/security/nss/lib/ssl/SSLerrs.h
C Header | 419 lines | 240 code | 123 blank | 56 comment | 0 complexity | 90014a3608d2baaa6178b284d35d5af3 MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is 17 * Netscape Communications Corporation. 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000 19 * the Initial Developer. All Rights Reserved. 20 * 21 * Contributor(s): 22 * 23 * Alternatively, the contents of this file may be used under the terms of 24 * either the GNU General Public License Version 2 or later (the "GPL"), or 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 26 * in which case the provisions of the GPL or the LGPL are applicable instead 27 * of those above. If you wish to allow use of your version of this file only 28 * under the terms of either the GPL or the LGPL, and not to allow others to 29 * use your version of this file under the terms of the MPL, indicate your 30 * decision by deleting the provisions above and replace them with the notice 31 * and other provisions required by the GPL or the LGPL. If you do not delete 32 * the provisions above, a recipient may use your version of this file under 33 * the terms of any one of the MPL, the GPL or the LGPL. 34 * 35 * ***** END LICENSE BLOCK ***** */ 36 37/* SSL-specific security error codes */ 38/* caller must include "sslerr.h" */ 39 40ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, 41"Unable to communicate securely. Peer does not support high-grade encryption.") 42 43ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, 44"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") 45 46ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, 47"Cannot communicate securely with peer: no common encryption algorithm(s).") 48 49ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, 50"Unable to find the certificate or key necessary for authentication.") 51 52ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, 53"Unable to communicate securely with peer: peers's certificate was rejected.") 54 55ER3(SSL_ERROR_UNUSED_5, SSL_ERROR_BASE + 5, 56"Unrecognized SSL error code.") 57 58ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, 59"The server has encountered bad data from the client.") 60 61ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, 62"The client has encountered bad data from the server.") 63 64ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, 65"Unsupported certificate type.") 66 67ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, 68"Peer using unsupported version of security protocol.") 69 70ER3(SSL_ERROR_UNUSED_10, SSL_ERROR_BASE + 10, 71"Unrecognized SSL error code.") 72 73ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, 74"Client authentication failed: private key in key database does not match public key in certificate database.") 75 76ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, 77"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") 78 79ER3(SSL_ERROR_POST_WARNING, SSL_ERROR_BASE + 13, 80"Unrecognized SSL error code.") 81 82ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), 83"Peer only supports SSL version 2, which is locally disabled.") 84 85 86ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), 87"SSL received a record with an incorrect Message Authentication Code.") 88 89ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), 90"SSL peer reports incorrect Message Authentication Code.") 91 92ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), 93"SSL peer cannot verify your certificate.") 94 95ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), 96"SSL peer rejected your certificate as revoked.") 97 98ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), 99"SSL peer rejected your certificate as expired.") 100 101ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), 102"Cannot connect: SSL is disabled.") 103 104ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), 105"Cannot connect: SSL peer is in another FORTEZZA domain.") 106 107ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), 108"An unknown SSL cipher suite has been requested.") 109 110ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), 111"No cipher suites are present and enabled in this program.") 112 113ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), 114"SSL received a record with bad block padding.") 115 116ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), 117"SSL received a record that exceeded the maximum permissible length.") 118 119ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), 120"SSL attempted to send a record that exceeded the maximum permissible length.") 121 122/* 123 * Received a malformed (too long or short or invalid content) SSL handshake. 124 */ 125ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), 126"SSL received a malformed Hello Request handshake message.") 127 128ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), 129"SSL received a malformed Client Hello handshake message.") 130 131ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), 132"SSL received a malformed Server Hello handshake message.") 133 134ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), 135"SSL received a malformed Certificate handshake message.") 136 137ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), 138"SSL received a malformed Server Key Exchange handshake message.") 139 140ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), 141"SSL received a malformed Certificate Request handshake message.") 142 143ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), 144"SSL received a malformed Server Hello Done handshake message.") 145 146ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), 147"SSL received a malformed Certificate Verify handshake message.") 148 149ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), 150"SSL received a malformed Client Key Exchange handshake message.") 151 152ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), 153"SSL received a malformed Finished handshake message.") 154 155/* 156 * Received a malformed (too long or short) SSL record. 157 */ 158ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), 159"SSL received a malformed Change Cipher Spec record.") 160 161ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), 162"SSL received a malformed Alert record.") 163 164ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), 165"SSL received a malformed Handshake record.") 166 167ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), 168"SSL received a malformed Application Data record.") 169 170/* 171 * Received an SSL handshake that was inappropriate for the state we're in. 172 * E.g. Server received message from server, or wrong state in state machine. 173 */ 174ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), 175"SSL received an unexpected Hello Request handshake message.") 176 177ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), 178"SSL received an unexpected Client Hello handshake message.") 179 180ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), 181"SSL received an unexpected Server Hello handshake message.") 182 183ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), 184"SSL received an unexpected Certificate handshake message.") 185 186ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), 187"SSL received an unexpected Server Key Exchange handshake message.") 188 189ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), 190"SSL received an unexpected Certificate Request handshake message.") 191 192ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), 193"SSL received an unexpected Server Hello Done handshake message.") 194 195ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), 196"SSL received an unexpected Certificate Verify handshake message.") 197 198ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), 199"SSL received an unexpected Client Key Exchange handshake message.") 200 201ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), 202"SSL received an unexpected Finished handshake message.") 203 204/* 205 * Received an SSL record that was inappropriate for the state we're in. 206 */ 207ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), 208"SSL received an unexpected Change Cipher Spec record.") 209 210ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), 211"SSL received an unexpected Alert record.") 212 213ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), 214"SSL received an unexpected Handshake record.") 215 216ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), 217"SSL received an unexpected Application Data record.") 218 219/* 220 * Received record/message with unknown discriminant. 