Skip to content

Commit 9bec6da

Browse files
dgarskedgarske
authored
Merge pull request wolfSSL#8213 from JacobBarthelmeh/compat
adjustments to x509.h macro list
2 parents fbaabbe + 2b11bd4 commit 9bec6da

1 file changed

Lines changed: 99 additions & 116 deletions

File tree

wolfssl/openssl/x509.h

Lines changed: 99 additions & 116 deletions
Original file line numberDiff line numberDiff line change
@@ -109,126 +109,109 @@
109109
#define XN_FLAG_MULTILINE WOLFSSL_XN_FLAG_MULTILINE
110110
#define XN_FLAG_ONELINE WOLFSSL_XN_FLAG_ONELINE
111111

112+
#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
113+
#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
114+
112115
/*
113-
* All of these aren't actually used in wolfSSL. Some are included to
114-
* satisfy OpenSSL compatibility consumers to prevent compilation errors.
115-
* The list was taken from
116-
* https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in
117-
* One requirement for HAProxy is that the values should be literal constants.
116+
* Not all of these X509_V_ERR values are used in wolfSSL. Some are included to
117+
* satisfy OpenSSL compatibility compilation errors.
118+
* For HAProxy the values should be literal constants.
118119
*/
119120

120-
#define X509_V_OK 0
121-
#define X509_V_ERR_UNSPECIFIED 1
122-
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
123-
#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL
124-
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
125-
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
126-
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
127-
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
128-
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
129-
#define X509_V_ERR_CERT_NOT_YET_VALID 9
130-
#define X509_V_ERR_CERT_HAS_EXPIRED 10
131-
#define X509_V_ERR_CRL_NOT_YET_VALID 11
132-
#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED
133-
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
134-
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
135-
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
136-
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
137-
#define X509_V_ERR_OUT_OF_MEM 17
138-
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
139-
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
140-
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
141-
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
142-
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
143-
#define X509_V_ERR_CERT_REVOKED 23
144-
#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24
145-
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
146-
#define X509_V_ERR_INVALID_PURPOSE 26
147-
#define X509_V_ERR_CERT_UNTRUSTED 27
148-
#define X509_V_ERR_CERT_REJECTED 28
149-
150-
/* These are 'informational' when looking for issuer cert */
151-
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
152-
#define X509_V_ERR_AKID_SKID_MISMATCH 30
153-
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
154-
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
155-
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
156-
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
157-
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
158-
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
159-
#define X509_V_ERR_INVALID_NON_CA 37
160-
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
161-
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
162-
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
163-
#define X509_V_ERR_INVALID_EXTENSION 41
164-
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
165-
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
166-
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
167-
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
168-
#define X509_V_ERR_UNNESTED_RESOURCE 46
169-
#define X509_V_ERR_PERMITTED_VIOLATION 47
170-
#define X509_V_ERR_EXCLUDED_VIOLATION 48
171-
#define X509_V_ERR_SUBTREE_MINMAX 49
172-
/* The application is not happy */
173-
#define X509_V_ERR_APPLICATION_VERIFICATION 50
174-
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
175-
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
176-
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
177-
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
178-
/* Another issuer check debug option */
179-
#define X509_V_ERR_PATH_LOOP 55
180-
/* Suite B mode algorithm violation */
181-
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
182-
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
183-
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
184-
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
185-
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
121+
#define X509_V_OK 0
122+
#define X509_V_ERR_UNSPECIFIED 1
123+
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
124+
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
125+
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
126+
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
127+
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
128+
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
129+
#define X509_V_ERR_CERT_NOT_YET_VALID 9
130+
#define X509_V_ERR_CERT_HAS_EXPIRED 10
131+
#define X509_V_ERR_CRL_NOT_YET_VALID 11
132+
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
133+
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
134+
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
135+
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
136+
#define X509_V_ERR_OUT_OF_MEM 17
137+
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
138+
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
139+
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
140+
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
141+
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
142+
#define X509_V_ERR_CERT_REVOKED 23
143+
#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24
144+
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
145+
#define X509_V_ERR_INVALID_PURPOSE 26
