From 31736307fdf0ca1f15b537102b1aa050579061ab Mon Sep 17 00:00:00 2001 From: Hayden Roche Date: Mon, 7 Mar 2022 15:58:46 -0800 Subject: [PATCH] Sync up X509_V_ERR codes with OpenSSL. We defined these codes to values that didn't match those in OpenSSL. This is a problem if a user is porting code from OpenSSL to wolfSSL that uses hardcoded versions of these values. While the user's code should be fixed to not use hardcoded values, we can make the port smoother by syncing the values up. --- wolfssl/ssl.h | 114 +++++++++++++++++++++++++------------------------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 4fa79cb96..5da47c953 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2226,64 +2226,64 @@ enum { X509_FILETYPE_PEM = 8, - X509_V_OK = 0, - X509_V_ERR_CRL_SIGNATURE_FAILURE = 8, - X509_V_ERR_CERT_HAS_EXPIRED = ASN_AFTER_DATE_E, - X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, - X509_V_ERR_CRL_HAS_EXPIRED = 15, - X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, - X509_V_ERR_CERT_NOT_YET_VALID = ASN_BEFORE_DATE_E, - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, - X509_V_ERR_CERT_REVOKED = 23, - X509_V_ERR_CERT_REJECTED = 24, - /* Required for Nginx */ - X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 25, - X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 26, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 27, - X509_V_ERR_CERT_UNTRUSTED = 28, - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = ASN_NO_SIGNER_E, - X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 30, - /* additional X509_V_ERR_* enums not used in wolfSSL */ - X509_V_ERR_UNABLE_TO_GET_CRL, - X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, - X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, - X509_V_ERR_CERT_SIGNATURE_FAILURE, - X509_V_ERR_CRL_NOT_YET_VALID, - X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, - X509_V_ERR_OUT_OF_MEM, - X509_V_ERR_INVALID_CA, - X509_V_ERR_PATH_LENGTH_EXCEEDED, - X509_V_ERR_INVALID_PURPOSE, - X509_V_ERR_AKID_SKID_MISMATCH, - X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH, - X509_V_ERR_KEYUSAGE_NO_CERTSIGN, - X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, - X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, - X509_V_ERR_KEYUSAGE_NO_CRL_SIGN, - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION, - X509_V_ERR_INVALID_NON_CA, - X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, - X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE, - X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED, - X509_V_ERR_INVALID_EXTENSION, - X509_V_ERR_INVALID_POLICY_EXTENSION, - X509_V_ERR_NO_EXPLICIT_POLICY, - X509_V_ERR_UNNESTED_RESOURCE, - X509_V_ERR_APPLICATION_VERIFICATION, - X509_V_ERR_CRL_PATH_VALIDATION_ERROR, - X509_V_ERR_DIFFERENT_CRL_SCOPE, - X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, - X509_V_ERR_PERMITTED_VIOLATION, - X509_V_ERR_EXCLUDED_VIOLATION, - X509_V_ERR_SUBTREE_MINMAX, - X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, - X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, - X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, + /* Not all of these are actually used in wolfSSL. Some are included to + * satisfy OpenSSL compatibility consumers to prevent compilation errors. */ + X509_V_OK = 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2, + X509_V_ERR_UNABLE_TO_GET_CRL = 3, + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = 4, + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = 5, + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY = 6, + X509_V_ERR_CERT_SIGNATURE_FAILURE = 7, + X509_V_ERR_CRL_SIGNATURE_FAILURE = 8, + X509_V_ERR_CERT_NOT_YET_VALID = 9, + X509_V_ERR_CERT_HAS_EXPIRED = 10, + X509_V_ERR_CRL_NOT_YET_VALID = 11, + X509_V_ERR_CRL_HAS_EXPIRED = 12, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14, + X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD = 15, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 16, + X509_V_ERR_OUT_OF_MEM = 17, + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18, + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 19, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 22, + X509_V_ERR_CERT_REVOKED = 23, + X509_V_ERR_INVALID_CA = 24, + X509_V_ERR_PATH_LENGTH_EXCEEDED = 25, + X509_V_ERR_INVALID_PURPOSE = 26, + X509_V_ERR_CERT_UNTRUSTED = 27, + X509_V_ERR_CERT_REJECTED = 28, + X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, + X509_V_ERR_AKID_SKID_MISMATCH = 30, + X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH = 31, + X509_V_ERR_KEYUSAGE_NO_CERTSIGN = 32, + X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER = 33, + X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION = 34, + X509_V_ERR_KEYUSAGE_NO_CRL_SIGN = 35, + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION = 36, + X509_V_ERR_INVALID_NON_CA = 37, + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED = 38, + X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = 39, + X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED = 40, + X509_V_ERR_INVALID_EXTENSION = 41, + X509_V_ERR_INVALID_POLICY_EXTENSION = 42, + X509_V_ERR_NO_EXPLICIT_POLICY = 43, + X509_V_ERR_DIFFERENT_CRL_SCOPE = 44, + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = 45, + X509_V_ERR_UNNESTED_RESOURCE = 46, + X509_V_ERR_PERMITTED_VIOLATION = 47, + X509_V_ERR_EXCLUDED_VIOLATION = 48, + X509_V_ERR_SUBTREE_MINMAX = 49, + X509_V_ERR_APPLICATION_VERIFICATION = 50, + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = 51, + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = 52, + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 53, + X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 54, - X509_R_CERT_ALREADY_IN_HASH_TABLE, + X509_R_CERT_ALREADY_IN_HASH_TABLE = 101, CRYPTO_LOCK = 1, CRYPTO_NUM_LOCKS = 10,