Merge pull request #8213 from JacobBarthelmeh/compat

adjustments to x509.h macro list
2024-11-27 13:35:14 -08:00
parent fbaabbe2e9 2b11bd40b3
commit 9bec6da2ff
1 changed files with 99 additions and 116 deletions
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@ -109,18 +109,18 @@
 #define XN_FLAG_MULTILINE        WOLFSSL_XN_FLAG_MULTILINE
 #define XN_FLAG_ONELINE          WOLFSSL_XN_FLAG_ONELINE

+#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
+#define X509_V_ERR_CRL_HAS_EXPIRED   WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
+
 /*
- * All of these aren't actually used in wolfSSL. Some are included to
- * satisfy OpenSSL compatibility consumers to prevent compilation errors.
- * The list was taken from
- * https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
- * One requirement for HAProxy is that the values should be literal constants.
+ * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to
+ * satisfy OpenSSL compatibility compilation errors.
+ * For HAProxy the values should be literal constants.
 */

 #define X509_V_OK                                      0
 #define X509_V_ERR_UNSPECIFIED                         1
 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT           2
-#define X509_V_ERR_UNABLE_TO_GET_CRL                    WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
 #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE    4
 #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE     5
 #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY  6
@ -129,7 +129,6 @@
 #define X509_V_ERR_CERT_NOT_YET_VALID                  9
 #define X509_V_ERR_CERT_HAS_EXPIRED                    10
 #define X509_V_ERR_CRL_NOT_YET_VALID                   11
-#define X509_V_ERR_CRL_HAS_EXPIRED                      WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
 #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD      13
 #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD       14
 #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD      15
@ -146,8 +145,6 @@
 #define X509_V_ERR_INVALID_PURPOSE                     26
 #define X509_V_ERR_CERT_UNTRUSTED                      27
 #define X509_V_ERR_CERT_REJECTED                       28
-
-/* These are 'informational' when looking for issuer cert */
 #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH             29
 #define X509_V_ERR_AKID_SKID_MISMATCH                  30
 #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH         31
@ -169,48 +166,34 @@
 #define X509_V_ERR_PERMITTED_VIOLATION                 47
 #define X509_V_ERR_EXCLUDED_VIOLATION                  48
 #define X509_V_ERR_SUBTREE_MINMAX                      49
-/* The application is not happy */
 #define X509_V_ERR_APPLICATION_VERIFICATION            50
 #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE         51
 #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX       52
 #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX             53
 #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR           54
-/* Another issuer check debug option */
 #define X509_V_ERR_PATH_LOOP                           55
-/* Suite B mode algorithm violation */
 #define X509_V_ERR_SUITE_B_INVALID_VERSION             56
 #define X509_V_ERR_SUITE_B_INVALID_ALGORITHM           57
 #define X509_V_ERR_SUITE_B_INVALID_CURVE               58
 #define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
 #define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED             60
 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
-/* Host, email and IP check errors */
 #define X509_V_ERR_HOSTNAME_MISMATCH                   62
 #define X509_V_ERR_EMAIL_MISMATCH                      63
 #define X509_V_ERR_IP_ADDRESS_MISMATCH                 64
-/* DANE TLSA errors */
 #define X509_V_ERR_DANE_NO_MATCH                       65
-/* security level errors */
 #define X509_V_ERR_EE_KEY_TOO_SMALL                    66
 #define X509_V_ERR_CA_KEY_TOO_SMALL                    67
 #define X509_V_ERR_CA_MD_TOO_WEAK                      68
-/* Caller error */
 #define X509_V_ERR_INVALID_CALL                        69
-/* Issuer lookup error */
 #define X509_V_ERR_STORE_LOOKUP                        70
-/* Certificate transparency */
 #define X509_V_ERR_NO_VALID_SCTS                       71
-
 #define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION        72
-/* OCSP status errors */
 #define X509_V_ERR_OCSP_VERIFY_NEEDED                  73
 #define X509_V_ERR_OCSP_VERIFY_FAILED                  74
 #define X509_V_ERR_OCSP_CERT_UNKNOWN                   75
-
 #define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM     76
 #define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH        77
-
-/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
 #define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY   78
 #define X509_V_ERR_INVALID_CA                          79
 #define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA          80