forked from wolfSSL/wolfssl
Add unique error codes to verify failures
This commit is contained in:
Eric Blankenhorn
@@ -9351,7 +9351,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
||||
if (args->dCert->altNames != NULL) {
|
||||
if (CheckAltNames(args->dCert, ssl->param->hostName) == 0 ) {
|
||||
if (ret == 0) {
|
||||
ret = VERIFY_CERT_ERROR;
|
||||
ret = DOMAIN_NAME_MISMATCH;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -9361,7 +9361,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
||||
args->dCert->subjectCNLen,
|
||||
ssl->param->hostName) == 0) {
|
||||
if (ret == 0) {
|
||||
ret = VERIFY_CERT_ERROR;
|
||||
ret = DOMAIN_NAME_MISMATCH;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -9373,7 +9373,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
||||
(ssl->param != NULL) && (XSTRLEN(ssl->param->ipasc) > 0)) {
|
||||
if (CheckIPAddr(args->dCert, ssl->param->ipasc) != 0) {
|
||||
if (ret == 0) {
|
||||
ret = VERIFY_CERT_ERROR;
|
||||
ret = IPADDR_MISMATCH;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -16863,6 +16863,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
||||
case DOMAIN_NAME_MISMATCH :
|
||||
return "peer subject name mismatch";
|
||||
|
||||
case IPADDR_MISMATCH :
|
||||
return "peer ip address mismatch";
|
||||
|
||||
case WANT_READ :
|
||||
case WOLFSSL_ERROR_WANT_READ :
|
||||
return "non-blocking socket wants data to be read";
|
||||
|
||||
@@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes {
|
||||
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
|
||||
WANT_READ = -323, /* want read, call again */
|
||||
NOT_READY_ERROR = -324, /* handshake layer not ready */
|
||||
|
||||
IPADDR_MISMATCH = -325, /* peer ip address mismatch */
|
||||
VERSION_ERROR = -326, /* record layer version error */
|
||||
WANT_WRITE = -327, /* want write, call again */
|
||||
BUFFER_ERROR = -328, /* malformed buffer input */
|
||||
|
||||
Reference in New Issue
Block a user