1 /* 2 * Copyright (c) 2001 by Sun Microsystems, Inc. 3 * All rights reserved. 4 */ 5 6 /* 7 * The contents of this file are subject to the Netscape Public 8 * License Version 1.1 (the "License"); you may not use this file 9 * except in compliance with the License. You may obtain a copy of 10 * the License at http://www.mozilla.org/NPL/ 11 * 12 * Software distributed under the License is distributed on an "AS 13 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 14 * implied. See the License for the specific language governing 15 * rights and limitations under the License. 16 * 17 * The Original Code is Mozilla Communicator client code, released 18 * March 31, 1998. 19 * 20 * The Initial Developer of the Original Code is Netscape 21 * Communications Corporation. Portions created by Netscape are 22 * Copyright (C) 1998-1999 Netscape Communications Corporation. All 23 * Rights Reserved. 24 * 25 * Contributor(s): 26 */ 27 /* 28 * sslerrstrs.h - map SSL errors to strings (used by errormap.c) 29 * 30 */ 31 32 /* 33 **************************************************************************** 34 * The code below this point was provided by Nelson Bolyard <nelsonb> of the 35 * Netscape Certificate Server team on 27-March-1998. 36 * Taken from the file ns/security/cmd/lib/SSLerrs.h on NSS_1_BRANCH. 37 * Last updated from there: 24-July-1998 by Mark Smith <mcs> 38 * 39 * All of the Directory Server specific changes are enclosed inside 40 * #ifdef NS_DIRECTORY. 41 **************************************************************************** 42 */ 43 44 /* SSL-specific security error codes */ 45 /* caller must include "sslerr.h" */ 46 47 ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, 48 dgettext(TEXT_DOMAIN, 49 "Unable to communicate securely. Peer does not support high-grade encryption.")) 50 51 ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, 52 dgettext(TEXT_DOMAIN, 53 "Unable to communicate securely. Peer requires high-grade encryption which is not supported.")) 54 55 ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, 56 dgettext(TEXT_DOMAIN, 57 "Cannot communicate securely with peer: no common encryption algorithm(s).")) 58 59 ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, 60 dgettext(TEXT_DOMAIN, 61 "Unable to find the certificate or key necessary for authentication.")) 62 63 ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, 64 dgettext(TEXT_DOMAIN, 65 "Unable to communicate securely with peer: peers's certificate was rejected.")) 66 67 /* unused (SSL_ERROR_BASE + 5),*/ 68 69 ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, 70 dgettext(TEXT_DOMAIN, 71 "The server has encountered bad data from the client.")) 72 73 ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, 74 dgettext(TEXT_DOMAIN, 75 "The client has encountered bad data from the server.")) 76 77 ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, 78 dgettext(TEXT_DOMAIN, 79 "Unsupported certificate type.")) 80 81 ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, 82 dgettext(TEXT_DOMAIN, 83 "Peer using unsupported version of security protocol.")) 84 85 /* unused (SSL_ERROR_BASE + 10),*/ 86 87 ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, 88 dgettext(TEXT_DOMAIN, 89 "Client authentication failed: private key in key database does not match public key in certificate database.")) 90 91 ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, 92 dgettext(TEXT_DOMAIN, 93 "Unable to communicate securely with peer: requested domain name does not match the server's certificate.")) 94 95 /* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), 96 defined in sslerr.h 97 */ 98 99 ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), 100 dgettext(TEXT_DOMAIN, 101 "Peer only supports SSL version 2, which is locally disabled.")) 102 103 104 ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), 105 dgettext(TEXT_DOMAIN, 106 "SSL received a record with an incorrect Message Authentication Code.")) 107 108 ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), 109 dgettext(TEXT_DOMAIN, 110 "SSL peer reports incorrect Message Authentication Code.")) 111 112 ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), 113 dgettext(TEXT_DOMAIN, 114 "SSL peer cannot verify your certificate.")) 115 116 ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), 117 dgettext(TEXT_DOMAIN, 118 "SSL peer rejected your certificate as revoked.")) 119 120 ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), 121 dgettext(TEXT_DOMAIN, 122 "SSL peer rejected your certificate as expired.")) 123 124 ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), 125 dgettext(TEXT_DOMAIN, 126 "Cannot connect: SSL is disabled.")) 127 128 ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), 129 dgettext(TEXT_DOMAIN, 130 "Cannot connect: SSL peer is in another FORTEZZA domain.")) 131 132 ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), 133 dgettext(TEXT_DOMAIN, 134 "An unknown SSL cipher suite has been requested.")) 135 136 ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), 137 dgettext(TEXT_DOMAIN, 138 "No cipher suites are present and enabled in this program.")) 139 140 ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), 141 dgettext(TEXT_DOMAIN, 142 "SSL received a record with bad block padding.")) 