xref: /freebsd/contrib/bearssl/tools/errors.c (revision 2aaf9152a852aba9eb2036b95f4948ee77988826) 
1*0957b409SSimon J. Gerraty /*
2*0957b409SSimon J. Gerraty  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3*0957b409SSimon J. Gerraty  *
4*0957b409SSimon J. Gerraty  * Permission is hereby granted, free of charge, to any person obtaining
5*0957b409SSimon J. Gerraty  * a copy of this software and associated documentation files (the
6*0957b409SSimon J. Gerraty  * "Software"), to deal in the Software without restriction, including
7*0957b409SSimon J. Gerraty  * without limitation the rights to use, copy, modify, merge, publish,
8*0957b409SSimon J. Gerraty  * distribute, sublicense, and/or sell copies of the Software, and to
9*0957b409SSimon J. Gerraty  * permit persons to whom the Software is furnished to do so, subject to
10*0957b409SSimon J. Gerraty  * the following conditions:
11*0957b409SSimon J. Gerraty  *
12*0957b409SSimon J. Gerraty  * The above copyright notice and this permission notice shall be
13*0957b409SSimon J. Gerraty  * included in all copies or substantial portions of the Software.
14*0957b409SSimon J. Gerraty  *
15*0957b409SSimon J. Gerraty  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16*0957b409SSimon J. Gerraty  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17*0957b409SSimon J. Gerraty  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18*0957b409SSimon J. Gerraty  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19*0957b409SSimon J. Gerraty  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20*0957b409SSimon J. Gerraty  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21*0957b409SSimon J. Gerraty  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22*0957b409SSimon J. Gerraty  * SOFTWARE.
23*0957b409SSimon J. Gerraty  */
24*0957b409SSimon J. Gerraty 
25*0957b409SSimon J. Gerraty #include <stdio.h>
26*0957b409SSimon J. Gerraty #include <stdlib.h>
27*0957b409SSimon J. Gerraty #include <string.h>
28*0957b409SSimon J. Gerraty #include <stdint.h>
29*0957b409SSimon J. Gerraty #include <errno.h>
30*0957b409SSimon J. Gerraty 
31*0957b409SSimon J. Gerraty #include "brssl.h"
32*0957b409SSimon J. Gerraty #include "bearssl.h"
33*0957b409SSimon J. Gerraty 
34*0957b409SSimon J. Gerraty static struct {
35*0957b409SSimon J. Gerraty 	int err;
36*0957b409SSimon J. Gerraty 	const char *name;
37*0957b409SSimon J. Gerraty 	const char *comment;
38*0957b409SSimon J. Gerraty } errors[] = {
39*0957b409SSimon J. Gerraty 	{
40*0957b409SSimon J. Gerraty 		BR_ERR_BAD_PARAM,
41*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_PARAM",
42*0957b409SSimon J. Gerraty 		"Caller-provided parameter is incorrect."
43*0957b409SSimon J. Gerraty 	}, {
44*0957b409SSimon J. Gerraty 		BR_ERR_BAD_STATE,
45*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_STATE",
46*0957b409SSimon J. Gerraty 		"Operation requested by the caller cannot be applied with"
47*0957b409SSimon J. Gerraty 		" the current context state (e.g. reading data while"
48*0957b409SSimon J. Gerraty 		" outgoing data is waiting to be sent)."
49*0957b409SSimon J. Gerraty 	}, {
50*0957b409SSimon J. Gerraty 		BR_ERR_UNSUPPORTED_VERSION,
51*0957b409SSimon J. Gerraty 		"BR_ERR_UNSUPPORTED_VERSION",
52*0957b409SSimon J. Gerraty 		"Incoming protocol or record version is unsupported."
53*0957b409SSimon J. Gerraty 	}, {
54*0957b409SSimon J. Gerraty 		BR_ERR_BAD_VERSION,
55*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_VERSION",
56*0957b409SSimon J. Gerraty 		"Incoming record version does not match the expected version."
57*0957b409SSimon J. Gerraty 	}, {
58*0957b409SSimon J. Gerraty 		BR_ERR_BAD_LENGTH,
59*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_LENGTH",
60*0957b409SSimon J. Gerraty 		"Incoming record length is invalid."
