Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
L HTTP include/openssl/httperr.h crypto/http/http_err.c include/crypto/httperr.h
# SSL/TLS alerts
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
+R SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010
+R SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020
R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
+R SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030
+R SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040
+R SSL_R_TLS_ALERT_NO_CERTIFICATE 1041
+R SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042
+R SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043
+R SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044
+R SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045
+R SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046
+R SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047
R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\
srtp protection profile list too long
SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile
-SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
+SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
ssl3 ext invalid max fragment length
-SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
-SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
-SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long
-SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate
-SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac
-SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired
-SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked
-SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown
-SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure
-SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure
-SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter
-SSL_R_SSLV3_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate
-SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message
-SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:1043:\
+SSL_R_TLS_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
+SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
+SSL_R_TLS_SESSION_ID_TOO_LONG:300:ssl3 session id too long
+SSL_R_TLS_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate
+SSL_R_TLS_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac
+SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired
+SSL_R_TLS_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked
+SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown
+SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure
+SSL_R_TLS_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure
+SSL_R_TLS_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter
+SSL_R_TLS_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate
+SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message
+SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE:1043:\
ssl/tls alert unsupported certificate
SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found
"srtp protection profile list too long" },
{ ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
"srtp unknown protection profile" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH),
- "ssl3 ext invalid max fragment length" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME),
- "ssl3 ext invalid servername" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
- "ssl3 ext invalid servername type" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
- "ssl3 session id too long" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
- "ssl/tls alert bad certificate" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
- "ssl/tls alert bad record mac" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
- "ssl/tls alert certificate expired" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
- "ssl/tls alert certificate revoked" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
- "ssl/tls alert certificate unknown" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
- "ssl/tls alert decompression failure" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
- "ssl/tls alert handshake failure" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
- "ssl/tls alert illegal parameter" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
- "ssl/tls alert no certificate" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
- "ssl/tls alert unexpected message" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
- "ssl/tls alert unsupported certificate" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH),
+ "tls ext invalid max fragment length" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME),
+ "tls ext invalid servername" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE),
+ "tls ext invalid servername type" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_SESSION_ID_TOO_LONG),
+ "tls session id too long" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_CERTIFICATE),
+ "tls alert bad certificate" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_RECORD_MAC),
+ "tls alert bad record mac" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED),
+ "tls alert certificate expired" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_REVOKED),
+ "tls alert certificate revoked" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN),
+ "tls alert certificate unknown" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE),
+ "tls alert decompression failure" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_HANDSHAKE_FAILURE),
+ "tls alert handshake failure" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_ILLEGAL_PARAMETER),
+ "tls alert illegal parameter" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_NO_CERTIFICATE),
+ "tls alert no certificate" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE),
+ "tls alert unexpected message" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE),
+ "tls alert unsupported certificate" },
{ ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
"ssl command section empty" },
{ ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
-#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+#define SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
+#define SSL_R_TLS_EXT_INVALID_SERVERNAME 319
+#define SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_TLS_SESSION_ID_TOO_LONG 300
+#define SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042
+#define SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020
+#define SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045
+#define SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044
+#define SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046
+#define SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030
+#define SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040
+#define SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047
+#define SSL_R_TLS_ALERT_NO_CERTIFICATE 1041
+#define SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010
+#define SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
#define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
#define SSL_F_WRITE_STATE_MACHINE 0
#endif
+#ifndef OPENSSL_NO_DEPRECATED_4_0
+
+#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
+#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+
+#endif
+
#ifdef __cplusplus
}
#endif
break;
len = strlen((char *)parg);
if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME);
return 0;
}
if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
return 0;
}
} else {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
break;
/* |value| should contains a valid max-fragment-length code. */
if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
*/
if (value != s->ext.max_fragment_len_mode) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
/* Received |value| should be a valid max-fragment-length code. */
if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
session_id_len = PACKET_remaining(&session_id);
if (session_id_len > sizeof(s->session->session_id)
|| session_id_len > SSL3_SESSION_ID_SIZE) {
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_TLS_SESSION_ID_TOO_LONG);
goto err;
}
{
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
projects / thirdparty / openssl.git / commitdiff