146+
#define X509_V_ERR_CERT_UNTRUSTED 27
147+
#define X509_V_ERR_CERT_REJECTED 28
148+
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
149+
#define X509_V_ERR_AKID_SKID_MISMATCH 30
150+
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
151+
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
152+
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
153+
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
154+
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
155+
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
156+
#define X509_V_ERR_INVALID_NON_CA 37
157+
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
158+
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
159+
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
160+
#define X509_V_ERR_INVALID_EXTENSION 41
161+
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
162+
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
163+
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
164+
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
165+
#define X509_V_ERR_UNNESTED_RESOURCE 46
166+
#define X509_V_ERR_PERMITTED_VIOLATION 47
167+
#define X509_V_ERR_EXCLUDED_VIOLATION 48
168+
#define X509_V_ERR_SUBTREE_MINMAX 49
169+
#define X509_V_ERR_APPLICATION_VERIFICATION 50
170+
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
171+
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
172+
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
173+
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
174+
#define X509_V_ERR_PATH_LOOP 55
175+
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
176+
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
177+
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
178+
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
179+
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
186180
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
187-
/* Host, email and IP check errors */
188-
#define X509_V_ERR_HOSTNAME_MISMATCH 62
189-
#define X509_V_ERR_EMAIL_MISMATCH 63
190-
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
191-
/* DANE TLSA errors */
192-
#define X509_V_ERR_DANE_NO_MATCH 65
193-
/* security level errors */
194-
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
195-
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
196-
#define X509_V_ERR_CA_MD_TOO_WEAK 68
197-
/* Caller error */
198-
#define X509_V_ERR_INVALID_CALL 69
199-
/* Issuer lookup error */
200-
#define X509_V_ERR_STORE_LOOKUP 70
201-
/* Certificate transparency */
202-
#define X509_V_ERR_NO_VALID_SCTS 71
203-
204-
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
205-
/* OCSP status errors */
206-
#define X509_V_ERR_OCSP_VERIFY_NEEDED 73
207-
#define X509_V_ERR_OCSP_VERIFY_FAILED 74
208-
#define X509_V_ERR_OCSP_CERT_UNKNOWN 75
209-
210-
#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76
211-
#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77
212-
213-
/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
214-
#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78
215-
#define X509_V_ERR_INVALID_CA 79
216-
#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80
217-
#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81
218-
#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82
219-
#define X509_V_ERR_ISSUER_NAME_EMPTY 83
220-
#define X509_V_ERR_SUBJECT_NAME_EMPTY 84
221-
#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85
222-
#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86
223-
#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87
224-
#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88
225-
#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89
226-
#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90
227-
#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91
228-
#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92
229-
#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93
230-
#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94
231-
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
181+
#define X509_V_ERR_HOSTNAME_MISMATCH 62
182+
#define X509_V_ERR_EMAIL_MISMATCH 63
183+
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
184+
#define X509_V_ERR_DANE_NO_MATCH 65
185+
#define X509_V_ERR_EE_KEY_TOO_SMALL 66
186+
#define X509_V_ERR_CA_KEY_TOO_SMALL 67
187+
#define X509_V_ERR_CA_MD_TOO_WEAK 68
188+
#define X509_V_ERR_INVALID_CALL 69
189+
#define X509_V_ERR_STORE_LOOKUP 70
190+
#define X509_V_ERR_NO_VALID_SCTS 71
191+
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
192+
#define X509_V_ERR_OCSP_VERIFY_NEEDED 73
193+
#define X509_V_ERR_OCSP_VERIFY_FAILED 74
194+
#define X509_V_ERR_OCSP_CERT_UNKNOWN 75
195+
#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76
196+
#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77
197+
#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78
198+
#define X509_V_ERR_INVALID_CA 79
199+
#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80
200+
#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81
201+
#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82
202+
#define X509_V_ERR_ISSUER_NAME_EMPTY 83
203+
#define X509_V_ERR_SUBJECT_NAME_EMPTY 84
204+
#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85
205+
#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86
206+
#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87
207+
#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88
208+
#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89
209+
#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90
210+
#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91
211+
#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92
212+
#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93
213+
#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94
214+
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
232215

233216
#define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
234217
#define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object

0 commit comments

Comments
 (0)