143 144 ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), 145 dgettext(TEXT_DOMAIN, 146 "SSL received a record that exceeded the maximum permissible length.")) 147 148 ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), 149 dgettext(TEXT_DOMAIN, 150 "SSL attempted to send a record that exceeded the maximum permissible length.")) 151 152 /* 153 * Received a malformed (too long or short or invalid content) SSL handshake. 154 */ 155 ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), 156 dgettext(TEXT_DOMAIN, 157 "SSL received a malformed Hello Request handshake message.")) 158 159 ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), 160 dgettext(TEXT_DOMAIN, 161 "SSL received a malformed Client Hello handshake message.")) 162 163 ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), 164 dgettext(TEXT_DOMAIN, 165 "SSL received a malformed Server Hello handshake message.")) 166 167 ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), 168 dgettext(TEXT_DOMAIN, 169 "SSL received a malformed Certificate handshake message.")) 170 171 ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), 172 dgettext(TEXT_DOMAIN, 173 "SSL received a malformed Server Key Exchange handshake message.")) 174 175 ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), 176 dgettext(TEXT_DOMAIN, 177 "SSL received a malformed Certificate Request handshake message.")) 178 179 ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), 180 dgettext(TEXT_DOMAIN, 181 "SSL received a malformed Server Hello Done handshake message.")) 182 183 ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), 184 dgettext(TEXT_DOMAIN, 185 "SSL received a malformed Certificate Verify handshake message.")) 186 187 ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), 188 dgettext(TEXT_DOMAIN, 189 "SSL received a malformed Client Key Exchange handshake message.")) 190 191 ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), 192 dgettext(TEXT_DOMAIN, 193 "SSL received a malformed Finished handshake message.")) 194 195 /* 196 * Received a malformed (too long or short) SSL record. 197 */ 198 ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), 199 dgettext(TEXT_DOMAIN, 200 "SSL received a malformed Change Cipher Spec record.")) 201 202 ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), 203 dgettext(TEXT_DOMAIN, 204 "SSL received a malformed Alert record.")) 205 206 ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), 207 dgettext(TEXT_DOMAIN, 208 "SSL received a malformed Handshake record.")) 209 210 ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), 211 dgettext(TEXT_DOMAIN, 212 "SSL received a malformed Application Data record.")) 213 214 /* 215 * Received an SSL handshake that was inappropriate for the state we're in. 216 * E.g. Server received message from server, or wrong state in state machine. 217 */ 218 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), 219 dgettext(TEXT_DOMAIN, 220 "SSL received an unexpected Hello Request handshake message.")) 221 222 ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), 223 dgettext(TEXT_DOMAIN, 224 "SSL received an unexpected Client Hello handshake message.")) 225 226 ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), 227 dgettext(TEXT_DOMAIN, 228 "SSL received an unexpected Server Hello handshake message.")) 229 230 ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), 231 dgettext(TEXT_DOMAIN, 232 "SSL received an unexpected Certificate handshake message.")) 233 234 ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), 235 dgettext(TEXT_DOMAIN, 236 "SSL received an unexpected Server Key Exchange handshake message.")) 237 238 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), 239 dgettext(TEXT_DOMAIN, 240 "SSL received an unexpected Certificate Request handshake message.")) 241 242 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), 243 dgettext(TEXT_DOMAIN, 244 "SSL received an unexpected Server Hello Done handshake message.")) 245 246 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), 247 dgettext(TEXT_DOMAIN, 248 "SSL received an unexpected Certificate Verify handshake message.")) 249 250 ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), 251 dgettext(TEXT_DOMAIN, 252 "SSL received an unexpected Cllient Key Exchange handshake message.")) 253 254 ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), 255 dgettext(TEXT_DOMAIN, 256 "SSL received an unexpected Finished handshake message.")) 257 258 /* 259 * Received an SSL record that was inappropriate for the state we're in. 260 */ 261 ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), 262 dgettext(TEXT_DOMAIN, 263 "SSL received an unexpected Change Cipher Spec record.")) 264 265 ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), 266 dgettext(TEXT_DOMAIN, 267 "SSL received an unexpected Alert record.")) 268 269 ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), 270 dgettext(TEXT_DOMAIN, 271 "SSL received an unexpected Handshake record.")) 272 273 ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), 274 dgettext(TEXT_DOMAIN, 275 "SSL received an unexpected Application Data record.")) 276 277 /* 278 * Received record/message with unknown discriminant. 