61*0957b409SSimon J. Gerraty 	}, {
62*0957b409SSimon J. Gerraty 		BR_ERR_TOO_LARGE,
63*0957b409SSimon J. Gerraty 		"BR_ERR_TOO_LARGE",
64*0957b409SSimon J. Gerraty 		"Incoming record is too large to be processed, or buffer"
65*0957b409SSimon J. Gerraty 		" is too small for the handshake message to send."
66*0957b409SSimon J. Gerraty 	}, {
67*0957b409SSimon J. Gerraty 		BR_ERR_BAD_MAC,
68*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_MAC",
69*0957b409SSimon J. Gerraty 		"Decryption found an invalid padding, or the record MAC is"
70*0957b409SSimon J. Gerraty 		" not correct."
71*0957b409SSimon J. Gerraty 	}, {
72*0957b409SSimon J. Gerraty 		BR_ERR_NO_RANDOM,
73*0957b409SSimon J. Gerraty 		"BR_ERR_NO_RANDOM",
74*0957b409SSimon J. Gerraty 		"No initial entropy was provided, and none can be obtained"
75*0957b409SSimon J. Gerraty 		" from the OS."
76*0957b409SSimon J. Gerraty 	}, {
77*0957b409SSimon J. Gerraty 		BR_ERR_UNKNOWN_TYPE,
78*0957b409SSimon J. Gerraty 		"BR_ERR_UNKNOWN_TYPE",
79*0957b409SSimon J. Gerraty 		"Incoming record type is unknown."
80*0957b409SSimon J. Gerraty 	}, {
81*0957b409SSimon J. Gerraty 		BR_ERR_UNEXPECTED,
82*0957b409SSimon J. Gerraty 		"BR_ERR_UNEXPECTED",
83*0957b409SSimon J. Gerraty 		"Incoming record or message has wrong type with regards to"
84*0957b409SSimon J. Gerraty 		" the current engine state."
85*0957b409SSimon J. Gerraty 	}, {
86*0957b409SSimon J. Gerraty 		BR_ERR_BAD_CCS,
87*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_CCS",
88*0957b409SSimon J. Gerraty 		"ChangeCipherSpec message from the peer has invalid contents."
89*0957b409SSimon J. Gerraty 	}, {
90*0957b409SSimon J. Gerraty 		BR_ERR_BAD_ALERT,
91*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_ALERT",
92*0957b409SSimon J. Gerraty 		"Alert message from the peer has invalid contents"
93*0957b409SSimon J. Gerraty 		" (odd length)."
94*0957b409SSimon J. Gerraty 	}, {
95*0957b409SSimon J. Gerraty 		BR_ERR_BAD_HANDSHAKE,
96*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_HANDSHAKE",
97*0957b409SSimon J. Gerraty 		"Incoming handshake message decoding failed."
98*0957b409SSimon J. Gerraty 	}, {
99*0957b409SSimon J. Gerraty 		BR_ERR_OVERSIZED_ID,
100*0957b409SSimon J. Gerraty 		"BR_ERR_OVERSIZED_ID",
101*0957b409SSimon J. Gerraty 		"ServerHello contains a session ID which is larger than"
102*0957b409SSimon J. Gerraty 		" 32 bytes."
103*0957b409SSimon J. Gerraty 	}, {
104*0957b409SSimon J. Gerraty 		BR_ERR_BAD_CIPHER_SUITE,
105*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_CIPHER_SUITE",
106*0957b409SSimon J. Gerraty 		"Server wants to use a cipher suite that we did not claim"
107*0957b409SSimon J. Gerraty 		" to support. This is also reported if we tried to advertise"
108*0957b409SSimon J. Gerraty 		" a cipher suite that we do not support."
109*0957b409SSimon J. Gerraty 	}, {
110*0957b409SSimon J. Gerraty 		BR_ERR_BAD_COMPRESSION,
111*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_COMPRESSION",
112*0957b409SSimon J. Gerraty 		"Server wants to use a compression that we did not claim"
113*0957b409SSimon J. Gerraty 		" to support."
114*0957b409SSimon J. Gerraty 	}, {
115*0957b409SSimon J. Gerraty 		BR_ERR_BAD_FRAGLEN,
116*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_FRAGLEN",
117*0957b409SSimon J. Gerraty 		"Server's max fragment length does not match client's."
