From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 30 Jul 2013 15:19:27 +0000 (+0300)
Subject: Sync with newest OpenSSL error codes
X-Git-Tag: SQUID_3_5_0_1~676
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7a62af618d7d385b7fb3fe69ba4e9cce7ebc84f4;p=thirdparty%2Fsquid.git

Sync with newest OpenSSL error codes

This patch updates Squid list of errors to handle the ones available in newer
OpenSSL versions.

This is a Measurement Factory project
---

diff --git a/errors/templates/error-details.txt b/errors/templates/error-details.txt
index 52b70617aa..36006fca4c 100644
--- a/errors/templates/error-details.txt
+++ b/errors/templates/error-details.txt
@@ -134,6 +134,90 @@ name: X509_V_ERR_KEYUSAGE_NO_CERTSIGN
 detail: "%ssl_error_descr: %ssl_subject"
 descr: "Key usage does not include certificate signing"
 
+name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unable to get CRL issuer certificate"
+
+name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unhandled critical extension"
+
+name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "key usage does not include CRL signing"
+
+name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unhandled critical CRL extension"
+
+name: X509_V_ERR_INVALID_NON_CA
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "invalid non-CA certificate (has CA markings)"
+
+name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "proxy path length constraint exceeded"
+
+name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "key usage does not include digital signature"
+
+name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "proxy certificates not allowed, please set the appropriate flag"
+
+name: X509_V_ERR_INVALID_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "invalid or inconsistent certificate extension"
+
+name: X509_V_ERR_INVALID_POLICY_EXTENSION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "invalid or inconsistent certificate policy extension"
+
+name: X509_V_ERR_NO_EXPLICIT_POLICY
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "no explicit policy"
+
+name: X509_V_ERR_DIFFERENT_CRL_SCOPE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "Different CRL scope"
+
+name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "Unsupported extension feature"
+
+name: X509_V_ERR_UNNESTED_RESOURCE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "RFC 3779 resource not subset of parent's resources"
+
+name: X509_V_ERR_PERMITTED_VIOLATION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "permitted subtree violation"
+
+name: X509_V_ERR_EXCLUDED_VIOLATION
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "excluded subtree violation"
+
+name: X509_V_ERR_SUBTREE_MINMAX
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "name constraints minimum and maximum not supported"
+
+name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unsupported name constraint type"
+
+name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unsupported or invalid name constraint syntax"
+
+name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "unsupported or invalid name syntax"
+
+name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+detail: "%ssl_error_descr: %ssl_subject"
+descr: "CRL path validation error"
+
 name: X509_V_ERR_APPLICATION_VERIFICATION
 detail: "%ssl_error_descr: %ssl_subject"
 descr: "Application verification failure"
diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc
index eb54c15421..5dc0479682 100644
--- a/src/ssl/ErrorDetail.cc
+++ b/src/ssl/ErrorDetail.cc
@@ -89,6 +89,90 @@ static SslErrorEntry TheSslErrorArray[] = {
      "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH"},
     {X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
      "X509_V_ERR_KEYUSAGE_NO_CERTSIGN"},
+#if defined(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)
+      {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, //33
+       "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER"},
+#endif
+#if defined(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
+      {X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, //34
+       "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)
+      {X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, //35
+       "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN"},
+#endif
+#if defined(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)
+      {X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, //36
+       "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_INVALID_NON_CA)
+      {X509_V_ERR_INVALID_NON_CA, //37
+       "X509_V_ERR_INVALID_NON_CA"},
+#endif
+#if defined(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED)
+      {X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, //38
+       "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED"},
+#endif
+#if defined(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE)
+      {X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, //39
+       "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE"},
+#endif
+#if defined(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED)
+      {X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, //40
+       "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED"},
+#endif
+#if defined(X509_V_ERR_INVALID_EXTENSION)
+      {X509_V_ERR_INVALID_EXTENSION, //41
+       "X509_V_ERR_INVALID_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_INVALID_POLICY_EXTENSION)
+      {X509_V_ERR_INVALID_POLICY_EXTENSION, //42
+       "X509_V_ERR_INVALID_POLICY_EXTENSION"},
+#endif
+#if defined(X509_V_ERR_NO_EXPLICIT_POLICY)
+      {X509_V_ERR_NO_EXPLICIT_POLICY, //43
+       "X509_V_ERR_NO_EXPLICIT_POLICY"},
+#endif
+#if defined(X509_V_ERR_DIFFERENT_CRL_SCOPE)
+      {X509_V_ERR_DIFFERENT_CRL_SCOPE, //44
+       "X509_V_ERR_DIFFERENT_CRL_SCOPE"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE)
+      {X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, //45
+       "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE"},
+#endif
+#if defined(X509_V_ERR_UNNESTED_RESOURCE)
+      {X509_V_ERR_UNNESTED_RESOURCE, //46
+       "X509_V_ERR_UNNESTED_RESOURCE"},
+#endif
+#if defined(X509_V_ERR_PERMITTED_VIOLATION)
+      {X509_V_ERR_PERMITTED_VIOLATION, //47
+       "X509_V_ERR_PERMITTED_VIOLATION"},
+#endif
+#if defined(X509_V_ERR_EXCLUDED_VIOLATION)
+      {X509_V_ERR_EXCLUDED_VIOLATION, //48
+       "X509_V_ERR_EXCLUDED_VIOLATION"},
+#endif
+#if defined(X509_V_ERR_SUBTREE_MINMAX)
+      {X509_V_ERR_SUBTREE_MINMAX, //49
+       "X509_V_ERR_SUBTREE_MINMAX"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE)
+      {X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, //51
+       "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX)
+      {X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, //52
+       "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX"},
+#endif
+#if defined(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX)
+      {X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, //53
+       "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX"},
+#endif
+#if defined(X509_V_ERR_CRL_PATH_VALIDATION_ERROR)
+      {X509_V_ERR_CRL_PATH_VALIDATION_ERROR, //54
+       "X509_V_ERR_CRL_PATH_VALIDATION_ERROR"},
+#endif
     {X509_V_ERR_APPLICATION_VERIFICATION,
      "X509_V_ERR_APPLICATION_VERIFICATION"},
     { SSL_ERROR_NONE, "SSL_ERROR_NONE"},