279 */ 280 ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), 281 dgettext(TEXT_DOMAIN, 282 "SSL received a record with an unknown content type.")) 283 284 ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), 285 dgettext(TEXT_DOMAIN, 286 "SSL received a handshake message with an unknown message type.")) 287 288 ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), 289 dgettext(TEXT_DOMAIN, 290 "SSL received an alert record with an unknown alert description.")) 291 292 /* 293 * Received an alert reporting what we did wrong. (more alerts above) 294 */ 295 ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), 296 dgettext(TEXT_DOMAIN, 297 "SSL peer has closed this connection.")) 298 299 ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), 300 dgettext(TEXT_DOMAIN, 301 "SSL peer was not expecting a handshake message it received.")) 302 303 ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), 304 dgettext(TEXT_DOMAIN, 305 "SSL peer was unable to succesfully decompress an SSL record it received.")) 306 307 ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), 308 dgettext(TEXT_DOMAIN, 309 "SSL peer was unable to negotiate an acceptable set of security parameters.")) 310 311 ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), 312 dgettext(TEXT_DOMAIN, 313 "SSL peer rejected a handshake message for unacceptable content.")) 314 315 ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), 316 dgettext(TEXT_DOMAIN, 317 "SSL peer does not support certificates of the type it received.")) 318 319 ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), 320 dgettext(TEXT_DOMAIN, 321 "SSL peer had some unspecified issue with the certificate it received.")) 322 323 ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), 324 dgettext(TEXT_DOMAIN, 325 "SSL experienced a failure of its random number generator.")) 326 327 ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), 328 dgettext(TEXT_DOMAIN, 329 "Unable to digitally sign data required to verify your certificate.")) 330 331 ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), 332 dgettext(TEXT_DOMAIN, 333 "SSL was unable to extract the public key from the peer's certificate.")) 334 335 ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), 336 dgettext(TEXT_DOMAIN, 337 "Unspecified failure while processing SSL Server Key Exchange handshake.")) 338 339 ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), 340 dgettext(TEXT_DOMAIN, 341 "Unspecified failure while processing SSL Client Key Exchange handshake.")) 342 343 ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), 344 dgettext(TEXT_DOMAIN, 345 "Bulk data encryption algorithm failed in selected cipher suite.")) 346 347 ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), 348 dgettext(TEXT_DOMAIN, 349 "Bulk data decryption algorithm failed in selected cipher suite.")) 350 351 ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), 352 dgettext(TEXT_DOMAIN, 353 "Attempt to write encrypted data to underlying socket failed.")) 354 355 ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), 356 dgettext(TEXT_DOMAIN, 357 "MD5 digest function failed.")) 358 359 ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), 360 dgettext(TEXT_DOMAIN, 361 "SHA-1 digest function failed.")) 362 363 ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), 364 dgettext(TEXT_DOMAIN, 365 "MAC computation failed.")) 366 367 ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), 368 dgettext(TEXT_DOMAIN, 369 "Failure to create Symmetric Key context.")) 370 371 ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), 372 dgettext(TEXT_DOMAIN, 373 "Failure to unwrap the Symmetric key in Client Key Exchange message.")) 374 375 ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), 376 dgettext(TEXT_DOMAIN, 377 "SSL Server attempted to use domestic-grade public key with export cipher suite.")) 378 379 ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), 380 dgettext(TEXT_DOMAIN, 381 "PKCS11 code failed to translate an IV into a param.")) 382 383 ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), 384 dgettext(TEXT_DOMAIN, 385 "Failed to initialize the selected cipher suite.")) 386 387 ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), 388 dgettext(TEXT_DOMAIN, 389 "Client failed to generate session keys for SSL session.")) 390 391 ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), 392 dgettext(TEXT_DOMAIN, 393 "Server has no key for the attempted key exchange algorithm.")) 394 395 ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), 396 dgettext(TEXT_DOMAIN, 397 "PKCS#11 token was inserted or removed while operation was in progress.")) 398 399 ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), 400 dgettext(TEXT_DOMAIN, 401 "No PKCS#11 token could be found to do a required operation.")) 402 403 ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), 404 dgettext(TEXT_DOMAIN, 405 "Cannot communicate securely with peer: no common compression algorithm(s).")) 406 407 ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), 408 dgettext(TEXT_DOMAIN, 409 "Cannot initiate another SSL handshake until current handshake is complete.")) 410 411 ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), 412 dgettext(TEXT_DOMAIN, 413 "Received incorrect handshakes hash values from peer.")) 414 415 ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), 416 dgettext(TEXT_DOMAIN, 417 "The certificate provided cannot be used with the selected key exchange algorithm.")) 418