From 1f062305c3de32ce7bb1de189718636caf6a4e1c Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Feb 27 2015 19:50:54 +0000 Subject: Learn about Dogtag's SCEP failInfo status codes --- diff --git a/src/scep.c b/src/scep.c index 08ce4bf..ea54897 100644 --- a/src/scep.c +++ b/src/scep.c @@ -820,6 +820,30 @@ main(int argc, char **argv) } else if (strcmp(failinfo, SCEP_FAILINFO_BAD_TIME) == 0) { printf(_("Clock skew too great.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_UNSUPPORTED_EXT) == 0) { + printf(_("Unsupported extension.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_MUST_ARCHIVE_KEYS) == 0) { + printf(_("Must archive keys.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_BAD_IDENTITY) == 0) { + printf(_("Bad identity.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_POP_REQUIRED) == 0) { + printf(_("Proof of possession required.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_POP_FAILED) == 0) { + printf(_("Proof of possession failed.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_NO_KEY_REUSE) == 0) { + printf(_("No key reuse.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_INTERNAL_CA_ERROR) == 0) { + printf(_("Internal CA error.\n")); + } else + if (strcmp(failinfo, SCEP_FAILINFO_TRY_LATER) == 0) { + printf(_("Try later.\n")); } else { printf(_("Server returned failure code \"%s\".\n"), failinfo); diff --git a/src/scep.h b/src/scep.h index 4505625..d06a532 100644 --- a/src/scep.h +++ b/src/scep.h @@ -33,5 +33,15 @@ #define SCEP_FAILINFO_BAD_REQUEST "2" #define SCEP_FAILINFO_BAD_TIME "3" #define SCEP_FAILINFO_BAD_CERT_ID "4" +/* These aren't in the drafts that I can find, but Dogtag uses them. */ +#define SCEP_FAILINFO_UNSUPPORTED_EXT "5" +#define SCEP_FAILINFO_MUST_ARCHIVE_KEYS "6" +#define SCEP_FAILINFO_BAD_IDENTITY "7" +#define SCEP_FAILINFO_POP_REQUIRED "8" +#define SCEP_FAILINFO_POP_FAILED "9" +#define SCEP_FAILINFO_NO_KEY_REUSE "10" +#define SCEP_FAILINFO_INTERNAL_CA_ERROR "11" +#define SCEP_FAILINFO_TRY_LATER "12" + #endif