# HG changeset patch # User Yen Chi Hsuan # Date 1474198067 -28800 # Sun Sep 18 19:27:47 2016 +0800 # Node ID 3cf5e26f2ea5a3ad38404d7cd8d4d0418209790d # Parent 4bfd91a45c81ffc83f751e1bc17667e7c87d7a88 Add X509 verify error message to SSLError See https://bugs.python.org/issue28182 diff --git a/Modules/_ssl.c b/Modules/_ssl.c --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -81,25 +81,30 @@ static PyObject *PySSLWantReadErrorObjec static PyObject *PySSLWantWriteErrorObject; static PyObject *PySSLSyscallErrorObject; static PyObject *PySSLEOFErrorObject; /* Error mappings */ static PyObject *err_codes_to_names; static PyObject *err_names_to_codes; static PyObject *lib_codes_to_names; +static PyObject *x509_verify_codes_to_names; struct py_ssl_error_code { const char *mnemonic; int library, reason; }; struct py_ssl_library_code { const char *library; int code; }; +struct py_ssl_x509_verify_error_code { + const char *mnemonic; + int code; +}; /* Include generated data (error codes) */ #include "_ssl_data.h" #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) # define OPENSSL_VERSION_1_1 1 #endif @@ -408,28 +413,45 @@ static PyType_Spec sslerror_type_spec = sizeof(PyOSErrorObject), 0, Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, sslerror_type_slots }; static void fill_and_set_sslerror(PyObject *type, int ssl_errno, const char *errstr, - int lineno, unsigned long errcode) + int lineno, unsigned long errcode, SSL *ssl) { - PyObject *err_value = NULL, *reason_obj = NULL, *lib_obj = NULL; + PyObject *err_value = NULL, *reason_obj = NULL, *lib_obj = NULL, + *sub_reason_obj = NULL; PyObject *init_value, *msg, *key; + const char *sub_errstr = NULL; _Py_IDENTIFIER(reason); _Py_IDENTIFIER(library); + _Py_IDENTIFIER(sub_reason); if (errcode != 0) { int lib, reason; lib = ERR_GET_LIB(errcode); reason = ERR_GET_REASON(errcode); + + if (ssl && lib == ERR_LIB_SSL && reason == SSL_R_CERTIFICATE_VERIFY_FAILED) { + long verify_result = SSL_get_verify_result(ssl); + key = PyLong_FromLong(verify_result); + if (key == NULL) + goto fail; + sub_reason_obj = PyDict_GetItem(x509_verify_codes_to_names, key); + Py_DECREF(key); + if (sub_reason_obj == NULL) { + PyErr_Clear(); + } + sub_errstr = X509_verify_cert_error_string(verify_result); + } + key = Py_BuildValue("ii", lib, reason); if (key == NULL) goto fail; reason_obj = PyDict_GetItem(err_codes_to_names, key); Py_DECREF(key); if (reason_obj == NULL) { /* XXX if reason < 100, it might reflect a library number (!!) */ PyErr_Clear(); @@ -443,17 +465,21 @@ fill_and_set_sslerror(PyObject *type, in PyErr_Clear(); } if (errstr == NULL) errstr = ERR_reason_error_string(errcode); } if (errstr == NULL) errstr = "unknown error"; - if (reason_obj && lib_obj) + if (sub_errstr && sub_reason_obj && reason_obj && lib_obj) + msg = PyUnicode_FromFormat("[%S: %S: %S] %s: %s (_ssl.c:%d)", + lib_obj, reason_obj, sub_reason_obj, + errstr, sub_errstr, lineno); + else if (reason_obj && lib_obj) msg = PyUnicode_FromFormat("[%S: %S] %s (_ssl.c:%d)", lib_obj, reason_obj, errstr, lineno); else if (lib_obj) msg = PyUnicode_FromFormat("[%S] %s (_ssl.c:%d)", lib_obj, errstr, lineno); else msg = PyUnicode_FromFormat("%s (_ssl.c:%d)", errstr, lineno); if (msg == NULL) @@ -471,16 +497,20 @@ fill_and_set_sslerror(PyObject *type, in if (reason_obj == NULL) reason_obj = Py_None; if (_PyObject_SetAttrId(err_value, &PyId_reason, reason_obj)) goto fail; if (lib_obj == NULL) lib_obj = Py_None; if (_PyObject_SetAttrId(err_value, &PyId_library, lib_obj)) goto fail; + if (sub_reason_obj == NULL) + sub_reason_obj = Py_None; + if (_PyObject_SetAttrId(err_value, &PyId_sub_reason, sub_reason_obj)) + goto fail; PyErr_SetObject(type, err_value); fail: Py_XDECREF(err_value); } static PyObject * PySSL_SetError(PySSLSocket *obj, int ret, const char *filename, int lineno) { @@ -553,29 +583,29 @@ PySSL_SetError(PySSLSocket *obj, int ret errstr = "A failure in the SSL library occurred"; break; } default: p = PY_SSL_ERROR_INVALID_ERROR_CODE; errstr = "Invalid error code"; } } - fill_and_set_sslerror(type, p, errstr, lineno, e); + fill_and_set_sslerror(type, p, errstr, lineno, e, obj->ssl); ERR_clear_error(); return NULL; } static PyObject * _setSSLError (const char *errstr, int errcode, const char *filename, int lineno) { if (errstr == NULL) errcode = ERR_peek_last_error(); else errcode = 0; - fill_and_set_sslerror(PySSLErrorObject, errcode, errstr, lineno, errcode); + fill_and_set_sslerror(PySSLErrorObject, errcode, errstr, lineno, errcode, NULL); ERR_clear_error(); return NULL; } /* * SSL objects */ @@ -5141,16 +5171,17 @@ PyMODINIT_FUNC PyInit__ssl(void) { PyObject *m, *d, *r; unsigned long libver; unsigned int major, minor, fix, patch, status; PySocketModule_APIObject *socket_api; struct py_ssl_error_code *errcode; struct py_ssl_library_code *libcode; + struct py_ssl_x509_verify_error_code *x509_verify_errcode; if (PyType_Ready(&PySSLContext_Type) < 0) return NULL; if (PyType_Ready(&PySSLSocket_Type) < 0) return NULL; if (PyType_Ready(&PySSLMemoryBIO_Type) < 0) return NULL; if (PyType_Ready(&PySSLSession_Type) < 0) @@ -5445,16 +5476,35 @@ PyInit__ssl(void) return NULL; Py_DECREF(key); Py_DECREF(mnemo); libcode++; } if (PyModule_AddObject(m, "lib_codes_to_names", lib_codes_to_names)) return NULL; + x509_verify_codes_to_names = PyDict_New(); + if (x509_verify_codes_to_names == NULL) + return NULL; + x509_verify_errcode = x509_verify_error_codes; + while (x509_verify_errcode->mnemonic != NULL) { + PyObject *mnemo, *key; + key = PyLong_FromLong(x509_verify_errcode->code); + mnemo = PyUnicode_FromString(x509_verify_errcode->mnemonic); + if (key == NULL || mnemo == NULL) + return NULL; + if (PyDict_SetItem(x509_verify_codes_to_names, key, mnemo)) + return NULL; + Py_DECREF(key); + Py_DECREF(mnemo); + x509_verify_errcode++; + } + if (PyModule_AddObject(m, "x509_verify_codes_to_names", x509_verify_codes_to_names)) + return NULL; + /* OpenSSL version */ /* SSLeay() gives us the version of the library linked against, which could be different from the headers version. */ libver = SSLeay(); r = PyLong_FromUnsignedLong(libver); if (r == NULL) return NULL; diff --git