118*0957b409SSimon J. Gerraty 	}, {
119*0957b409SSimon J. Gerraty 		BR_ERR_BAD_SECRENEG,
120*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_SECRENEG",
121*0957b409SSimon J. Gerraty 		"Secure renegotiation failed."
122*0957b409SSimon J. Gerraty 	}, {
123*0957b409SSimon J. Gerraty 		BR_ERR_EXTRA_EXTENSION,
124*0957b409SSimon J. Gerraty 		"BR_ERR_EXTRA_EXTENSION",
125*0957b409SSimon J. Gerraty 		"Server sent an extension type that we did not announce,"
126*0957b409SSimon J. Gerraty 		" or used the same extension type several times in a"
127*0957b409SSimon J. Gerraty 		" single ServerHello."
128*0957b409SSimon J. Gerraty 	}, {
129*0957b409SSimon J. Gerraty 		BR_ERR_BAD_SNI,
130*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_SNI",
131*0957b409SSimon J. Gerraty 		"Invalid Server Name Indication contents (when used by"
132*0957b409SSimon J. Gerraty 		" the server, this extension shall be empty)."
133*0957b409SSimon J. Gerraty 	}, {
134*0957b409SSimon J. Gerraty 		BR_ERR_BAD_HELLO_DONE,
135*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_HELLO_DONE",
136*0957b409SSimon J. Gerraty 		"Invalid ServerHelloDone from the server (length is not 0)."
137*0957b409SSimon J. Gerraty 	}, {
138*0957b409SSimon J. Gerraty 		BR_ERR_LIMIT_EXCEEDED,
139*0957b409SSimon J. Gerraty 		"BR_ERR_LIMIT_EXCEEDED",
140*0957b409SSimon J. Gerraty 		"Internal limit exceeded (e.g. server's public key is too"
141*0957b409SSimon J. Gerraty 		" large)."
142*0957b409SSimon J. Gerraty 	}, {
143*0957b409SSimon J. Gerraty 		BR_ERR_BAD_FINISHED,
144*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_FINISHED",
145*0957b409SSimon J. Gerraty 		"Finished message from peer does not match the expected"
146*0957b409SSimon J. Gerraty 		" value."
147*0957b409SSimon J. Gerraty 	}, {
148*0957b409SSimon J. Gerraty 		BR_ERR_RESUME_MISMATCH,
149*0957b409SSimon J. Gerraty 		"BR_ERR_RESUME_MISMATCH",
150*0957b409SSimon J. Gerraty 		"Session resumption attempt with distinct version or cipher"
151*0957b409SSimon J. Gerraty 		" suite."
152*0957b409SSimon J. Gerraty 	}, {
153*0957b409SSimon J. Gerraty 		BR_ERR_INVALID_ALGORITHM,
154*0957b409SSimon J. Gerraty 		"BR_ERR_INVALID_ALGORITHM",
155*0957b409SSimon J. Gerraty 		"Unsupported or invalid algorithm (ECDHE curve, signature"
156*0957b409SSimon J. Gerraty 		" algorithm, hash function)."
157*0957b409SSimon J. Gerraty 	}, {
158*0957b409SSimon J. Gerraty 		BR_ERR_BAD_SIGNATURE,
159*0957b409SSimon J. Gerraty 		"BR_ERR_BAD_SIGNATURE",
160*0957b409SSimon J. Gerraty 		"Invalid signature in ServerKeyExchange or"
161*0957b409SSimon J. Gerraty 		" CertificateVerify message."
162*0957b409SSimon J. Gerraty 	}, {
163*0957b409SSimon J. Gerraty 		BR_ERR_WRONG_KEY_USAGE,
164*0957b409SSimon J. Gerraty 		"BR_ERR_WRONG_KEY_USAGE",
165*0957b409SSimon J. Gerraty 		"Peer's public key does not have the proper type or is"
166*0957b409SSimon J. Gerraty 		" not allowed for the requested operation."
167*0957b409SSimon J. Gerraty 	}, {
168*0957b409SSimon J. Gerraty 		BR_ERR_NO_CLIENT_AUTH,
169*0957b409SSimon J. Gerraty 		"BR_ERR_NO_CLIENT_AUTH",
170*0957b409SSimon J. Gerraty 		"Client did not send a certificate upon request, or the"
171*0957b409SSimon J. Gerraty 		" client certificate could not be validated."
