2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
42 "Caller-provided parameter is incorrect."
46 "Operation requested by the caller cannot be applied with"
47 " the current context state (e.g. reading data while"
48 " outgoing data is waiting to be sent)."
50 BR_ERR_UNSUPPORTED_VERSION
,
51 "BR_ERR_UNSUPPORTED_VERSION",
52 "Incoming protocol or record version is unsupported."
56 "Incoming record version does not match the expected version."
60 "Incoming record length is invalid."
64 "Incoming record is too large to be processed, or buffer"
65 " is too small for the handshake message to send."
69 "Decryption found an invalid padding, or the record MAC is"
74 "No initial entropy was provided, and none can be obtained"
78 "BR_ERR_UNKNOWN_TYPE",
79 "Incoming record type is unknown."
83 "Incoming record or message has wrong type with regards to"
84 " the current engine state."
88 "ChangeCipherSpec message from the peer has invalid contents."
92 "Alert message from the peer has invalid contents"
96 "BR_ERR_BAD_HANDSHAKE",
97 "Incoming handshake message decoding failed."
100 "BR_ERR_OVERSIZED_ID",
101 "ServerHello contains a session ID which is larger than"
104 BR_ERR_BAD_CIPHER_SUITE
,
105 "BR_ERR_BAD_CIPHER_SUITE",
106 "Server wants to use a cipher suite that we did not claim"
107 " to support. This is also reported if we tried to advertise"
108 " a cipher suite that we do not support."
110 BR_ERR_BAD_COMPRESSION
,
111 "BR_ERR_BAD_COMPRESSION",
112 "Server wants to use a compression that we did not claim"
116 "BR_ERR_BAD_FRAGLEN",
117 "Server's max fragment length does not match client's."
120 "BR_ERR_BAD_SECRENEG",
121 "Secure renegotiation failed."
123 BR_ERR_EXTRA_EXTENSION
,
124 "BR_ERR_EXTRA_EXTENSION",
125 "Server sent an extension type that we did not announce,"
126 " or used the same extension type several times in a"
127 " single ServerHello."
131 "Invalid Server Name Indication contents (when used by"
132 " the server, this extension shall be empty)."
134 BR_ERR_BAD_HELLO_DONE
,
135 "BR_ERR_BAD_HELLO_DONE",
136 "Invalid ServerHelloDone from the server (length is not 0)."
138 BR_ERR_LIMIT_EXCEEDED
,
139 "BR_ERR_LIMIT_EXCEEDED",
140 "Internal limit exceeded (e.g. server's public key is too"
144 "BR_ERR_BAD_FINISHED",
145 "Finished message from peer does not match the expected"
148 BR_ERR_RESUME_MISMATCH
,
149 "BR_ERR_RESUME_MISMATCH",
150 "Session resumption attempt with distinct version or cipher"
153 BR_ERR_INVALID_ALGORITHM
,
154 "BR_ERR_INVALID_ALGORITHM",
155 "Unsupported or invalid algorithm (ECDHE curve, signature"
156 " algorithm, hash function)."
158 BR_ERR_BAD_SIGNATURE
,
159 "BR_ERR_BAD_SIGNATURE",
160 "Invalid signature on ServerKeyExchange message."
164 "I/O error or premature close on transport stream."
166 BR_ERR_X509_INVALID_VALUE
,
167 "BR_ERR_X509_INVALID_VALUE",
168 "Invalid value in an ASN.1 structure."
171 BR_ERR_X509_TRUNCATED
,
172 "BR_ERR_X509_TRUNCATED",
173 "Truncated certificate or other ASN.1 object."
176 BR_ERR_X509_EMPTY_CHAIN
,
177 "BR_ERR_X509_EMPTY_CHAIN",
178 "Empty certificate chain (no certificate at all)."
181 BR_ERR_X509_INNER_TRUNC
,
182 "BR_ERR_X509_INNER_TRUNC",
183 "Decoding error: inner element extends beyond outer element"
187 BR_ERR_X509_BAD_TAG_CLASS
,
188 "BR_ERR_X509_BAD_TAG_CLASS",
189 "Decoding error: unsupported tag class (application or"
193 BR_ERR_X509_BAD_TAG_VALUE
,
194 "BR_ERR_X509_BAD_TAG_VALUE",
195 "Decoding error: unsupported tag value."
