate).
GLib guarantees that if certificate verification fails, at least one flag will be set, but it does not guarantee that all possible flags will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask gio.types.TlsCertificateFlags.Expired if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.