172*0957b409SSimon J. Gerraty 	}, {
173*0957b409SSimon J. Gerraty 		BR_ERR_IO,
174*0957b409SSimon J. Gerraty 		"BR_ERR_IO",
175*0957b409SSimon J. Gerraty 		"I/O error or premature close on transport stream."
176*0957b409SSimon J. Gerraty 	}, {
177*0957b409SSimon J. Gerraty 		BR_ERR_X509_INVALID_VALUE,
178*0957b409SSimon J. Gerraty 		"BR_ERR_X509_INVALID_VALUE",
179*0957b409SSimon J. Gerraty 		"Invalid value in an ASN.1 structure."
180*0957b409SSimon J. Gerraty 	},
181*0957b409SSimon J. Gerraty 	{
182*0957b409SSimon J. Gerraty 		BR_ERR_X509_TRUNCATED,
183*0957b409SSimon J. Gerraty 		"BR_ERR_X509_TRUNCATED",
184*0957b409SSimon J. Gerraty 		"Truncated certificate or other ASN.1 object."
185*0957b409SSimon J. Gerraty 	},
186*0957b409SSimon J. Gerraty 	{
187*0957b409SSimon J. Gerraty 		BR_ERR_X509_EMPTY_CHAIN,
188*0957b409SSimon J. Gerraty 		"BR_ERR_X509_EMPTY_CHAIN",
189*0957b409SSimon J. Gerraty 		"Empty certificate chain (no certificate at all)."
190*0957b409SSimon J. Gerraty 	},
191*0957b409SSimon J. Gerraty 	{
192*0957b409SSimon J. Gerraty 		BR_ERR_X509_INNER_TRUNC,
193*0957b409SSimon J. Gerraty 		"BR_ERR_X509_INNER_TRUNC",
194*0957b409SSimon J. Gerraty 		"Decoding error: inner element extends beyond outer element"
195*0957b409SSimon J. Gerraty 		" size."
196*0957b409SSimon J. Gerraty 	},
197*0957b409SSimon J. Gerraty 	{
198*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_TAG_CLASS,
199*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_TAG_CLASS",
200*0957b409SSimon J. Gerraty 		"Decoding error: unsupported tag class (application or"
201*0957b409SSimon J. Gerraty 		" private)."
202*0957b409SSimon J. Gerraty 	},
203*0957b409SSimon J. Gerraty 	{
204*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_TAG_VALUE,
205*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_TAG_VALUE",
206*0957b409SSimon J. Gerraty 		"Decoding error: unsupported tag value."
207*0957b409SSimon J. Gerraty 	},
208*0957b409SSimon J. Gerraty 	{
209*0957b409SSimon J. Gerraty 		BR_ERR_X509_INDEFINITE_LENGTH,
210*0957b409SSimon J. Gerraty 		"BR_ERR_X509_INDEFINITE_LENGTH",
211*0957b409SSimon J. Gerraty 		"Decoding error: indefinite length."
212*0957b409SSimon J. Gerraty 	},
213*0957b409SSimon J. Gerraty 	{
214*0957b409SSimon J. Gerraty 		BR_ERR_X509_EXTRA_ELEMENT,
215*0957b409SSimon J. Gerraty 		"BR_ERR_X509_EXTRA_ELEMENT",
216*0957b409SSimon J. Gerraty 		"Decoding error: extraneous element."
217*0957b409SSimon J. Gerraty 	},
218*0957b409SSimon J. Gerraty 	{
219*0957b409SSimon J. Gerraty 		BR_ERR_X509_UNEXPECTED,
220*0957b409SSimon J. Gerraty 		"BR_ERR_X509_UNEXPECTED",
221*0957b409SSimon J. Gerraty 		"Decoding error: unexpected element."
222*0957b409SSimon J. Gerraty 	},
223*0957b409SSimon J. Gerraty 	{
224*0957b409SSimon J. Gerraty 		BR_ERR_X509_NOT_CONSTRUCTED,
225*0957b409SSimon J. Gerraty 		"BR_ERR_X509_NOT_CONSTRUCTED",
226*0957b409SSimon J. Gerraty 		"Decoding error: expected constructed element, but is"
227*0957b409SSimon J. Gerraty 		" primitive."
