If this certificate has been rejected, return a TLSCertificateRejection indicating the first rejection reason (by convention, the most important).
If you want to list all the things that are wrong with the certificate (for instance, it might be self-signed and also have expired) you
can call get_nth_rejection, increasing n
until it returns null
.
this |
a TLS certificate |
a TLSCertificateRejection, or |