From: Christos Tsantilas Date: Tue, 10 Sep 2013 07:31:09 +0000 (-0600) Subject: Sync with newest OpenSSL error codes X-Git-Tag: SQUID_3_3_10~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66dd74e79dd9325151c786db55b3095d7d81d280;p=thirdparty%2Fsquid.git Sync with newest OpenSSL error codes This patch updates Squid list of errors to handle the ones available in newer OpenSSL versions. This is a Measurement Factory project --- diff --git a/errors/templates/error-details.txt b/errors/templates/error-details.txt index 52b70617aa..36006fca4c 100644 --- a/errors/templates/error-details.txt +++ b/errors/templates/error-details.txt @@ -134,6 +134,90 @@ name: X509_V_ERR_KEYUSAGE_NO_CERTSIGN detail: "%ssl_error_descr: %ssl_subject" descr: "Key usage does not include certificate signing" +name: X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER +detail: "%ssl_error_descr: %ssl_subject" +descr: "unable to get CRL issuer certificate" + +name: X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical extension" + +name: X509_V_ERR_KEYUSAGE_NO_CRL_SIGN +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include CRL signing" + +name: X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "unhandled critical CRL extension" + +name: X509_V_ERR_INVALID_NON_CA +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid non-CA certificate (has CA markings)" + +name: X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy path length constraint exceeded" + +name: X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "key usage does not include digital signature" + +name: X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED +detail: "%ssl_error_descr: %ssl_subject" +descr: "proxy certificates not allowed, please set the appropriate flag" + +name: X509_V_ERR_INVALID_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate extension" + +name: X509_V_ERR_INVALID_POLICY_EXTENSION +detail: "%ssl_error_descr: %ssl_subject" +descr: "invalid or inconsistent certificate policy extension" + +name: X509_V_ERR_NO_EXPLICIT_POLICY +detail: "%ssl_error_descr: %ssl_subject" +descr: "no explicit policy" + +name: X509_V_ERR_DIFFERENT_CRL_SCOPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Different CRL scope" + +name: X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE +detail: "%ssl_error_descr: %ssl_subject" +descr: "Unsupported extension feature" + +name: X509_V_ERR_UNNESTED_RESOURCE +detail: "%ssl_error_descr: %ssl_subject" +descr: "RFC 3779 resource not subset of parent's resources" + +name: X509_V_ERR_PERMITTED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "permitted subtree violation" + +name: X509_V_ERR_EXCLUDED_VIOLATION +detail: "%ssl_error_descr: %ssl_subject" +descr: "excluded subtree violation" + +name: X509_V_ERR_SUBTREE_MINMAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "name constraints minimum and maximum not supported" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported name constraint type" + +name: X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name constraint syntax" + +name: X509_V_ERR_UNSUPPORTED_NAME_SYNTAX +detail: "%ssl_error_descr: %ssl_subject" +descr: "unsupported or invalid name syntax" + +name: X509_V_ERR_CRL_PATH_VALIDATION_ERROR +detail: "%ssl_error_descr: %ssl_subject" +descr: "CRL path validation error" + name: X509_V_ERR_APPLICATION_VERIFICATION detail: "%ssl_error_descr: %ssl_subject" descr: "Application verification failure" diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc index 6ff62ce4e0..d79222c618 100644 --- a/src/ssl/ErrorDetail.cc +++ b/src/ssl/ErrorDetail.cc @@ -89,6 +89,132 @@ static SslErrorEntry TheSslErrorArray[] = { "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH"}, {X509_V_ERR_KEYUSAGE_NO_CERTSIGN, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN"}, +#if defined(X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER) + { + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, //33 + "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER" + }, +#endif +#if defined(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) + { + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, //34 + "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_KEYUSAGE_NO_CRL_SIGN) + { + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, //35 + "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN" + }, +#endif +#if defined(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) + { + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, //36 + "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_INVALID_NON_CA) + { + X509_V_ERR_INVALID_NON_CA, //37 + "X509_V_ERR_INVALID_NON_CA" + }, +#endif +#if defined(X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED) + { + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, //38 + "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED" + }, +#endif +#if defined(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE) + { + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, //39 + "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE" + }, +#endif +#if defined(X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED) + { + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, //40 + "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED" + }, +#endif +#if defined(X509_V_ERR_INVALID_EXTENSION) + { + X509_V_ERR_INVALID_EXTENSION, //41 + "X509_V_ERR_INVALID_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_INVALID_POLICY_EXTENSION) + { + X509_V_ERR_INVALID_POLICY_EXTENSION, //42 + "X509_V_ERR_INVALID_POLICY_EXTENSION" + }, +#endif +#if defined(X509_V_ERR_NO_EXPLICIT_POLICY) + { + X509_V_ERR_NO_EXPLICIT_POLICY, //43 + "X509_V_ERR_NO_EXPLICIT_POLICY" + }, +#endif +#if defined(X509_V_ERR_DIFFERENT_CRL_SCOPE) + { + X509_V_ERR_DIFFERENT_CRL_SCOPE, //44 + "X509_V_ERR_DIFFERENT_CRL_SCOPE" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE) + { + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, //45 + "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE" + }, +#endif +#if defined(X509_V_ERR_UNNESTED_RESOURCE) + { + X509_V_ERR_UNNESTED_RESOURCE, //46 + "X509_V_ERR_UNNESTED_RESOURCE" + }, +#endif +#if defined(X509_V_ERR_PERMITTED_VIOLATION) + { + X509_V_ERR_PERMITTED_VIOLATION, //47 + "X509_V_ERR_PERMITTED_VIOLATION" + }, +#endif +#if defined(X509_V_ERR_EXCLUDED_VIOLATION) + { + X509_V_ERR_EXCLUDED_VIOLATION, //48 + "X509_V_ERR_EXCLUDED_VIOLATION" + }, +#endif +#if defined(X509_V_ERR_SUBTREE_MINMAX) + { + X509_V_ERR_SUBTREE_MINMAX, //49 + "X509_V_ERR_SUBTREE_MINMAX" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE) + { + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, //51 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX) + { + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, //52 + "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX" + }, +#endif +#if defined(X509_V_ERR_UNSUPPORTED_NAME_SYNTAX) + { + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, //53 + "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX" + }, +#endif +#if defined(X509_V_ERR_CRL_PATH_VALIDATION_ERROR) + { + X509_V_ERR_CRL_PATH_VALIDATION_ERROR, //54 + "X509_V_ERR_CRL_PATH_VALIDATION_ERROR" + }, +#endif {X509_V_ERR_APPLICATION_VERIFICATION, "X509_V_ERR_APPLICATION_VERIFICATION"}, { SSL_ERROR_NONE, "SSL_ERROR_NONE"},