a/Modules/_ssl_data.h b/Modules/_ssl_data.h --- a/Modules/_ssl_data.h +++ b/Modules/_ssl_data.h @@ -1941,8 +1941,373 @@ static struct py_ssl_error_code error_co #endif #ifdef X509_R_WRONG_TYPE {"WRONG_TYPE", ERR_LIB_X509, X509_R_WRONG_TYPE}, #else {"WRONG_TYPE", ERR_LIB_X509, 122}, #endif { NULL } }; + + +static struct py_ssl_x509_verify_error_code x509_verify_error_codes[] = { + #ifdef X509_V_ERR_UNSPECIFIED + {"UNSPECIFIED", X509_V_ERR_UNSPECIFIED}, + #else + {"UNSPECIFIED", 1}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT + {"UNABLE_TO_GET_ISSUER_CERT", X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT}, + #else + {"UNABLE_TO_GET_ISSUER_CERT", 2}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_GET_CRL + {"UNABLE_TO_GET_CRL", X509_V_ERR_UNABLE_TO_GET_CRL}, + #else + {"UNABLE_TO_GET_CRL", 3}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE + {"UNABLE_TO_DECRYPT_CERT_SIGNATURE", X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE}, + #else + {"UNABLE_TO_DECRYPT_CERT_SIGNATURE", 4}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE + {"UNABLE_TO_DECRYPT_CRL_SIGNATURE", X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE}, + #else + {"UNABLE_TO_DECRYPT_CRL_SIGNATURE", 5}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY + {"UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY}, + #else + {"UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY", 6}, + #endif + #ifdef X509_V_ERR_CERT_SIGNATURE_FAILURE + {"CERT_SIGNATURE_FAILURE", X509_V_ERR_CERT_SIGNATURE_FAILURE}, + #else + {"CERT_SIGNATURE_FAILURE", 7}, + #endif + #ifdef X509_V_ERR_CRL_SIGNATURE_FAILURE + {"CRL_SIGNATURE_FAILURE", X509_V_ERR_CRL_SIGNATURE_FAILURE}, + #else + {"CRL_SIGNATURE_FAILURE", 8}, + #endif + #ifdef X509_V_ERR_CERT_NOT_YET_VALID + {"CERT_NOT_YET_VALID", X509_V_ERR_CERT_NOT_YET_VALID}, + #else + {"CERT_NOT_YET_VALID", 9}, + #endif + #ifdef X509_V_ERR_CERT_HAS_EXPIRED + {"CERT_HAS_EXPIRED", X509_V_ERR_CERT_HAS_EXPIRED}, + #else + {"CERT_HAS_EXPIRED", 10}, + #endif + #ifdef X509_V_ERR_CRL_NOT_YET_VALID + {"CRL_NOT_YET_VALID", X509_V_ERR_CRL_NOT_YET_VALID}, + #else + {"CRL_NOT_YET_VALID", 11}, + #endif + #ifdef X509_V_ERR_CRL_HAS_EXPIRED + {"CRL_HAS_EXPIRED", X509_V_ERR_CRL_HAS_EXPIRED}, + #else + {"CRL_HAS_EXPIRED", 12}, + #endif + #ifdef X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD + {"ERROR_IN_CERT_NOT_BEFORE_FIELD", X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD}, + #else + {"ERROR_IN_CERT_NOT_BEFORE_FIELD", 13}, + #endif + #ifdef X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD + {"ERROR_IN_CERT_NOT_AFTER_FIELD", X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD}, + #else + {"ERROR_IN_CERT_NOT_AFTER_FIELD", 14}, + #endif + #ifdef X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD + {"ERROR_IN_CRL_LAST_UPDATE_FIELD", X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD}, + #else + {"ERROR_IN_CRL_LAST_UPDATE_FIELD", 15}, + #endif + #ifdef X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD + {"ERROR_IN_CRL_NEXT_UPDATE_FIELD", X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD}, + #else + {"ERROR_IN_CRL_NEXT_UPDATE_FIELD", 16}, + #endif + #ifdef X509_V_ERR_OUT_OF_MEM + {"OUT_OF_MEM", X509_V_ERR_OUT_OF_MEM}, + #else + {"OUT_OF_MEM", 17}, + #endif + #ifdef X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT + {"DEPTH_ZERO_SELF_SIGNED_CERT", X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT}, + #else + {"DEPTH_ZERO_SELF_SIGNED_CERT", 18}, + #endif + #ifdef X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN + {"SELF_SIGNED_CERT_IN_CHAIN", X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN}, + #else + {"SELF_SIGNED_CERT_IN_CHAIN", 19}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + {"UNABLE_TO_GET_ISSUER_CERT_LOCALLY", X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY}, + #else + {"UNABLE_TO_GET_ISSUER_CERT_LOCALLY", 20}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE + {"UNABLE_TO_VERIFY_LEAF_SIGNATURE", X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE}, + #else + {"UNABLE_TO_VERIFY_LEAF_SIGNATURE", 21}, + #endif + #ifdef X509_V_ERR_CERT_CHAIN_TOO_LONG + {"CERT_CHAIN_TOO_LONG", X509_V_ERR_CERT_CHAIN_TOO_LONG}, + #else + {"CERT_CHAIN_TOO_LONG", 22}, + #endif + #ifdef X509_V_ERR_CERT_REVOKED + {"CERT_REVOKED", X509_V_ERR_CERT_REVOKED}, + #else + {"CERT_REVOKED", 23}, + #endif + #ifdef X509_V_ERR_INVALID_CA + {"INVALID_CA", X509_V_ERR_INVALID_CA}, + #else + {"INVALID_CA", 24}, + #endif + #ifdef X509_V_ERR_PATH_LENGTH_EXCEEDED + {"PATH_LENGTH_EXCEEDED", X509_V_ERR_PATH_LENGTH_EXCEEDED}, + #else + {"PATH_LENGTH_EXCEEDED", 25}, + #endif + #ifdef X509_V_ERR_INVALID_PURPOSE + {"INVALID_PURPOSE", X509_V_ERR_INVALID_PURPOSE}, + #else + {"INVALID_PURPOSE", 26}, + #endif + #ifdef X509_V_ERR_CERT_UNTRUSTED + {"CERT_UNTRUSTED", X509_V_ERR_CERT_UNTRUSTED}, + #else + {"CERT_UNTRUSTED", 27}, + #endif + #ifdef X509_V_ERR_CERT_REJECTED + {"CERT_REJECTED", X509_V_ERR_CERT_REJECTED}, + #else + {"CERT_REJECTED", 28}, + #endif + #ifdef X509_V_ERR_SUBJECT_ISSUER_MISMATCH + {"SUBJECT_ISSUER_MISMATCH", X509_V_ERR_SUBJECT_ISSUER_MISMATCH}, + #else + {"SUBJECT_ISSUER_MISMATCH", 29}, + #endif + #ifdef X509_V_ERR_AKID_SKID_MISMATCH + {"AKID_SKID_MISMATCH", X509_V_ERR_AKID_SKID_MISMATCH}, + #else + {"AKID_SKID_MISMATCH", 30}, + #endif + #ifdef X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH + {"AKID_ISSUER_SERIAL_MISMATCH", X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH}, + #else + {"AKID_ISSUER_SERIAL_MISMATCH", 31}, + #endif + #ifdef X509_V_ERR_KEYUSAGE_NO_CERTSIGN + {"KEYUSAGE_NO_CERTSIGN", X509_V_ERR_KEYUSAGE_NO_CERTSIGN}, + #else + {"KEYUSAGE_NO_CERTSIGN", 32}, + #endif + #ifdef X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER + {"UNABLE_TO_GET_CRL_ISSUER", X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER}, + #else + {"UNABLE_TO_GET_CRL_ISSUER", 33}, + #endif + #ifdef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION + {"UNHANDLED_CRITICAL_EXTENSION", X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION}, + #else + {"UNHANDLED_CRITICAL_EXTENSION", 34}, + #endif + #ifdef X509_V_ERR_KEYUSAGE_NO_CRL_SIGN + {"KEYUSAGE_NO_CRL_SIGN", X509_V_ERR_KEYUSAGE_NO_CRL_SIGN}, + #else + {"KEYUSAGE_NO_CRL_SIGN", 35}, + #endif + #ifdef X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION + {"UNHANDLED_CRITICAL_CRL_EXTENSION", X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION}, + #else + {"UNHANDLED_CRITICAL_CRL_EXTENSION", 36}, + #endif + #ifdef X509_V_ERR_INVALID_NON_CA + {"INVALID_NON_CA", X509_V_ERR_INVALID_NON_CA}, + #else + {"INVALID_NON_CA", 37}, + #endif + #ifdef X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED + {"PROXY_PATH_LENGTH_EXCEEDED", X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED}, + #else + {"PROXY_PATH_LENGTH_EXCEEDED", 38}, + #endif + #ifdef X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE + {"KEYUSAGE_NO_DIGITAL_SIGNATURE", X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE}, + #else + {"KEYUSAGE_NO_DIGITAL_SIGNATURE", 39}, + #endif + #ifdef X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED + {"PROXY_CERTIFICATES_NOT_ALLOWED", X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED}, + #else + {"PROXY_CERTIFICATES_NOT_ALLOWED", 40}, + #endif + #ifdef X509_V_ERR_INVALID_EXTENSION + {"INVALID_EXTENSION", X509_V_ERR_INVALID_EXTENSION}, + #else + {"INVALID_EXTENSION", 41}, + #endif + #ifdef X509_V_ERR_INVALID_POLICY_EXTENSION + {"INVALID_POLICY_EXTENSION", X509_V_ERR_INVALID_POLICY_EXTENSION}, + #else + {"INVALID_POLICY_EXTENSION", 42}, + #endif + #ifdef X509_V_ERR_NO_EXPLICIT_POLICY + {"NO_EXPLICIT_POLICY", X509_V_ERR_NO_EXPLICIT_POLICY}, + #else + {"NO_EXPLICIT_POLICY", 43}, + #endif + #ifdef X509_V_ERR_DIFFERENT_CRL_SCOPE + {"DIFFERENT_CRL_SCOPE", X509_V_ERR_DIFFERENT_CRL_SCOPE}, + #else + {"DIFFERENT_CRL_SCOPE", 44}, + #endif + #ifdef X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE + {"UNSUPPORTED_EXTENSION_FEATURE", X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE}, + #else + {"UNSUPPORTED_EXTENSION_FEATURE", 45}, + #endif + #ifdef X509_V_ERR_UNNESTED_RESOURCE + {"UNNESTED_RESOURCE", X509_V_ERR_UNNESTED_RESOURCE}, + #else + {"UNNESTED_RESOURCE", 46}, + #endif + #ifdef X509_V_ERR_PERMITTED_VIOLATION + {"PERMITTED_VIOLATION", X509_V_ERR_PERMITTED_VIOLATION}, + #else + {"PERMITTED_VIOLATION", 47}, + #endif + #ifdef X509_V_ERR_EXCLUDED_VIOLATION + {"EXCLUDED_VIOLATION", X509_V_ERR_EXCLUDED_VIOLATION}, + #else + {"EXCLUDED_VIOLATION", 48}, + #endif + #ifdef X509_V_ERR_SUBTREE_MINMAX + {"SUBTREE_MINMAX", X509_V_ERR_SUBTREE_MINMAX}, + #else + {"SUBTREE_MINMAX", 49}, + #endif + #ifdef X509_V_ERR_APPLICATION_VERIFICATION + {"APPLICATION_VERIFICATION", X509_V_ERR_APPLICATION_VERIFICATION}, + #else + {"APPLICATION_VERIFICATION", 50}, + #endif + #ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE + {"UNSUPPORTED_CONSTRAINT_TYPE", X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE}, + #else + {"UNSUPPORTED_CONSTRAINT_TYPE", 51}, + #endif + #ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX + {"UNSUPPORTED_CONSTRAINT_SYNTAX", X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX}, + #else + {"UNSUPPORTED_CONSTRAINT_SYNTAX", 52}, + #endif + #ifdef X509_V_ERR_UNSUPPORTED_NAME_SYNTAX + {"UNSUPPORTED_NAME_SYNTAX", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, + #else + {"UNSUPPORTED_NAME_SYNTAX", 53}, + #endif + #ifdef X509_V_ERR_CRL_PATH_VALIDATION_ERROR + {"CRL_PATH_VALIDATION_ERROR", X509_V_ERR_CRL_PATH_VALIDATION_ERROR}, + #else + {"CRL_PATH_VALIDATION_ERROR", 54}, + #endif + #ifdef X509_V_ERR_PATH_LOOP + {"PATH_LOOP", X509_V_ERR_PATH_LOOP}, + #else + {"PATH_LOOP", 55}, + #endif + #ifdef X509_V_ERR_SUITE_B_INVALID_VERSION + {"SUITE_B_INVALID_VERSION", X509_V_ERR_SUITE_B_INVALID_VERSION}, + #else + {"SUITE_B_INVALID_VERSION", 56}, + #endif + #ifdef X509_V_ERR_SUITE_B_INVALID_ALGORITHM + {"SUITE_B_INVALID_ALGORITHM", X509_V_ERR_SUITE_B_INVALID_ALGORITHM}, + #else + {"SUITE_B_INVALID_ALGORITHM", 57}, + #endif + #ifdef X509_V_ERR_SUITE_B_INVALID_CURVE + {"SUITE_B_INVALID_CURVE", X509_V_ERR_SUITE_B_INVALID_CURVE}, + #else + {"SUITE_B_INVALID_CURVE", 58}, + #endif + #ifdef X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM + {"SUITE_B_INVALID_SIGNATURE_ALGORITHM", X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM}, + #else + {"SUITE_B_INVALID_SIGNATURE_ALGORITHM", 59}, + #endif + #ifdef X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED + {"SUITE_B_LOS_NOT_ALLOWED", X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED}, + #else + {"SUITE_B_LOS_NOT_ALLOWED", 60}, + #endif + #ifdef X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 + {"SUITE_B_CANNOT_SIGN_P_384_WITH_P_256", X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256}, + #else + {"SUITE_B_CANNOT_SIGN_P_384_WITH_P_256", 61}, + #endif + #ifdef X509_V_ERR_HOSTNAME_MISMATCH + {"HOSTNAME_MISMATCH", X509_V_ERR_HOSTNAME_MISMATCH}, + #else + {"HOSTNAME_MISMATCH", 62}, + #endif + #ifdef X509_V_ERR_EMAIL_MISMATCH + {"EMAIL_MISMATCH", X509_V_ERR_EMAIL_MISMATCH}, + #else + {"EMAIL_MISMATCH", 63}, + #endif + #ifdef X509_V_ERR_IP_ADDRESS_MISMATCH + {"IP_ADDRESS_MISMATCH", X509_V_ERR_IP_ADDRESS_MISMATCH}, + #else + {"IP_ADDRESS_MISMATCH", 64}, + #endif + #ifdef X509_V_ERR_DANE_NO_MATCH + {"DANE_NO_MATCH", X509_V_ERR_DANE_NO_MATCH}, + #else + {"DANE_NO_MATCH", 65}, + #endif + #ifdef X509_V_ERR_EE_KEY_TOO_SMALL + {"EE_KEY_TOO_SMALL", X509_V_ERR_EE_KEY_TOO_SMALL}, + #else + {"EE_KEY_TOO_SMALL", 66}, + #endif + #ifdef X509_V_ERR_CA_KEY_TOO_SMALL + {"CA_KEY_TOO_SMALL", X509_V_ERR_CA_KEY_TOO_SMALL}, + #else + {"CA_KEY_TOO_SMALL", 67}, + #endif + #ifdef X509_V_ERR_CA_MD_TOO_WEAK + {"CA_MD_TOO_WEAK", X509_V_ERR_CA_MD_TOO_WEAK}, + #else + {"CA_MD_TOO_WEAK", 68}, + #endif + #ifdef X509_V_ERR_INVALID_CALL + {"INVALID_CALL", X509_V_ERR_INVALID_CALL}, + #else + {"INVALID_CALL", 69}, + #endif + #ifdef X509_V_ERR_STORE_LOOKUP + {"STORE_LOOKUP", X509_V_ERR_STORE_LOOKUP}, + #else + {"STORE_LOOKUP", 70}, + #endif + #ifdef X509_V_ERR_NO_VALID_SCTS + {"NO_VALID_SCTS", X509_V_ERR_NO_VALID_SCTS}, + #else + {"NO_VALID_SCTS", 71}, + #endif + #ifdef X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION + {"PROXY_SUBJECT_NAME_VIOLATION", X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION}, + #else + {"PROXY_SUBJECT_NAME_VIOLATION", 72}, + #endif + { NULL } +};