198 BR_ERR_X509_INDEFINITE_LENGTH
,
199 "BR_ERR_X509_INDEFINITE_LENGTH",
200 "Decoding error: indefinite length."
203 BR_ERR_X509_EXTRA_ELEMENT
,
204 "BR_ERR_X509_EXTRA_ELEMENT",
205 "Decoding error: extraneous element."
208 BR_ERR_X509_UNEXPECTED
,
209 "BR_ERR_X509_UNEXPECTED",
210 "Decoding error: unexpected element."
213 BR_ERR_X509_NOT_CONSTRUCTED
,
214 "BR_ERR_X509_NOT_CONSTRUCTED",
215 "Decoding error: expected constructed element, but is"
219 BR_ERR_X509_NOT_PRIMITIVE
,
220 "BR_ERR_X509_NOT_PRIMITIVE",
221 "Decoding error: expected primitive element, but is"
225 BR_ERR_X509_PARTIAL_BYTE
,
226 "BR_ERR_X509_PARTIAL_BYTE",
227 "Decoding error: BIT STRING length is not multiple of 8."
230 BR_ERR_X509_BAD_BOOLEAN
,
231 "BR_ERR_X509_BAD_BOOLEAN",
232 "Decoding error: BOOLEAN value has invalid length."
235 BR_ERR_X509_OVERFLOW
,
236 "BR_ERR_X509_OVERFLOW",
237 "Decoding error: value is off-limits."
241 "BR_ERR_X509_BAD_DN",
242 "Invalid distinguished name."
245 BR_ERR_X509_BAD_TIME
,
246 "BR_ERR_X509_BAD_TIME",
247 "Invalid date/time representation."
250 BR_ERR_X509_UNSUPPORTED
,
251 "BR_ERR_X509_UNSUPPORTED",
252 "Certificate contains unsupported features that cannot be"
256 BR_ERR_X509_LIMIT_EXCEEDED
,
257 "BR_ERR_X509_LIMIT_EXCEEDED",
258 "Key or signature size exceeds internal limits."
261 BR_ERR_X509_WRONG_KEY_TYPE
,
262 "BR_ERR_X509_WRONG_KEY_TYPE",
263 "Key type does not match that which was expected."
266 BR_ERR_X509_BAD_SIGNATURE
,
267 "BR_ERR_X509_BAD_SIGNATURE",
268 "Signature is invalid."
271 BR_ERR_X509_TIME_UNKNOWN
,
272 "BR_ERR_X509_TIME_UNKNOWN",
273 "Validation time is unknown."
277 "BR_ERR_X509_EXPIRED",
278 "Certificate is expired or not yet valid."
281 BR_ERR_X509_DN_MISMATCH
,
282 "BR_ERR_X509_DN_MISMATCH",
283 "Issuer/Subject DN mismatch in the chain."
286 BR_ERR_X509_BAD_SERVER_NAME
,
287 "BR_ERR_X509_BAD_SERVER_NAME",
288 "Expected server name was not found in the chain."
291 BR_ERR_X509_CRITICAL_EXTENSION
,
292 "BR_ERR_X509_CRITICAL_EXTENSION",
293 "Unknown critical extension in certificate."
297 "BR_ERR_X509_NOT_CA",
298 "Not a CA, or path length constraint violation."
301 BR_ERR_X509_FORBIDDEN_KEY_USAGE
,
302 "BR_ERR_X509_FORBIDDEN_KEY_USAGE",
303 "Key Usage extension prohibits intended usage."
306 BR_ERR_X509_WEAK_PUBLIC_KEY
,
307 "BR_ERR_X509_WEAK_PUBLIC_KEY",
308 "Public key found in certificate is too small."
311 BR_ERR_X509_NOT_TRUSTED
,
312 "BR_ERR_X509_NOT_TRUSTED",
313 "Chain could not be linked to a trust anchor."
320 find_error_name(int err
, const char **comment
)
324 for (u
= 0; errors
[u
].name
; u
++) {
325 if (errors
[u
].err
== err
) {
326 if (comment
!= NULL
) {
327 *comment
= errors
[u
].comment
;
329 return errors
[u
].name
;