228*0957b409SSimon J. Gerraty 	},
229*0957b409SSimon J. Gerraty 	{
230*0957b409SSimon J. Gerraty 		BR_ERR_X509_NOT_PRIMITIVE,
231*0957b409SSimon J. Gerraty 		"BR_ERR_X509_NOT_PRIMITIVE",
232*0957b409SSimon J. Gerraty 		"Decoding error: expected primitive element, but is"
233*0957b409SSimon J. Gerraty 		" constructed."
234*0957b409SSimon J. Gerraty 	},
235*0957b409SSimon J. Gerraty 	{
236*0957b409SSimon J. Gerraty 		BR_ERR_X509_PARTIAL_BYTE,
237*0957b409SSimon J. Gerraty 		"BR_ERR_X509_PARTIAL_BYTE",
238*0957b409SSimon J. Gerraty 		"Decoding error: BIT STRING length is not multiple of 8."
239*0957b409SSimon J. Gerraty 	},
240*0957b409SSimon J. Gerraty 	{
241*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_BOOLEAN,
242*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_BOOLEAN",
243*0957b409SSimon J. Gerraty 		"Decoding error: BOOLEAN value has invalid length."
244*0957b409SSimon J. Gerraty 	},
245*0957b409SSimon J. Gerraty 	{
246*0957b409SSimon J. Gerraty 		BR_ERR_X509_OVERFLOW,
247*0957b409SSimon J. Gerraty 		"BR_ERR_X509_OVERFLOW",
248*0957b409SSimon J. Gerraty 		"Decoding error: value is off-limits."
249*0957b409SSimon J. Gerraty 	},
250*0957b409SSimon J. Gerraty 	{
251*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_DN,
252*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_DN",
253*0957b409SSimon J. Gerraty 		"Invalid distinguished name."
254*0957b409SSimon J. Gerraty 	},
255*0957b409SSimon J. Gerraty 	{
256*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_TIME,
257*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_TIME",
258*0957b409SSimon J. Gerraty 		"Invalid date/time representation."
259*0957b409SSimon J. Gerraty 	},
260*0957b409SSimon J. Gerraty 	{
261*0957b409SSimon J. Gerraty 		BR_ERR_X509_UNSUPPORTED,
262*0957b409SSimon J. Gerraty 		"BR_ERR_X509_UNSUPPORTED",
263*0957b409SSimon J. Gerraty 		"Certificate contains unsupported features that cannot be"
264*0957b409SSimon J. Gerraty 		" ignored."
265*0957b409SSimon J. Gerraty 	},
266*0957b409SSimon J. Gerraty 	{
267*0957b409SSimon J. Gerraty 		BR_ERR_X509_LIMIT_EXCEEDED,
268*0957b409SSimon J. Gerraty 		"BR_ERR_X509_LIMIT_EXCEEDED",
269*0957b409SSimon J. Gerraty 		"Key or signature size exceeds internal limits."
270*0957b409SSimon J. Gerraty 	},
271*0957b409SSimon J. Gerraty 	{
272*0957b409SSimon J. Gerraty 		BR_ERR_X509_WRONG_KEY_TYPE,
273*0957b409SSimon J. Gerraty 		"BR_ERR_X509_WRONG_KEY_TYPE",
274*0957b409SSimon J. Gerraty 		"Key type does not match that which was expected."
275*0957b409SSimon J. Gerraty 	},
276*0957b409SSimon J. Gerraty 	{
277*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_SIGNATURE,
278*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_SIGNATURE",
279*0957b409SSimon J. Gerraty 		"Signature is invalid."
280*0957b409SSimon J. Gerraty 	},
281*0957b409SSimon J. Gerraty 	{
282*0957b409SSimon J. Gerraty 		BR_ERR_X509_TIME_UNKNOWN,
283*0957b409SSimon J. Gerraty 		"BR_ERR_X509_TIME_UNKNOWN",
284*0957b409SSimon J. Gerraty 		"Validation time is unknown."
285*0957b409SSimon J. Gerraty 	},
286*0957b409SSimon J. Gerraty 	{
287*0957b409SSimon J. Gerraty 		BR_ERR_X509_EXPIRED,
288*0957b409SSimon J. Gerraty 		"BR_ERR_X509_EXPIRED",
289*0957b409SSimon J. Gerraty 		"Certificate is expired or not yet valid."
