From 2dcd04668bbbfe7c7b04f60a081e6ac55227e255 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 29 Aug 2024 21:28:02 -0500
Subject: [PATCH] src/internal.c: in wolfSSL_ERR_reason_error_string(), restore
 handling for -WOLFSSL_X509_V_ERR_*, but separated from handling for the
 proper wolfSSL_ErrorCodes.

---
 src/internal.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++---
 tests/api.c    | 10 ++++++++++
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index d8cb3f2ff..0f9d093ab 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -25679,11 +25679,59 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 
     case WOLFSSL_FATAL_ERROR:
         return "fatal error";
-
-    default :
-        return "unknown error number";
     }
 
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+
+    switch (error) {
+    /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with
+     *       -WOLFSSL_ERROR_WANT_CONNECT.
+     */
+
+    case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID:
+        return "certificate not yet valid";
+
+    case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED:
+        return "certificate has expired";
+
+    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return "certificate signature failure";
+
+    case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return "format error in certificate's notAfter field";
+
+    case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return "self-signed certificate in certificate chain";
+
+    case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return "unable to get local issuer certificate";
+
+    case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return "unable to verify the first certificate";
+
+    case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return "certificate chain too long";
+
+    case -WOLFSSL_X509_V_ERR_CERT_REVOKED:
+        return "certificate revoked";
+
+    case -WOLFSSL_X509_V_ERR_INVALID_CA:
+        return "invalid CA certificate";
+
+    case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return "path length constraint exceeded";
+
+    case -WOLFSSL_X509_V_ERR_CERT_REJECTED:
+        return "certificate rejected";
+
+    case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return "subject issuer mismatch";
+    }
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
+
+    return "unknown error number";
+
 #endif /* NO_ERROR_STRINGS */
 }
 
diff --git a/tests/api.c b/tests/api.c
index c50ec3258..5b4be95e7 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -83187,7 +83187,17 @@ static int error_test(void)
 #ifndef OPENSSL_EXTRA
         { 0, 0 },
 #endif
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+    defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
+        { -11, -12 },
+        { -15, -17 },
+        { -19, -19 },
+        { -26, -27 },
+        { -30, WC_FIRST_E+1 },
+#else
         { -9, WC_FIRST_E+1 },
+#endif
         { -124, -124 },
         { -166, -169 },
         { -300, -300 },