forked from wolfSSL/wolfssl
adjustments to x509.h macro list
This commit is contained in:
JacobBarthelmeh
@@ -109,18 +109,18 @@
|
|||||||
#define XN_FLAG_MULTILINE WOLFSSL_XN_FLAG_MULTILINE
|
#define XN_FLAG_MULTILINE WOLFSSL_XN_FLAG_MULTILINE
|
||||||
#define XN_FLAG_ONELINE WOLFSSL_XN_FLAG_ONELINE
|
#define XN_FLAG_ONELINE WOLFSSL_XN_FLAG_ONELINE
|
||||||
|
|
||||||
|
#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
|
||||||
|
#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* All of these aren't actually used in wolfSSL. Some are included to
|
* Not all of these X509_V_ERR values are used in wolfSSL. Some are included to
|
||||||
* satisfy OpenSSL compatibility consumers to prevent compilation errors.
|
* satisfy OpenSSL compatibility compilation errors.
|
||||||
* The list was taken from
|
* For HAProxy the values should be literal constants.
|
||||||
* https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
|
|
||||||
* One requirement for HAProxy is that the values should be literal constants.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define X509_V_OK 0
|
#define X509_V_OK 0
|
||||||
#define X509_V_ERR_UNSPECIFIED 1
|
#define X509_V_ERR_UNSPECIFIED 1
|
||||||
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
|
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
|
||||||
#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
|
|
||||||
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
|
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
|
||||||
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
|
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
|
||||||
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
|
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
|
||||||
@@ -129,7 +129,6 @@
|
|||||||
#define X509_V_ERR_CERT_NOT_YET_VALID 9
|
#define X509_V_ERR_CERT_NOT_YET_VALID 9
|
||||||
#define X509_V_ERR_CERT_HAS_EXPIRED 10
|
#define X509_V_ERR_CERT_HAS_EXPIRED 10
|
||||||
#define X509_V_ERR_CRL_NOT_YET_VALID 11
|
#define X509_V_ERR_CRL_NOT_YET_VALID 11
|
||||||
#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
|
|
||||||
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
|
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
|
||||||
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
|
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
|
||||||
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
|
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
|
||||||
@@ -146,8 +145,6 @@
|
|||||||
#define X509_V_ERR_INVALID_PURPOSE 26
|
#define X509_V_ERR_INVALID_PURPOSE 26
|
||||||
#define X509_V_ERR_CERT_UNTRUSTED 27
|
#define X509_V_ERR_CERT_UNTRUSTED 27
|
||||||
#define X509_V_ERR_CERT_REJECTED 28
|
#define X509_V_ERR_CERT_REJECTED 28
|
||||||
|
|
||||||
/* These are 'informational' when looking for issuer cert */
|
|
||||||
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
|
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
|
||||||
#define X509_V_ERR_AKID_SKID_MISMATCH 30
|
#define X509_V_ERR_AKID_SKID_MISMATCH 30
|
||||||
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
|
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
|
||||||
@@ -169,48 +166,34 @@
|
|||||||
#define X509_V_ERR_PERMITTED_VIOLATION 47
|
#define X509_V_ERR_PERMITTED_VIOLATION 47
|
||||||
#define X509_V_ERR_EXCLUDED_VIOLATION 48
|
#define X509_V_ERR_EXCLUDED_VIOLATION 48
|
||||||
#define X509_V_ERR_SUBTREE_MINMAX 49
|
#define X509_V_ERR_SUBTREE_MINMAX 49
|
||||||
/* The application is not happy */
|
|
||||||
#define X509_V_ERR_APPLICATION_VERIFICATION 50
|
#define X509_V_ERR_APPLICATION_VERIFICATION 50
|
||||||
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
|
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
|
||||||
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
|
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
|
||||||
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
||||||
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
|
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
|
||||||
/* Another issuer check debug option */
|
|
||||||
#define X509_V_ERR_PATH_LOOP 55
|
#define X509_V_ERR_PATH_LOOP 55
|
||||||
/* Suite B mode algorithm violation */
|
|
||||||
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
|
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
|
||||||
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
|
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
|
||||||
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
|
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
|
||||||
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
|
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
|
||||||
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
|
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
|
||||||
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
|
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
|
||||||
/* Host, email and IP check errors */
|
|
||||||
#define X509_V_ERR_HOSTNAME_MISMATCH 62
|
#define X509_V_ERR_HOSTNAME_MISMATCH 62
|
||||||
#define X509_V_ERR_EMAIL_MISMATCH 63
|
#define X509_V_ERR_EMAIL_MISMATCH 63
|
||||||
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
|
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
|
||||||
/* DANE TLSA errors */
|
|
||||||
#define X509_V_ERR_DANE_NO_MATCH 65
|
#define X509_V_ERR_DANE_NO_MATCH 65
|
||||||
/* security level errors */
|
|
||||||
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
|
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
|
||||||
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
|
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
|
||||||
#define X509_V_ERR_CA_MD_TOO_WEAK 68
|
#define X509_V_ERR_CA_MD_TOO_WEAK 68
|
||||||
/* Caller error */
|
|
||||||
#define X509_V_ERR_INVALID_CALL 69
|
#define X509_V_ERR_INVALID_CALL 69
|
||||||
/* Issuer lookup error */
|
|
||||||
#define X509_V_ERR_STORE_LOOKUP 70
|
#define X509_V_ERR_STORE_LOOKUP 70
|
||||||
/* Certificate transparency */
|
|
||||||
#define X509_V_ERR_NO_VALID_SCTS 71
|
#define X509_V_ERR_NO_VALID_SCTS 71
|
||||||
|
|
||||||
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
|
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
|
||||||
/* OCSP status errors */
|
|
||||||
#define X509_V_ERR_OCSP_VERIFY_NEEDED 73
|
#define X509_V_ERR_OCSP_VERIFY_NEEDED 73
|
||||||
#define X509_V_ERR_OCSP_VERIFY_FAILED 74
|
#define X509_V_ERR_OCSP_VERIFY_FAILED 74
|
||||||
#define X509_V_ERR_OCSP_CERT_UNKNOWN 75
|
#define X509_V_ERR_OCSP_CERT_UNKNOWN 75
|
||||||
|
|
||||||
#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76
|
#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76
|
||||||
#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77
|
#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77
|
||||||
|
|
||||||
/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
|
|
||||||
#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78
|
#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78
|
||||||
#define X509_V_ERR_INVALID_CA 79
|
#define X509_V_ERR_INVALID_CA 79
|
||||||
#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80
|
#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80
|
||||||
|
|||||||
Reference in New Issue
Block a user