From 4178b81cfe210c25b1bdbed5994c35ae45bbe3cc Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Apr 24 2015 23:01:46 +0000 Subject: Ticket #48169 - support NSS 3.18 Description: The current NSS error codes/messages in secerrstrs.h and sslerrstrs.h are behind. Adding the latest codes. https://fedorahosted.org/389/ticket/48169 Reviewed by rmeggins@redhat.com (Thank you, Rich!!) --- diff --git a/ldap/servers/slapd/secerrstrs.h b/ldap/servers/slapd/secerrstrs.h index e1617ea..4d7ffdc 100644 --- a/ldap/servers/slapd/secerrstrs.h +++ b/ldap/servers/slapd/secerrstrs.h @@ -532,3 +532,72 @@ ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154), ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155), "The operation failed because the PKCS#11 token is not logged in.") +ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156), +"Configured OCSP responder's certificate is invalid.") + +ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157), +"OCSP response has an invalid signature.") + +ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158), +"Cert validation search is out of search limits") + +ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159), +"Policy mapping contains anypolicy") + +ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160), +"Cert chain fails policy validation") + +ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161), +"Unknown location type in cert AIA extension") + +ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162), +"Server returned bad HTTP response") + +ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163), +"Server returned bad LDAP response") + +ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164), +"Failed to encode data with ASN1 encoder") + +ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165), +"Bad information access location in cert extension") + +ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166), +"Libpkix internal error occurred during cert validation.") + +ER3(SEC_ERROR_PKCS11_GENERAL_ERROR, (SEC_ERROR_BASE + 167), +"A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.") + +ER3(SEC_ERROR_PKCS11_FUNCTION_FAILED, (SEC_ERROR_BASE + 168), +"A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.") + +ER3(SEC_ERROR_PKCS11_DEVICE_ERROR, (SEC_ERROR_BASE + 169), +"A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.") + +ER3(SEC_ERROR_BAD_INFO_ACCESS_METHOD, (SEC_ERROR_BASE + 170), +"Unknown information access method in certificate extension.") + +ER3(SEC_ERROR_CRL_IMPORT_FAILED, (SEC_ERROR_BASE + 171), +"Error attempting to import a CRL.") + +ER3(SEC_ERROR_EXPIRED_PASSWORD, (SEC_ERROR_BASE + 172), +"The password expired.") + +ER3(SEC_ERROR_LOCKED_PASSWORD, (SEC_ERROR_BASE + 173), +"The password is locked.") + +ER3(SEC_ERROR_UNKNOWN_PKCS11_ERROR, (SEC_ERROR_BASE + 174), +"Unknown PKCS #11 error.") + +ER3(SEC_ERROR_BAD_CRL_DP_URL, (SEC_ERROR_BASE + 175), +"Invalid or unsupported URL in CRL distribution point name.") + +ER3(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 176), +"The certificate was signed using a signature algorithm that is disabled because it is not secure.") + +ER3(SEC_ERROR_LEGACY_DATABASE, (SEC_ERROR_BASE + 177), +"The certificate/key database is in an old, unsupported format or failed to open.") + +ER3(SEC_ERROR_APPLICATION_CALLBACK_ERROR, (SEC_ERROR_BASE + 178), +"The certificate was rejected by extra checks in the application.") + diff --git a/ldap/servers/slapd/sslerrstrs.h b/ldap/servers/slapd/sslerrstrs.h index e960d1c..bce0220 100644 --- a/ldap/servers/slapd/sslerrstrs.h +++ b/ldap/servers/slapd/sslerrstrs.h @@ -402,3 +402,54 @@ ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107), ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT , (SSL_ERROR_BASE + 108), "SSL peer reported bad certificate hash value.") + +ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109), +"SSL received an unexpected New Session Ticket handshake message.") + +ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110), +"SSL received a malformed New Session Ticket handshake message.") + +ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111), +"SSL received a compressed record that could not be decompressed.") + +ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112), +"Renegotiation is not allowed on this SSL socket.") + +ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113), +"Peer attempted old style (potentially vulnerable) handshake.") + +ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114), +"SSL received an unexpected uncompressed record.") + +ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY, (SSL_ERROR_BASE + 115), +"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID, (SSL_ERROR_BASE + 116), +"SSL received invalid NPN extension data.") + +ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2, (SSL_ERROR_BASE + 117), +"SSL feature not supported for SSL 2.0 connections.") + +ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118), +"SSL feature not supported for servers.") + +ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119), +"SSL feature not supported for clients.") + +ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120), +"SSL version range is not valid.") + +ER3(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 121), +"SSL peer selected a cipher suite disallowed for the selected protocol version.") + +ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 122), +"SSL received a malformed Hello Verify Request handshake message.") + +ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123), +"SSL received an unexpected Hello Verify Request handshake message.") + +ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124), +"SSL feature not supported for the protocol version.") + +ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125), +"SSL received an unexpected Certificate Status handshake message.")