221 */ 222ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), 223"SSL received a record with an unknown content type.") 224 225ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), 226"SSL received a handshake message with an unknown message type.") 227 228ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), 229"SSL received an alert record with an unknown alert description.") 230 231/* 232 * Received an alert reporting what we did wrong. (more alerts above) 233 */ 234ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), 235"SSL peer has closed this connection.") 236 237ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), 238"SSL peer was not expecting a handshake message it received.") 239 240ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), 241"SSL peer was unable to successfully decompress an SSL record it received.") 242 243ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), 244"SSL peer was unable to negotiate an acceptable set of security parameters.") 245 246ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), 247"SSL peer rejected a handshake message for unacceptable content.") 248 249ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), 250"SSL peer does not support certificates of the type it received.") 251 252ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), 253"SSL peer had some unspecified issue with the certificate it received.") 254 255 256ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), 257"SSL experienced a failure of its random number generator.") 258 259ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), 260"Unable to digitally sign data required to verify your certificate.") 261 262ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), 263"SSL was unable to extract the public key from the peer's certificate.") 264 265ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), 266"Unspecified failure while processing SSL Server Key Exchange handshake.") 267 268ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), 269"Unspecified failure while processing SSL Client Key Exchange handshake.") 270 271ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), 272"Bulk data encryption algorithm failed in selected cipher suite.") 273 274ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), 275"Bulk data decryption algorithm failed in selected cipher suite.") 276 277ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), 278"Attempt to write encrypted data to underlying socket failed.") 279 280ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), 281"MD5 digest function failed.") 282 283ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), 284"SHA-1 digest function failed.") 285 286ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), 287"MAC computation failed.") 288 289ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), 290"Failure to create Symmetric Key context.") 291 292ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), 293"Failure to unwrap the Symmetric key in Client Key Exchange message.") 294 295ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), 296"SSL Server attempted to use domestic-grade public key with export cipher suite.") 297 298ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), 299"PKCS11 code failed to translate an IV into a param.") 300 301ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), 302"Failed to initialize the selected cipher suite.") 303 304ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), 305"Client failed to generate session keys for SSL session.") 306 307ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), 308"Server has no key for the attempted key exchange algorithm.") 309 310ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), 311"PKCS#11 token was inserted or removed while operation was in progress.") 312 313ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), 314"No PKCS#11 token could be found to do a required operation.") 315 316ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), 317"Cannot communicate securely with peer: no common compression algorithm(s).") 318 319ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), 320"Cannot initiate another SSL handshake until current handshake is complete.") 321 322ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), 323"Received incorrect handshakes hash values from peer.") 324 325ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), 326"The certificate provided cannot be used with the selected key exchange algorithm.") 327 328ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), 329"No certificate authority is trusted for SSL client authentication.") 330 331ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), 332"Client's SSL session ID not found in server's session cache.") 333 334ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), 335"Peer was unable to decrypt an SSL record it received.") 336 337ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), 338"Peer received an SSL record that was longer than is permitted.") 339 340ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), 341"Peer does not recognize and trust the CA that issued your certificate.") 342 343ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), 344"Peer received a valid certificate, but access was denied.") 345 346ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), 347"Peer could not decode an SSL handshake message.") 348 349ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), 350"Peer reports failure of signature verification or key exchange.") 351 352ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), 353"Peer reports negotiation not in compliance with export regulations.") 354 355ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), 356"Peer reports incompatible or unsupported protocol version.") 357 358ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), 359"Server requires ciphers more secure than those supported by client.") 360 361ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), 362"Peer reports it experienced an internal error.") 363 364ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), 365"Peer user canceled handshake.") 366 367ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), 368"Peer does not permit renegotiation of SSL security parameters.") 369 370ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103), 371"SSL server cache not configured and not disabled for this socket.") 372 373ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT , (SSL_ERROR_BASE + 104), 374"SSL peer does not support requested TLS hello extension.") 375 376ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105), 377"SSL peer could not obtain your certificate from the supplied URL.") 378 379ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT , (SSL_ERROR_BASE + 106), 380"SSL peer has no certificate for the requested DNS name.") 381 382ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107), 383"SSL peer was unable to get an OCSP response for its certificate.") 384 385ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT , (SSL_ERROR_BASE + 108), 386"SSL peer reported bad certificate hash value.") 387 388ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109), 389"SSL received an unexpected New Session Ticket handshake message.") 390 391ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110), 392"SSL received a malformed New Session Ticket handshake message.") 393 394ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111), 395"SSL received a compressed record that could not be decompressed.") 396 397ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112), 398"Renegotiation is not allowed on this SSL socket.") 399 400ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113), 401"Peer attempted old style (potentially vulnerable) handshake.") 402 403ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114), 404"SSL received an unexpected uncompressed record.") 405 406ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY, (SSL_ERROR_BASE + 115), 407"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.") 408 409ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID, (SSL_ERROR_BASE + 116), 410"SSL received invalid NPN extension data.") 411 412ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2, (SSL_ERROR_BASE + 117), 413"SSL feature not supported for SSL 2.0 connections.") 414 415ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118), 416"SSL feature not supported for servers.") 417 418ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119), 419"SSL feature not supported for clients.")