290*0957b409SSimon J. Gerraty 	},
291*0957b409SSimon J. Gerraty 	{
292*0957b409SSimon J. Gerraty 		BR_ERR_X509_DN_MISMATCH,
293*0957b409SSimon J. Gerraty 		"BR_ERR_X509_DN_MISMATCH",
294*0957b409SSimon J. Gerraty 		"Issuer/Subject DN mismatch in the chain."
295*0957b409SSimon J. Gerraty 	},
296*0957b409SSimon J. Gerraty 	{
297*0957b409SSimon J. Gerraty 		BR_ERR_X509_BAD_SERVER_NAME,
298*0957b409SSimon J. Gerraty 		"BR_ERR_X509_BAD_SERVER_NAME",
299*0957b409SSimon J. Gerraty 		"Expected server name was not found in the chain."
300*0957b409SSimon J. Gerraty 	},
301*0957b409SSimon J. Gerraty 	{
302*0957b409SSimon J. Gerraty 		BR_ERR_X509_CRITICAL_EXTENSION,
303*0957b409SSimon J. Gerraty 		"BR_ERR_X509_CRITICAL_EXTENSION",
304*0957b409SSimon J. Gerraty 		"Unknown critical extension in certificate."
305*0957b409SSimon J. Gerraty 	},
306*0957b409SSimon J. Gerraty 	{
307*0957b409SSimon J. Gerraty 		BR_ERR_X509_NOT_CA,
308*0957b409SSimon J. Gerraty 		"BR_ERR_X509_NOT_CA",
309*0957b409SSimon J. Gerraty 		"Not a CA, or path length constraint violation."
310*0957b409SSimon J. Gerraty 	},
311*0957b409SSimon J. Gerraty 	{
312*0957b409SSimon J. Gerraty 		BR_ERR_X509_FORBIDDEN_KEY_USAGE,
313*0957b409SSimon J. Gerraty 		"BR_ERR_X509_FORBIDDEN_KEY_USAGE",
314*0957b409SSimon J. Gerraty 		"Key Usage extension prohibits intended usage."
315*0957b409SSimon J. Gerraty 	},
316*0957b409SSimon J. Gerraty 	{
317*0957b409SSimon J. Gerraty 		BR_ERR_X509_WEAK_PUBLIC_KEY,
318*0957b409SSimon J. Gerraty 		"BR_ERR_X509_WEAK_PUBLIC_KEY",
319*0957b409SSimon J. Gerraty 		"Public key found in certificate is too small."
320*0957b409SSimon J. Gerraty 	},
321*0957b409SSimon J. Gerraty 	{
322*0957b409SSimon J. Gerraty 		BR_ERR_X509_NOT_TRUSTED,
323*0957b409SSimon J. Gerraty 		"BR_ERR_X509_NOT_TRUSTED",
324*0957b409SSimon J. Gerraty 		"Chain could not be linked to a trust anchor."
325*0957b409SSimon J. Gerraty 	},
326*0957b409SSimon J. Gerraty 	{ 0, 0, 0 }
327*0957b409SSimon J. Gerraty };
328*0957b409SSimon J. Gerraty 
329*0957b409SSimon J. Gerraty /* see brssl.h */
330*0957b409SSimon J. Gerraty const char *
find_error_name(int err,const char ** comment)331*0957b409SSimon J. Gerraty find_error_name(int err, const char **comment)
332*0957b409SSimon J. Gerraty {
333*0957b409SSimon J. Gerraty 	size_t u;
334*0957b409SSimon J. Gerraty 
335*0957b409SSimon J. Gerraty 	for (u = 0; errors[u].name; u ++) {
336*0957b409SSimon J. Gerraty 		if (errors[u].err == err) {
337*0957b409SSimon J. Gerraty 			if (comment != NULL) {
338*0957b409SSimon J. Gerraty 				*comment = errors[u].comment;
339*0957b409SSimon J. Gerraty 			}
340*0957b409SSimon J. Gerraty 			return errors[u].name;
341*0957b409SSimon J. Gerraty 		}
342*0957b409SSimon J. Gerraty 	}
343*0957b409SSimon J. Gerraty 	return NULL;
344*0957b409SSimon J. Gerraty }
345