Sync with newest OpenSSL error codes

This patch updates Squid list of errors to handle the ones available in newer
OpenSSL versions.

This is a Measurement Factory project

diff --git a/errors/templates/error-details.txt b/errors/templates/error-details.txt
index 52b70617aa5592e4d5da08a9e10ade84082fb129..36006fca4cfc65e8e5d6774f92dfb14f628487bd 100644 (file)
--- a/errors/templates/error-details.txt
+++ b/errors/templates/error-details.txt
@@ -134,6 +134,90 @@ name: X509_V_ERR_KEYUSAGE_NO_CERTSIGN
 detail: "%ssl_error_descr: %ssl_subject"
 descr: "Key usage does not include certificate signing"
 
+name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unable to get CRL issuer certificate"
+
+name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unhandled critical extension"
+
+name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "key usage does not include CRL signing"
+
+name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unhandled critical CRL extension"
+
+name: X509_V_ERR_INVALID_NON_CA
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "invalid non-CA certificate (has CA markings)"
+
+name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "proxy path length constraint exceeded"
+
+name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "key usage does not include digital signature"
+
+name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "proxy certificates not allowed, please set the appropriate flag"
+
+name: X509_V_ERR_INVALID_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "invalid or inconsistent certificate extension"
+
+name: X509_V_ERR_INVALID_POLICY_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "invalid or inconsistent certificate policy extension"
+
+name: X509_V_ERR_NO_EXPLICIT_POLICY
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "no explicit policy"
+
+name: X509_V_ERR_DIFFERENT_CRL_SCOPE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "Different CRL scope"
+
+name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "Unsupported extension feature"
+
+name: X509_V_ERR_UNNESTED_RESOURCE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "RFC 3779 resource not subset of parent's resources"
+
+name: X509_V_ERR_PERMITTED_VIOLATION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "permitted subtree violation"
+
+name: X509_V_ERR_EXCLUDED_VIOLATION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "excluded subtree violation"
+
+name: X509_V_ERR_SUBTREE_MINMAX
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "name constraints minimum and maximum not supported"
+
+name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unsupported name constraint type"
+
+name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unsupported or invalid name constraint syntax"
+
+name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unsupported or invalid name syntax"
+
+name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "CRL path validation error"
+
 name: X509_V_ERR_APPLICATION_VERIFICATION
 detail: "%ssl_error_descr: %ssl_subject"
 descr: "Application verification failure"

diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc
index eb54c154214e6a7f7de49a39e3597dd79cc0ff08..5dc047968297dcfd5d714dbc102a073017498724 100644 (file)
--- a/src/ssl/ErrorDetail.cc
+++ b/src/ssl/ErrorDetail.cc
@@ -89,6 +89,90 @@ static SslErrorEntry TheSslErrorArray[] = {
      "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH"},
     {X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
      "X509_V_ERR_KEYUSAGE_NO_CERTSIGN"},
+#if defined(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)
+      {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, //33
+       "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER"},
+#endif
+#if defined(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
+      {X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, //34
+       "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)
+      {X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, //35
+       "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN"},
+#endif
+#if defined(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)
+      {X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, //36
+       "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_INVALID_NON_CA)
+      {X509_V_ERR_INVALID_NON_CA, //37
+       "X509_V_ERR_INVALID_NON_CA"},
+#endif
+#if defined(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED)
+      {X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, //38
+       "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED"},
+#endif
+#if defined(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE)
+      {X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, //39
+       "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE"},
+#endif
+#if defined(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED)
+      {X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, //40
+       "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED"},
+#endif
+#if defined(X509_V_ERR_INVALID_EXTENSION)
+      {X509_V_ERR_INVALID_EXTENSION, //41
+       "X509_V_ERR_INVALID_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_INVALID_POLICY_EXTENSION)
+      {X509_V_ERR_INVALID_POLICY_EXTENSION, //42
+       "X509_V_ERR_INVALID_POLICY_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_NO_EXPLICIT_POLICY)
+      {X509_V_ERR_NO_EXPLICIT_POLICY, //43
+       "X509_V_ERR_NO_EXPLICIT_POLICY"},
+#endif
+#if defined(X509_V_ERR_DIFFERENT_CRL_SCOPE)
+      {X509_V_ERR_DIFFERENT_CRL_SCOPE, //44
+       "X509_V_ERR_DIFFERENT_CRL_SCOPE"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE)
+      {X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, //45
+       "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE"},
+#endif
+#if defined(X509_V_ERR_UNNESTED_RESOURCE)
+      {X509_V_ERR_UNNESTED_RESOURCE, //46
+       "X509_V_ERR_UNNESTED_RESOURCE"},
+#endif
+#if defined(X509_V_ERR_PERMITTED_VIOLATION)
+      {X509_V_ERR_PERMITTED_VIOLATION, //47
+       "X509_V_ERR_PERMITTED_VIOLATION"},
+#endif
+#if defined(X509_V_ERR_EXCLUDED_VIOLATION)
+      {X509_V_ERR_EXCLUDED_VIOLATION, //48
+       "X509_V_ERR_EXCLUDED_VIOLATION"},
+#endif
+#if defined(X509_V_ERR_SUBTREE_MINMAX)
+      {X509_V_ERR_SUBTREE_MINMAX, //49
+       "X509_V_ERR_SUBTREE_MINMAX"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE)
+      {X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, //51
+       "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX)
+      {X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, //52
+       "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX)
+      {X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, //53
+       "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX"},
+#endif
+#if defined(X509_V_ERR_CRL_PATH_VALIDATION_ERROR)
+      {X509_V_ERR_CRL_PATH_VALIDATION_ERROR, //54
+       "X509_V_ERR_CRL_PATH_VALIDATION_ERROR"},
+#endif
     {X509_V_ERR_APPLICATION_VERIFICATION,
      "X509_V_ERR_APPLICATION_VERIFICATION"},
     { SSL_ERROR_NONE, "SSL_ERROR_NONE"},